Performing mcheck in interface view, Configuring digest snooping, Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual
Page 122
97
Performing mCheck in interface view
Step Command
1.
Enter system view.
system-view
2.
Enter Ethernet interface view or Layer 2 aggregate
interface view.
interface interface-type interface-number
3.
Perform mCheck.
stp mcheck
NOTE:
An mCheck operation takes effect on a device that operates in MSTP or RSTP mode.
Configuring Digest Snooping
As defined in IEEE 802.1s, interconnected devices are in the same region only when their MST
region-related configurations (region name, revision level, and VLAN-to-instance mappings) are
identical. A spanning tree device identifies devices in the same MST region by checking the configuration
ID in BPDU packets. The configuration ID includes the region name, revision level, and configuration
digest that is in 16-byte length and is the result calculated via the HMAC-MD5 algorithm based on
VLAN-to-instance mappings.
Spanning tree implementations vary with vendors, and the configuration digests calculated using private
keys is different, so devices of different vendors in the same MST region cannot communicate with each
other.
To enable communication between an H3C device and a third-party device, enable the Digest Snooping
feature on the port connecting the H3C device to the third-party device in the same MST region.
NOTE:
Before enabling Digest Snooping, make sure that associated devices of different vendors are connected
and run spanning tree protocols.
Configuration procedure
You can enable Digest Snooping only on the H3C device that is connected to a third-party device that
uses its private key to calculate the configuration digest.
To configure Digest Snooping:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter Ethernet interface view or
Layer 2 aggregate interface view.
interface interface-type
interface-number
N/A
3.
Enable Digest Snooping on the
interface.
stp config-digest-snooping
Disabled by default.
4.
Return to system view.
quit
N/A
5.
Enable global Digest Snooping.
stp config-digest-snooping
Disabled by default.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS H3C SecBlade LB Cards H3C SecPath L1000-A Load Balancer