Configuring digest snooping, Configuration restrictions and guidelines, Configuration procedure – H3C Technologies H3C S5560 Series Switches User Manual
Page 128
94
Configuring Digest Snooping
CAUTION:
Use caution with global Digest Snooping in the following situations:
•
When you modify the VLAN-to-instance mappings.
•
When you restore the default MST region configuration.
If the local device has different VLAN-to-instance mappings than its neighboring devices, loops or traffic
interruption will occurs.
As defined in IEEE 802.1s, connected devices are in the same region only when they have the same MST
region-related configurations, including:
•
Region name.
•
Revision level.
•
VLAN-to-instance mappings.
A spanning tree device identifies devices in the same MST region by determining the configuration ID in
BPDU packets. The configuration ID includes the region name, revision level, and configuration digest. It
is 16-byte long and is the result calculated through the HMAC-MD5 algorithm based on
VLAN-to-instance mappings.
Because spanning tree implementations vary by vendor, the configuration digests calculated through
private keys are different. The devices of different vendors in the same MST region cannot communicate
with each other.
To enable communication between an H3C device and a third-party device in the same MST region,
enable Digest Snooping on the H3C device port connecting them.
Configuration restrictions and guidelines
When you configure Digest Snooping, follow these restrictions and guidelines:
•
Before you enable Digest Snooping, make sure associated devices of different vendors are
connected and run spanning tree protocols.
•
With Digest Snooping enabled, in-the-same-region verification does not require comparison of
configuration digest. The VLAN-to-instance mappings must be the same on associated ports.
•
To make Digest Snooping take effect, you must enable Digest Snooping both globally and on
associated ports. H3C recommends that you enable Digest Snooping on all associated ports first
and then enable it globally. This will make the configuration take effect on all configured ports and
reduce impact on the network.
•
To prevent loops, do not enable Digest Snooping on MST region edge ports.
•
H3C recommends that you enable Digest Snooping first and then the spanning tree feature. To
avoid traffic interruption, do not configure Digest Snooping when the network is already working
well.
Configuration procedure
You can enable Digest Snooping only on the H3C device that is connected to a third-party device that
uses its private key to calculate the configuration digest.