H3C S3100 Series Ethernet Switches command Manual-Release 21XX Series(V1.06)

HomeSupportSwitchesH3C S3100 Switch SeriesReference GuidesCommand ReferencesH3C S3100 Series Ethernet Switches command Manual-Release 21XX Series(V1.06)
15-MSTP Commands
Title Size Download
15-MSTP Commands 241.78 KB

Table of Contents

1 MSTP Configuration Commands· 1-1

MSTP Configuration Commands· 1-1

active region-configuration· 1-1

bpdu-drop any· 1-1

check region-configuration· 1-2

display stp· 1-3

display stp abnormalport 1-7

display stp portdown· 1-8

display stp region-configuration· 1-8

display stp root 1-9

instance· 1-10

region-name· 1-11

reset stp· 1-11

revision-level 1-12

stp· 1-13

stp bpdu-protection· 1-13

stp bridge-diameter 1-14

stp compliance· 1-15

stp config-digest-snooping· 1-16

stp cost 1-17

stp dot1d-trap· 1-18

stp edged-port 1-19

stp interface· 1-20

stp interface compliance· 1-21

stp interface config-digest-snooping· 1-22

stp interface cost 1-24

stp interface edged-port 1-25

stp interface loop-protection· 1-26

stp interface mcheck· 1-26

stp interface no-agreement-check· 1-27

stp interface point-to-point 1-28

stp interface port priority· 1-29

stp interface root-protection· 1-30

stp interface transmit-limit 1-31

stp loop-protection· 1-32

stp max-hops· 1-32

stp mcheck· 1-33

stp mode· 1-34

stp no-agreement-check· 1-35

stp pathcost-standard· 1-36

stp point-to-point 1-37

stp port priority· 1-38

stp portlog· 1-39

stp portlog all 1-39

stp priority· 1-40

stp region-configuration· 1-40

stp root primary· 1-41

stp root secondary· 1-42

stp root-protection· 1-43

stp tc-protection· 1-44

stp tc-protection threshold· 1-45

stp timer forward-delay· 1-46

stp timer hello· 1-46

stp timer max-age· 1-47

stp timer-factor 1-48

stp transmit-limit 1-49

vlan-mapping modulo· 1-49

vlan-vpn tunnel 1-50

 


MSTP Configuration Commands

active region-configuration

Syntax

active region-configuration

View

MST region view

Parameters

None

Description

Use the active region-configuration command to activate the settings of a multiple spanning tree (MST) region.

Configuring MST region-related parameters (especially the VLAN-to-MSTI mapping table) is probable to result in network topology jitter. To reduce network topology jitter caused by the configuration, multiple spanning tree protocol (MSTP) does not recalculate spanning trees immediately after the configuration; it does this only after you activate the new MST region-related settings or enable MSTP, and then the new settings can really take effect.

When you carry out this command, MSTP will replace the currently running MST region–related parameters with the parameters you have just configured and will perform spanning tree recalculation.

Related commands: instance, region-name, revision-level, vlan-mapping modulo, check region-configuration.

Examples

# Activate the MST region-related settings.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] stp region-configuration

[Sysname-mst-region] active region-configuration

bpdu-drop any

Syntax

bpdu-drop any

undo bpdu-drop any

View

Ethernet port view

Parameters

None

Description

Use the bpdu-drop any command to enable BPDU dropping on the Ethernet port.

Use the undo bpdu-drop any command to disable BPDU dropping on the Ethernet port.

By default, BPDU dropping is disabled.

In a STP-enabled network, some users may send BPDU packets to the switch continuously in order to destroy the network. When a switch receives the BPDU packets, it will forward them to other switches. As a result, STP calculation is performed repeatedly, which may occupy too much CPU of the switches or cause errors in the protocol state of the BPDU packets.

In order to avoid this problem, you can enable BPDU dropping on Ethernet ports. Once the function is enabled on a port, the port will not receive or forward any BPDU packets. In this way, the switch is protected against the BPDU packet attack and the STP calculation correctness is ensured.

 

Only the S3100-EI series among S3100 series switches support the BPDU dropping feature.

 

Examples

# Enable BPDU dropping on Ethernet 1/0/1.

<Sysname>system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Ethernet 1/0/1

[Sysname-Ethernet1/0/1] bpdu-drop any

check region-configuration

Syntax

check region-configuration

View

MST region view

Parameters

None

Description

Use the check region-configuration command to display the MST region-related configuration which is being modified currently, including region name, revision level, and VLAN-to-MSTI mapping table.

As specified in the MSTP protocol, the configurations of MST regions must be right, especially the VLAN-to-MSTI mapping table. MSTP-enabled switches are in the same region only when they have the same format selector (a 802.1s-defined protocol selector, which is 0 by default and cannot be configured), region name, VLAN-to-MSTI mapping table, and revision level. A switch cannot be in the expected region if any of the four MST region-related parameters mentioned above are not consistent with those of another switch in the region.

The H3C series support only the MST region name, VLAN-to-MSTI mapping table, and revision level. Switches with the settings of these parameters being the same are assigned to the same MST region.

This command is used to display the configuration information of inactivated MST regions. You can use this command to find the MST region the switch currently belongs to or check to see whether or not the MST region-related configuration is correct.

Related commands: instance, region-name, revision-level, vlan-mapping modulo, active region-configuration.

Examples

# Display the MST region-related configuration.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] stp region-configuration

[Sysname-mst-region] check region-configuration

Admin Configuration

   Format selector :0

   Region name     :00e0fc003600

   Revision level  :0

 

   Instance   Vlans Mapped

      0       1 to 9, 11 to 4094

     16       10

Table 1-1 Description on the fields of the check region-configuration command

Field

Description

Format selector

The selector specified by MSTP

Region name

The name of the MST region

Revision level

The revision level of the MST region

Instance Vlans Mapped

VLAN-to-MSTI mappings in the MST region

 

display stp

Syntax

display stp [ instance instance-id ] [ interface interface-list | slot slot-number ] [ brief ]

View

Any view

Parameters

instance-id: ID of the MSTI ranging from 0 to 16. The value of 0 refers to the common and internal spanning tree (CIST).

interface-list: Ethernet port list. You can specify multiple Ethernet ports by providing this argument in the form of interface-list = { interface-type interface-number [ to interface-type interface-number ] } &<1-10>, where &<1-10> means that you can provide up to 10 port indexes/port index ranges for this argument.

slot slot-number: Specifies a slot whose STP-related information is to be displayed.

brief: Displays only port state and protection measures taken on the port.

Description

Use the display stp command to display the state and statistical information about one or all spanning trees.

The state and statistical information about MSTP can be used to analyze and maintain the topology of a network. It can also be used to make MSTP operate properly.

l          If neither MSTI nor port list is specified, the command displays spanning tree information about all MSTIs on all ports in the order of port number.

l          If only one MSTI is specified, the command displays information about the specified MSTI on all ports in the order of the port number.

l          If only a port list is specified, the command displays information about all MSTIs on these ports in the order of the port numbers.

l          If both an MSTI ID list and a port list are specified, the command displays spanning tree information about the specified MSTIs and the specified ports in the order of MSTI ID.

MSTP state information includes:

1)        Global CIST parameters: Protocol operating mode, switch priority in the CIST instance, MAC address, hello time, max age, forward delay, max hops, the common root of the CIST, the external path cost for the switch to reach the CIST common root, region root, the internal path cost for the switch to reach the region root, CIST root port of the switch, the state of the BPDU guard function (enabled or disabled), the state of the digest snooping feature (enabled or disabled), and the state of the TC-BPDU attack guard function (enabled or disabled).

2)        CIST port parameters: Port protocol, port role, port priority, path cost, designated bridge, designated port, edge port/non-edge port, whether or not the link on a port is a point-to-point link, format of the MST BPDUs that the port can send, the maximum transmitting speed, type of the enabled guard function, state of the digest snooping feature (enabled or disabled), VLAN mappings, hello time, max age, forward delay, Message-age time, and remaining hops.

3)        Global MSTI parameters: MSTI instance ID, bridge priority of the instance, region root, internal path cost, MSTI root port, master bridge, and external path cost.

4)        MSTI port parameters: Port state, role, priority, path cost, designated bridge, designated port, remaining hops, and the number of VLANs mapped to the current MSTI.

The statistical information includes: the numbers of the TCN BPDUs, the configuration BPDUs, the RST BPDUs, and the MST BPDUs transmitted/received by each port.

Related commands: reset stp.

Examples

# Display the brief state information of MSTI 0 on Ethernet 1/0/1 through Ethernet 1/0/4.

<Sysname> display stp instance 0 interface Ethernet 1/0/1 to Ethernet 1/0/4 brief

  MSTID      Port                  Role  STP State     Protection

   0         Ethernet1/0/1         ALTE  DISCARDING    LOOP

   0         Ethernet1/0/2         DESI  FORWARDING    NONE

   0         Ethernet1/0/3         DESI  FORWARDING    NONE

   0         Ethernet1/0/4         DESI  FORWARDING    NONE

Table 1-2 Description on the fields of the display stp command

Field

Description

MSTID

ID of an MSTI in the MST region

Port

Port index corresponding to an MSTI

Role

Port role

STP State

STP state on the port, which can be forwarding, discarding, and learning.

Protection

Protection type of the port, which can be one of the following:

l      ROOT: Root protection

l      LOOP: Loop protection

l      BPDU: BPDU protection

l      NONE: No protection

 

# Display the detailed MSTP status information and statistics information.

<Sysname> display stp instance 0 interface Ethernet 1/0/2

-------[CIST Global Info][Mode MSTP]-------

CIST Bridge         :32768.00e0-fc12-4001

Bridge Times        :Hello 2s MaxAge 20s FwDly 15s MaxHop 20

CIST Root/ERPC      :32768.000f-cb00-6600 / 200

CIST RegRoot/IRPC   :32768.00e0-fc12-4001 / 0

CIST RootPortId     :128.22

BPDU-Protection     :disabled

TC-Protection       :enabled / Threshold=6

Bridge Config

Digest Snooping     :disabled

TC or TCN received  :0

Time since last TC  :0 days 1h:33m:54s

 

----[Port2(Ethernet1/0/2)][DOWN]----

 Port Protocol       :enabled

 Port Role           :CIST Disabled Port

 Port Priority       :128

 Port Cost(Legacy)   :Config=auto / Active=200000

 Desg. Bridge/Port   :32768.00e0-fc12-4001 / 128.2

 Port Edged          :Config=disabled / Active=disabled

 Point-to-point      :Config=auto / Active=false

 Transmit Limit      :10 packets/hello-time

 Protection Type     :None

 MSTP BPDU format    :Config=auto / Active=legacy

 Port Config

 Digest Snooping     :disabled

 Num of Vlans Mapped :1

 PortTimes           :Hello 2s MaxAge 20s FwDly 15s MsgAge 0s RemHop 20

 BPDU Sent           :0

          TCN: 0, Config: 0, RST: 0, MST: 0

 BPDU Received       :0

          TCN: 0, Config: 0, RST: 0, MST: 0

Table 1-3 display stp command output description

Field

Description

CIST Bridge

CIST bridge ID

Bridge Times

Major parameters for the bridge:

l      Hello: Hello timer

l      MaxAge: Max Age timer

l      FwDly: Forward delay timer

l      MaxHop: Max hops within the MST region

CIST Root/ERPC

CIST root and external path cost

CIST RegRoot/IRPC

CIST regional root and internal path cost

CIST RootPortId

CIST root port ID

BPDU-Protection

Indicates whether BPDU protection is enabled globally.

TC-Protection*** / Threshold=**

Indicates whether TC-BPDU attack guard function is enabled globally, and the maximum times that a switch can remove the MAC address table and ARP entries within each 10 seconds.

Bridge Config

Digest Snooping

Indicates whether Digest Snooping is enabled globally on the bridge.

TC or TCN received

Number of received TC/TCN packets

Time since last TC

Time of the latest topology change

Port Protocol

Indicates whether STP is enabled on the port

Port Role

Port role, which can be Alternate, Backup, Root, Designated, Master, or Disabled

Port Priority

Port priority

Port Cost(Legacy)

Path cost of the port. The field in the bracket indicates the standard used for port path cost calculation, which can be legacy, dot1d-1998, or dot1t. Config indicates the configured value, and Active indicates the actual value.

Desg. Bridge/Port

Designated bridge ID and port ID of the port

The port ID displayed is insignificant for a port which does not support port priority.

Port Edged

Indicates whether the port is an edge port. Config indicates the configured value, and Active indicates the actual value.

Point-to-point

Indicates whether the port is connected to a point-to-point link. Config indicates the configured value, and Active indicates the actual value.

Transmit Limit

The maximum number of packets sent within each Hello time

Protection Type

Protection type on the port, including Root guard and Loop guard

MST BPDU format

Format of the MST BPDUs that the port can send, which can be legacy or 802.1s. Config indicates the configured value, and Active indicates the actual value.

Port Config

Digest Snooping

Indicates whether digest snooping is enabled on the port.

Num of Vlans Mapped

Number of VLANs mapped to the current MSTI

PortTimes

Major parameters for the port:

l      Hello: Hello timer

l      MaxAge: Max Age timer

l      FwDly: Forward delay timer

l      MsgAge: Message Age timer

l      Remain Hop: Remaining hops

BPDU Sent

Statistics on sent BPDUs

BPDU Received

Statistics on received BPDUs

 

display stp abnormalport

Syntax

display stp abnormalport

View

Any view

Parameters

None

Description

Use the display stp abnormalport command to display the ports that are blocked by STP guard functions.

Examples

# Display the ports that are blocked by STP guard functions.

<Sysname> display stp abnormalport

MSTID        Port                  Block Reason

--------- --------------------    -------------

  0          Ethernet1/0/20        Root-Protection

  1          Ethernet1/0/21        Loop-Protection

Table 1-4 Description on the fields of the display stp abnormalport command

Field

Description

MSTID

MSTI ID in the MST region

Port

Port that has been blocked

Block Reason

The function blocking the port

 

display stp portdown

Syntax

display stp portdown

View

Any view

Parameters

None

Description

Use the display stp portdown command to display the ports that are shut down by STP guard functions.

Examples

# Display the ports that are shut down by STP guard functions.

<Sysname> display stp portdown

Port                   Down Reason

---------------------  ------------

Ethernet1/0/20         BPDU-Protection

Table 1-5 Description on the fields of the display stp portdown command

Field

Description

Port

Port that has been shut down

Down Reason

The function shutting down the port

 

display stp region-configuration

Syntax

display stp region-configuration

View

Any view

Parameters

None

Description

Use the display stp region-configuration command to display the activated MST region configuration, including the region name, region revision level, and VLAN-to-STI mappings configured for the switch.

Related commands: stp region-configuration.

Examples

# Display the configuration of the MST region.

<Sysname> display stp region-configuration

Oper Configuration

   Format selector :0

   Region name     :hello

   Revision level  :0

 

   Instance   Vlans Mapped

      0       21 to 4094

      1       1 to 10

      2       11 to 20

Table 1-6 Description on the fields of the display stp region-configuration command

Field

Description

Format selector

The selector specified by MSTP

Region name

The name of the MST region

Revision level

The revision level of the MST region

Instance Vlans Mapped

VLAN-to-STI mappings in the MST region

 

display stp root

Syntax

display stp root

View

Any view

Parameters

None

Description

Use the display stp root command to display information about the root ports in the MSTP region where the switch resides.

Examples

# Display information about the root ports in the MSTP region where the switch resides.

<Sysname> display stp root

  MSTID   Root Bridge ID        ExtPathCost  IntPathCost   Root Port

--------  -------------------- ------------  ------------- -----------

  0       32768.00e0-fc53-d908  0            200           Ethernet1/0/18

Table 1-7 Description on the fields of the display stp root command

Field

Description

MSTID

MSTI ID in the MST region

Root Bridge ID

ID of the root bridge

ExtPathCost

 Cost of the external path from the switch to the root bridge

IntPathCost

 Cost of the internal path from the switch to the root bridge

Root Port

Root port (If a port on the current device is an MSTI root port, the port type and port number is displayed. Otherwise, the root port name is not displayed.)

 

instance

Syntax

instance instance-id vlan vlan-list

undo instance instance-id [ vlan vlan-list ]

View

MST region view

Parameters

instance-id: ID of an MSTI ranging from 0 to 16. The value of 0 refers to the CIST.

vlan-list: List of VLANs. You need to provide this argument in the form of vlan-list = { vlan-id [ to vlan-id ] }&<1-10>, where &<1-10> means that you can provide up to 10 VLAN IDs/VLAN ID ranges for this argument. Normally, a VLAN ID can be a number ranging from 1 to 4094.

Description

Use the instance command to map specified VLANs to a specified MSTI.

Use the undo instance command to remove the mappings from the specified VLANs to the specified MSTI and remap the specified VLANs to the CIST (MSTI 0). If you specify no VLAN in the undo instance command, all VLANs that are mapped to the specified MSTI are remapped to the CIST.

By default, all VLANs are mapped to the CIST.

VLAN-to-MSTI mappings are recorded in the VLAN-to-MSTI mapping table of an MSTP-enabled switch. So these two commands are actually used to manipulate the VLAN-to-MSTI mapping table. You can add/remove a VLAN to/from the VLAN-to-MSTI mapping table of a specific MSTI by using these two commands.

Note that a VLAN cannot be mapped to multiple MSTIs at the same time. A VLAN-to-MSTI mapping is automatically removed if you map the VLAN to another MSTI.

Related commands: region-name, revision-level, vlan-mapping modulo, check region-configuration, active region-configuration.

Examples

# Map VLAN 2 to MSTI 1.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] stp region-configuration

[Sysname-mst-region] instance 1 vlan 2

region-name

Syntax

region-name name

undo region-name

View

MST region view

Parameters

name: MST region name to be set for the switch, a string of 1 to 32 characters.

Description

Use the region-name command to set an MST region name for a switch.

Use the undo region-name command to restore the MST region name to the default value.

The default MST region name of a switch is its MAC address.

MST region name, along with VLAN-to-MSTI mapping table and MSTP revision level, determines the MST region which a switch belongs to.

Related commands: instance, revision-level, check region-configuration, vlan-mapping modulo, active region-configuration.

Examples

# Set the MST region name of the switch to hello.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] stp region-configuration

[Sysname-mst-region] region-name hello

reset stp

Syntax

reset stp [ interface interface-list ]

View

User view

Parameters

interface-list: Ethernet port list. You can specify multiple Ethernet ports by providing this argument in the form of interface-list = { interface-type interface-number [ to interface-type interface-number ] } &<1-10>, where &<1-10> means that you can provide up to 10 port indexes/port index ranges for this argument.

Description

Use the reset stp command to clear spanning tree statistics.

The spanning tree statistics includes the numbers of TCN BPDUs, configuration BPDUs, RST BPDUs, and MST BPDUs sent/received through one or more specified ports or all ports (note that BPDUs and TCN BPDUs are counted only for CISTs.)

Note that:

l          If you specify the interface-list argument, this command clears the spanning tree statistics on specified ports.

l          If you do not specify the interface-list argument, this command clears the spanning tree statistics on all ports.

Related commands: display stp.

Examples

# Clear the spanning tree statistics on Ethernet 1/0/1 through Ethernet 1/0/3.

<Sysname> reset stp interface Ethernet 1/0/1 to Ethernet 1/0/3

revision-level

Syntax

revision-level level

undo revision-level

View

MST region view

Parameters

level: MSTP revision level to be set for the switch. This argument ranges from 0 to 65,535.

Description

Use the revision-level command to set the MSTP revision level for a switch.

Use the undo revision-level command to restore the revision level to the default value.

By default, the MSTP revision level of a switch is 0.

MSTP revision level, along with MST region name and VLAN-to-MSTI mapping table, determines the MST region which a switch belongs to.

Related commands: instance, region-name, check region-configuration, vlan-mapping modulo, active region-configuration.

Examples

# Set the MSTP revision level of the MST region to 5.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] stp region-configuration

[Sysname-mst-region] revision-level 5

stp

Syntax

stp { enable | disable }

undo stp

View

System view, Ethernet port view

Parameters

enable: Enables MSTP globally or on a port.

disable: Disables MSTP globally or on a port.

Description

Use the stp command to enable/disable MSTP globally or on a port.

Use the undo stp command to restore the MSTP state to the default globally or on a port.

By default, MSTP is disabled.

After MSTP is enabled, the actual operating mode, which can be STP-compatible mode, RSTP-compatible mode, or MSTP mode, is determined by the user-defined protocol mode. A switch becomes a transparent bridge if MSTP is disabled.

After being enabled, MSTP maintains spanning trees by processing configuration BPDUs of different VLANs. After being disabled, it stops maintaining spanning trees.

Related commands: stp mode, stp interface.

Examples

# Enable MSTP globally.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] stp enable

# Disable MSTP on Ethernet 1/0/1.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Ethernet 1/0/1

[Sysname-Ethernet1/0/1] stp disable

stp bpdu-protection

Syntax

stp bpdu-protection

undo stp bpdu-protection

View

System view

Parameters

None

Description

Use the stp bpdu-protection command to enable the BPDU guard function on the switch.

Use the undo stp bpdu-protection command to restore to the default state of the BPDU guard function.

By default, the BPDU guard function is disabled.

Normally, the access ports of the devices operating on the access layer are directly connected to terminals (such as PCs) or file servers. These ports are usually configured as edge ports to implement rapid transition. But they resume non-edge ports automatically upon receiving configuration BPDUs, which causes spanning trees recalculation and network topology jitter.

Normally, no configuration BPDU will reach edge ports. But malicious users can attack a network by sending configuration BPDUs deliberately to edge ports to cause network jitter. You can prevent such attacks by enabling the BPDU guard function. With this function enabled on a switch, the switch shuts down the edge ports that receive configuration BPDUs and then reports these cases to the administrator. If an edge port is shut down, only the administrator can restore it.

Examples

# Enable the BPDU guard function.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] stp bpdu-protection

stp bridge-diameter

Syntax

stp bridge-diameter bridgenum

undo stp bridge-diameter

View

System view

Parameters

bridgenum: Network diameter to be set for a switched network. This argument ranges from 2 to 7.

Description

Use the stp bridge-diameter command to set the network diameter of a switched network. The network diameter of a switched network is represented by the maximum possible number of switches between any two terminal devices in a switched network.

Use the undo stp bridge-diameter command to restore the network diameter to the default value.

By default, the network diameter is 7.

After you configure the network diameter of a switched network, MSTP adjusts its hello time, forward delay, and max age settings accordingly. With the network diameter set to the default value 7, the three time-relate settings, including hello time, forward delay, and max age, are set to their default values as well.

The stp bridge-diameter command only applies to CIST. It is invalid for MSTIs.

Related commands: stp timer forward-delay, stp timer hello, stp timer max-age.

Examples

# Set the network diameter to 5.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] stp bridge-diameter 5

stp compliance

Syntax

stp compliance { auto | legacy | dot1s }

undo stp compliance

View

Ethernet port view

Parameters

auto: Specifies the port to recognize and send MSTP packets in the automatic mode.

legacy: Specifies the port to recognize and send MSTP packets in the legacy mode.

dot1s: Specifies the port to recognize and send MSTP packets in the 802.1s mode.

Description

Use the stp compliance command to set the mode in which a port recognizes and sends MSTP packets.

Use the undo stp compliance command to restore the default.

By default, a port recognizes and sends MSTP packets in the automatic mode.

A port can be configured to recognize and send MSTP packets in the following modes.

l          Automatic mode. Ports in this mode determine the format of the MSTP packets to be sent according to the format of the received packets.

l          Legacy mode. Ports in this mode recognize/send packets in legacy format.

l          802.1s mode. Ports in this mode recognize/send packets in dot1s format.

A port acts as follows according to the format of MSTP packets forwarded by a peer switch or router.

When a port operates in the automatic mode:

l          The port automatically determines the format (legacy or dot1s) of received MSTP packets and then determines the format of the packets to be sent accordingly, thus communicating with the peer devices.

l          If the format of the received packets changes repeatedly, MSTP will shut down the corresponding port to prevent network storm. A port shut down in this way can only be brought up again by the network administrator.

When a port operates in the legacy mode:

l          The port only recognizes and sends MSTP packets in legacy format. In this case, the port can only communicate with the peer through packets in legacy format.

l          If packets in dot1s format are received, the port turns to discarding state to prevent network storm.

When a port operates in the 802.1s mode:

l          The port only recognizes and sends MSTP packets in dot1s format. In this case, the port can only communicate with the peer through packets in dot1s format.

l          If packets in legacy format are received, the port turns to discarding state to prevent network storm.

Examples

# Configure Ethernet 1/0/1 to recognize and send MSTP packets in dot1s format.

<Sysname> system-view

Enter system view, return to user view with Ctrl+Z.

[Sysname] interface Ethernet 1/0/1

[Sysname-Ethernet1/0/1] stp compliance dot1s

# Restore the default mode in which a port recognizes and send MSTP packets.

[Sysname-Ethernet1/0/1] undo stp compliance

stp config-digest-snooping

Syntax

stp config-digest-snooping

undo stp config-digest-snooping

View

System view, Ethernet port view

Parameters

None

Description

Use the stp config-digest-snooping command to enable the digest snooping feature globally.

Use the undo stp config-digest-snooping command to disable the digest snooping feature globally.

The digest snooping feature is disabled by default.

According to IEEE 802.1s, two interconnected switches can interwork with each other through MSTIs in an MST region only when the two switches have the same MST region-related configuration. With MSTP enabled, interconnected switches determine whether or not they are in the same MST region by checking the configuration IDs of the BPDUs between them. (A configuration ID contains information such as region ID and configuration digest.)

As some other manufacturers' switches adopt proprietary spanning tree protocols, they cannot interwork with other switches in an MST region even if they are configured with the same MST region-related settings as other switches in the MST region.

This kind of problems can be overcome by implementing the digest snooping feature. If a switch port is connected to another manufacturer’s switch that has the same MST region-related settings but adopts a proprietary spanning tree protocol, you can enable the digest snooping feature on the port when it receives BPDU packets from another manufacturer's switch. Then the switch considers these BPDU packets to be from its own MST region and records the configuration digests carried in the BPDU packets received from the switch, which will be put in the BPDU packets to be sent to another manufacturer’s switch. In this way, the switch can interwork with another manufacturer’s switches in an MST region.

 

l          When the digest snooping feature is enabled on a port, the port turns to the discarding state. That is, the port stops sending BPDU packets. The port is not involved in the STP calculation until it receives BPDU packets from the peer port.

l          The digest snooping feature is needed only when your switch is connected to another manufacturer’s switches adopting proprietary spanning tree protocols.

l          To enable the digest snooping feature successfully, you must first enable it on all the switch ports that connect to another manufacturer’s switches adopting proprietary spanning tree protocols and then enable it globally.

l          To enable the digest snooping feature, the interconnected switches and another manufacturer’s switch adopting proprietary spanning tree protocols must be configured with exactly the same MST region-related configurations (including region name, revision level, and VLAN-to-MSTI mapping).

l          The digest snooping feature must be enabled on all the switch ports that connect to another manufacturer’s switches adopting proprietary spanning tree protocols in the same MST region.

l          When the digest snooping feature is enabled globally, the VLAN-to-MSTI mapping table cannot be modified.

l          The digest snooping feature is not applicable to boundary ports in an MST region.

l          The digest snooping function is not applicable to edge ports in an MST region.

 

Examples

# Enable the digest snooping feature on Ethernet 1/0/1.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Ethernet 1/0/1

[Sysname-Ethernet1/0/1] stp config-digest-snooping

[Sysname-Ethernet1/0/1] quit

[Sysname] stp config-digest-snooping

stp cost

Syntax

stp [ instance instance-id ] cost cost

undo stp [ instance instance-id ] cost

View

Ethernet port view

Parameters

instance-id: ID of an MSTI ranging from 0 to 16. The value of 0 refers to the CIST.

cost: Path cost to be set for the port. The range of the cost argument varies with the standard used for calculating the default path cost of a port as follows:

l          With the IEEE 802.1D-1998 standard selected, the path cost of an Ethernet port ranges from 1 to 65535.

l          With the IEEE 802.1t standard selected, the path cost of an Ethernet port ranges from 1 to 200000000.

l          With the proprietary standard selected, the path cost of an Ethernet port ranges from 1 to 200000.

Description

Use the stp cost command to set the path cost of the current port in a specified MSTI.

Use the undo stp cost command to restore the default path cost of the current port in the specified MSTI.

By default, a switch automatically calculates the path costs of a port in different MSTIs based on a specified standard.

If you specify the instance-id argument to be 0 or do not specify this argument, the stp cost command sets the path cost of the port in CIST.

The path cost of a port affects its port role. By configuring different path costs for the same port in different MSTIs, you can make flows of different VLANs travel along different physical links, so as to achieve VLAN-based load balancing. Changing the path cost of a port in an MSTI may change the role of the port in the instance and put it in state transition.

Related commands: stp interface cost.

Examples

# Set the path cost of Ethernet 1/0/3 in MSTI 2 to 200.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Ethernet 1/0/3

[Sysname-Ethernet1/0/3] stp instance 2 cost 200

stp dot1d-trap

Syntax

stp dot1d-[ instance instance-id ] trap [ newroot | topologychange ] enable

undo stp [ instance instance-id ] dot1d-trap [ newroot | topologychange ] enable

View

System view

Parameters

instance-id: MSTI ID ranging from 0 to 16. The value of 0 refers to CIST. With this argument specified, the trap messages sent are only of the MSTI identified by this argument.

newroot: Sends trap messages conforming to 802.1d standard to the network management device when the switch becomes the root bridge of an instance.

topologychange: Sends trap messages conforming to 802.1d standard to the network management device when the switch detects network topology changes.

Description

Use the stp dot1d-trap command to enable a switch to send 802.1d-compliant traps when MSTP network topology changes.

Use the undo stp dot1d-trap command to disable this function.

By default, the switch is not enabled to send 802.1d-compliant topology change information of spanning tree instances 0 to 16 to the network management device.

By default, when the local switch becomes the regional root of a spanning tree instance in the range of 0 to 16, it sends newroot traps to the network management device.

When enabled, the switch sends the following two types of 802.1d-compliant traps to the network management device:

l          When the switch is configured to be the root bridge of a spanning tree instance, it sends 802.1d-compliant newroot traps to the network management device.

l          When the switch detects a topology change, it sends 802.1d-compliant topology-change traps to the network management device.

The stp instance instance-id  dot1d-trap enable command enables both newroot and topology-change trap functions for the specified spanning tree instance at the same time.

Examples

# Enable a switch to send trap messages conforming to 802.1d standard to the network management device when the switch becomes the root bridge of MSTI 1.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] stp instance 1 dot1d-trap newroot enable

stp edged-port

Syntax

stp edged-port { enable | disable }

undo stp edged-port

View

Ethernet port view

Parameters

enable: Configures the current Ethernet port as an edge port.

disable: Configures the current Ethernet port as a non-edge port.

Description

Use the stp edged-port enable command to configure the current Ethernet port as an edge port.

Use the stp edged-port disable command to configure the current Ethernet port as a non-edge port.

Use the undo stp edged-port command to restore the current Ethernet port to its default state.

By default, all Ethernet ports of a switch are non-edge ports.

An edge port is a port that is directly connected to a user terminal instead of another switch or shared network segment. Rapid transition to the forwarding state is applied to edge ports because on these ports no loops can be incurred by network topology changes. You can enable a port to turn to the forwarding state rapidly by setting it to an edge port. And you are recommended to configure the Ethernet ports directly connected to user terminals as edge ports to enable them to turn to the forwarding state rapidly.

Normally, configuration BPDUs cannot reach an edge port because the port is not connected to another switch. But when the BPDU guard function is disabled on an edge port, configuration BPDUs sent deliberately by a malicious user may reach the port. If an edge port receives a BPDU, it turns to a non-edge port.

Related commands: stp interface edged-port.

 

With  the loop guard function enabled, the root guard function and the edge port configuration are mutually exclusive.

 

Examples

# Configure Ethernet 1/0/1 as a non-edge port.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Ethernet 1/0/1

[Sysname-Ethernet1/0/1] stp edged-port disable

stp interface

Syntax

stp interface interface-list { enable | disable }

View

System view

Parameters

interface-list: Ethernet port list. You can specify multiple Ethernet ports by providing this argument in the form of interface-list = { interface-type interface-number [ to interface-type interface-number ] } &<1-10>, where &<1-10> means that you can provide up to 10 port indexes/port index ranges for this argument.

enable: Enables MSTP on the specified ports.

disable: Disables MSTP on the specified ports.

Description

Use the stp interface command to enable or disable MSTP on specified ports in system view.

By default, MSTP is enabled on the ports of a switch if MSTP is globally enabled on the switch, and MSTP is disabled on the ports if MSTP is globally disabled.

An MSTP-disabled port does not participate in any spanning tree calculation and is always in the forwarding state.

 

Disabling MSTP on ports may result in loops.

 

Related commands: stp mode, stp.

Examples

# Enable MSTP on Ethernet 1/0/1 in system view.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] stp interface Ethernet 1/0/1 enable

stp interface compliance

Syntax

stp interface interface-list compliance { auto | legacy | dot1s }

undo stp interface interface-list compliance

View

System view

Parameter

interface-list: Ethernet port list. You can specify multiple Ethernet ports by providing this argument in the format of interface-list ={ interface-type interface-number [ to interface-type interface-number ] } &<1-10>, where &<1-10> means that you can provide up to 10 port indexes/port index ranges for this argument.

auto: Specifies the port to recognize and send MSTP packets in the automatic mode.

legacy: Specifies the port to recognize and send MSTP packets in the legacy mode.

dot1s: Specifies the port to recognize and send MSTP packets in the 802.1s mode.

Description

Use the stp interface compliance command to set the mode in which a port recognizes and sends MSTP packets.

Use the undo stp interface compliance command to restore the default.

By default, a port recognizes and sends MSTP packets in the automatic mode.

A port can be configured to recognize and send MSTP packets in the following modes.

l          Automatic mode. Ports in this mode determine the format of the MSTP packets to be sent according to the format of the received packets.

l          Legacy mode. Ports in this mode recognize/send packets in legacy format.

l          802.1s mode. Ports in this mode recognize/send packets in dot1s format.

A port acts as follows according to the format of MSTP packets forwarded by a peer switch or router.

When a port operates in the automatic mode:

l          The port automatically determines the format (legacy or dot1s) of received MSTP packets and then determines the format of the packets to be sent accordingly, thus communicating with the peer devices.

l          If the format of the received packets changes repeatedly, MSTP will shut down the corresponding port to prevent network storm. A port shut down in this way can only be brought up again by the network administrator.

When a port operates in the legacy mode:

l          The port only recognizes and sends MSTP packets in legacy format. In this case, the port can only communicate with the peer through packets in legacy format.

l          If packets in dot1s format are received, the port turns to discarding state to prevent network storm.

When a port operates in the 802.1s mode:

l          The port only recognizes and sends MSTP packets in dot1s format. In this case, the port can only communicate with the peer through packets in dot1s format.

l          If packets in legacy format are received, the port turns to discarding state to prevent network storm.

Example

# Configure Ethernet 1/0/1 to recognize and send MSTP packets in dot1s format.

<Sysname> system-view

Enter system view, return to user view with Ctrl+Z.

[Sysname] stp interface Ethernet1/0/1 compliance dot1s

# Restore the default mode in which a port recognizes and send MSTP packets.

[Sysname] undo stp interface Ethernet1/0/1 compliance

stp interface config-digest-snooping

Syntax

stp interface interface-list config-digest-snooping

undo stp interface interface-list config-digest-snooping

View

System view

Parameters

interface-list: Ethernet port list. You can specify multiple Ethernet ports by providing this argument in the format of interface-list ={ interface-type interface-number [ to interface-type interface-number ] } &<1-10>, where &<1-10> means that you can provide up to 10 port indexes/port index ranges for this argument.

Description

Use the stp interface config-digest-snooping command to enable the digest snooping feature on specific ports.

Use the undo stp interface config-digest-snooping command to disable the digest snooping feature on specific ports.

By default, the digest snooping feature is disabled on a port.

According to IEEE 802.1s, two interconnected MSTP switches can interwork with each other through MSTIs in an MST region only when the two switches have the same MST region-related configuration. Interconnected MSTP switches determine whether or not they are in the same MST region by checking the configuration IDs of the BPDUs between them. (A configuration ID contains information such as region ID and configuration digest.)

As some another manufacturer’s switches adopt proprietary spanning tree protocols, they cannot interwork with other switches in an MST region even if they are configured with the same MST region-related settings as other switches in the MST region.

This kind of problems can be overcome by implementing the digest snooping feature. If a switch port is connected to another manufacturer’s switch that has the same MST region-related settings but adopts a proprietary spanning tree protocol, you can enable the digest snooping feature on the port when it receives BPDU packets from another manufacturer's switch. Then the switch considers these BPDU packets to be from its own MST region and records the configuration digests carried in the BPDU packets received from the switch, which will be put in the BPDU packets to be sent to the another manufacturer’s switch. In this way, the switch can interwork with another manufacturer’s switches in an MST region.

 

l          When the digest snooping feature is enabled on a port, the port turns to the discarding state. That is, the port stops sending BPDU packets. The port is not involved in the STP calculation until it receives BPDU packets from the peer port.

l          The digest snooping feature is needed only when your switch is connected to another manufacturer’s switches adopting proprietary spanning tree protocols.

l          To enable the digest snooping feature successfully, you must first enable it on all the switch ports that connect to another manufacturer’s switches adopting proprietary spanning tree protocols and then enable it globally.

l          To enable the digest snooping feature, the interconnected switches and another manufacturer’s switch adopting proprietary spanning tree protocols must be configured with exactly the same MST region-related configurations (including region name, revision level, and VLAN-to-MSTI mapping).

l          The digest snooping feature must be enabled on all the switch ports that connect to another manufacturer’s switches adopting proprietary spanning tree protocols in the same MST region.

l          When the digest snooping feature is enabled globally, the VLAN-to-MSTI mapping table cannot be modified.

l          The digest snooping feature is not applicable to boundary ports in an MST region.

l          The digest snooping function is not applicable to edge ports in an MST region.

 

Examples

# Enable the digest snooping feature for Ethernet 1/0/1.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] stp interface Ethernet 1/0/1 config-digest-snooping

stp interface cost

Syntax

stp interface interface-list [ instance instance-id ] cost cost

undo stp interface interface-list [ instance instance-id ] cost

View

System view

Parameters

interface-list: Ethernet port list. You can specify multiple Ethernet ports by providing this argument in the form of interface-list = { interface-type interface-number [ to interface-type interface-number ] } &<1-10>, where &<1-10> means that you can provide up to 10 port indexes/port index ranges for this argument.

instance-id: MSTI ID ranging from 0 to 16. The value of 0 refers to the CIST.

cost: Path cost to be set for the port. The range of the cost argument varies with the standard used for calculating the default path cost of a port as follows:

l          With the IEEE 802.1D-1998 standard selected, the path cost of an Ethernet port ranges from 1 to 65535.

l          With the IEEE 802.1t standard selected, the path cost of an Ethernet port ranges from 1 to 200000000.

l          With the proprietary standard selected, the path cost of an Ethernet port ranges from 1 to 200000.

Description

Use the stp interface cost command to set the path cost(s) of the specified port(s) in a specified MSTI in system view.

Use the undo stp interface cost command to restore the default value of the path cost(s) of the specified port(s) in the specified MSTI in system view.

By default, a switch automatically calculates the path costs of a port in different MSTIs based on a specified standard.

If you specify the instance-id argument to be 0 or do not specify this argument, the stp interface cost command sets the path cost(s) of the specified port(s) in the CIST.

The path cost of a port affects its port role. By configuring different path costs for the same port in different MSTIs, you can make flows of different VLANs travel along different physical links, so as to achieve VLAN-based load balancing. Changing the path cost of a port in an MSTI may change the role of the port in the instance and put it in state transition.

The default port path cost varies with port speed. Refer to Table 1-8 for details.

Related commands: stp cost.

Examples

# Set the path cost of Ethernet 1/0/3 in MSTI 2 to 400.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] stp interface Ethernet 1/0/3 instance 2 cost 400

stp interface edged-port

Syntax

stp interface interface-list edged-port { enable | disable }

undo stp interface interface-list edged-port

View

System view

Parameters

interface-list: Ethernet port list. You can specify multiple Ethernet ports by providing this argument in the form of interface-list = { interface-type interface-number [ to interface-type interface-number ] } &<1-10>, where &<1-10> means that you can provide up to 10 port indexes/port index ranges for this argument.

enable: Configures the specified Ethernet port to be an edge port.

disable: Configures the specified Ethernet port to be a non-edge port.

Description

Use the stp interface edged-port enable command to configure the specified Ethernet ports as edge ports in system view.

Use the stp interface edged-port disable command to configure the specified Ethernet ports as non-edge ports in system view.

Use the undo stp interface edged-port command to restore the specified Ethernet ports to the default state.

By default, all Ethernet ports of a switch are non-edge ports.

An edge port is a port that is directly connected to a user terminal instead of another switch or a network segment. Rapid transition to the forwarding state is applied to edge ports because on these ports no loops can be incurred by network topology changes. You can enable a port to turn to the forwarding state rapidly by setting it to an edge port. And you are recommended to configure the Ethernet ports directly connected to user terminals as edge ports to enable them to turn to the forwarding state rapidly.

Normally, configuration BPDUs cannot reach an edge port because the port is not connected to another switch. But when the BPDU guard function is disabled on an edge port, configuration BPDUs sent deliberately by a malicious user may reach the port. If an edge port receives a BPDU, it turns to a non-edge port.

Related commands: stp edged-port.

 

With the loop guard function enabled, the root guard function and the edge port configuration are mutually exclusive.

 

Examples

# Configure Ethernet 1/0/3 as an edge port.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] stp interface Ethernet 1/0/3 edged-port enable

stp interface loop-protection

Syntax

stp interface interface-list loop-protection

undo stp interface interface-list loop-protection

View

System view

Parameters

interface-list: Ethernet port list. You can specify multiple Ethernet ports by providing this argument in the form of interface-list = { interface-type interface-number [ to interface-type interface-number ] } &<1-10>, where &<1-10> means that you can provide up to 10 port indexes/port index ranges for this argument.

Description

Use the stp interface loop-protection command to enable the loop guard function in system view.

Use the undo stp interface loop-protection command to restore the default state of the loop guard function in system view.

The loop guard function is disabled by default.

Related commands: stp loop-protection.

 

With the loop guard function enabled, the root guard function and the edge port configuration are mutually exclusive.

 

Examples

# Enable the loop guard function for Ethernet 1/0/1.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] stp interface Ethernet 1/0/1 loop-protection

stp interface mcheck

Syntax

stp [ interface interface-list ] mcheck

View

System view

Parameters

interface-list: Ethernet port list. You can specify multiple Ethernet ports by providing this argument in the form of interface-list = { interface-type interface-number [ to interface-type interface-number ] } &<1-10>, where &<1-10> means that you can provide up to 10 port indexes/port index ranges for this argument.

Description

Use the stp interface mcheck command to perform the mCheck operation on specified port(s) in system view.

A port on an MSTP-enabled switch migrates to the STP-/RSTP-compatible mode automatically if an STP-/RSTP-enabled switch has been connected to it. But when the STP-/RSTP-enabled switch is disconnected from the port, the port cannot migrate back to the MSTP mode automatically. In this case, you can force the port to migrate to the MSTP mode by performing the mCheck operation on the port.

Related commands: stp mcheck, stp mode.

Examples

# Perform the mCheck operation for Ethernet 1/0/3 in system view.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] stp interface Ethernet 1/0/3 mcheck

stp interface no-agreement-check

Syntax

stp interface interface-type interface-number no-agreement-check

undo stp interface interface-type interface-number no-agreement-check

View

System view

Parameters

interface-type: Port type.

interface-number: Port number.

Description

Use the stp interface no-agreement-check command to enable the rapid transition feature on the specified port.

Use the undo stp interface no-agreement-check command to disable the rapid transition feature on the specified port.

The rapid transition feature is disabled on any port by default.

Some manufactures' switches adopt proprietary spanning tree protocols that are similar to RSTP in the way to implement rapid transition on designated ports. When a switch of this kind operates as the upstream switch of H3C series switches running MSTP, the upstream designated port fails to change their states rapidly.

The rapid transition feature is developed on the H3C series switches to avoid this case. When an H3C series switch running MSTP is connected in the upstream direction to a manufacture's switch adopting proprietary spanning tree protocols, you can enable the rapid transition feature on the ports of the H3C series switch operating as the downstream switch. Among these ports, those operating as the root ports will then send agreement packets to their upstream ports after they receive proposal packets from the upstream designated ports, instead of waiting for agreement packets from the upstream switch. This enables designated ports of the upstream switch to change their states rapidly.

Related commands: stp no-agreement-check.

 

l          The rapid transition feature can be enabled on root ports or alternate ports only.

l          You can enable the rapid transition feature on the designated port, however, the feature does not take effect on the port.

 

Examples

# Enable the rapid transition feature for Ethernet 1/0/1.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname]stp interface Ethernet 1/0/1 no-agreement-check

stp interface point-to-point

Syntax

stp interface interface-list point-to-point { force-true | force-false | auto }

undo stp interface interface-list point-to-point

View

System view

Parameters

interface-list: Ethernet port list. You can specify multiple Ethernet ports by providing this argument in the form of interface-list = { interface-type interface-number [ to interface-type interface-number ] } &<1-10>, where &<1-10> means that you can provide up to 10 port indexes/port index ranges for this argument.

force-true: Specifies that the links connected to the specified Ethernet ports are point-to-point links.

force-false: Specifies that the links connected to the specified Ethernet ports are not point-to-point links.

auto: Specifies to automatically determine whether or not the links connected to the specified Ethernet ports are point-to-point links.

Description

Use the stp interface point-to-point command to specify whether the links connected to the specified Ethernet ports are point-to-point links in system view.

Use the undo stp interface point-to-point command to restore the links connected to the specified ports to their default link types, which are automatically determined by MSTP.

If no keyword is specified in the stp interface point-to-point command, the auto keyword is used by default, and so MSTP automatically determines the types of the links connected to the specified ports.

The rapid transition feature is not applicable to ports connected to non-point-to-point links.

Note that:

l          If the current Ethernet port operates in full duplex mode, the link connected to the port is a point-to-point link. In this case, the default setting (where MSTP determines the link type automatically) is recommended.

l          If the current Ethernet port belongs to an aggregation group and you configure the link connected to the port as a point-to-point link, the configuration will be synchronized to the rest ports in the aggregation group.

l          If a port is configured to connect to a point-to-point link (or non-point-to-point link), the port adopts the same configuration in all spanning tree instances.

l          If a port connects to a non-point-to-point link, but the port is configured to connect to a point-to-point link by mistake, loops may temporarily occur.

Related commands: stp point-to-point.

Examples

# Configure the link connected to Ethernet 1/0/3 as a point-to-point link.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] stp interface Ethernet 1/0/3 point-to-point force-true

stp interface port priority

Syntax

stp interface interface-list instance instance-id port priority priority

undo stp interface interface-list instance instance-id port priority

View

System view

Parameters

interface-list: Ethernet port list. You can specify multiple Ethernet ports by providing this argument in the form of interface-list = { interface-type interface-number [ to interface-type interface-number ] } &<1-10>, where &<1-10> means that you can provide up to 10 port indexes/port index ranges for this argument.

instance-id: MSTI ID ranging from 0 to 16. The value of 0 refers to the CIST.

priority: Port priority to be set. This argument ranges from 0 to 240 and must be a multiple of 16 (such as 0, 16, 32, and so on).

Description

Use the stp interface port priority command to set a port priority for the specified ports in the specified MSTI in system view.

Use the undo stp interface port priority command to restore the default priority of the specified ports in the specified MSTI in system view.

The default port priority of a port in an MSTI is 128.

If you specify the instance-id argument to 0, the two commands apply to the port priorities on the CIST. The role a port plays in an MSTI is affected by its port priority in the instance. A port on an MSTP-enabled switch can have different port priorities and play different roles in different MSTIs. This enables packets of different VLANs to be forwarded along different physical paths, so as to implement VLAN-based load balancing. Changing port priorities results in port role recalculation and may cause state transition.

Related commands: stp port priority.

Examples

# Set the port priority of Ethernet 1/0/3 in MSTI 2 to 16.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] stp interface Ethernet 1/0/3 instance 2 port priority 16

stp interface root-protection

Syntax

stp interface interface-list root-protection

undo stp interface interface-list root-protection

View

System view

Parameters

interface-list: Ethernet port list. You can specify multiple Ethernet ports by providing this argument in the form of interface-list = { interface-type interface-number [ to interface-type interface-number ] } &<1-10>, where &<1-10> means that you can provide up to 10 port indexes/port index ranges for this argument.

Description

Use the stp interface root-protection command to enable the root guard function on specified port(s) in system view.

Use the undo stp interface root-protection command to restore the root guard function to the default state on specified port(s) in system view.

By default, the root guard function is disabled.

Because of configuration errors or malicious attacks, the root bridge in the network may receive configuration BPDUs with priorities higher than that of a root bridge, which causes new root bridge to be elected and network topology jitter to occur. In this case, flows that should have traveled along high-speed links are led to low-speed links, which causes network congestion.

You can avoid this problem by enabling the root guard function. Root-guard-enabled ports can only be kept as designated ports in all MSTIs. When a port of this type receives configuration BPDUs with higher priorities, that is, when it is to become a non-designated port, it turns to the discarding state and stops forwarding packets (as if it is disconnected from the link).

Related commands: stp root-protection.

 

With the loop guard function enabled, the root guard function and edge port configuration are mutually exclusive.

 

Examples

# Enable the root guard function for Ethernet 1/0/1.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] stp interface Ethernet 1/0/1 root-protection

stp interface transmit-limit

Syntax

stp interface interface-list transmit-limit packetnum

undo stp interface interface-list transmit-limit

View

System view

Parameters

interface-list: Ethernet port list. You can specify multiple Ethernet ports by providing this argument in the form of interface-list = { interface-type interface-number [ to interface-type interface-number ] } &<1-10>, where &<1-10> means that you can provide up to 10 port indexes/port index ranges for this argument.

packetnum: Maximum number of configuration BPDUs a port can send in each hello time. This argument ranges from 1 to 255 and defaults to 10.

Description

Use the stp interface transmit-limit command to set the maximum number of configuration BPDUs each specified port can send in each hello time.

Use the undo stp interface transmit-limit command to restore the maximum number to the default value.

The larger the packetnum argument is, the more packets a port can transmit in each hello time, while the more switch resources are occupied. Configure the packetnum argument to a proper value to limit the number of BPDUs a port can send in each hello time to prevent MSTP from occupying too much bandwidth resources when network topology jitter occur.

Related commands: stp transmit-limit.

Examples

# Set the maximum transmitting speed of Ethernet 1/0/3 to 15.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] stp interface Ethernet 1/0/3 transmit-limit 15

stp loop-protection

Syntax

stp loop-protection

undo stp loop-protection

View

Ethernet port view

Parameters

None

Description

Use the stp loop-protection command to enable the loop guard function on the current port.

Use the undo stp loop-protection command to restore the loop guard function to the default state on the current port.

By default, the loop guard function is disabled.

A switch maintains the states of the root port and other blocked ports by receiving and processing BPDUs from the upstream switch. These BPDUs may get lost because of network congestion or unidirectional link failures. If a switch does not receive BPDUs from the upstream switch for a certain period, the switch selects a new root port; the original root port becomes a designated port; and the blocked ports turn to the forwarding state. This may cause loops in the network.

The loop guard function suppresses loops. With this function enabled, if link congestions or unidirectional link failures happen, a root port becomes a designated port, and the port turns to the discarding state. The blocked port also becomes the designated port and the port turns to the discarding state, that is, the port does not forward packets and thereby loops can be prevented.

Examples

# Enable the loop guard function on Ethernet 1/0/1.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Ethernet 1/0/1

[Sysname-Ethernet1/0/1] stp loop-protection

stp max-hops

Syntax

stp max-hops hops

undo stp max-hops

View

System view

Parameters

hops: Maximum hop count to be set. This argument ranges from 1 to 40.

Description

Use the stp max-hops command to set the maximum hop count for the MST region the current switch belongs to.

Use the undo stp max-hops command to restore the maximum hop count to the default.

By default, the maximum hop count of an MST region is 20.

The maximum hop count configured on the region roots of an MST region limits the size of the MST region.

A configuration BPDU contains a field that maintains the remaining hops of the configuration BPDU. And a switch discards the configuration BPDUs whose remaining hops are 0. After a configuration BPDU reaches a root bridge of a spanning tree in a MST region, the value of the remaining hops field in the configuration BPDU is decreased by 1 every time the configuration BPDU passes one switch. Such a mechanism disables the switches that are beyond the maximum hops from participating in spanning tree calculation, and thus limits the size of an MST region.

With such a mechanism, the maximum hops configured on the switch operating as the root bridge of the CIST or an MSTI in a MST region becomes the network diameter of the spanning tree, which limits the size of the spanning tree in the current MST region. The switches that are not root bridges in an MST region adopt the maximum hop settings of the root bridge.

Examples

# Set the maximum hop count of the current MST region to 35.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] stp max-hops 35

stp mcheck

Syntax

stp mcheck

View

System view, Ethernet port view

Parameters

None

Description

Use the stp mcheck command to perform the mCheck operation on the current port.

When a port on an MSTP-enabled upstream switch connects with an STP-enabled downstream switch, the port operates in the STP-compatible mode automatically. But when the STP-enabled downstream switch is then replaced by an MSTP-enabled switch, the port cannot automatically transit to the MSTP mode but still remains in the STP-compatible mode. In this case, you can force the port to transit to the MSTP mode by performing the mCheck operation on the port.

Similarly, when a port on an RSTP-enabled upstream switch connects with an STP-enabled downstream switch, the port operates in the STP-compatible mode. But when the STP-enabled downstream switch is then replaced by an MSTP-enabled switch, the port cannot automatically transit to the MSTP mode but remains in the STP-compatible mode. In this case, you can force the port to transit to the MSTP-compatible mode by performing the mCheck operation on the port.

Related commands: stp mode, stp interface mcheck.

Examples

# Perform the mCheck operation on Ethernet 1/0/1.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Ethernet 1/0/1

[Sysname-Ethernet1/0/1] stp mcheck

stp mode

Syntax

stp mode { stp | rstp | mstp }

undo stp mode

View

System view

Parameters

stp: Specifies the STP-compatible mode.

mstp: Specifies the MSTP mode.

rstp: Specifies the RSTP-compatible mode.

Description

Use the stp mode command to set the operating mode of an MSTP-enabled switch.

Use the undo stp mode command to restore the default operating mode of an MSTP-enabled switch.

By default, an MSTP-enabled switch operates in MSTP mode.

To make a switch compatible with STP and RSTP, MSTP provides following three operating modes.

l          STP-compatible mode, where the ports of a switch send STP BPDUs to neighboring devices. If STP-enabled switches exist in a switched network, you can use the stp mode stp command to configure an MSTP-enabled switch to operate in STP-compatible mode.

l          RSTP-compatible mode, where the ports of a switch send RSTP BPDUs to neighboring devices. If RSTP-enabled switches exist in a switched network, you can use the stp mode rstp command to configure an MSTP-enabled switch to operate in RSTP-compatible mode.

l          MSTP mode, where the ports of a switch send MSTP BPDUs and STP BPDUs (if the switch is connected to STP-enabled switches) to neighboring devices. In this case, the switch is MSTP-capable.

Related commands: stp mcheck, stp, stp interface, stp interface mcheck.

Examples

# Configure the MSTP operation mode as STP-compatible.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] stp mode stp

stp no-agreement-check

Syntax

stp no-agreement-check

undo stp no-agreement-check

View

Ethernet port view

Parameters

None

Description

Use the stp no-agreement-check command to enable the rapid transition feature on a port.

Use the stp no-agreement-check command to disable the rapid transition feature.

By default, the rapid transition feature is disabled on a port.

Some manufactures' switches adopt proprietary spanning tree protocols that are similar to RSTP in the way to implement rapid transition on designated ports. When a switch of this kind operates as the upstream switch of an H3C series switch running MSTP, the upstream designated port fails to change their states rapidly.

The rapid transition feature aims to resolve this problem. When an H3C series switch running MSTP is connected in the upstream direction to another manufacture's switch adopting proprietary spanning tree protocols, you can enable the rapid transition feature on the ports of the H3C series switch operating as the downstream switch. Among these ports, those operating as the root ports will then actively send agreement packets to their upstream ports after they receive proposal packets from the upstream designated ports, instead of waiting for agreement packets from the upstream switch. This enables designated ports of the upstream switch to change their states rapidly.

Related commands: stp interface no-agreement-check.

 

l          The rapid transition feature can be enabled on only root ports or alternate ports.

l          You can enable the rapid transition feature on the designated port. However, the feature does not take effect on the port.

 

Examples

# Enable the rapid transition feature on Ethernet 1/0/1.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Ethernet 1/0/1

[Sysname-Ethernet1/0/1] stp no-agreement-check

stp pathcost-standard

Syntax

stp pathcost-standard { dot1d-1998 | dot1t | legacy }

undo stp pathcost-standard

View

System view

Parameters

dot1d-1998: Uses the IEEE 802.1D-1998 standard to calculate the default path costs of ports.

dot1t: Uses the IEEE 802.1t standard to calculate the default path costs of ports.

legacy: Uses the proprietary standard to calculate the default path costs of ports.

Description

Use the stp pathcost-standard command to set the standard to be used to calculate the default path costs of the links connected to the switch.

Use the undo stp pathcost-standard command to specify to use the default standard.

By default, a switch uses the legacy standard to calculate the default path costs of ports.

Table 1-8 Link speeds and the corresponding path costs

Link speed

Operating mode (half-/full-duplex)

802.1D-1998

IEEE 802.1t

Proprietary standard

0

65,535

200,000,000

200,000

10 Mbps

Half-duplex/Full-duplex

Aggregated link 2 ports

Aggregated link 3 ports

Aggregated link 4 ports

100

95

95

95

200,000

1,000,000

666,666

500,000

2,000

1,800

1,600

1,400

100 Mbps

Half-duplex/Full-duplex

Aggregated link 2 ports

Aggregated link 3 ports

Aggregated link 4 ports

19

15

15

15

200,000

100,000

66,666

50,000

200

180

160

140

1,000 Mbps

Full-duplex

Aggregated link 2 ports

Aggregated link 3 ports

Aggregated link 4 ports

4

3

3

3

200,000

10,000

6,666

5,000

20

18

16

14

10 Gbps

Full-duplex

Aggregated link 2 ports

Aggregated link 3 ports

Aggregated link 4 ports

2

1

1

1

200,000

1,000

666

500

2

1

1

1

 

Normally, when a port operates in full-duplex mode, the corresponding path cost is slightly less than that when the port operates in half-duplex mode.

When the path cost of an aggregated link is calculated, the 802.1D-1998 standard does not take the number of the ports on the aggregated link into account, whereas the 802.1T standard does. The following formula is used to calculate the path cost of an aggregated link:

Path cost = 200,000 / link speed,

In this formula, the link speed is the sum of the speeds of the unblocked ports on the aggregated link, which is measured in 100 Kbps.

Examples

# Configure to use the IEEE 802.1D-1998 standard to calculate the default path costs of ports.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] stp pathcost-standard dot1d-1998

# Configure to use the IEEE 802.1t standard to calculate the default path costs of ports.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] stp pathcost-standard dot1t

stp point-to-point

Syntax

stp point-to-point { force-true | force-false | auto }

undo stp point-to-point

View

Ethernet port view

Parameters

force-true: Specifies that the link connected to the current Ethernet port is a point-to-point link.

force-false: Specifies that the link connected to the current Ethernet port is not a point-to-point link.

auto: Specifies to automatically determine whether or not the link connected to the current Ethernet port is a point-to-point link.

Description

Use the stp point-to-point command to specify whether the link connected to the current Ethernet port is a point-to-point link.

Use the undo stp point-to-point command to restore the link connected to the current Ethernet port to its default link type, which is automatically determined by MSTP.

By default, whether the link type of a port is point-to-point is automatically determined by the switch.

The rapid transition feature is not applicable to ports connected to non-point-to-point links.

Note that:

l          If the current Ethernet port operates in full duplex mode, the links connected to the port is a point-to-point link. In this case, the default setting (where MSTP determines the link type automatically) is recommended.

l          If the current Ethernet port belongs to an aggregation group and you configure the link connected to the port as a point-to-point link, the configuration will be synchronized to the rest ports in the aggregation group.

l          If a port is configured to connect to a point-to-point link (or non-point-to-point link), the port adopts the same configuration in all spanning tree instances.

l          If a port connects to a non-point-to-point link, but the port is configured to connect to a point-to-point link by mistake, loops may temporarily occur.

Related commands: stp interface point-to-point.

Examples

# Configure the link connected to Ethernet 1/0/3 as a point-to-point link.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Ethernet 1/0/3

[Sysname-Ethernet1/0/3] stp point-to-point force-true

stp port priority

Syntax

stp [ instance instance-id ] port priority priority

undo stp [ instance instance-id ] port priority

View

Ethernet port view

Parameters

instance-id: MSTI ID ranging from 0 to 16. The value of 0 refers to the CIST.

port priority priority: Sets the port priority. The priority argument ranges from 0 to 240 and must be a multiple of 16 (such as 0, 16, and 32).

Description

Use the stp port priority command to set the port priority of the current port in the specified MSTI.

Use the undo stp port priority command to restore the default port priority of the current port in the specified MSTI.

The default port priority of a port in any MSTI is 128.

If you specify the instance-id argument to 0 or do not specify the argument, the two commands apply to the port priorities of ports on the CIST. The role a port plays in a MSTI is determined by the port priority in the instance. A port on a MSTP-enabled switch can have different port priorities and play different roles in different MSTIs. This enables packets of different VLANs to be forwarded along different physical links, so as to implement VLAN-based load balancing. Changing port priorities result in port role recalculation and state transition.

Related commands: stp interface port priority.

Examples

# Set the port priority of Ethernet 1/0/3 in MSTI 2 to 16.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Ethernet 1/0/3

[Sysname-Ethernet1/0/3] stp instance 2 port priority 16

stp portlog

Syntax

stp [ instance instance-id ] portlog

undo stp [ instance instance-id ] portlog

View

System view

Parameters

instance instance-id: Specifies an MSTI ID, ranging from 0 to 16. The value of 0 indicates the CIST.

Description

Use the stp portlog command to enable log and trap message output for the ports of a specified instance.

Use the undo stp portlog command to disable this function.

By default, log and trap message output is disabled.

Executing the stp portlog command (without using the instance instance-id parameters) will enable log and trap message output for the ports of instance 0.

Examples

# Enable log and trap message output for the ports of instance 1.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] stp instance 1 portlog

stp portlog all

Syntax

stp portlog all

undo stp portlog all

View

System view

Parameters

None

Description

Use the stp portlog all command to enable log and trap message output for the ports of all instances.

Use the undo stp portlog all command to disable this function.

By default, log and trap message output is disabled on the ports of all instances.

Examples

# Enable log and trap message output for the ports of all instances.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] stp portlog all

stp priority

Syntax

stp [ instance instance-id ] priority priority

undo stp [ instance instance-id ] priority

View

System view

Parameters

instance-id: MSTI ID ranging from 0 to 16. The value of 0 refers to the CIST.

priority: Switch priority to be set. This argument ranges from 0 to 61,440 and must be a multiple of 4,096 (such as 0, 4,096, and 8,192). There are totally 16 available switch priorities.

Description

Use the stp priority command to set the priority of the switch in the specified MSTI.

Use the undo stp priority command to restore the switch priority to the default priority in the specified MSTI.

The default priority of a switch is 32,768.

The priorities of switches are used for spanning tree calculation. Switch priorities are spanning tree-specific. That is, you can set different priorities for the same switch in different MSTIs.

If you do not specify the instance-id argument, the two commands apply to only the CIST.

Examples

# Set the bridge priority of the switch in MSTI 1 to 4,096.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] stp instance 1 priority 4096

stp region-configuration

Syntax

stp region-configuration

undo stp region-configuration

View

System view

Parameters

None

Description

Use the stp region-configuration command to enter MST region view.

Use the undo stp region-configuration command to restore the MST region-related settings to the default.

MST region-related parameters include: region name, revision level, and VLAN-to-MSTI mapping table. By default:

l          MST region name is the first MAC address of the switch

l          All VLANs are mapped to the CIST in the VLAN-to-MSTI mapping table

l          The MSTP revision level is 0

You can modify the three parameters after entering MST region view by using the stp region-configuration command.

 

NTDP packets sent by devices in a cluster can be transmitted in only the instances where the management VLAN of the cluster resides.

 

Examples

# Enter MST region view.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] stp region-configuration

[Sysname-mst-region]

stp root primary

Syntax

stp [ instance instance-id ] root primary [ bridge-diameter bridgenum [ hello-time centi-seconds ] ]

undo stp [ instance instance-id ] root

View

System view

Parameters

instance-id: MSTI ID ranging from 0 to 16. The value of 0 refers to the CIST.

bridgenum: Network diameter of the specified spanning tree. This argument ranges from 2 to 7 and defaults to 7.

centi-seconds: Hello time in centiseconds of the specified spanning tree. This argument ranges from 100 to 1,000 and defaults to 200.

Description

Use the stp root primary command to configure the current switch as the root bridge of a specified MSTI.

Use the undo stp root command to cancel the current configuration.

By default, a switch is not configured as a root bridge.

If you do not specify the instance-id argument, these two commands apply to only the CIST.

You can specify the current switch as the root bridge of an MSTI regardless of the priority of the switch. You can also specify the network diameter of the switched network by using the stp root primary command. The switch will then figure out the following three time parameters: hello time, forward delay, and max age. As the hello time figured out by the network diameter is not always the optimal one, you can set it manually through the hello-time centi-seconds parameter. Generally, you are recommended to obtain the forward delay and max age parameters through setting the network diameter.

 

l          You can configure only one root bridge for an MSTI and can configure one or more secondary root bridges for an MSTI. Specifying multiple root bridges for an MSTI causes unpredictable spanning tree calculation results.

l          Once a switch is configured as the root bridge or a secondary root bridge, its priority cannot be modified.

 

Examples

# Configure the current switch as the root bridge of MSTI 1, set the network diameter of the switched network to 4, and set the hello time to 500 centiseconds.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] stp instance 1 root primary bridge-diameter 4 hello-time 500

stp root secondary

Syntax

stp [ instance instance-id ] root secondary [ bridge-diameter bridgenum  [ hello-time centi-seconds ] ]

undo stp [ instance instance-id ] root

View

System view

Parameters

instance-id: MSTI ID ranging from 0 to 16. The value of 0 refers to the CIST.

bridgenum: Network diameter of the specified spanning tree. This argument ranges from 2 to 7 and defaults to 7.

centi-seconds: Hello time in centiseconds of the specified spanning tree. This argument ranges from 100 to 1,000 and defaults to 200.

Description

Use the stp root secondary command to configure the current switch as a secondary root bridge of a specified MSTI.

Use the undo stp root command to cancel the current configuration.

By default, a switch does not operate as a secondary root bridge.

If you do not specify the instance-id argument, the two commands apply to only the CIST.

You can configure one or more secondary root bridges for an MSTI. If the switch operating as the root bridge fails or is turned off, the secondary root bridge with the least MAC address becomes the root bridge.

You can specify the network diameter and the hello time of the switch when you are configuring it as a secondary root bridge. The switch will then figure out the other two time parameters: forward delay and max age. If the instance-id argument is specified to 0 in this command, the current switch is configured as the secondary root bridge of the CIST. You can configure only one root bridge for an MSTI but you can configure one or more secondary root bridges for an MSTI.

Once a switch is configured as the root bridge or a secondary root bridge, its priority cannot be modified.

Examples

# Configure the current switch as a secondary root bridge of MSTI 4, setting the network diameter of the switched network to 5 and the hello time of the current switch to 300 centiseconds.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] stp instance 4 root secondary bridge-diameter 5 hello-time 300

stp root-protection

Syntax

stp root-protection

undo stp root-protection

View

Ethernet port view

Parameters

None

Description

Use the stp root-protection command to enable the root guard function on the current switch.

Use the undo stp root-protection command to restore the root guard function to the default state on the current switch.

By default, the root guard function is disabled.

Because of configuration errors or malicious attacks, the valid root bridge in the network may receive configuration BPDUs with their priorities higher than that of the root bridge, which causes new root bridge to be elected and network topology jitter to occur. In this case, flows that should have traveled along high-speed links are led to low-speed links, causing network congestion.

You can avoid this problem by utilizing the root guard function. Root-guard-enabled ports can only be kept as designated ports in all spanning tree instances. When a port of this type receives configuration BPDUs with higher priorities, it turns to the discarding state before it is specified as a non-designated port and stops forwarding packets (as if it is disconnected from the link).

Related commands: stp interface root-protection.

Examples

# Enable the root guard function on Ethernet 1/0/1.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Ethernet 1/0/1

[Sysname-Ethernet1/0/1] stp root-protection

stp tc-protection

Syntax

stp tc-protection enable

stp tc-protection disable

View

System view

Parameters

None

Description

Use the stp tc-protection enable command to enable the TC-BPDU attack guard function.

Use the stp tc-protection disable command to disable the TC-BPDU attack guard function.

By default, the TC-BPDU guard attack function is enabled, and the MAC address table and ARP entries can be removed for up to six times within 10 seconds.

Normally, a switch removes the MAC address table and ARP entries upon receiving TC-BPDUs. If a malicious user sends a large amount of TC-BPDUs to a switch in a short period, the switch may be busy in removing the MAC address table and ARP entries frequently, which may affect spanning tree calculation, occupy large amount of bandwidth and increase switch CPU utilization.

With the TC-BPDU attack guard function enabled, a switch performs a removing operation upon receiving a TC-BPDU and triggers a timer (set to 10 seconds by default) at the same time. Before the timer expires, the switch only performs the removing operation for limited times (up to six times by default) regardless of the number of the TC-BPDUs it receives. Such a mechanism prevents a switch from being busy in removing the MAC address table and ARP entries.

Examples

# Enable the TC-BPDU attack guard function on the switch.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] stp tc-protection enable

stp tc-protection threshold

Syntax

stp tc-protection threshold number

undo stp tc-protection threshold

View

System view

Parameters

number: Maximum number of times that a switch can remove the MAC address table and ARP entries within each 10 seconds, in the range of 1 to 255.

Description

Use the stp tc-protection threshold command to set the maximum number of times that a switch can remove the MAC address table and ARP entries within each 10 seconds.

Use the undo stp tc-protection threshold command to restore the default.

Normally, a switch removes the MAC address table and ARP entries upon receiving a TC-BPDU. If a malicious user sends large amount of TC-BPDUs to a switch in a short period, the switch may be busy in removing the MAC address table and ARP entries, which may affect spanning tree calculation, occupy a large amount of bandwidth and increase switch CPU utilization.

With the TC-BPDU attack guard function enabled, a switch performs a removing operation upon receiving a TC-BPDU and triggers a timer (set to 10 seconds by default) at the same time. Before the timer expires, the switch only performs the removing operation for limited times (up to six times by default) regardless of the number of the TC-BPDUs it receives. Such a mechanism prevents a switch from being busy in removing the MAC address table and ARP entries.

You can use the stp tc-protection threshold command to set the maximum times for a switch to remove the MAC address table and ARP entries in a specific period. When the number of the TC-BPDUs received within a period is less than the maximum times, the switch performs a removing operation upon receiving a TC-BPDU. After the number of the TC-BPDUs received reaches the maximum times, the switch stops performing the removing operation. For example, if you set the maximum times for a switch to remove the MAC address table and ARP entries to 100 and the switch receives 200 TC-BPDUs in the period, the switch removes the MAC address table and ARP entries for only 100 times within the period.

Examples

# Set the maximum times for a switch to remove the MAC address table and ARP entries within 10 seconds to 5.

<Sysname>system-view

System View: return to User View with Ctrl+Z.

[Sysname] stp tc-protection threshold 5

stp timer forward-delay

Syntax

stp timer forward-delay centi-seconds

undo stp timer forward-delay

View

System view

Parameters

centi-seconds: Forward delay in centiseconds to be set. This argument ranges from 400 to 3,000.

Description

Use the stp timer forward-delay command to set the forward delay of the switch.

Use the undo stp timer forward-delay command to restore the forward delay to the default value.

By default, the forward delay of the switch is 1,500 centiseconds.

To prevent the occurrence of temporary loops, when a port changes its state from discarding to forwarding, it undergoes an intermediate state and waits for a specific period to synchronize with the state transition of the remote switches. This state transition period is determined by the forward delay configured on the root bridge.

The forward delay setting configured on a root bridge applies to all non-root bridges.

As for the configuration of the three time-related parameters (namely, the hello time, forward delay, and max age parameters), the following formulas must be met to prevent frequent network jitter.

2 x (forward delay – 1 second) >= max age

Max age >= 2 x (hello time + 1 second)

You are recommended to specify the network diameter of the switched network and the hello time by using the stp root primary or stp root secondary command. After that, the three proper time-related parameters are automatically calculated by MSTP.

Related commands: stp timer hello, stp timer max-age, stp bridge-diameter.

Examples

# Set the forward delay to 2,000 centiseconds.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] stp timer forward-delay 2000

stp timer hello

Syntax

stp timer hello centi-seconds

undo stp timer hello

View

System view

Parameters

centi-seconds: Hello time to be set, in the range of 100 to 1,000 (in centiseconds).

Description

Use the stp timer hello command to set the hello time of the switch.

Use the undo stp timer hello command to restore the hello time of the switch to the default value.

By default, the hello time of the switch is 200 centiseconds.

A root bridge regularly sends out configuration BPDUs to maintain the stability of existing spanning trees. If the switch does not receive BPDU packets in a specified period, spanning trees will be recalculated because BPDU packets time out. When a switch becomes a root bridge, it regularly sends BPDUs at the interval specified by the hello time you have configured on it. The other none-root-bridge switches adopt the interval specified by the hello time.

As for the configuration of the three time-related parameters (namely, the hello time, forward delay, and max age parameters), the following formulas must be met to prevent frequent network jitter.

2 × (forward delay – 1 second) >= max age

Max age >= 2 × (hello time + 1 second)

You are recommended to specify the network diameter of the switched network and the hello time by using the stp root primary or stp root secondary command. After that, the three proper time-related parameters are automatically calculated by MSTP.

Related commands: stp timer forward-delay, stp timer max-age, stp bridge-diameter.

Examples

# Set the hello time to 400 centiseconds.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] stp timer hello 400

stp timer max-age

Syntax

stp timer max-age centi-seconds

undo stp timer max-age

View

System view

Parameters

centi-seconds: Max age to be set, in the range of 600 to 4,000 (in centiseconds).

Description

Use the stp timer max-age command to set the max age of the switch.

Use the undo stp timer max-age command to restore the default max age.

By default, the max age of a switch is 2,000 centiseconds.

MSTP is capable of detecting link failures and automatically restoring redundant links to the forwarding state. In CIST, switches use the max age parameter to judge whether or not a received configuration BPDU times out. Spanning trees will be recalculated if a configuration BPDU received by a port times out.

The max age is meaningless to MSTIs. The max age configured for the root bridge of the CIST applies to all switches operating on the CIST, including the root bridge.

As for the configuration of the three time-related parameters (namely, the hello time, forward delay, and max age parameters), the following formulas must be met to prevent frequent network jitter:

2 × (forward delay – 1 second) >= max age,

Max age >= 2 × (hello time + 1 second).

You are recommended to specify the network diameter of the switched network and the hello time parameter by using the stp root primary or stp root secondary command. After that, the three proper time-related parameters are automatically determined by MSTP.

Related commands: stp timer forward-delay, stp timer hello, stp bridge-diameter.

Examples

# Set the max age to 1,000 centiseconds.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] stp timer max-age 1000

stp timer-factor

Syntax

stp timer-factor number

undo stp timer-factor

View

System view

Parameters

number: Hello time factor to be set, in the range of 1 to 10.

Description

Use the stp timer-factor command to set the timeout time of a switch in the form of a multiple of the hello time.

Use the undo stp timer-factor command to restore the hello time factor to the default value.

By default, the hello time factor of the switch is 3.

A switch regularly sends protocol packets to its neighboring devices at the interval specified by the hello time parameter to test the links. Generally, a switch regards its upstream switch faulty if the former does receive any protocol packets from the latter in a period three times of the hello time and then initiates the spanning tree recalculation process.

Spanning trees may be recalculated even in a steady network if an upstream switch is always busy. You can configure the hello time factor to a larger number to avoid this problem. Normally, the timeout time can be four (or more) times of the hello time. For a steady network, the timeout time can be five to seven times of the hello time.

Examples

# Set the hello time factor to 7.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] stp timer-factor 7

stp transmit-limit

Syntax

stp transmit-limit packetnum

undo stp transmit-limit

View

Ethernet port view

Parameters

packetnum: Maximum number of configuration BPDUs a port can transmit in each hello time. This argument ranges from 1 to 255.

Description

Use the stp transmit-limit command to set the maximum number of configuration BPDUs the current port can transmit in each hello time.

Use the undo stp transmit-limit command to restore the maximum number to the default value.

By default, the maximum number of configuration BPDUs a port can transmit in each hello time is 10.

A larger number configured by the stp transmit-limit command allows more configuration BPDUs to be transmitted in each hello time, which may occupy more switch resources. So you are recommended configure it to a proper value to avoid network topology jitter and prevent MSTP from occupying too many bandwidth resources.

Related commands: stp interface transmit-limit.

Examples

# Set the maximum number of configuration BPDUs that can be transmitted through Ethernet 1/0/1 in each hello time to 15.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Ethernet 1/0/1

[Sysname-Ethernet1/0/1] stp transmit-limit 15

vlan-mapping modulo

Syntax

vlan-mapping modulo modulo

View

MST region view

Parameters

modulo: Modulo by which VLANs are mapped to MSTIs, in the range of 1 to 16.

Description

Use the vlan-mapping modulo command to set the modulo by which VLANs are mapped to MSTIs.

By default, all VLANs in a network are mapped to the CIST (MSTI 0).

MSTP uses a VLAN-to-MSTI mapping table to describe VLAN-to-MSTI mappings. You can use this command to establish the VLAN-to-MSTI mapping table and map VLANs to MSTIs in a specific way.

Note that a VLAN cannot be mapped to multiple different MSTIs at the same time. A VLAN-to-MSTI mapping becomes invalid when you map the VLAN to another MSTI.

 

You can map VLANs to the specific MSTIs rapidly by using the vlan-mapping modulo modulo command. The ID of the MSTI to which a VLAN is mapped can be figured out by using the following formula:

(VLAN ID-1) % modulo + 1.

In this formula, (VLAN ID-1) % modulo yields the module of (VLAN ID-1) with regards to the modulo argument. For example, if you set the modulo argument to 16, then VLAN 1 is mapped to MSTI 1, VLAN 2 is mapped to MSTI 2, …, VLAN 16 is mapped to MSTI 16, VLAN 17 is mapped to MSTI 1, and so on.

 

Related commands: check region-configuration, revision-level, region-name, active region-configuration.

Examples

# Map VLANs to MSTIs, with the modulo being 16.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] stp region-configuration

[Sysname-mst-region] vlan-mapping modulo 16

vlan-vpn tunnel

Syntax

vlan-vpn tunnel

undo vlan-vpn tunnel

View

System view

Parameters

None

Description

Use the vlan-vpn tunnel command to enable the VLAN-VPN tunnel function for a switch.

Use the undo vlan-vpn tunnel command to disable the VLAN-VPN tunnel function.

The VLAN-VPN tunnel function enables BPDUs to be transparently transmitted between geographically dispersed user networks through specified VLAN VPNs in operator’s networks, through which spanning trees can be calculated across these user networks and are independent of those of the operator’s network.

By default, the VLAN-VPN tunnel function is disabled.

 

l          The VLAN-VPN tunnel function can only be enabled on STP-enabled devices.

l          To enable the VLAN-VPN tunnel function, make sure the links between operator’s networks are trunk links.

l          Only the S3100-SI series among S3100 series switches support the VLAN-VPN tunnel function.

 

Examples

# Enable the VLAN-VPN tunnel function for the switch.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] vlan-vpn tunnel

 

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网