Professional Documents
Culture Documents
14 MSTP Configuration
This chapter describes how to configure the Multiple Spanning Tree Protocol (MSTP).
14.14 FAQ
14.15 References
Definition
The Multiple Spanning Tree Protocol (MSTP) enables multiple VLAN instances to be
mapped to the same spanning tree without creating loops. MSTP is a Layer 2 protocol that
was first defined in IEEE 802.1s.
Purpose
MSTP generates multiple spanning trees that are used independently of each other to forward
traffic in different VLANs, which allows load balancing to be implemented without the risk of
broadcast storms.
STP/RSTP Defect
Both STP and RSTP (which is an evolution of STP and allows for fast network topology
convergence) suffer from a significant limitation: neither can implement VLAN-based load
balancing because all VLANs on a LAN use one spanning tree. When a link is blocked, it no
longer transmits traffic, which wastes bandwidth and prevents certain VLAN packets from
being forwarded.
Figure 14-1 provides an example scenario where STP or RSTP is enabled on a LAN. In
Figure 14-1, the broken line shows the spanning tree.
H o s tC H o s tA
VLAN 3 VLAN 2
( VLAN 3) ( VLAN 2)
VLAN 2 VLAN 3
S2 S5
H o s tB VLAN 2 VLAN 2 H o s tD
( VLAN 2) VLAN 3 VLAN 3 ( VLAN 3)
VLAN 3
VLAN 2 VLAN 3
S3 S6
sp a n n in g tre e (ro o t b rid g e :S 6 )
In Figure 14-1, S6 is the root switch. The links between S2 and S5 and between S1 and S4
are blocked. VLAN packets are transmitted through "VLAN 2" or "VLAN 3" links.
Because the link between S2 and S5 is blocked and the link between S3 and S6 denies packets
from VLAN 2, HostA and HostB cannot communicate with each other despite both belonging
to VLAN 2.
MSTP Improvements
Because the link between S2 and S5 is blocked and the link between S3 and S6 denies packets
from VLAN 2, Host A and Host B cannot communicate with each other despite both
belonging to VLAN 2.
To address the limitation of STP and RSTP, MSTP allows fast convergence and provides
multiple paths to load balance VLAN traffic.
MSTP divides a switching network into multiple regions, each of which has multiple
spanning trees that are independent of each other. Each spanning tree is called a Multiple
Spanning Tree Instance (MSTI) and each region is called a Multiple Spanning Tree (MST)
region. Figure 14-2 shows an example of an MST region.
NOTE
An MSTI is a collection of VLANs. Binding multiple VLANs to a single MSTI reduces communication
costs and resource usage. The topology of each MSTI is calculated independently, and traffic can be
balanced among MSTIs. Multiple VLANs with the same topology can be mapped to a single MSTI. The
forwarding state of the VLANs for a port is determined by the port state in the MSTI.
H o s tC H o s tA
VLAN 3 VLAN 2
( VLAN 3) ( VLAN 2)
VLAN 2
S2 S5
H o s tB VLAN 2 VLAN 2 H o s tD
( VLAN 2) VLAN 3 VLAN 3 ( VLAN 3)
VLAN 3
VLAN 2 VLAN 3
S3 S6
sp a n n in g tre e (ro o t b rid g e :S 4 )
sp a n n in g tre e (ro o t b rid g e :S 6 )
In Figure 14-2, MSTP maps VLANs to MSTIs in the VLAN mapping table. Each VLAN can
be mapped to only one MSTI. This means that traffic of a VLAN can be transmitted in only
one MSTI. An MSTI, however, can correspond to multiple VLANs.
Two MSTIs are calculated:
l MSTI 1 uses S4 as the root switch to forward packets of VLAN 2.
l MSTI 2 uses S6 as the root switch to forward packets of VLAN 3.
In this situation, devices within the same VLAN can communicate with each other. Packets of
different VLANs are load balanced along different paths.
M S T P N e tw o rk
M S T R e g io n 1 M S T R e g io n 2
V L A N 1 -> M S T I 1 V L A N 1 -> M S T I 1
V L A N 2 -> M S T I 2 V L A N 2 -> M S T I 2
o th e r V L A N S -> M S T I 3 o th e r V L A N S -> M S T I 3
S1
V L A N 1 -> M S T I 1 V L A N 1 -> M S T I 1
V L A N 2 -> M S T I 2 V L A N 2 -> M S T I 2
o th e r V L A N S -> M S T I 3 o th e r V L A N S -> M S T I 3
M S T R e g io n 3 M S T R e g io n 4
CST
IS T
MST Region
An MST region contains multiple network segments, each of which contains one or more
switches. The switches in one MST region all share the following characteristics:
l MSTP-enabled
l Same region name
Multiple switches can be grouped into an MST region by using MSTP configuration
commands.
In Figure 14-4, MST region 4 contains SwitchA, SwitchB, SwitchC, and SwitchD, and has
three MSTIs.
Figure 14-4 MST region with four switches and three MSTIs
A D A D
B C B C
M STI 1 M STI 2
S3
A D
Root
V L A N 1 -> M S T I 1 b rid g e
V L A N 2 -> M S T I 2
o th e r V L A N S -> M S T I 3 B C M STI
M S T R e g io n 4 M STI 3
M S T I to p o lo g y in M S T re g io n 4
CST
A Common Spanning Tree (CST) connects all MST regions on a switching network.
The CST is calculated using STP or RSTP, with each MST region being considered as a
single node.
In Figure 14-3, the regions that are connected through blue lines form a CST.
IST
An Internal Spanning Tree (IST) resides within an MST region.
In Figure 14-3, the switches that are connected through dark blue lines in an MST region
form an IST.
SST
A Single Spanning Tree (SST) is formed in either of the following situations:
l A switch running STP or RSTP belongs to only one spanning tree.
l An MST region has only one switch.
CIST
A Common and Internal Spanning Tree (CIST) connects all the switches on a switching
network and is calculated using STP or RSTP.
In Figure 14-3, all ISTs and the CST form a CIST.
Regional Root
Regional roots are classified into Internal Spanning Tree (IST) and MSTI regional roots.
In Figure 14-3, the switches that are closest to the CIST root are IST regional roots.
An MST region can contain multiple spanning trees, each of which is called an MSTI. An
MSTI regional root is the root of the MSTI. In Figure 14-4, each MSTI has its own regional
root.
CIST Root
In Figure 14-3, the CIST root is the root bridge of the CIST. The CIST root is a device in S1.
Master Bridge
The master bridge is the switch closest to the CIST root in a region, for example, S1 in Figure
14-3.
If the CIST root is in an MST region, the CIST root is the master bridge of the region.
Port Roles
MSTP adds two extra port roles to those defined in RSTP. Table 14-1 describes the port roles
included in MSTP.
NOTE
Root port A root port sends data to a root bridge and is the port closest to the root bridge.
Root bridges do not have root ports.
Root ports are responsible for sending data to root bridges.
In Figure 14-5, S1 is the root; CP1 is the root port on S3; BP1 is the root port
on S2.
Alternate l Alternate ports provide an alternate path to the root bridge. This path is
port different from the path through the root port.
l An alternate port is blocked from sending BPDUs after a BPDU sent by
another bridge is received.
In Figure 14-5, BP2 is an alternate port.
Master A master port is on the shortest path connecting MST regions to the CIST root.
port BPDUs of an MST region are sent to the CIST root through the master port.
Master ports are special regional edge ports, functioning as root ports on ISTs
or CISTs and master ports in instances.
In Figure 14-6, S1, S2, S3, and S4 form an MST region. AP1 on S1 is the
master port because it is the closest port in the region to the CIST root.
Regional A regional edge port is located at the edge of an MST region and connects to
edge port another MST region or an SST.
In Figure 14-6, AP1, DP1, and DP2 in an MST region are directly connected
to other regions. This means that they are all regional edge ports of the MST
region.
Edge port An edge port is located at the edge of an MST region and does not connect to
any switching device.
Generally, edge ports are directly connected to terminals.
After MSTP is enabled on a port, edge port detection is started automatically.
If the port fails to receive BPDU packets within (2 x Hello Timer + 1) seconds,
the port is set to an edge port. Otherwise, the port is set to a non-edge port.
S1
Root
AP2 AP3
CP1 BP1
S3 S2
root port
designated port
Alternate port
Backup port
Connect to the
CIST root
AP1
Master
S1
S2 S3
S4
Blocked port
Port Description
State
Forwardi A port in this state can send and receive BPDUs. It can also forward user
ng traffic.
Learning A port in this state learns MAC addresses from user traffic to construct a MAC
address table.
In Learning state, the port can send and receive BPDUs, but cannot forward
user traffic.
NOTE
Root, master, designated, and regional edge ports support all three port states. Alternate and backup ports
support only the Discarding state.
NOTE
The first 36 bytes of an MST BPDU are the same as those of an RST BPDU.
Fields from the 37th byte of an MST BPDU are MSTP-specific. The MSTI Configuration Messages field
consists of configuration messages of multiple MSTIs.
CIST External 4 Indicates the total path cost from the MST region
Path Cost where the switch resides to the MST region where the
CIST root switch resides. This value is calculated based
on link bandwidth.
Hello Time 2 Indicates the Hello timer value. The default value is 2
seconds.
Forward Delay 2 Indicates the forwarding delay timer. The default value
is 15 seconds.
CIST Internal 4 Indicates the total path costs from the local port to the
Root Path Cost IST master. This value is calculated based on link
bandwidth.
Remote devices must transmit and receive the same MST BPDU format. If MST BPDU
formats are different, loops may occur.
To configure ports on a Huawei switch to automatically adopt the BPDU format of the remote
device, use the stp compliance command. The following modes can be set on Huawei
switches:
l auto
l dot1s
l legacy
In auto mode, a port uses the dot1s BPDU format by default, but switches format if legacy
BDPUs are received from the remote end.
The number of BPDUs sent during a Hello interval increases as the Hello Time value is
increased. Setting the Hello Time to a smaller value limits the number of BPDUs sent by a
port during a Hello interval, which helps prevent network topology flapping and excessive use
of bandwidth resources by BPDUs.
Vectors
Both MSTIs and the CIST are calculated based on vectors, carried in MST BPDUs.
There are seven types of vectors used to calculate MSTIs and the CIST. Each vector carries a
priority value. For each vector, smaller priority values indicate higher priorities.
If the priority of a vector carried in the configuration message of a BPDU received by a port is
higher than the priority of the vector in the configuration message saved on the port, the port
replaces the saved configuration message with the received message and updates the global
configuration message saved on the device.
If the priority of a vector carried in the configuration message of a BPDU received on a port is
equal to or lower than that saved on the port, the port discards the BPDU. Table 14-5
describes each vector.
Root ID Identifies the root switch for the CIST. The root identifier consists of
the priority value (16 bits) and MAC address (48 bits).
The priority value is the priority of MSTI 0.
External root path Indicates the path cost from a CIST regional root to the root. ERPCs
cost (ERPC) are the same on all switches in an MST region. If the CIST root is in
an MST region, all ERPCs in that MST region are set to 0.
Regional root ID Identifies the MSTI regional root and consists of the priority value
(16 bits) and MAC address (48 bits).
The priority value is the priority of MSTI 0.
Internal root path Indicates the path cost from the local bridge to the regional root. The
cost (IRPC) IRPC saved on a regional edge port must be greater than the IRPC
saved on a non-regional edge port.
Designated Identifies the nearest upstream bridge on the path from the local
switching device bridge to the regional root. If the local bridge is the root or the
ID regional root, this ID is the same as the local bridge ID.
Designated port ID Identifies the port on the designated switch connected to the root port
on the local bridge. The designated port ID consists of the priority
value (4 bits) and port number (12 bits). The priority value must be a
multiple of 16.
Receiving port ID Identifies the port receiving the BPDU. The receiving port ID
consists of the priority value (4 bits) and port number (12 bits). The
priority value must be a multiple of 16.
l Root ID
l External root path cost
l Region root ID
l Internal root path cost
l Designated switch ID
l Designated port ID
l Receiving port ID
The following vectors are used in MSTI calculation:
l Regional root ID
l Internal root path cost
l Designated switch ID
l Designated port ID
l Receiving port ID
NOTE
CIST Calculation
After comparing the vectors, the switch with the highest priority on the entire network is
selected as the CIST root. MSTP calculates an IST for each MST region, and calculates a
CST to interconnect MST regions. The CST and ISTs form a CIST for the entire network.
MSTI Calculation
In an MST region, MSTP independently calculates an MSTI for each VLAN based on
mappings between VLANs and MSTIs. The calculation process is similar to that used by STP
to calculate a spanning tree. For details, see 13.2.4 STP Topology Calculation.
MSTIs have the following characteristics:
l The spanning tree is calculated independently for each MSTI. Spanning trees of MSTIs
are independent of each other.
l Spanning trees of MSTIs can have different roots and topologies.
l Each MSTI sends BPDUs in its spanning tree.
l The topology of each MSTI is configured by using commands.
l A port can be configured with different parameters for different MSTIs.
l A port can play different roles or have different status in different MSTIs.
Upstream Downstream
device device
Send a proposal so
that the port can
rapidly enter the
Forwarding state Configure the root port
and block non-edge ports
Send an agreement
The root port
The designated enters the
port enters the Send an agreement Forwarding state
Forwarding state
Root port
Designated port
c. The downstream device replies with an agreement BPDU. After receiving this
BPDU, the upstream device sets its port connected to the downstream device as the
designated port, and the port enters the Forwarding state.
By default, Huawei switches use fast transition in enhanced P/A. To enable a Huawei switch
to communicate with a third-party device that uses fast transition in common P/A, configure
the Huawei switch to use ordinary P/A.
MPLS/IP Core
Core
UPE4 UPE3
Aggregation
MSTP
UPE1 UPE2
STP/RSTP
S1
Access
S4
S2 S3
NOTE
Purpose
MSTP multi-process provides the following benefits:
l Greatly improves the applicability of STP to different networking conditions.
On a network running different spanning tree protocols, devices that run different
spanning tree protocols can be bound to different processes, allowing every process to
calculate a separate, independent spanning tree.
l Improves networking reliability.
Network topology is calculated for each process so that, if a device fails, only the
topology corresponding to the process that the device belongs to is affected. On a
network with many Layer 2 access devices, MSTP multi-process reduces the adverse
effect of a single node failure on the entire network.
Additional Concepts
l Public link status
In Figure 14-9, the public link between UPE1 and UPE2 is a Layer 2 link running
MSTP. This public link is different from the links that connect switching devices to
UPEs. The ports on the public link need to participate in the calculation for multiple
access rings and MSTP processes. Therefore, the UPEs must identify the process from
which MST BPDUs are sent.
In addition, a port on the public link participates in the calculation for multiple MSTP
processes, and obtains different status. As a result, the port cannot determine its status.
To prevent this situation, the port always adopts its status in MSTP process 0 when
participating in the calculation for multiple MSTP processes.
NOTE
By default, MSTP process 0 is created when a device starts, and MSTP configurations in the
system view and interface view belong to this process.
l Reliability
On the network shown in Figure 14-10, after the topology of a ring changes, the MSTP
multi-process mechanism helps UPEs flood a TC BPDU to all devices on the ring and
prevent the TC BPDU from being flooded to devices on the other ring. UPE1 and UPE2
update MAC and ARP entries on the ports corresponding to the changed spanning tree.
Core
MPLS/IP Core
UPE4 UPE3
Aggregation
MSTP
UPE1 UPE2
STP/RSTP
S1
Access
S4
S3
S2
Topology change
On the network shown in Figure 14-11, if the public link between UPE1 and UPE2 fails,
multiple switching devices that are connected to the UPEs will unblock their blocked
ports.
MPLS/IP Core
Core
UPE4 UPE3
Aggregation
MSTP
UPE1 UPE2
STP/RSTP
Access
S2 S4
S1 S3
UPE1 is configured with the highest priority, UPE2 with the second highest priority, and
all other switches with default or lower priorities. After the link between UPE1 and
UPE2 fails, the blocked ports (replacing the root ports) on switching devices no longer
receive packets with higher priorities, triggering state machine calculation. If the
calculation changes the blocked ports to designated ports, a permanent loop forms, as
shown in Figure 14-12.
Core
MPLS/IP Core
UPE4 UPE3
Aggregation
MSTP
UPE1 UPE2
STP/RSTP
Access
S2 S4
S1 S3
Core
MPLS/IP Core
UPE4 UPE3
Aggregation
MSTP
UPE1 UPE2
Eth-Trunk
STP/RSTP
Access
S2 S4
S1 S3
Core
MPLS/IP Core
UPE4 UPE3
Aggregation
MSTP
UPE1 UPE2
Root
protection
S2
S4
Access
STP/RSTP
S1 S3
The blue ring in Figure 14-14 is used as an example. UPE1 is configured with the
highest priority, UPE2 with the second highest priority, and switching devices on
the blue ring with default or lower priorities. Root protection is enabled on UPE2.
If a port on S1 is blocked, when the public link between UPE1 and UPE2 fails, the
blocked port on S1 starts to perform state machine calculation. After calculation,
the blocked port becomes the designated port and performs P/A negotiation with the
downstream device.
After S1 sends BPDUs of higher priorities to the UPE2 port enabled with root
protection, the port is blocked. The port remains blocked because it continues to
receive BPDUs of higher priorities, which prevents loops from occurring.
MST Region
S1 S2
all VLAN
VLAN
VLAN VLAN
10&20 VLAN
20&30 20&30
10&20
VLAN
S3 20&40 S4
MSTP allows packets in different VLANs to be forwarded by using different spanning tree
instances. An example of a network using MSTP is shown in Figure 14-15. The network is
configured in the following ways:
In Figure 14-15, S1 and S2 are devices at the aggregation layer, and S3 and S4 are devices at
the access layer. Traffic from VLAN 10 and VLAN 30 is terminated by aggregation devices,
and traffic from VLAN 40 is terminated by the access device. Therefore, S1 and S2 can be
configured as the roots of MSTI 1 and MSTI 3, and S3 can be configured as the root of MSTI
4.
After MSTP multi-process is enabled, each MSTP process corresponds to a ring connected to
the UPE. STP on each ring calculates a tree independently.
MPLS/IP Core
Core
UPE4 UPE3
Aggregation
MSTP
UPE1 UPE2
STP/RSTP
S1 S4 Access
S2 S3
Configure MSTP protection You can configure one or 14.10 Configuring MSTP
functions. more functions. Protection Functions
License Support
MSTP is a basic feature of a switch and is not under license control.
Version Support
NOTE
To know details about software mappings, see Version Mapping Search for Huawei Switches.
Item Specification
l MSTP BPDUs may be discarded in a scenario wherein there are many MSTIs and MSTP
multi-process is configured. This is due to the default CIR of STP being insufficient.
(The default CIR of STP is insufficient because the length of MSTP BPDUs increases as
the number of MSTIs increases, and the number of outgoing MSTP BPDUs increases
when MSTP multi-process is configured.) To avoid this situation, increase the CIR of
STP.
If the CPCAR values are adjusted improperly, network services are affected. To adjust
the CPCAR values of STP BPDUs, contact technical support personnel.
Context
MSTP is configured on switches to trim a ring network to a loop-free network. Devices start
spanning tree calculation after the working mode is set and MSTP is enabled. To intervene in
the spanning tree calculation, use any of the following methods:
l Manually configure the root bridge and secondary root bridge.
l Set a priority for a switch in an MSTI. The lower the numerical value, the higher the
priority of the switch and the more likely the switch becomes a root bridge.
l Set a path cost for a port in an MSTI. The lower the numerical value, the smaller the cost
of the path from the port to the root bridge and the more likely the port becomes a root
port (assuming the same calculation method is used).
l Set a priority for a port in an MSTI. The lower the numerical value, the more likely the
port becomes a designated port.
Procedure
Step 1 Run:
system-view
The working mode of the switch is set to MSTP. By default, the working mode is MSTP.
MSTP can recognize RSTP BPDUs and, conversely, RSTP can recognize MSTP BPDUs.
However, MSTP and STP cannot recognize each other's BPDUs. To enable devices running
different spanning tree protocols to interwork with each other, interfaces of an MSTP-enabled
switch connected to devices running STP automatically transition to STP mode; other
interfaces continue to work in MSTP mode.
----End
NOTE
Two switches belong to the same MST region when they have the same:
l Name of the MST region
l Mapping between VLANs and MSTIs
l Revision level of the MST region
Perform the following steps on a switch that needs to join an MST region.
Procedure
Step 1 Run:
system-view
Step 3 Run:
region-name name
NOTE
Changing MST region configurations (especially changes in the VLAN mapping table) triggers
spanning tree recalculation and may cause route flapping. Therefore:
l After configuring an MST region name, VLAN-to-MSTI mappings, and an MSTP revision number,
run the check region-configuration command in the MST region view to verify the configuration.
After confirming the region configurations, run the active region-configuration command to
activate MST region configurations.
l You are advised not to modify MST region parameters after the MST region is activated.
Step 6 Run:
active region-configuration
MST region configurations are activated so that the configured region name, VLAN-to-MSTI
mappings, and revision number can take effect.
The preceding configurations do not take effect until this command is run.
If MST region configurations on the switch change after MSTP starts, the active region-
configuration command must be run before the changes take effect.
Before using the active region-configuration command to activate the modified MST region
parameters, run the check region-configuration command to check whether parameters are
correct. After the active region-configuration command is run, if a message that indicates an
activation failure is displayed, reconfigure MSTP parameters.
----End
Context
MSTP can calculate the root bridge or you can manually configure the root bridge or
secondary root bridge. Manually configuring the root bridge and secondary root bridge is
recommended.
A switch can function as a root bridge or a secondary root bridge in a spanning tree. It can
also function as the root bridge or secondary root bridge of another spanning tree. In a
spanning tree:
l Only one root bridge takes effect. If two or more root bridges are specified in a spanning
tree, the device with the smallest MAC address is used.
l Multiple secondary root bridges can be specified. If the root bridge fails or is powered
off and no new root bridge is specified, the secondary root bridge with smallest MAC
address will become the root bridge of the spanning tree.
Procedure
l Perform the following operations on the device to be used as the root bridge.
a. Run:
system-view
By default, a switch does not function as the secondary root bridge. After the
configuration is complete, the BID of the device is 4096 (this value cannot be
modified).
If instance is not specified, the device in MSTI 0 is a secondary root bridge.
----End
Context
In an MSTI, there can be only one root bridge, which is the logical center of the MSTI. The
root bridge should be a high-performance switch; however, the priority of such a device may
not be the highest on the network. To ensure that such a device is selected as the root bridge,
set a low priority for low-performance switches, and set a high priority for high-performance
switches. A smaller priority value indicates a higher priority.
Procedure
Step 1 Run:
system-view
NOTE
If the stp [ instance instance-id ] root primary or stp [ instance instance-id ] root secondary
command has been executed to configure the device as the root bridge or secondary root bridge, to
change the device priority, run the undo stp [ instance instance-id ] root command to disable the root
bridge or secondary root bridge function and run the stp [ instance instance-id ] priority priority
command to set a priority.
----End
Context
A path cost is port-specific and is used by MSTP to select a link.
Path costs of ports are an important metric used in spanning tree calculation and determine
root port selection in an MSTI. The port with the lowest path cost to the root bridge is
selected as the root port. Setting different path costs for a port in different MSTIs allows
VLAN traffic to be transmitted along different physical links for load balancing.
If loops occur on a network, it is recommended that you set a large path cost for ports with
low link rates.
Procedure
Step 1 Run:
system-view
----End
Procedure
Step 1 Run:
system-view
----End
Context
Enabling MSTP on a ring network immediately triggers spanning tree calculation. If basic
configurations are not performed on switches and interfaces before MSTP is enabled, network
flapping may occur upon changes to parameters such as device priority and interface priority
Procedure
Step 1 Run:
system-view
Step 2 Run:
stp enable
NOTE
If the management network interface for an MSTP-enabled device is a VLANIF interface of a VLAN,
run the ethernet-loop-protection ignored-vlan command to specify this VLAN as an ignored VLAN.
During MSTP calculation, the interface on which the ignored VLAN is configured remains in
forwarding state. Therefore, services are not interrupted.
After MSTP is enabled on a port, edge port detection is started automatically. If the port fails to receive
BPDU packets within (2 x Hello Timer + 1) seconds, the port is set to an edge port. Otherwise, the port
is set to a non-edge port.
----End
Follow-up Procedure
If the topology of a spanning tree changes, the forwarding paths to associated VLANs are
changed. On the switch, therefore, the ARP entries corresponding to these VLANs need to be
updated. MSTP processes ARP entries in either fast or normal mode.
To specify which mode is used for STP/RSTP convergence, run the stp converge { fast |
normal } command in the system view.
NOTE
If fast mode is used, ARP entries are frequently deleted. This causes high CPU usage on the device
(reaching 100%) and results in frequent network flapping. Therefore, using normal mode is
recommended.
Pre-configuration Tasks
MSTP ensures that spanning trees in rings are calculated independently. After MSTP multi-
process is enabled, each MSTP process can manage certain ports on a device. Each Layer 2
interface can be managed by multiple MSTP processes.
Before configuring MSTP multi-process, complete and activate the MST region
configuration.
Procedure
Step 1 Run:
system-view
Step 3 Run:
stp mode mstp
NOTE
l A default MSTP process with the ID 0 is established when a device starts. MSTP configurations in
the system view and interface view belong to this process. The default working mode of this process
is MSTP.
l To add an interface to an MSTP process whose ID is not 0, run the stp process command followed
by the stp binding process command.
----End
Context
After being added to MSTP processes, interfaces can participate in MSTP calculation. The
links connecting MSTP-enabled devices and access rings are called access links, and the link
shared by multiple access rings is called a shared link. Interfaces on this shared link
participate in MSTP calculation in multiple access rings and MSTP processes.
Procedure
l Adding a port on an access link to an MSTP process
a. Run:
system-view
The interface specified in this command must be the interface that connects the
device and the access ring.
c. Run:
stp binding process process-id
NOTE
If an interface joining the MSTP process has sub-interfaces configured with other features
such as VPLS, run the stp vpls-subinterface enable command. The main interface can then
notify its sub-interfaces to update MAC address entries and ARP entries after receiving a
TC-BPDU. This prevents service interruption. In addition, root protection needs to be
configured on the main interface. Switch XGE interfaces connected to the LE1D2FW00S01
card do not support the notification function.
A port on an access link can join only one MSTP process. If you run this command multiple
times, only the latest configuration takes effect.
l Adding a port on a shared link to an MSTP process
a. Run:
system-view
The view of the Ethernet interface that participates in spanning tree calculation is
displayed.
The interface specified in this command must be an interface on the shared link
between the devices configured with MSTP multi-process. It cannot be an interface
that connects an access ring and device.
c. Run:
stp binding process process-id1 [ to process-id2 ] link-share
NOTE
In an MSTP process where there are multiple shared links, run the stp enable command in
the MSTP multi-instance view. On an interface that is added to an MSTP process, run the
stp enable command in the interface view.
----End
Procedure
l Perform the following operations on the device to be used as the root bridge.
a. Run:
system-view
c. Run:
stp [ instance instance-id ] root primary
Procedure
Step 1 Run:
system-view
NOTE
l To configure a switch as the primary root bridge, run the stp [ instance instance-id ] root primary
command directly. The priority value of this switch is 0.
l To configure a switch as the secondary root bridge, run the stp [ instance instance-id ] root
secondary command. The priority value of this switch is 4096.
In an MSTI, a switch cannot act as the primary root bridge and secondary root bridge at the same
time.
l If the stp [ instance instance-id ] root primary or stp [ instance instance-id ] root secondary
command has been executed to configure the device as the root bridge or secondary root bridge, to
change the device priority, run the undo stp [ instance instance-id ] root command to disable the
root bridge or secondary root bridge function and run the stp [ instance instance-id ] priority
priority command to set a priority.
----End
Procedure
Step 1 Run:
system-view
Step 5 Run:
stp [ process process-id ] instance instance-id cost cost
----End
Context
During spanning tree calculation, port priorities in MSTIs determine which ports are selected
as designated ports.
To block a port in an MSTI to eliminate loops, set the port priority to a value larger than the
default value. This port will be blocked during designated port selection.
Procedure
Step 1 Run:
system-view
----End
Context
After the TC notification function is configured for MSTP multi-process, an MSTP process
can notify the MSTIs in other specified MSTP processes to refresh MAC address entries and
ARP entries after receiving a TC-BPDU. This ensures service continuity. To configure the TC
notification function for MSTP multi-process, perform the following procedure on the devices
connected to access rings.
Procedure
Step 1 Run:
system-view
Step 2 Run:
stp process process-id
Step 3 Run:
stp tc-notify process 0
After the stp tc-notify process 0 command is run, the current MSTP process notifies the
MSTIs in MSTP process 0 to update MAC entries and ARP entries after receiving a TC-
BPDU. This prevents services from being interrupted.
----End
Context
After MSTP multi-process is enabled on the switch, you must enable MSTP in the MSTP
process view so that the MSTP configuration can take effect in the MSTP process.
Enabling MSTP on a ring network immediately triggers spanning tree calculation on the
network. On the switch, configurations such as the switch priority and port priority affect
spanning tree calculation. Any change to these configurations may cause network flapping.
Therefore, to ensure rapid and stable spanning tree calculation, perform basic configurations
on the switch and its ports and enable MSTP.
Procedure
Step 1 Run:
system-view
Step 2 Run:
stp process process-id
Step 3 Run:
stp enable
----End
Follow-up Procedure
If the topology of a spanning tree changes, the forwarding paths to associated VLANs are
changed. On the switch, therefore, the ARP entries corresponding to these VLANs need to be
updated. MSTP processes ARP entries in either fast or normal mode.
To specify which mode is used for STP/RSTP convergence, run the stp converge { fast |
normal } command in the system view.
NOTICE
If fast mode is used, ARP entries are frequently deleted. This causes high CPU usage on the
MPU and LPU (reaching 100%) and results in frequent network flapping. Therefore, using
normal mode is recommended.
Procedure
l Run the display stp process process-id [ instance instance-id ] [ interface interface-
type interface-number | slot slot-id ] [ brief ] command to view spanning-tree status and
statistics.
----End
Pre-configuration Tasks
Before configuring MSTP parameters that affect route convergence, configure MSTP or
MSTP multi-process.
Context
Any two terminals on a switching network are connected through a specific path spanning
multiple devices. The network diameter is the maximum number of devices between any two
terminals. A larger network diameter indicates a larger network scale.
A network diameter that is too large may cause slow network convergence and affect
communication. Run the stp bridge-diameter command to set an appropriate network
diameter based on the network scale to speed up convergence.
It is recommended that all devices be configured with the same network diameter.
Procedure
Step 1 Run:
system-view
NOTE
Step 3 Run:
stp bridge-diameter diameter
NOTE
RSTP uses a single spanning tree instance on the entire network, meaning that performance deterioration
cannot be prevented when the network scale increases. Therefore, the network diameter cannot be larger than
7.
----End
Context
If a device does not receive any BPDUs from the upstream device within the timeout interval,
the device considers the upstream device to be down and triggers spanning tree recalculation.
Sometimes, a device cannot receive the BPDU from the upstream device within the timeout
interval because the upstream device is busy. In this case, recalculating the spanning tree will
waste network resources. Set a long timeout interval on a stable network to avoid this.
Procedure
Step 1 Run:
system-view
NOTE
Step 3 Run:
stp timer-factor factor
The timeout interval is set, specifying how long the upstream device waits for BPDUs.
----End
Context
The following timers are used in spanning tree calculation:
l Forward Delay: specifies the delay before a state transition. After the topology of a ring
network changes, it takes some time to spread the new configuration BPDU throughout
the entire network. As a result, the original blocked port may be unblocked before a new
port is blocked. This creates a loop on the network. You can set the Forward Delay timer
to prevent loops. When the topology changes, all ports will be temporarily blocked
during the Forward Delay.
l Hello Time: specifies the interval at which Hello packets are sent. A switching device
sends configuration BPDUs at the specified interval to detect link failures. If the
switching device does not receive any BPDUs within a Hello timer interval, the
switching device triggers spanning tree recalculation.
l Max Age: determines when BPDUs expire. A switching device determines that a
received configuration BPDU times out when the Max Age expires.
Devices on a ring network must use the same values for Forward Delay, Hello Time, and Max
Age.
You are not advised to directly change the preceding three parameters as they are related to
the network scale; therefore, it is recommended that you set the network diameter so that the
spanning tree protocol automatically adjusts these timers. When the default network diameter
is used, the three timers also use their default values.
NOTICE
To prevent frequent network flapping, make sure that the Hello Time, Forward Delay, and
Max Age timer values conform to the following formulas:
l 2 x (Forward Delay - 1 second) >= Max Age
l Max Age >= 2 x (Hello Time + 1 second)
Procedure
Step 1 Run:
system-view
NOTE
----End
In Figure 14-17, SwitchA and SwitchB are connected through two Eth-Trunk links. Eth-
Trunk 1 has three member interfaces in Up state and Eth-Trunk 2 has two member interfaces
in Up state. Each member link has the same bandwidth, and SwitchA is selected as the root
bridge.
l Eth-Trunk 1 has higher bandwidth than Eth-Trunk 2. After STP calculation, Eth-Trunk 1
on SwitchB is selected as the root port and Eth-Trunk 2 is selected as the alternate port.
l If the maximum number of connections affecting bandwidth of Eth-Trunk 1 is set to 1,
the path cost of Eth-Trunk 1 becomes larger than the path cost of Eth-Trunk 2. Therefore,
the two devices perform spanning tree recalculation. Afterwards, Eth-Trunk 1 on
SwitchB becomes the alternate port and Eth-Trunk 2 becomes the root port.
S w it c h A S w it c h B
E th -T ru n k 1
A fte r
c o n fig u r a tio n E th -T ru n k 2
R o o t B r id g e
A lte r n a te p o r t
R o o t p o rt
D e s ig n a te d p o r t
The maximum number of connections affects only the path cost of an Eth-Trunk interface
participating in spanning tree calculation, and does not affect the actual bandwidth of the Eth-
Trunk link. The actual bandwidth for an Eth-Trunk link depends on the number of active
member interfaces in the Eth-Trunk.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface eth-trunk trunk-id
Step 3 Run:
max bandwidth-affected-linknumber link-number
----End
Procedure
Step 1 Run:
system-view
----End
Procedure
Step 1 Run:
system-view
By default, the maximum number of BPDUs that a port sends is 6 per second.
----End
Context
If an interface on an MSTP-enabled device is connected to an STP-enabled device, the
interface switches to the STP-compatible mode.
Procedure
l Switch to the MSTP mode in the interface view.
a. Run:
system-view
The view of the Ethernet interface that participates in spanning tree calculation is
displayed.
c. Run:
stp mcheck
NOTE
----End
NOTICE
After all ports are configured as edge ports and BPDU filter ports in the system view, the
ports do not send BPDUs or negotiate the STP status with directly connected ports on the peer
device. All ports are in the Forwarding state, which may cause loops on the network and lead
to broadcast storms. Exercise caution when you configure a port as an edge port and BPDU
filter port.
After a port is configured as an edge port and BPDU filter port in the interface view, the port
does not process or send BPDUs. The port cannot negotiate the STP status with the directly
connected port on the peer device. Exercise caution when you configure a port as an edge port
and BPDU filter port.
Procedure
l Configuring all ports as edge ports and BPDU filter ports in the system view
a. Run:
system-view
b. Run:
interface interface-type interface-number
The view of the Ethernet interface that participates in spanning tree calculation is
displayed.
c. (Optional) Run:
stp edged-port enable
Procedure
Step 1 Run:
system-view
NOTE
Step 3 Run:
stp max-hops hop
----End
Procedure
l Run the display stp [ process process-id ] [ instance instance-id ] [ interface interface-
type interface-number | slot slot-id ] [ brief ] command to view spanning-tree status and
statistics.
----End
Pre-configuration Tasks
Before configuring MSTP protection functions, configure MSTP or MSTP multi-process.
Context
Edge ports are directly connected to user terminal and will not receive BPDUs. Attackers may
send pseudo BPDUs to attack the switch. If the edge ports receive the BPDUs, the switch
configures the edge ports as non-edge ports and triggers a new spanning tree calculation.
Network flapping then occurs. BPDU protection can be used to protect switches against
malicious attacks.
Perform the following procedure on all switches that have edge ports.
Procedure
Step 1 Run:
system-view
NOTE
Step 3 Run:
stp bpdu-protection
----End
Follow-up Procedure
If you want an edge port to automatically recover from the error-down state, run the error-
down auto-recovery cause bpdu-protection interval interval-value command in the system
view to configure the auto recovery function and set a recovery delay on the port. Then a port
in error-down state can automatically go Up after the recovery delay. Note the following when
setting the recovery delay:
l The auto recovery function is disabled by default and does not have a default value for
the recovery delay. When you enable the auto recovery function, you must set a recovery
delay.
l A smaller interval-value indicates a shorter time before an edge port goes Up, and a
higher frequency of Up/Down state transitions on the port.
l A larger interval-value indicates a longer time before an edge port goes Up, and a longer
service interruption time.
l The auto recovery function takes effect only for the interfaces that transition to the error-
down state after the error-down auto-recovery command is executed.
Context
If attackers forge TC-BPDUs to attack the switch, the switch receives a large number of TC
BPDUs within a short period. If MAC address entries and ARP entries are deleted frequently,
the switch is heavily burdened, causing potential risks to the network.
Procedure
Step 1 Run:
system-view
NOTE
Step 3 Run:
stp tc-protection interval interval-value
The time taken by the device to process the maximum number of TC BPDUs is set.
By default, the device processes the maximum number of TC BPDUs at an interval of the
Hello time.
Step 4 Run:
stp tc-protection threshold threshold
The number of times the MSTP process handles the received TC BPDUs and updates
forwarding entries within a given time is set.
NOTE
Within the time specified by stp tc-protection interval, the switch processes the number of TC BPDUs
specified by stp tc-protection threshold. Packets that exceed this threshold are delayed, so spanning
tree convergence may be affected. For example, if the period is set to 10s and the threshold is set to 5,
the device processes five TC BPDUs within 10s. After 10s, the device processes subsequent TC BPDUs.
----End
Context
Due to incorrect configurations or malicious attacks on the network, a root bridge may receive
BPDUs with a higher priority. Consequently, the legitimate root bridge is no longer able to
serve as the root bridge and the network topology is changed, triggering spanning tree
recalculation. This may also result in traffic that should be transmitted over high-speed links
being transmitted over low-speed links, leading to network congestion. The root protection
function on a switch preserves the role of the designated port in order to protect the root
bridge.
NOTE
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
NOTE
Step 4 Run:
stp root-protection
----End
Context
To maintain the root port status and status of blocked ports on a network running MSTP, a
switch receives BPDUs from an upstream switch. If the switch cannot receive these BPDUs
because of link congestion or unidirectional-link failure, the switch re-selects a root port. The
original root port becomes a designated port and the original blocked ports change to the
Forwarding state. This may cause network loops. To mitigate this issue, configure loop
protection.
If the root port or alternate port does not receive BPDUs from the upstream device for a long
period, the switch enabled with loop protection sends a notification to the NMS. If the root
port is used, the root port enters the Discarding state and becomes the designated port. If the
alternate port is used, the alternate port remains blocked and becomes the designated port. In
this case, loops will not occur. After the link congestion subsides or unidirectional link
failures are rectified, the port receives BPDUs for negotiation and restores its original role and
status.
NOTE
An alternate port is a backup port for a root port. If a switch has an alternate port, configure loop
protection on both the root port and the alternate port.
Perform the following steps on the root port and alternate port on a switch in an MST region.
Procedure
Step 1 Run:
system-view
NOTE
Step 4 Run:
stp loop-protection
----End
Context
Shared-link protection is used in scenarios where a switch is dual homed to a network.
If a shared link fails, shared-link protection forcibly changes the working mode of a local
switch to RSTP. This function can be used together with root protection to avoid network
loops.
Procedure
Step 1 Run:
system-view
Step 2 Run:
stp process process-id
NOTE
Step 3 Run:
stp link-share-protection
----End
Procedure
l Run the display stp [ process process-id ] [ instance instance-id ] [ interface interface-
type interface-number | slot slot-id ] [ brief ] command to view spanning-tree status and
statistics.
----End
Procedure
Step 1 Run:
system-view
Step 3 Run:
stp no-agreement-check
----End
Procedure
Step 1 Run:
system-view
NOTE
The negotiation will fail if the format of MSTP packets is set to dot1s at one end and legacy at the other
end.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
stp config-digest-snoop
----End
Procedure
l Run the display stp [ process process-id ] [ instance instance-id ] [ interface interface-
type interface-number | slot slot-id ] [ brief ] command to view spanning-tree status and
statistics.
----End
Context
NOTICE
MSTP statistics cannot be restored after being cleared.
Procedure
l Run the reset stp [ interface interface-type interface-number ] statistics command to
clear spanning-tree statistics.
l Run the reset stp error packet statistics to clear the statistics of error STP packets.
----End
Network
RG1
SwitchA Eth-Trunk1 SwitchB
GE1/0/3 GE1/0/3
GE1/0/2
SwitchC SwitchD
GE1/0/2
GE1/0/1 GE1/0/1
MSTI 1:
Root Switch:SwitchA
Blocked port
MSTI 2:
Root Switch:SwitchB
Blocked port
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic MSTP functions on the switch on the ring network. Because ports
connected to the PCs do not participate in MSTP calculation, configure these ports as
edge ports.
2. Configure protection functions to protect devices or links. You can configure root
protection on the designated port of the root bridge.
NOTE
When the link between the root bridge and secondary root bridge goes Down, the port enabled with root
protection becomes Discarding because root protection takes effect.
To improve the reliability, you are advised to bind the link between the root bridge and secondary root
bridge to an Eth-Trunk.
3. Configure Layer 2 forwarding.
Procedure
Step 1 Configure basic MSTP functions.
1. Configure SwitchA, SwitchB, SwitchC, and SwitchD in the same MST region named
RG1 and create MSTI 1 and MSTI 2.
NOTE
Two switches belong to the same MST region when they have the same:
– Name of the MST region
– Mapping between VLANs and MSTIs
– Revision level of the MST region
# Configure an MST region on SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] stp region-configuration
[SwitchA-mst-region] region-name RG1
[SwitchA-mst-region] instance 1 vlan 2 to 10
[SwitchA-mst-region] instance 2 vlan 11 to 20
[SwitchA-mst-region] active region-configuration
[SwitchA-mst-region] quit
2. In the MST region RG1, configure the root bridge and secondary root bridge in MSTI 1
and MSTI 2.
3. Set the path costs of the ports to be blocked in MSTI 1 and MSTI 2 to be greater than the
default value.
NOTE
– The path cost values depend on path cost calculation methods. This example uses the Huawei
calculation method as an example to set the path cost to 20000 for the ports to be blocked.
– All switches on a network must use the same path cost calculation method.
# Configure SwitchA to use Huawei calculation method to calculate the path cost.
[SwitchA] stp pathcost-standard legacy
# Configure SwitchB to use Huawei calculation method to calculate the path cost.
[SwitchB] stp pathcost-standard legacy
# Configure SwitchC to use Huawei calculation method to calculate the path cost, and
set the path cost of GE1/0/2 in MSTI 2 to 20000.
[SwitchC] stp pathcost-standard legacy
[SwitchC] interface gigabitethernet 1/0/2
[SwitchC-GigabitEthernet1/0/2] stp instance 2 cost 20000
[SwitchC-GigabitEthernet1/0/2] quit
# Configure SwitchD to use Huawei calculation method to calculate the path cost, and
set the path cost of GE1/0/2 in MSTI 1 to 20000.
[SwitchD] stp pathcost-standard legacy
[SwitchD] interface gigabitethernet 1/0/2
[SwitchD-GigabitEthernet1/0/2] stp instance 1 cost 20000
[SwitchD-GigabitEthernet1/0/2] quit
NOTE
If edge ports are connected to network devices that have STP enabled and BPDU protection
is enabled, the edge ports will be shut down and their attributes remain unchanged after they
receive BPDUs.
Step 2 Configure root protection on the designated port of the root bridge.
# Enable root protection on GE1/0/1 of SwitchA.
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] stp root-protection
[SwitchA-GigabitEthernet1/0/1] quit
After the preceding configurations are complete and the network topology becomes stable,
perform the following operations to verify the configuration.
NOTE
MSTI 1 and MSTI 2 are used as examples. You do not need to check the interface status in MSTI 0.
# Run the display stp brief command on SwitchA to view the status and protection mode on
the ports. Output similar to the following is displayed:
[SwitchA] display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet1/0/1 DESI FORWARDING ROOT
0 Eth-Trunk1 DESI FORWARDING NONE
1 GigabitEthernet1/0/1 DESI FORWARDING ROOT
1 Eth-Trunk1 DESI FORWARDING NONE
2 GigabitEthernet1/0/1 DESI FORWARDING ROOT
2 Eth-Trunk1 ROOT FORWARDING NONE
In MSTI 1, GE1/0/1 and Eth-Trunk1 are designated ports because SwitchA is the root bridge.
In MSTI 2, GE1/0/1 on SwitchA is the designated port and Eth-Trunk1 is the root port.
# Run the display stp brief command on SwitchB. Output similar to the following is
displayed:
[SwitchB] display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet1/0/1 DESI FORWARDING ROOT
0 Eth-Trunk1 ROOT FORWARDING NONE
1 GigabitEthernet1/0/1 DESI FORWARDING ROOT
1 Eth-Trunk1 ROOT FORWARDING NONE
2 GigabitEthernet1/0/1 DESI FORWARDING ROOT
2 Eth-Trunk1 DESI FORWARDING NONE
In MSTI 2, GE1/0/1 and Eth-Trunk1 are designated ports because SwitchB is the root bridge.
In MSTI 1, GE1/0/1 on SwitchB is the designated port and Eth-Trunk1 is the root port.
# Run the display stp interface brief commands on SwitchC. Output similar to the following
is displayed:
[SwitchC] display stp interface gigabitethernet 1/0/3 brief
MSTID Port Role STP State Protection
0 GigabitEthernet1/0/3 ROOT FORWARDING NONE
1 GigabitEthernet1/0/3 ROOT FORWARDING NONE
2 GigabitEthernet1/0/3 ROOT FORWARDING NONE
[SwitchC] display stp interface gigabitethernet 1/0/2 brief
MSTID Port Role STP State Protection
0 GigabitEthernet1/0/2 DESI FORWARDING NONE
1 GigabitEthernet1/0/2 DESI FORWARDING NONE
2 GigabitEthernet1/0/2 ALTE DISCARDING NONE
GE1/0/3 on SwitchC is the root port in MSTI 1 and MSTI 2. GE1/0/2 on SwitchC is the
designated port in MSTI 1 but is blocked in MSTI 2.
# Run the display stp interface brief commands on SwitchD. Output similar to the following
is displayed:
[SwitchD] display stp interface gigabitethernet 1/0/3 brief
MSTID Port Role STP State Protection
0 GigabitEthernet1/0/3 ROOT FORWARDING NONE
1 GigabitEthernet1/0/3 ROOT FORWARDING NONE
2 GigabitEthernet1/0/3 ROOT FORWARDING NONE
[SwitchD] display stp interface gigabitethernet 1/0/2 brief
MSTID Port Role STP State Protection
0 GigabitEthernet1/0/2 ALTE DISCARDING NONE
1 GigabitEthernet1/0/2 ALTE DISCARDING NONE
2 GigabitEthernet1/0/2 DESI FORWARDING NONE
GE1/0/3 on SwitchD is the root port in MSTI 1 and MSTI 2. GE1/0/2 on SwitchD is the
blocked port in MSTI 1 and is the designated port in MSTI 2.
----End
Configuration Files
l SwitchA configuration file
#
sysname SwitchA
#
vlan batch 2 to 20
#
stp instance 1 root primary
stp instance 2 root secondary
stp pathcost-standard legacy
stp enable
#
stp region-configuration
region-name RG1
instance 1 vlan 2 to 10
instance 2 vlan 11 to 20
active region-configuration
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 2 to 20
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 20
stp root-protection
#
interface GigabitEthernet1/0/2
eth-trunk 1
#
interface GigabitEthernet1/0/3
eth-trunk 1
#
return
l SwitchB configuration file
#
sysname SwitchB
#
vlan batch 2 to 20
#
stp instance 1 root secondary
stp instance 2 root primary
stp pathcost-standard legacy
stp enable
#
stp region-configuration
region-name RG1
instance 1 vlan 2 to 10
instance 2 vlan 11 to 20
active region-configuration
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 2 to 20
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 20
stp root-protection
#
interface GigabitEthernet1/0/2
eth-trunk 1
#
interface GigabitEthernet1/0/3
eth-trunk 1
#
return
l SwitchC configuration file
#
sysname SwitchC
#
vlan batch 2 to 20
#
stp bpdu-protection
stp pathcost-standard legacy
stp enable
#
stp region-configuration
region-name RG1
instance 1 vlan 2 to 10
instance 2 vlan 11 to 20
active region-configuration
#
interface GigabitEthernet1/0/1
port link-type access
port default vlan 2
stp edged-port enable
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 20
stp instance 2 cost 20000
#
interface GigabitEthernet1/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 20
#
return
by using Switch B as the default gateway and Switch A as the secondary gateway. This allows
traffic to be load balanced and communication reliability improved.
GE1/0/2
1 /0
/2 1/ 0 /1
GE
S w itc h C M STP In te rn e t
GE1/0/2
GE
3
1 /0 / S w itc h C 1 /0 /4
G E
H o stB GE R o u te rB
1 /0 /0 /3
VLAN 3 /1 GE1
1 0 .1 .3 .1 0 1 /2 4 S w itc h B
V R ID 1 :B a cku p
V R R P V R ID 2 V R ID 2 :M a ste r
V irtu a l IP A d d re s s :
1 0 .1 .3 .1 0 0
M STI 1: M STI 2:
Configuration Roadmap
The configuration roadmap is as follows:
Because the interfaces connecting to hosts do not participate in MSTP calculation, configure
these ports as edge ports.
2. Enable the protection function to protect devices or links. For example, enable the
protection function on the root bridge of each instance to protect roots.
3. Configure Layer 2 forwarding.
4. Assign an IP address to each interface and configure the routing protocol on each device
to ensure network connectivity.
5. Create VRRP group 1 and VRRP group 2 on Switch A and Switch B. Configure Switch
A as the master device and Switch B as the backup device of VRRP group 1. Configure
Switch B as the master device and Switch A as the backup device of VRRP group 2.
Procedure
Step 1 Configure basic MSTP functions.
1. Add Switch A, Switch B, and Switch C to region RG1, and create instances MSTI 1 and
MSTI 2.
# Configure an MST region on Switch A.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] stp region-configuration
[SwitchA-mst-region] region-name RG1
[SwitchA-mst-region] instance 1 vlan 2
[SwitchA-mst-region] instance 2 vlan 3
[SwitchA-mst-region] active region-configuration
[SwitchA-mst-region] quit
2. Configure the root bridges and backup bridges for MSTI 1 and MSTI 2 in RG1.
– Configure the root bridge and backup bridge for MSTI 1.
# Set Switch A as the root bridge of MSTI 1.
[SwitchA] stp instance 1 root primary
3. Set the path costs of the interfaces that you want to block on MSTI 1 and MSTI 2 to be
greater than the default value.
NOTE
– The path cost range is determined by the calculation method. The Huawei calculation method
is used as an example. Set the path costs of the interfaces to 20000.
– The switches on the same network must use the same calculation method to calculate path
costs.
# Set the path cost calculation method on Switch A to Huawei calculation method.
[SwitchA] stp pathcost-standard legacy
# Set the path cost calculation method on Switch B to Huawei calculation method.
[SwitchB] stp pathcost-standard legacy
# Set the path cost calculation method on Switch C to Huawei calculation method. Set
the path cost of GE1/0/1 in MSTI 2 to 20000; set the path cost of GE1/0/4 in MSTI 1 to
20000.
[SwitchC] stp pathcost-standard legacy
[SwitchC] interface gigabitethernet 1/0/1
[SwitchC-GigabitEthernet1/0/1] stp instance 2 cost 20000
[SwitchC-GigabitEthernet1/0/1] quit
[SwitchC] interface gigabitethernet 1/0/4
[SwitchC-GigabitEthernet1/0/4] stp instance 1 cost 20000
[SwitchC-GigabitEthernet1/0/4] quit
NOTE
If edge ports are connected to network devices that have STP enabled and BPDU protection
is enabled, the edge ports will be shut down and their attributes remain unchanged after they
receive BPDUs.
Step 2 Enable the protection function on the designated interfaces of each root bridge.
# Enable root protection on GE1/0/1 of Switch A.
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] stp root-protection
[SwitchA-GigabitEthernet1/0/1] quit
NOTE
MSTI 1 and MSTI 2 are used as examples. You do not need to check the interface status in MSTI 0.
# Run the display stp brief command on Switch A to view the status and protection mode on
ports. Output similar to the following is displayed
[SwitchA] display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet1/0/1 DESI FORWARDING ROOT
0 GigabitEthernet1/0/2 DESI FORWARDING NONE
1 GigabitEthernet1/0/1 DESI FORWARDING ROOT
1 GigabitEthernet1/0/2 DESI FORWARDING NONE
2 GigabitEthernet1/0/1 DESI FORWARDING ROOT
2 GigabitEthernet1/0/2 ROOT FORWARDING NONE
In MSTI 1, GE1/0/2 and GE1/0/1 of Switch A are set as designated interfaces because Switch
A is the root bridge of MSTI 1. In MSTI 2, GE1/0/1 of Switch A is set as the designated
interface and GE1/0/2 is set as the root interface.
# Run the display stp brief command on Switch B. Output similar to the following is
displayed
[SwitchB] display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet1/0/1 DESI FORWARDING ROOT
0 GigabitEthernet1/0/2 ROOT FORWARDING NONE
1 GigabitEthernet1/0/1 DESI FORWARDING ROOT
1 GigabitEthernet1/0/2 ROOT FORWARDING NONE
In MSTI 2, GE1/0/1 and GE1/0/2 of Switch B are set as designated interfaces because Switch
B is the root bridge of MSTI 2. In MSTI 1, GE1/0/1 of Switch B is set as the designated
interface and GE1/0/2 is set as the root interface.
# Run the display stp interface brief command on Switch C. Output similar to the following
is displayed
[SwitchC] display stp interface gigabitethernet 1/0/1 brief
MSTID Port Role STP State Protection
0 GigabitEthernet1/0/1 ROOT FORWARDING NONE
1 GigabitEthernet1/0/1 ROOT FORWARDING NONE
2 GigabitEthernet1/0/1 ALTE DISCARDING NONE
[SwitchC] display stp interface gigabitethernet 1/0/4 brief
MSTID Port Role STP State Protection
0 GigabitEthernet1/0/4 ALTE DISCARDING NONE
1 GigabitEthernet1/0/4 ALTE DISCARDING NONE
2 GigabitEthernet1/0/4 ROOT FORWARDING NONE
GE1/0/1 of Switch C is the root interface of MSTI 1, and is blocked in MSTI 2. GE1/0/4 of
Switch C is the root interface of MSTI 2, and is blocked in MSTI 1.
Step 5 Connect devices.
# Assign an IP address to each interface, for example, the interfaces on SwitchA. The
configuration on SwitchB is similar to the configuration on SwitchA. For details, see the
configuration files.
[SwitchA] vlan batch 4
[SwitchA] interface gigabitethernet 1/0/3
[SwitchA-GigabitEthernet1/0/3] port link-type trunk
[SwitchA-GigabitEthernet1/0/3] port trunk allow-pass vlan 4
[SwitchA-GigabitEthernet1/0/3] quit
[SwitchA] interface vlanif 2
[SwitchA-Vlanif2] ip address 10.1.2.102 24
[SwitchA-Vlanif2] quit
[SwitchA] interface vlanif 3
[SwitchA-Vlanif3] ip address 10.1.3.102 24
[SwitchA-Vlanif3] quit
[SwitchA] interface vlanif 4
[SwitchA-Vlanif4] ip address 10.1.4.102 24
[SwitchA-Vlanif4] quit
# Run OSPF on SwitchA, SwitchB, and routers. The configuration on SwitchA is used as an
example. The configuration on SwitchB is similar to the configuration on SwitchA. For
details, see the configuration files.
[SwitchA] ospf 1
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] network 10.1.4.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
# Create VRRP group 2 on SwitchA and SwitchB. Set SwitchB as the master device, priority
to 120, and preemption delay to 20 seconds. Set SwitchA as the backup device and retain the
default priority.
[SwitchB] interface vlanif 3
[SwitchB-Vlanif3] vrrp vrid 2 virtual-ip 10.1.3.100
[SwitchB-Vlanif3] vrrp vrid 2 priority 120
[SwitchB-Vlanif3] vrrp vrid 2 preempt-mode timer delay 20
[SwitchB-Vlanif3] quit
[SwitchA] interface vlanif 3
[SwitchA-Vlanif3] vrrp vrid 2 virtual-ip 10.1.3.100
[SwitchA-Vlanif3] quit
# Set the virtual IP address 10.1.2.100 of VRRP group 1 as the default gateway of Host A,
and the virtual IP address 10.1.3.100 of VRRP group 2 as the default gateway of Host B.
Step 7 Verify the configuration.
# After completing the preceding configurations, run the display vrrp command on SwitchA.
SwitchA's VRRP status is master in VRRP group 1 and backup in VRRP group 2.
[SwitchA] display vrrp
Vlanif2 | Virtual Router 1
State : Master
Virtual IP : 10.1.2.100
Master IP : 10.1.2.102
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 20 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Create time : 2012-05-11 11:39:18
Last change time : 2012-05-26 11:38:58
# Run the display vrrp command on SwitchB. SwitchB's VRRP status is backup in VRRP
group 1 and master in VRRP group 2.
[SwitchB] display vrrp
Vlanif2 | Virtual Router 1
State : Backup
Virtual IP : 10.1.2.100
Master IP : 10.1.2.102
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES Delay Time : 0 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Create time : 2012-05-11 11:39:18
Last change time : 2012-05-26 11:38:58
----End
Configuration Files
l SwitchA configuration file
#
sysname SwitchA
#
vlan batch 2 to 4
#
stp bpdu-protection
stp instance 1 root primary
stp instance 2 root secondary
stp pathcost-standard legacy
stp enable
#
stp region-configuration
region-name RG1
instance 1 vlan 2
instance 2 vlan 3
active region-configuration
#
interface Vlanif2
ip address 10.1.2.102 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.2.100
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode timer delay 20
#
interface Vlanif3
ip address 10.1.3.102 255.255.255.0
vrrp vrid 2 virtual-ip 10.1.3.100
#
interface Vlanif4
area 0.0.0.0
network 10.1.2.0 0.0.0.255
network 10.1.3.0 0.0.0.255
network 10.1.5.0 0.0.0.255
#
return
Figure 14-20 Network diagram for connecting CEs to the VPLS in dual-homing mode
1 .1 .1 .1 /3 2 2 .2 .2 .2 /3 2
PE1 PE2
G E 1 /0 /0 G E 1 /0 /0
G E 2 /0 /0 G E 2 /0 /0
G E 1 /0 /0 G E 3 /0 /0 G E 3 /0 /0 G E 1 /0 /0
G E 2 /0 /0 VPLS G E 2 /0 /0
CE1 G E 3 /0 /0 G E 2 /0 /0 CE2
PC1 G E 1 /0 /1 G E 2 /0 /0 G E 3 /0 /0 G E 1 /0 /1 PC2
1 0 .1 .1 .1 /2 4 G E 1 /0 /0 G E 1 /0 /0 1 0 .1 .1 .2 /2 4
PE4 PE3
4 .4 .4 .4 /3 2 3 .3 .3 .3 /3 2
Loopback1 - 1.1.1.1/32
Loopback1 - 2.2.2.2/32
Loopback1 - 3.3.3.3/32
Loopback1 - 4.4.4.4/32
CE1 GigabitEthernet1/0/ - -
0
GigabitEthernet1/0/ - -
1
GigabitEthernet2/0/ - -
0
CE2 GigabitEthernet1/0/ - -
0
GigabitEthernet1/0/ - -
1
GigabitEthernet2/0/ - -
0
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the routing protocol on the backbone network to implement interworking.
2. Set up a remote LDP session between the PEs.
3. Establish a VPLS full mesh between PEs.
4. Configure MSTP. Configure PE1 and PE2 as the primary roots, and configure PE3 and
PE4 as the secondary roots.
Procedure
Step 1 Specify the VLANs that device interfaces belong to and set the IP addresses of the
corresponding VLANIF interfaces according to Figure 14-20.
NOTE
l The AC-side and PW-side physical interfaces of a PE cannot be added to the same VLAN;
otherwise, a loop may occur.
l Packets sent from CEs to PEs must contain VLAN tags.
# Configure CE1.
<Quidway> system-view
[Quidway] sysname CE1
[CE1] vlan batch 100
[CE1] interface gigabitethernet 1/0/0
[CE1-GigabitEthernet1/0/0] port link-type trunk
[CE1-GigabitEthernet1/0/0] port trunk allow-pass vlan 100
[CE1-GigabitEthernet1/0/0] quit
[CE1] interface gigabitethernet 1/0/1
[CE1-GigabitEthernet1/0/1] port link-type trunk
[CE1-GigabitEthernet1/0/1] port trunk allow-pass vlan 100
[CE1-GigabitEthernet1/0/1] quit
[CE1] interface gigabitethernet 2/0/0
[CE1-GigabitEthernet2/0/0] port link-type access
# Configure CE2.
<Quidway> system-view
[Quidway] sysname CE2
[CE2] vlan batch 100
[CE2] interface gigabitethernet 1/0/0
[CE2-GigabitEthernet1/0/0] port link-type trunk
[CE2-GigabitEthernet1/0/0] port trunk allow-pass vlan 100
[CE2-GigabitEthernet1/0/0] quit
[CE2] interface gigabitethernet 1/0/1
[CE2-GigabitEthernet1/0/1] port link-type trunk
[CE2-GigabitEthernet1/0/1] port trunk allow-pass vlan 100
[CE2-GigabitEthernet1/0/1] quit
[CE2] interface gigabitethernet 2/0/0
[CE2-GigabitEthernet2/0/0] port link-type access
[CE2-GigabitEthernet2/0/0] port default vlan 100
[CE2-GigabitEthernet2/0/0] quit
# Configure PE1.
<Quidway> system-view
[Quidway] sysname PE1
[PE1] vlan batch 10 40
[PE1] interface gigabitethernet 2/0/0
[PE1-GigabitEthernet2/0/0] port link-type trunk
[PE1-GigabitEthernet2/0/0] port trunk allow-pass vlan 10
[PE1-GigabitEthernet2/0/0] quit
[PE1] interface gigabitethernet 3/0/0
[PE1-GigabitEthernet3/0/0] port link-type trunk
[PE1-GigabitEthernet3/0/0] port trunk allow-pass vlan 40
[PE1-GigabitEthernet3/0/0] quit
[PE1] interface vlanif 10
[PE1-Vlanif10] ip address 172.16.1.1 24
[PE1-Vlanif10] quit
[PE1] interface vlanif 40
[PE1-Vlanif40] ip address 172.19.1.2 24
[PE1-Vlanif40] quit
# Configure PE2.
<Quidway> system-view
[Quidway] sysname PE2
[PE2] vlan batch 10 20
[PE2] interface gigabitethernet 2/0/0
[PE2-GigabitEthernet2/0/0] port link-type trunk
[PE2-GigabitEthernet2/0/0] port trunk allow-pass vlan 10
[PE2-GigabitEthernet2/0/0] quit
[PE2] interface gigabitethernet 3/0/0
[PE2-GigabitEthernet3/0/0] port link-type trunk
[PE2-GigabitEthernet3/0/0] port trunk allow-pass vlan 20
[PE2-GigabitEthernet3/0/0] quit
[PE2] interface vlanif 10
[PE2-Vlanif10] ip address 172.16.1.2 24
[PE2-Vlanif10] quit
[PE2] interface vlanif 20
[PE2-Vlanif20] ip address 172.17.1.1 24
[PE2-Vlanif20] quit
# Configure PE3.
<Quidway> system-view
[Quidway] sysname PE3
[PE3] vlan batch 20 30
[PE3] interface gigabitethernet 2/0/0
[PE3-GigabitEthernet2/0/0] port link-type trunk
[PE3-GigabitEthernet2/0/0] port trunk allow-pass vlan 20
[PE3-GigabitEthernet2/0/0] quit
[PE3] interface gigabitethernet 3/0/0
[PE3-GigabitEthernet3/0/0] port link-type trunk
[PE3-GigabitEthernet3/0/0] port trunk allow-pass vlan 30
[PE3-GigabitEthernet3/0/0] quit
[PE3] interface vlanif 20
[PE3-Vlanif20] ip address 172.17.1.2 24
[PE3-Vlanif20] quit
[PE3] interface vlanif 30
[PE3-Vlanif30] ip address 172.18.1.1 24
[PE3-Vlanif30] quit
# Configure PE4.
<Quidway> system-view
[Quidway] sysname PE4
[PE4] vlan batch 30 40
[PE4] interface gigabitethernet 2/0/0
[PE4-GigabitEthernet2/0/0] port link-type trunk
[PE4-GigabitEthernet2/0/0] port trunk allow-pass vlan 30
[PE4-GigabitEthernet2/0/0] quit
[PE4] interface gigabitethernet 3/0/0
[PE4-GigabitEthernet3/0/0] port link-type trunk
[PE4-GigabitEthernet3/0/0] port trunk allow-pass vlan 40
[PE4-GigabitEthernet3/0/0] quit
[PE4] interface vlanif 30
[PE4-Vlanif30] ip address 172.18.1.2 24
[PE4-Vlanif30] quit
[PE4] interface vlanif 40
[PE4-Vlanif40] ip address 172.19.1.1 24
[PE4-Vlanif40] quit
When configuring OSPF, advertise 32-bit loopback interface addresses (LSR IDs) of PE1,
PE2, PE3, and PE4.
# Configure PE1.
[PE1] router id 1.1.1.1
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.1 32
[PE1-LoopBack1] quit
[PE1] ospf 1
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 172.16.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] network 172.19.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure PE2.
[PE2] router id 2.2.2.2
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 2.2.2.2 32
[PE2-LoopBack1] quit
[PE2] ospf 1
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 172.16.1.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] network 172.17.1.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
# Configure PE3.
[PE3] router id 3.3.3.3
[PE3] interface loopback 1
[PE3-LoopBack1] ip address 3.3.3.3 32
[PE3-LoopBack1] quit
[PE3] ospf 1
[PE3-ospf-1] area 0
[PE3-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[PE3-ospf-1-area-0.0.0.0] network 172.17.1.0 0.0.0.255
[PE3-ospf-1-area-0.0.0.0] network 172.18.1.0 0.0.0.255
[PE3-ospf-1-area-0.0.0.0] quit
[PE3-ospf-1] quit
# Configure PE4.
[PE4] router id 4.4.4.4
[PE4] interface loopback 1
[PE4-LoopBack1] ip address 4.4.4.4 32
[PE4-LoopBack1] quit
[PE4] ospf 1
[PE4-ospf-1] area 0
[PE4-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0
[PE4-ospf-1-area-0.0.0.0] network 172.18.1.0 0.0.0.255
[PE4-ospf-1-area-0.0.0.0] network 172.19.1.0 0.0.0.255
[PE4-ospf-1-area-0.0.0.0] quit
[PE4-ospf-1] quit
# Wait for 40s and run the display ip routing-table command on PE1, PE2, and PE3. Output
similar to the following is displayed (PE1 is used as an example). The output indicates that
the PEs have learned the routes to one another.
[PE1] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 12 Routes : 13
# Configure PE2.
[PE2] mpls lsr-id 2.2.2.2
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface vlanif 10
[PE2-Vlanif10] mpls
[PE2-Vlanif10] mpls ldp
[PE2-Vlanif10] quit
[PE2] interface vlanif 20
[PE2-Vlanif20] mpls
[PE2-Vlanif20] mpls ldp
[PE2-Vlanif20] quit
# Configure PE3.
[PE3] mpls lsr-id 3.3.3.3
[PE3] mpls
[PE3-mpls] quit
[PE3] mpls ldp
[PE3-mpls-ldp] quit
[PE3] interface vlanif 20
[PE3-Vlanif20] mpls
[PE3-Vlanif20] mpls ldp
[PE3-Vlanif20] quit
[PE3] interface vlanif 30
[PE3-Vlanif30] mpls
[PE3-Vlanif30] mpls ldp
[PE3-Vlanif30] quit
# Configure PE4.
[PE4] mpls lsr-id 4.4.4.4
[PE4] mpls
[PE4-mpls] quit
[PE4] mpls ldp
[PE4-mpls-ldp] quit
[PE4] interface vlanif 30
[PE4-Vlanif30] mpls
[PE4-Vlanif30] mpls ldp
[PE4-Vlanif30] quit
[PE4] interface vlanif 40
[PE4-Vlanif40] mpls
[PE4-Vlanif40] mpls ldp
[PE4-Vlanif40] quit
# Configure PE2.
[PE2] mpls ldp remote-peer 4.4.4.4
[PE2-mpls-ldp-remote-4.4.4.4] remote-ip 4.4.4.4
[PE2-mpls-ldp-remote-4.4.4.4] quit
# Configure PE3.
[PE3] mpls ldp remote-peer 1.1.1.1
[PE3-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1
[PE3-mpls-ldp-remote-1.1.1.1] quit
# Configure PE4.
[PE4] mpls ldp remote-peer 2.2.2.2
[PE4-mpls-ldp-remote-2.2.2.2] remote-ip 2.2.2.2
[PE4-mpls-ldp-remote-2.2.2.2] quit
After the configuration is complete, run the display mpls ldp session command on the PEs.
The command output shows that the status of the remote LDP peer relationship is
Operational, indicating that remote LDP sessions have been set up. The output on PE1 is used
as an example:
[PE1] display mpls ldp session
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
2.2.2.2:0 Operational DU Passive 0000:00:00 4/4
3.3.3.3:0 Operational DU Passive 0000:00:00 4/4
4.4.4.4:0 Operational DU Passive 0000:00:00 4/4
------------------------------------------------------------------------------
TOTAL: 3 session(s) Found.
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
# Configure PE3.
[PE3] mpls l2vpn
[PE3-l2vpn] quit
# Configure PE4.
[PE4] mpls l2vpn
[PE4-l2vpn] quit
# Configure PE2.
[PE2] vsi a2 static
[PE2-vsi-a2] pwsignal ldp
[PE2-vsi-a2-ldp] vsi-id 2
[PE2-vsi-a2-ldp] peer 1.1.1.1
[PE2-vsi-a2-ldp] peer 3.3.3.3
[PE2-vsi-a2-ldp] peer 4.4.4.4
[PE2-vsi-a2-ldp] quit
[PE2-vsi-a2] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/0.1
[PE2-GigabitEthernet1/0/0.1] dot1q termination vid 100
# Configure PE3.
[PE3] interface gigabitethernet 1/0/0.1
[PE3-GigabitEthernet1/0/0.1] dot1q termination vid 100
[PE3-GigabitEthernet1/0/0.1] l2 binding vsi a2
[PE3-GigabitEthernet1/0/0.1] quit
# Configure PE4.
[PE4] interface gigabitethernet 1/0/0.1
[PE4-GigabitEthernet1/0/0.1] dot1q termination vid 100
[PE4-GigabitEthernet1/0/0.1] l2 binding vsi a2
[PE4-GigabitEthernet1/0/0.1] quit
# Configure PE4.
[PE4] stp region-configuration
[PE4-mst-region] region-name RG1
[PE4-mst-region] active region-configuration
[PE4-mst-region] quit
# Configure CE1.
[CE1] stp region-configuration
[CE1-mst-region] region-name RG1
[CE1-mst-region] active region-configuration
[CE1-mst-region] quit
# Configure PE2.
[PE2] stp region-configuration
[PE2-mst-region] region-name RG1
[PE2-mst-region] active region-configuration
[PE2-mst-region] quit
# Configure PE3.
[PE3] stp region-configuration
[PE3-mst-region] region-name RG1
[PE3-mst-region] active region-configuration
[PE3-mst-region] quit
# Configure CE2.
[CE2] stp region-configuration
[CE2-mst-region] region-name RG1
[CE2-mst-region] active region-configuration
[CE2-mst-region] quit
2. Configure the priorities of the PEs to make PE1 and PE2 the primary roots and PE3 and
PE4 the secondary roots.
# Configure PE1.
[PE1] stp instance 0 priority 0
# Configure PE2.
[PE2] stp instance 0 priority 0
# Configure PE3.
[PE3] stp instance 0 priority 4096
# Configure PE4.
[PE4] stp instance 0 priority 4096
3. Enable association between MSTP and VPLS on the CEs and PEs, and configure root
protection on the secondary roots.
# Configure CE1.
[CE1] stp enable
[CE1] interface gigabitethernet 1/0/1
[CE1-GigabitEthernet1/0/1] stp enable
[CE1-GigabitEthernet1/0/1] quit
[CE1] interface gigabitethernet 1/0/0
[CE1-GigabitEthernet1/0/0] stp enable
[CE1-GigabitEthernet1/0/0] quit
[CE1] interface gigabitethernet 2/0/0
[CE1-GigabitEthernet2/0/0] stp edged-port enable
[CE1-GigabitEthernet2/0/0] stp bpdu-filter enable
[CE1-GigabitEthernet2/0/0] quit
# Configure CE2.
[CE2] stp enable
[CE2] interface gigabitethernet 1/0/1
[CE2-GigabitEthernet1/0/1] stp enable
[CE2-GigabitEthernet1/0/1] quit
[CE2] interface gigabitethernet 1/0/0
[CE2-GigabitEthernet1/0/0] stp enable
[CE2-GigabitEthernet1/0/0] quit
[CE2] interface gigabitethernet 2/0/0
[CE2-GigabitEthernet2/0/0] stp edged-port enable
[CE2-GigabitEthernet2/0/0] stp bpdu-filter enable
[CE2-GigabitEthernet2/0/0] quit
# Configure PE1.
[PE1] stp enable
[PE1] interface gigabitethernet 1/0/0
[PE1-GigabitEthernet1/0/0] stp vpls-subinterface enable
[PE1-GigabitEthernet1/0/0] stp enable
[PE1-GigabitEthernet1/0/0] quit
[PE1] interface gigabitethernet 2/0/0
[PE1-GigabitEthernet2/0/0] stp disable
[PE1-GigabitEthernet2/0/0] quit
[PE1] interface gigabitethernet 3/0/0
[PE1-GigabitEthernet3/0/0] stp disable
[PE1-GigabitEthernet3/0/0] quit
# Configure PE2.
[PE2] stp enable
[PE2] interface gigabitethernet 1/0/0
[PE2-GigabitEthernet1/0/0] stp vpls-subinterface enable
[PE2-GigabitEthernet1/0/0] stp enable
[PE2-GigabitEthernet1/0/0] quit
[PE2] interface gigabitethernet 2/0/0
[PE2-GigabitEthernet2/0/0] stp disable
[PE2-GigabitEthernet2/0/0] quit
[PE2] interface gigabitethernet 3/0/0
[PE2-GigabitEthernet3/0/0] stp disable
[PE2-GigabitEthernet3/0/0] quit
# Configure PE3.
[PE3] stp enable
[PE3] interface gigabitethernet 1/0/0
[PE3-GigabitEthernet1/0/0] stp vpls-subinterface enable
[PE3-GigabitEthernet1/0/0] stp root-protection
[PE3-GigabitEthernet1/0/0] stp enable
[PE3-GigabitEthernet1/0/0] quit
[PE3] interface gigabitethernet 2/0/0
[PE3-GigabitEthernet2/0/0] stp disable
[PE3-GigabitEthernet2/0/0] quit
# Configure PE4.
[PE4] stp enable
[PE4] interface gigabitethernet 1/0/0
[PE4-GigabitEthernet1/0/0] stp vpls-subinterface enable
[PE4-GigabitEthernet1/0/0] stp root-protection
[PE4-GigabitEthernet1/0/0] stp enable
[PE4-GigabitEthernet1/0/0] quit
[PE4] interface gigabitethernet 2/0/0
[PE4-GigabitEthernet2/0/0] stp disable
[PE4-GigabitEthernet2/0/0] quit
[PE4] interface gigabitethernet 3/0/0
[PE4-GigabitEthernet3/0/0] stp disable
[PE4-GigabitEthernet3/0/0] quit
Run the display vsi name a2 verbose command on PE1. The command output shows that the
VSI state is Up.
[PE1] display vsi name a2 verbose
***VSI Name : a2
Administrator VSI : no
Isolate Spoken : disable
VSI Index : 0
PW Signaling : ldp
Member Discovery Style : static
PW MAC Learn Style : unqualify
Encapsulation Type : vlan
MTU : 1500
Diffserv Mode : uniform
Mpls Exp : --
DomainId : 255
Domain Name :
Ignore AcState : disable
P2P VSI : disable
Create Time : 0 days, 20 hours, 29 minutes, 54 seconds
VSI State : up
VSI ID : 2
*Peer Router ID : 2.2.2.2
Negotiation-vc-id : 2
primary or secondary : primary
ignore-standby-state : no
VC Label : 4099
Peer Type : dynamic
Session : up
Tunnel ID : 0xd
Broadcast Tunnel ID : 0xd
Broad BackupTunnel ID : 0x0
CKey : 2
NKey : 1
Stp Enable : 0
PwIndex : 0
Control Word : disable
*Peer Router ID : 3.3.3.3
Negotiation-vc-id : 2
primary or secondary : primary
ignore-standby-state : no
VC Label : 4100
Peer Type : dynamic
Session : up
Tunnel ID : 0xf
Broadcast Tunnel ID : 0xf
Broad BackupTunnel ID : 0x0
CKey : 4
NKey : 3
Stp Enable : 0
PwIndex : 0
Control Word : disable
*Peer Router ID : 4.4.4.4
Negotiation-vc-id : 2
primary or secondary : primary
ignore-standby-state : no
VC Label : 4101
Peer Type : dynamic
Session : up
Tunnel ID : 0xb
Broadcast Tunnel ID : 0xb
Broad BackupTunnel ID : 0x0
CKey : 6
NKey : 5
Stp Enable : 0
PwIndex : 0
Control Word : disable
**PW Information:
----End
Configuration Files
l CE1 configuration file
#
sysname CE1
#
vlan batch 100
#
stp enable
#
stp region-
configuration
region-name
RG1
active region-
configuration
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 100
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk allow-pass vlan 100
#
interface GigabitEthernet2/0/0
port link-type
access
port default vlan 100
stp bpdu-filter
enable
#
sysname CE2
#
vlan batch 100
#
stp enable
#
stp region-
configuration
region-name
RG1
active region-configuration
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 100
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk allow-pass vlan 100
#
interface GigabitEthernet2/0/0
port link-type
access
port default vlan 100
stp bpdu-filter
enable
mpls ldp
#
interface Vlanif40
ip address 172.19.1.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
stp vpls-subinterface enable
#
interface GigabitEthernet1/0/0.1
dot1q termination vid 100
l2 binding vsi a2
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 10
stp disable
#
interface GigabitEthernet3/0/0
port link-type trunk
port trunk allow-pass vlan 40
stp disable
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 172.16.1.0 0.0.0.255
network 172.19.1.0 0.0.0.255
#
return
l PE2 configuration file
#
sysname PE2
#
router id 2.2.2.2
#
vlan batch 10 20
#
stp instance 0 priority 0
stp enable
#
stp region-
configuration
region-name
RG1
active region-
configuration
#
mpls lsr-id 2.2.2.2
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 1.1.1.1
peer 3.3.3.3
peer 4.4.4.4
#
mpls ldp
#
mpls ldp remote-peer 4.4.4.4
remote-ip 4.4.4.4
#
interface Vlanif10
ip address 172.16.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif20
ip address 172.17.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
stp vpls-subinterface enable
#
interface GigabitEthernet1/0/0.1
dot1q termination vid 100
l2 binding vsi a2
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 10
stp disable
#
interface GigabitEthernet3/0/0
port link-type trunk
port trunk allow-pass vlan 20
stp disable
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 172.16.1.0 0.0.0.255
network 172.17.1.0 0.0.0.255
#
return
l PE3 configuration file
#
sysname PE3
#
router id 3.3.3.3
#
vlan batch 20 30
#
stp instance 0 priority 4096
stp enable
#
stp region-
configuration
region-name
RG1
active region-
configuration
#
mpls lsr-id 3.3.3.3
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 1.1.1.1
peer 2.2.2.2
peer 4.4.4.4
#
mpls ldp
#
peer 3.3.3.3
#
mpls ldp
#
mpls ldp remote-peer 2.2.2.2
remote-ip 2.2.2.2
#
interface Vlanif30
ip address 172.18.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip address 172.19.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
stp root-protection
stp vpls-subinterface enable
#
interface GigabitEthernet1/0/0.1
dot1q termination vid 100
l2 binding vsi a2
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 30
stp disable
#
interface GigabitEthernet3/0/0
port link-type trunk
port trunk allow-pass vlan 40
stp disable
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
#
ospf 1
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 172.18.1.0 0.0.0.255
network 172.19.1.0 0.0.0.255
#
return
Networking Requirements
On the network with both Layer 2 single-access rings and multi-access rings deployed,
switches transmit both Layer 2 and Layer 3 services. To enable different rings to transmit
different services, configure MSTP multi-process. Spanning trees of different processes are
calculated independently.
As shown in Figure 14-21, both Layer 2 single-access rings and dual-access rings are
deployed and switches A and B carry both Layer 2 and Layer 3 services. In this networking,
switches A and B connected to dual-access rings are also connected to a single-access ring.
NOTE
In the ring where MSTP multi-process is configured, you are advised not to block the interface directly
connected to the root protection-enabled designated port.
Figure 14-21 MSTP multi-process for Layer 2 single-access rings and multi-access rings
N e tw o rk
S w itc h C
G E 1 /0 /5 G E 1 /0 /5
R e g io n n a m e :R G 1
PE2
PE1 S w itc h B
S w itc h A
CE CE
G E 1 /0 /4 G E 1 /0 /1 G E 1 /0 /4
G E 1 /0 /1
G E 1 /0 /3 G E 1 /0 /3
G E 1 /0 /2 G E 1 /0 /2
CE
CE
In sta n ce 1 :V L A N 2 ~ 1 0 0 In sta n ce 3 :V L A N 2 0 1 ~ 3 0 0
P ro ce ss 1 P ro ce ss 3
CE CE
In sta n ce 2 :V L A N 1 0 1 ~ 2 0 0
P ro ce ss 2
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic MSTP functions, add a device to an MST region, and create MSTIs.
NOTE
Procedure
Step 1 Configure basic MSTP functions, add devices to an MST region, and create MSTIs.
1. Configure MST regions and create MSTIs.
# Configure an MST region and create MSTIs on SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] stp region-configuration
[SwitchA-mst-region] region-name RG1
2. Enable MSTP.
# Configure SwitchA.
[SwitchA] stp enable
# Configure SwitchB.
[SwitchB] stp enable
# Add GE 1/0/3 and GE 1/0/4 on SwitchA to MSTP process 1 and GE 1/0/2 to MSTP
process 2.
[SwitchA] interface gigabitethernet 1/0/4
[SwitchA-GigabitEthernet1/0/4] stp binding process 1
[SwitchA-GigabitEthernet1/0/4] quit
[SwitchA] interface gigabitethernet 1/0/3
[SwitchA-GigabitEthernet1/0/3] stp binding process 1
[SwitchA-GigabitEthernet1/0/3] quit
[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] stp binding process 2
[SwitchA-GigabitEthernet1/0/2] quit
# Add GE 1/0/3 and GE 1/0/4 on SwitchB to MSTP process 3 and GE 1/0/2 to MSTP
process 2.
[SwitchB] interface gigabitethernet 1/0/4
[SwitchB-GigabitEthernet1/0/4] stp binding process 3
[SwitchB-GigabitEthernet1/0/4] quit
[SwitchB] interface gigabitethernet 1/0/3
[SwitchB-GigabitEthernet1/0/3] stp binding process 3
[SwitchB-GigabitEthernet1/0/3] quit
[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] stp binding process 2
[SwitchB-GigabitEthernet1/0/2] quit
# Configure SwitchB.
[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] stp binding process 2 link-share
[SwitchB-GigabitEthernet1/0/1] quit
# Configure SwitchB.
[SwitchB] stp process 3
[SwitchB-mst-process-3] stp enable
[SwitchB-mst-process-3] quit
[SwitchB] stp process 2
[SwitchB-mst-process-2] stp enable
[SwitchB-mst-process-2] quit
# Configure SwitchB.
[SwitchB] stp process 3
[SwitchB-mst-process-3] stp instance 0 root primary
[SwitchB-mst-process-3] stp instance 3 root primary
[SwitchB-mst-process-3] quit
[SwitchB] stp process 2
[SwitchB-mst-process-2] stp instance 0 root secondary
[SwitchB-mst-process-2] stp instance 2 root secondary
[SwitchB-mst-process-2] quit
[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] stp root-protection
[SwitchB-GigabitEthernet1/0/2] quit
NOTE
– In each ring, the priority of the MSTP process on the downstream CE must be lower than the
priority of the MSTP process on the switch.
– For switches A and B on the dual-access ring, you are recommended to configure them as the
primary root bridges of different MSTIs.
l Configure shared link protection.
# Configure SwitchA.
[SwitchA] stp process 2
[SwitchA-mst-process-2] stp link-share-protection
[SwitchA-mst-process-2] quit
# Configure SwitchB.
[SwitchB] stp process 2
[SwitchB-mst-process-2] stp link-share-protection
[SwitchB-mst-process-2] quit
# Create VLANs 2 to 200 on SwitchA. Add GE 1/0/3 and GE 1/0/4 to VLANs 2 to 100, and
add GE 1/0/1 and GE 1/0/2 to VLANs 101 to 200.
[SwitchA] vlan batch 2 to 200
[SwitchA] interface gigabitethernet 1/0/3
[SwitchA-GigabitEthernet1/0/3] port link-type trunk
[SwitchA-GigabitEthernet1/0/3] port trunk allow-pass vlan 2 to 100
[SwitchA-GigabitEthernet1/0/3] quit
[SwitchA] interface gigabitethernet 1/0/4
[SwitchA-GigabitEthernet1/0/4] port link-type trunk
[SwitchA-GigabitEthernet1/0/4] port trunk allow-pass vlan 2 to 100
[SwitchA-GigabitEthernet1/0/4] quit
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] port link-type trunk
[SwitchA-GigabitEthernet1/0/1] port trunk allow-pass vlan 101 to 200
[SwitchA-GigabitEthernet1/0/1] quit
[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] port link-type trunk
[SwitchA-GigabitEthernet1/0/2] port trunk allow-pass vlan 101 to 200
[SwitchA-GigabitEthernet1/0/2] quit
# Create VLANs 101 to 300 on SwitchB. Add GE 1/0/3 and GE 1/0/4 to VLANs 201 to 300,
and add GE 1/0/1 and GE 1/0/2 to VLANs 101 to 200.
[SwitchB] vlan batch 101 to 300
[SwitchB] interface gigabitethernet 1/0/3
[SwitchB-GigabitEthernet1/0/3] port link-type trunk
[SwitchB-GigabitEthernet1/0/3] port trunk allow-pass vlan 201 to 300
[SwitchB-GigabitEthernet1/0/3] quit
[SwitchB] interface gigabitethernet 1/0/4
[SwitchB-GigabitEthernet1/0/4] port link-type trunk
[SwitchB-GigabitEthernet1/0/4] port trunk allow-pass vlan 201 to 300
[SwitchB-GigabitEthernet1/0/4] quit
[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] port link-type trunk
[SwitchB-GigabitEthernet1/0/1] port trunk allow-pass vlan 101 to 200
[SwitchB-GigabitEthernet1/0/1] quit
[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] port link-type trunk
[SwitchB-GigabitEthernet1/0/2] port trunk allow-pass vlan 101 to 200
[SwitchB-GigabitEthernet1/0/2] quit
----End
Configuration Files
Only the MSTP-related configuration files are provided.
l SwitchA configuration file
#
sysname
SwitchA
#
vlan batch 2 to
200
#
stp enable
#
stp region-
configuration
region-name
RG1
instance 1 vlan 2 to
100
instance 2 vlan 101 to
200
instance 3 vlan 201 to
300
active region-
configuration
#
stp process
1
stp instance 0 root
primary
stp instance 1 root
primary
stp
enable
stp process
2
stp instance 0 root
primary
stp instance 2 root
primary
stp link-share-
protection
stp
enable
#
interface
GigabitEthernet1/0/1
port link-type trunk
port trunk allow-pass vlan 101 to
200
interface
GigabitEthernet1/0/2
port link-type trunk
port trunk allow-pass vlan 101 to
200
stp binding process
2
stp root-
protection
#
interface
GigabitEthernet1/0/3
port link-type trunk
port trunk allow-pass vlan 2 to
100
stp binding process
1
#
interface
GigabitEthernet1/0/4
port link-type trunk
port trunk allow-pass vlan 2 to
100
stp binding process 1
#
return
l SwitchB configuration file
#
sysname
SwitchB
#
stp region-
configuration
region-name
RG1
instance 1 vlan 2 to
100
instance 2 vlan 101 to
200
instance 3 vlan 201 to
300
active region-
configuration
#
stp process
2
stp instance 0 root
secondary
stp instance 2 root
secondary
stp link-share-
protection
stp
enable
stp process
3
stp instance 0 root
primary
stp instance 3 root
primary
stp
enable
#
interface
GigabitEthernet1/0/1
port link-type trunk
port trunk allow-pass vlan 101 to
200
stp binding process 2 link-
share
#
interface
GigabitEthernet1/0/2
port link-type trunk
port trunk allow-pass vlan 101 to
200
stp binding process
2
stp root-
protection
#
interface
GigabitEthernet1/0/3
port link-type trunk
port trunk allow-pass vlan 201 to
300
stp binding process
3
#
interface
GigabitEthernet1/0/4
port link-type trunk
port trunk allow-pass vlan 201 to
300
stp binding process
3
#
return
14.14 FAQ
14.14.4 How to Prevent Low Convergence for STP Edge Ports that
Connect Terminals?
Terminal devices cannot participate in the STP calculation or respond to STP packets, causing
low convergence. You can prevent low convergence for STP edge switch ports for connecting
user terminals or servers as follows:
l On a port, run the stp edge-port enable command to configure the port as an STP edge
port, and run the stp bpdu-filter default command to enable the BPDU packet filtering
function and prevent the port from sending BPDU packets.
l Run the stp disable command on the port to disable the STP protocol and make the port
remain in forwarding state.
To ensure availability and security, you are advised to configure the port as an STP edge port.
This is because when a loop occurs on a terminal device connected to an edge port, the port
automatically switches to a non-edge port and enables the loop breaking function of STP.
14.15 References
The following table lists the references of MSTP.