Configuring digest snooping, Configuration restrictions and guidelines, Configuration procedure – H3C Technologies H3C S12500-X Series Switches User Manual

89

Configuring Digest Snooping

As defined in IEEE 802.1s, connected devices are in the same region only when their MST region-related
configurations (region name, revision level, and VLAN-to-instance mappings) are identical. A spanning

tree device identifies devices in the same MST region by determining the configuration ID in BPDU

packets. The configuration ID includes the region name, revision level, and configuration digest, which is

16-byte long and is the result calculated through the HMAC-MD5 algorithm based on VLAN-to-instance
mappings.
Because spanning tree implementations vary by vendor, the configuration digests calculated through

private keys are different. The devices of different vendors in the same MST region cannot communicate

with each other.
To enable communication between an H3C device and a third-party device, enable the Digest Snooping

feature on the port that connects the H3C device to the third-party device in the same MST region.

Configuration restrictions and guidelines

When you configure Digest Snooping, follow these guidelines:

•

Before you enable Digest Snooping, make sure associated devices of different vendors are
connected and run spanning tree protocols.

•

With digest snooping enabled, in-the-same-region verification does not require comparison of
configuration digest, so the VLAN-to-instance mappings must be the same on associated ports.

•

With digest snooping enabled globally, modify the VLAN-to-instance mappings or execute the
undo stp region-configuration command to restore the default MST region configuration with

caution. If the local device has different VLAN-to-instance mappings than its neighboring devices,
loops or traffic interruption occurs.

•

To make Digest Snooping take effect, you must enable Digest Snooping both globally and on
associated ports. H3C recommends that you enable Digest Snooping on all associated ports first

and then enable it globally. This will make the configuration take effect on all configured ports and

reduce impact on the network.

•

To prevent loops, do not enable Digest Snooping on MST region edge ports.

•

H3C recommends that you enable Digest Snooping first and then the spanning tree feature. To
avoid traffic interruption, do not configure Digest Snooping when the network is already working
well.

Configuration procedure

You can enable Digest Snooping only on the H3C device that is connected to a third-party device that
uses its private key to calculate the configuration digest.
To configure Digest Snooping:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter Layer 2 Ethernet or

aggregate interface view.

interface interface-type
interface-number

N/A