Performing mcheck in interface view, Configuring digest snooping, Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual

Page 122

Advertising
background image

97

Performing mCheck in interface view

Step Command

1.

Enter system view.

system-view

2.

Enter Ethernet interface view or Layer 2 aggregate
interface view.

interface interface-type interface-number

3.

Perform mCheck.

stp mcheck

NOTE:

An mCheck operation takes effect on a device that operates in MSTP or RSTP mode.

Configuring Digest Snooping

As defined in IEEE 802.1s, interconnected devices are in the same region only when their MST

region-related configurations (region name, revision level, and VLAN-to-instance mappings) are

identical. A spanning tree device identifies devices in the same MST region by checking the configuration

ID in BPDU packets. The configuration ID includes the region name, revision level, and configuration
digest that is in 16-byte length and is the result calculated via the HMAC-MD5 algorithm based on

VLAN-to-instance mappings.
Spanning tree implementations vary with vendors, and the configuration digests calculated using private

keys is different, so devices of different vendors in the same MST region cannot communicate with each
other.
To enable communication between an H3C device and a third-party device, enable the Digest Snooping

feature on the port connecting the H3C device to the third-party device in the same MST region.

NOTE:

Before enabling Digest Snooping, make sure that associated devices of different vendors are connected
and run spanning tree protocols.

Configuration procedure

You can enable Digest Snooping only on the H3C device that is connected to a third-party device that
uses its private key to calculate the configuration digest.
To configure Digest Snooping:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter Ethernet interface view or
Layer 2 aggregate interface view.

interface interface-type
interface-number

N/A

3.

Enable Digest Snooping on the
interface.

stp config-digest-snooping

Disabled by default.

4.

Return to system view.

quit

N/A

5.

Enable global Digest Snooping.

stp config-digest-snooping

Disabled by default.

Advertising
This manual is related to the following products:

H3C SecPath F5000-A5 Firewall, H3C SecPath F1000-A-EI, H3C SecPath F1000-E-SI, H3C SecPath F1000-S-AI, H3C SecPath F5000-S Firewall, H3C SecPath F5000-C Firewall, H3C SecPath F100-C-SI, H3C SecPath F1000-C-SI, H3C SecPath F100-A-SI, H3C SecBlade FW Cards, H3C SecBlade FW Enhanced Cards, H3C SecPath U200-A U200-M U200-S, H3C SecPath U200-CA U200-CM U200-CS, H3C SecBlade LB Cards, H3C SecPath L1000-A Load Balancer

Popular Brands
Popular manuals