Login
- Table of Contents
-
- H3C S12500R Ethernet Switch Router Series Config Examples-Release 36xx-6W100
- 01-Login Management Configuration Examples
- 02-RBAC Configuration Examples
- 03-Software Upgrade Examples
- 04-Ethernet Link Aggregation Configuration Examples
- 05-Port Isolation Configuration Examples
- 06-Spanning Tree Configuration Examples
- 07-VLAN Configuration Examples
- 08-VLAN Tagging Configuration Examples
- 09-DHCP Snooping Configuration Examples
- 10-Cross-Subnet Dynamic IP Address Allocation Configuration Examples
- 11-IPv6 over IPv4 Tunneling with OSPFv3 Configuration Examples
- 12-GRE Tunnel Configuration Examples
- 13-GRE with OSPF Configuration Examples
- 14-OSPF Configuration Examples
- 15-IS-IS Configuration Examples
- 16-BGP Configuration Examples
- 17-Policy-Based Routing Configuration Examples
- 18-OSPFv3 Configuration Examples
- 19-IPv6 IS-IS Configuration Examples
- 20-Routing Policy Configuration Examples
- 21-IGMP Snooping Configuration Examples
- 22-IGMP Configuration Examples
- 23-MLD Snooping Configuration Examples
- 24-Basic MPLS Configuration Examples
- 25-MPLS L3VPN Configuration Examples
- 26-ACL Configuration Examples
- 27-Control Plane-Based QoS Policy Configuration Examples
- 28-Traffic Policing Configuration Examples
- 29-GTS and Rate Limiting Configuration Examples
- 30-Priority Mapping and Queue Scheduling Configuration Examples
- 31-Traffic Filtering Configuration Examples
- 32-AAA Configuration Examples
- 33-SSH Configuration Examples
- 34-IP Source Guard Configuration Examples
- 35-Ethernet OAM Configuration Examples
- 36-CFD Configuration Examples
- 37-DLDP Configuration Examples
- 38-VRRP Configuration Examples
- 39-BFD Configuration Examples
- 40-NTP Configuration Examples
- 41-SNMP Configuration Examples
- 42-NQA Configuration Examples
- 43-Mirroring Configuration Examples
- 44-sFlow Configuration Examples
- 45-OpenFlow Configuration Examples
- 46-MAC Address Table Configuration Examples
- 47-Static Multicast MAC Address Entry Configuration Examples
- 48-IP Unnumbered Configuration Examples
- 49-Congestion Avoidance and Queue Scheduling Configuration Examples
- 50-Attack Protection Configuration Examples
- 51-Smart Link Configuration Examples
- 52-RRPP Configuration Examples
- 53-BGP Route Selection Configuration Examples
- 54-IS-IS Route Summarization Configuration Examples
- 55-MPLS OAM Configuration Examples
- 56-MPLS TE Configuration Examples
- 57-VXLAN Configuration Examples
- 58-NetStream Configuration Examples
- 59-EVPN-DCI over an MPLS L3VPN Network Configuration Examples
- 60-PTP Configuration Examples
- 61-S-MLAG Configuration Examples
- 62-MPLS SR Configuration Examples
- 63-Puppet Configuration Examples
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 06-Spanning Tree Configuration Examples | 227.41 KB |
|
|
|
H3C S12500R Switch Router Series |
|
Spanning Tree Configuration Examples |
|
|
Copyright © 2021 New H3C Technologies Co., Ltd. All rights reserved.
No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd.
Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.
The information in this document is subject to change without notice.
Contents
Introduction
This document provides spanning tree configuration examples.
Prerequisites
The configuration examples in this document were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.
This document assumes that you have basic knowledge of spanning tree protocols.
Example: Configuring MSTP
Network configuration
As shown in Figure 1, Device A and Device B operate at the core layer, and Device C and Device D operate at the distribution layer. The ports on the devices have the same path cost, and they all permit VLANs 11 through 30.
Configure MSTP to meet the following requirements:
· Device A, Device B, Device C, and Device D belong to the same MST region.
· MSTIs are used to share the traffic of VLANs 11 through 20 and of VLANs 21 through 30.
Analysis
To assign the devices to the same MST region, make sure the following MST region parameters are the same on the devices:
· Spanning tree mode (the default mode MSTP is used).
· Region name (test in this example).
· Revision level (the default value 0 is used).
· VLAN-to-instance mappings (VLANs 11 through 20 to MIST 1, and VLANs 21 through 30 to MIST 2).
To use redundant links to share the traffic of different VLANs (as shown in Figure 2), perform the following tasks:
· Configure Device A as the root bridge of MSTI 1.
· Configure Device B as the root bridge of MIST 2.
· Assign priorities to Device A, Device B, Device C, and Device D in MSTI 0 in descending order for Device A to be the regional root bridge.
Figure 2 MSTIs mapped to different VLANs
Software versions used
This configuration example was created and verified on Release 3606.
Restrictions and guidelines
By default, interfaces on the device are disabled (in ADM or Administratively Down state). To have an interface operate, you must use the undo shutdown command to enable that interface.
Procedures
Configuring Device A
# Set the link mode of all interfaces to bridge.
<DeviceA> system-view
[DeviceA] interface range hundredgige 1/0/1 to hundredgige 1/0/3
[DeviceA-if-range] port link-mode bridge
[DeviceA-if-range] quit
# Create VLANs 11 through 30.
[DeviceA] vlan 11 to 30
# Configure HundredGigE 1/0/1, HundredGigE 1/0/2, and HundredGigE 1/0/3 to trunk VLANs 11 through 30.
[DeviceA] interface range hundredgige 1/0/1 to hundredgige 1/0/3
[DeviceA-if-range] port link-type trunk
[DeviceA-if-range] port trunk permit vlan 11 to 30
[DeviceA-if-range] quit
# Configure the MST region name as test.
[DeviceA] stp region-configuration
[DeviceA-mst-region] region-name test
# Map VLANs 11 through 20 to MSTI 1, and map VLANs 21 through 30 to MSTI 2.
[DeviceA-mst-region] instance 1 vlan 11 to 20
[DeviceA-mst-region] instance 2 vlan 21 to 30
# Activate the MST region configuration.
[DeviceA-mst-region] active region-configuration
[DeviceA-mst-region] quit
# Configure Device A as the root bridge of MSTI 0 and MSTI 1.
[DeviceA] stp instance 0 to 1 root primary
# Enable the spanning tree feature globally.
[DeviceA] stp global enable
Configuring Device B
# Set the link mode of all interfaces to bridge.
<DeviceB> system-view
[DeviceB] interface range hundredgige 1/0/1 to hundredgige 1/0/3
[DeviceB-if-range] port link-mode bridge
[DeviceB-if-range] quit
# Create VLANs 11 through 30.
[DeviceB] vlan 11 to 30
# Configure HundredGigE 1/0/1, HundredGigE 1/0/2, and HundredGigE 1/0/3 to trunk VLANs 11 through 30.
[DeviceB] interface range hundredgige 1/0/1 to hundredgige 1/0/3
[DeviceB-if-range] port link-type trunk
[DeviceB-if-range] port trunk permit vlan 11 to 30
[DeviceB-if-range] quit
# Configure the MST region name as test.
[DeviceB] stp region-configuration
[DeviceB-mst-region] region-name test
# Map VLANs 11 through 20 to MSTI 1, and map VLANs 21 through 30 to MSTI 2.
[DeviceB-mst-region] instance 1 vlan 11 to 20
[DeviceB-mst-region] instance 2 vlan 21 to 30
# Activate the MST region configuration.
[DeviceB-mst-region] active region-configuration
[DeviceB-mst-region] quit
# Configure Device B as the root bridge of MSTI 2 and a secondary root bridge of MSTI 0.
[DeviceB] stp instance 2 root primary
[DeviceB] stp instance 0 root secondary
# Enable the spanning tree feature globally.
[DeviceB] stp global enable
Configuring Device C
# Set the link mode of all interfaces to bridge.
<DeviceC> system-view
[DeviceC] interface range hundredgige 1/0/1 to hundredgige 1/0/2
[DeviceC-if-range] port link-mode bridge
[DeviceC-if-range] quit
# Create VLANs 11 through 30.
[DeviceC] vlan 11 to 30
# Configure HundredGigE 1/0/1 and HundredGigE 1/0/2 to trunk VLANs 11 through 30.
[DeviceC] interface range hundredgige 1/0/1 to hundredgige 1/0/2
[DeviceC-if-range] port link-type trunk
[DeviceC-if-range] port trunk permit vlan 11 to 30
[DeviceC-if-range] quit
# Configure the MST region name as test.
[DeviceC] stp region-configuration
[DeviceC-mst-region] region-name test
# Map VLANs 11 through 20 through MSTI 1, and map VLANs 21 through 30 to MSTI 2.
[DeviceC-mst-region] instance 1 vlan 11 to 20
[DeviceC-mst-region] instance 2 vlan 21 to 30
# Activate the MST region configuration.
[DeviceC-mst-region] active region-configuration
[DeviceC-mst-region] quit
# Enable the spanning tree feature globally.
[DeviceC] stp global enable
Configuring Device D
# Set the link mode of all interfaces to bridge.
<DeviceD> system-view
[DeviceD] interface range hundredgige 1/0/1 to hundredgige 1/0/2
[DeviceD-if-range] port link-mode bridge
[DeviceD-if-range] quit
# Create VLANs 11 through 30.
[DeviceD] vlan 11 to 30
# Configure HundredGigE 1/0/1 and HundredGigE 1/0/2 to trunk VLANs 11 through 30.
[DeviceD] interface range hundredgige 1/0/1 to hundredgige 1/0/2
[DeviceD-if-range] port link-type trunk
[DeviceD-if-range] port trunk permit vlan 11 to 30
[DeviceD-if-range] quit
# Configure the MST region name as test.
[DeviceD] stp region-configuration
[DeviceD-mst-region] region-name test
# Map VLANs 11 through 20 to MSTI 1, and map VLANs 21 through 30 to MSTI 2.
[DeviceD-mst-region] instance 1 vlan 11 to 20
[DeviceD-mst-region] instance 2 vlan 21 to 30
# Activate the MST region configuration.
[DeviceD-mst-region] active region-configuration
[DeviceD-mst-region] quit
# Set the device priority to 36864 in MSTI 0, which is lower than the default priority 32768 of Device C.
[DeviceD] stp instance 0 priority 36864
# Enable the spanning tree feature globally.
[DeviceD] stp global enable
Verifying the configuration
1. Verify that Layer 2 loops have been eliminated in each MSTI:
Use the display stp brief command to display brief spanning tree information on each device.
# Display brief spanning tree information on Device A.
[DeviceA] display stp brief
MST ID Port Role STP State Protection
0 HundredGigE1/0/1 DESI FORWARDING NONE
0 HundredGigE1/0/2 DESI FORWARDING NONE
0 HundredGigE1/0/3 DESI FORWARDING NONE
1 HundredGigE1/0/1 DESI FORWARDING NONE
1 HundredGigE1/0/2 DESI FORWARDING NONE
1 HundredGigE1/0/3 DESI FORWARDING NONE
2 HundredGigE1/0/1 ALTE DISCARDING NONE
2 HundredGigE1/0/2 DESI FORWARDING NONE
2 HundredGigE1/0/3 ROOT FORWARDING NONE
# Display brief spanning tree information on Device B.
[DeviceB] display stp brief
MST ID Port Role STP State Protection
0 HundredGigE1/0/1 DESI FORWARDING NONE
0 HundredGigE1/0/2 DESI FORWARDING NONE
0 HundredGigE1/0/3 ROOT FORWARDING NONE
1 HundredGigE1/0/1 DESI FORWARDING NONE
1 HundredGigE1/0/2 ALTE DISCARDING NONE
1 HundredGigE1/0/3 ROOT FORWARDING NONE
2 HundredGigE1/0/1 DESI FORWARDING NONE
2 HundredGigE1/0/2 DESI FORWARDING NONE
2 HundredGigE1/0/3 DESI FORWARDING NONE
# Display brief spanning tree information on Device C.
[DeviceC] display stp brief
MST ID Port Role STP State Protection
0 HundredGigE1/0/1 ROOT FORWARDING NONE
0 HundredGigE1/0/2 ALTE DISCARDING NONE
1 HundredGigE1/0/1 ROOT FORWARDING NONE
1 HundredGigE1/0/2 DESI FORWARDING NONE
2 HundredGigE1/0/1 DESI FORWARDING NONE
2 HundredGigE1/0/2 ROOT FORWARDING NONE
# Display brief spanning tree information on Device D.
[DeviceD] display stp brief
MST ID Port Role STP State Protection
0 HundredGigE1/0/1 ALTE DISCARDING NONE
0 HundredGigE1/0/2 ROOT FORWARDING NONE
1 HundredGigE1/0/1 ALTE DISCARDING NONE
1 HundredGigE1/0/2 ROOT FORWARDING NONE
2 HundredGigE1/0/1 ROOT FORWARDING NONE
2 HundredGigE1/0/2 ALTE DISCARDING NONE
Based on the output, the topology for each MSTI is shown in Figure 3.
2. Verify that the network can accommodate topology changes:
# Shut down HundredGigE 1/0/1 on Device C. (Details not shown.)
# Display brief spanning tree information on all devices.
[DeviceA] display stp brief
MST ID Port Role STP State Protection
0 HundredGigE1/0/2 DESI FORWARDING NONE
0 HundredGigE1/0/3 DESI FORWARDING NONE
1 HundredGigE1/0/2 DESI FORWARDING NONE
1 HundredGigE1/0/3 DESI FORWARDING NONE
2 HundredGigE1/0/2 DESI FORWARDING NONE
2 HundredGigE1/0/3 ROOT FORWARDING NONE
[DeviceB] display stp brief
MST ID Port Role STP State Protection
0 HundredGigE1/0/1 DESI FORWARDING NONE
0 HundredGigE1/0/2 DESI FORWARDING NONE
0 HundredGigE1/0/3 ROOT FORWARDING NONE
1 HundredGigE1/0/1 DESI FORWARDING NONE
1 HundredGigE1/0/2 DESI FORWARDING NONE
1 HundredGigE1/0/3 ROOT FORWARDING NONE
2 HundredGigE1/0/1 DESI FORWARDING NONE
2 HundredGigE1/0/2 DESI FORWARDING NONE
2 HundredGigE1/0/3 DESI FORWARDING NONE
[DeviceC] display stp brief
MST ID Port Role STP State Protection
0 HundredGigE1/0/2 ROOT FORWARDING NONE
1 HundredGigE1/0/2 ROOT FORWARDING NONE
2 HundredGigE1/0/2 ROOT FORWARDING NONE
[DeviceD] display stp brief
MST ID Port Role STP State Protection
0 HundredGigE1/0/1 ALTE DISCARDING NONE
0 HundredGigE1/0/2 ROOT FORWARDING NONE
1 HundredGigE1/0/1 ALTE DISCARDING NONE
1 HundredGigE1/0/2 ROOT FORWARDING NONE
2 HundredGigE1/0/1 ROOT FORWARDING NONE
2 HundredGigE1/0/2 ALTE DISCARDING NONE
Based on the output, the topology for each MSTI is shown in Figure 4.
Configuration files
· Device A:
#
vlan 1
#
vlan 11 to 30
#
stp region-configuration
region-name test
instance 1 vlan 11 to 20
instance 2 vlan 21 to 30
active region-configuration
#
stp instance 0 to 1 root primary
stp global enable
#
interface HundredGigE1/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 11 to 30
#
interface HundredGigE1/0/2
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 11 to 30
#
interface HundredGigE1/0/3
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 11 to 30
#
· Device B:
#
vlan 1
#
vlan 11 to 30
#
stp region-configuration
region-name test
instance 1 vlan 11 to 20
instance 2 vlan 21 to 30
active region-configuration
#
stp instance 0 root secondary
stp instance 2 root primary
stp global enable
#
interface HundredGigE1/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 11 to 30
#
interface HundredGigE1/0/2
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 11 to 30
#
interface HundredGigE1/0/3
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 11 to 30
#
· Device C:
#
vlan 1
#
vlan 11 to 30
#
stp region-configuration
region-name test
instance 1 vlan 11 to 20
instance 2 vlan 21 to 30
active region-configuration
#
stp global enable
#
interface HundredGigE1/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 11 to 30
#
interface HundredGigE1/0/2
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 11 to 30
#
· Device D:
#
vlan 1
#
vlan 11 to 30
#
stp region-configuration
region-name test
instance 1 vlan 11 to 20
instance 2 vlan 21 to 30
active region-configuration
#
stp instance 0 priority 36864
stp global enable
#
interface HundredGigE1/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 11 to 30
#
interface HundredGigE1/0/2
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 11 to 30
#
Example: Configuring PVST
Network configuration
As shown in Figure 5, Device A and Device B operate at the distribution layer, and Device C and Device D operate at the access layer. The ports on the devices have the same path cost.
Configure PVST to meet the following requirements:
· Redundant links are used for load sharing.
· Packets of each VLAN are forwarded along its spanning tree.
Analysis
For traffic of different VLANs to be shared along the spanning trees in Figure 6, perform the following tasks:
· Configure Device A as the root bridge of the spanning trees for VLAN 10 and VLAN 30.
· Configure Device B as the root bridge of the spanning tree for VLAN 20.
Figure 6 VLAN spanning tree topologies
Software versions used
This configuration example was created and verified on Release 3606.
Restrictions and guidelines
By default, interfaces on the device are disabled (in ADM or Administratively Down state). To have an interface operate, you must use the undo shutdown command to enable that interface.
Procedures
Configuring Device A
# Set the link mode of all interfaces to bridge.
<DeviceA> system-view
[DeviceA] interface range hundredgige 1/0/1 to hundredgige 1/0/3
[DeviceA-if-range] port link-mode bridge
[DeviceA-if-range] quit
# Create VLAN 10, VLAN 20, and VLAN 30.
[DeviceA] vlan 10
[DeviceA-vlan10] vlan 20
[DeviceA-vlan20] vlan 30
[DeviceA-vlan30] quit
# Configure HundredGigE 1/0/1 to trunk VLAN 10 and VLAN 20.
[DeviceA] interface hundredgige 1/0/1
[DeviceA-HundredGigE1/0/1] port link-type trunk
[DeviceA-HundredGigE1/0/1] port trunk permit vlan 10 20
[DeviceA-HundredGigE1/0/1] quit
# Configure HundredGigE 1/0/2 to trunk VLAN 20 and VLAN 30.
[DeviceA] interface hundredgige 1/0/2
[DeviceA-HundredGigE1/0/2] port link-type trunk
[DeviceA-HundredGigE1/0/2] port trunk permit vlan 20 30
[DeviceA-HundredGigE1/0/2] quit
# Configure HundredGigE 1/0/3 to trunk VLAN 10, VLAN 20, and VLAN 30.
[DeviceA] interface hundredgige 1/0/3
[DeviceA-HundredGigE1/0/3] port link-type trunk
[DeviceA-HundredGigE1/0/3] port trunk permit vlan 10 20 30
[DeviceA-HundredGigE1/0/3] quit
# Set the spanning tree mode to PVST.
[DeviceA] stp mode pvst
# Configure Device A as the root bridge of VLAN 10 and VLAN 30.
[DeviceA] stp vlan 10 30 root primary
# Enable the spanning tree feature globally.
[DeviceA] stp global enable
Configuring Device B
# Set the link mode of all interfaces to bridge.
<DeviceB> system-view
[DeviceB] interface range hundredgige 1/0/1 to hundredgige 1/0/3
[DeviceB-if-range] port link-mode bridge
[DeviceB-if-range] quit
# Create VLAN 10, VLAN 20, and VLAN 30.
[DeviceB] vlan 10
[DeviceB-vlan10] vlan 20
[DeviceB-vlan20] vlan 30
[DeviceB-vlan30] quit
# Configure HundredGigE 1/0/1 to trunk VLAN 20 and VLAN 30.
[DeviceB] interface hundredgige 1/0/1
[DeviceB-HundredGigE1/0/1] port link-type trunk
[DeviceB-HundredGigE1/0/1] port trunk permit vlan 20 30
[DeviceB-HundredGigE1/0/1] quit
# Configure HundredGigE 1/0/2 to trunk VLAN 10 and VLAN 20.
[DeviceB] interface hundredgige 1/0/2
[DeviceB-HundredGigE1/0/2] port link-type trunk
[DeviceB-HundredGigE1/0/2] port trunk permit vlan 10 20
[DeviceB-HundredGigE1/0/2] quit
# Configure HundredGigE 1/0/3 to trunk VLAN 10, VLAN 20, and VLAN 30.
[DeviceB] interface hundredgige 1/0/3
[DeviceB-HundredGigE1/0/3] port link-type trunk
[DeviceB-HundredGigE1/0/3] port trunk permit vlan 10 20 30
[DeviceB-HundredGigE1/0/3] quit
# Set the spanning tree mode to PVST.
[DeviceB] stp mode pvst
# Configure Device B as the root bridge of VLAN 20.
[DeviceB] stp vlan 20 root primary
# Enable the spanning tree feature globally.
[DeviceB] stp global enable
Configuring Device C
# Set the link mode of all interfaces to bridge.
<DeviceC> system-view
[DeviceC] interface range hundredgige 1/0/1 to hundredgige 1/0/2
[DeviceC-if-range] port link-mode bridge
[DeviceC-if-range] quit
# Create VLAN 10 and VLAN 20.
[DeviceC] vlan 10
[DeviceC-vlan10] vlan 20
[DeviceC-vlan20] quit
# Configure HundredGigE 1/0/1 and HundredGigE 1/0/2 to trunk VLAN 10 and VLAN 20.
[DeviceC] interface range hundredgige 1/0/1 to hundredgige 1/0/2
[DeviceC-if-range] port link-type trunk
[DeviceC-if-range] port trunk permit vlan 10 20
[DeviceC-if-range] quit
# Set the spanning tree mode to PVST.
[DeviceC] stp mode pvst
# Enable the spanning tree feature globally.
[DeviceC] stp global enable
Configuring Device D
# Set the link mode of all interfaces to bridge.
<DeviceD> system-view
[DeviceD] interface range hundredgige 1/0/1 to hundredgige 1/0/2
[DeviceD-if-range] port link-mode bridge
[DeviceD-if-range] quit
# Create VLAN 20 and VLAN 30.
[DeviceD] vlan 20
[DeviceD-vlan20] vlan 30
[DeviceD-vlan30] quit
# Configure HundredGigE 1/0/1 and HundredGigE 1/0/2 to trunk VLAN 20 and VLAN 30.
[DeviceD] interface range hundredgige 1/0/1 to hundredgige 1/0/2
[DeviceD-if-range] port link-type trunk
[DeviceD-if-range] port trunk permit vlan 20 30
[DeviceD-if-range] quit
# Set the spanning tree mode to PVST.
[DeviceD] stp mode pvst
# Enable the spanning tree feature globally.
[DeviceD] stp global enable
Verifying the configuration
Use the display stp brief command to display brief spanning tree information on each device.
# Display brief spanning tree information on Device A.
[DeviceA] display stp brief
VLAN ID Port Role STP State Protection
1 HundredGigE1/0/1 ROOT FORWARDING NONE
1 HundredGigE1/0/2 DESI FORWARDING NONE
1 HundredGigE1/0/3 ALTE DISCARDING NONE
10 HundredGigE1/0/1 DESI FORWARDING NONE
10 HundredGigE1/0/3 DESI FORWARDING NONE
20 HundredGigE1/0/1 ALTE DISCARDING NONE
20 HundredGigE1/0/2 ALTE DISCARDING NONE
20 HundredGigE1/0/3 ROOT FORWARDING NONE
30 HundredGigE1/0/2 DESI FORWARDING NONE
30 HundredGigE1/0/3 DESI FORWARDING NONE
# Display brief spanning tree information on Device B.
[DeviceB] display stp brief
VLAN ID Port Role STP State Protection
1 HundredGigE1/0/1 DESI FORWARDING NONE
1 HundredGigE1/0/2 ROOT FORWARDING NONE
1 HundredGigE1/0/3 DESI FORWARDING NONE
10 HundredGigE1/0/2 ALTE DISCARDING NONE
10 HundredGigE1/0/3 ROOT FORWARDING NONE
20 HundredGigE1/0/1 DESI FORWARDING NONE
20 HundredGigE1/0/2 DESI FORWARDING NONE
20 HundredGigE1/0/3 DESI FORWARDING NONE
30 HundredGigE1/0/1 ALTE DISCARDING NONE
30 HundredGigE1/0/3 ROOT FORWARDING NONE
# Display brief spanning tree information on Device C.
[DeviceC] display stp brief
VLAN ID Port Role STP State Protection
1 HundredGigE1/0/1 DESI FORWARDING NONE
1 HundredGigE1/0/2 DESI FORWARDING NONE
10 HundredGigE1/0/1 ROOT FORWARDING NONE
10 HundredGigE1/0/2 DESI FORWARDING NONE
20 HundredGigE1/0/1 DESI FORWARDING NONE
20 HundredGigE1/0/2 ROOT FORWARDING NONE
# Display brief spanning tree information on Device D.
[DeviceD] display stp brief
VLAN ID Port Role STP State Protection
1 HundredGigE1/0/1 ROOT FORWARDING NONE
1 HundredGigE1/0/2 ALTE DISCARDING NONE
20 HundredGigE1/0/1 ROOT FORWARDING NONE
20 HundredGigE1/0/2 DESI FORWARDING NONE
30 HundredGigE1/0/1 DESI FORWARDING NONE
30 HundredGigE1/0/2 ROOT FORWARDING NONE
Based on the output, the topology for each VLAN is shown in Figure 7.
Figure 7 VLAN spanning tree topologies
Configuration files
· Device A:
#
vlan 1
#
vlan 10
#
vlan 20
#
vlan 30
#
stp vlan 10 30 root primary
stp mode pvst
stp global enable
#
interface HundredGigE1/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 10 20
#
interface HundredGigE1/0/2
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 20 30
#
interface HundredGigE1/0/3
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 10 20 30
#
· Device B:
#
vlan 1
#
vlan 10
#
vlan 20
#
vlan 30
#
stp vlan 20 root primary
stp mode pvst
stp global enable
#
interface HundredGigE1/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 20 30
#
interface HundredGigE1/0/2
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 10 20
#
interface HundredGigE1/0/3
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 10 20 30
#
· Device C:
#
vlan 1
#
vlan 10
#
vlan 20
#
stp mode pvst
stp global enable
#
interface HundredGigE1/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 10 20
#
interface HundredGigE1/0/2
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 10 20
#
· Device D:
#
vlan 1
#
vlan 20
#
vlan 30
#
stp mode pvst
stp global enable
#
interface HundredGigE1/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 20 30
#
interface HundredGigE1/0/2
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 20 30
#
Example: Configuring RSTP
Network configuration
As shown in Figure 8, Device A operates at the core layer, Device B and Device C operate at the distribution layer, and Device D and Device E operate at the access layer. The ports on the devices have the same path cost.
Configure RSTP as follows:
· Configure Device A as the root bridge, and enable root guard to retain its root bridge role when configuration errors or malicious attacks occur.
· Configure Device C as a backup of Device B. When Device B fails, traffic is forwarded through Device C.
· Configure HundredGigE 1/0/4 on Device D and HundredGigE 1/0/4 on Device E as edge ports, and enable BPDU guard on the ports.
Analysis
For Device C to be a backup of Device B, make sure Device C's priority is lower than Device B's priority. In this example, configure the priorities of Device B and Device C as 4096 and 8192.
For Device A to be the root bridge, make sure Device A has the lowest bridge ID (containing the device's priority and MAC address) in the network. In this example, because Device A already has the lowest MAC address, configure the priority as 4096 for Device A to hold the lowest bridge ID.
|
|
NOTE: To configure a device as the root bridge, you also can use the stp root primary or stp priority 0 command to set the device's priority to 0. |
To retain Device A's root bridge role, enable root guard on the designated ports of Device A, Device B, and Device C. To identify the designated ports, use either of the following methods:
· Use the display stp brief command to display the brief spanning tree information. The role is DESI for a designated port.
· Identify the designated ports in the RSTP topology that is calculated based on the device configuration, as shown in Figure 9.
Software versions used
This configuration example was created and verified on Release 3606.
Restrictions and guidelines
By default, interfaces on the device are disabled (in ADM or Administratively Down state). To have an interface operate, you must use the undo shutdown command to enable that interface.
Procedures
Configuring Device A
# Set the spanning tree mode to RSTP.
<DeviceA> system-view
[DeviceA] stp mode rstp
# Configure the priority as 4096 for Device A.
[DeviceA] stp priority 4096
# Enable the spanning tree feature globally.
[DeviceA] stp global enable
# Set the link mode of all interfaces to bridge.
[DeviceA] interface range hundredgige 1/0/1 to hundredgige 1/0/2
[DeviceA-if-range] port link-mode bridge
[DeviceA-if-range] quit
# Enable root guard on designated ports HundredGigE 1/0/1 and HundredGigE 1/0/2.
[DeviceA] interface range hundredgige 1/0/1 to hundredgige 1/0/2
[DeviceA-if-range] stp root-protection
[DeviceA-if-range] quit
Configuring Device B
# Set the spanning tree mode to RSTP.
<DeviceB> system-view
[DeviceB] stp mode rstp
# Configure the priority as 4096 for Device B.
[DeviceB] stp priority 4096
# Enable the spanning tree feature globally.
[DeviceB] stp global enable
# Set the link mode of all interfaces to bridge.
[DeviceB] interface range hundredgige 1/0/1 to hundredgige 1/0/3
[DeviceB-if-range] port link-mode bridge
[DeviceB-if-range] quit
# Enable root guard on designated ports HundredGigE 1/0/1, HundredGigE 1/0/2, and HundredGigE 1/0/3.
[DeviceB] interface range hundredgige 1/0/1 to hundredgige 1/0/3
[DeviceB-if-range] stp root-protection
[DeviceB-if-range] quit
Configuring Device C
# Set the spanning tree mode to RSTP.
<DeviceC> system-view
[DeviceC] stp mode rstp
# Configure the priority as 8192 for Device C.
[DeviceC] stp priority 8192
# Enable the spanning tree feature globally.
[DeviceC] stp global enable
# Set the link mode of all interfaces to bridge.
[DeviceC] interface range hundredgige 1/0/1 to hundredgige 1/0/2
[DeviceC-if-range] port link-mode bridge
[DeviceC-if-range] quit
# Enable root guard on designated ports HundredGigE 1/0/1 and HundredGigE 1/0/2.
[DeviceC] interface range hundredgige 1/0/1 to hundredgige 1/0/2
[DeviceC-if-range] stp root-protection
[DeviceC-if-range] quit
Configuring Device D
# Set the spanning tree mode to RSTP.
<DeviceD> system-view
[DeviceD] stp mode rstp
# Enable the spanning tree feature globally.
[DeviceD] stp global enable
# Configure HundredGigE 1/0/4 as an edge port, and enable BPDU guard.
[DeviceD] interface hundredgige 1/0/4
[DeviceD-HundredGigE1/0/4] port link-mode bridge
[DeviceD-HundredGigE1/0/4] stp edged-port
[DeviceD-HundredGigE1/0/4] stp port bpdu-protection enable
[DeviceD-HundredGigE1/0/4] quit
Configuring Device E
# Configure Device E in the same way you configure Device D. (Details not shown.)
Verifying the configuration
1. Verify that Layer 2 loops have been eliminated in the network:
Use the display stp brief command to display brief spanning tree information on each device.
# Display the brief spanning tree information on Device A.
[DeviceA] display stp brief
MST ID Port Role STP State Protection
0 HundredGigE1/0/1 DESI FORWARDING NONE
0 HundredGigE1/0/2 DESI FORWARDING NONE
# Display the brief spanning tree information on Device B.
[DeviceB] display stp brief
MST ID Port Role STP State Protection
0 HundredGigE1/0/1 DESI FORWARDING NONE
0 HundredGigE1/0/2 DESI FORWARDING NONE
0 HundredGigE1/0/3 DESI FORWARDING NONE
0 HundredGigE1/0/4 ROOT FORWARDING NONE
# Display the brief spanning tree information on Device C.
[DeviceC] display stp brief
MST ID Port Role STP State Protection
0 HundredGigE1/0/1 DESI FORWARDING NONE
0 HundredGigE1/0/2 DESI FORWARDING NONE
0 HundredGigE1/0/3 ALTE DISCARDING NONE
0 HundredGigE1/0/4 ROOT FORWARDING NONE
# Display the brief spanning tree information on Device D.
[DeviceD] display stp brief
MST ID Port Role STP State Protection
0 HundredGigE1/0/1 ROOT FORWARDING NONE
0 HundredGigE1/0/2 ALTE DISCARDING NONE
0 HundredGigE1/0/4 DESI FORWARDING BPDU
# Display the brief spanning tree information on Device E.
[DeviceE] display stp brief
MST ID Port Role STP State Protection
0 HundredGigE1/0/1 ALTE DISCARDING NONE
0 HundredGigE1/0/2 ROOT FORWARDING NONE
0 HundredGigE1/0/4 DESI FORWARDING BPDU
Based on the output, the topology for the network is shown in Figure 10.
2. Verify that root guard can retain Device A's root bridge role:
# Verify that Device A is the root bridge in the network.
[DeviceD] display stp
-------[CIST Global Info] [Mode RSTP] -------
Bridge ID : 32768.00e0-fc00-c518
Bridge times : Hello 2s MaxAge 20s FwdDelay 15s MaxHops 20
Root ID/ERPC : 4096.0000-fc00-47cd, 40
RegRoot ID/IRPC : 32768.00e0-fc00-c518, 0
...
# Set the priority to 0 for Device D. Because the priority is higher than the priority of Device A, Device D considers itself as the root bridge and sends BPDUs that contain its bridge ID 0.00e0-fc00-c518.
[DeviceD] stp priority 0
[DeviceD] display stp
-------[CIST Global Info] [Mode RSTP] -------
Bridge ID : 0.00e0-fc00-c518
Bridge times : Hello 2s MaxAge 20s FwdDelay 15s MaxHops 20
Root ID/ERPC : 0.00e0-fc00-c518, 0
RegRoot ID/IRPC : 0.00e0-fc00-c518, 0
...
# Set the priority to 0 for Device E. Because the priority is higher than the priority of Device A. Device E considers itself as the root bridge and sends BPDUs that contain its bridge ID 0.7425-8a0f-8000.
[DeviceE] stp priority 0
[DeviceE] display stp
-------[CIST Global Info] [Mode RSTP] -------
Bridge ID : 0.7425-8a0f-8000
Bridge times : Hello 2s MaxAge 20s FwdDelay 15s MaxHops 20
Root ID/ERPC : 0.7425-8a0f-8000, 0
RegRoot ID/IRPC : 0.7425-8a0f-8000, 0
...
# Verify that Device A is still the root bridge in the network and HundredGigE 1/0/1 and HundredGigE 1/0/2 have transited to the discarding state.
[DeviceB] display stp
-------[CIST Global Info] [Mode RSTP] -------
Bridge ID : 4096.7425-8a02-4c00
Bridge times : Hello 2s MaxAge 20s FwdDelay 15s MaxHops 20
Root ID/ERPC : 4096.0000-fc00-47cd, 20
RegRoot ID/IRPC : 4096.7425-8a02-4c00, 0
...
[DeviceC] display stp
-------[CIST Global Info] [Mode RSTP] -------
Bridge ID : 8192.0cda-41b1-d1c0
Bridge times : Hello 2s MaxAge 20s FwdDelay 15s MaxHops 20
Root ID/ERPC : 4096.0000-fc00-47cd, 20
RegRoot ID/IRPC : 8192.0cda-41b1-d1c0, 0
...
[DeviceB] display stp brief
MST ID Port Role STP State Protection
0 HundredGigE1/0/1 DESI DISCARDING NONE
0 HundredGigE1/0/2 DESI DISCARDING NONE
0 HundredGigE1/0/3 DESI FORWARDING NONE
0 HundredGigE1/0/4 ROOT FORWARDING NONE
[DeviceC] display stp brief
MST ID Port Role STP State Protection
0 HundredGigE1/0/1 DESI DISCARDING NONE
0 HundredGigE1/0/2 DESI DISCARDING NONE
0 HundredGigE1/0/3 ALTE DISCARDING NONE
0 HundredGigE1/0/4 ROOT FORWARDING NONE
# Verify that Device A cannot retain its root bridge role when root guard is disabled on a designated port on Device B (for example, HundredGigE 1/0/2).
[DeviceB] interface hundredgige 1/0/2
[DeviceB-HundredGigE1/0/2] undo stp root-protection
[DeviceB-HundredGigE1/0/2] display stp
-------[CIST Global Info] [Mode RSTP] -------
Bridge ID : 4096.7425-8a02-4c00
Bridge times : Hello 2s MaxAge 20s FwdDelay 15s MaxHops 20
Root ID/ERPC : 0.7425-8a0f-8000, 20
...
[DeviceB-HundredGigE1/0/2] display stp brief
MST ID Port Role STP State Protection
0 HundredGigE1/0/1 DESI DISCARDING ROOT
0 HundredGigE1/0/2 ROOT FORWARDING NONE
0 HundredGigE1/0/3 DESI FORWARDING NONE
0 HundredGigE1/0/4 DESI FORWARDING NONE
3. Verify that traffic is forwarded through Device C when Device B fails:
# Reboot Device B. (Details not shown.)
# Display the brief spanning tree information on Device A, Device C, Device D, and Device E before Device B completes the reboot.
[DeviceA] dis stp brief
MST ID Port Role STP State Protection
0 HundredGigE1/0/2 DESI FORWARDING ROOT
[DeviceC] dis stp brief
MST ID Port Role STP State Protection
0 HundredGigE1/0/1 DESI FORWARDING ROOT
0 HundredGigE1/0/2 DESI FORWARDING ROOT
0 HundredGigE1/0/4 ROOT FORWARDING NONE
[DeviceD] dis stp brief
MST ID Port Role STP State Protection
0 HundredGigE1/0/2 ROOT FORWARDING NONE
0 HundredGigE1/0/4 DESI FORWARDING BPDU
[DeviceE] dis stp brief
MST ID Port Role STP State Protection
0 HundredGigE1/0/1 ROOT FORWARDING NONE
0 HundredGigE1/0/4 DESI FORWARDING BPDU
Based on the network topology, the topology for the network is shown in Figure 11.
4. Verify that BPDU guard can protect edge ports from attacks:
# Verify that the edge port HundredGigE 1/0/4 on Device D goes down when the port receives configuration BPDUs.
[DeviceD] display stp down-port
Down Port Reason
HundredGigE1/0/4 BPDU-Protected
# Verify that HundredGigE 1/0/4 goes up when it does not receive any configuration BPDUs from the peer end.
[DeviceD] display interface brief | include UP
InLoop0 UP UP(s) --
M-E0/0/0 UP UP 192.168.2.125
NULL0 UP UP(s) --
HGE1/0/1 UP 1G(a) F(a) T 1
HGE1/0/2 UP 1G(a) F(a) T 1
HGE1/0/4 UP 1G(a) F(a) A 1
Configuration files
· Device A:
#
vlan 1
#
stp instance 0 priority 4096
stp mode rstp
stp global enable
#
interface HundredGigE1/0/1
port link-mode bridge
stp root-protection
#
interface HundredGigE1/0/2
port link-mode bridge
stp root-protection
#
· Device B:
#
vlan 1
#
stp instance 0 priority 4096
stp mode rstp
stp global enable
#
interface HundredGigE1/0/1
port link-mode bridge
stp root-protection
#
interface HundredGigE1/0/2
port link-mode bridge
stp root-protection
#
interface HundredGigE1/0/3
port link-mode bridge
stp root-protection
#
interface HundredGigE1/0/4
port link-mode bridge
#
· Device C:
#
vlan 1
#
stp instance 0 priority 8192
stp mode rstp
stp global enable
#
interface HundredGigE1/0/1
port link-mode bridge
stp root-protection
#
interface HundredGigE1/0/2
port link-mode bridge
stp root-protection
#
interface HundredGigE1/0/3
port link-mode bridge
#
interface HundredGigE1/0/4
port link-mode bridge
#
· Device D:
#
vlan 1
#
stp mode rstp
stp global enable
#
interface HundredGigE1/0/1
port link-mode bridge
#
interface HundredGigE1/0/2
port link-mode bridge
#
interface HundredGigE1/0/4
port link-mode bridge
stp edged-port
#
· Device E:
#
vlan 1
#
stp mode rstp
stp global enable
#
interface HundredGigE1/0/1
port link-mode bridge
#
interface HundredGigE1/0/2
port link-mode bridge
#
interface HundredGigE1/0/4
port link-mode bridge
stp edged-port
stp port bpdu-protection enable
#
Related documentation
· H3C S12500R Switch Router Series Layer 2—LAN Switching Command Reference-R3606
· H3C S12500R Switch Router Series Layer 2—LAN Switching Configuration Guide-R3606
