Configuring digest snooping, Configuration restrictions and guidelines, Configuration procedure – H3C Technologies H3C WX5500E Series Access Controllers User Manual

86

Step Command

2.

Enter Layer 2 Ethernet interface view
or Layer 2 aggregate interface view. interface interface-type interface-number

3.

Perform mCheck.

stp mcheck

Configuring digest snooping

As defined in IEEE 802.1s, connected devices are in the same region only when their MST region-related

configurations (region name, revision level, and VLAN-to-instance mappings) are identical. A spanning
tree device identifies devices in the same MST region by determining the configuration ID in BPDU

packets. The configuration ID includes the region name, revision level, and configuration digest, which is

in 16-byte length and is the result calculated by the HMAC-MD5 algorithm based on VLAN-to-instance

mappings.
Because spanning tree implementations vary with vendors, the configuration digests calculated through
private keys are different. Devices of different vendors in the same MST region cannot communicate with

each other.
To enable communication between an H3C device and a third-party device, enable the digest snooping

feature on the port that connects the H3C device to the third-party device in the same MST region.

Configuration restrictions and guidelines

•

Before you enable digest snooping, make sure that associated devices of different vendors are
connected and running spanning tree protocols.

•

With the digest snooping feature enabled, in-the-same-region verification does not need
comparison of configuration digest, so the VLAN-to-instance mappings must be the same on

associated ports.

•

When digest snooping is globally enabled, if you modify the VLAN-to-instance mapping or use the
undo stp region-configuration command to restore the default MST region configuration, traffic

may be interrupted because the local VLAN-to-instance mapping is different from that on a
neighbor device. Perform these operations with caution.

•

To make digest snooping take effect, you must enable it both globally and on associated ports. H3C
recommends that you enable digest snooping on all associated ports first and then globally. This

will make the configuration take effect on all configured ports and reduce impact on the network.

•

To avoid loops, do not enable digest snooping on MST region edge ports.

•

H3C recommends you to enable digest snooping first and then the spanning tree feature. To avoid
traffic interruption, do not configure digest snooping when the network is already working well.

Configuration procedure

You can enable digest snooping only on the H3C device that is connected to a third-party device which

uses its private key to calculate the configuration digest.
To configure digest snooping: