Configuration procedure, Configuring digest snooping – H3C Technologies H3C S5120 Series Switches User Manual

1-31

z

GigabitEthernet 1/0/1 on Device A and GigabitEthernet 1/0/1 on Device B allow the traffic of VLAN
1 to pass through. GigabitEthernet 1/0/2 on Device A and GigabitEthernet 1/0/2 on Device B allow
the traffic of VLAN 2 to pass through.

z

Device A is the root bridge, and both Device A and Device B run MSTP. GigabitEthernet 1/0/2 on
Device B is blocked, causing traffic block on VLAN 2.

z

Configure VLAN Ignore to make the blocked port forward packets.

Figure 1-7

VLAN Ignore configuration

Configuration procedure

1) Enable VLAN Ignore on Device B

# Enable VLAN Ignore on VLAN 2.

<DeviceB> system-view

[DeviceB] stp ignored vlan 2

2) Verify the configuration

# Display the VLAN Ignore enabled VLAN.

[DeviceB] display stp ignored-vlan

STP-Ignored VLAN: 2

Configuring Digest Snooping

As defined in IEEE 802.1s, interconnected devices are in the same region only when the MST
region-related configurations (domain name, revision level, VLAN-to-instance mappings) on them are
identical. An MSTP-enabled device identifies devices in the same MST region by checking the
configuration ID in BPDU packets. The configuration ID includes the region name, revision level,
configuration digest that is in 16-byte length and is the result calculated via the HMAC-MD5 algorithm
based on VLAN-to-instance mappings.

Since MSTP implementations vary with vendors, the configuration digests calculated using private keys
is different; hence different vendors’ devices in the same MST region can not communicate with each
other.

Enabling the Digest Snooping feature on the port connecting the local device to a third-party device in
the same MST region can make the two devices communicate with each other.

Before enabling digest snooping, ensure that associated devices of different vendors are connected
and run MSTP.