Table of Contents

1 MSTP Configuration· 1-1

STP Overview· 1-1

STP Overview· 1-1

MSTP Overview· 1-9

Background of MSTP· 1-9

Basic MSTP Terminologies· 1-10

Principle of MSTP· 1-13

MSTP Implementation on the Device· 1-14

STP-related Standards· 1-14

Configuring Root Bridge· 1-15

Configuration Prerequisites· 1-16

Configuring an MST Region· 1-16

Specifying the Current Device as a Root Bridge/Secondary Root Bridge· 1-17

Configuring the Bridge Priority of the Current Device· 1-19

Configuring the Mode a Port Recognizes and Sends MSTP Packets· 1-19

Configuring the MSTP Operation Mode· 1-20

Configuring the Maximum Hop Count of an MST Region· 1-21

Configuring the Network Diameter of the Switched Network· 1-22

Configuring the MSTP Time-related Parameters· 1-22

Configuring the Timeout Time Factor 1-24

Configuring the Maximum Transmitting Speed on the Current Port 1-24

Configuring the Current Port as an Edge Port 1-25

Specifying Whether the Link Connected to a Port Is Point-to-point Link· 1-26

Enabling MSTP· 1-27

Configuring Leaf Nodes· 1-28

Configuration Prerequisites· 1-29

Configuring the MST Region· 1-29

Configuring the Mode a Port Recognizes and Sends MSTP Packets· 1-29

Configuring the Timeout Time Factor 1-29

Configuring the Maximum Transmitting Speed on the Current Port 1-29

Configuring a Port as an Edge Port 1-29

Configuring the Path Cost for a Port 1-29

Configuring Port Priority· 1-32

Specifying Whether the Link Connected to a Port Is a Point-to-point Link· 1-32

Enabling MSTP· 1-33

Performing mCheck Operation· 1-33

Configuration Prerequisites· 1-33

Configuration Procedure· 1-33

Configuration Example· 1-33

Configuring Guard Functions· 1-34

Introduction· 1-34

Configuration Prerequisites· 1-35

Configuring BPDU Guard· 1-35

Configuring Root Guard· 1-36

Configuring Loop Guard· 1-36

Configuring TC-BPDU Attack Guard· 1-37

Configuring BPDU Dropping· 1-37

Configuring Digest Snooping· 1-38

Introduction· 1-38

Configuring Digest Snooping· 1-38

Configuring Rapid Transition· 1-39

Introduction· 1-39

Configuring Rapid Transition· 1-41

Configuring VLAN-VPN Tunnel 1-42

Introduction· 1-42

Configuring VLAN-VPN tunnel 1-43

STP Maintenance Configuration· 1-43

Introduction· 1-43

Enabling Log/Trap Output for Ports of MSTP Instance· 1-43

Configuration Example· 1-44

Enabling Trap Messages Conforming to 802.1d Standard· 1-44

Displaying and Maintaining MSTP· 1-44

MSTP Configuration Example· 1-45

VLAN-VPN tunnel Configuration Example· 1-46

 

 

 

STP Overview

STP Overview

Functions of STP

Spanning tree protocol (STP) is a protocol conforming to IEEE 802.1d. It aims to eliminate loops on data link layer in a local area network (LAN). Devices running this protocol detect loops in the network by exchanging packets with one another and eliminate the loops detected by blocking specific ports until the network is pruned into one with tree topology. As a network with tree topology is loop-free, it prevents packets in it from being duplicated and forwarded endlessly and prevents device performance degradation.

Currently, in addition to the protocol conforming to IEEE 802.1d, STP also refers to the protocols based on IEEE 802.1d, such as RSTP, and MSTP.

Protocol packets of STP

STP uses bridge protocol data units (BPDUs), also known as configuration messages, as its protocol packets.

STP identifies the network topology by transmitting BPDUs between STP compliant network devices. BPDUs contain sufficient information for the network devices to complete the spanning tree calculation.

In STP, BPDUs come in two types:

l          Configuration BPDUs, used to calculate spanning trees and maintain the spanning tree topology.

l          Topology change notification (TCN) BPDUs, used to notify concerned devices of network topology changes, if any.

Basic concepts in STP

1)        Root bridge

A tree network must have a root; hence the concept of “root bridge” has been introduced in STP.

There is one and only one root bridge in the entire network, and the root bridge can change alone with changes of the network topology. Therefore, the root bridge is not fixed.

Upon network convergence, the root bridge generates and sends out configuration BPDUs periodically. Other devices just forward the configuration BPDUs received. This mechanism ensures the topological stability.

2)        Root port

On a non-root bridge device, the root port is the port with the lowest path cost to the root bridge. The root port is used for communicating with the root bridge. A non-root-bridge device has one and only one root port. The root bridge has no root port.

3)        Designated bridge and designated port

Refer to the following table for the description of designated bridge and designated port.

Table 1-1 Designated bridge and designated port

Classification	Designated bridge	Designated port
For a device	A designated bridge is a device that is directly connected to a WX3000 series device and is responsible for forwarding BPDUs to the device.	The port through which the designated bridge forwards BPDUs to this device
For a LAN	A designated bridge is a device responsible for forwarding BPDUs to this LAN segment.	The port through which the designated bridge forwards BPDUs to this LAN segment

 

Table 1-1 shows designated bridges and designated ports. In the figure, AP1 and AP2, BP1 and BP2, and CP1 and CP2 are ports on Device A, Device B, and Device C respectively.

l          If Device A forwards BPDUs to Device B through AP1, the designated bridge for Device B is Device A, and the designated port is the port AP1 on Device A.

l          Two devices are connected to the LAN: Device B and Device C. If Device B forwards BPDUs to the LAN, the designated bridge for the LAN is Device B, and the designated port is the port BP2 on Device B.

Figure 1-1 A schematic diagram of designated bridges and designated ports

 

 

4)        Path cost

Path cost is a value used for measuring link capacity. By comparing the path costs of different links, STP selects the most robust links and blocks the other links to prune the network into a tree.

How STP works

STP identifies the network topology by transmitting configuration BPDUs between network devices. Configuration BPDUs contain sufficient information for network devices to complete the spanning tree calculation. Important fields in a configuration BPDU include:

l          Root bridge ID, consisting of root bridge priority and MAC address.

l          Root path cost, the cost of the shortest path to the root bridge.

l          Designated bridge ID, designated bridge priority plus MAC address.

l          Designated port ID, designated port priority plus port name.

l          Message age: lifetime for the configuration BPDUs to be propagated within the network.

l          Max age, lifetime for the configuration BPDUs to be kept in the device.

l          Hello time, configuration BPDU interval.

l          Forward delay, forward delay of the port.

 

For the convenience of description, the description and examples below involve only four parts of a configuration BPDU:

 

1)        Detailed calculation process of the STP algorithm

l          Initial state

Upon initialization of a device, each device generates a BPDU with itself as the root bridge, in which the root path cost is 0, designated bridge ID is the device ID, and the designated port is the local port.

l          Selection of the optimum configuration BPDU

Each device sends out its configuration BPDU and receives configuration BPDUs from other devices.

The process of selecting the optimum configuration BPDU is as follows:

Table 1-2 Selection of the optimum configuration BPDU

Step	Description
1	Upon receiving a configuration BPDU on a port, the device performs the following processing: l      If the received configuration BPDU has a lower priority than that of the configuration BPDU generated by the port, the device will discard the received configuration BPDU without doing any processing on the configuration BPDU of this port. l      If the received configuration BPDU has a higher priority than that of the configuration BPDU generated by the port, the device will replace the content of the configuration BPDU generated by the port with the content of the received configuration BPDU.
2	The device compares the configuration BPDUs of all the ports and chooses the optimum configuration BPDU.

 

Principle for configuration BPDU comparison:

 

l          Selection of the root bridge

At network initialization, each STP-compliant device on the network assumes itself to be the root bridge, with the root bridge ID being its own bridge ID. By exchanging configuration BPDUs, the devices compare one another’s root bridge ID. The device with the smallest root bridge ID is elected as the root bridge.

l          Selection of the root port and designated ports

The process of selecting the root port and designated ports is as follows:

Table 1-3 Selection of the root port and designated ports

Step	Description
1	A non-root-bridge device takes the port on which the optimum configuration BPDU was received as the root port.
2	Based on the configuration BPDU and the path cost of the root port, the device calculates a designated port configuration BPDU for each of the rest ports. l      The root bridge ID is replaced with that of the configuration BPDU of the root port. l      The root path cost is replaced with that of the configuration BPDU of the root port plus the path cost corresponding to the root port. l      The designated bridge ID is replaced with the ID of this device. l      The designated port ID is replaced with the ID of this port.
3	The device compares the calculated configuration BPDU with the configuration BPDU on the port whose role is to be determined, and acts as follows based on the comparison result: l      If the calculated configuration BPDU is superior, this port will serve as the designated port, and the configuration BPDU on the port will be replaced with the calculated configuration BPDU, which will be sent out periodically. l      If the configuration BPDU on the port is superior, the device stops updating the configuration BPDUs of the port and blocks the port, so that the port only receives configuration BPDUs, but does not forward data or send configuration BPDUs.

 

 

Once the root bridge, the root port on each non-root bridge and designated ports have been successfully elected, the entire tree-shaped topology has been constructed.

The following is an example of how the STP algorithm works. The specific network diagram is shown in Figure 1-2. The priority of Device A is 0, the priority of Device B is 1, the priority of Device C is 2, and the path costs of these links are 5, 10 and 4 respectively.

Figure 1-2 Network diagram for STP algorithm

 

l          Initial state of each device

The following table shows the initial state of each device.

Table 1-4 Initial state of each device

Device	Port name	BPDU of port
Device A	AP1	{0, 0, 0, AP1}
	AP2	{0, 0, 0, AP2}
Device B	BP1	{1, 0, 1, BP1}
	BP2	{1, 0, 1, BP2}
Device C	CP1	{2, 0, 2, CP1}
	CP2	{2, 0, 2, CP2}

 

l          Comparison process and result on each device

The following table shows the comparison process and result on each device.

Table 1-5 Comparison process and result on each device

Device	Comparison process	BPDU of port after comparison
Device A	l      Port AP1 receives the configuration BPDU of Device B {1, 0, 1, BP1}. Device A finds that the configuration BPDU of the local port {0, 0, 0, AP1} is superior to the configuration received message, and discards the received configuration BPDU. l      Port AP2 receives the configuration BPDU of Device C {2, 0, 2, CP1}. Device A finds that the BPDU of the local port {0, 0, 0, AP2} is superior to the received configuration BPDU, and discards the received configuration BPDU. l      Device A finds that both the root bridge and designated bridge in the configuration BPDUs of all its ports are Device A itself, so it assumes itself to be the root bridge. In this case, it does not make any change to the configuration BPDU of each port, and starts sending out configuration BPDUs periodically.	AP1: {0, 0, 0, AP1} AP2: {0, 0, 0, AP2}
Device B	l      Port BP1 receives the configuration BPDU of Device A {0, 0, 0, AP1}. Device B finds that the received configuration BPDU is superior to the configuration BPDU of the local port {1, 0,1, BP1}, and updates the configuration BPDU of BP1. l      Port BP2 receives the configuration BPDU of Device C {2, 0, 2, CP2}. Device B finds that the configuration BPDU of the local port {1, 0, 1, BP2} is superior to the received configuration BPDU, and discards the received configuration BPDU.	BP1: {0, 0, 0, AP1} BP2: {1, 0, 1, BP2}
	l      Device B compares the configuration BPDUs of all its ports, and determines that the configuration BPDU of BP1 is the optimum configuration BPDU. Then, it uses BP1 as the root port, the configuration BPDUs of which will not be changed. l      Based on the configuration BPDU of BP1 and the path cost of the root port (5), Device B calculates a designated port configuration BPDU for BP2 {0, 5, 1, BP2}. l      Device B compares the calculated configuration BPDU {0, 5, 1, BP2} with the configuration BPDU of BP2. If the calculated BPDU is superior, BP2 will act as the designated port, and the configuration BPDU on this port will be replaced with the calculated configuration BPDU, which will be sent out periodically.	Root port BP1: {0, 0, 0, AP1} Designated port BP2: {0, 5, 1, BP2}
Device C	l      Port CP1 receives the configuration BPDU of Device A {0, 0, 0, AP2}. Device C finds that the received configuration BPDU is superior to the configuration BPDU of the local port {2, 0, 2, CP1}, and updates the configuration BPDU of CP1. l      Port CP2 receives the configuration BPDU of port BP2 of Device B {1, 0, 1, BP2} before the message was updated. Device C finds that the received configuration BPDU is superior to the configuration BPDU of the local port {2, 0, 2, CP2}, and updates the configuration BPDU of CP2.	CP1: {0, 0, 0, AP2} CP2: {1, 0, 1, BP2}
	By comparison: l      The configuration BPDUs of CP1 is elected as the optimum configuration BPDU, so CP1 is identified as the root port, the configuration BPDUs of which will not be changed. l      Device C compares the calculated designated port configuration BPDU {0, 10, 2, CP2} with the configuration BPDU of CP2, and CP2 becomes the designated port, and the configuration BPDU of this port will be replaced with the calculated configuration BPDU.	Root port CP1: {0, 0, 0, AP2} Designated port CP2: {0, 10, 2, CP2}
	l      Next, port CP2 receives the updated configuration BPDU of Device B {0, 5, 1, BP2}. Because the received configuration BPDU is superior to its old one, Device C launches a BPDU update process. l      At the same time, port CP1 receives configuration BPDUs periodically from Device A. Device C does not launch an update process after comparison.	CP1: {0, 0, 0, AP2} CP2: {0, 5, 1, BP2}
	By comparison: l      Because the root path cost of CP2 (9) (root path cost of the BPDU (5) + path cost corresponding to CP2 (4)) is smaller than the root path cost of CP1 (10) (root path cost of the BPDU (0) + path cost corresponding to CP2 (10)), the BPDU of CP2 is elected as the optimum BPDU, and CP2 is elected as the root port, the messages of which will not be changed. l      After comparison between the configuration BPDU of CP1 and the calculated designated port configuration BPDU, port CP1 is blocked, with the configuration BPDU of the port remaining unchanged, and the port will not receive data from Device A until a spanning tree calculation process is triggered by a new condition, for example, the link from Device B to Device C becomes down.	Blocked port CP2: {0, 0, 0, AP2} Root port CP2: {0, 5, 1, BP2}

 

After the comparison processes described in the table above, a spanning tree with Device A as the root bridge is stabilized, as shown in Figure 1-3.

Figure 1-3 The final calculated spanning tree

 

 

2)        The BPDU forwarding mechanism in STP

l          Upon network initiation, every device regards itself as the root bridge, generates configuration BPDUs with itself as the root, and sends the configuration BPDUs at a regular interval of hello time.

l          If it is the root port that received the configuration BPDU and the received configuration BPDU is superior to the configuration BPDU of the port, the device will increase message age carried in the configuration BPDU by a certain rule and start a timer to time the configuration BPDU while it sends out this configuration BPDU through the designated port.

l          If the configuration BPDU received on the designated port has a lower priority than the configuration BPDU of the local port, the port will immediately sends out its better configuration BPDU in response.

l          If a path becomes faulty, the root port on this path will no longer receive new configuration BPDUs and the old configuration BPDUs will be discarded due to timeout. In this case, the device generates configuration BPDUs with itself as the root bridge and sends configuration BPDUs and TCN BPDUs. This triggers a new spanning tree calculation so that a new path is established to restore the network connectivity.

However, the newly calculated configuration BPDU will not be propagated throughout the network immediately, so the old root ports and designated ports that have not detected the topology change continue forwarding data through the old path. If the new root port and designated port begin to forward data as soon as they are elected, a temporary loop may occur.

3)        STP timers

The following three time parameters are important for STP calculation:

l          Forward delay, the period the device waits before state transition.

A link failure triggers a new round of spanning tree calculation and results in changes of the spanning tree. However, as new configuration BPDUs cannot be propagated throughout the network immediately, if the new root port and designated port begin to forward data as soon as they are elected, loops may temporarily occur.

For this reason, the protocol uses a state transition mechanism. Namely, a newly elected root port and the designated ports must go through a period, which is twice the forward delay time, before they transit to the forwarding state. The period allows the new configuration BPDUs to be propagated throughout the entire network.

l          Hello time, the interval for sending hello packets. Hello packets are used to check link state.

The device sends hello packets to its neighboring devices at a regular interval (the hello time) to check whether the links are faulty.

l          Max time, lifetime of the configuration BPDUs stored in the device. A configuration BPDU that has “expired” is discarded by the device.

MSTP Overview

Background of MSTP

Disadvantages of STP and RSTP

STP does not support rapid state transition of ports. A newly elected root port or designated port must wait twice the forward delay time before transiting to the forwarding state, even if it is a port on a point-to-point link or it is an edge port (an edge port refers to a port that directly connects to a user terminal rather than to another device or a shared LAN segment.)

The rapid spanning tree protocol (RSTP) is an optimized version of STP. RSTP allows a newly elected root port or designated port to enter the forwarding state much quicker under certain conditions than in STP. As a result, it takes a shorter time for the network to reach the final topology stability.

 

 

RSTP supports rapid convergence. Like STP, it is of the following disadvantages: all bridges in a LAN are on the same spanning tree; redundant links cannot be blocked by VLAN; the packets of all VLANs are forwarded along the same spanning tree.

Features of MSTP

The multiple spanning tree protocol (MSTP) overcomes the shortcomings of STP and RSTP. In addition to support for rapid network convergence, it also allows data flows of different VLANs to be forwarded along their own paths, thus providing a better load sharing mechanism for redundant links.

MSTP features the following:

l          MSTP supports mapping VLANs to MST instances by means of a VLAN-to-instance mapping table. MSTP introduces “instance” (integrates multiple VLANs into a set) and can bind multiple VLANs to an instance, thus saving communication overhead and improving resource utilization.

l          MSTP divides a switched network into multiple regions, each containing multiple spanning trees that are independent of one another.

l          MSTP prunes a ring network into a network with tree topology, preventing packets from being duplicated and forwarded in a network endlessly. Furthermore, it offers multiple redundant paths for forwarding data, and thus achieves load balancing for forwarding VLAN data.

l          MSTP is compatible with STP and RSTP.

Basic MSTP Terminologies

Figure 1-4 illustrates basic MSTP terms (assuming that MSTP is enabled on every device in this figure).

Figure 1-4 Basic MSTP terminologies

 

MST region

A multiple spanning tree region (MST region) comprises multiple physically-interconnected MSTP-enabled devices and the corresponding network segments connected to these devices. These devices have the same region name, the same VLAN-to-MSTI mapping configuration and the same MSTP revision level.

A switched network can contain multiple MST regions. You can group multiple devices into one MST region by using the corresponding MSTP configuration commands.

As shown in Figure 1-4, all the devices in region A0 are of the same MST region-related configuration, including:

l          Region name

l          VLAN-to-MSTI mapping (that is, VLAN 1 is mapped to MSTI 1, VLAN 2 is mapped to instance 2, and the other VLANs are mapped to CIST.)

l          MSTP revision level (not shown in Figure 1-4)

MSTI

A multiple spanning tree instance (MSTI) refers to a spanning tree in an MST region.

Multiple spanning trees can be established in one MST region. These spanning trees are independent of each other. For example, each region in Figure 1-4 contains multiple spanning trees known as MSTIs. Each of these spanning trees corresponds to a VLAN.

VLAN mapping table

A VLAN mapping table is a property of an MST region. It contains information about how VLANs are mapped to MSTIs. For example, in Figure 1-4, the VLAN mapping table of region A0 is: VLAN 1 is mapped to MSTI 1; VLAN 2 is mapped to MSTI 2; and other VLANs are mapped to CIST. In an MST region, load balancing is implemented according to the VLAN mapping table.

IST

An internal spanning tree (IST) is a spanning tree in an MST region.

ISTs together with the common spanning tree (CST) form the common and internal spanning tree (CIST) of the entire switched network. An IST is a special MSTI; it is a branch of CIST in the MST region.

In Figure 1-4, each MST region has an IST, which is a branch of the CIST.

CST

A CST is a single spanning tree in a switched network that connects all MST regions in the network. If you regard each MST region in the network as a device, then the CST is the spanning tree generated by STP or RSTP running on the "devices".

CIST

A CIST is the spanning tree in a switched network that connects all devices in the network. It comprises the ISTs and the CST.

In Figure 1-4, the ISTs in the MST regions and the CST connecting the MST regions form the CIST.

Region root

A region root is the root of the IST or an MSTI in an MST region. Different spanning trees in an MST region may have different topologies and thus have different region roots.

In region D0 shown in Figure 1-4, the region root of MSTI 1 is Device B, and the region root of MSTI 2 is Device C.

Common root bridge

The common root bridge is the root of the CIST. The common root bridge of the network shown in Figure 1-4 is a device in region A0.

Port role

During MSTP calculation, the following port roles exist: root port, designated port, master port, region edge port, alternate port, and backup port.

l          A root port is used to forward packets to the root.

l          A designated port is used to forward packets to a downstream network segment or device.

l          A master port connects an MST region to the common root. The path from the master port to the common root is the shortest path between the MST region and the common root.

l          A region edge port is located on the edge of an MST region and is used to connect one MST region to another MST region, an STP-enabled region or an RSTP-enabled region

l          An alternate port is a secondary port of a root port or master port and is used for rapid transition. With the root port or master port being blocked, the alternate port becomes the new root port or master port.

l          A backup port is the secondary port of a designated port and is used for rapid transition. With the designated port being blocked, the backup port becomes the new designated port fast and begins to forward data seamlessly. When two ports of an MSTP-enabled device are interconnected, the device blocks one of the two ports to eliminate the loop that occurs. The blocked port is the backup port.

In Figure 1-5, device A, device B, device C, and device D form an MST region. Port 1 and port 2 on device A connect upstream to the common root. Port 5 and port 6 on device C form a loop. Port 3 and port 4 on device D connect downstream to other MST regions. This figure shows the roles these ports play.

 

 

Figure 1-5 Port roles

 

Port state

In MSTP, a port can be in one of the following three states:

l          Forwarding state. Ports in this state can forward user packets and receive/send BPDU packets.

l          Learning state. Ports in this state can receive/send BPDU packets.

l          Discarding state. Ports in this state can only receive BPDU packets.

Port roles and port states are not mutually dependent. Table 1-6 lists possible combinations of port states and port roles.

Table 1-6 Combinations of port states and port roles

Port role (right)	Root/ port/Master port	Designated port	Region edge port	Alternate port	Backup port
Port state (below)
Forwarding	√	√	√	—	—
Learning	√	√	√	—	—
Discarding	√	√	√	√	√

 

Principle of MSTP

MSTP divides a Layer 2 network into multiple MST regions. The CSTs are generated between these MST regions, and multiple spanning trees (also called MSTIs) can be generated in each MST region. As well as RSTP, MSTP uses configuration BPDUs for spanning tree calculation. The only difference is that the configuration BPDUs for MSTP carry the MSTP configuration information of the devices.

Calculate the CIST

Through comparing configuration BPDUs, the device with the highest priority in the network is selected as the root of the CIST. In each MST region, an IST is calculated by MSTP. At the same time, MSTP regards each MST region as a device to calculate the CSTs of the network. The CSTs, together with the ISTs, form the CIST of the network.

Calculate an MSTI

In an MST region, different MSTIs are generated for different VLANs based on the VLAN-to-MSTI mappings. Each spanning tree is calculated independently, in the same way as how STP/RSTP is calculated.

Implement STP algorithm

In the beginning, each device regards itself as the root, and generates a configuration BPDU for each port on it as a root, with the root path cost being 0, the ID of the designated bridge being that of the device, and the designated port being itself.

1)        Each device sends out its configuration BPDUs and operates in the following way when receiving a configuration BPDU on one of its ports from another device:

l          If the priority of the configuration BPDU is lower than that of the configuration BPDU of the port itself, the device discards the BPDU and does not change the configuration BPDU of the port.

l          If the priority of the configuration BPDU is higher than that of the configuration BPDU of the port itself, the device replaces the configuration BPDU of the port with the received one and compares it with those of other ports on the device to obtain the one with the highest priority.

2)        Configuration BPDUs are compared as follows:

For MSTP, CIST configuration information is generally expressed as follows:

(Root bridge ID, External path cost, Master bridge ID, Internal path cost, Designated bridge ID, ID of sending port, ID of receiving port), so the compared as follows

l          The smaller the Root bridge ID of the configuration BPDU is, the higher the priority of the configuration BPDU is.

l          For configuration BPDUs with the same Root bridge IDs, the External path costs are compared.

l          For configuration BPDUs with both the same Root bridge ID and the same External path costs, Master bridge ID, Internal path cost, Designated bridge ID, ID of sending port, ID of receiving port are compared in turn.

For MSTP, MSTI configuration information is generally expressed as follows:

(Instance bridge ID, Internal path costs, Designated bridge ID, ID of sending port, ID of receiving port),so the compared as follows

l          The smaller the Instance bridge ID of the configuration BPDU is, the higher the priority of the configuration BPDU is.

l          For configuration BPDUs with the same Instance bridge IDs, Internal path costs are compared.

l          For configuration BPDUs with both the same Instance bridge ID and the same Internal path costs, Designated bridge ID, ID of sending port, ID of receiving port are compared in turn.

3)        A spanning tree is calculated as follows:

l          Determining the root bridge

Root bridges are selected through the comparison of configuration BPDUs. The device with the smallest root ID is chosen as the root bridge.

l          Determining the root port

For each device in a network, the port on which the configuration BPDU with the highest priority is received is chosen as the root port of the device.

l          Determining the designated port

First, the device calculates a designated port configuration BPDU for each of its ports using the root port configuration BPDU and the root port path cost, with the root ID being replaced with that of the root port configuration BPDU, root path cost being replaced with the sum of the root path cost of the root port configuration BPDU and the path cost of the root port, the ID of the designated bridge being replaced with that of the device, and the ID of the designated port being replaced with that of the port.

The device then compares the calculated configuration BPDU with the original configuration BPDU received from the corresponding port on another device. If the latter takes precedence over the former, the device blocks the local port and keeps the port's configuration BPDU unchanged, so that the port can only receive configuration messages and cannot forward packets. Otherwise, the device sets the local port to the designated port, replaces the original configuration BPDU of the port with the calculated one and advertises it regularly.

MSTP Implementation on the Device

MSTP is compatible with both STP and RSTP. That is, an MSTP-enabled device can recognize the protocol packets of STP and RSTP and use them for spanning tree calculation. In addition to the basic MSTP functions, the device also provides the following functions for users to manage their devices.

l          Root bridge hold

l          Root bridge backup

l          Root guard

l          BPDU guard

l          Loop guard

l          TC-BPDU attack guard

l          BPDU packet drop

STP-related Standards

STP-related standards include the following.

l          IEEE 802.1D: spanning tree protocol

l          IEEE 802.1w: rapid spanning tree protocol

l          IEEE 802.1s: multiple spanning tree protocol

Configuring Root Bridge

Complete the following tasks to configure a root bridge:

Task	Remarks
Enabling MSTP	Required To prevent network topology jitter caused by other related configurations, you are recommended to enable MSTP after other related configurations are performed.
Configuring an MST Region	Required
Specifying the Current Device as a Root Bridge/Secondary Root Bridge	Required
Configuring the Bridge Priority of the Current Device	Optional The priority of a device cannot be changed after the device is specified as the root bridge or a secondary root bridge.
Configuring the Mode a Port Recognizes and Sends MSTP Packets	Optional
Configuring the MSTP Operation Mode	Optional
Configuring the Maximum Hop Count of an MST Region	Optional
Configuring the Network Diameter of the Switched Network	Optional The default value is recommended.
Configuring the MSTP Time-related Parameters	Optional The default values are recommended.
Configuring the Timeout Time Factor	Optional
Configuring the Maximum Transmitting Speed on the Current Port	Optional The default value is recommended.
Configuring the Current Port as an Edge Port	Optional
Specifying Whether the Link Connected to a Port Is Point-to-point Link	Optional

 

 

Configuration Prerequisites

The role (root, branch, or leaf) of each device in each spanning tree instance is determined.

Configuring an MST Region

Configuration procedure

Follow these steps to configure an MST region:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enter MST region view	stp region-configuration	—
Configure the name of the MST region	region-name name	Required The default MST region name of a device is its MAC address.
Configure the VLAN mapping table for the MST region	instance instance-id vlan vlan-list	Required Both commands can be used to configure VLAN mapping tables. By default, all VLANs in an MST region are mapped to spanning tree instance 0.
	vlan-mapping modulo modulo
Configure the MSTP revision level for the MST region	revision-level level	Required The default revision level of an MST region is level 0.
Activate the configuration of the MST region manually	active region-configuration	Required
Display the configuration of the current MST region	check region-configuration	Optional
Display the currently valid configuration of the MST region	display stp region-configuration	You can execute this command in any view.

 

 

Configuring MST region-related parameters (especially the VLAN mapping table) results in spanning tree recalculation and network topology jitter. To reduce network topology jitter caused by the configuration, MSTP does not recalculate spanning trees immediately after the configuration; it does this only after you perform one of the following operations, and then the configuration can really takes effect:

l          Activate the new MST region-related settings by using the active region-configuration command

l          Enable MSTP by using the stp enable command

 

 

Configuration example

# Configure an MST region, with the name being “info”, the MSTP revision level being level 1, VLAN 2 through VLAN 10 being mapped to spanning tree instance 1, and VLAN 20 through VLAN 30 being mapped to spanning tree 2.

<device> system-view

[device] stp region-configuration

[device-mst-region] region-name info

[device-mst-region] instance 1 vlan 2 to 10

[device-mst-region] instance 2 vlan 20 to 30

[device-mst-region] revision-level 1

[device-mst-region] active region-configuration

# Verify the above configuration.

[device-mst-region] check region-configuration

Admin configuration

   Format selector    :0

   Region name        :info

   Revision level     :1

 

   Instance   Vlans Mapped

      0       11 to 19, 31 to 4094

      1       1 to 10

      2       20 to 30

Specifying the Current Device as a Root Bridge/Secondary Root Bridge

MSTP can automatically choose a device as a root bridge through calculation. You can also manually specify the current device as a root bridge by using the corresponding commands.

Specify the current device as the root bridge of a spanning tree

Follow these steps to specify the current device as the root bridge of a spanning tree:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Specify the current device as the root bridge of a spanning tree	stp [ instance instance-id ] root primary [ bridge-diameter bridgenumber [ hello-time centi-seconds ] ]	Required

 

Specify the current device as the secondary root bridge of a spanning tree

Follow these steps to specify the current device as the secondary root bridge of a spanning tree:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Specify the current device as the secondary root bridge of a specified spanning tree	stp [ instance instance-id ] root secondary [ bridge-diameter bridgenumber [ hello-time centi-seconds ] ]	Required

 

Using the stp root primary/stp root secondary command, you can specify the current device as the root bridge or the secondary root bridge of the spanning tree instance identified by the instance-id argument. If the value of the instance-id argument is set to 0, the stp root primary/stp root secondary command specify the current device as the root bridge or the secondary root bridge of the CIST.

A device can play different roles in different spanning tree instances. That is, it can be the root bridges in a spanning tree instance and be a secondary root bridge in another spanning tree instance at the same time. But in the same spanning tree instance, a device cannot be the root bridge and the secondary root bridge simultaneously.

When the root bridge fails or is turned off, the secondary root bridge becomes the root bridge if no new root bridge is configured. If you configure multiple secondary root bridges for a spanning tree instance, the one with the smallest MAC address replaces the root bridge when the latter fails.

You can specify the network diameter and the hello time parameters while configuring a root bridge/secondary root bridge. Refer to Configuring the Network Diameter of the Switched Network and Configuring the MSTP Time-related Parameters for information about the network diameter parameter and the hello time parameter.

 

 

 

Configuration example

# Configure the current device as the root bridge of spanning tree instance 1 and a secondary root bridge of spanning tree instance 2.

<device> system-view

[device] stp instance 1 root primary

[device] stp instance 2 root secondary

Configuring the Bridge Priority of the Current Device

Root bridges are selected according to the bridge priorities of the devices. You can make a specific device be selected as a root bridge by setting a lower bridge priority for it. An MSTP-enabled device can have different bridge priorities in different spanning tree instances.

Configuration procedure

Follow these steps to configure the bridge priority of the current device:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Set the bridge priority for the current device	stp [ instance instance-id ] priority priority	Required The default bridge priority of a device is 32,768.

 

 

Configuration example

# Set the bridge priority of the current device to 4,096 in spanning tree instance 1.

<device> system-view

[device] stp instance 1 priority 4096

Configuring the Mode a Port Recognizes and Sends MSTP Packets

A port can be configured to recognize and send MSTP packets in the following modes.

l          Automatic mode. Ports in this mode determine the format of the MSTP packets to be sent according to the format of the received packets.

l          Legacy mode. Ports in this mode recognize/send packets in legacy format.

l          802.1s mode. Ports in this mode recognize/send packets in dot1s format.

A port acts as follows according to the format of MSTP packets forwarded by a peer device or router.

When a port operates in the automatic mode:

l          The port automatically determines the format (legacy or dot1s) of received MSTP packets and then determines the format of the packets to be sent accordingly, thus communicating with the peer devices.

l          If the format of the received packets changes repeatedly, MSTP will shut down the corresponding port to prevent network storm. A port shut down in this way can only be brought up by the network administrator.

When a port operates in the legacy mode:

l          The port only recognizes and sends MSTP packets in legacy format. In this case, the port can only communicate with the peer through packets in legacy format.

l          If packets in dot1s format are received, the port turns to discarding state to prevent network storm.

When a port operates in the 802.1s mode:

l          The port only recognizes and sends MSTP packets in dot1s format. In this case, the port can only communicate with the peer through packets in dot1s format.

l          If packets in legacy format are received, the port turns to discarding state to prevent network storm.

Configuration procedure

Follow these steps to configure the mode a port recognizes and sends MSTP packets (in system view):

To do…	Use the command…	Remarks
Enter system view	system-view	—
Configure the mode a port recognizes and sends MSTP packets	stp interface interface-type interface-number compliance { auto | dot1s | legacy }	Required By default, a port recognizes and sends MSTP packets in the automatic mode. That is, it determines the format of packets to be sent according to the format of the packets received.

 

Follow these steps to configure the mode a port recognizes and sends MSTP packets (in Ethernet port view):

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enter Ethernet port view	interface interface-type interface-number	—
Configure the mode a port recognizes and sends MSTP packets	stp compliance { auto | dot1s | legacy }	Required By default, a port recognizes and sends MSTP packets in the automatic mode. That is, it determines the format of packets to be sent according to the format of the packets received.

 

Configuration example

# Configure GigabitEthernet 1/0/1 to recognize and send packets in dot1s format.

<device> system-view

[device] interface GigabitEthernet1/0/1

[device-GigabitEthernet1/0/1] stp compliance dot1s

# Restore the default mode for GigabitEthernet 1/0/1 to recognize/send MSTP packets.

[device-GigabitEthernet1/0/1] undo stp compliance

Configuring the MSTP Operation Mode

To make a MSTP-enabled device compatible with STP/RSTP, MSTP provides the following three operation modes:

l          STP-compatible mode, where the ports of a device send STP BPDUs to neighboring devices. If STP-enabled devices exist in a switched network, you can use the stp mode stp command to configure an MSTP-enabled device to operate in STP-compatible mode.

l          RSTP-compatible mode, where the ports of a device send RSTP BPDUs to neighboring devices. If RSTP-enabled devices exist in a switched network, you can use the stp mode rstp command to configure an MSTP-enabled device to operate in RSTP-compatible mode.

l          MSTP mode, where the ports of a device send MSTP BPDUs or STP BPDUs (if the device is connected to STP-enabled devices) to neighboring devices. In this case, the device is MSTP-capable.

Configuration procedure

Follow these steps to configure the MSTP operation mode:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Configure the MSTP operation mode	stp mode { stp | rstp | mstp }	Required An MSTP-enabled device operates in the MSTP mode by default.

 

Configuration example

# Specify the MSTP operation mode as STP-compatible.

<device> system-view

[device] stp mode stp

Configuring the Maximum Hop Count of an MST Region

The maximum hop count configured on the region root is also the maximum hops of the MST region. The value of the maximum hop count limits the size of the MST region.

A configuration BPDU contains a field that maintains the remaining hops of the configuration BPDU. And the device discards the configuration BPDUs whose remaining hops are 0. After a configuration BPDU reaches a root bridge of a spanning tree in an MST region, the value of the remaining hops field in the configuration BPDU is decreased by 1 every time the configuration BPDU passes one device. Such a mechanism disables the devices that are beyond the maximum hop count from participating in spanning tree calculation, and thus limits the size of an MST region.

With such a mechanism, the maximum hop count configured on the device operating as the root bridge of the CIST or an MSTI in an MST region becomes the network diameter of the spanning tree, which limits the size of the spanning tree in the current MST region. The devices that are not root bridges in the MST region adopt the maximum hop settings of their root bridges.

Configuration procedure

Follow these steps to configure the maximum hop count for an MST region:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Configure the maximum hop count of the MST region	stp max-hops hops	Required By default, the maximum hop count of an MST region is 20.

 

The bigger the maximum hop count, the larger the MST region is. Note that only the maximum hop settings on the device operating as a region root can limit the size of the MST region.

Configuration example

# Configure the maximum hop count of the MST region to be 30.

<device> system-view

[device] stp max-hops 30

Configuring the Network Diameter of the Switched Network

In a switched network, any two devices can communicate with each other through a specific path made up of multiple devices. The network diameter of a network is measured by the number of devices; it equals the number of the devices on the longest path (that is, the path containing the maximum number of devices).

Configuration procedure

Follow these steps to configure the network diameter of the switched network:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Configure the network diameter of the switched network	stp bridge-diameter bridgenumber	Required The default network diameter of a network is 7.

 

The network diameter parameter indicates the size of a network. The bigger the network diameter is, the larger the network size is.

After you configure the network diameter of a switched network, an MSTP-enabled device adjusts its hello time, forward delay, and max age settings accordingly to better values.

The network diameter setting only applies to CIST; it is invalid for MSTIs.

Configuration example

# Configure the network diameter of the switched network to 6.

<device> system-view

[device] stp bridge-diameter 6

Configuring the MSTP Time-related Parameters

Three MSTP time-related parameters exist: forward delay, hello time, and max age. You can configure the three parameters to control the process of spanning tree calculation.

Configuration procedure

Follow these steps to configure MSTP time-related parameters:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Configure the forward delay parameter	stp timer forward-delay centiseconds	Required The forward delay parameter defaults to 1,500 centiseconds (namely, 15 seconds).
Configure the hello time parameter	stp timer hello centiseconds	Required The hello time parameter defaults to 200 centiseconds (namely, 2 seconds).
Configure the max age parameter	stp timer max-age centiseconds	Required The max age parameter defaults to 2,000 centiseconds (namely, 20 seconds).

 

All devices in a switched network adopt the three time-related parameters configured on the CIST root bridge.

 

 

As for the configuration of the three time-related parameters (that is, the hello time, forward delay, and max age parameters), the following formulas must be met to prevent frequent network jitter.

2 x (forward delay – 1 second) >= max age

Max age >= 2 x (hello time + 1 second)

You are recommended to specify the network diameter of the switched network and the hello time by using the stp root primary or stp root secondary command. After that, the three proper time-related parameters are determined automatically.

Configuration example

# Configure the forward delay parameter to be 1,600 centiseconds, the hello time parameter to be 300 centiseconds, and the max age parameter to be 2,100 centiseconds (assuming that the current device operates as the CIST root bridge).

<device> system-view

[device] stp timer forward-delay 1600

[device] stp timer hello 300

[device] stp timer max-age 2100

Configuring the Timeout Time Factor

When the network topology is stable, a non-root-bridge device regularly forwards BPDUs received from the root bridge to its neighboring devices at the interval specified by the hello time parameter to check link failures. Normally, a device regards its upstream device faulty if the former does not receive any BPDU from the latter in a period three times of the hello time and then initiates the spanning tree recalculation process.

Spanning trees may be recalculated even in a steady network if an upstream device continues to be busy. You can configure the timeout time factor to a larger number to avoid such cases. Normally, the timeout time can be four or more times of the hello time. For a steady network, the timeout time can be five to seven times of the hello time.

Configuration procedure

Follow these steps to configure the timeout time factor:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Configure the timeout time factor for the device	stp timer-factor number	Required The timeout time factor defaults to 3.

 

For a steady network, the timeout time can be five to seven times of the hello time.

Configuration example

# Configure the timeout time factor to be 6.

<device> system-view

[device] stp timer-factor 6

Configuring the Maximum Transmitting Speed on the Current Port

The maximum transmitting speed of a port specifies the maximum number of configuration BPDUs a port can transmit in a period specified by the hello time parameter. It depends on the physical state of the port and network structure. You can configure this parameter according to the network.

Configure the maximum transmitting speed for specified ports in system view

Follow these steps to configure the maximum transmitting speed for specified ports in system view:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Configure the maximum transmitting speed for specified ports	stp interface interface-list transmit-limit packetnum	Required The maximum transmitting speed of all Ethernet ports on a device defaults to 10.

 

Configure the maximum transmitting speed in Ethernet port view

Follow these steps to configure the maximum transmitting speed in Ethernet port view:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enter Ethernet port view	interface interface-type interface-number	—
Configure the maximum transmitting speed	stp transmit-limit packetnum	Required  The maximum transmitting speed of all Ethernet ports on a device defaults to 10.

 

As the maximum transmitting speed parameter determines the number of the configuration BPDUs transmitted in each hello time, set it to a proper value to prevent MSTP from occupying too many network resources. The default value is recommended.

Configuration example

# Set the maximum transmitting speed of GigabitEthernet 1/0/1 to 15.

1)        Configure the maximum transmitting speed in system view

<device> system-view

[device] stp interface GigabitEthernet1/0/1 transmit-limit 15

2)        Configure the maximum transmitting speed in Ethernet port view

<device> system-view

[device] interface GigabitEthernet1/0/1

[device-GigabitEthernet1/0/1] stp transmit-limit 15

Configuring the Current Port as an Edge Port

Edge ports are ports that neither directly connects to other devices nor indirectly connects to other devices through network segments. After a port is configured as an edge port, the rapid transition mechanism is applicable to the port. That is, when the port changes from the blocking state to the forwarding state, it does not have to wait for a delay.

You can configure a port as an edge port in one of the following two ways.

Configure a port as an edge port in system view

Follow these steps to configure a port as an edge port in system view:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Configure the specified ports as edge ports	stp interface interface-list edged-port enable	Required By default, all the Ethernet ports of a device are non-edge ports.

 

Configure a port as an edge port in Ethernet port view

Follow these steps to configure a port as an edge port in Ethernet port view:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enter Ethernet port view	interface interface-type interface-number	—
Configure the port as an edge port	stp edged-port enable	Required By default, all the Ethernet ports of a device are non-edge ports.

 

On a device with BPDU guard disabled, an edge port becomes a non-edge port again once it receives a BPDU from another port.

 

 

Configuration example

# Configure GigabitEthernet 1/0/1 as an edge port.

1)        Configure GigabitEthernet1/0/1 as an edge port in system view

<device> system-view

[device] stp interface GigabitEthernet1/0/1 edged-port enable

2)        Configure GigabitEthernet 1/0/1 as an edge port in Ethernet port view

<device> system-view

[device] interface GigabitEthernet1/0/1

[device-GigabitEthernet1/0/1] stp edged-port enable

Specifying Whether the Link Connected to a Port Is Point-to-point Link

A point-to-point link directly connects two devices. If the roles of the two ports at the two ends of a point-to-point link meet certain criteria, the two ports can turn to the forwarding state rapidly by exchanging synchronization packets, thus reducing the forward delay.

You can determine whether or not the link connected to a port is a point-to-point link in one of the following two ways.

Specify whether the link connected to a port is point-to-point link in system view

Follow these steps to specify whether the link connected to a port is point-to-point link in system view:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Specify whether the link connected to a port is point-to-point link	stp interface interface-list point-to-point { force-true | force-false | auto }	Required The auto keyword is adopted by default.

 

Specify whether the link connected to a port is point-to-point link in Ethernet port view

Follow these steps to specify whether the link connected to a port is point-to-point link in Ethernet port view:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enter Ethernet port view	interface interface-type interface-number	—
Specify whether the link connected to a port is a point-to-point link	stp point-to-point { force-true | force-false | auto }	Required The auto keyword is adopted by default.

 

 

After you configure the link of a port as a point-to-point link, the configuration applies to all the spanning tree instances the port belongs to. If the actual physical link of a port is not a point-to-point link and you forcibly configure the link as a point-to-point link, loops may occur temporarily.

Configuration example

# Configure the link connected to GigabitEthernet 1/0/1 as a point-to-point link.

1)        Perform this configuration in system view

<device> system-view

[device] stp interface GigabitEthernet1/0/1 point-to-point force-true

2)        Perform this configuration in Ethernet port view

<device> system-view

[device] interface GigabitEthernet1/0/1

[device-GigabitEthernet1/0/1] stp point-to-point force-true

Enabling MSTP

Configuration procedure

Follow these steps to enable MSTP in system view:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enable MSTP	stp enable	Required MSTP is disabled by default.
Disable MSTP on specified ports	stp interface interface-list disable	Optional By default, MSTP is enabled on all ports after you enable MSTP in system view. To enable a device to operate more flexibly, you can disable MSTP on specific ports. As MSTP-disabled ports do not participate in spanning tree calculation, this operation saves CPU resources of the device.

 

Follow these steps to enable MSTP in Ethernet port view:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enable MSTP	stp enable	Required MSTP is disabled by default.
Enter Ethernet port view	interface interface-type interface-number	—
Disable MSTP on the port	stp disable	Optional By default, MSTP is enabled on all ports after you enable MSTP in system view. To enable a device to operate more flexibly, you can disable MSTP on specific ports. As MSTP-disabled ports do not participate in spanning tree calculation, this operation saves CPU resources of the device.

 

 

Other MSTP-related settings can take effect only after MSTP is enabled on the device.

Configuration example

# Enable MSTP on the device and disable MSTP on GigabitEthernet 1/0/1.

1)        Perform this configuration in system view

<device> system-view

[device] stp enable

[device] stp interface GigabitEthernet1/0/1 disable

2)        Perform this configuration in Ethernet port view

<device> system-view

[device] stp enable

[device] interface GigabitEthernet1/0/1

[device-GigabitEthernet1/0/1] stp disable

Configuring Leaf Nodes

Complete the following tasks to configure a leaf node:

Task	Remarks
Enabling MSTP	Required To prevent network topology jitter caused by other related configurations, you are recommended to enable MSTP after performing other configurations.
Configuring an MST Region	Required
Configuring the Mode a Port Recognizes and Sends MSTP Packets	Optional
Configuring the Timeout Time Factor	Optional
Configuring the Maximum Transmitting Speed on the Current Port	Optional The default value is recommended.
Configuring the Current Port as an Edge Port	Optional
Configuring the Path Cost for a Port	Optional
Configuring Port Priority	Optional
Specifying Whether the Link Connected to a Port Is Point-to-point Link	Optional

 

 

Configuration Prerequisites

The role (root, branch, or leaf) of each device in each spanning tree instance is determined.

Configuring the MST Region

Refer to Configuring an MST Region.

Configuring the Mode a Port Recognizes and Sends MSTP Packets

Refer to Configuring the Mode a Port Recognizes and Sends MSTP Packets.

Configuring the Timeout Time Factor

Refer to Configuring the Timeout Time Factor.

Configuring the Maximum Transmitting Speed on the Current Port

Refer to Configuring the Maximum Transmitting Speed on the Current Port.

Configuring a Port as an Edge Port

Refer to Configuring the Current Port as an Edge Port.

Configuring the Path Cost for a Port

The path cost parameter reflects the rate of the link connected to the port. For a port on an MSTP-enabled device, the path cost may be different in different spanning tree instances. You can enable flows of different VLANs to travel along different physical links by configuring appropriate path costs on ports, so that VLAN-based load balancing can be implemented.

Path cost of a port can be determined by the device or through manual configuration.

Standards for calculating path costs of ports

Currently, the device can calculate the path costs of ports based on one of the following standards:

l          dot1d-1998: Adopts the IEEE 802.1D-1998 standard to calculate the default path costs of ports.

l          dot1t: Adopts the IEEE 802.1t standard to calculate the default path costs of ports.

l          legacy: Adopts the proprietary standard to calculate the default path costs of ports.

Follow these steps to specify the standard for calculating path costs:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Specify the standard for calculating the default path costs of the links connected to the ports of the device	stp pathcost-standard { dot1d-1998 | dot1t | legacy }	Optional By default, the legacy standard is used to calculate the default path costs of ports.

 

Table 1-7 Transmission speeds and the corresponding path costs

Transmission speed	Operation mode (half-/full-duplex)	802.1D-1998	IEEE 802.1t	Proprietary standard
0	—	65,535	200,000,000	200,000
10 Mbps	Half-duplex/Full-duplex Aggregated link 2 ports Aggregated link 3 ports Aggregated link 4 ports	100 95 95 95	200,000 1,000,000 666,666 500,000	2,000 1,800 1,600 1,400
100 Mbps	Half-duplex/Full-duplex Aggregated link 2 ports Aggregated link 3 ports Aggregated link 4 ports	19 15 15 15	200,000 100,000 66,666 50,000	200 180 160 140
1,000 Mbps	Full-duplex Aggregated link 2 ports Aggregated link 3 ports Aggregated link 4 ports	4 3 3 3	200,000 10,000 6,666 5,000	20 18 16 14
10 Gbps	Full-duplex Aggregated link 2 ports Aggregated link 3 ports Aggregated link 4 ports	2 1 1 1	200,000 1,000 666 500	2 1 1 1

 

Normally, the path cost of a port operating in full-duplex mode is slightly less than that of the port operating in half-duplex mode.

When calculating the path cost of an aggregated link, the 802.1D-1998 standard does not take the number of the ports on the aggregated link into account, whereas the 802.1T standard does. The following formula is used to calculate the path cost of an aggregated link:

Path cost = 200,000/ link transmission speed,

where ‘link transmission speed” is the sum of the speeds of all the unblocked ports on the aggregated link measured in 100 Kbps.

Configure the path cost for specific ports

Follow these steps to configure the path cost for specified ports in system view:

To do…	Use the command…	Remarks
Enter system view	System-view	—
Configure the path cost for specified ports	stp interface interface-list [ instance instance-id ] cost cost	Required An MSTP-enabled device can calculate path costs for all its ports automatically.

 

Follow these steps to configure the path cost for a port in Ethernet port view:

To do…	Use the command…	Remarks
Enter system view	System-view	—
Enter Ethernet port view	interface interface-type interface-number	—
Configure the path cost for the port	stp [ instance instance-id ] cost cost	Required An MSTP-enabled device can calculate path costs for all its ports automatically.

 

Changing the path cost of a port may change the role of the port and put it in state transition. Executing the stp cost command with the instance-id argument being 0 sets the path cost on the CIST for the port.

Configuration example (A)

# Configure the path cost of GigabitEthernet 1/0/1 in spanning tree instance 1 to be 2,000.

1)        Perform this configuration in system view

<device> system-view

[device] stp interface GigabitEthernet1/0/1 instance 1 cost 2000

2)        Perform this configuration in Ethernet port view

<device> system-view

[device] interface GigabitEthernet1/0/1

[device-GigabitEthernet1/0/1] stp instance 1 cost 2000

Configuration example (B)

# Configure the path cost of GigabitEthernet 1/0/1 in spanning tree instance 1 to be calculated by the MSTP-enabled device according to the IEEE 802.1D-1998 standard.

1)        Perform this configuration in system view

<device> system-view

[device] undo stp interface GigabitEthernet1/0/1 instance 1 cost

[device] stp pathcost-standard dot1d-1998

2)        Perform this configuration in Ethernet port view

<device> system-view

[device] interface GigabitEthernet1/0/1

[device-GigabitEthernet1/0/1] undo stp instance 1 cost

[device-GigabitEthernet1/0/1] quit

[device] stp pathcost-standard dot1d-1998

Configuring Port Priority

Port priority is an important criterion on determining the root port. In the same condition, the port with the smallest port priority value becomes the root port.

A port on an MSTP-enabled device can have different port priorities and play different roles in different spanning tree instances. This enables packets of different VLANs to be forwarded along different physical paths, so that VLAN-based load balancing can be implemented.

You can configure port priority in one of the following two ways.

Configure port priority in system view

Follow these steps to configure port priority in system view:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Configure port priority for specified ports	stp interface interface-list instance instance-id port priority priority	Required The default port priority is 128.

 

Configure port priority in Ethernet port view

Follow these steps to configure port priority in Ethernet port view:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enter Ethernet port view	interface interface-type interface-number	—
Configure port priority for the port	stp [ instance instance-id ] port priority priority	Required. The default port priority is 128.

 

Changing port priority of a port may change the role of the port and put the port into state transition.

A smaller port priority value indicates a higher possibility for the port to become the root port. If all the ports of a device have the same port priority value, the port priorities are determined by the port indexes. Changing the priority of a port will cause spanning tree recalculation.

You can configure port priorities according to actual networking requirements.

Configuration example

# Configure the port priority of GigabitEthernet 1/0/1 in spanning tree instance 1 to be 16.

1)        Perform this configuration in system view

<device> system-view

[device] stp interface GigabitEthernet1/0/1 instance 1 port priority 16

2)        Perform this configuration in Ethernet port view

<device> system-view

[device] interface GigabitEthernet1/0/1

[device-GigabitEthernet1/0/1] stp instance 1 port priority 16

Specifying Whether the Link Connected to a Port Is a Point-to-point Link

Refer to Specifying Whether the Link Connected to a Port Is Point-to-point Link.

Enabling MSTP

Refer to Enabling MSTP.

Performing mCheck Operation

Ports on an MSTP-enabled device can operate in three modes: STP-compatible, RSTP-compatible, and MSTP.

A port on an MSTP-enabled device operating as an upstream device transits to the STP-compatible mode when it has an STP-enabled device connected to it. When the STP-enabled downstream device is then replaced by an MSTP-enabled device, the port cannot automatically transit to the MSTP mode. It remains in the STP-compatible mode. In this case, you can force the port to transit to the MSTP mode by performing the mCheck operation on the port.

Similarly, a port on an RSTP-enabled device operating as an upstream device turns to the STP-compatible mode when it has an STP-enabled device connected to it. When the STP enabled downstream device is then replaced by an MSTP-enabled device, the port cannot automatically transit to the RSTP mode. It remains in the STP-compatible mode. In this case, you can force the port to transit to the RSTP mode by performing the mCheck operation on the port.

Configuration Prerequisites

MSTP runs normally on the device.

Configuration Procedure

You can perform the mCheck operation in the following two ways.

Perform the mCheck operation in system view

Follow these steps to perform the mCheck operation in system view:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Perform the mCheck operation	stp [ interface interface-list ] mcheck	Required

 

Perform the mCheck operation in Ethernet port view

Follow these steps to perform the mCheck operation in Ethernet port view:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enter Ethernet port view	interface interface-type interface-number	—
Perform the mCheck operation	stp mcheck	Required

 

Configuration Example

# Perform the mCheck operation on GigabitEthernet 1/0/1.

1)        Perform this configuration in system view

<device> system-view

[device] stp interface GigabitEthernet1/0/1 mcheck

2)        Perform this configuration in Ethernet port view

<device> system-view

[device] interface GigabitEthernet1/0/1

[device-GigabitEthernet1/0/1] stp mcheck

Configuring Guard Functions

Introduction

The following guard functions are available on an MSTP-enabled device: BPDU guard, root guard, loop guard, TC-BPDU attack guard, and BPDU drop.

BPDU guard

Normally, the access ports of the devices operating on the access layer are directly connected to terminals (such as PCs) or file servers. These ports are usually configured as edge ports to achieve rapid transition. But they resume non-edge ports automatically upon receiving configuration BPDUs, which causes spanning tree recalculation and network topology jitter.

Normally, no configuration BPDU will reach edge ports. But malicious users can attack a network by sending configuration BPDUs deliberately to edge ports to cause network jitter. You can prevent this type of attacks by utilizing the BPDU guard function. With this function enabled on a device, the device shuts down the edge ports that receive configuration BPDUs and then reports these cases to the administrator. Ports shut down in this way can only be restored by the administrator.

Root guard

A root bridge and its secondary root bridges must reside in the same region. The root bridge of the CIST and its secondary root bridges are usually located in the high-bandwidth core region. Configuration errors or attacks may result in configuration BPDUs with their priorities higher than that of a root bridge, which causes a new root bridge to be elected and network topology jitter to occur. In this case, flows that should travel along high-speed links may be led to low-speed links, and network congestion may occur.

You can avoid this problem by utilizing the root guard function. Ports with this function enabled can only be kept as designated ports in all spanning tree instances. When a port of this type receives configuration BPDUs with higher priorities, it turns to the discarding state (rather than become a non-designated port) and stops forwarding packets (as if it is disconnected from the link). It resumes the normal state if it does not receive any configuration BPDUs with higher priorities for a specified period.

Loop guard

A device maintains the states of the root port and other blocked ports by receiving and processing BPDUs from the upstream device. These BPDUs may get lost because of network congestions or unidirectional link failures. If a device does not receive BPDUs from the upstream device for certain period, the device selects a new root port; the original root port becomes a designated port; and the blocked ports turns to the forwarding state. This may cause loops in the network.

The loop guard function suppresses loops. With this function enabled, if link congestions or unidirectional link failures occur, both the root port and the blocked ports become designated ports and turn to the discarding state. In this case, they stop forwarding packets, and thereby loops can be prevented.

 

 

TC-BPDU attack guard

Normally, a device removes its MAC address table and ARP entries upon receiving TC-BPDUs. If a malicious user sends a large amount of TC-BPDUs to a device in a short period, the device may be busy in removing the MAC address table and ARP entries, which may affect spanning tree calculation, occupy large amount of bandwidth and increase device CPU utilization.

With the TC-BPDU attack guard function enabled, a device performs a removing operation upon receiving a TC-BPDU and triggers a timer (set to 10 seconds by default) at the same time. Before the timer expires, the device only performs the removing operation for limited times (up to six times by default) regardless of the number of the TC-BPDUs it receives. Such a mechanism prevents a device from being busy in removing the MAC address table and ARP entries.

You can use the stp tc-protection threshold command to set the maximum times for a device to remove the MAC address table and ARP entries in a specific period. When the number of the TC-BPDUs received within a period is less than the maximum times, the device performs a removing operation upon receiving a TC-BPDU. After the number of the TC-BPDUs received reaches the maximum times, the device stops performing the removing operation. For example, if you set the maximum times for a device to remove the MAC address table and ARP entries to 100 and the device receives 200 TC-BPDUs in the period, the device removes the MAC address table and ARP entries for only 100 times within the period.

BPDU dropping

In a STP-enabled network, some users may send BPDU packets to the device continuously in order to destroy the network. When a device receives the BPDU packets, it will forward them to other devices. As a result, STP calculation is performed repeatedly, which may occupy too much CPU of the devices or cause errors in the protocol state of the BPDU packets.

In order to avoid this problem, you can enable BPDU dropping on Ethernet ports. Once the function is enabled on a port, the port will not receive or forward any BPDU packets. In this way, the device is protected against the BPDU packet attacks so that the STP calculation is assured to be right.

Configuration Prerequisites

MSTP runs normally on the device.

Configuring BPDU Guard

Configuration procedure

Follow these steps to configure BPDU guard:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enable the BPDU guard function	stp bpdu-protection	Required The BPDU guard function is disabled by default.

 

Configuration example

# Enable the BPDU guard function.

<device> system-view

[device] stp bpdu-protection

Configuring Root Guard

Configuration procedure

Follow these steps to configure the root guard function in system view:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enable the root guard function on specified ports	stp interface interface-list root-protection	Required The root guard function is disabled by default.

 

Follow these steps to enable the root guard function in Ethernet port view:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enter Ethernet port view	Interface interface-type interface-number	—
Enable the root guard function on the current port	stp root-protection	Required The root guard function is disabled by default.

 

Configuration example

# Enable the root guard function on GigabitEthernet 1/0/1.

1)        Perform this configuration in system view

<device> system-view

[device] stp interface GigabitEthernet1/0/1 root-protection

2)        Perform this configuration in Ethernet port view

<device> system-view

[device] interface GigabitEthernet1/0/1

[device-GigabitEthernet1/0/1] stp root-protection

Configuring Loop Guard

Configuration procedure

Follow these steps to configure loop guard:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enter Ethernet port view	interface interface-type interface-number	—
Enable the loop guard function on the current port	stp loop-protection	Required The loop guard function is disabled by default.

 

Configuration example

# Enable the loop guard function on GigabitEthernet 1/0/1.

<device> system-view

[device] interface GigabitEthernet1/0/1

[device-GigabitEthernet1/0/1] stp loop-protection

Configuring TC-BPDU Attack Guard

Configuration prerequisites

MSTP runs normally on the device.

Configuration procedure

Follow these steps to configure the TC-BPDU attack guard function:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enable the TC-BPDU attack guard function	stp tc-protection enable	Required The TC-BPDU attack guard function is disabled by default.
Set the maximum times that a device can remove the MAC address table within each 10 seconds	stp tc-protection threshold number	Optional

 

Configuration example

# Enable the TC-BPDU attack guard function

<device> system-view

[device] stp tc-protection enable

# Set the maximum times for the device to remove the MAC address table within 10 seconds to 5.

<device> system-view

[device] stp tc-protection threshold 5

Configuring BPDU Dropping

Follow these steps to configure BPDU dropping:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enter Ethernet port view	interface interface-name	—
Enable BPDU dropping	bpdu-drop any	Required BPDU dropping is disabled by default.

 

# Enable BPDU dropping on GigabitEthernet 1/0/1.

<device>system-view

[device] interface GigabitEthernet1/0/1

[device-GigabitEthernet1/0/1] bpdu-drop any

Configuring Digest Snooping

Introduction

According to IEEE802.1s, two interconnected devices can communicate with each other through MSTIs in an MST region only when the two devices have the same MST region-related configuration. Interconnected MSTP-enabled devices determine whether or not they are in the same MST region by checking the configuration IDs of the BPDUs between them. (A configuration ID contains information such as region ID and configuration digest.)

As some other vendors' devices adopt proprietary spanning tree protocols, they cannot communicate with the other devices in an MST region even if they are configured with the same MST region-related settings as the other devices in the MST region.

This problem can be solved by implementing the digest snooping feature. If a port on a device is connected to another vendor's device that has the same MST region-related configuration as its own but adopts a proprietary spanning tree protocol, you can enable digest snooping on the port. Then the device regards devices of another manufacturer as in the same region; it records the configuration digests carried in the BPDUs received from the devices of another vendor, and put them in the BPDUs to be sent to these devices. In this way, the device can communicate with the devices of another vendor in the same MST region.

 

 

Configuring Digest Snooping

Configure the digest snooping feature on a device to enable it to communicate with other devices adopting proprietary protocols to calculate configuration digests in the same MST region through MSTIs.

Configuration prerequisites

The device to be configured is connected to a device of another vendor adopting a proprietary spanning tree protocol. MSTP and the network operate normally.

Configuration procedure

Follow these steps to configure digest snooping:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enter Ethernet port view	interface interface-type interface-number	—
Enable the digest snooping feature	stp config-digest-snooping	Required The digest snooping feature is disabled on a port by default.
Return to system view	quit	—
Enable the digest snooping feature globally	stp config-digest-snooping	Required The digest snooping feature is disabled globally by default.
Display the current configuration	display current-configuration	You can execute this command in any view.

 

 

Configuring Rapid Transition

Introduction

Designated ports of RSTP-enabled or MSTP-enabled devices use the following two types of packets to implement rapid transition:

l          Proposal packets: Packets sent by designated ports to request rapid transition

l          Agreement packets: Packets used to acknowledge rapid transition requests

Both RSTP and MSTP specify that the upstream device can perform rapid transition operation on the designated port only when the port receives an agreement packet from the downstream device. The difference between RSTP and MSTP are:

l          For MSTP, the upstream device sends agreement packets to the downstream device; and the downstream device sends agreement packets to the upstream device only after it receives agreement packets from the upstream device.

l          For RSTP, the upstream device does not send agreement packets to the downstream device.

Figure 1-6 and Figure 1-7 illustrate the rapid transition mechanisms on designated ports in RSTP and MSTP.

Figure 1-6 The RSTP rapid transition mechanism

 

Figure 1-7 The MSTP rapid transition mechanism

 

The cooperation between MSTP and RSTP is limited in the process of rapid transition. For example, when the upstream device adopts RSTP, the downstream device adopts MSTP and the downstream device does not support RSTP-compatible mode, the root port on the downstream device receives no agreement packet from the upstream device and thus sends no agreement packets to the upstream device. As a result, the designated port of the upstream device fails to transit rapidly and can only turn to the forwarding state after a period twice the forward delay.

Devices of some vendors adopt proprietary spanning tree protocols that are similar to RSTP in the way to implement rapid transition on designated ports. When a device of this kind operating as the upstream device connects with a WX3000 series device running MSTP, the upstream designated port fails to change its state rapidly.

The rapid transition feature is developed to resolve this problem. When a WX3000 series device running MSTP is connected in the upstream direction to a device of another vendor running proprietary spanning tree protocols, you can enable the rapid transition feature on the ports of the WX3000 series device operating as the downstream device. Among these ports, those operating as the root ports will then send agreement packets to their upstream ports after they receive proposal packets from the upstream designated ports, instead of waiting for agreement packets from the upstream device. This enables designated ports of the upstream device to change their states rapidly.

Configuring Rapid Transition

Configuration prerequisites

As shown in Figure 1-8, a WX3000 series device is connected to a device of another vendor. The former operates as the downstream device, and the latter operates as the upstream device. The network operates normally.

The upstream device is running a proprietary spanning tree protocol that is similar to RSTP in the way to implement rapid transition on designated ports. Port 1 is the designated port.

The downstream device is running MSTP. Port 2 is the root port.

Figure 1-8 Network diagram for rapid transition configuration

 

Configuration procedure

1)        Configure the rapid transition feature in system view

Follow these steps to configure the rapid transition feature in system view:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enable the rapid transition feature	stp interface interface-type interface-number no-agreement-check	Required By default, the rapid transition feature is disabled on a port.

 

2)        Configure the rapid transition feature in Ethernet port view

Follow these steps to configure the rapid transition feature in Ethernet port view:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enter Ethernet port view	interface interface-type interface-number	—
Enable the rapid transition feature	stp no-agreement-check	Required By default, the rapid transition feature is disabled on a port.

 

 

Configuring VLAN-VPN Tunnel

Introduction

The VLAN-VPN Tunnel function enables STP packets to be transparently transmitted between geographically dispersed user networks through specified VLAN VPNs in operator’s networks, through which spanning trees can be generated across these user networks and are independent of those of the operator’s network.

As shown in Figure 1-9, the upper part is the operator’s network, and the lower part is the user’s network. The operator’s network comprises packet ingress/egress devices, and the user’s network has networks A and B. On the operator’s network, configure the arriving STP packets at the ingress to have MAC addresses in a special format, and reconvert them back to their original formats at the egress. This is how transparent transmission is implemented over the operator’s network.

Figure 1-9 VLAN-VPN tunnel network hierarchy

 

Configuring VLAN-VPN tunnel

Follow these steps to configure VLAN-VPN tunnel:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enable MSTP globally	stp enable	—
Enable the VLAN-VPN tunnel function globally	vlan-vpn tunnel	Required The VLAN-VPN tunnel function is disabled by default.
Enter Ethernet port view	interface interface-type interface-number	Make sure that you enter the Ethernet port view of the port for which you want to enable the VLAN-VPN tunnel function.
Enable the VLAN VPN function for the Ethernet port	vlan-vpn enable	Required By default, the VLAN VPN function is disabled on all ports.

 

 

STP Maintenance Configuration

Introduction

In a large-scale network with MSTP enabled, there may be many MSTP instances, and so the status of a port may change frequently. In this case, maintenance personnel may expect that log/trap information is output to the log host when particular ports fail, so that they can check the status changes of those ports through alarm information.

Enabling Log/Trap Output for Ports of MSTP Instance

Follow these steps to enable log/trap output for ports of MSTP instance:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enable log/trap output for the ports of a specified instance	stp [ instance instance-id ] portlog	Required By default, log/trap output is disabled for the ports of all instances.
Enable log/trap output for the ports of all instances	stp portlog all	Required By default, log/trap output is disabled for the ports of all instances.

 

Configuration Example

# Enable log/trap output for the ports of instance 1.

<device> system-view

[device] stp instance 1 portlog

# Enable log/trap output for the ports of all instances.

<device> system-view

[device] stp portlog all

Enabling Trap Messages Conforming to 802.1d Standard

The device sends trap messages conforming to 802.1d standard to the network management device in the following two cases:

l          The device becomes the root bridge of an instance.

l          Network topology changes are detected.

Configuration procedure

Follow these steps to enable trap messages conforming to 802.1d standard:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enable trap messages conforming to 802.1d standard in an instance	stp [ instance instance-id ] dot1d-trap [ newroot | topologychange ] enable	Required

 

Configuration example

# Enable the device to send trap messages conforming to 802.1d standard to the network management device when the device becomes the root bridge of instance 1.

<device> system-view

[device] stp instance 1 dot1d-trap newroot enable

Displaying and Maintaining MSTP

To do…	Use the command…	Remarks
Display the state and statistics information about spanning trees of the current device	display stp [ instance instance-id ] [ interface interface-list | slot slot-number ] [ brief ]	Available in any view
Display region configuration	display stp region-configuration	Available in any view
Display information about the ports that are shut down by STP protection	display stp portdown	Available in any view
Display information about the ports that are blocked by STP protection	display stp abnormalport	Available in any view
Display information about the root port of the instance where the device reside	display stp root	Available in any view
Clear statistics about MSTP	reset stp [ interface interface-list ]	Available in any view

 

MSTP Configuration Example

Network requirements

Implement MSTP in the network shown in Figure 1-10 to enable packets of different VLANs to be forwarded along different spanning tree instances. The detailed configurations are as follows:

l          All switches in the network belong to the same MST region.

l          Packets of VLAN 10, VLAN 30, VLAN 40, and VLAN 20 are forwarded along spanning tree instance 1, instance 3, instance 4, and instance 0 respectively.

In this network, Switch A and Switch B operate on the convergence layer; Switch C and Switch D operate on the access layer. VLAN 10 and VLAN 30 are limited in the convergence layer and VLAN 40 is limited in the access layer. Switch A and Switch B are configured as the root bridges of spanning tree instance 1 and spanning tree instance 3 respectively. Switch C is configured as the root bridge of spanning tree instance 4.

Figure 1-10 Network diagram for MSTP configuration

 

 

Configuration procedure

1)        Configure Switch A

# Enter MST region view.

<SwitchA> system-view

[SwitchA] stp region-configuration

# Configure the region name, VLAN-to-MSTI mapping table, and revision level for the MST region.

[SwitchA-mst-region] region-name example

[SwitchA-mst-region] instance 1 vlan 10

[SwitchA-mst-region] instance 3 vlan 30

[SwitchA-mst-region] instance 4 vlan 40

[SwitchA-mst-region] revision-level 0

# Activate the settings of the MST region manually.

[SwitchA-mst-region] active region-configuration

# Specify Switch A as the root bridge of spanning tree instance 1.

[SwitchA] stp instance 1 root primary

2)        Configure Switch B

# Enter MST region view.

<SwitchB> system-view

[SwitchB] stp region-configuration

# Configure the region name, VLAN-to-MSTI mapping table, and revision level for the MST region.

[SwitchB-mst-region] region-name example

[SwitchB-mst-region] instance 1 vlan 10

[SwitchB-mst-region] instance 3 vlan 30

[SwitchB-mst-region] instance 4 vlan 40

[SwitchB-mst-region] revision-level 0

# Activate the settings of the MST region manually.

[SwitchB-mst-region] active region-configuration

# Specify Switch B as the root bridge of spanning tree instance 3.

[SwitchB] stp instance 3 root primary

3)        Configure Switch C.

# Enter MST region view.

<SwitchC> system-view

[SwitchC] stp region-configuration

# Configure the MST region.

[SwitchC-mst-region] region-name example

[SwitchC-mst-region] instance 1 vlan 10

[SwitchC-mst-region] instance 3 vlan 30

[SwitchC-mst-region] instance 4 vlan 40

[SwitchC-mst-region] revision-level 0

# Activate the settings of the MST region manually.

[SwitchC-mst-region] active region-configuration

# Specify Switch C as the root bridge of spanning tree instance 4.

[SwitchC] stp instance 4 root primary

4)        Configure Switch D

# Enter MST region view.

<SwitchD> system-view

[SwitchD] stp region-configuration

# Configure the MST region.

[SwitchD-mst-region] region-name example

[SwitchD-mst-region] instance 1 vlan 10

[SwitchD-mst-region] instance 3 vlan 30

[SwitchD-mst-region] instance 4 vlan 40

[SwitchD-mst-region] revision-level 0

# Activate the settings of the MST region manually.

[SwitchD-mst-region] active region-configuration

VLAN-VPN tunnel Configuration Example

Network requirements

As shown in Figure 1-11:

l          The WX3000 series devices operate as the access devices of the operator’s network, that is, Switch C and Switch D in the network diagram.

l          Devices of other series operate as the access devices of the user’s network, that is, Switch A and Switch B in the network diagram.

l          Switch C and Switch D are connected to each other through the configured trunk ports of the switches. The VLAN-VPN tunnel function is enabled in system view, thus implementing transparent transmission between the user’s network and the operator’s network.

Figure 1-11 Network diagram for VLAN-VPN tunnel configuration

 

Configuration procedure

1)        Configure Switch A

# Enable MSTP.

<SwitchA> system-view

[SwitchA] stp enable

# Add Ethernet 1/0/1 to VLAN 10.

[SwitchA] vlan 10

[SwitchA-Vlan10] port Ethernet1/0/1

2)        Configure Switch B

# Enable MSTP.

<SwitchB> system-view

[SwitchB] stp enable

# Add Ethernet 1/0/1 to VLAN 10.

[SwitchB] vlan 10

[SwitchB-Vlan10] port Ethernet1/0/1

3)        Configure Switch C

# Enable MSTP.

<SwitchC> system-view

[SwitchC] stp enable

# Enable the VLAN-VPN tunnel function.

[SwitchC] vlan-vpn tunnel

# Add GigabitEthernet 1/0/1 to VLAN 10.

[SwitchC] vlan 10

[SwitchC-Vlan10] port GigabitEthernet1/0/1

[SwitchC-Vlan10] quit

# Disable STP on GigabitEthernet 1/0/1 and then enable the VLAN VPN function on it.

[SwitchC] interface GigabitEthernet1/0/1

[SwitchC-GigabitEthernet1/0/1] port access vlan 10

[SwitchC-GigabitEthernet1/0/1] vlan-vpn enable

[SwitchC-GigabitEthernet1/0/1] quit

# Configure GigabitEthernet 1/0/2 as a trunk port.

[SwitchC] interface GigabitEthernet1/0/2

[SwitchC-GigabitEthernet1/0/2] port link-type trunk

# Add the trunk port to all VLANs.

[SwitchC-GigabitEthernet1/0/2] port trunk permit vlan all

4)        Configure Switch D

# Enable MSTP.

<SwitchD> system-view

[SwitchD] stp enable

# Enable the VLAN-VPN tunnel function.

[SwitchD] vlan-vpn tunnel

# Add GigabitEthernet 1/0/2 to VLAN 10.

[SwitchD] vlan 10

[SwitchD-Vlan10] port GigabitEthernet1/0/2

# Disable STP on GigabitEthernet 1/0/2 and then enable the VLAN VPN function on it.

[SwitchD] interface GigabitEthernet1/0/2

[SwitchD-GigabitEthernet1/0/2] port access vlan 10

[SwitchD-GigabitEthernet1/0/2] stp disable

[SwitchD-GigabitEthernet1/0/2] quit

# Configure GigabitEthernet 1/0/1 as a trunk port.

[SwitchD] interface GigabitEthernet1/0/1

[SwitchD-GigabitEthernet1/0/1] port link-type trunk

# Add the trunk port to all VLANs.

[SwitchD-GigabitEthernet1/0/1] port trunk permit vlan all