To my understanding, the stripping on egress is done on all ports of a given VLAN except those mentioned on the tagged-ports list of the corresponding row under /interface ethernet switch egress-vlan-tag.
OK, that makes sense, but leads to another question.
Lets assume SW-3 send out an ARP-request (DST-MAC: FF:FF:FF:FF:FF:FF). This gets S-tagged with VID400 at CRS-3 and will arrive at CRS-1.
How does CRS-1 “know” how to forward this frame to SW-1?
The only refernece SVID400 ↔ CVID200/eth1 is under /interface ethernet switch ingress-vlan-translation.
But it seems wrong, the switch does a lookup againts this rules when the frame ingresses via the S-Trunk (eth9)??
Edit: Or will the ARP-request arrive at both, SW-1 and SW-2, because from the perspective of the CRS-1, C-Tags are treated as non-present “untagged” and so both will get the L2-broadcast?
The dst-mac is ff:ff:ff:ff:ff:ff, so the frame is forwarded to all member ports of the VLAN it is tagged with on the trunk. The example configuration doesn’t show any membership of ports in the VLANs (S-VLANs to be precise), which means that this ARP-request would egress also via ether2, to which SW-2 is connected. If I remember well, the switch has no way to check for C-VLAN on egress if bridge-type=service-vid-used-as-lookup-vid.
