H3C S6850&S9850&S9820-64H Config Examples-Release 655x-6W100

HomeSupportResource CenterH3C S6850&S9850&S9820-64H Config Examples-Release 655x-6W100
Table of Contents
Related Documents
08-Spanning Tree Configuration Examples
Title Size Download
08-Spanning Tree Configuration Examples 315.89 KB

 

H3C S6850 & S9850 & S9820-64H

Spanning Tree Configuration Examples

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Copyright © 2020 New H3C Technologies Co., Ltd. All rights reserved.

No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd.

Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.

The information in this document is subject to change without notice.



Introduction

This document provides spanning tree configuration examples.

Prerequisites

The configuration examples in this document were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.

This document assumes that you have basic knowledge of spanning tree protocols.

Example: Configuring MSTP

Network configuration

As shown in Figure 1, Device A and Device B operate at the core layer, and Device C and Device D operate at the distribution layer. The ports on the devices have the same path cost, and they all permit VLANs 11 through 30.

Configure MSTP to meet the following requirements:

·           Device A, Device B, Device C, and Device D belong to the same MST region.

·           MSTIs are used to share the traffic of VLANs 11 through 20 and of VLANs 21 through 30.

Figure 1 Network diagram

 

Analysis

To assign the devices to the same MST region, make sure the following MST region parameters are the same on the devices:

·           Spanning tree mode (the default mode MSTP is used).

·           Region name (test in this example).

·           Revision level (the default value 0 is used).

·           VLAN-to-instance mappings (VLANs 11 through 20 to MIST 1, and VLANs 21 through 30 to MIST 2).

To use redundant links to share the traffic of different VLANs (as shown in Figure 2), perform the following tasks:

·           Configure Device A as the root bridge of MSTI 1.

·           Configure Device B as the root bridge of MIST 2.

·           Assign priorities to Device A, Device B, Device C, and Device D in MSTI 0 in descending order for Device A to be the regional root bridge.

Figure 2 MSTIs mapped to different VLANs

 

Applicable hardware and software versions

The following matrix shows the hardware and software versions to which this configuration example is applicable:

 

Hardware

Software version

S6850 switch series

S9850 switch series

Release 6555P01

S9820-64H switch

Release 6555P01

 

Procedures

Configuring Device A

# Create VLANs 11 through 30.

<DeviceA> system-view

[DeviceA] vlan 11 to 30

# Configure HundredGigE 1/0/1, HundredGigE 1/0/2, and HundredGigE 1/0/3 to trunk VLANs 11 through 30.

[DeviceA] interface range hundredgige 1/0/1 to hundredgige 1/0/3

[DeviceA-if-range] port link-type trunk

[DeviceA-if-range] port trunk permit vlan 11 to 30

[DeviceA-if-range] quit

# Configure the MST region name as test.

[DeviceA] stp region-configuration

[DeviceA-mst-region] region-name test

# Map VLANs 11 through 20 to MSTI 1, and map VLANs 21 through 30 to MSTI 2.

[DeviceA-mst-region] instance 1 vlan 11 to 20

[DeviceA-mst-region] instance 2 vlan 21 to 30

# Activate the MST region configuration.

[DeviceA-mst-region] active region-configuration

[DeviceA-mst-region] quit

# Configure Device A as the root bridge of MSTI 0 and MSTI 1.

[DeviceA] stp instance 0 to 1 root primary

# Enable the spanning tree feature globally.

[DeviceA] stp global enable

Configuring Device B

# Create VLANs 11 through 30.

<DeviceB> system-view

[DeviceB] vlan 11 to 30

# Configure HundredGigE 1/0/1, HundredGigE 1/0/2, and HundredGigE 1/0/3 to trunk VLANs 11 through 30.

[DeviceB] interface range hundredgige 1/0/1 to hundredgige 1/0/3

[DeviceB-if-range] port link-type trunk

[DeviceB-if-range] port trunk permit vlan 11 to 30

[DeviceB-if-range] quit

# Configure the MST region name as test.

[DeviceB] stp region-configuration

[DeviceB-mst-region] region-name test

# Map VLANs 11 through 20 to MSTI 1, and map VLANs 21 through 30 to MSTI 2.

[DeviceB-mst-region] instance 1 vlan 11 to 20

[DeviceB-mst-region] instance 2 vlan 21 to 30

# Activate the MST region configuration.

[DeviceB-mst-region] active region-configuration

[DeviceB-mst-region] quit

# Configure Device B as the root bridge of MSTI 2 and a secondary root bridge of MSTI 0.

[DeviceB] stp instance 2 root primary

[DeviceB] stp instance 0 root secondary

# Enable the spanning tree feature globally.

[DeviceB] stp global enable

Configuring Device C

# Create VLANs 11 through 30.

<DeviceC> system-view

[DeviceC] vlan 11 to 30

# Configure HundredGigE 1/0/1 and HundredGigE 1/0/2 to trunk VLANs 11 through 30.

[DeviceC] interface range hundredgige 1/0/1 to hundredgige 1/0/2

[DeviceC-if-range] port link-type trunk

[DeviceC-if-range] port trunk permit vlan 11 to 30

[DeviceC-if-range] quit

# Configure the MST region name as test.

[DeviceC] stp region-configuration

[DeviceC-mst-region] region-name test

# Map VLANs 11 through 20 through MSTI 1, and map VLANs 21 through 30 to MSTI 2.

[DeviceC-mst-region] instance 1 vlan 11 to 20

[DeviceC-mst-region] instance 2 vlan 21 to 30

# Activate the MST region configuration.

[DeviceC-mst-region] active region-configuration

[DeviceC-mst-region] quit

# Enable the spanning tree feature globally.

[DeviceC] stp global enable

Configuring Device D

# Create VLANs 11 through 30.

<DeviceD> system-view

[DeviceD] vlan 11 to 30

# Configure HundredGigE 1/0/1 and HundredGigE 1/0/2 to trunk VLANs 11 through 30.

[DeviceD] interface range hundredgige 1/0/1 to hundredgige 1/0/2

[DeviceD-if-range] port link-type trunk

[DeviceD-if-range] port trunk permit vlan 11 to 30

[DeviceD-if-range] quit

# Configure the MST region name as test.

[DeviceD] stp region-configuration

[DeviceD-mst-region] region-name test

# Map VLANs 11 through 20 to MSTI 1, and map VLANs 21 through 30 to MSTI 2.

[DeviceD-mst-region] instance 1 vlan 11 to 20

[DeviceD-mst-region] instance 2 vlan 21 to 30

# Activate the MST region configuration.

[DeviceD-mst-region] active region-configuration

[DeviceD-mst-region] quit

# Set the device priority to 36864 in MSTI 0, which is lower than the default priority 32768 of Device C.

[DeviceD] stp instance 0 priority 36864

# Enable the spanning tree feature globally.

[DeviceD] stp global enable

Verifying the configuration

1.      Verify that Layer 2 loops have been eliminated in each MSTI:

Use the display stp brief command to display brief spanning tree information on each device.

# Display brief spanning tree information on Device A.

[DeviceA] display stp brief

 MST ID   Port                                    Role  STP State   Protection

 0        HundredGigE1/0/1                        DESI  FORWARDING  NONE

 0        HundredGigE1/0/2                        DESI  FORWARDING  NONE

 0        HundredGigE1/0/3                        DESI  FORWARDING  NONE

 1        HundredGigE1/0/1                        DESI  FORWARDING  NONE

 1        HundredGigE1/0/2                        DESI  FORWARDING  NONE

 1        HundredGigE1/0/3                        DESI  FORWARDING  NONE

 2        HundredGigE1/0/1                        DESI  FORWARDING  NONE

 2        HundredGigE1/0/2                        DESI  FORWARDING  NONE

 2        HundredGigE1/0/3                        ROOT  FORWARDING  NONE

# Display brief spanning tree information on Device B.

[DeviceB] display stp brief

 MST ID   Port                                    Role  STP State   Protection

 0        HundredGigE1/0/1                        DESI  FORWARDING  NONE

 0        HundredGigE1/0/2                        DESI  FORWARDING  NONE

 0        HundredGigE1/0/3                        ROOT  FORWARDING  NONE

 1        HundredGigE1/0/1                        DESI  FORWARDING  NONE

 1        HundredGigE1/0/2                        DESI  FORWARDING  NONE

 1        HundredGigE1/0/3                        ROOT  FORWARDING  NONE

 2        HundredGigE1/0/1                        DESI  FORWARDING  NONE

 2        HundredGigE1/0/2                        DESI  FORWARDING  NONE

 2        HundredGigE1/0/3                        DESI  FORWARDING  NONE

# Display brief spanning tree information on Device C.

[DeviceC] display stp brief

 MST ID   Port                                   Role  STP State   Protection

 0        HundredGigE1/0/1                       ROOT  FORWARDING  NONE

 0        HundredGigE1/0/2                       ALTE  DISCARDING  NONE

 1        HundredGigE1/0/1                       ROOT  FORWARDING  NONE

 1        HundredGigE1/0/2                       ALTE  DISCARDING  NONE

 2        HundredGigE1/0/1                       ALTE  DISCARDING  NONE

 2        HundredGigE1/0/2                       ROOT  FORWARDING  NONE

# Display brief spanning tree information on Device D.

[DeviceD] display stp brief

 MST ID   Port                                    Role  STP State   Protection

 0        HundredGigE1/0/1                        ALTE  DISCARDING  NONE

 0        HundredGigE1/0/2                        ROOT  FORWARDING  NONE

 1        HundredGigE1/0/1                        ALTE  DISCARDING  NONE

 1        HundredGigE1/0/2                        ROOT  FORWARDING  NONE

 2        HundredGigE1/0/1                        ROOT  FORWARDING  NONE

 2        HundredGigE1/0/2                        ALTE  DISCARDING  NONE

Based on the output, the topology for each MSTI is shown in Figure 3.

Figure 3 MSTI topologies

 

2.      Verify that the network can accommodate topology changes:

# Shut down HundredGigE 1/0/1 on Device C. (Details not shown.)

# Display brief spanning tree information on all devices.

[DeviceA] display stp brief

 MST ID   Port                                    Role  STP State   Protection

 0        HundredGigE1/0/2                        DESI  FORWARDING  NONE

 0        HundredGigE1/0/3                        DESI  FORWARDING  NONE

 1        HundredGigE1/0/2                        DESI  FORWARDING  NONE

 1        HundredGigE1/0/3                        DESI  FORWARDING  NONE

 2        HundredGigE1/0/2                        DESI  FORWARDING  NONE

 2        HundredGigE1/0/3                        ROOT  FORWARDING  NONE

[DeviceB] display stp brief

 MST ID   Port                                    Role  STP State   Protection

 0        HundredGigE1/0/1                        DESI  FORWARDING  NONE

 0        HundredGigE1/0/2                        DESI  FORWARDING  NONE

 0        HundredGigE1/0/3                        ROOT  FORWARDING  NONE

 1        HundredGigE1/0/1                        DESI  FORWARDING  NONE

 1        HundredGigE1/0/2                        DESI  FORWARDING  NONE

 1        HundredGigE1/0/3                        ROOT  FORWARDING  NONE

 2        HundredGigE1/0/1                        DESI  FORWARDING  NONE

 2        HundredGigE1/0/2                        DESI  FORWARDING  NONE

 2        HundredGigE1/0/3                        DESI  FORWARDING  NONE

[DeviceC] display stp brief

 MST ID   Port                                    Role  STP State   Protection

 0        HundredGigE1/0/2                        ROOT  FORWARDING  NONE

 1        HundredGigE1/0/2                        ROOT  FORWARDING  NONE

 2        HundredGigE1/0/2                        ROOT  FORWARDING  NONE

[DeviceD] display stp brief

 MST ID   Port                                    Role  STP State   Protection

 0        HundredGigE1/0/1                        ALTE  DISCARDING  NONE

 0        HundredGigE1/0/2                        ROOT  FORWARDING  NONE

 1        HundredGigE1/0/1                        ALTE  DISCARDING  NONE

 1        HundredGigE1/0/2                        ROOT  FORWARDING  NONE

 2        HundredGigE1/0/1                        ROOT  FORWARDING  NONE

 2        HundredGigE1/0/2                        ALTE  DISCARDING  NONE

Based on the output, the topology for each MSTI is shown in Figure 4.

Figure 4 MSTI topologies

 

Configuration files

·           Device A:

#

vlan 1

#

vlan 11 to 30

#

stp region-configuration

 region-name test

 instance 1 vlan 11 to 20

 instance 2 vlan 21 to 30

 active region-configuration

#

 stp instance 0 to 1 root primary

 stp global enable

#

interface HundredGigE1/0/1

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 11 to 30

#

interface HundredGigE1/0/2

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 11 to 30

#

interface HundredGigE1/0/3

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 11 to 30

#

·           Device B:

#

vlan 1

#

vlan 11 to 30

#

stp region-configuration

 region-name test

 instance 1 vlan 11 to 20

 instance 2 vlan 21 to 30

 active region-configuration

#

 stp instance 0 root secondary

 stp instance 2 root primary

 stp global enable

#

interface HundredGigE1/0/1

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 11 to 30

#

interface HundredGigE1/0/2

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 11 to 30

#

interface HundredGigE1/0/3

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 11 to 30

#

·           Device C:

#

vlan 1

#

vlan 11 to 30

#

stp region-configuration

 region-name test

 instance 1 vlan 11 to 20

 instance 2 vlan 21 to 30

 active region-configuration

#

 stp global enable

#

interface HundredGigE1/0/1

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 11 to 30

#

interface HundredGigE1/0/2

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 11 to 30

#

·           Device D:

#

vlan 1

#

vlan 11 to 30

#

stp region-configuration

 region-name test

 instance 1 vlan 11 to 20

 instance 2 vlan 21 to 30

 active region-configuration

#

 stp instance 0 priority 36864

 stp global enable

#

interface HundredGigE1/0/1

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 11 to 30

#

interface HundredGigE1/0/2

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 11 to 30

#

Example: Configuring PVST

Network configuration

As shown in Figure 5, Device A and Device B operate at the distribution layer, and Device C and Device D operate at the access layer. The ports on the devices have the same path cost.

Configure PVST to meet the following requirements:

·           Redundant links are used for load sharing.

·           Packets of each VLAN are forwarded along its spanning tree.

Figure 5 Network diagram

 

Analysis

For traffic of different VLANs to be shared along the spanning trees in Figure 6, perform the following tasks:

·           Configure Device A as the root bridge of the spanning trees for VLAN 10 and VLAN 30.

·           Configure Device B as the root bridge of the spanning tree for VLAN 20.

Figure 6 VLAN spanning tree topologies

 

 

Applicable hardware and software versions

The following matrix shows the hardware and software versions to which this configuration example is applicable:

 

Hardware

Software version

S6850 switch series

S9850 switch series

Release 6555P01

S9820-64H switch

Release 6555P01

 

Procedures

Configuring Device A

# Create VLAN 10, VLAN 20, and VLAN 30.

<DeviceA> system-view

[DeviceA] vlan 10

[DeviceA-vlan10] vlan 20

[DeviceA-vlan20] vlan 30

[DeviceA-vlan30] quit

# Configure HundredGigE 1/0/1 to trunk VLAN 10 and VLAN 20.

[DeviceA] interface hundredgige 1/0/1

[DeviceA-HundredGigE1/0/1] port link-type trunk

[DeviceA-HundredGigE1/0/1] port trunk permit vlan 10 20

[DeviceA-HundredGigE1/0/1] quit

# Configure HundredGigE 1/0/2 to trunk VLAN 20 and VLAN 30.

[DeviceA] interface hundredgige 1/0/2

[DeviceA-HundredGigE1/0/2] port link-type trunk

[DeviceA-HundredGigE1/0/2] port trunk permit vlan 20 30

[DeviceA-HundredGigE1/0/2] quit

# Configure HundredGigE 1/0/3 to trunk VLAN 10, VLAN 20, and VLAN 30.

[DeviceA] interface hundredgige 1/0/3

[DeviceA-HundredGigE1/0/3] port link-type trunk

[DeviceA-HundredGigE1/0/3] port trunk permit vlan 10 20 30

[DeviceA-HundredGigE1/0/3] quit

# Set the spanning tree mode to PVST.

[DeviceA] stp mode pvst

# Configure Device A as the root bridge of VLAN 10 and VLAN 30.

[DeviceA] stp vlan 10 30 root primary

# Enable the spanning tree feature globally.

[DeviceA] stp global enable

Configuring Device B

# Create VLAN 10, VLAN 20, and VLAN 30.

<DeviceB> system-view

[DeviceB] vlan 10

[DeviceB-vlan10] vlan 20

[DeviceB-vlan20] vlan 30

[DeviceB-vlan30] quit

# Configure HundredGigE 1/0/1 to trunk VLAN 20 and VLAN 30.

[DeviceB] interface hundredgige 1/0/1

[DeviceB-HundredGigE1/0/1] port link-type trunk

[DeviceB-HundredGigE1/0/1] port trunk permit vlan 20 30

[DeviceB-HundredGigE1/0/1] quit

# Configure HundredGigE 1/0/2 to trunk VLAN 10 and VLAN 20.

[DeviceB] interface hundredgige 1/0/2

[DeviceB-HundredGigE1/0/2] port link-type trunk

[DeviceB-HundredGigE1/0/2] port trunk permit vlan 10 20

[DeviceB-HundredGigE1/0/2] quit

# Configure HundredGigE 1/0/3 to trunk VLAN 10, VLAN 20, and VLAN 30.

[DeviceB] interface hundredgige 1/0/3

[DeviceB-HundredGigE1/0/3] port link-type trunk

[DeviceB-HundredGigE1/0/3] port trunk permit vlan 10 20 30

[DeviceB-HundredGigE1/0/3] quit

# Set the spanning tree mode to PVST.

[DeviceB] stp mode pvst

# Configure Device B as the root bridge of VLAN 20.

[DeviceB] stp vlan 20 root primary

# Enable the spanning tree feature globally.

[DeviceB] stp global enable

Configuring Device C

# Create VLAN 10 and VLAN 20.

<DeviceC> system-view

[DeviceC] vlan 10

[DeviceC-vlan10] vlan 20

[DeviceC-vlan20] quit

# Configure HundredGigE 1/0/1 and HundredGigE 1/0/2 to trunk VLAN 10 and VLAN 20.

[DeviceC] interface range hundredgige 1/0/1 to hundredgige 1/0/2

[DeviceC-if-range] port link-type trunk

[DeviceC-if-range] port trunk permit vlan 10 20

[DeviceC-if-range] quit

# Set the spanning tree mode to PVST.

[DeviceC] stp mode pvst

# Enable the spanning tree feature globally.

[DeviceC] stp global enable

Configuring Device D

# Create VLAN 20 and VLAN 30.

<DeviceD> system-view

[DeviceD] vlan 20

[DeviceD-vlan20] vlan 30

[DeviceD-vlan30] quit

# Configure HundredGigE 1/0/1 and HundredGigE 1/0/2 to trunk VLAN 20 and VLAN 30.

[DeviceD] interface range hundredgige 1/0/1 to hundredgige 1/0/2

[DeviceD-if-range] port link-type trunk

[DeviceD-if-range] port trunk permit vlan 20 30

[DeviceD-if-range] quit

# Set the spanning tree mode to PVST.

[DeviceD] stp mode pvst

# Enable the spanning tree feature globally.

[DeviceD] stp global enable

Verifying the configuration

Use the display stp brief command to display brief spanning tree information on each device.

# Display brief spanning tree information on Device A.

[DeviceA] display stp brief

 VLAN ID  Port                                    Role  STP State   Protection

 1        HundredGigE1/0/1                        DESI  FORWARDING  NONE

 1        HundredGigE1/0/2                        DESI  FORWARDING  NONE

 1        HundredGigE1/0/3                        DESI  DISCARDING  NONE

 10       HundredGigE1/0/1                        DESI  FORWARDING  NONE

 10       HundredGigE1/0/3                        DESI  FORWARDING  NONE

 20       HundredGigE1/0/1                        DESI  FORWARDING  NONE

 20       HundredGigE1/0/2                        DESI  FORWARDING  NONE

 20       HundredGigE1/0/3                        ROOT  FORWARDING  NONE

 30       HundredGigE1/0/2                        DESI  FORWARDING  NONE

 30       HundredGigE1/0/3                        DESI  FORWARDING  NONE

# Display brief spanning tree information on Device B.

[DeviceB] display stp brief

 VLAN ID  Port                                    Role  STP State   Protection

 1        HundredGigE1/0/1                        DESI  FORWARDING  NONE

 1        HundredGigE1/0/2                        DESI  FORWARDING  NONE

 1        HundredGigE1/0/3                        ROOT  FORWARDING  NONE

 10       HundredGigE1/0/2                        DESI  FORWARDING  NONE

 10       HundredGigE1/0/3                        ROOT  FORWARDING  NONE

 20       HundredGigE1/0/1                        DESI  FORWARDING  NONE

 20       HundredGigE1/0/2                        DESI  FORWARDING  NONE

 20       HundredGigE1/0/3                        DESI  FORWARDING  NONE

 30       HundredGigE1/0/1                        DESI  FORWARDING  NONE

 30       HundredGigE1/0/3                        ROOT  FORWARDING  NONE

# Display brief spanning tree information on Device C.

[DeviceC] display stp brief

 VLAN ID  Port                                    Role  STP State   Protection

 1        HundredGigE1/0/1                        ROOT  FORWARDING  NONE

 1        HundredGigE1/0/2                        ALTE  DISCARDING  NONE

 10       HundredGigE1/0/1                        ROOT  FORWARDING  NONE

 10       HundredGigE1/0/2                        ALTE  DISCARDING  NONE

 20       HundredGigE1/0/1                        ALTE  DISCARDING  NONE

 20       HundredGigE1/0/2                        ROOT  FORWARDING  NONE

# Display brief spanning tree information on Device D.

[DeviceD] display stp brief

 VLAN ID  Port                                    Role  STP State   Protection

 1        HundredGigE1/0/1                        ALTE  DISCARDING  NONE

 1        HundredGigE1/0/2                        ROOT  FORWARDING  NONE

 20       HundredGigE1/0/1                        ROOT  FORWARDING  NONE

 20       HundredGigE1/0/2                        ALTE  DISCARDING  NONE

 30       HundredGigE1/0/1                        ALTE  DISCARDING  NONE

 30       HundredGigE1/0/2                        ROOT  FORWARDING  NONE

Based on the output, the topology for each VLAN is shown in Figure 7.

Figure 7 VLAN spanning tree topologies

 

Configuration files

·           Device A:

#

vlan 1

#

vlan 10

#

vlan 20

#

vlan 30

#

 stp vlan 10 30 root primary

 stp mode pvst

 stp global enable

#

interface HundredGigE1/0/1

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 10 20

#

interface HundredGigE1/0/2

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 20 30

#

interface HundredGigE1/0/3

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 10 20 30

#

·           Device B:

#

vlan 1

#

vlan 10

#

vlan 20

#

vlan 30

#

 stp vlan 20 root primary

 stp mode pvst

 stp global enable

#

interface HundredGigE1/0/1

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 20 30

#

interface HundredGigE1/0/2

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 10 20

#

interface HundredGigE1/0/3

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 10 20 30

#

·           Device C:

#

vlan 1

#

vlan 10

#

vlan 20

#

 stp mode pvst

 stp global enable

#

interface HundredGigE1/0/1

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 10 20

#

interface HundredGigE1/0/2

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 10 20

#

·           Device D:

#

vlan 1

#

vlan 20

#

vlan 30

#

 stp mode pvst

 stp global enable

#

interface HundredGigE1/0/1

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 20 30

#

interface HundredGigE1/0/2

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 20 30

#

Example: Configuring RSTP

Network configuration

As shown in Figure 8, Device A operates at the core layer, Device B and Device C operate at the distribution layer, and Device D and Device E operate at the access layer. The ports on the devices have the same path cost.

Configure RSTP as follows:

·           Configure Device A as the root bridge, and enable root guard to retain its root bridge role when configuration errors or malicious attacks occur.

·           Configure Device C as a backup of Device B. When Device B fails, traffic is forwarded through Device C.

·           Configure HundredGigE 1/0/4 on Device D and HundredGigE 1/0/4 on Device E as edge ports, and enable BPDU guard on the ports.

Figure 8 Network diagram

 

Analysis

For Device C to be a backup of Device B, make sure Device C's priority is lower than Device B's priority. In this example, configure the priorities of Device B and Device C as 4096 and 8192.

For Device A to be the root bridge, make sure Device A has the lowest bridge ID (containing the device's priority and MAC address) in the network. In this example, because Device A already has the lowest MAC address, configure the priority as 4096 for Device A to hold the lowest bridge ID.

 

 

NOTE:

To configure a device as the root bridge, you also can use the stp root primary or stp priority 0 command to set the device's priority to 0.

 

To retain Device A's root bridge role, enable root guard on the designated ports of Device A, Device B, and Device C. To identify the designated ports, use either of the following methods:

·           Use the display stp brief command to display the brief spanning tree information. The role is DESI for a designated port.

·           Identify the designated ports in the RSTP topology that is calculated based on the device configuration, as shown in Figure 9.

Figure 9 RSTP topology

 

Applicable hardware and software versions

The following matrix shows the hardware and software versions to which this configuration example is applicable:

 

Hardware

Software version

S6850 switch series

S9850 switch series

Release 6555P01

S9820-64H switch

Release 6555P01

 

Procedures

Configuring Device A

# Set the spanning tree mode to RSTP.

<DeviceA> system-view

[DeviceA] stp mode rstp

# Configure the priority as 4096 for Device A.

[DeviceA] stp priority 4096

# Enable the spanning tree feature globally.

[DeviceA] stp global enable

# Enable root guard on designated ports HundredGigE 1/0/1 and HundredGigE 1/0/2.

[DeviceA] interface range hundredgige 1/0/1 to hundredgige 1/0/2

[DeviceA-if-range] stp root-protection

[DeviceA-if-range] quit

Configuring Device B

# Set the spanning tree mode to RSTP.

<DeviceB> system-view

[DeviceB] stp mode rstp

# Configure the priority as 4096 for Device B.

[DeviceB] stp priority 4096

# Enable the spanning tree feature globally.

[DeviceB] stp global enable

# Enable root guard on designated ports HundredGigE 1/0/1, HundredGigE 1/0/2, and HundredGigE 1/0/3.

[DeviceB] interface range hundredgige 1/0/1 to hundredgige 1/0/3

[DeviceB-if-range] stp root-protection

[DeviceB-if-range] quit

Configuring Device C

# Set the spanning tree mode to RSTP.

<DeviceC> system-view

[DeviceC] stp mode rstp

# Configure the priority as 8192 for Device C.

[DeviceC] stp priority 8192

# Enable the spanning tree feature globally.

[DeviceC] stp global enable

# Enable root guard on designated ports HundredGigE 1/0/1 and HundredGigE 1/0/2.

[DeviceC] interface range hundredgige 1/0/1 to hundredgige 1/0/2

[DeviceC-if-range] stp root-protection

[DeviceC-if-range] quit

Configuring Device D

# Set the spanning tree mode to RSTP.

<DeviceD> system-view

[DeviceD] stp mode rstp

# Enable the spanning tree feature globally.

[DeviceD] stp global enable

# Configure HundredGigE 1/0/4 as an edge port, and enable BPDU guard.

[DeviceD] interface hundredgige 1/0/4

[DeviceD-HundredGigE1/0/4] stp edged-port

[DeviceD-HundredGigE1/0/4] quit

[DeviceD] stp bpdu-protection

Configuring Device E

# Configure Device E in the same way you configure Device D. (Details not shown.)

Verifying the configuration

1.      Verify that Layer 2 loops have been eliminated in the network:

Use the display stp brief command to display brief spanning tree information on each device.

# Display the brief spanning tree information on Device A.

[DeviceA] display stp brief

 MST ID   Port                                    Role  STP State   Protection

 0        HundredGigE1/0/1                        DESI  FORWARDING  NONE

 0        HundredGigE1/0/2                        DESI  FORWARDING  NONE

# Display the brief spanning tree information on Device B.

[DeviceB] display stp brief

 MST ID   Port                                    Role  STP State   Protection

 0        HundredGigE1/0/1                        DESI  FORWARDING  NONE

 0        HundredGigE1/0/2                        DESI  FORWARDING  NONE

 0        HundredGigE1/0/3                        DESI  FORWARDING  NONE

 0        HundredGigE1/0/4                        ROOT  FORWARDING  NONE

# Display the brief spanning tree information on Device C.

[DeviceC] display stp brief

 MST ID   Port                                    Role  STP State   Protection

 0        HundredGigE1/0/1                        DESI  FORWARDING  NONE

 0        HundredGigE1/0/2                        DESI  FORWARDING  NONE

 0        HundredGigE1/0/3                        ALTE  DISCARDING  NONE

 0        HundredGigE1/0/4                        ROOT  FORWARDING  NONE

# Display the brief spanning tree information on Device D.

[DeviceD] display stp brief

 MST ID   Port                                    Role  STP State   Protection

 0        HundredGigE1/0/1                        ROOT  FORWARDING  NONE

 0        HundredGigE1/0/2                        ALTE  DISCARDING  NONE

 0        HundredGigE1/0/4                        DESI  FORWARDING  BPDU

# Display the brief spanning tree information on Device E.

[DeviceE] display stp brief

 MST ID   Port                                    Role  STP State   Protection

 0        HundredGigE1/0/1                        ALTE  DISCARDING  NONE

 0        HundredGigE1/0/2                        ROOT  FORWARDING  NONE

 0        HundredGigE1/0/4                        DESI  FORWARDING  BPDU

Based on the output, the topology for the network is shown in Figure 10.

Figure 10 Network topology

 

2.      Verify that root guard can retain Device A's root bridge role:

# Verify that Device A is the root bridge in the network.

[DeviceD] display stp

-------[CIST Global Info] [Mode RSTP] -------

 Bridge ID           : 32768.00e0-fc00-c518

 Bridge times        : Hello 2s MaxAge 20s FwdDelay 15s MaxHops 20

 Root ID/ERPC        : 4096.0000-fc00-47cd, 40

 RegRoot ID/IRPC     : 32768.00e0-fc00-c518, 0

...

# Set the priority to 0 for Device D. Because the priority is higher than the priority of Device A, Device D considers itself as the root bridge and sends BPDUs that contain its bridge ID 0.00e0-fc00-c518.

[DeviceD] stp priority 0

[DeviceD] display stp

-------[CIST Global Info] [Mode RSTP] -------

 Bridge ID           : 0.00e0-fc00-c518

 Bridge times        : Hello 2s MaxAge 20s FwdDelay 15s MaxHops 20

 Root ID/ERPC        : 0.00e0-fc00-c518, 0

 RegRoot ID/IRPC     : 0.00e0-fc00-c518, 0

...

# Set the priority to 0 for Device E. Because the priority is higher than the priority of Device A. Device E considers itself as the root bridge and sends BPDUs that contain its bridge ID 0.7425-8a0f-8000.

[DeviceE] stp priority 0

[DeviceE] display stp

-------[CIST Global Info] [Mode RSTP] -------

 Bridge ID           : 0.7425-8a0f-8000

 Bridge times        : Hello 2s MaxAge 20s FwdDelay 15s MaxHops 20

 Root ID/ERPC        : 0.7425-8a0f-8000, 0

 RegRoot ID/IRPC     : 0.7425-8a0f-8000, 0

...

# Verify that Device A is still the root bridge in the network.

[DeviceB] display stp

-------[CIST Global Info] [Mode RSTP] -------

 Bridge ID           : 4096.7425-8a02-4c00

 Bridge times        : Hello 2s MaxAge 20s FwdDelay 15s MaxHops 20

 Root ID/ERPC        : 4096.0000-fc00-47cd, 20

 RegRoot ID/IRPC     : 4096.7425-8a02-4c00, 0

...

[DeviceC] display stp

-------[CIST Global Info] [Mode RSTP] -------

 Bridge ID           : 8192.0cda-41b1-d1c0

 Bridge times        : Hello 2s MaxAge 20s FwdDelay 15s MaxHops 20

 Root ID/ERPC        : 4096.0000-fc00-47cd, 20

 RegRoot ID/IRPC     : 8192.0cda-41b1-d1c0, 0

...

# Verify that Device A cannot retain its root bridge role when root guard is disabled on a designated port on Device B (for example, HundredGigE 1/0/2).

[DeviceB] interface hundredgige 1/0/2

[DeviceB-HundredGigE1/0/2] undo stp root-protection

[DeviceB-HundredGigE1/0/2] display stp

-------[CIST Global Info] [Mode RSTP] -------

 Bridge ID           : 4096.7425-8a02-4c00

 Bridge times        : Hello 2s MaxAge 20s FwdDelay 15s MaxHops 20

 Root ID/ERPC        : 0.7425-8a0f-8000, 20

...

[DeviceB-HundredGigE1/0/2] display stp brief

 MST ID   Port                                    Role  STP State   Protection

 0        HundredGigE1/0/1                        DESI  DISCARDING  ROOT

 0        HundredGigE1/0/2                        ROOT  FORWARDING  NONE

 0        HundredGigE1/0/3                        DESI  FORWARDING  NONE

 0        HundredGigE1/0/4                        DESI  FORWARDING  NONE

3.      Verify that traffic is forwarded through Device C when Device B fails:

# Reboot Device B. (Details not shown.)

# Display the brief spanning tree information on Device A, Device C, Device D, and Device E before Device B completes the reboot.

[DeviceA] dis stp brief

 MST ID   Port                                    Role  STP State   Protection

 0        HundredGigE1/0/2                        DESI  FORWARDING  ROOT

[DeviceC] dis stp brief

 MST ID   Port                                    Role  STP State   Protection

 0        HundredGigE1/0/1                        DESI  FORWARDING  ROOT

 0        HundredGigE1/0/2                        DESI  FORWARDING  ROOT

 0        HundredGigE1/0/4                        ROOT  FORWARDING  NONE

[DeviceD] dis stp brief

 MST ID   Port                                    Role  STP State   Protection

 0        HundredGigE1/0/2                        ROOT  FORWARDING  NONE

 0        HundredGigE1/0/4                        DESI  FORWARDING  BPDU

[DeviceE] dis stp brief

 MST ID   Port                                    Role  STP State   Protection

 0        HundredGigE1/0/1                        ROOT  FORWARDING  NONE

 0        HundredGigE1/0/4                        DESI  FORWARDING  BPDU

Based on the network topology, the topology for the network is shown in Figure 11.

Figure 11 Network topology

 

4.      Verify that BPDU guard can protect edge ports from attacks:

# Verify that the edge port HundredGigE 1/0/4 on Device D goes down when the port receives configuration BPDUs.

[DeviceD] display stp down-port

 Down Port                               Reason

 HundredGigE1/0/4                        BPDU-Protected

# Verify that HundredGigE 1/0/4 goes up when it does not receive any configuration BPDUs from the peer end.

[DeviceD] display interface brief | include UP

InLoop0              UP   UP(s)    --

M-E0/0/0             UP   UP       192.168.2.125

NULL0                UP   UP(s)    --

HGE1/0/1             UP   1G(a)   F(a)   T    1

HGE1/0/2             UP   1G(a)   F(a)   T    1

HGE1/0/4             UP   1G(a)   F(a)   A    1

Configuration files

·           Device A:

#

vlan 1

#

 stp instance 0 priority 4096

 stp mode rstp

 stp global enable

#

interface HundredGigE1/0/1

 port link-mode bridge

 stp root-protection

#

interface HundredGigE1/0/2

 port link-mode bridge

 stp root-protection

#

·           Device B:

#

vlan 1

#

 stp instance 0 priority 4096

 stp mode rstp

 stp global enable

#

interface HundredGigE1/0/1

 port link-mode bridge

 stp root-protection

#

interface HundredGigE1/0/2

 port link-mode bridge

 stp root-protection

#

interface HundredGigE1/0/3

 port link-mode bridge

 stp root-protection

#

·           Device C:

#

vlan 1

#

 stp instance 0 priority 8192

 stp mode rstp

 stp global enable

#

interface HundredGigE1/0/1

 port link-mode bridge

 stp root-protection

#

interface HundredGigE1/0/2

 port link-mode bridge

 stp root-protection

#

·           Device D:

#

vlan 1

#

 stp mode rstp

 stp bpdu-protection

 stp global enable

#

interface HundredGigE1/0/4

 port link-mode bridge

 stp edged-port

#

·           Device E:

#

vlan 1

#

 stp mode rstp

 stp bpdu-protection

 stp global enable

#

interface HundredGigE1/0/4

 port link-mode bridge

 stp edged-port

#

Related documentation

·           H3C S6850 & S9850 Switch Series Layer 2—LAN Switching Configuration Guide-Release 655x

·           H3C S6850 & S9850 Switch Series Layer 2—LAN Switching Command Reference-Release 655x

·           H3C S9820-64H Switch Layer 2—LAN Switching Configuration Guide-Release 655x

·           H3C S9820-64H Switch Layer 2—LAN Switching Command Reference-Release 655x