Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 05-MSTP Configuration | 513.38 KB |
Table of Contents
Configuring the Root Bridge or a Secondary Root Bridge
Configuring the MSTP Work Mode of the AP
Configuring the Priority of the AP
Configuring the Maximum Hops of an MST Region
Configuring the Network Diameter of a Switched Network
Configuring the Timeout Factor
Configuring the Maximum Port Rate
Configuring Ports as Edge Ports
Configuring the Path Costs of Ports
Configuring the Link Type of Ports
Configuring the Mode a Port Uses to Recognize/Send MSTP Packets
Configuring No Agreement Check
Configuring Protection Functions
Displaying and Maintaining MSTP
l The models listed in this document are not applicable to all regions. Please consult your local sales office for the models applicable to your region.
l Support of the H3C WA series WLAN access points (APs) for features may vary by AP model. For more information, see Feature Matrix.
l The interface types and the number of interfaces vary by AP model.
l The term AP in this document refers to common APs, wireless bridges, and mesh APs.
Support for MSTP depends on your AP model.
This chapter includes these sections:
l Overview
l Displaying and Maintaining MSTP
Overview
As a Layer 2 management protocol, the Spanning Tree Protocol (STP) eliminates Layer 2 loops by selectively blocking redundant links in a network, and in the mean time, allows for link redundancy.
Like many other protocols, STP evolves as the network grows. The later versions of STP are the Rapid Spanning Tree Protocol (RSTP) and the Multiple Spanning Tree Protocol (MSTP). This chapter describes the characteristics of STP, RSTP, and MSTP and the relationship among them.
Introduction to STP
Why STP
STP was developed based on the 802.1d standard of IEEE to eliminate loops at the data link layer in a local area network (LAN). Devices running this protocol detect loops in the network by exchanging information with one another and eliminate loops by selectively blocking certain ports to prune the loop structure into a loop-free tree structure. This avoids proliferation and infinite cycling of packets that would occur in a loop network and prevents decreased performance of network devices caused by duplicate packets received.
In the narrow sense, STP refers to IEEE 802.1d STP; in the broad sense, STP refers to the IEEE 802.1d STP and various enhanced spanning tree protocols derived from that protocol.
Protocol packets of STP
STP uses bridge protocol data units (BPDUs), also known as configuration messages, as its protocol packets.
STP-enabled network devices exchange BPDUs to establish a spanning tree. BPDUs contain sufficient information for the network devices to complete spanning tree calculation.
In STP, BPDUs come in two types:
l Configuration BPDUs, used for calculating a spanning tree and maintaining the spanning tree topology.
l Topology change notification (TCN) BPDUs, used for notifying the concerned devices of network topology changes, if any.
Basic concepts in STP
1) Root bridge
A tree network must have a root; hence the concept of root bridge was introduced in STP.
There is one and only one root bridge in the entire network, and the root bridge can change along with changes of the network topology. Therefore, the root bridge is not fixed.
Upon initialization of a network, each bridge generates and sends out BPDUs periodically with itself as the root bridge; after network convergence, only the root bridge generates and sends out configuration BPDUs at a certain interval, and the other bridges just forward the BPDUs.
2) Root port
3) Designated bridge and designated port
The following table describes designated bridges and designated ports.
Table 1-1 Description of designated bridges and designated ports:
|
Classification |
Designated bridge |
Designated port |
|
For a bridge |
A bridge directly connected with the local bridge and forwards BPDUs to the local bridge |
The port through which the designated bridge forwards BPDUs to this bridge |
|
For a LAN |
The bridge that forwards BPDUs to this LAN segment |
The port through which the designated bridge forwards BPDUs to this LAN segment |
As shown in Figure 1-1, AP1 and AP2, BP1 and BP2, and CP1 and CP2 are ports on Device A, Device B, and Device C respectively.
l If Device A forwards BPDUs to Device B through AP1, the designated bridge for Device B is Device A, and the designated port of Device B is port AP1 on Device A.
l Two devices are connected to the LAN: Device B and Device C. If Device B forwards BPDUs to the LAN, the designated bridge for the LAN is Device B, and the designated port for the LAN is the port BP2 on Device B.
Figure 1-1 A schematic diagram of designated bridges and designated ports
All the ports on the root bridge are designated ports.
4) Path cost
Path cost is a reference value used for link selection in STP. By calculating path costs, STP selects relatively robust links and blocks redundant links, and finally prunes the network into a loop-free tree.
How STP works
The bridges on a network exchange BPDUs to identify the network topology. Configuration BPDUs contain sufficient information for the bridges to complete spanning tree calculation. Important fields in a configuration BPDU include:
l Root bridge ID: consisting of the priority and MAC address of the root bridge.
l Root path cost: the cost of the path to the root bridge denoted by the root identifier from the transmitting bridge.
l Designated bridge ID: consisting of the priority and MAC address of the designated bridge.
l Designated port ID: designated port priority plus port name.
l Message age: age of the configuration BPDU while it propagates in the network.
l Max age: maximum age of the configuration BPDU.
l Hello time: configuration BPDU transmission interval.
l Forward delay: the delay used by STP bridges to transit the state of the root and designated ports to forwarding.
For simplicity, the descriptions and examples below involve only four fields of configuration BPDUs:
l Root bridge ID (represented by bridge priority)
l Root path cost (related to the rate of the link connecting the port)
l Designated bridge ID (represented by bridge priority)
l Designated port ID (represented by port name)
Calculation process of the STP algorithm
1) Initial state
2) Selection of the optimum configuration BPDU
Each bridge sends out its configuration BPDU and receives configuration BPDUs from other bridges.
The process of selecting the optimum configuration BPDU is as follows:
Table 1-2 Selection of the optimum configuration BPDU
|
Step |
Actions |
|
1 |
Upon receiving a configuration BPDU on a port, the bridge performs the following: l If the received configuration BPDU has a lower priority than that of the configuration BPDU generated by the port, the bridge discards the received configuration BPDU and does not process the configuration BPDU of this port. l If the received configuration BPDU has a higher priority than that of the configuration BPDU generated by the port, the bridge replaces the content of the configuration BPDU generated by the port with the content of the received configuration BPDU. |
|
2 |
The bridge compares the configuration BPDUs of all the ports and chooses the optimum configuration BPDU. |
The following are the principles of configuration BPDU comparison:
l The configuration BPDU that has the lowest root bridge ID has the highest priority.
l If all the configuration BPDUs have the same root bridge ID, their root path costs are compared. Assume that the root path cost in a configuration BPDU plus the path cost of a receiving port is S. The configuration BPDU with the smallest S value has the highest priority.
l If all configuration BPDUs have the same ports value, their designated bridge IDs, designated port IDs, and the IDs of the receiving ports are compared in sequence. The configuration BPDU containing a smaller ID wins out.
3) Selection of the root bridge
Initially, each STP-enabled device on the network assumes itself to be the root bridge, with the root bridge ID being its own device ID. By exchanging configuration BPDUs, the bridges compare their root bridge IDs to elect the bridge with the smallest root bridge ID as the root bridge.
4) Selection of the root port and designated ports on a non-root bridge
The process of selecting the root port and designated ports is as follows:
Table 1-3 Selection of the root port and designated ports
|
Step |
Description |
|
1 |
A non-root bridge regards the port on which it received the optimum configuration BPDU as the root port. |
|
2 |
Based on the configuration BPDU and the path cost of the root port, the bridge calculates a designated port configuration BPDU for each of the rest ports. l The root bridge ID is replaced with that of the configuration BPDU of the root port. l The root path cost is replaced with that of the configuration BPDU of the root port plus the path cost of the root port. l The designated bridge ID is replaced with the ID of this bridge. l The designated port ID is replaced with the ID of this port. |
|
3 |
The bridge compares the calculated configuration BPDU with the configuration BPDU on the port of which the port role is to be defined, and acts depending on the comparison result: l If the calculated configuration BPDU is superior, the bridge considers this port as the designated port, and replaces the configuration BPDU on the port with the calculated configuration BPDU, which will be sent out periodically. l If the configuration BPDU on the port is superior, the bridge blocks this port without updating its configuration BPDU. The blocked port can receive BPDUs but not send BPDUs or forward data. |
When the network topology is stable, only the root port and designated ports forward traffic, while other ports are all in the blocked state—they receive BPDUs but do not forward BPDUs or user traffic.
A tree-shape topology forms upon successful election of the root bridge, the root port on each non-root bridge and the designated ports.
The following is an example of how the STP algorithm works. As shown in Figure 1-2, assume that the priority of Device A is 0, the priority of Device B is 1, the priority of Device C is 2, and the path costs of these links are 5, 10 and 4 respectively.
Figure 1-2 Network diagram for the STP algorithm
l Initial state of each bridge
The following table shows the initial state of each bridge.
Table 1-4 Initial state of each bridge
|
Bridge |
Port name |
BPDU of port |
|
Device A |
AP1 |
{0, 0, 0, AP1} |
|
AP2 |
{0, 0, 0, AP2} |
|
|
Device B |
BP1 |
{1, 0, 1, BP1} |
|
BP2 |
{1, 0, 1, BP2} |
|
|
Device C |
CP1 |
{2, 0, 2, CP1} |
|
CP2 |
{2, 0, 2, CP2} |
l Comparison process and result on each bridge
The following table shows the comparison process and result on each bridge.
Table 1-5 Comparison process and result on each bridge
|
Bridge |
Comparison process |
BPDU of port after comparison |
|
Device A |
l Port AP1 receives the configuration BPDU of Device B {1, 0, 1, BP1}. Device A finds that the configuration BPDU of the local port {0, 0, 0, AP1} is superior to the received configuration BPDU, and therefore discards the received configuration BPDU. l Port AP2 receives the configuration BPDU of Device C {2, 0, 2, CP1}. Device A finds that the BPDU of the local port {0, 0, 0, AP2} is superior to the received configuration BPDU, and therefore discards the received configuration BPDU. l Device A finds that both the root bridge and designated bridge in the configuration BPDUs of all its ports are itself, so it assumes itself to be the root bridge. In this case, it does not make any change to the configuration BPDU of each port, and starts sending out configuration BPDUs periodically. |
AP1: {0, 0, 0, AP1} AP2: {0, 0, 0, AP2} |
|
Device B |
l Port BP1 receives the configuration BPDU of Device A {0, 0, 0, AP1}. Device B finds that the received configuration BPDU is superior to the configuration BPDU of the local port {1, 0, 1, BP1}, and updates the configuration BPDU of BP1. l Port BP2 receives the configuration BPDU of Device C {2, 0, 2, CP2}. Device B finds that the configuration BPDU of the local port {1, 0, 1, BP2} is superior to the received configuration BPDU, and therefore discards the received configuration BPDU. |
BP1: {0, 0, 0, AP1} BP2: {1, 0, 1, BP2} |
|
l Device B compares the configuration BPDUs of all its ports, and determines that the configuration BPDU of BP1 is the optimum configuration BPDU. Then, it uses BP1 as the root port, the configuration BPDUs of which will not be changed. l Based on the configuration BPDU of BP1 and the path cost of the root port (5), Device B calculates a designated port configuration BPDU for BP2 {0, 5, 1, BP2}. l Device B compares the calculated configuration BPDU {0, 5, 1, BP2} with the configuration BPDU of BP2. As the calculated BPDU is superior, BP2 will act as the designated port, and the configuration BPDU on this port will be replaced with the calculated configuration BPDU, which will be sent out periodically. |
Root port BP1: {0, 0, 0, AP1} Designated port BP2: {0, 5, 1, BP2} |
|
|
Device C |
l Port CP1 receives the configuration BPDU of Device A {0, 0, 0, AP2}. Device C finds that the received configuration BPDU is superior to the configuration BPDU of the local port {2, 0, 2, CP1}, and updates the configuration BPDU of CP1. l Port CP2 receives the configuration BPDU of port BP2 of Device B {1, 0, 1, BP2} before the configuration BPDU is updated. Device C finds that the received configuration BPDU is superior to the configuration BPDU of the local port {2, 0, 2, CP2}, and therefore updates the configuration BPDU of CP2. |
CP1: {0, 0, 0, AP2} CP2: {1, 0, 1, BP2} |
|
After comparison: l The configuration BPDU of CP1 is elected as the optimum configuration BPDU, so CP1 is identified as the root port, the configuration BPDUs of which will not be changed. l Device C compares the calculated designated port configuration BPDU {0, 10, 2, CP2} with the configuration BPDU of CP2, and CP2 becomes the designated port, and the configuration BPDU of this port will be replaced with the calculated configuration BPDU. |
Root port CP1: {0, 0, 0, AP2} Designated port CP2: {0, 10, 2, CP2} |
|
|
l Then, port CP2 receives the updated configuration BPDU of Device B {0, 5, 1, BP2}. Because the received configuration BPDU is superior to its own configuration BPDU, Device C launches a BPDU update process. l At the same time, port CP1 receives periodic configuration BPDUs from Device A. Device C does not launch an update process after comparison. |
CP1: {0, 0, 0, AP2} CP2: {0, 5, 1, BP2} |
|
|
After comparison: l Because the root path cost of CP2 (9) (root path cost of the BPDU (5) plus path cost corresponding to CP2 (4)) is smaller than the root path cost of CP1 (10) (root path cost of the BPDU (0) + path cost corresponding to CP2 (10)), the BPDU of CP2 is elected as the optimum BPDU, and CP2 is elected as the root port, the messages of which will not be changed. l After comparison between the configuration BPDU of CP1 and the calculated designated port configuration BPDU, port CP1 is blocked, with the configuration BPDU of the port unchanged, and the port will not receive data from Device A until a spanning tree calculation process is triggered by a new event, for example, the link from Device B to Device C going down. |
Blocked port CP2: {0, 0, 0, AP2} Root port CP2: {0, 5, 1, BP2} |
After the comparison processes described in the table above, a spanning tree with Device A as the root bridge is established as shown in Figure 1-3.
Figure 1-3 The final calculated spanning tree
The spanning tree calculation process in this example is only a simplified process.
The BPDU forwarding mechanism in STP
l Upon network initiation, every bridge regards itself as the root bridge, generates configuration BPDUs with itself as the root, and sends the configuration BPDUs at a regular hello interval.
l If it is the root port that received a configuration BPDU and the received configuration BPDU is superior to the configuration BPDU of the port, the bridge increases the message age carried in the configuration BPDU following a certain rule and starts a timer to time the configuration BPDU while sending out this configuration BPDU through the designated port.
l If the configuration BPDU received on a designated port has a lower priority than the configuration BPDU of the local port, the port immediately sends out its own configuration BPDU in response.
l If a path becomes faulty, the root port on this path will no longer receive new configuration BPDUs and the old configuration BPDUs will be discarded due to timeout. In this case, the bridge will generate a configuration BPDU with itself as the root and send out the BPDUs and TCN BPDUs. This triggers a new spanning tree calculation process to establish a new path to restore the network connectivity.
However, the newly calculated configuration BPDU will not be propagated throughout the network immediately, so the old root ports and designated ports that have not detected the topology change continue forwarding data along the old path. If the new root ports and designated ports begin to forward data as soon as they are elected, a temporary loop may occur.
STP timers
STP calculation involves three important timing parameters: forward delay, hello time, and max age.
l Forward delay is the delay time for port state transition.
A path failure can cause spanning tree re-calculation to adapt the spanning tree structure to the change. However, the resulting new configuration BPDU cannot propagate throughout the network immediately. If the newly elected root ports and designated ports start to forward data right away, a temporary loop is likely to occur.
For this reason, as a mechanism for state transition in STP, the newly elected root ports or designated ports require twice the forward delay time before transiting to the forwarding state to ensure that the new configuration BPDU has propagated throughout the network.
l Hello time is the time interval at which a bridge sends hello packets to the surrounding bridges to ensure that the paths are fault-free.
l Max age is a parameter used to determine whether a configuration BPDU held by the bridge has expired. A configuration BPDU beyond the max age will be discarded.
Introduction to RSTP
Developed based on the 802.1w standard of IEEE, RSTP is an optimized version of STP. It achieves rapid network convergence by allowing a newly elected root port or designated port to enter the forwarding state much quicker under certain conditions than in STP.
l In RSTP, a newly elected root port can enter the forwarding state rapidly if this condition is met: the old root port on the bridge has stopped forwarding data and the upstream designated port has started forwarding data.
l In RSTP, a newly elected designated port can enter the forwarding state rapidly if this condition is met: the designated port is an edge port or a port connected with a point-to-point link. If the designated port is an edge port, it can enter the forwarding state directly; if the designated port is connected with a point-to-point link, it can enter the forwarding state immediately after the bridge undergoes handshake with the downstream bridge and gets a response.
Introduction to MSTP
Why MSTP
1) Weakness of STP and RSTP
STP does not support rapid state transition of ports. A newly elected root port or designated port must wait twice the forward delay time before transiting to the forwarding state, even if it is a port on a point-to-point link or an edge port, which directly connects to a user terminal rather than to another bridge or a shared LAN segment.
Although RSTP supports rapid network convergence, it has the same drawback as STP does: All bridges within a LAN share the same spanning tree, so redundant links cannot be blocked based on VLAN, and the packets of all VLANs are forwarded along the same spanning tree.
2) Features of MSTP
Developed based on IEEE 802.1s, MSTP overcomes the shortcomings of STP and RSTP. In addition to the support for rapid network convergence, it also allows data flows of different VLANs to be forwarded along separate paths, thus providing a better load sharing mechanism for redundant links. For more information about VLANs, see VLAN in the Layer 2 – LAN Switching Configuration Guide.
MSTP features the following:
l MSTP supports mapping VLANs to MST instances (MSTIs) by means of a VLAN-to-MSTI mapping table. MSTP can reduce communication overheads and resource usage by mapping multiple VLANs to one MSTI.
l MSTP divides a switched network into multiple regions, each containing multiple spanning trees that are independent of one another.
l MSTP prunes a loop network into a loop-free tree, thus avoiding proliferation and endless cycling of packets in a loop network. In addition, it provides multiple redundant paths for data forwarding, thus supporting load balancing of VLAN data.
l MSTP is compatible with STP and RSTP.
Basic concepts in MSTP
Figure 1-4 Basic concepts in MSTP
Assume that all bridges in Figure 1-4 are running MSTP. This section explains some basic concepts of MSTP.
1) MST region
A multiple spanning tree region (MST region) consists of multiple bridges in a switched network and the network segments among them. These bridges have the following characteristics:
l All are MSTP-enabled,
l They have the same region name,
l They have the same VLAN-to-MSTI mapping configuration,
l They have the same MSTP revision level configuration, and
l They are physically linked with one another.
For example, all the bridges in region A0 in Figure 1-4 have the same MST region configuration:
l The same region name,
l The same VLAN-to-MSTI mapping configuration (VLAN 1 is mapped to MSTI 1, VLAN 2 to MSTI 2, and the rest to the common and internal spanning tree (CIST, that is, MSTI 0), and
l The same MSTP revision level (not shown in the figure).
Multiple MST regions can exist in a switched network. You can use an MSTP command to assign multiple bridges to the same MST region.
2) VLAN-to-MSTI mapping table
As an attribute of an MST region, the VLAN-to-MSTI mapping table describes the mapping relationships between VLANs and MSTIs. In Figure 1-4, for example, the VLAN-to-MSTI mapping table of region A0 is as follows: VLAN 1 is mapped to MSTI 1, VLAN 2 to MSTI 2, and the rest to CIST. MSTP achieves load balancing by means of the VLAN-to-MSTI mapping table.
3) IST
An internal spanning tree (IST) is a spanning tree that runs in an MST region.
ISTs in all MST regions and the common spanning tree (CST) jointly constitute the common and internal spanning tree (CIST) of the entire network. An IST is a section of the CIST.
In Figure 1-4, for example, the CIST has a section in each MST region, and this section is the IST in the respective MST region.
4) CST
The CST is a single spanning tree that connects all MST regions in a switched network. If you regard each MST region as a “bridge”, the CST is a spanning tree calculated by these “bridges” through STP or RSTP. For example, the red lines in Figure 1-4 represent the CST.
5) CIST
Jointly constituted by ISTs and the CST, the CIST is a single spanning tree that connects all bridges in a switched network.
In Figure 1-4, for example, the ISTs in all MST regions plus the inter-region CST constitute the CIST of the entire network.
6) MSTI
Multiple spanning trees can be generated in an MST region through MSTP, one spanning tree being independent of another. Each spanning tree is referred to as a multiple spanning tree instance (MSTI). In Figure 1-4, for example, multiple spanning trees can exist in each MST region, each spanning tree corresponding to the specific VLAN(s). These spanning trees are called MSTIs.
7) Regional root bridge
The root bridge of the IST or an MSTI within an MST region is the regional root bridge of the IST or the MSTI. Based on the topology, different spanning trees in an MST region may have different regional roots.
For example, in region D0 in Figure 1-4, the regional root of MSTI 1 is bridge B, while that of MSTI 2 is bridge C.
8) Common root bridge
The common root bridge is the root bridge of the CIST.
In Figure 1-4, for example, the common root bridge is a bridge in region A0.
9) Boundary port
A boundary port is a port that connects an MST region to another MST region, or to a single spanning-tree region running STP, or to a single spanning-tree region running RSTP. In Figure 1-4, for example, if a bridge in region A0 is interconnected with the first port of a bridge in region D0 and the common root bridge of the entire switched network is located in region A0, the first port of that bridge in region D0 is the boundary port of region D0.
During MSTP calculation, a boundary port’s role on an MSTI is consistent with its role on the CIST. But that is not true with master ports. A master port on MSTIs is a root port on the CIST.
10) Roles of ports
MSTP calculation involves these port roles: root port, designated port, master port, alternate port, backup port, and so on.
l Root port: a port responsible for forwarding data to the root bridge.
l Designated port: a port responsible for forwarding data to the downstream network segment or bridge.
l Master port: A port on the shortest path from the current region to the common root bridge, connecting the MST region to the common root bridge. If the region is seen as a node, the master port is the root port of the region on the CST. The master port is a root port on IST/CIST and still a master port on the other MSTIs.
l Alternate port: The standby port for the root port and the master port. When the root port or master port is blocked, the alternate port becomes the new root port or master port.
l Backup port: The backup port of a designated port. When the designated port is blocked, the backup port becomes a new designated port and starts forwarding data without delay. A loop occurs when two ports of the same MSTP bridge are connected. Therefore, the bridge will block either of the two ports, and the backup port is that port to be blocked.
A port can play different roles in different MSTIs.
Figure 1-5 helps understand these concepts. In this figure:
l Bridges A, B, C, and D constitute an MST region.
l Port 1 and port 2 of bridge A connect to the common root bridge.
l Port 5 and port 6 of bridge C form a loop.
l Port 3 and port 4 of bridge D connect downstream to other MST regions.
11) Port states
In MSTP, port states fall into the following three:
l Forwarding: the port learns MAC addresses and forwards user traffic;
l Learning: the port learns MAC addresses but does not forward user traffic;
l Discarding: the port neither learns MAC addresses nor forwards user traffic.
When in different MSTIs, a port can be in different states.
A port state is not exclusively associated with a port role. Table 1-6 lists the port state(s) supported by each port role (“√” indicates that the port supports this state, while “—“ indicates that the port does not support this state).
Table 1-6 Ports states supported by different port roles
|
Port role (right) |
Root port/master port |
Designated port |
Alternate port |
Backup port |
|
Port state (below) |
||||
|
Forwarding |
√ |
√ |
— |
— |
|
Learning |
√ |
√ |
— |
— |
|
Discarding |
√ |
√ |
√ |
√ |
How MSTP works
MSTP divides an entire Layer 2 network into multiple MST regions, which are interconnected by a calculated CST. Inside an MST region, multiple spanning trees are calculated, each being called an MSTI. Among these MSTIs, MSTI 0 is the IST, while all the others are MSTIs. Similar to STP, MSTP uses configuration BPDUs to calculate spanning trees. The only difference between the two protocols is that an MSTP BPDU carries the MSTP configuration on the bridge from which this BPDU is sent.
1) CIST calculation
The calculation of a CIST tree is also the process of configuration BPDU comparison. During this process, the bridge with the highest priority is elected as the root bridge of the CIST. MSTP generates an IST within each MST region through calculation, and, at the same time, MSTP regards each MST region as a single bridge and generates a CST among these MST regions through calculation. The CST and ISTs constitute the CIST of the entire network.
2) MSTI calculation
Within an MST region, MSTP generates different MSTIs for different VLANs based on the VLAN-to-instance mappings. MSTP performs a separate calculation process, which is similar to spanning tree calculation in STP, for each spanning tree. For details, refer to How STP works.
In MSTP, a VLAN packet is forwarded along the following paths:
l Within an MST region, the packet is forwarded along the corresponding MSTI.
l Between two MST regions, the packet is forwarded along the CST.
Implementation of MSTP on network devices
MSTP is compatible with STP and RSTP. STP and RSTP protocol packets can be recognized by network devices running MSTP and used for spanning tree calculation.
In addition to basic MSTP functions, many special functions are provided for ease of management, as follows:
l Root bridge hold
l Root bridge backup
l Root guard
l BPDU guard
l TC-BPDU guard
l Support for hot swapping of interface cards and active/standby changeover.
Protocols and Standards
MSTP is documented in:
l IEEE 802.1d: Spanning Tree Protocol
l IEEE 802.1w: Rapid Spanning Tree Protocol
l IEEE 802.1s: Multiple Spanning Tree Protocol
Configuration Task List
Before configuring MSTP, you need to know the role of each bridge in each MSTI: root bridge or leaf node. In each MSTI, only one bridge acts as the root bridge, while all others act as leaf nodes.
Complete these tasks to configure MSTP:
|
Task |
Remarks |
|
|
Configuring the root bridge |
Required |
|
|
Optional |
||
|
Optional |
||
|
Optional |
||
|
Optional |
||
|
Optional |
||
|
Optional |
||
|
Optional |
||
|
Optional |
||
|
Optional |
||
|
Optional |
||
|
Configuring the Mode a Port Uses to Recognize/Send MSTP Packets |
Optional |
|
|
Required |
||
|
Configuring the leaf nodes |
Required |
|
|
Optional |
||
|
Optional |
||
|
Optional |
||
|
Optional |
||
|
Optional |
||
|
Optional |
||
|
Optional |
||
|
Configuring the Mode a Port Uses to Recognize/Send MSTP Packets |
Optional |
|
|
Required |
||
|
Optional |
||
|
Optional |
||
|
Optional |
||
|
Optional |
||
MSTP is mutually exclusive with any of the following functions on a port: service loopback, RRPP, Smart Link, and BPDU tunneling of STP protocol packets.
Configuring MSTP
Configuring an MST Region
Make the following configurations on the root bridge and on the leaf nodes separately.
Follow these steps to configure an MST region:
|
To do... |
Use the command... |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter MST region view |
stp region-configuration |
— |
|
Configure the MST region name |
region-name name |
Optional The MST region name is the device MAC address by default. |
|
Configure the VLAN-to-instance mapping table |
instance instance-id vlan vlan-list |
Optional Use either command. All VLANs in an MST region are mapped to MSTI 0 (that is, the CIST) by default. |
|
vlan-mapping modulo modulo |
||
|
Configure the MSTP revision level of the MST region |
revision-level level |
Optional 0 by default |
|
Display the MST region configurations that are not activated yet |
check region-configuration |
Optional |
|
Activate MST region configuration manually |
active region-configuration |
Required |
|
Display the configurations of currently activated MST regions |
display stp region-configuration |
The display command can be executed in any view. |
l Two or more MSTP-enabled bridges belong to the same MST region only if they are configured to have the same format selector (0 by default, not configurable), MST region name, the same VLAN-to-instance mapping entries in the MST region and the same MST region revision level, and they are interconnected via a physical link.
l The configuration of MST region–related parameters, especially the VLAN-to-instance mapping table, will cause MSTP to launch a new spanning tree calculation process, which may result in network topology instability. To reduce the possibility of topology instability caused by configuration, MSTP will not immediately launch a new spanning tree calculation process when processing MST region–related configurations; instead, such configurations will take effect only after you activate the MST region–related parameters using the active region-configuration command, or enable MSTP using the stp enable command in the case that MSTP is not enabled.
Configuring the Root Bridge or a Secondary Root Bridge
MSTP can determine the root bridge of a spanning tree through MSTP calculation. Alternatively, you can specify the AP as the root bridge or a secondary root bridge by using the commands provided by the system.
Note that:
l A bridge has independent roles in different MSTIs. It can act as the root bridge or a secondary root bridge of one MSTI while being the root bridge or a secondary root bridge of another MSTI. However, a bridge cannot be the root bridge and a secondary root bridge in the same MSTI at the same time.
l There is only one root bridge in effect in a spanning tree instance. If two or more bridges have been designated to be root bridges of the same spanning tree instance, MSTP will select the bridge with the lowest MAC address as the root bridge.
l When the root bridge of an instance fails or is shut down, the secondary root bridge (if you have specified one) can take over the role of the primary root bridge. However, if you specify a new primary root bridge for the instance then, the secondary root bridge will not become the root bridge. If you have specified multiple secondary root bridges for an instance, when the root bridge fails, MSTP will select the secondary root bridge with the lowest MAC address as the new root bridge.
Configuring the AP as the root bridge of a spanning tree
Follow these steps to configure the AP as the root bridge of a spanning tree:
|
To do... |
Use the command... |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure the AP as the root bridge of a spanning tree |
stp [ instance instance-id ] root primary |
Required By default, the AP does not function as the root bridge of any spanning tree. |
Configuring the AP as a secondary root bridge of a spanning tree
Follow these steps to configure the AP as a secondary root bridge of a spanning tree:
|
To do... |
Use the command... |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure the AP as a secondary root bridge of a spanning tree |
stp [ instance instance-id ] root secondary |
Required By default, the AP does not function as a secondary root bridge. |
l After specifying the AP as the root bridge or a secondary root bridge, you cannot change the priority of the AP.
l Alternatively, you can also configure the AP as the root bridge by setting the priority of the AP to 0. For more information about AP priority configuration, see Configuring the Priority of the AP.
Configuring the MSTP Work Mode of the AP
Being mutually compatible, MSTP and RSTP can recognize each other’s protocol packets. However, STP cannot recognize MSTP packets. For hybrid networking with legacy STP devices and for full interoperability with RSTP-enabled devices, MSTP supports three work modes: STP-compatible mode, RSTP mode, and MSTP mode.
l In STP-compatible mode, all ports of the device send out STP BPDUs,
l In RSTP mode, all ports of the device send out RSTP BPDUs. If the device detects that it is connected with a legacy STP device, the port connecting with the legacy STP device will automatically migrate to STP-compatible mode.
l In MSTP mode, all ports of the device send out MSTP BPDUs. If the device detects that it is connected with a legacy STP device, the port connecting with the legacy STP device will automatically migrate to STP-compatible mode.
Make this configuration on the root bridge and on the leaf nodes separately.
Follow these steps to configure the MSTP work mode of the AP:
|
To do... |
Use the command... |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure the MSTP work mode |
stp mode { stp | rstp | mstp } |
Required MSTP mode by default |
Configuring the Priority of the AP
Device priorities participate in spanning tree calculation. The priority of a bridge determines whether it can be elected as the root bridge of a spanning tree. A lower value indicates a higher priority. By setting the priority of a bridge to a low value, you can specify the bridge as the root bridge of the spanning tree. An MSTP bridge can have different priorities in different MSTIs.
Make this configuration on the root bridge only.
Follow these steps to configure the priority of the AP in a specified MSTI:
|
To do... |
Use the command... |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure the priority of the AP in a specified MSTI |
stp [ instance instance-id ] priority priority |
Required 32768 by default |
l After configuring the AP as the root bridge or a secondary root bridge, you cannot change the priority of the AP.
l During root bridge selection, if all bridges in a spanning tree have the same priority, the one with the lowest MAC address will be selected as the root bridge of the spanning tree.
Configuring the Maximum Hops of an MST Region
By setting the maximum hops of an MST region, you can restrict the region size. The maximum hops configured on the regional root bridge will be used as the maximum hops of the MST region.
The regional root bridge always sends a configuration BPDU with a hop count set to the maximum value. When a bridge receives this configuration BPDU, it decrements the hop count by 1 and uses the new hop count in the BPDUs it propagates. When the hop count of a BPDU reaches 0, it is discarded by the bridge that received it. Thus, bridges beyond the reach of the maximum hop can no longer take part in spanning tree calculation, and thereby the size of the MST region is confined.
Make this configuration on the root bridge only. All the bridges other than the root bridge in the MST region use the maximum hop value set for the root bridge.
Follow these steps to configure the maximum number of hops of an MST region:
|
To do... |
Use the command... |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure the maximum hops of the MST region |
stp max-hops hops |
Required 20 by default |
Configuring the Network Diameter of a Switched Network
Any two terminal devices in a switched network are connected through a specific path comprising a certain number of network devices. The network diameter is the number of devices on the path comprising the most devices. The network diameter is a parameter that indicates the network size. A bigger network diameter indicates a larger network size.
Make this configuration on the root bridge only.
Follow these steps to configure the network diameter of a switched network:
|
To do... |
Use the command... |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure the network diameter of the switched network |
stp bridge-diameter diameter |
Required 7 by default |
l Based on the network diameter you configured, MSTP automatically sets an optimal hello time, forward delay, and max age for the bridge.
l The configured network diameter is effective for the CIST only, and not for MSTIs. Each MST region is considered as a bridge.
Configuring Timers of MSTP
MSTP involves three timers: forward delay, hello time, and max age. You can configure these three parameters for MSTP to calculate spanning trees.
l To prevent temporary loops on a network, MSTP sets an intermediate port state called learning between the discarding state and the forwarding state, that is, before a port in the discarding state can transit to the forwarding state, it needs to go through the learning state. Forward delay is the delay time for port state transition. This is to ensure that the state transition of the local port and that of the peer occur in a synchronized manner.
l Hello time is the interval at which a bridge sends configuration BPDUs to the surrounding bridges to ensure that the paths are fault-free. If a bridge fails to receive configuration BPDUs within a certain period of time, it starts a new spanning tree calculation process.
l MSTP can detect link failures and automatically restore blocked redundant links to the forwarding state. A bridge on the CIST determines whether a configuration BPDU received by a port has expired according to the max age parameter. If yes, it starts a new spanning tree calculation process. The max age set for an MSTI does not take effect.
These three timers set on the root bridge of the CIST apply on all the bridges on the entire switched network.
Make this configuration on the root bridge only.
Follow these steps to configure the timers of MSTP:
|
To do... |
Use the command... |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure the forward delay timer |
stp timer forward-delay time |
Optional 1,500 centiseconds (15 seconds) by default |
|
Configure the hello timer |
stp timer hello time |
Optional 200 centiseconds (2 seconds) by default |
|
Configure the max age timer |
stp timer max-age time |
Optional 2,000 centiseconds (20 seconds) by default |
l The length of the forward delay time is related to the network diameter of the switched network. Typically, the larger the network diameter is, the longer the forward delay time should be. Note that if the forward delay setting is too small, temporary redundant paths may be introduced; if the forward delay setting is too big, it may take a long time for the network to converge. It is recommended that you use the default setting.
l An appropriate hello time setting enables a bridge to timely detect link failures on the network without using excessive network resources. If the hello time is set too long, the bridge will take packet loss as a link failure and trigger a new spanning tree calculation process; if the hello time is set too short, the bridge will send the same configuration BPDUs frequently, which adds to the device burden and causes waste of network resources. It is recommended that you use the default setting.
l If the max age time setting is too small, the bridges will frequently launch spanning tree calculations and may take network congestion as a link failure; if the max age setting is too large, the network may fail to timely detect link failures and fail to timely launch spanning tree calculations, thus reducing the auto-sensing capability of the network. It is recommended that you use the default setting.
The settings of hello time, forward delay and max age must meet the following formulae; otherwise, network instability will frequently occur.
l 2 × (forward delay – 1 second) ¦ max age
l Max age ¦ 2 × (hello time + 1 second)
It is recommended that you specify the network diameter with the stp bridge-diameter command and let MSTP automatically calculate optimal settings of these three timers based on the network diameter.
Configuring the Timeout Factor
The timeout factor is a parameter used to decide the timeout time, as shown in the following formula: Timeout time = timeout factor × 3 × hello time.
After the network topology is stabilized, each non-root bridge forwards configuration BPDUs to the downstream bridges at the interval of hello time to check whether any link is faulty. Typically, if a bridge does not receive a BPDU from the upstream bridge within nine times the hello time, it assumes that the upstream bridge has failed and starts a new spanning tree calculation process.
Sometimes a bridge may fail to receive a BPDU from the upstream bridge because the upstream bridge is busy. A spanning tree calculation that occurs in this case not only is unnecessary, but also wastes the network resources. In a very stable network, you can avoid such unwanted spanning tree calculations by setting the timeout factor to 5, 6, or 7.
Make this configuration on the root bridge only.
Follow these steps to configure the timeout factor:
|
To do... |
Use the command... |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure the timeout factor on the AP |
stp timer-factor factor |
Required 3 by default |
Configuring the Maximum Port Rate
The maximum rate of a port refers to the maximum number of BPDUs the port can send within each hello time. The maximum rate of a port is related to the physical status of the port and the network structure.
Make this configuration on the root bridge and on the leaf nodes separately.
Follow these steps to configure the maximum rate of a port or a group of ports:
|
To do... |
Use the command... |
Remarks |
|
|
Enter system view |
system-view |
— |
|
|
Enter interface view or port group view |
Enter Ethernet interface view or WLAN Mesh interface view |
interface interface-type interface-number |
Required Use either command. |
|
Enter port group view |
port-group manual port-group-name |
||
|
Configure the maximum rate of the ports |
stp transmit-limit limit |
Required 10 by default |
|
The higher the maximum port rate is, the more BPDUs will be sent within each hello time, and the more system resources will be used. By setting an appropriate maximum port rate, you can limit the rate at which the port sends BPDUs and prevent MSTP from using excessive network resources when the network becomes instable. It is recommended that you use the default setting.
Configuring Ports as Edge Ports
If a port directly connects to a user terminal rather than another bridge or a shared LAN segment, this port is regarded as an edge port. When a network topology change occurs, an edge port will not cause a temporary loop. Because a bridge does not know whether a port is directly connected to a terminal, you need to manually configure the port to be an edge port. After that, this port can transition rapidly from the blocked state to the forwarding state without delay.
Make this configuration on the root bridge and on the leaf nodes separately.
Follow these steps to specify a port or a group of ports as edge port or ports:
|
To do... |
Use the command... |
Remarks |
|
|
Enter system view |
system-view |
— |
|
|
Enter interface view or port group view |
Enter Ethernet interface view or WLAN Mesh interface view |
interface interface-type interface-number |
Required Use either command. |
|
Enter port group view |
port-group manual port-group-name |
||
|
Configure the current ports as edge ports |
stp edged-port enable |
Required All ports are non-edge ports by default. |
|
l With BPDU guard disabled, when a port set as an edge port receives a BPDU from another port, it will become a non-edge port again. To restore the edge port, re-enable it.
l If a port directly connects to a user terminal, configure it as an edge port and enable BPDU guard for it. This enables the port to transition to the forwarding state fast while ensuring network security.
Configuring the Path Costs of Ports
Path cost is a parameter related to the rate of a port. On an MSTP bridge, a port can have different path costs in different MSTIs. Setting appropriate path costs allows VLAN traffic to be forwarded along different physical links, thus achieving VLAN-based load balancing.
The bridges can automatically calculate the default path cost, or alternatively, you can also configure the path costs for ports.
Make the following configurations on the leaf nodes only.
Specifying a standard that the AP uses when calculating the default path cost
You can specify a standard for the AP to use in automatic calculation for the default path cost. The AP supports the following standards:
l dot1d-1998: The AP calculates the default path cost for ports based on IEEE 802.1d-1998.
l dot1t: The AP calculates the default path cost for ports based on IEEE 802.1t.
l legacy: The AP calculates the default path cost for ports based on a private standard.
Follow these steps to specify a standard for the AP to use when calculating the default path cost:
|
To do... |
Use the command... |
Remarks |
|
Enter system view |
system-view |
— |
|
Specify a standard for the AP to use when calculating the default path costs of its ports |
stp pathcost-standard { dot1d-1998 | dot1t | legacy } |
Optional Legacy by default |
Table 1-7 Link speed vs. path cost
|
Link speed |
Duplex state |
802.1d-1998 |
802.1t |
Private standard |
|
0 |
— |
65535 |
200,000,000 |
200,000 |
|
10 Mbps |
Single Port Aggregate Link 2 Ports Aggregate Link 3 Ports Aggregate Link 4 Ports |
100 100 100 100 |
2,000,000 1,000,000 666,666 500,000 |
2,000 1,800 1,600 1,400 |
|
100 Mbps |
Single Port Aggregate Link 2 Ports Aggregate Link 3 Ports Aggregate Link 4 Ports |
19 19 19 19 |
200,000 100,000 66,666 50,000 |
200 180 160 140 |
|
1000 Mbps |
Single Port Aggregate Link 2 Ports Aggregate Link 3 Ports Aggregate Link 4 Ports |
4 4 4 4 |
20,000 10,000 6,666 5,000 |
20 18 16 14 |
Configuring the path costs of ports
Follow these steps to configure the path costs of ports:
|
To do... |
Use the command... |
Remarks |
|
|
Enter system view |
system-view |
— |
|
|
Enter interface view or port group view |
Enter Ethernet interface view or WLAN Mesh interface view |
interface interface-type interface-number |
Required Use either command. |
|
Enter port group view |
port-group manual port-group-name |
||
|
Configure the path cost of the ports |
stp [ instance instance-id ] cost cost |
Required By default, MSTP automatically calculates the path cost of each port. |
|
l If you change the standard that the AP uses in calculating the default path cost, the port path cost value set through the stp cost command will become invalid.
l After the path cost of a port is changed, MSTP will re-calculate the role of the port and initiate a state transition. If you use 0 as instance-id, you are setting the path cost of the CIST.
Configuration example
# Specify that the AP use 802.1d-1998 when calculating the default path costs of its ports.
<Sysname> system-view
[Sysname] stp pathcost-standard dot1d-1998
# Set the path cost of Ethernet 1/3 on MSTI 2 to 200.
<Sysname> system-view
[Sysname] interface ethernet 1/3
[Sysname-Ethernet1/3] stp instance 2 cost 200
Configuring Port Priority
The priority of a port is an important factor in determining whether the port can be elected as the root port of a bridge. If all other conditions are the same, the port with the highest priority will be elected as the root port.
On an MSTP-enabled bridge, a port can have different priorities in different MSTIs, and the same port can play different roles in different MSTIs, so that data of different VLANs can be propagated along different physical paths, thus implementing per-VLAN load balancing. You can set port priority values based on the actual networking requirements.
Make this configuration on the leaf nodes only.
Follow these steps to configure the priority of a port or a group of ports:
|
To do... |
Use the command... |
Remarks |
|
|
Enter system view |
system-view |
— |
|
|
Enter interface view or port group view |
Enter Ethernet interface view or WLAN Mesh interface view |
interface interface-type interface-number |
Required Use either command. |
|
Enter port group view |
port-group manual port-group-name |
||
|
Configure the port priority |
stp [ instance instance-id ] port priority priority |
Optional 128 for all ports by default. |
|
l When the priority of a port is changed, MSTP will re-calculate the role of the port and initiate a state transition.
l Generally, a lower priority value indicates a higher priority. If you configure the same priority value for all the ports on a bridge, the priority of a port depends on the index number of the port. Changing the priority of a port triggers a new spanning tree calculation process.
Configuring the Link Type of Ports
A point-to-point link is a link directly connecting two bridges. If the two ports connected by a point-to-point link are root ports or designated ports, the ports can rapidly transition to the forwarding state after a proposal-agreement handshake process.
Make this configuration on the root bridge and on the leaf nodes separately.
Follow these steps to configure the link type of a port or a group of ports:
|
To do... |
Use the command... |
Remarks |
|
|
Enter system view |
system-view |
— |
|
|
Enter interface view or port group view |
Enter Ethernet interface view or WLAN Mesh interface view |
interface interface-type interface-number |
Required Use either command. |
|
Enter port group view |
port-group manual port-group-name |
||
|
Configure the link type of ports |
stp point-to-point { auto | force-false | force-true } |
Optional The default setting is auto; namely the port automatically detects whether its link is point-to-point. |
|
l If a port works in auto-negotiation mode and the negotiation result is full duplex, this port can be configured as connecting to a point-to-point link.
l If a port is configured as connecting to a point-to-point link, the setting takes effect for the port in all MSTIs. If the physical link to which the port connects is not a point-to-point link and you force it to be a point-to-point link by configuration, the configuration may incur a temporary loop.
Configuring the Mode a Port Uses to Recognize/Send MSTP Packets
A port can receive/send MSTP packets of two formats:
l dot1s: 802.1s-compliant standard format, and
l legacy: Compatible format
By default, the packet format recognition mode of a port is auto, namely the port automatically distinguishes the two MSTP packet formats, and determines the format of packets it will send based on the recognized format. You can configure the MSTP packet format on a port. After the configuration, when working in MSTP mode, the port sends and receives only MSTP packets of the format you have configured to communicate with bridges that send packets of the same format.
Make this configuration on the root bridge and on the leaf nodes separately.
Follow these steps to configure the MSTP packet format to be supported on a port or a group of ports:
|
To do... |
Use the command... |
Remarks |
|
|
Enter system view |
system-view |
— |
|
|
Enter interface view or port group view |
Enter Ethernet interface view or WLAN Mesh interface view |
interface interface-type interface-number |
Required Use either command. |
|
Enter port group view |
port-group manual port-group-name |
||
|
Configure the mode the port uses to recognize/send MSTP packets |
stp compliance { auto | dot1s | legacy } |
Required auto by default |
|
l MSTP provides the MSTP packet format incompatibility guard function. In MSTP mode, if a port is configured to recognize/send MSTP packets in a mode other than auto, and receives a packet in a format different from the specified type, the port will become a designated port and remain in the discarding state to prevent the occurrence of a loop.
l MSTP provides the MSTP packet format frequent change guard function. If a port receives MSTP packets of different formats frequently, this means the MSTP packet format configuration contains errors. In this case, if the port is working in MSTP mode, it will be disabled for protection. Those ports closed thereby can be restored only by the network administrators.
Enabling MSTP
You must enable MSTP for the AP before any other MSTP-related configurations can take effect.
Make this configuration on the root bridge and on the leaf nodes separately.
Follow these steps to enable MSTP:
|
To do... |
Use the command... |
Remarks |
|
|
Enter system view |
system-view |
— |
|
|
Enable MSTP globally |
stp enable |
Required By default, MSTP is disabled globally. |
|
|
Enter interface view or port group view |
Enter Ethernet interface view or WLAN Mesh interface view |
interface interface-type interface-number |
Required Use either command. |
|
Enter port group view |
port-group manual port-group-name |
||
|
Enable MSTP for the ports |
stp enable |
Optional By default, MSTP is enabled for all ports after it is enabled for the AP globally. |
|
To control MSTP flexibly, you can use the undo stp enable command to disable MSTP for certain ports so that they will not take part in spanning tree calculation and thus to save the CPU resources of the AP.
Performing mCheck
MSTP has three working modes: STP compatible mode, RSTP mode, and MSTP mode.
If a port on a bridge running MSTP (or RSTP) connects to a bridge running STP, this port will automatically migrate to the STP-compatible mode. However, it will not be able to migrate automatically back to the MSTP (or RSTP) mode, but will remain in the STP-compatible mode under the following circumstances:
l The bridge running STP is shut down or removed.
l The bridge running STP migrates to the MSTP (or RSTP) mode.
By then, you can perform an mCheck operation to force the port to migrate to the MSTP (or RSTP) mode.
You can perform mCheck on a port using one of the following two approaches, which lead to the same result.
Performing mCheck globally
Follow these steps to perform global mCheck:
|
To do... |
Use the command... |
Remarks |
|
Enter system view |
system-view |
— |
|
Perform mCheck globally |
stp mcheck |
Required |
Performing mCheck in interface view
Follow these steps to perform mCheck in interface view:
|
To do... |
Use the command... |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter Ethernet interface view or WLAN Mesh interface view |
interface interface-type interface-number |
— |
|
Perform mCheck |
stp mcheck |
Required |
An mCheck operation takes effect on a bridge only when MSTP operates in RSTP or MSTP mode.
Configuring Digest Snooping
As defined in IEEE 802.1s, connected bridges are in the same region only when the MST region-related configurations (domain name, revision level, VLAN-to-instance mappings) on them are identical. An MSTP bridge identifies bridges in the same MST region by checking the configuration ID in configuration BPDUs. The configuration ID includes the region name, revision level, and configuration digest, which is 16 byte long and the result calculated via the HMAC-MD5 algorithm based on VLAN-to-instance mappings.
Since MSTP implementations vary with vendors, the configuration digests calculated using private keys is different; hence different vendors’ devices in the same MST region can not communicate with each other.
Enabling the Digest Snooping feature on the port connecting the local bridge to a third-party device in the same MST region can make the two devices communicate with each other.
Before enabling digest snooping, ensure that associated devices of different vendors are interconnected and run MSTP.
Configuring Digest Snooping
You can enable Digest Snooping only on a bridge that is connected to a third-party device that uses its private key to calculate the configuration digest.
Follow these steps to configure Digest Snooping:
|
To do... |
Use the command... |
Remarks |
|
|
Enter system view |
system-view |
— |
|
|
Enter interface view or port group view |
Enter Ethernet interface view or WLAN Mesh interface view |
interface interface-type interface-number |
Required Use either command. |
|
Enter port group view |
port-group manual port-group-name |
||
|
Enable digest snooping on the interface or port group |
stp config-digest-snooping |
Required Not enabled by default |
|
|
Return to system view |
quit |
— |
|
|
Enable global digest snooping |
stp config-digest-snooping |
Required Not enabled by default |
|
l With Digest Snooping enabled, comparison of configuration digest is no longer performed for in-the-same-region check, so the VLAN-to-instance mappings must be the same on associated ports.
l With global Digest Snooping enabled, modification of VLAN-to-instance mappings and removing of the current region configuration with the undo stp region-configuration command are not allowed. You can only modify the region name and revision level.
l You need to enable this feature both globally and on associated ports to make it take effect. It is recommended that you enable the feature on all associated ports first and then globally, thus making the configuration take effect on all configured ports at the same time and reducing impact on the network, and disable the feature globally to disable it on all associated ports.
l To avoid loops, do not enable Digest Snooping on MST region edge ports.
l It is recommended that you enable Digest Snooping first and then MSTP. To avoid traffic interruption, do not configure Digest Snooping when the network works well.
Digest Snooping configuration example
1) Network requirements
As shown in Figure 1-6:
l AP A and AP B connect to a third-party network device and all the devices are in the same region.
l Enable Digest Snooping on AP A and AP B so that the three devices can communicate with one another.
Figure 1-6 Digest Snooping configuration
2) Configuration procedure
# Enable Digest Snooping on Ethernet 1/0/1 of AP A and then for AP A globally.
<AP A> system-view
[AP A] interface ethernet 1/0/1
[AP A-Ethernet1/0/1] stp config-digest-snooping
[AP A-Ethernet1/0/1] quit
[AP A] stp config-digest-snooping
# Enable Digest Snooping on Ethernet 1/0/1 of AP B and then for AP B globally.
<AP B> system-view
[AP B] interface ethernet 1/0/1
[AP B-Ethernet1/0/1] stp config-digest-snooping
[AP B-Ethernet1/0/1] quit
[AP B] stp config-digest-snooping
Configuring No Agreement Check
In RSTP and MSTP, two types of messages are used for rapid state transition on designated ports:
l Proposal: sent by designated ports to request rapid transition
l Agreement: used to acknowledge rapid transition requests
Both RSTP and MSTP bridges can perform rapid transition on a designated port only when the port receives an agreement packet from the downstream bridge. The differences between RSTP and MSTP bridges are:
l For MSTP, the downstream bridge’s root port sends an agreement packet only after it receives an agreement packet from the upstream bridge.
l For RSTP, the down stream bridge sends an agreement packet regardless of whether an agreement packet from the upstream bridge is received.
Figure 1-7 shows the rapid state transition mechanism on MSTP designated ports.
Figure 1-7 Rapid state transition of an MSTP designated port
Figure 1-8 shows rapid state transition of an RSTP designated port.
Figure 1-8 Rapid state transition of an RSTP designated port
If the upstream bridge is a third-party device, the rapid state transition implementation may be limited. For example, when the upstream bridge uses a rapid transition mechanism similar to that of RSTP, and the downstream bridge adopts MSTP and does not work in RSTP mode, the root port on the downstream bridge receives no agreement packet from the upstream bridge and thus sends no agreement packets to the upstream bridge. As a result, the designated port of the upstream bridge fails to transit rapidly and can only change to the forwarding state after a period twice the Forward Delay.
In this case, you can enable the No Agreement Check feature on the downstream bridge’s port to enable the designated port of the upstream bridge to transit its state rapidly.
Configuration prerequisites
l A bridge is connected to a third-party upstream bridge supporting MSTP via a point-to-point link.
l Configure the same region name, revision level, and VLAN-to-instance mappings on the two bridges, thus assigning them to the same region.
Configuring No Agreement
To make the No Agreement Check feature take effect, enable it on the root port.
Follow these steps to configure No Agreement Check:
|
To do... |
Use the command... |
Remarks |
|
|
Enter system view |
system-view |
— |
|
|
Enter interface or port group view |
Enter Ethernet interface view or WLAN Mesh interface view |
interface interface-type interface-number |
Required Use either command. |
|
Enter port group view |
port-group manual port-group-name |
||
|
Enable No Agreement Check |
stp no-agreement-check |
Required Not enabled by default |
|
No Agreement Check configuration example
1) Network requirements
As shown in Figure 1-9:
l AP connects to a third-party device that has different MSTP implementation. The two devices are in the same region.
l The third-party device is the regional root bridge, and AP is a downstream bridge.
Figure 1-9 No Agreement Check configuration
2) Configuration procedure
# Enable No Agreement Check on Ethernet 1/0/1 of AP.
<AP> system-view
[AP] interface ethernet 1/0/1
[AP-Ethernet1/0/1] stp no-agreement-check
Configuring Protection Functions
An MSTP bridge supports the following protection functions:
l BPDU guard
l Root guard
l Loop guard
l TC-BPDU guard
Among loop guard, root guard and edge port settings, only one function can take effect on the same port at the same time.
Configuration prerequisites
MSTP has been correctly configured on the AP.
Enabling BPDU guard
For access layer devices, the access ports generally connect directly with user terminals (such as PCs) or file servers. In this case, the access ports are configured as edge ports to allow rapid transition. When these ports receive configuration BPDUs, the system will automatically set these ports as non-edge ports and start a new spanning tree calculation process. This will cause a change of network topology. Under normal conditions, these ports should not receive configuration BPDUs. However, if someone forges configuration BPDUs maliciously to attack the devices, the network will become instable.
MSTP provides the BPDU guard function to protect the system against such attacks. With the BPDU guard function enabled on the devices, when edge ports receive configuration BPDUs, MSTP will close these ports and notify the NMS that these ports have been closed by MSTP. Those ports closed thereby can be restored only by the network administers.
Make this configuration on a bridge with edge ports configured.
Follow these steps to enable BPDU guard:
|
To do... |
Use the command... |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable the BPDU guard function for the bridge |
stp bpdu-protection |
Required Disabled by default |
BPDU guard does not take effect on loopback testing-enabled ports. For more information about loopback testing, see Ethernet Interface in the Layer 2 – LAN Switching Configuration Guide.
Enabling root guard
The root bridge and secondary root bridge of a spanning tree should be located in the same MST region. Especially for the CIST, the root bridge and secondary root bridge are generally put in a high-bandwidth core region during network design. However, due to possible configuration errors or malicious attacks in the network, the legal root bridge may receive a configuration BPDU with a higher priority. In this case, the current legal root bridge will be superseded by another bridge, causing an undesired change of the network topology. As a result, the traffic that should go over high-speed links is switched to low-speed links, resulting in network congestion.
To prevent this situation from happening, MSTP provides the root guard function. If the root guard function is enabled on a port of a root bridge, this port will keep playing the role of designated port on all MSTIs. Once this port receives a configuration BPDU with a higher priority from an MSTI, it immediately sets that port to the listening state in the MSTI, without forwarding the packet (this is equivalent to disconnecting the link connected with this port in the MSTI). If the port receives no BPDUs with a higher priority within twice the forwarding delay, it will revert to its original state.
Make this configuration on a designated port.
Follow these steps to enable root guard:
|
To do... |
Use the command... |
Remarks |
|
|
Enter system view |
system-view |
— |
|
|
Enter interface view or port group view |
Enter Ethernet interface view or WLAN Mesh interface view |
interface interface-type interface-number |
Required Use either command. |
|
Enter port group view |
port-group manual port-group-name |
||
|
Enable the root guard function for the port(s) |
stp root-protection |
Required Disabled by default |
|
Enabling loop guard
By keeping receiving BPDUs from the upstream bridge, a bridge can maintain the state of the root port and blocked ports. However, due to link congestion or unidirectional link failures, these ports may fail to receive BPDUs from the upstream bridges. In this case, the bridge will reselect the port roles: Those ports in forwarding state that failed to receive upstream BPDUs will become designated ports, and the blocked ports will transition to the forwarding state, resulting in loops in the switched network. The loop guard function can suppress the occurrence of such loops.
If a loop guard–enabled port fails to receive BPDUs from the upstream bridge, and if the port takes part in STP calculation, all the instances on the port, no matter what roles the port plays, will be set to, and stay in, the Discarding state.
Make this configuration on the root port or an alternate port of a bridge.
Follow these steps to enable loop guard:
|
To do... |
Use the command... |
Remarks |
|
|
Enter system view |
system-view |
— |
|
|
Enter interface view or port group view |
Enter Ethernet interface view or WLAN Mesh interface view |
interface interface-type interface-number |
Required Use either command. |
|
Enter port group view |
port-group manual port-group-name |
||
|
Enable the loop guard function for the ports |
stp loop-protection |
Required Disabled by default |
|
Enabling TC-BPDU guard
When receiving topology change (TC) BPDUs (the BPDUs used to notify topology changes), a bridge flushes its forwarding address entries. If someone forges TC-BPDUs to attack the bridge, the bridge will receive a large number of TC-BPDUs within a short time and be busy with forwarding address entry flushing. This affects network stability.
With the TC-BPDU guard function, you can set the maximum number of immediate forwarding address entry flushes that the AP can perform within a certain period of time after receiving the first TC-BPDU. For TC-BPDUs received in excess of the limit, the AP performs forwarding address entry flush only when the time period expires. This prevents frequent flushing of forwarding address entries.
Follow these steps to enable TC-BPDU guard:
|
To do... |
Use the command... |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable the TC-BPDU guard function |
stp tc-protection enable |
Optional Enabled by default |
|
Configure the maximum number of forwarding address entry flushes that the AP can perform within a specific time period after it receives the first TC-BPDU |
stp tc-protection threshold number |
Optional 6 by default |
It is recommended that you keep this feature enabled.
Displaying and Maintaining MSTP
|
To do... |
Use the command... |
Remarks |
|
View information about abnormally blocked ports |
display stp abnormal-port |
Available in any view |
|
View information about ports blocked by STP protection functions |
display stp down-port |
Available in any view |
|
View the historical information of port role calculation for the specified MSTI or all MSTIs |
display stp [ instance instance-id ] history |
Available in any view |
|
View the statistics of TC/TCN BPDUs sent and received by all ports in the specified MSTI or all MSTIs |
display stp [ instance instance-id ] tc |
Available in any view |
|
View the status information and statistics of MSTP |
display stp [ instance instance-id ] [ interface interface-list ] [ brief ] |
Available in any view |
|
View the MST region configuration information that has taken effect |
display stp region-configuration |
Available in any view |
|
View the root bridge information of all MSTIs |
display stp root |
Available in any view |
|
Clear the statistics information of MSTP |
reset stp [ interface interface-list ] |
Available in user view |
MSTP Configuration Example
Network requirements
Configure MSTP so that packets of different VLANs are forwarded along different spanning trees. The specific configuration requirements are as follows:
l All APs on the network are in the same MST region.
l Each two APs are connected by WDS links.
l Packets of VLAN 10 are forwarded along MSTI 1, and those of VLAN 20 are forwarded along MSTI 2.
l AP A, AP B, and AP C are all at the access layer.
Figure 1-10 Network diagram for MSTP configuration
Configuration procedure
1) Configuration on AP A
# Enter MST region view.
<AP A> system-view
[AP A] stp region-configuration
# Configure the region name, VLAN-to-instance mappings and revision level of the MST region.
[AP A-mst-region] region-name example
[AP A-mst-region] instance 1 vlan 10
[AP A-mst-region] instance 2 vlan 20
[APA-mst-region] revision-level 0
# Activate MST region configuration.
[AP A-mst-region] active region-configuration
[AP A-mst-region] quit
# Enable MSTP globally.
[AP A] stp enable
# View the MST region configuration information that has taken effect.
[AP A] display stp region-configuration
Oper configuration
Format selector :0
Region name :example
Revision level :0
Instance Vlans Mapped
0 1 to 9, 11 to 19, 21 to 4094
1 10
2 20
2) Configuration on AP B
# Enter MST region view.
<AP B> system-view
[AP B] stp region-configuration
# Configure the region name, VLAN-to-instance mappings and revision level of the MST region.
[AP B-mst-region] region-name example
[AP B-mst-region] instance 1 vlan 10
[AP B-mst-region] instance 2 vlan 20
[AP B-mst-region] revision-level 0
# Activate MST region configuration.
[AP B-mst-region] active region-configuration
[AP B-mst-region] quit
# Enable MSTP globally.
[AP B] stp enable
# View the MST region configuration information that has taken effect.
[AP B] display stp region-configuration
Oper configuration
Format selector :0
Region name :example
Revision level :0
Instance Vlans Mapped
0 1 to 9, 11 to 19, 21 to 4094
1 10
2 20
3) Configuration on AP C.
# Enter MST region view.
<AP C> system-view
[AP C] stp region-configuration
# Configure the region name, VLAN-to-instance mappings and revision level of the MST region.
[AP C-mst-region] instance 1 vlan 10
[AP C-mst-region] instance 2 vlan 20
[AP C-mst-region] revision-level 0
# Activate MST region configuration manually.
[AP C-mst-region] active region-configuration
[AP C-mst-region] quit
# Enable MSTP globally.
[AP C] stp enable
# View the MST region configuration information that has taken effect.
[AP C] display stp region-configuration
Oper configuration
Format selector :0
Region name :example
Revision level :0
Instance Vlans Mapped
0 1 to 9, 11 to 19, 21 to 4094
1 10
2 20
