1.1 MSTP Configuration Commands
Syntax
active region-configuration
View
MST region view
Parameters
None
Description
Use the active region-configuration
command to activate the settings of a multiple spanning tree (MST) region.
Configuring MST region-related parameters
(especially the VLAN-to-MSTI mapping table) is probable to result in network
topology jitter. To reduce network topology jitter caused by the configuration,
multiple spanning tree protocol (MSTP) does not recalculate spanning trees
immediately after the configuration; it does this only after you activate the
new MST region-related settings or enable MSTP, and then the new settings can
really take effect.
When you carry out this command, MSTP will
replace the currently running MST region–related parameters with the
parameters you have just configured and will perform spanning tree recalculation.
Related commands: instance, region-name,
revision-level, vlan-mapping modulo, check
region-configuration.
Examples
# Activate the MST region-related settings.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] stp region-configuration
[Sysname-mst-region] active
region-configuration
Syntax
bpdu-drop any
undo bpdu-drop any
View
Ethernet port view
Parameters
None
Description
Use the bpdu-drop any command to enable
BPDU dropping on the Ethernet port.
Use the undo bpdu-drop any command
to disable BPDU dropping on the Ethernet port.
By default, BPDU dropping is disabled.
In a STP-enabled network, some users may
send BPDU packets to the switch continuously in order to destroy the network.
When a switch receives the BPDU packets, it will forward them to other
switches. As a result, STP calculation is performed repeatedly, which may
occupy too much CPU of the switches or cause errors in the protocol state of
the BPDU packets.
In order to avoid this problem, you can
enable BPDU dropping on Ethernet ports. Once the function is enabled on a port,
the port will not receive or forward any BPDU packets. In this way, the switch
is protected against the BPDU packet attack and the STP calculation correctness
is ensured.
Examples
# Enable BPDU dropping on Ethernet 1/0/1.
<Sysname>system-view
System View: return to User View with
Ctrl+Z.
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1] bpdu-drop any
Syntax
check region-configuration
View
MST region view
Parameters
None
Description
Use the check region-configuration
command to display the MST region-related configuration which is being modified
currently, including region name, revision level, and VLAN-to-MSTI mapping
table.
As specified in the MSTP protocol, the
configurations of MST regions must be right, especially the VLAN-to-MSTI
mapping table. MSTP-enabled switches are in the same region only when they have
the same format selector (a 802.1s-defined protocol selector, which is 0 by
default and cannot be configured), region name, VLAN-to-MSTI mapping table, and
revision level. A switch cannot be in the expected region if any of the four MST
region-related parameters mentioned above are not consistent with those of another
switch in the region.
The H3C series support only the MST region
name, VLAN-to-MSTI mapping table, and revision level. Switches with the
settings of these parameters being the same are assigned to the same MST
region.
This command is used to display the configuration
information of inactivated MST regions. You can use this command to find the
MST region the switch currently belongs to or check to see whether or not the MST
region-related configuration is correct.
Related commands: instance, region-name,
revision-level, vlan-mapping modulo, active
region-configuration.
Examples
# Display the MST region-related
configuration.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] stp region-configuration
[Sysname-mst-region] check region-configuration
Admin Configuration
Format selector :0
Region name :00e0fc003600
Revision level :0
Instance Vlans Mapped
0 1 to 9, 11 to 4094
16 10
Table 1-1
Description on the fields of the check
region-configuration command
|
Field
|
Description
|
|
Format selector
|
The selector specified by MSTP
|
|
Region name
|
The name of the MST region
|
|
Revision level
|
The revision level of the MST region
|
|
Instance Vlans Mapped
|
VLAN-to-MSTI mappings in the MST region
|
Syntax
display stp [
instance instance-id ] [ interface interface-list
| slot slot-number ] [ brief ]
View
Any view
Parameters
instance-id:
ID of the MSTI ranging from 0 to 16. The value of 0 refers to the common and
internal spanning tree (CIST).
interface-list: Ethernet
port list. You can specify multiple Ethernet ports by
providing this argument in the form of interface-list = { interface-type
interface-number [ to interface-type interface-number ] }
&<1-10>, where &<1-10> means that you can provide up to 10
port indexes/port index ranges for this argument.
slot slot-number: Specifies a slot whose STP-related information is to be displayed.
brief:
Displays only port state and protection measures taken on the port.
Description
Use the display stp command to
display the state and statistical information about one or all spanning trees.
The state and statistical information about
MSTP can be used to analyze and maintain the topology of a network. It can also
be used to make MSTP operate properly.
l
If neither MSTI nor port list is specified, the
command displays spanning tree information about all MSTIs on all ports in the order
of port number.
l
If only one MSTI is specified, the command
displays information about the specified MSTI on all ports in the order of the port
number.
l
If only a port list is specified, the command
displays information about all MSTIs on these ports in the order of the port
numbers.
l
If both an MSTI ID list and a port list are
specified, the command displays spanning tree information about the specified MSTIs
and the specified ports in the order of MSTI ID.
MSTP state information includes:
1)
Global CIST parameters:
Protocol operating mode, switch priority in the CIST
instance, MAC address, hello time, max age, forward delay, max hops, the common
root of the CIST, the external path cost for the switch to reach the CIST
common root, region root, the internal path cost for the switch to reach the
region root, CIST root port of the switch, the state of the BPDU guard function
(enabled or disabled), the state of the digest snooping feature (enabled or
disabled), and the state of the TC-BPDU attack guard function (enabled or
disabled).
2)
CIST port parameters: Port protocol, port role,
port priority, path cost, designated bridge, designated port, edge
port/non-edge port, whether or not the link on a port is a point-to-point link,
format of the MST BPDUs that the port can send, the maximum transmitting speed,
type of the enabled guard function, state of the digest snooping feature
(enabled or disabled), VLAN mappings, hello time, max age, forward delay,
Message-age time, and remaining hops.
3)
Global MSTI parameters: MSTI instance ID, bridge priority of the instance, region root,
internal path cost, MSTI root port, master bridge, and external path cost.
4)
MSTI port parameters: Port state, role,
priority, path cost, designated bridge, designated port, remaining hops, and
the number of VLANs mapped to the current MSTI.
The statistical information includes: the numbers of the TCN BPDUs, the configuration BPDUs, the RST BPDUs, and
the MST BPDUs transmitted/received by each port.
Related commands: reset stp.
Examples
# Display the brief state information of MSTI
0 on Ethernet 1/0/1 through Ethernet 1/0/4.
<Sysname> display stp instance 0
interface Ethernet 1/0/1 to Ethernet 1/0/4 brief
MSTID Port
Role STP State Protection
0 Ethernet1/0/1
ALTE DISCARDING LOOP
0 Ethernet1/0/2
DESI FORWARDING NONE
0 Ethernet1/0/3
DESI FORWARDING NONE
0 Ethernet1/0/4
DESI FORWARDING NONE
Table 1-2
Description on the fields of the display stp
command
|
Field
|
Description
|
|
MSTID
|
ID of an
MSTI in the MST region
|
|
Port
|
Port index corresponding to an MSTI
|
|
Role
|
Port role
|
|
STP State
|
STP state on the port, which can be
forwarding, discarding, and learning.
|
|
Protection
|
Protection type of the port, which can be
one of the following:
l
ROOT: Root protection
l
LOOP: Loop protection
l
BPDU: BPDU protection
l
NONE: No protection
|
# Display the detailed MSTP status information
and statistics information.
<Sysname> display stp instance
0 interface Ethernet 1/0/2
-------[CIST Global Info][Mode
MSTP]-------
CIST Bridge
:32768.00e0-fc12-4001
Bridge Times :Hello 2s MaxAge
20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.000f-cb00-6600
/ 200
CIST RegRoot/IRPC
:32768.00e0-fc12-4001 / 0
CIST RootPortId :128.22
BPDU-Protection :disabled
TC-Protection :enabled /
Threshold=6
Bridge Config
Digest Snooping :disabled
TC or TCN received :0
Time since last TC :0 days
1h:33m:54s
----[Port2(Ethernet1/0/2)][DOWN]----
Port Protocol :enabled
Port Role :CIST Disabled
Port
Port Priority :128
Port Cost(Legacy) :Config=auto /
Active=200000
Desg. Bridge/Port
:32768.00e0-fc12-4001 / 128.2
Port Edged :Config=disabled
/ Active=disabled
Point-to-point :Config=auto /
Active=false
Transmit Limit :10
packets/hello-time
Protection Type :None
MSTP BPDU format :Config=auto /
Active=legacy
Port Config
Digest Snooping :disabled
Num of Vlans Mapped :1
PortTimes :Hello 2s MaxAge
20s FwDly 15s MsgAge 0s RemHop 20
BPDU Sent :0
TCN: 0, Config: 0, RST: 0,
MST: 0
BPDU Received :0
TCN: 0, Config: 0, RST: 0,
MST: 0
Table 1-3
display stp command
output description
|
Field
|
Description
|
|
CIST Bridge
|
CIST bridge ID
|
|
Bridge Times
|
Major parameters for the bridge:
l
Hello: Hello timer
l
MaxAge: Max Age timer
l
FwDly: Forward delay timer
l
MaxHop: Max hops within the MST region
|
|
CIST Root/ERPC
|
CIST root and external path cost
|
|
CIST RegRoot/IRPC
|
CIST regional root and internal path cost
|
|
CIST RootPortId
|
CIST root port ID
|
|
BPDU-Protection
|
Indicates whether BPDU protection is
enabled globally.
|
|
TC-Protection*** / Threshold=**
|
Indicates whether TC-BPDU attack guard function
is enabled globally, and the maximum times that a switch can remove the MAC
address table and ARP entries within each 10 seconds.
|
|
Bridge Config
Digest Snooping
|
Indicates whether Digest Snooping is
enabled globally on the bridge.
|
|
TC or TCN received
|
Number of received TC/TCN packets
|
|
Time since last TC
|
Time of the latest topology change
|
|
Port Protocol
|
Indicates whether STP is enabled on the
port
|
|
Port Role
|
Port role, which can be Alternate,
Backup, Root, Designated, Master, or Disabled
|
|
Port Priority
|
Port priority
|
|
Port Cost(Legacy)
|
Path cost of the port. The field in the
bracket indicates the standard used for port path cost calculation, which can
be legacy, dot1d-1998, or dot1t. Config indicates
the configured value, and Active indicates the actual value.
|
|
Desg. Bridge/Port
|
Designated bridge ID and port ID of the
port
The port ID displayed is insignificant
for a port which does not support port priority.
|
|
Port Edged
|
Indicates whether the port is an edge
port. Config indicates the configured value, and Active
indicates the actual value.
|
|
Point-to-point
|
Indicates whether the port is connected
to a point-to-point link. Config indicates the configured value, and Active
indicates the actual value.
|
|
Transmit Limit
|
The maximum number of packets sent within
each Hello time
|
|
Protection Type
|
Protection type on the port, including Root
guard and Loop guard
|
|
MST BPDU format
|
Format of the MST BPDUs that the port can
send, which can be legacy or 802.1s. Config indicates the configured
value, and Active indicates the actual value.
|
|
Port Config
Digest Snooping
|
Indicates whether digest snooping is
enabled on the port.
|
|
Num of Vlans Mapped
|
Number of VLANs mapped to the current
MSTI
|
|
PortTimes
|
Major parameters for the port:
l
Hello: Hello timer
l
MaxAge: Max Age timer
l
FwDly: Forward delay timer
l
MsgAge: Message Age timer
l
Remain Hop: Remaining hops
|
|
BPDU Sent
|
Statistics on sent BPDUs
|
|
BPDU Received
|
Statistics on received BPDUs
|
Syntax
display stp abnormalport
View
Any view
Parameters
None
Description
Use the display stp abnormalport
command to display the ports that are blocked by STP guard functions.
Examples
# Display the ports that are blocked by STP
guard functions.
<Sysname> display stp abnormalport
MSTID Port Block
Reason
--------- --------------------
-------------
0 Ethernet1/0/20 Root-Protection
1 Ethernet1/0/21
Loop-Protection
Table 1-4 Description on the fields of
the display stp abnormalport command
|
Field
|
Description
|
|
MSTID
|
MSTI ID in the MST region
|
|
Port
|
Port that has been blocked
|
|
Block Reason
|
The function blocking the port
|
Syntax
display stp portdown
View
Any view
Parameters
None
Description
Use the display stp portdown command
to display the ports that are shut down by STP guard functions.
Examples
# Display the ports that are shut down by
STP guard functions.
<Sysname> display stp portdown
Port Down Reason
--------------------- ------------
Ethernet1/0/20 BPDU-Protection
Table 1-5 Description on the fields of
the display stp portdown command
|
Field
|
Description
|
|
Port
|
Port that
has been shut down
|
|
Down
Reason
|
The
function shutting down the port
|
Syntax
display stp region-configuration
View
Any view
Parameters
None
Description
Use the display stp region-configuration
command to display the activated MST region configuration, including the region
name, region revision level, and VLAN-to-STI mappings configured for the
switch.
Related commands: stp
region-configuration.
Examples
# Display the configuration of the MST
region.
<Sysname> display stp
region-configuration
Oper Configuration
Format selector :0
Region name :hello
Revision level :0
Instance Vlans Mapped
0 21 to 4094
1 1 to 10
2 11 to 20
Table 1-6
Description on the fields of the display stp
region-configuration command
|
Field
|
Description
|
|
Format selector
|
The selector specified by MSTP
|
|
Region name
|
The name of the MST region
|
|
Revision level
|
The revision level of the MST region
|
|
Instance Vlans Mapped
|
VLAN-to-STI mappings in the MST region
|
Syntax
display stp root
View
Any view
Parameters
None
Description
Use the display stp root command to
display information about the root ports in the MSTP region where the switch
resides.
Examples
# Display information about the root ports
in the MSTP region where the switch resides.
<Sysname> display stp root
MSTID Root Bridge ID ExtPathCost
IntPathCost Root Port
-------- --------------------
------------ ------------- -----------
0 32768.00e0-fc53-d908 0
200 Ethernet1/0/18
Table 1-7
Description on the fields of the display stp
root command
|
Field
|
Description
|
|
MSTID
|
MSTI ID in the MST region
|
|
Root Bridge ID
|
ID of the root bridge
|
|
ExtPathCost
|
Cost of the external path from the switch
to the root bridge
|
|
IntPathCost
|
Cost of the internal path from the
switch to the root bridge
|
|
Root Port
|
Root port (If a port on the current
device is an MSTI root port, the port type and port number is displayed.
Otherwise, the root port name is not displayed.)
|
1.1.9 instance
Syntax
instance instance-id
vlan vlan-list
undo instance instance-id [ vlan vlan-list ]
View
MST region view
Parameters
instance-id:
ID of an MSTI ranging from 0 to 16. The value of 0 refers to the CIST.
vlan-list:
List of VLANs. You need to provide this argument in the form of vlan-list = {
vlan-id [ to vlan-id ] }&<1-10>, where
&<1-10> means that you can provide up to 10 VLAN IDs/VLAN ID ranges for
this argument. Normally, a VLAN ID can be a number ranging from 1 to 4094.
Description
Use the instance command to map
specified VLANs to a specified MSTI.
Use the undo instance command to
remove the mappings from the specified VLANs to the specified MSTI and remap the
specified VLANs to the CIST (MSTI 0). If you specify no VLAN in the undo
instance command, all VLANs that are mapped to the specified MSTI are remapped
to the CIST.
By default, all VLANs are mapped to the
CIST.
VLAN-to-MSTI mappings are recorded in the VLAN-to-MSTI
mapping table of an MSTP-enabled switch. So these two commands are actually
used to manipulate the VLAN-to-MSTI mapping table. You can add/remove a VLAN
to/from the VLAN-to-MSTI mapping table of a specific MSTI by using these two
commands.
Note that a VLAN cannot be mapped to
multiple MSTIs at the same time. A VLAN-to-MSTI mapping is automatically
removed if you map the VLAN to another MSTI.
Related commands: region-name, revision-level,
vlan-mapping modulo, check region-configuration, active
region-configuration.
Examples
# Map VLAN 2 to MSTI 1.
<Sysname>
system-view
System View: return to User View with
Ctrl+Z.
[Sysname] stp region-configuration
[Sysname-mst-region] instance 1 vlan
2
Syntax
region-name name
undo region-name
View
MST region view
Parameters
name: MST
region name to be set for the switch, a string of 1 to 32 characters.
Description
Use the region-name command to set an
MST region name for a switch.
Use the undo region-name command to restore
the MST region name to the default value.
The default MST region name of a switch is
its MAC address.
MST region name, along with VLAN-to-MSTI
mapping table and MSTP revision level, determines the MST region which a switch
belongs to.
Related commands: instance, revision-level,
check region-configuration, vlan-mapping modulo, active
region-configuration.
Examples
# Set the MST region name of the switch to hello.
<Sysname>
system-view
System View: return to User View with
Ctrl+Z.
[Sysname] stp region-configuration
[Sysname-mst-region] region-name
hello
Syntax
reset stp [ interface
interface-list ]
View
User view
Parameters
interface-list: Ethernet
port list. You can specify multiple Ethernet ports by
providing this argument in the form of interface-list = { interface-type
interface-number [ to interface-type interface-number ] }
&<1-10>, where &<1-10> means that you can provide up to 10
port indexes/port index ranges for this argument.
Description
Use the reset stp command to clear
spanning tree statistics.
The spanning tree statistics includes the
numbers of TCN BPDUs, configuration BPDUs, RST BPDUs, and MST BPDUs sent/received
through one or more specified ports or all ports (note that BPDUs and TCN BPDUs
are counted only for CISTs.)
Note that:
l
If you specify the interface-list
argument, this command clears the spanning tree statistics on specified ports.
l
If you do not specify the interface-list
argument, this command clears the spanning tree statistics on all ports.
Related commands: display stp.
Examples
# Clear the spanning tree statistics on Ethernet
1/0/1 through Ethernet 1/0/3.
<Sysname> reset stp interface
Ethernet 1/0/1 to Ethernet 1/0/3
Syntax
revision-level level
undo revision-level
View
MST region view
Parameters
level: MSTP
revision level to be set for the switch. This argument ranges from 0 to 65,535.
Description
Use the revision-level command to
set the MSTP revision level for a switch.
Use the undo revision-level command
to restore the revision level to the default value.
By default, the MSTP revision level of a
switch is 0.
MSTP revision level, along with MST region
name and VLAN-to-MSTI mapping table, determines the MST region which a switch
belongs to.
Related commands: instance, region-name,
check region-configuration, vlan-mapping modulo, active
region-configuration.
Examples
# Set the MSTP revision level of the MST
region to 5.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] stp region-configuration
[Sysname-mst-region] revision-level 5
Syntax
stp { enable
| disable }
undo stp
View
System view, Ethernet port view
Parameters
enable:
Enables MSTP globally or on a port.
disable:
Disables MSTP globally or on a port.
Description
Use the stp command to
enable/disable MSTP globally or on a port.
Use the undo stp command to restore the
MSTP state to the default globally or on a port.
By default, MSTP is disabled.
After MSTP is enabled, the actual operating
mode, which can be STP-compatible mode, RSTP-compatible mode, or MSTP mode, is
determined by the user-defined protocol mode. A switch becomes a transparent
bridge if MSTP is disabled.
After being enabled, MSTP maintains
spanning trees by processing configuration BPDUs of different VLANs. After being
disabled, it stops maintaining spanning trees.
Related commands: stp mode, stp
interface.
Examples
# Enable MSTP globally.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] stp enable
# Disable MSTP on Ethernet 1/0/1.
<Sysname>
system-view
System View: return to User View with
Ctrl+Z.
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1] stp disable
Syntax
stp bpdu-protection
undo stp bpdu-protection
View
System view
Parameters
None
Description
Use the stp bpdu-protection command
to enable the BPDU guard function on the switch.
Use the undo stp bpdu-protection
command to restore to the default state of the BPDU guard function.
By default, the BPDU guard function is
disabled.
Normally, the access ports of the devices
operating on the access layer are directly connected to terminals (such as PCs)
or file servers. These ports are usually configured as edge ports to implement
rapid transition. But they resume non-edge ports automatically upon receiving
configuration BPDUs, which causes spanning trees recalculation and network
topology jitter.
Normally, no configuration BPDU will reach
edge ports. But malicious users can attack a network by sending configuration
BPDUs deliberately to edge ports to cause network jitter. You can prevent such
attacks by enabling the BPDU guard function. With this function enabled on a
switch, the switch shuts down the edge ports that receive configuration BPDUs
and then reports these cases to the administrator. If an edge port is shut
down, only the administrator can restore it.
Examples
# Enable the BPDU guard function.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] stp bpdu-protection
1.1.15 stp bridge-diameter
Syntax
stp bridge-diameter bridgenum
undo stp bridge-diameter
View
System view
Parameters
bridgenum:
Network diameter to be set for a switched network. This argument ranges from 2
to 7.
Description
Use the stp bridge-diameter command
to set the network diameter of a switched network. The network diameter of a
switched network is represented by the maximum possible number of switches
between any two terminal devices in a switched network.
Use the undo stp bridge-diameter
command to restore the network diameter to the default value.
By default, the network diameter is 7.
After you configure the network diameter of
a switched network, MSTP adjusts its hello time, forward delay, and max age
settings accordingly. With the network diameter set to the default value 7, the
three time-relate settings, including hello time, forward delay, and max age,
are set to their default values as well.
The stp bridge-diameter command only
applies to CIST. It is invalid for MSTIs.
Related commands: stp timer
fo
