Professional Documents
Culture Documents
14 MSTP Configuration
This chapter describes how to configure the Multiple Spanning Tree Protocol (MSTP).
Definition
The Multiple Spanning Tree Protocol (MSTP) enables multiple VLAN instances to be
mapped to the same spanning tree without creating loops. MSTP is a Layer 2 protocol that
was first defined in IEEE 802.1s.
Purpose
MSTP generates multiple spanning trees that are used independently of each other to forward
traffic in different VLANs, which allows load balancing to be implemented without the risk of
broadcast storms.
STP/RSTP Defect
Both STP and RSTP (which is an evolution of STP and allows for fast network topology
convergence) suffer from a significant limitation: neither can implement VLAN-based load
balancing because all VLANs on a LAN use one spanning tree. When a link is blocked, it no
longer transmits traffic, which wastes bandwidth and prevents certain VLAN packets from
being forwarded.
Figure 14-1 provides an example scenario where STP or RSTP is enabled on a LAN. In
Figure 14-1, the broken line shows the spanning tree.
HostC HostA
VLAN 3 VLAN 2
(VLAN 3) (VLAN 2)
VLAN 2 VLAN 3
S2 S5
S3 S6
spanning tree(root bridge:S6)
In Figure 14-1, S6 is the root switch. The links between S2 and S5 and between S1 and S4
are blocked. VLAN packets are transmitted through "VLAN 2" or "VLAN 3" links.
Because the link between S2 and S5 is blocked and the link between S3 and S6 denies packets
from VLAN 2, HostA and HostB cannot communicate with each other despite both belonging
to VLAN 2.
MSTP Improvements
Because the link between S2 and S5 is blocked and the link between S3 and S6 denies packets
from VLAN 2, HostA and HostB cannot communicate with each other despite both belonging
to VLAN 2.
To address the limitation of STP and RSTP, MSTP allows fast convergence and provides
multiple paths to load balance VLAN traffic.
MSTP divides a switching network into multiple regions, each of which has multiple
spanning trees that are independent of each other. Each spanning tree is called a Multiple
Spanning Tree Instance (MSTI) and each region is called a Multiple Spanning Tree (MST)
region. Figure 14-2 shows an example of an MST region.
NOTE
An MSTI is a collection of VLANs. Binding multiple VLANs to a single MSTI reduces communication
costs and resource usage. The topology of each MSTI is calculated independently, and traffic can be
balanced among MSTIs. Multiple VLANs with the same topology can be mapped to a single MSTI. The
forwarding state of the VLANs for a port is determined by the port state in the MSTI.
S1 S4
VLAN 3 VLAN 2 VLAN 3 VLAN 2
HostC HostA
VLAN 3 VLAN 2
(VLAN 3) (VLAN 2)
VLAN 2
S2 S5
S3 S6
spanning tree(root bridge:S4)
spanning tree(root bridge:S6)
In Figure 14-2, MSTP maps VLANs to MSTIs in the VLAN mapping table. Each VLAN can
be mapped to only one MSTI. This means that traffic of a VLAN can be transmitted in only
one MSTI. An MSTI, however, can correspond to multiple VLANs.
In this situation, devices within the same VLAN can communicate with each other. Packets of
different VLANs are load balanced along different paths.
MSTP Network
S1
CST
IST
MST Region
An MST region contains multiple network segments, each of which contains one or more
switches. The switches in one MST region all share the following characteristics:
l MSTP-enabled
l Same region name
l Same VLAN-MSTI mappings
l Same MSTP revision level
Multiple switches can be grouped into an MST region by using MSTP configuration
commands.
In Figure 14-4, MST region 4 contains SwitchA, SwitchB, SwitchC, and SwitchD, and has
three MSTIs.
Figure 14-4 MST region with four switches and three MSTIs
A D A D
B C B C
MSTI 1 MSTI 2
S3
A D
Root
VLAN 1 -> MSTI 1 bridge
VLAN 2 -> MSTI 2
other VLAN S -> MSTI 3 B C MSTI
MST Region 4 MSTI 3
MSTI topology in MST region 4
CST
A Common Spanning Tree (CST) connects all MST regions on a switching network.
The CST is calculated using STP or RSTP, with each MST region being considered as a
single node.
In Figure 14-3, the regions that are connected through blue lines form a CST.
IST
An Internal Spanning Tree (IST) resides within an MST region.
In Figure 14-3, the switches that are connected through dark blue lines in an MST region
form an IST.
SST
A Single Spanning Tree (SST) is formed in either of the following situations:
l A switch running STP or RSTP belongs to only one spanning tree.
l An MST region has only one switch.
CIST
A Common and Internal Spanning Tree (CIST) connects all the switches on a switching
network and is calculated using STP or RSTP.
Regional Root
Regional roots are classified into Internal Spanning Tree (IST) and MSTI regional roots.
In Figure 14-3, the switches that are closest to the CIST root are IST regional roots.
An MST region can contain multiple spanning trees, each of which is called an MSTI. An
MSTI regional root is the root of the MSTI. In Figure 14-4, each MSTI has its own regional
root.
CIST Root
In Figure 14-3, the CIST root is the root bridge of the CIST. The CIST root is a device in S1.
Master Bridge
The master bridge is the switch closest to the CIST root in a region, for example, S1 in Figure
14-3.
If the CIST root is in an MST region, the CIST root is the master bridge of the region.
Port Roles
MSTP adds two extra port roles to those defined in RSTP. Table 14-1 describes the port roles
included in MSTP.
NOTE
Root port A root port sends data to a root bridge and is the port closest to the root bridge.
Root bridges do not have root ports.
Root ports are responsible for sending data to root bridges.
In Figure 14-5, S1 is the root; CP1 is the root port on S3; BP1 is the root port
on S2.
Alternate l Alternate ports provide an alternate path to the root bridge. This path is
port different from the path through the root port.
l An alternate port is blocked from sending BPDUs after a BPDU sent by
another bridge is received.
In Figure 14-5, BP2 is an alternate port.
Master A master port is on the shortest path connecting MST regions to the CIST root.
port BPDUs of an MST region are sent to the CIST root through the master port.
Master ports are special regional edge ports, functioning as root ports on ISTs
or CISTs and master ports in instances.
In Figure 14-6, S1, S2, S3, and S4 form an MST region. AP1 on S1 is the
master port because it is the closest port in the region to the CIST root.
Regional A regional edge port is located at the edge of an MST region and connects to
edge port another MST region or an SST.
In Figure 14-6, AP1, DP1, and DP2 in an MST region are directly connected
to other regions. This means that they are all regional edge ports of the MST
region.
Edge port An edge port is located at the edge of an MST region and does not connect to
any switching device.
Generally, edge ports are directly connected to terminals.
After MSTP is enabled on a port, edge port detection is started automatically.
If the port fails to receive BPDU packets within (2 x Hello Timer + 1) seconds,
the port is set to an edge port. Otherwise, the port is set to a non-edge port.
Root
AP2 AP3
CP1 BP1
S3 S2
root port
designated port
Alternate port
Backup port
AP1
Master
S1
S2 S3
S4
Blocked port
Forwardi A port in this state can send and receive BPDUs. It can also forward user
ng traffic.
Learning A port in this state learns MAC addresses from user traffic to construct a MAC
address table.
In Learning state, the port can send and receive BPDUs, but cannot forward
user traffic.
NOTE
Root, master, designated, and regional edge ports support all three port states. Alternate and backup ports
support only the Discarding state.
NOTE
The first 36 bytes of an MST BPDU are the same as those of an RST BPDU.
Fields from the 37th byte of an MST BPDU are MSTP-specific. The MSTI Configuration Messages field
consists of configuration messages of multiple MSTIs.
CIST External 4 Indicates the total path cost from the MST region
Path Cost where the switch resides to the MST region where the
CIST root switch resides. This value is calculated based
on link bandwidth.
Hello Time 2 Indicates the Hello timer value. The default value is 2
seconds.
Forward Delay 2 Indicates the forwarding delay timer. The default value
is 15 seconds.
CIST Internal 4 Indicates the total path costs from the local port to the
Root Path Cost IST master. This value is calculated based on link
bandwidth.
Remote devices must transmit and receive the same MST BPDU format. If MST BPDU
formats are different, loops may occur.
To configure ports on a Huawei switch to automatically adopt the BPDU format of the remote
device, use the stp compliance command. The following modes can be set on Huawei
switches:
l auto
l dot1s
l legacy
In auto mode, a port uses the dot1s BPDU format by default, but switches format if legacy
BDPUs are received from the remote end.
The number of BPDUs sent during a Hello interval increases as the Hello Time value is
increased. Setting the Hello Time to a smaller value limits the number of BPDUs sent by a
port during a Hello interval, which helps prevent network topology flapping and excessive use
of bandwidth resources by BPDUs.
Vectors
Both MSTIs and the CIST are calculated based on vectors, carried in MST BPDUs.
There are seven types of vectors used to calculate MSTIs and the CIST. Each vector carries a
priority value. For each vector, smaller priority values indicate higher priorities.
If the priority of a vector carried in the configuration message of a BPDU received by a port is
higher than the priority of the vector in the configuration message saved on the port, the port
replaces the saved configuration message with the received message and updates the global
configuration message saved on the device.
If the priority of a vector carried in the configuration message of a BPDU received on a port is
equal to or lower than that saved on the port, the port discards the BPDU. Table 14-5
describes each vector.
Root ID Identifies the root switch for the CIST. The root identifier consists of
the priority value (16 bits) and MAC address (48 bits).
The priority value is the priority of MSTI 0.
External root path Indicates the path cost from a CIST regional root to the root. ERPCs
cost (ERPC) are the same on all switches in an MST region. If the CIST root is in
an MST region, all ERPCs in that MST region are set to 0.
Regional root ID Identifies the MSTI regional root and consists of the priority value
(16 bits) and MAC address (48 bits).
The priority value is the priority of MSTI 0.
Internal root path Indicates the path cost from the local bridge to the regional root. The
cost (IRPC) IRPC saved on a regional edge port must be greater than the IRPC
saved on a non-regional edge port.
Designated Identifies the nearest upstream bridge on the path from the local
switching device bridge to the regional root. If the local bridge is the root or the
ID regional root, this ID is the same as the local bridge ID.
Designated port ID Identifies the port on the designated switch connected to the root port
on the local bridge. The designated port ID consists of the priority
value (4 bits) and port number (12 bits). The priority value must be a
multiple of 16.
Receiving port ID Identifies the port receiving the BPDU. The receiving port ID
consists of the priority value (4 bits) and port number (12 bits). The
priority value must be a multiple of 16.
l Root ID
l External root path cost
l Regional root ID
l Internal root path cost
l Designated switch ID
l Designated port ID
l Receiving port ID
The following vectors are used in MSTI calculation:
l Regional root ID
l Internal root path cost
l Designated switch ID
l Designated port ID
l Receiving port ID
NOTE
CIST Calculation
After comparing the vectors, the switch with the highest priority on the entire network is
selected as the CIST root. MSTP calculates an IST for each MST region, and calculates a
CST to interconnect MST regions. The CST and ISTs form a CIST for the entire network.
MSTI Calculation
In an MST region, MSTP independently calculates an MSTI for each VLAN based on
mappings between VLANs and MSTIs. The calculation process is similar to that used by STP
to calculate a spanning tree. For details, see 13.2.4 STP Topology Calculation.
MSTIs have the following characteristics:
l The spanning tree is calculated independently for each MSTI. Spanning trees of MSTIs
are independent of each other.
l Spanning trees of MSTIs can have different roots and topologies.
l Each MSTI sends BPDUs in its spanning tree.
l The topology of each MSTI is configured by using commands.
l A port can be configured with different parameters for different MSTIs.
l A port can play different roles or have different status in different MSTIs.
On an MSTP-aware network, a VLAN packet is forwarded along the following paths:
l MSTI in an MST region
l CST among MST regions
Send a proposal so
that the port can
rapidly enter the
Forwarding state Configure the root port
and block non-edge ports
Send an agreement
The root port
The designated enters the
port enters the Send an agreement Forwarding state
Forwarding state
Root port
Designated port
By default, Huawei switches use fast transition in enhanced P/A. To enable a Huawei switch
to communicate with a third-party device that uses fast transition in common P/A, configure
the Huawei switch to use ordinary P/A.
MPLS/IP Core
Core
UPE4 UPE3
Aggregation
MSTP
UPE1 UPE2
STP/RSTP
S1
Access
S4
S2 S3
NOTE
Purpose
MSTP multi-process provides the following benefits:
l Greatly improves the applicability of STP to different networking conditions.
On a network running different spanning tree protocols, devices that run different
spanning tree protocols can be bound to different processes, allowing every process to
calculate a separate, independent spanning tree.
l Improves networking reliability.
Network topology is calculated for each process so that, if a device fails, only the
topology corresponding to the process that the device belongs to is affected. On a
network with many Layer 2 access devices, MSTP multi-process reduces the adverse
effect of a single node failure on the entire network.
l Reduces the network administrator workload during network expansion.
To expand a network, a network administrator must configure new processes, connect
the processes to the existing network, and keep the existing MSTP processes unchanged.
If device expansion is performed in a process, only this process needs to be modified.
l Implements separate Layer 2 port management
An MSPT process manages separate port functions on a device. Layer 2 ports on a
device are separately managed by multiple MSTP processes.
Additional Concepts
l Public link status
In Figure 14-9, the public link between UPE1 and UPE2 is a Layer 2 link running
MSTP. This public link is different from the links that connect switching devices to
UPEs. The ports on the public link need to participate in the calculation for multiple
access rings and MSTP processes. Therefore, the UPEs must identify the process from
which MST BPDUs are sent.
In addition, a port on the public link participates in the calculation for multiple MSTP
processes, and obtains different status. As a result, the port cannot determine its status.
To prevent this situation, the port always adopts its status in MSTP process 0 when
participating in the calculation for multiple MSTP processes.
NOTE
By default, MSTP process 0 is created when a device starts, and MSTP configurations in the
system view and interface view belong to this process.
l Reliability
On the network shown in Figure 14-10, after the topology of a ring changes, the MSTP
multi-process mechanism helps UPEs flood a TC BPDU to all devices on the ring and
prevent the TC BPDU from being flooded to devices on the other ring. UPE1 and UPE2
update MAC and ARP entries on the ports corresponding to the changed spanning tree.
Core
MPLS/IP Core
UPE4 UPE3
Aggregation
MSTP
UPE1 UPE2
STP/RSTP
S1
Access
S4
S3
S2
Topology change
On the network shown in Figure 14-11, if the public link between UPE1 and UPE2 fails,
multiple switching devices that are connected to the UPEs will unblock their blocked
ports.
MPLS/IP Core
Core
UPE4 UPE3
Aggregation
MSTP
UPE1 UPE2
STP/RSTP
Access
S2 S4
S1 S3
UPE1 is configured with the highest priority, UPE2 with the second highest priority, and
all other switches with default or lower priorities. After the link between UPE1 and
UPE2 fails, the blocked ports (replacing the root ports) on switching devices no longer
receive packets with higher priorities, triggering state machine calculation. If the
calculation changes the blocked ports to designated ports, a permanent loop forms, as
shown in Figure 14-12.
Core
MPLS/IP Core
UPE4 UPE3
Aggregation
MSTP
UPE1 UPE2
STP/RSTP
Access
S2 S4
S1 S3
Core
MPLS/IP Core
UPE4 UPE3
Aggregation
MSTP
UPE1 UPE2
Eth-Trunk
STP/RSTP
Access
S2 S4
S1 S3
Core
MPLS/IP Core
UPE4 UPE3
Aggregation
MSTP
UPE1 UPE2
Root
protection
S2
S4
Access
STP/RSTP
S1 S3
The blue ring in Figure 14-14 is used as an example. UPE1 is configured with the
highest priority, UPE2 with the second highest priority, and switching devices on
the blue ring with default or lower priorities. Root protection is enabled on UPE2.
If a port on S1 is blocked, when the public link between UPE1 and UPE2 fails, the
blocked port on S1 starts to perform state machine calculation. After calculation,
the blocked port becomes the designated port and performs P/A negotiation with the
downstream device.
After S1 sends BPDUs of higher priorities to the UPE2 port enabled with root
protection, the port is blocked. The port remains blocked because it continues to
receive BPDUs of higher priorities, which prevents loops from occurring.
MST Region
S1 S2
all VLAN
VLAN
VLAN VLAN
10&20 VLAN
20&30 20&30
10&20
VLAN
S3 20&40 S4
MSTP allows packets in different VLANs to be forwarded by using different spanning tree
instances. An example of a network using MSTP is shown in Figure 14-15. The network is
configured in the following ways:
In Figure 14-15, S1 and S2 are devices at the aggregation layer, and S3 and S4 are devices at
the access layer. Traffic from VLAN 10 and VLAN 30 is terminated by aggregation devices,
and traffic from VLAN 40 is terminated by the access device. Therefore, S1 and S2 can be
configured as the roots of MSTI 1 and MSTI 3, and S3 can be configured as the root of MSTI
4.
After MSTP multi-process is enabled, each MSTP process corresponds to a ring connected to
the UPE. STP on each ring calculates a tree independently.
MPLS/IP Core
Core
UPE4 UPE3
Aggregation
MSTP
UPE1 UPE2
STP/RSTP
S1
Access
S4
S2 S3
Configure MSTP protection You can configure one or 14.10 Configuring MSTP
functions. more functions. Protection Functions
Licensing Requirements
MSTP is a basic feature of a switch and is not under license control.
Version Requirements
S2320EI V200R011C10
S5330SI V200R011C10
S6320SI V200R011C10
NOTE
To know details about software mappings, see Hardware Query Tool.
Feature Limitations
l Table 14-8 lists the specification of MSTP.
l MSTP BPDUs may be discarded in a scenario wherein there are many MSTIs and MSTP
multi-process is configured. This is due to the default CIR of STP being insufficient.
(The default CIR of STP is insufficient because the length of MSTP BPDUs increases as
the number of MSTIs increases, and the number of outgoing MSTP BPDUs increases
when MSTP multi-process is configured.) To avoid this situation, increase the CIR of
STP.
If the CPCAR values are adjusted improperly, network services are affected. To adjust
the CPCAR values of STP BPDUs, contact technical support personnel.
l Enabling MSTP on a ring network immediately triggers spanning tree calculation. If
basic configurations are not performed on switches and interfaces before MSTP is
enabled, network flapping may occur upon changes to parameters such as device priority
and interface priority.
Context
MSTP based on the basic STP/RSTP function divides a switching network into multiple
regions, each of which has multiple spanning trees that are independent of each other. MSTP
isolates different VLANs' traffic, and load-balances VLAN traffic. MSTP is configured on
switches to trim a ring network to a loop-free network. Devices start spanning tree calculation
after the working mode is set and MSTP is enabled. To intervene in the spanning tree
calculation, use any of the following methods:
Context
Before configuring basic MSTP functions, set the working mode of a switch to MSTP. MSTP
is compatible with STP and RSTP.
Procedure
Step 1 Run:
system-view
Step 2 Run:
stp mode mstp
The working mode of the switch is set to MSTP. By default, the working mode is MSTP.
MSTP can recognize RSTP BPDUs and, conversely, RSTP can recognize MSTP BPDUs.
However, MSTP and STP cannot recognize each other's BPDUs. To enable devices running
different spanning tree protocols to interwork with each other, interfaces of an MSTP-enabled
switch connected to devices running STP automatically transition to STP mode; other
interfaces continue to work in MSTP mode.
----End
NOTE
Two switches belong to the same MST region when they have the same:
l Name of the MST region
l Mapping between VLANs and MSTIs
l Revision level of the MST region
Perform the following steps on a switch that needs to join an MST region.
Procedure
Step 1 Run:
system-view
NOTE
Changing MST region configurations (especially changes in the VLAN mapping table) triggers
spanning tree recalculation and may cause route flapping. Therefore:
l After configuring an MST region name, VLAN-to-MSTI mappings, and an MSTP revision number,
run the check region-configuration command in the MST region view to verify the configuration.
After confirming the region configurations, run the active region-configuration command to
activate MST region configurations.
l You are advised not to modify MST region parameters after the MST region is activated.
Step 6 Run:
active region-configuration
MST region configurations are activated so that the configured region name, VLAN-to-MSTI
mappings, and revision number can take effect.
The preceding configurations do not take effect until this command is run.
If MST region configurations on the switch change after MSTP starts, the active region-
configuration command must be run before the changes take effect.
Before using the active region-configuration command to activate the modified MST region
parameters, run the check region-configuration command to check whether parameters are
correct. After the active region-configuration command is run, if a message that indicates an
activation failure is displayed, reconfigure MSTP parameters.
----End
Context
MSTP can calculate the root bridge or you can manually configure the root bridge or
secondary root bridge. Manually configuring the root bridge and secondary root bridge is
recommended.
A switch can function as a root bridge or a secondary root bridge in a spanning tree. It can
also function as the root bridge or secondary root bridge of another spanning tree. In a
spanning tree:
l Only one root bridge takes effect. If two or more root bridges are specified in a spanning
tree, the device with the smallest MAC address is used.
l Multiple secondary root bridges can be specified. If the root bridge fails or is powered
off and no new root bridge is specified, the secondary root bridge with smallest MAC
address will become the root bridge of the spanning tree.
Procedure
l Perform the following operations on the device to be used as the root bridge.
a. Run:
system-view
By default, a switch does not function as the root bridge. After the configuration is
complete, the priority value of the device is 0 (this value cannot be modified).
By default, a switch does not function as the secondary root bridge. After the
configuration is complete, the priority value of the device is 4096 (this value cannot
be modified).
----End
Context
In an MSTI, there can be only one root bridge, which is the logical center of the MSTI. The
root bridge should be a high-performance switch; however, the priority of such a device may
not be the highest on the network. To ensure that such a device is selected as the root bridge,
set a low priority for low-performance switches, and set a high priority for high-performance
switches. A smaller priority value indicates a higher priority.
Procedure
Step 1 Run:
system-view
Step 2 Run:
stp [ instance instance-id ] priority priority
NOTE
If the stp [ instance instance-id ] root primary or stp [ instance instance-id ] root secondary
command has been executed to configure the device as the root bridge or secondary root bridge, to
change the device priority, run the undo stp [ instance instance-id ] root command to disable the root
bridge or secondary root bridge function and run the stp [ instance instance-id ] priority priority
command to set a priority.
----End
Context
A path cost is port-specific and is used by MSTP to select a link.
Path costs of ports are an important metric used in spanning tree calculation and determine
root port selection in an MSTI. The port with the lowest path cost to the root bridge is
selected as the root port. Setting different path costs for a port in different MSTIs allows
VLAN traffic to be transmitted along different physical links for load balancing.
If loops occur on a network, it is recommended that you set a large path cost for ports with
low link rates.
Procedure
Step 1 Run:
system-view
Step 2 Run:
stp pathcost-standard { dot1d-1998 | dot1t | legacy }
By default, the IEEE 802.1t standard (dot1t) is used to calculate the path cost.
All switches on a network must use the same path cost calculation method.
Step 3 Run:
interface interface-type interface-number
Step 4 Run:
stp instance instance-id cost cost
l When the Huawei calculation method is used, cost ranges from 1 to 200000.
l When the IEEE 802.1d standard method is used, cost ranges from 1 to 65535.
l When the IEEE 802.1t standard method is used, cost ranges from 1 to 200000000.
----End
Context
During spanning tree calculation, port priorities in MSTIs determine which ports are selected
as designated ports.
To block a port in an MSTI to eliminate loops, set the port priority to a value larger than the
default value. This port will be blocked during designated port selection.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
stp instance instance-id port priority priority
----End
Context
Enabling MSTP on a ring network immediately triggers spanning tree calculation. If basic
configurations are not performed on switches and interfaces before MSTP is enabled, network
flapping may occur upon changes to parameters such as device priority and interface priority.
Procedure
Step 1 Run:
system-view
STP/RSTP-enabled devices calculate spanning trees by exchanging BPDUs. Therefore, all the
interfaces participating in spanning tree calculation must be enabled to send BPDUs to the
CPU for processing. By default, an interface is enabled to send BPDUs to the CPU. You can
run the bpdu enable command in interface view to enable an interface to send BPDUs to the
CPU. The S5320EI, S5320HI, and S6320EI do not support the bpdu command.
Step 2 Run:
stp enable
NOTE
If the management network interface for an MSTP-enabled device is a VLANIF interface of a VLAN,
run the ethernet-loop-protection ignored-vlan command to specify this VLAN as an ignored VLAN.
During MSTP calculation, the interface on which the ignored VLAN is configured remains in
forwarding state. Therefore, services are not interrupted.
After MSTP is enabled on a port, edge port detection is started automatically. If the port fails to receive
BPDU packets within (2 x Hello Timer + 1) seconds, the port is set to an edge port. Otherwise, the port
is set to a non-edge port.
NOTE
For the S2350EI and S5300LI, a maximum of 64 STP-enabled ports in Up state are recommended. If there
are more than 64 STP-enabled ports in Up state, the CPU may be affected and faults such as protocol flapping
may occur.
For the S2320EI, S5320LI, S5330SI, S6320SI, and S5320SI, a maximum of 128 STP-enabled ports in Up
state are recommended. If there are more than 128 STP-enabled ports in Up state, the CPU may be affected
and faults such as protocol flapping may occur.
For the S5320EI, a maximum of 200 STP-enabled ports in Up state are recommended. If there are more than
200 STP-enabled ports in Up state, the CPU may be affected and faults such as protocol flapping may occur.
For the S5320HI and S6320EI, a maximum of 256 STP-enabled ports in Up state are recommended. If there
are more than 256 STP-enabled ports in Up state, the CPU may be affected and faults such as protocol
flapping may occur.
----End
Follow-up Procedure
If the topology of a spanning tree changes, the forwarding paths to associated VLANs are
changed. On the switch, therefore, the ARP entries corresponding to these VLANs need to be
updated. MSTP processes ARP entries in either fast or normal mode.
l In fast mode, ARP entries to be updated are directly deleted.
l In normal mode, ARP entries to be updated are rapidly aged.
The remaining lifetime of ARP entries to be updated is set to 0. The switch rapidly
processes these aged entries. If the number of ARP aging probe attempts is not set to 0,
ARP implements aging probe for these ARP entries.
To specify which mode is used for STP/RSTP convergence, run the stp converge { fast |
normal } command in the system view.
By default, the normal MSTP convergence mode is used.
NOTE
If fast mode is used, ARP entries are frequently deleted. This causes high CPU usage on the device
(reaching 100%) and results in frequent network flapping. Therefore, using normal mode is
recommended.
Pre-configuration Tasks
MSTP ensures that spanning trees in rings are calculated independently. After MSTP multi-
process is enabled, each MSTP process can manage certain ports on a device. Each Layer 2
interface can be managed by multiple MSTP processes.
Before configuring MSTP multi-process, complete and activate the MST region
configuration.
processes, with only relevant ports in each process taking part in MSTP calculation. To create
an MSTP process, perform the following procedure on the devices connected to access rings.
Procedure
Step 1 Run:
system-view
NOTE
l A default MSTP process with the ID 0 is established when a device starts. MSTP configurations in
the system view and interface view belong to this process. The default working mode of this process
is MSTP.
l To add an interface to an MSTP process whose ID is not 0, run the stp process command followed
by the stp binding process command.
----End
Procedure
l Adding a port on an access link to an MSTP process
a. Run:
system-view
NOTE
On the S5320EI, S5320HI, and S6320EI, if an interface joining the MSTP process has sub-
interfaces configured with other features such as VPLS, run the stp vpls-subinterface
enable command. The main interface can then notify its sub-interfaces to update MAC
address entries and ARP entries after receiving a TC-BPDU. This prevents service
interruption. In addition, root protection needs to be configured on the main interface.
l Adding a port on a shared link to an MSTP process
a. Run:
system-view
The view of the Ethernet interface that participates in spanning tree calculation is
displayed.
The interface specified in this command must be an interface on the shared link
between the devices configured with MSTP multi-process. It cannot be an interface
that connects an access ring and device.
c. Run:
stp binding process process-id1 [ to process-id2 ] link-share
NOTE
In an MSTP process where there are multiple shared links, run the stp enable command in
the MSTP multi-instance view. On an interface that is added to an MSTP process, run the
stp enable command in the interface view.
----End
Context
MSTP can calculate the root bridge or you can manually configure the root bridge or
secondary root bridge. Manually configuring the root bridge and secondary root bridge is
recommended.
A switch can function as a root bridge or a secondary root bridge in a spanning tree. It can
also function as the root bridge or secondary root bridge of another spanning tree. In a
spanning tree:
l Only one root bridge takes effect. If two or more root bridges are specified in a spanning
tree, the device with the smallest MAC address is used.
l Multiple secondary root bridges can be specified. If the root bridge fails or is powered
off and no new root bridge is specified, the secondary root bridge with smallest MAC
address will become the root bridge of the spanning tree.
Procedure
l Perform the following operations on the device to be used as the root bridge.
a. Run:
system-view
Procedure
Step 1 Run:
system-view
NOTE
l To configure a switch as the primary root bridge, run the stp [ instance instance-id ] root primary
command directly. The priority value of this switch is 0.
l To configure a switch as the secondary root bridge, run the stp [ instance instance-id ] root
secondary command. The priority value of this switch is 4096.
In an MSTI, a switch cannot act as the primary root bridge and secondary root bridge at the same
time.
l If the stp [ instance instance-id ] root primary or stp [ instance instance-id ] root secondary
command has been executed to configure the device as the root bridge or secondary root bridge, to
change the device priority, run the undo stp [ instance instance-id ] root command to disable the
root bridge or secondary root bridge function and run the stp [ instance instance-id ] priority
priority command to set a priority.
----End
Procedure
Step 1 Run:
system-view
By default, the IEEE 802.1t standard (dot1t) is used to calculate the path cost.
All switches on a network must use the same path cost calculation method.
Step 3 Run:
interface interface-type interface-number
----End
Context
During spanning tree calculation, port priorities in MSTIs determine which ports are selected
as designated ports.
To block a port in an MSTI to eliminate loops, set the port priority to a value larger than the
default value. This port will be blocked during designated port selection.
Procedure
Step 1 Run:
system-view
----End
Procedure
Step 1 Run:
system-view
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
stp process process-id
Step 3 Run:
stp enable
NOTE
For the S2350EI and S5300LI, a maximum of 64 STP-enabled ports in Up state are recommended. If there
are more than 64 STP-enabled ports in Up state, the CPU may be affected and faults such as protocol flapping
may occur.
For the S2320EI, S5320LI, S5330SI, S6320SI, and S5320SI, a maximum of 128 STP-enabled ports in Up
state are recommended. If there are more than 128 STP-enabled ports in Up state, the CPU may be affected
and faults such as protocol flapping may occur.
For the S5320EI, a maximum of 200 STP-enabled ports in Up state are recommended. If there are more than
200 STP-enabled ports in Up state, the CPU may be affected and faults such as protocol flapping may occur.
For the S5320HI and S6320EI, a maximum of 256 STP-enabled ports in Up state are recommended. If there
are more than 256 STP-enabled ports in Up state, the CPU may be affected and faults such as protocol
flapping may occur.
----End
Follow-up Procedure
If the topology of a spanning tree changes, the forwarding paths to associated VLANs are
changed. On the switch, therefore, the ARP entries corresponding to these VLANs need to be
updated. MSTP processes ARP entries in either fast or normal mode.
To specify which mode is used for STP/RSTP convergence, run the stp converge { fast |
normal } command in the system view.
NOTICE
If fast mode is used, ARP entries are frequently deleted. This causes high CPU usage on the
device (reaching 100%) and results in frequent network flapping. Therefore, using normal
mode is recommended.
Pre-configuration Tasks
Before configuring MSTP parameters that affect route convergence, configure MSTP or
MSTP multi-process.
Procedure
Step 1 Run:
system-view
NOTE
Step 3 Run:
stp bridge-diameter diameter
NOTE
RSTP uses a single spanning tree instance on the entire network, meaning that performance deterioration
cannot be prevented when the network scale increases. Therefore, the network diameter cannot be larger than
7.
----End
Procedure
Step 1 Run:
system-view
NOTE
Step 3 Run:
stp timer-factor factor
The timeout interval is set, specifying how long the upstream device waits for BPDUs.
By default, the timeout interval is 9 times the Hello timer value.
----End
the entire network. As a result, the original blocked port may be unblocked before a new
port is blocked. When this occurs, a loop exists on the network. You can set the Forward
Delay timer to prevent loops. When the topology changes, all ports will be temporarily
blocked during the Forward Delay.
l Hello Time: specifies the interval at which hello packets are sent. A switching device
sends configuration BPDUs at the specified interval to detect link failures. If the
switching device does not receive any BPDUs within an interval of Hello Time, the
switching device recalculates the spanning tree.
l Max Age: determines whether BPDUs expire. A switching device determines that a
received configuration BPDU times out when the Max Age expires.
Devices on a ring network must use the same values of Forward Delay, Hello Time, and Max
Age.
You are not advised to directly change the preceding three timers. The three parameters are
relevant to the network scale; therefore, it is recommended that you set the network diameter
so that the spanning tree protocol automatically adjusts these timers. When the default
network diameter is used, the three timers also retain their default values.
NOTICE
To prevent frequent network flapping, make sure that the Hello Time, Forward Delay, and
Max Age timer values conform to the following formulas:
l 2 x (Forward Delay - 1.0 second) ≥ Max Age
l Max Age ≥ 2 x (Hello Time + 1.0 second)
Procedure
Step 1 Run:
system-view
NOTE
----End
SwitchA SwitchB
Eth-Trunk1
After
configuration Eth-Trunk2
Root Bridge
Alternate port
Root port
Designated port
The maximum number of connections affects only the path cost of an Eth-Trunk interface
participating in spanning tree calculation, and does not affect the actual bandwidth of the Eth-
Trunk link. The actual bandwidth for an Eth-Trunk link depends on the number of active
member interfaces in the Eth-Trunk.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface eth-trunk trunk-id
Step 3 Run:
max bandwidth-affected-linknumber link-number
----End
Context
It is easy to implement rapid convergence on a P2P link. If the two ports connected to a P2P
link are root or designated ports, the ports can transit to the forwarding state quickly by
sending Proposal and Agreement packets. This reduces the forwarding delay.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
stp point-to-point { auto | force-false | force-true }
By default, an interface automatically determines whether to connect to a P2P link. The P2P
link supports rapid network convergence.
l If the Ethernet port works in full-duplex mode, it is connected to a P2P link. In this case,
specify force-true to implement rapid network convergence.
l If the Ethernet port works in half-duplex mode, specify force-true to forcibly set the link
type to P2P.
----End
Procedure
Step 1 Run:
system-view
----End
Procedure
l Switch to the MSTP mode in the interface view.
a. Run:
system-view
The view of the Ethernet interface that participates in spanning tree calculation is
displayed.
c. Run:
stp mcheck
NOTE
NOTICE
After all ports are configured as edge ports and BPDU filter ports in the system view, the
ports do not send BPDUs or negotiate the STP status with directly connected ports on the peer
device. All ports are in the Forwarding state, which may cause loops on the network and lead
to broadcast storms. Exercise caution when you configure a port as an edge port and BPDU
filter port.
After a port is configured as an edge port and BPDU filter port in the interface view, the port
does not process or send BPDUs. The port cannot negotiate the STP status with the directly
connected port on the peer device. Exercise caution when you configure a port as an edge port
and BPDU filter port.
Procedure
l Configuring all ports as edge ports and BPDU filter ports in the system view
a. Run:
system-view
The view of the Ethernet interface that participates in spanning tree calculation is
displayed.
c. (Optional) Run:
stp edged-port enable
Procedure
Step 1 Run:
system-view
NOTE
Step 3 Run:
stp max-hops hop
By default, the maximum number of hops of the spanning tree in an MST region is 20.
----End
Procedure
l Run the display stp [ process process-id ] [ instance instance-id ] [ interface interface-
type interface-number | slot slot-id ] [ brief ] command to view spanning-tree status and
statistics.
----End
Pre-configuration Tasks
Before configuring MSTP protection functions, configure MSTP or MSTP multi-process.
Context
Edge ports are directly connected to user terminals and will not receive BPDUs. Attackers
may send pseudo BPDUs to attack the switch. If the edge ports receive the BPDUs, the switch
configures the edge ports as non-edge ports and triggers a new spanning tree calculation.
Network flapping then occurs. BPDU protection can be used to protect switches against
malicious attacks.
Perform the following procedure on all switches that have edge ports.
Procedure
Step 1 Run:
system-view
NOTE
Step 3 Run:
stp bpdu-protection
----End
Follow-up Procedure
If you want an edge port to automatically recover from the error-down state, run the error-
down auto-recovery cause bpdu-protection interval interval-value command in the system
view to configure the auto recovery function and set a recovery delay on the port. Then a port
in error-down state can automatically go Up after the delay expires. Note the following when
setting the recovery delay:
l By default, the auto recovery function is disabled; therefore, the recovery delay
parameter does not have a default value. When you enable the auto recovery function,
you must set a recovery delay.
l A smaller value of interval-value indicates a shorter time taken for an edge port to go
Up, and a higher frequency of Up/Down state transitions on the port.
l A larger value of interval-value indicates a longer time taken for the edge port to go Up,
and a longer service interruption time.
l The auto recovery function takes effect only for the interfaces that transition to the error-
down state after the error-down auto-recovery command is executed.
Procedure
Step 1 Run:
system-view
NOTE
Step 3 Run:
stp tc-protection interval interval-value
The time taken by the device to process the maximum number of TC BPDUs is set.
By default, the device processes the maximum number of TC BPDUs at an interval of the
Hello time.
Step 4 Run:
stp tc-protection threshold threshold
The number of times the MSTP process handles the received TC BPDUs and updates
forwarding entries within a given time is set.
NOTE
Within the time specified by stp tc-protection interval, the switch processes the number of TC BPDUs
specified by stp tc-protection threshold. Packets that exceed this threshold are delayed, so spanning
tree convergence may be affected. For example, if the period is set to 10s and the threshold is set to 5,
the device processes five TC BPDUs within 10s. After 10s, the device processes subsequent TC BPDUs.
----End
Context
Due to incorrect configurations or malicious attacks on the network, a root bridge may receive
BPDUs with a higher priority. Consequently, the legitimate root bridge is no longer able to
serve as the root bridge and the network topology is changed, triggering spanning tree
recalculation. This may also result in traffic that should be transmitted over high-speed links
being transmitted over low-speed links, leading to network congestion. The root protection
function on a switch preserves the role of the designated port in order to protect the root
bridge.
NOTE
Procedure
Step 1 Run:
system-view
NOTE
Step 4 Run:
stp root-protection
----End
NOTE
An alternate port is a backup port for a root port. If a switch has an alternate port, configure loop
protection on both the root port and the alternate port.
Perform the following steps on the root port and alternate port on a switch in an MST region.
Procedure
Step 1 Run:
system-view
NOTE
Step 4 Run:
stp loop-protection
----End
Procedure
Step 1 Run:
system-view
NOTE
Step 3 Run:
stp link-share-protection
----End
Procedure
l Run the display stp [ process process-id ] [ instance instance-id ] [ interface interface-
type interface-number | slot slot-id ] [ brief ] command to view spanning-tree status and
statistics.
----End
Context
The rapid transition mechanism is also called the Proposal/Agreement mechanism. All
switches support the following modes:
l Enhanced mode: The current interface includes the root port calculation when it
computes the synchronization flag bit.
– An upstream device sends a Proposal message to a downstream device, requesting
rapid status transition. After receiving the message, the downstream device sets the
port connected to the upstream device as a root port and blocks all non-edge ports.
– The upstream device then sends an Agreement message to the downstream device.
After the downstream device receives the message, the root port transitions to the
Forwarding state.
– The downstream device responds to the Proposal message with an Agreement
message. After receiving the message, the upstream device sets the port connected
to the downstream device as a designated port, and the designated port transitions to
the Forwarding state.
l Common mode: The current interface ignores the root port when it computes the
synchronization flag bit.
– An upstream device sends a Proposal message to a downstream device, requesting
rapid status transition. After receiving the message, the downstream device sets the
port connected to the upstream device as a root port and blocks all non-edge ports.
The root port then transitions to the Forwarding state.
– The downstream device responds to the Proposal message with an Agreement
message. After receiving the message, the upstream device sets the port connected
to the downstream device as a designated port. The designated port then transitions
to the Forwarding state.
When Huawei devices are connected to non-Huawei devices, select the same mode as that
used on non-Huawei devices.
Procedure
Step 1 Run:
system-view
----End
Context
MSTP protocol packets have two formats: dot1s (IEEE 802.1s standard packets) and legacy
(proprietary protocol packets).
You can specify the packet format or use the auto mode. In auto mode, the switch switches the
MSTP protocol packet format based on the received MSTP protocol packet format so that the
switch can communicate with the peer device.
Procedure
Step 1 Run:
system-view
NOTE
The negotiation will fail if the format of MSTP packets is set to dot1s at one end and legacy at the other
end.
----End
Procedure
Step 1 Run:
system-view
----End
NOTICE
MSTP statistics cannot be restored after being cleared.
Procedure
l Run the reset stp [ interface interface-type interface-number ] statistics command to
clear spanning-tree statistics.
l Run the reset stp error packet statistics to clear the statistics of error STP packets.
----End
As shown in Figure 14-18, SwitchA, SwitchB, SwitchC, and SwitchD run MSTP. To load
balance traffic from VLANs 2 to 10 and VLANs 11 to 20, use MSTP multi-instance. You can
configure a VLAN mapping table to associate VLANs with MSTIs.
Network
RG1
SwitchA Eth-Trunk1 SwitchB
GE0/0/1 Eth-Trunk1
GE0/0/1
GE0/0/3 GE0/0/3
GE0/0/2
SwitchC SwitchD
GE0/0/2
GE0/0/1 GE0/0/1
MSTI 1:
Root Switch:SwitchA
Blocked port
MSTI 2:
Root Switch:SwitchB
Blocked port
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic MSTP functions on the switch on the ring network. Because ports
connected to the PCs do not participate in MSTP calculation, configure these ports as
edge ports.
2. Configure protection functions to protect devices or links. You can configure root
protection on the designated port of the root bridge.
NOTE
When the link between the root bridge and secondary root bridge goes Down, the port enabled with root
protection becomes Discarding because root protection takes effect.
To improve the reliability, you are advised to bind the link between the root bridge and secondary root
bridge to an Eth-Trunk.
3. Configure Layer 2 forwarding.
Procedure
Step 1 Configure basic MSTP functions.
1. Configure SwitchA, SwitchB, SwitchC, and SwitchD in the same MST region named
RG1 and create MSTI 1 and MSTI 2.
NOTE
Two switches belong to the same MST region when they have the same:
– Name of the MST region
– Mapping between VLANs and MSTIs
– Revision level of the MST region
# Configure an MST region on SwitchA.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] stp region-configuration
[SwitchA-mst-region] region-name RG1
[SwitchA-mst-region] instance 1 vlan 2 to 10
[SwitchA-mst-region] instance 2 vlan 11 to 20
[SwitchA-mst-region] active region-configuration
[SwitchA-mst-region] quit
2. In the MST region RG1, configure the root bridge and secondary root bridge in MSTI 1
and MSTI 2.
– Configure the root bridge and secondary root bridge in MSTI 1.
# Configure SwitchA as the root bridge in MSTI 1.
[SwitchA] stp instance 1 root primary
3. Set the path costs of the ports to be blocked in MSTI 1 and MSTI 2 to be greater than the
default value.
NOTE
– The path cost values depend on path cost calculation methods. This example uses the Huawei
calculation method as an example to set the path cost to 20000 for the ports to be blocked.
– All switches on a network must use the same path cost calculation method.
# Configure SwitchA to use Huawei calculation method to calculate the path cost.
[SwitchA] stp pathcost-standard legacy
# Configure SwitchB to use Huawei calculation method to calculate the path cost.
[SwitchB] stp pathcost-standard legacy
# Configure SwitchC to use Huawei calculation method to calculate the path cost, and
set the path cost of GE0/0/2 in MSTI 2 to 20000.
[SwitchC] stp pathcost-standard legacy
[SwitchC] interface gigabitethernet 0/0/2
[SwitchC-GigabitEthernet0/0/2] stp instance 2 cost 20000
[SwitchC-GigabitEthernet0/0/2] quit
# Configure SwitchD to use Huawei calculation method to calculate the path cost, and
set the path cost of GE0/0/2 in MSTI 1 to 20000.
[SwitchD] stp pathcost-standard legacy
[SwitchD] interface gigabitethernet 0/0/2
[SwitchD-GigabitEthernet0/0/2] stp instance 1 cost 20000
[SwitchD-GigabitEthernet0/0/2] quit
NOTE
If edge ports are connected to network devices that have STP enabled and BPDU protection
is enabled, the edge ports will be shut down and their attributes remain unchanged after they
receive BPDUs.
Step 2 Configure root protection on the designated port of the root bridge.
# Enable root protection on GE0/0/1 of SwitchA.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] stp root-protection
[SwitchA-GigabitEthernet0/0/1] quit
NOTE
MSTI 1 and MSTI 2 are used as examples. You do not need to check the interface status in MSTI 0.
# Run the display stp brief command on SwitchA to view the status and protection mode on
the ports. Output similar to the following is displayed:
[SwitchA] display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 DESI FORWARDING ROOT
0 Eth-Trunk1 DESI FORWARDING NONE
1 GigabitEthernet0/0/1 DESI FORWARDING ROOT
In MSTI 1, GE0/0/1 and Eth-Trunk1 are designated ports because SwitchA is the root bridge.
In MSTI 2, GE0/0/1 on SwitchA is the designated port and Eth-Trunk1 is the root port.
# Run the display stp brief command on SwitchB. Output similar to the following is
displayed:
[SwitchB] display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 DESI FORWARDING ROOT
0 Eth-Trunk1 ROOT FORWARDING NONE
1 GigabitEthernet0/0/1 DESI FORWARDING ROOT
1 Eth-Trunk1 ROOT FORWARDING NONE
2 GigabitEthernet0/0/1 DESI FORWARDING ROOT
2 Eth-Trunk1 DESI FORWARDING NONE
In MSTI 2, GE0/0/1 and Eth-Trunk1 are designated ports because SwitchB is the root bridge.
In MSTI 1, GE0/0/1 on SwitchB is the designated port and Eth-Trunk1 is the root port.
# Run the display stp interface brief commands on SwitchC. Output similar to the following
is displayed:
[SwitchC] display stp interface gigabitethernet 0/0/3 brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/3 ROOT FORWARDING NONE
1 GigabitEthernet0/0/3 ROOT FORWARDING NONE
2 GigabitEthernet0/0/3 ROOT FORWARDING NONE
[SwitchC] display stp interface gigabitethernet 0/0/2 brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/2 DESI FORWARDING NONE
1 GigabitEthernet0/0/2 DESI FORWARDING NONE
2 GigabitEthernet0/0/2 ALTE DISCARDING NONE
GE0/0/3 on SwitchC is the root port in MSTI 1 and MSTI 2. GE0/0/2 on SwitchC is the
designated port in MSTI 1 but is blocked in MSTI 2.
# Run the display stp interface brief commands on SwitchD. Output similar to the following
is displayed:
[SwitchD] display stp interface gigabitethernet 0/0/3 brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/3 ROOT FORWARDING NONE
1 GigabitEthernet0/0/3 ROOT FORWARDING NONE
2 GigabitEthernet0/0/3 ROOT FORWARDING NONE
[SwitchD] display stp interface gigabitethernet 0/0/2 brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/2 ALTE DISCARDING NONE
1 GigabitEthernet0/0/2 ALTE DISCARDING NONE
2 GigabitEthernet0/0/2 DESI FORWARDING NONE
GE0/0/3 on SwitchD is the root port in MSTI 1 and MSTI 2. GE0/0/2 on SwitchD is the
blocked port in MSTI 1 and is the designated port in MSTI 2.
----End
Configuration Files
l SwitchA configuration file
#
sysname SwitchA
#
vlan batch 2 to 20
#
stp enable
#
stp region-configuration
region-name RG1
instance 1 vlan 2 to 10
instance 2 vlan 11 to 20
active region-configuration
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 2
stp edged-port enable
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 20
stp instance 2 cost 20000
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 20
#
return
l SwitchD configuration file
#
sysname SwitchD
#
vlan batch 2 to 20
#
stp bpdu-protection
stp pathcost-standard legacy
stp enable
#
stp region-configuration
region-name RG1
instance 1 vlan 2 to 10
instance 2 vlan 11 to 20
active region-configuration
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 11
stp edged-port enable
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 20
stp instance 1 cost 20000
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 20
#
return
Only the S5320SI, S5320EI, S5320HI, S5330SI, S6320SI, and S6320EI and support this example.
In Figure 14-19, hosts connect to Switch C, and Switch C connects to the Internet through
Switch A and Switch B. To improve access reliability, the user configures redundant links.
The redundant links cause a network loop, which leads to broadcast storms and MAC address
damaging.
It is required that the network loop be prevented when redundant links are deployed, traffic be
switched to another link when one link fails, and network bandwidth be effectively used.
MSTP can be configured on the network to prevent loops. MSTP blocks redundant links and
prunes a network into a tree topology free from loops. In addition, VRRP needs to be
configured on Switch A and Switch B. Host A connects to the Internet by using Switch A as
the default gateway and Switch B as the secondary gateway. Host B connects to the Internet
by using Switch B as the default gateway and Switch A as the secondary gateway. This allows
traffic to be load balanced and communication reliability improved.
GE0/0/2
0/0 1
/2 0 /0/
GE
SwitchC MSTP
GE0/0/2 Internet
GE
3
0/0/SwitchC 0/0/4
G E
HostB GE RouterB
0/0 /0/3
VLAN3 /1 GE0
10.1.3.101/24 SwitchB
VRID 1:Backup
VRRP VRID 2 VRID 2:Master
Virtual IP Address:
10.1.3.100
MSTI1: MSTI2:
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic MSTP on the switches, including:
a. Configure MST and create multi-instance, map VLAN 2 to MSTI 1, and map
VLAN 3 to MSTI 2 to load balance traffic.
b. Configure the root bridge and backup bridge in the MST region.
c. Configure the path cost on an interface so that the interface can be blocked.
d. Enable MSTP to prevent loops:
n Enable MSTP globally.
n Enable MSTP on all interfaces except the interfaces connecting to hosts.
NOTE
Because the interfaces connecting to hosts do not participate in MSTP calculation, configure
these ports as edge ports.
2. Enable the protection function to protect devices or links. For example, enable the
protection function on the root bridge of each instance to protect roots.
3. Configure Layer 2 forwarding.
4. Assign an IP address to each interface and configure the routing protocol on each device
to ensure network connectivity.
NOTE
SwitchA and SwitchB must support VRRP and OSPF. For details about models supporting VRRP
and OSPF, see relevant documentation.
5. Create VRRP group 1 and VRRP group 2 on Switch A and Switch B. Configure Switch
A as the master device and Switch B as the backup device of VRRP group 1. Configure
Switch B as the master device and Switch A as the backup device of VRRP group 2.
Procedure
Step 1 Configure basic MSTP functions.
1. Add Switch A, Switch B, and Switch C to region RG1, and create instances MSTI 1 and
MSTI 2.
# Configure an MST region on Switch A.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] stp region-configuration
[SwitchA-mst-region] region-name RG1
[SwitchA-mst-region] instance 1 vlan 2
2. Configure the root bridges and backup bridges for MSTI 1 and MSTI 2 in RG1.
– Configure the root bridge and backup bridge for MSTI 1.
# Set Switch A as the root bridge of MSTI 1.
[SwitchA] stp instance 1 root primary
3. Set the path costs of the interfaces that you want to block on MSTI 1 and MSTI 2 to be
greater than the default value.
NOTE
– The path cost range is determined by the calculation method. The Huawei calculation method
is used as an example. Set the path costs of the interfaces to 20000.
– The switches on the same network must use the same calculation method to calculate path
costs.
# Set the path cost calculation method on Switch A to Huawei calculation method.
[SwitchA] stp pathcost-standard legacy
# Set the path cost calculation method on Switch B to Huawei calculation method.
[SwitchB] stp pathcost-standard legacy
# Set the path cost calculation method on Switch C to Huawei calculation method. Set
the path cost of GE0/0/1 in MSTI 2 to 20000; set the path cost of GE0/0/4 in MSTI 1 to
20000.
[SwitchC] stp pathcost-standard legacy
[SwitchC] interface gigabitethernet 0/0/1
[SwitchC-GigabitEthernet0/0/1] stp instance 2 cost 20000
[SwitchC-GigabitEthernet0/0/1] quit
[SwitchC] interface gigabitethernet 0/0/4
[SwitchC-GigabitEthernet0/0/4] stp instance 1 cost 20000
[SwitchC-GigabitEthernet0/0/4] quit
NOTE
If edge ports are connected to network devices that have STP enabled and BPDU protection
is enabled, the edge ports will be shut down and their attributes remain unchanged after they
receive BPDUs.
Step 2 Enable the protection function on the designated interfaces of each root bridge.
# Enable root protection on GE0/0/1 of Switch A.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] stp root-protection
[SwitchA-GigabitEthernet0/0/1] quit
NOTE
MSTI 1 and MSTI 2 are used as examples. You do not need to check the interface status in MSTI 0.
# Run the display stp brief command on Switch A to view the status and protection mode on
ports. Output similar to the following is displayed:
In MSTI 1, GE0/0/2 and GE0/0/1 of Switch A are set as designated interfaces because Switch
A is the root bridge of MSTI 1. In MSTI 2, GE0/0/1 of Switch A is set as the designated
interface and GE0/0/2 is set as the root interface.
# Run the display stp brief command on Switch B. Output similar to the following is
displayed:
[SwitchB] display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 DESI FORWARDING ROOT
0 GigabitEthernet0/0/2 ROOT FORWARDING NONE
1 GigabitEthernet0/0/1 DESI FORWARDING ROOT
1 GigabitEthernet0/0/2 ROOT FORWARDING NONE
2 GigabitEthernet0/0/1 DESI FORWARDING ROOT
2 GigabitEthernet0/0/2 DESI FORWARDING NONE
In MSTI 2, GE0/0/1 and GE0/0/2 of Switch B are set as designated interfaces because Switch
B is the root bridge of MSTI 2. In MSTI 1, GE0/0/1 of Switch B is set as the designated
interface and GE0/0/2 is set as the root interface.
# Run the display stp interface brief command on Switch C. Output similar to the following
is displayed:
[SwitchC] display stp interface gigabitethernet 0/0/1 brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 ROOT FORWARDING NONE
1 GigabitEthernet0/0/1 ROOT FORWARDING NONE
2 GigabitEthernet0/0/1 ALTE DISCARDING NONE
[SwitchC] display stp interface gigabitethernet 0/0/4 brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/4 ALTE DISCARDING NONE
1 GigabitEthernet0/0/4 ALTE DISCARDING NONE
2 GigabitEthernet0/0/4 ROOT FORWARDING NONE
GE0/0/1 of Switch C is the root interface of MSTI 1, and is blocked in MSTI 2. GE0/0/4 of
Switch C is the root interface of MSTI 2, and is blocked in MSTI 1.
# Assign an IP address to each interface, for example, the interfaces on SwitchA. The
configuration on SwitchB is similar to the configuration on SwitchA. For details, see the
configuration files.
[SwitchA] vlan batch 4
[SwitchA] interface gigabitethernet 0/0/3
[SwitchA-GigabitEthernet0/0/3] port link-type trunk
[SwitchA-GigabitEthernet0/0/3] port trunk allow-pass vlan 4
[SwitchA-GigabitEthernet0/0/3] quit
[SwitchA] interface vlanif 2
[SwitchA-Vlanif2] ip address 10.1.2.102 24
[SwitchA-Vlanif2] quit
[SwitchA] interface vlanif 3
[SwitchA-Vlanif3] ip address 10.1.3.102 24
[SwitchA-Vlanif3] quit
[SwitchA] interface vlanif 4
[SwitchA-Vlanif4] ip address 10.1.4.102 24
[SwitchA-Vlanif4] quit
# Run OSPF on SwitchA, SwitchB, and routers. The configuration on SwitchA is used as an
example. The configuration on SwitchB is similar to the configuration on SwitchA. For
details, see the configuration files.
[SwitchA] ospf 1
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] network 10.1.4.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
# Create VRRP group 2 on SwitchA and SwitchB. Set SwitchB as the master device, priority
to 120, and preemption delay to 20 seconds. Set SwitchA as the backup device and retain the
default priority.
[SwitchB] interface vlanif 3
[SwitchB-Vlanif3] vrrp vrid 2 virtual-ip 10.1.3.100
[SwitchB-Vlanif3] vrrp vrid 2 priority 120
[SwitchB-Vlanif3] vrrp vrid 2 preempt-mode timer delay 20
[SwitchB-Vlanif3] quit
[SwitchA] interface vlanif 3
[SwitchA-Vlanif3] vrrp vrid 2 virtual-ip 10.1.3.100
[SwitchA-Vlanif3] quit
# Set the virtual IP address 10.1.2.100 of VRRP group 1 as the default gateway of Host A,
and the virtual IP address 10.1.3.100 of VRRP group 2 as the default gateway of Host B.
Step 7 Verify the configuration.
# After completing the preceding configurations, run the display vrrp command on SwitchA.
SwitchA's VRRP status is master in VRRP group 1 and backup in VRRP group 2.
[SwitchA] display vrrp
Vlanif2 | Virtual Router 1
State : Master
Virtual IP : 10.1.2.100
Master IP : 10.1.2.102
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 20 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Create time : 2012-05-11 11:39:18
Last change time : 2012-05-26 11:38:58
# Run the display vrrp command on SwitchB. SwitchB's VRRP status is backup in VRRP
group 1 and master in VRRP group 2.
[SwitchB] display vrrp
Vlanif2 | Virtual Router 1
State : Backup
Virtual IP : 10.1.2.100
Master IP : 10.1.2.102
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES Delay Time : 0 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Create time : 2012-05-11 11:39:18
Last change time : 2012-05-26 11:38:58
----End
Configuration Files
l SwitchA configuration file
#
sysname SwitchA
#
vlan batch 2 to 4
#
stp bpdu-protection
stp instance 1 root primary
stp instance 2 root secondary
stp pathcost-standard legacy
stp enable
#
stp region-configuration
region-name RG1
instance 1 vlan 2
instance 2 vlan 3
active region-configuration
#
interface Vlanif2
ip address 10.1.2.102 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.2.100
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode timer delay 20
#
interface Vlanif3
ip address 10.1.3.102 255.255.255.0
vrrp vrid 2 virtual-ip 10.1.3.100
#
interface Vlanif4
ip address 10.1.4.102 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 3
stp root-protection
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 3
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 4
stp edged-port enable
#
ospf 1
area 0.0.0.0
network 10.1.2.0 0.0.0.255
network 10.1.3.0 0.0.0.255
network 10.1.4.0 0.0.0.255
#
return
l SwitchB configuration file
#
sysname SwitchB
#
vlan batch 2 to 3 5
#
stp instance 1 root secondary
stp instance 2 root primary
stp bpdu-protection
stp pathcost-standard legacy
stp enable
#
stp region-configuration
region-name RG1
instance 1 vlan 2
instance 2 vlan 3
active region-configuration
#
interface Vlanif2
ip address 10.1.2.103 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.2.100
#
interface Vlanif3
Networking Requirements
NOTE
This configuration can be supported only on the S5320EI, S5320HI, and S6320EI.
In Figure 14-20, each CE is dual-homed to PEs. The PEs establish a VPLS full mesh. The
CEs and PEs run MSTP. Generally, traffic is forwarded through the primary link. If the
primary link fails, traffic is switched to the secondary link.
Figure 14-20 Network diagram for connecting CEs to the VPLS in dual-homing mode
1.1.1.1/32 2.2.2.2/32
PE1 PE2
GE0/0/1 GE0/0/1
GE0/0/2 GE0/0/2
GE0/0/1 GE0/0/3 GE0/0/3 GE0/0/1
GE0/0/2 VPLS GE0/0/2
CE1 GE0/0/3 GE0/0/2 CE2
PC1 GE0/0/4 GE0/0/2 GE0/0/3 GE0/0/4 PC2
10.1.1.1/24 GE0/0/1 GE0/0/1 10.1.1.2/24
PE4 PE3
4.4.4.4/32 3.3.3.3/32
Loopback1 - 1.1.1.1/32
Loopback1 - 2.2.2.2/32
Loopback1 - 3.3.3.3/32
Loopback1 - 4.4.4.4/32
CE1 GigabitEthernet0/0/ - -
1
GigabitEthernet0/0/ - -
4
GigabitEthernet0/0/ - -
2
CE2 GigabitEthernet0/0/ - -
1
GigabitEthernet0/0/ - -
4
GigabitEthernet0/0/ - -
2
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the routing protocol on the backbone network to implement interworking.
2. Set up a remote LDP session between the PEs.
3. Establish a VPLS full mesh between PEs.
4. Configure MSTP. Configure PE1 and PE2 as the primary roots, and configure PE3 and
PE4 as the secondary roots.
Procedure
Step 1 Specify the VLANs that device interfaces belong to and set the IP addresses of the
corresponding VLANIF interfaces according to Figure 14-20.
NOTE
l The AC-side and PW-side physical interfaces of a PE cannot be added to the same VLAN;
otherwise, a loop may occur.
l Packets sent from CEs to PEs must contain VLAN tags.
# Configure CE1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan batch 100
[CE1] interface gigabitethernet 0/0/1
[CE1-GigabitEthernet0/0/1] port link-type trunk
[CE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[CE1-GigabitEthernet0/0/1] quit
[CE1] interface gigabitethernet 0/0/4
[CE1-GigabitEthernet0/0/4] port link-type trunk
[CE1-GigabitEthernet0/0/4] port trunk allow-pass vlan 100
[CE1-GigabitEthernet0/0/4] quit
[CE1] interface gigabitethernet 0/0/2
[CE1-GigabitEthernet0/0/2] port link-type access
[CE1-GigabitEthernet0/0/2] port default vlan 100
[CE1-GigabitEthernet0/0/2] quit
# Configure CE2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] vlan batch 100
[CE2] interface gigabitethernet 0/0/1
[CE2-GigabitEthernet0/0/1] port link-type trunk
[CE2-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[CE2-GigabitEthernet0/0/1] quit
[CE2] interface gigabitethernet 0/0/4
[CE2-GigabitEthernet0/0/4] port link-type trunk
[CE2-GigabitEthernet0/0/4] port trunk allow-pass vlan 100
[CE2-GigabitEthernet0/0/4] quit
[CE2] interface gigabitethernet 0/0/2
[CE2-GigabitEthernet0/0/2] port link-type access
[CE2-GigabitEthernet0/0/2] port default vlan 100
[CE2-GigabitEthernet0/0/2] quit
# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] vlan batch 10 40
[PE1] interface gigabitethernet 0/0/2
[PE1-GigabitEthernet0/0/2] port link-type trunk
[PE1-GigabitEthernet0/0/2] port trunk allow-pass vlan 10
[PE1-GigabitEthernet0/0/2] quit
[PE1] interface gigabitethernet 0/0/3
[PE1-GigabitEthernet0/0/3] port link-type trunk
[PE1-GigabitEthernet0/0/3] port trunk allow-pass vlan 40
[PE1-GigabitEthernet0/0/3] quit
[PE1] interface vlanif 10
[PE1-Vlanif10] ip address 172.16.1.1 24
[PE1-Vlanif10] quit
[PE1] interface vlanif 40
[PE1-Vlanif40] ip address 172.19.1.2 24
[PE1-Vlanif40] quit
# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] vlan batch 10 20
# Configure PE3.
<HUAWEI> system-view
[HUAWEI] sysname PE3
[PE3] vlan batch 20 30
[PE3] interface gigabitethernet 0/0/2
[PE3-GigabitEthernet0/0/2] port link-type trunk
[PE3-GigabitEthernet0/0/2] port trunk allow-pass vlan 20
[PE3-GigabitEthernet0/0/2] quit
[PE3] interface gigabitethernet 0/0/3
[PE3-GigabitEthernet0/0/3] port link-type trunk
[PE3-GigabitEthernet0/0/3] port trunk allow-pass vlan 30
[PE3-GigabitEthernet0/0/3] quit
[PE3] interface vlanif 20
[PE3-Vlanif20] ip address 172.17.1.2 24
[PE3-Vlanif20] quit
[PE3] interface vlanif 30
[PE3-Vlanif30] ip address 172.18.1.1 24
[PE3-Vlanif30] quit
# Configure PE4.
<HUAWEI> system-view
[HUAWEI] sysname PE4
[PE4] vlan batch 30 40
[PE4] interface gigabitethernet 0/0/2
[PE4-GigabitEthernet0/0/2] port link-type trunk
[PE4-GigabitEthernet0/0/2] port trunk allow-pass vlan 30
[PE4-GigabitEthernet0/0/2] quit
[PE4] interface gigabitethernet 0/0/3
[PE4-GigabitEthernet0/0/3] port link-type trunk
[PE4-GigabitEthernet0/0/3] port trunk allow-pass vlan 40
[PE4-GigabitEthernet0/0/3] quit
[PE4] interface vlanif 30
[PE4-Vlanif30] ip address 172.18.1.2 24
[PE4-Vlanif30] quit
[PE4] interface vlanif 40
[PE4-Vlanif40] ip address 172.19.1.1 24
[PE4-Vlanif40] quit
When configuring OSPF, advertise 32-bit loopback interface addresses (LSR IDs) of PE1,
PE2, PE3, and PE4.
# Configure PE1.
[PE1] router id 1.1.1.1
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.1 32
[PE1-LoopBack1] quit
[PE1] ospf 1
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 172.16.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] network 172.19.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure PE2.
[PE2] router id 2.2.2.2
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 2.2.2.2 32
[PE2-LoopBack1] quit
[PE2] ospf 1
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 172.16.1.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] network 172.17.1.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
# Configure PE3.
[PE3] router id 3.3.3.3
[PE3] interface loopback 1
[PE3-LoopBack1] ip address 3.3.3.3 32
[PE3-LoopBack1] quit
[PE3] ospf 1
[PE3-ospf-1] area 0
[PE3-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[PE3-ospf-1-area-0.0.0.0] network 172.17.1.0 0.0.0.255
[PE3-ospf-1-area-0.0.0.0] network 172.18.1.0 0.0.0.255
[PE3-ospf-1-area-0.0.0.0] quit
[PE3-ospf-1] quit
# Configure PE4.
[PE4] router id 4.4.4.4
[PE4] interface loopback 1
[PE4-LoopBack1] ip address 4.4.4.4 32
[PE4-LoopBack1] quit
[PE4] ospf 1
[PE4-ospf-1] area 0
[PE4-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0
[PE4-ospf-1-area-0.0.0.0] network 172.18.1.0 0.0.0.255
[PE4-ospf-1-area-0.0.0.0] network 172.19.1.0 0.0.0.255
[PE4-ospf-1-area-0.0.0.0] quit
[PE4-ospf-1] quit
# Wait for 40s and run the display ip routing-table command on PE1, PE2, and PE3. Output
similar to the following is displayed (PE1 is used as an example). The output indicates that
the PEs have learned the routes to one another.
[PE1] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 12 Routes : 13
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlanif 10
[PE1-Vlanif10] mpls
[PE1-Vlanif10] mpls ldp
[PE1-Vlanif10] quit
[PE1] interface vlanif 40
[PE1-Vlanif40] mpls
[PE1-Vlanif40] mpls ldp
[PE1-Vlanif40] quit
# Configure PE2.
[PE2] mpls lsr-id 2.2.2.2
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface vlanif 10
[PE2-Vlanif10] mpls
[PE2-Vlanif10] mpls ldp
[PE2-Vlanif10] quit
[PE2] interface vlanif 20
[PE2-Vlanif20] mpls
[PE2-Vlanif20] mpls ldp
[PE2-Vlanif20] quit
# Configure PE3.
[PE3] mpls lsr-id 3.3.3.3
[PE3] mpls
[PE3-mpls] quit
[PE3] mpls ldp
[PE3-mpls-ldp] quit
[PE3] interface vlanif 20
[PE3-Vlanif20] mpls
[PE3-Vlanif20] mpls ldp
[PE3-Vlanif20] quit
[PE3] interface vlanif 30
[PE3-Vlanif30] mpls
[PE3-Vlanif30] mpls ldp
[PE3-Vlanif30] quit
# Configure PE4.
[PE4] mpls lsr-id 4.4.4.4
[PE4] mpls
[PE4-mpls] quit
[PE4] mpls ldp
[PE4-mpls-ldp] quit
[PE4] interface vlanif 30
[PE4-Vlanif30] mpls
[PE4-Vlanif30] mpls ldp
[PE4-Vlanif30] quit
[PE4] interface vlanif 40
[PE4-Vlanif40] mpls
[PE4-Vlanif40] mpls ldp
[PE4-Vlanif40] quit
# Configure PE2.
# Configure PE3.
[PE3] mpls ldp remote-peer 1.1.1.1
[PE3-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1
[PE3-mpls-ldp-remote-1.1.1.1] quit
# Configure PE4.
[PE4] mpls ldp remote-peer 2.2.2.2
[PE4-mpls-ldp-remote-2.2.2.2] remote-ip 2.2.2.2
[PE4-mpls-ldp-remote-2.2.2.2] quit
After the configuration is complete, run the display mpls ldp session command on the PEs.
The command output shows that the status of the remote LDP peer relationship is
Operational, indicating that remote LDP sessions have been set up. The output on PE1 is used
as an example:
[PE1] display mpls ldp session
# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
# Configure PE3.
[PE3] mpls l2vpn
[PE3-l2vpn] quit
# Configure PE4.
[PE4] mpls l2vpn
[PE4-l2vpn] quit
# Configure PE1.
[PE1] vsi a2 static
[PE1-vsi-a2] pwsignal ldp
[PE1-vsi-a2-ldp] vsi-id 2
[PE1-vsi-a2-ldp] peer 2.2.2.2
[PE1-vsi-a2-ldp] peer 3.3.3.3
[PE1-vsi-a2-ldp] peer 4.4.4.4
[PE1-vsi-a2-ldp] quit
[PE1-vsi-a2] quit
# Configure PE2.
[PE2] vsi a2 static
[PE2-vsi-a2] pwsignal ldp
[PE2-vsi-a2-ldp] vsi-id 2
[PE2-vsi-a2-ldp] peer 1.1.1.1
[PE2-vsi-a2-ldp] peer 3.3.3.3
[PE2-vsi-a2-ldp] peer 4.4.4.4
[PE2-vsi-a2-ldp] quit
[PE2-vsi-a2] quit
# Configure PE1.
[PE1] interface gigabitethernet 0/0/1.1
[PE1-GigabitEthernet0/0/1.1] dot1q termination vid 100
[PE1-GigabitEthernet0/0/1.1] l2 binding vsi a2
[PE1-GigabitEthernet0/0/1.1] quit
# Configure PE2.
[PE2] interface gigabitethernet 0/0/1.1
[PE2-GigabitEthernet0/0/1.1] dot1q termination vid 100
[PE2-GigabitEthernet0/0/1.1] l2 binding vsi a2
[PE2-GigabitEthernet0/0/1.1] quit
# Configure PE3.
[PE3] interface gigabitethernet 0/0/1.1
[PE3-GigabitEthernet0/0/1.1] dot1q termination vid 100
[PE3-GigabitEthernet0/0/1.1] l2 binding vsi a2
[PE3-GigabitEthernet0/0/1.1] quit
# Configure PE4.
[PE4] interface gigabitethernet 0/0/1.1
[PE4-GigabitEthernet0/0/1.1] dot1q termination vid 100
[PE4-GigabitEthernet0/0/1.1] l2 binding vsi a2
[PE4-GigabitEthernet0/0/1.1] quit
# Configure PE4.
[PE4] stp region-configuration
[PE4-mst-region] region-name RG1
[PE4-mst-region] active region-configuration
[PE4-mst-region] quit
# Configure CE1.
[CE1] stp region-configuration
[CE1-mst-region] region-name RG1
[CE1-mst-region] active region-configuration
[CE1-mst-region] quit
# Configure PE2.
[PE2] stp region-configuration
[PE2-mst-region] region-name RG1
# Configure PE3.
[PE3] stp region-configuration
[PE3-mst-region] region-name RG1
[PE3-mst-region] active region-configuration
[PE3-mst-region] quit
# Configure CE2.
[CE2] stp region-configuration
[CE2-mst-region] region-name RG1
[CE2-mst-region] active region-configuration
[CE2-mst-region] quit
2. Configure the priorities of the PEs to make PE1 and PE2 the primary roots and PE3 and
PE4 the secondary roots.
# Configure PE1.
[PE1] stp instance 0 priority 0
# Configure PE2.
[PE2] stp instance 0 priority 0
# Configure PE3.
[PE3] stp instance 0 priority 4096
# Configure PE4.
[PE4] stp instance 0 priority 4096
3. Enable association between MSTP and VPLS on the CEs and PEs, and configure root
protection on the secondary roots.
# Configure CE1.
[CE1] stp enable
[CE1] interface gigabitethernet 0/0/4
[CE1-GigabitEthernet0/0/4] stp enable
[CE1-GigabitEthernet0/0/4] quit
[CE1] interface gigabitethernet 0/0/1
[CE1-GigabitEthernet0/0/1] stp enable
[CE1-GigabitEthernet0/0/1] quit
[CE1] interface gigabitethernet 0/0/2
[CE1-GigabitEthernet0/0/2] stp edged-port enable
[CE1-GigabitEthernet0/0/2] stp bpdu-filter enable
[CE1-GigabitEthernet0/0/2] quit
# Configure CE2.
[CE2] stp enable
[CE2] interface gigabitethernet 0/0/4
[CE2-GigabitEthernet0/0/4] stp enable
[CE2-GigabitEthernet0/0/4] quit
[CE2] interface gigabitethernet 0/0/1
[CE2-GigabitEthernet0/0/1] stp enable
[CE2-GigabitEthernet0/0/1] quit
[CE2] interface gigabitethernet 0/0/2
[CE2-GigabitEthernet0/0/2] stp edged-port enable
[CE2-GigabitEthernet0/0/2] stp bpdu-filter enable
[CE2-GigabitEthernet0/0/2] quit
# Configure PE1.
[PE1] stp enable
[PE1] interface gigabitethernet 0/0/1
[PE1-GigabitEthernet0/0/1] stp vpls-subinterface enable
[PE1-GigabitEthernet0/0/1] stp enable
[PE1-GigabitEthernet0/0/1] quit
[PE1] interface gigabitethernet 0/0/2
[PE1-GigabitEthernet0/0/2] stp disable
[PE1-GigabitEthernet0/0/2] quit
[PE1] interface gigabitethernet 0/0/3
# Configure PE2.
[PE2] stp enable
[PE2] interface gigabitethernet 0/0/1
[PE2-GigabitEthernet0/0/1] stp vpls-subinterface enable
[PE2-GigabitEthernet0/0/1] stp enable
[PE2-GigabitEthernet0/0/1] quit
[PE2] interface gigabitethernet 0/0/2
[PE2-GigabitEthernet0/0/2] stp disable
[PE2-GigabitEthernet0/0/2] quit
[PE2] interface gigabitethernet 0/0/3
[PE2-GigabitEthernet0/0/3] stp disable
[PE2-GigabitEthernet0/0/3] quit
# Configure PE3.
[PE3] stp enable
[PE3] interface gigabitethernet 0/0/1
[PE3-GigabitEthernet0/0/1] stp vpls-subinterface enable
[PE3-GigabitEthernet0/0/1] stp root-protection
[PE3-GigabitEthernet0/0/1] stp enable
[PE3-GigabitEthernet0/0/1] quit
[PE3] interface gigabitethernet 0/0/2
[PE3-GigabitEthernet0/0/2] stp disable
[PE3-GigabitEthernet0/0/2] quit
[PE3] interface gigabitethernet 0/0/3
[PE3-GigabitEthernet0/0/3] stp disable
[PE3-GigabitEthernet0/0/3] quit
# Configure PE4.
[PE4] stp enable
[PE4] interface gigabitethernet 0/0/1
[PE4-GigabitEthernet0/0/1] stp vpls-subinterface enable
[PE4-GigabitEthernet0/0/1] stp root-protection
[PE4-GigabitEthernet0/0/1] stp enable
[PE4-GigabitEthernet0/0/1] quit
[PE4] interface gigabitethernet 0/0/2
[PE4-GigabitEthernet0/0/2] stp disable
[PE4-GigabitEthernet0/0/2] quit
[PE4] interface gigabitethernet 0/0/3
[PE4-GigabitEthernet0/0/3] stp disable
[PE4-GigabitEthernet0/0/3] quit
***VSI Name : a2
Administrator VSI : no
Isolate Spoken : disable
VSI Index : 0
PW Signaling : ldp
Member Discovery Style : static
PW MAC Learn Style : unqualify
Encapsulation Type : vlan
MTU : 1500
Diffserv Mode : uniform
Mpls Exp : --
DomainId : 255
Domain Name :
Ignore AcState : disable
P2P VSI : disable
Create Time : 0 days, 20 hours, 29 minutes, 54 seconds
VSI State : up
VSI ID : 2
*Peer Router ID : 2.2.2.2
Negotiation-vc-id : 2
primary or secondary : primary
ignore-standby-state : no
VC Label : 4099
Peer Type : dynamic
Session : up
Tunnel ID : 0xd
Broadcast Tunnel ID : 0xd
Broad BackupTunnel ID : 0x0
CKey : 2
NKey : 1
Stp Enable : 0
PwIndex : 0
Control Word : disable
*Peer Router ID : 3.3.3.3
Negotiation-vc-id : 2
primary or secondary : primary
ignore-standby-state : no
VC Label : 4100
Peer Type : dynamic
Session : up
Tunnel ID : 0xf
Broadcast Tunnel ID : 0xf
Broad BackupTunnel ID : 0x0
CKey : 4
NKey : 3
Stp Enable : 0
PwIndex : 0
Control Word : disable
*Peer Router ID : 4.4.4.4
Negotiation-vc-id : 2
primary or secondary : primary
ignore-standby-state : no
VC Label : 4101
Peer Type : dynamic
Session : up
Tunnel ID : 0xb
Broadcast Tunnel ID : 0xb
Broad BackupTunnel ID : 0x0
CKey : 6
NKey : 5
Stp Enable : 0
PwIndex : 0
Control Word : disable
**PW Information:
----End
Configuration Files
l CE1 configuration file
#
sysname CE1
#
vlan batch 100
#
stp enable
#
stp region-
configuration
region-name
RG1
active region-
configuration
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100
#
interface GigabitEthernet0/0/2
port link-type
access
port default vlan 100
stp bpdu-filter
enable
configuration
region-name
RG1
active region-
configuration
#
mpls lsr-id 1.1.1.1
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 2.2.2.2
peer 3.3.3.3
peer 4.4.4.4
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.3
remote-ip 3.3.3.3
#
interface Vlanif10
ip address 172.16.1.1 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip address 172.19.1.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
stp vpls-subinterface enable
#
interface GigabitEthernet0/0/1.1
dot1q termination vid 100
l2 binding vsi a2
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
stp disable
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 40
stp disable
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 172.16.1.0 0.0.0.255
network 172.19.1.0 0.0.0.255
#
return
l PE2 configuration file
#
sysname PE2
#
router id 2.2.2.2
#
vlan batch 10 20
#
stp instance 0 priority 0
stp enable
#
stp region-
configuration
region-name
RG1
active region-
configuration
#
mpls lsr-id 2.2.2.2
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 1.1.1.1
peer 3.3.3.3
peer 4.4.4.4
#
mpls ldp
#
mpls ldp remote-peer 4.4.4.4
remote-ip 4.4.4.4
#
interface Vlanif10
ip address 172.16.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif20
ip address 172.17.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
stp vpls-subinterface enable
#
interface GigabitEthernet0/0/1.1
dot1q termination vid 100
l2 binding vsi a2
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
stp disable
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 20
stp disable
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 172.16.1.0 0.0.0.255
network 172.17.1.0 0.0.0.255
#
return
l PE3 configuration file
#
sysname PE3
#
router id 3.3.3.3
#
vlan batch 20 30
#
stp instance 0 priority 4096
stp enable
#
stp region-
configuration
region-name
RG1
active region-
configuration
#
mpls lsr-id 3.3.3.3
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 1.1.1.1
peer 2.2.2.2
peer 4.4.4.4
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.1
remote-ip 1.1.1.1
#
interface Vlanif20
ip address 172.17.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 172.18.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
stp root-protection
stp vpls-subinterface enable
#
interface GigabitEthernet0/0/1.1
dot1q termination vid 100
l2 binding vsi a2
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 20
stp disable
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 30
stp disable
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 172.17.1.0 0.0.0.255
network 172.18.1.0 0.0.0.255
#
return
#
sysname PE4
#
router id 4.4.4.4
#
vlan batch 30 40
#
stp instance 0 priority 4096
stp enable
#
stp region-
configuration
region-name
RG1
active region-
configuration
#
mpls lsr-id 4.4.4.4
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 1.1.1.1
peer 2.2.2.2
peer 3.3.3.3
#
mpls ldp
#
mpls ldp remote-peer 2.2.2.2
remote-ip 2.2.2.2
#
interface Vlanif30
ip address 172.18.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip address 172.19.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
stp root-protection
stp vpls-subinterface enable
#
interface GigabitEthernet0/0/1.1
dot1q termination vid 100
l2 binding vsi a2
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 30
stp disable
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 40
stp disable
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
#
ospf 1
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 172.18.1.0 0.0.0.255
NOTE
In the ring where MSTP multi-process is configured, you are advised not to block the interface directly
connected to the root protection-enabled designated port.
Figure 14-21 MSTP multi-process for Layer 2 single-access rings and multi-access rings
Network
SwitchC
GE0/0/5 GE0/0/5
Region name:RG1
PE2
PE1 SwitchB
SwitchA
CE CE
GE0/0/4 GE0/0/1 GE0/0/4
GE0/0/1
GE0/0/3 GE0/0/3
GE0/0/2 GE0/0/2
CE
CE
Instance1:VLAN2~100 Instance3:VLAN201~300
Process 1
Process 3
CE CE
Instance2:VLAN101~200
Process 2
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic MSTP functions, add a device to an MST region, and create MSTIs.
NOTE
Procedure
Step 1 Configure basic MSTP functions, add devices to an MST region, and create MSTIs.
1. Configure MST regions and create MSTIs.
# Configure an MST region and create MSTIs on SwitchA.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] stp region-configuration
[SwitchA-mst-region] region-name RG1
[SwitchA-mst-region] instance 1 vlan 2 to 100
[SwitchA-mst-region] instance 2 vlan 101 to 200
[SwitchA-mst-region] instance 3 vlan 201 to 300
[SwitchA-mst-region] active region-configuration
[SwitchA-mst-region] quit
2. Enable MSTP.
# Configure SwitchA.
[SwitchA] stp enable
# Configure SwitchB.
[SwitchB] stp enable
[SwitchB-mst-process-2] quit
[SwitchB] stp process 3
[SwitchB-mst-process-3] quit
# Add GE 0/0/3 and GE 0/0/4 on SwitchA to MSTP process 1 and GE 0/0/2 to MSTP
process 2.
[SwitchA] interface gigabitethernet 0/0/4
[SwitchA-GigabitEthernet0/0/4] stp enable
[SwitchA-GigabitEthernet0/0/4] bpdu enable
[SwitchA-GigabitEthernet0/0/4] stp binding process 1
[SwitchA-GigabitEthernet0/0/4] quit
[SwitchA] interface gigabitethernet 0/0/3
[SwitchA-GigabitEthernet0/0/3] stp enable
[SwitchA-GigabitEthernet0/0/3] bpdu enable
[SwitchA-GigabitEthernet0/0/3] stp binding process 1
[SwitchA-GigabitEthernet0/0/3] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] stp enable
[SwitchA-GigabitEthernet0/0/2] bpdu enable
[SwitchA-GigabitEthernet0/0/2] stp binding process 2
[SwitchA-GigabitEthernet0/0/2] quit
# Add GE 0/0/3 and GE 0/0/4 on SwitchB to MSTP process 3 and GE 0/0/2 to MSTP
process 2.
[SwitchB] interface gigabitethernet 0/0/4
[SwitchB-GigabitEthernet0/0/4] stp enable
[SwitchB-GigabitEthernet0/0/4] bpdu enable
[SwitchB-GigabitEthernet0/0/4] stp binding process 3
[SwitchB-GigabitEthernet0/0/4] quit
[SwitchB] interface gigabitethernet 0/0/3
[SwitchB-GigabitEthernet0/0/3] stp enable
[SwitchB-GigabitEthernet0/0/3] bpdu enable
[SwitchB-GigabitEthernet0/0/3] stp binding process 3
[SwitchB-GigabitEthernet0/0/3] quit
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] stp enable
[SwitchB-GigabitEthernet0/0/2] bpdu enable
[SwitchB-GigabitEthernet0/0/2] stp binding process 2
[SwitchB-GigabitEthernet0/0/2] quit
# Configure SwitchB.
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] stp enable
[SwitchB-GigabitEthernet0/0/1] bpdu enable
[SwitchB-GigabitEthernet0/0/1] stp binding process 2 link-share
[SwitchB-GigabitEthernet0/0/1] quit
# Configure SwitchB.
[SwitchB] stp process 3
[SwitchB-mst-process-3] stp enable
[SwitchB-mst-process-3] quit
[SwitchB] stp process 2
[SwitchB-mst-process-2] stp enable
[SwitchB-mst-process-2] quit
# Configure SwitchB.
[SwitchB] stp process 3
[SwitchB-mst-process-3] stp instance 0 root primary
[SwitchB-mst-process-3] stp instance 3 root primary
[SwitchB-mst-process-3] quit
[SwitchB] stp process 2
[SwitchB-mst-process-2] stp instance 0 root secondary
[SwitchB-mst-process-2] stp instance 2 root secondary
[SwitchB-mst-process-2] quit
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] stp root-protection
[SwitchB-GigabitEthernet0/0/2] quit
NOTE
– In each ring, the priority of the MSTP process on the downstream CE must be lower than the
priority of the MSTP process on the switch.
– For switches A and B on the dual-access ring, you are recommended to configure them as the
primary root bridges of different MSTIs.
l Configure shared link protection.
# Configure SwitchA.
[SwitchA] stp process 2
[SwitchA-mst-process-2] stp link-share-protection
[SwitchA-mst-process-2] quit
# Configure SwitchB.
[SwitchB] stp process 2
[SwitchB-mst-process-2] stp link-share-protection
[SwitchB-mst-process-2] quit
# Create VLANs 101 to 300 on SwitchB. Add GE 0/0/3 and GE 0/0/4 to VLANs 201 to 300,
and add GE 0/0/1 and GE 0/0/2 to VLANs 101 to 200.
[SwitchB] vlan batch 101 to 300
[SwitchB] interface gigabitethernet 0/0/3
[SwitchB-GigabitEthernet0/0/3] port link-type trunk
[SwitchB-GigabitEthernet0/0/3] port trunk allow-pass vlan 201 to 300
[SwitchB-GigabitEthernet0/0/3] quit
[SwitchB] interface gigabitethernet 0/0/4
[SwitchB-GigabitEthernet0/0/4] port link-type trunk
[SwitchB-GigabitEthernet0/0/4] port trunk allow-pass vlan 201 to 300
[SwitchB-GigabitEthernet0/0/4] quit
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port link-type trunk
[SwitchB-GigabitEthernet0/0/1] port trunk allow-pass vlan 101 to 200
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] port link-type trunk
[SwitchB-GigabitEthernet0/0/2] port trunk allow-pass vlan 101 to 200
[SwitchB-GigabitEthernet0/0/2] quit
----End
Configuration Files
Only the MSTP-related configuration files are provided.
l SwitchA configuration file
#
sysname
SwitchA
#
vlan batch 2 to
300
#
stp enable
#
stp region-
configuration
region-name
RG1
instance 1 vlan 2 to
100
instance 2 vlan 101 to
200
instance 3 vlan 201 to
300
active region-
configuration
#
stp process
1
stp instance 0 root
primary
stp instance 1 root
primary
stp
enable
stp process
2
stp instance 0 root
primary
stp instance 2 root
primary
stp link-share-
protection
stp
enable
#
interface
GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 101 to
200
stp binding process 2 link-share
#
interface
GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 101 to
200
stp binding process
2
stp root-
protection
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to
100
stp binding process
1
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 to
100
stp binding process 1
#
return
l SwitchB configuration file
#
sysname
SwitchB
#
vlan batch 2 to
300
#
stp enable
#
stp region-
configuration
region-name
RG1
instance 1 vlan 2 to
100
instance 2 vlan 101 to
200
instance 3 vlan 201 to
300
active region-
configuration
#
stp process
2
stp instance 0 root
secondary
stp instance 2 root
secondary
stp link-share-
protection
stp
enable
stp process
3
stp instance 0 root
primary
stp instance 3 root
primary
stp
enable
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 101 to
200
stp binding process 2 link-
share
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 101 to
200
stp binding process
2
stp root-
protection
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 201 to
300
stp binding process
3
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 201 to
300
stp binding process
3
#
return
14.14.2 How to Prevent Low Convergence for STP Edge Ports that
Connect Terminals?
Terminal devices cannot participate in the STP calculation or respond to STP packets, causing
low convergence. You can prevent low convergence for STP edge switch ports for connecting
user terminals or servers as follows:
l On a port, run the stp edge-port enable command to configure the port as an STP edge
port, and run the stp bpdu-filter enable command to enable the BPDU packet filtering
function and prevent the port from sending BPDU packets.
l Run the stp disable command on the port to disable the STP protocol and make the port
remain in forwarding state.
To ensure availability and security, you are advised to configure the port as an STP edge port.
This is because when a loop occurs on a terminal device connected to an edge port, the port
automatically switches to a non-edge port and enables the loop breaking function of STP.
l On a port, run the stp edge-port enable command to configure the port as an STP edge
port, and run the stp bpdu-filter enable command to enable the BPDU packet filtering
function and prevent the port from sending BPDU packets.
l Run the stp disable command on the port to disable the STP protocol and make the port
remain in forwarding state.
To ensure availability and security, you are advised to configure the port as an STP edge port.
This is because when a loop occurs on a terminal device connected to an edge port, the port
automatically switches to a non-edge port and enables the loop breaking function of STP.
To solve this problem, configure interfaces connected to terminals as edge ports or disable
STP on the interfaces.
To ensure availability and security, you are advised to configure the port as an STP edge port.
This is because when a loop occurs on a terminal device connected to an edge port, the port
automatically switches to a non-edge port and enables the loop breaking function of STP.
Document Description