Configuring digest snooping, Configuration restrictions and guidelines, Configuration procedure – H3C Technologies H3C S12500 Series Switches User Manual
Page 101
88
Configuring Digest Snooping
As defined in IEEE 802.1s, interconnected devices are in the same region only when their MST
region-related configurations (region name, revision level, and VLAN-to-instance mappings) are
identical. A spanning tree device identifies devices in the same MST region by checking the configuration
ID in BPDU packets. The configuration ID includes the region name, revision level, and configuration
digest that is in 16-byte length and is the result calculated by using the HMAC-MD5 algorithm based on
VLAN-to-instance mappings.
Spanning tree implementations vary with vendors, and the configuration digests calculated using private
keys is different, so devices of different vendors in the same MST region cannot communicate with each
other.
To enable communication between an H3C device and a third-party device, enable the Digest Snooping
feature on the port connecting the H3C device to the third-party device in the same MST region.
Configuration restrictions and guidelines
•
Before enabling Digest Snooping, make sure associated devices of different vendors are connected
and run spanning tree protocols.
•
With the Digest Snooping feature enabled, comparison of configuration digest is not needed for
in-the-same-region check, so the VLAN-to-instance mappings must be the same on associated ports.
•
With global Digest Snooping enabled, modification of VLAN-to-instance mappings and removing
of the current region configuration using the undo stp region-configuration command can cause
loops or traffic interruption if the VLAN-to-instance mappings on the device differ from those on the
neighboring devices. Perform these operations with caution.
•
To make Digest Snooping take effect, you must enable Digest Snooping both globally and on
associated ports. To make the configuration effective on all configured ports and while reducing
impact on the network, enable Digest Snooping on all associated ports first and then globally.
•
To prevent loops, do not enable Digest Snooping on MST region edge ports.
•
H3C recommends you to enable Digest Snooping first and then the spanning tree feature. To avoid
traffic interruption, do not configure Digest Snooping when the network is already working well.
•
You can enable Digest Snooping only on the H3C device that is connected to a third-party device
that uses its private key to calculate the configuration digest.
Configuration procedure
To configure Digest Snooping:
Step Command
Remarks
1.
Enter system view.
system-view
N/A