No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CX11x, CX31x, CX710 (Earlier Than V6.03), and CX91x Series Switch Modules V100R001C10 Configuration Guide 12

The documents describe the configuration of various services supported by the CX11x&CX31x&CX91x series switch modules The description covers configuration examples and function configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring STP/RSTP

Configuring STP/RSTP

This section describes the STP/RSTP configuration.

Configuring Basic STP/RSTP Functions

You can configure STP/RSTP on switches on an Ethernet to trim a network into a tree topology free from loops.

Configuring the STP/RSTP Mode

Context

The device supports three working modes: STP, RSTP, and MSTP. A switching device can select only the STP mode on a ring network running only STP, and can select only the RSTP mode on a ring network running only RSTP. In other scenarios, the MSTP mode is used by default.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    stp mode { stp | rstp }

    The working mode of the switching device is set to STP or RSTP.

    By default, the working mode of a switching device is MSTP. MSTP is compatible with STP and RSTP.

  3. Run:

    commit

    The configuration is committed.

(Optional) Configuring the Root Bridge and Secondary Root Bridge

Context

The root bridge can be calculated through calculation. You can also manually configure the root bridge or secondary root bridge.
  • In a spanning tree, only one root bridge takes effect. When two or more devices are specified as root bridges of a spanning tree, the device with the smallest MAC address is used as the root bridge.
  • You can specify multiple secondary root bridges for each spanning tree. When the root bridge fails or is powered off, the secondary root bridge becomes the new root bridge. If a new root bridge is specified, the secondary root bridge will not become the root bridge. If multiple backup bridges are configured, the backup bridge with smallest MAC address will become the root bridge of the spanning tree.
NOTE:

It is recommended that the root bridge and secondary root bridge be configured manually.

Procedure

  • Perform the following operations on the device to be used as the root bridge.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      stp root primary

      The device is configured as the root bridge.

      By default, a switching device does not function as the root bridge. After the configuration is complete, the priority valueof the device is 0 and cannot be changed.

    3. Run:

      commit

      The configuration is committed.

  • Perform the following operations on the device to be used as the secondary root bridge.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      stp root secondary

      The device is configured as the secondary root bridge.

      By default, a switching device does not function as the secondary root bridge. After the configuration is complete, the priority value of the device is 4096 and cannot be changed.

    3. Run:

      commit

      The configuration is committed.

(Optional) Configuring Switching Device Priorities

Context

On an STP/RSTP-capable network, there is only one root bridge, which is the logic center of the entire spanning tree. During root bridge selection, a high-performance switching device at a high network layer should be selected as the root bridge; however, the priority of such a device may not be the highest on the network. It is therefore necessary to set a high priority for the switching device to ensure that the device functions as a root bridge.

Low-performance devices at lower network layers are not fit to serve as a root bridge. Therefore, set low priorities for these devices.

A smaller value of the priority indicates a higher priority of the switching device. The switching device with a higher priority is more likely to be elected as the root bridge. A larger value of the priority indicates a lower priority of the switching device. The switching device with a lower priority is less likely to be elected as the root bridge.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    stp priority  priority

    The priority of a switching device is configured.

    The default priority value of a switching device is 32768.

    NOTE:

    If the stp root primary or stp root secondary command has been executed to configure the device as the root bridge or secondary root bridge, to change the device priority, run the undo stp root command to disable the root bridge or secondary root bridge function and run the stp priority priority command to set a priority.

  3. Run:

    commit

    The configuration is committed.

(Optional) Setting the Path Cost for a Port

Context

A path cost is used by STP/RSTP to select a link.

The path cost value range is determined by the calculation method. After the calculation method is determined, it is recommended that you set a relatively small path cost value for the ports with high link rates.

In the Huawei calculation method for example, the link rate determines the recommended value for the path cost. Table 5-38 lists the recommended path costs for ports with different link rates.
Table 5-38 Mappings between link rates and path cost values

Link Rate

Recommended Path Cost

Recommended Path Cost Range

Path Cost Range

10 Mbit/s

2000

200 to 20000

1 to 200000

100 Mbit/s

200

20 to 2000

1 to 200000

1 Gbit/s

20

2 to 200

1 to 200000

10 Gbit/s

2

2 to 20

1 to 200000

Over 10 Gbit/s

1

1 to 2

1 to 200000

If a network has loops, it is recommended that you set a relatively large path cost for ports with low link rates. STP/RSTP then blocks these ports.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. (Optional)Run:

    stp pathcost-standard { dot1d-1998 | dot1t | legacy }

    A path cost calculation method is configured.

    By default, the IEEE 802.1t standard (dot1t) is used to calculate the default path cost.

    All switching devices on a network must use the same path cost calculation method.

  3. Run:

    interface interface-type interface-number

    The view of the interface participating in STP calculation is displayed.

  4. Run:

    stp cost cost

    A path cost is set for the interface.

    • When the Huawei calculation method is used, cost ranges from 1 to 200000.
    • When the IEEE 802.1d standard method is used, cost ranges from 1 to 65535.
    • When the IEEE 802.1t standard method is used, cost ranges from 1 to 200000000.

  5. Run:

    commit

    The configuration is committed.

(Optional) Configuring Port Priorities

Context

In spanning tree calculation, the priority of the switching device port affects designated port election.

To block one switching device port, set the port priority to be higher than the default value.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    interface interface-type interface-number

    The view of the interface participating in STP calculation is displayed.

  3. Run:

    stp port priority priority

    The port priority is configured.

    The default priority value of a port on a switching device is 128.

  4. Run:

    commit

    The configuration is committed.

Enabling STP/RSTP

Context

After STP/RSTP is enabled on a ring network, STP/RSTP immediately calculates spanning trees on the network. Configurations on the switching device, such as the switching device priority and port priority, will affect spanning tree calculation. Any change to the configurations may cause network flapping. Therefore, to ensure rapid and stable spanning tree calculation, perform basic configurations on the switching device and its ports, and enable STP/RSTP.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    stp enable

    STP/RSTP is enabled on the switching device.

    By default, STP/RSTP is enabled on a switch modules.

  3. Run:

    commit

    The configuration is committed.

Follow-up Procedure

When the topology of a spanning tree changes, the forwarding paths to associated VLANs are changed. The ARP entries corresponding to those VLANs on the switching device need to be updated. STP/RSTP processes ARP entries in either fast or normal mode.

  • In fast mode, ARP entries to be updated are directly deleted.

  • In normal mode, ARP entries to be updated are rapidly aged.

    The remaining lifetime of ARP entries to be updated is set to 0. The switching device rapidly processes these aged entries. If the number of ARP aging probe attempts is not set to 0, ARP implements aging probe for these ARP entries.

You can run the stp converge { fast | normal } command in the system view to configure the STP/RSTP convergence mode.

By default, the normal STP/RSTP convergence mode is used.

NOTE:

The normal mode is recommended. If the fast mode is adopted, ARP entries will be frequently deleted, causing the CPU usage on the device to reach 100%. As a result, network flapping will frequently occur.

Checking the Configuration

Procedure

  • Run the display stp [ interface interface-type interface-number | slot slot-id ] [ brief ] command to view the spanning-tree status and statistics.

Setting STP Parameters That Affect STP Convergence

STP cannot implement rapid convergence. However, you can set STP parameters including the network diameter, timeout interval, Hello timer value, Max Age timer value, and Forward Delay timer value.

Pre-configuration Tasks

Before setting STP parameters that affect STP convergence, complete the following task:

  • Configuring basic STP functions
Setting the STP Network Diameter

Context

On a switched network, any two terminals on the switching network are connected through a specific path along which multiple devices reside. The network diameter is the maximum number of devices between any two terminals. A larger network diameter indicates a larger network scale.

An improper network diameter may cause slow network convergence and affects communication. Run the stp bridge-diameter command to set a network diameter based on the network scale, which helps speed up convergence.

It is recommended that all devices use the same network diameter.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    stp bridge-diameter diameter

    The network diameter is configured.

    By default, the network diameter is 7.

    NOTE:
    • RSTP uses a single spanning tree instance on the entire network. As a result, performance deterioration cannot be prevented when the network scale grows. Therefore, the network diameter cannot be larger than 7.

    • It is recommended that you run the stp bridge-diameter diameter command to set the network diameter. Then, the switching device calculates the optimal Forward Delay period, Hello timer value, and Max Age timer value based on the set network diameter.

  3. Run:

    commit

    The configuration is committed.

Setting the STP Timeout Interval

Context

If the device does not receive any BPDU from the upstream device in the set period, the device considers that the upstream device fails and then it re-calculates its spanning tree.

Sometimes, the device cannot receive the BPDU in a long time from the upstream device because the upstream device is very busy. In this case, the device should not re-calculate its spanning tree. Therefore, you can set a long period for the device on a stable network to avoid waste of network resources.

If the local switching device does not receive a BPDU from the upstream switching device within the timeout interval, spanning tree recalculation is performed. The timeout interval is calculated as follows:
  • Timeout interval = Hello time x 3 x Timer Factor

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    stp timer-factor factor

    The timeout period for waiting for BPDUs from the upstream device is set.

    By default, the timeout period is 9 times the Hello timer value.

  3. Run:

    commit

    The configuration is committed.

Setting the Values of STP Timers

Context

The following parameters are used in spanning tree calculation:
  • Forward Delay: determines the interval for port status transition. To prevent temporary loops, an interface first enters the Learning state when transiting from Discarding to Forwarding. The status transition lasts for the time specified by Forward Delay so that the local device can synchronize the status with the remote switch.
  • Hello Time: is the interval at which hello packets are sent. The switching device sends configuration BPDUs at an interval of Hello Time to check whether links are faulty. If the switching device does not receive any BPDU at an interval of the timeout period (timeout period = Hello Time x 3 x Timer Factor), the switching device recalculates the spanning tree due to BPDU timeout.
  • Max Age: determines whether BPDUs expire. The switching device determines whether the received BPDU expires based on this value. If the received BPDU expires, the spanning tree needs to be recalculated.

Devices on a ring network must use the same values of Forward Delay, Hello Time, and Max Age.

Generally, you are not advised to directly adjust the preceding three parameters. This is because the three parameters are relevant to the network scale. It is recommended that the network diameter be adjusted so that the spanning tree protocol automatically adjusts the three parameters. When the default network diameter is used, the default values of the three parameters are used.

To prevent frequent network flapping, make sure that Hello Time, Forward Delay, and Max Age conform to the following formulas:

  • 2 x (Forward Delay - 1.0 second) >= Max Age

  • Max Age >= 2 x (Hello Time + 1.0 second)

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Set Forward Delay, Hello Time, and Max Age.
    1. Run:

      stp timer forward-delay forward-delay

      The value of Forward Delay of the switching device is set.

      By default, the value of Forward Delay of the switching device is 1500 centiseconds.

    2. Run:

      stp timer hello hello-time

      The value of Hello Time of the switching device is set.

      By default, the value of Hello Time of the switching device is 200 centiseconds.

    3. Run:

      stp timer max-age max-age

      The value of Max Age of the switching device is set.

      By default, the value of Max Age of the switching device is 2000 centiseconds.

  3. Run:

    commit

    The configuration is committed.

Setting the Maximum Number of Connections That Affect Spanning Tree Calculation

Context

The interface path cost affects spanning tree calculation. When the path cost changes, the system performs spanning tree recalculation. The interface path cost is affected by the bandwidth, so you can change the interface bandwidth to affect spanning tree calculation.

As shown in Figure 5-96, deviceA and deviceB are connected through two Eth-Trunks. Eth-Trunk 1 has three member interfaces in Up state and Eth-Trunk 2 has two member interfaces in Up state. If each member link has the same bandwidth, deviceA is selected as the root bridge.
  • Eth-Trunk 1 has larger bandwidth than Eth-Trunk 2. After STP calculation, Eth-Trunk 1 on deviceB is selected as the root port and Eth-Trunk 2 is selected as the alternate port.
  • If the maximum number of connections is 1 in Eth-Trunk 1, the path cost of Eth-Trunk 1 is larger than the path cost of Eth-Trunk 2. The system performs spanning tree recalculation. Then Eth-Trunk 1 on deviceB becomes the alternate port and Eth-Trunk 2 becomes the root port.
Figure 5-96 Setting the maximum number of connections
NOTE:

The maximum number of connections affects only the path cost of an interface where spanning tree calculation is performed, but does not affect the actual link bandwidth. The actual bandwidth for an Eth-Trunk to forward traffic depends on the number of active interfaces.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    interface eth-trunk trunk-id

    The Eth-Trunk interface view is displayed.

  3. Run:

    max bandwidth-affected-linknumber link-number

    The maximum number of connections is set.

    By default, the upper threshold for the number of interfaces that determine the bandwidth of an Eth-Trunk is 8 on the CX110 switch module GE switching plane and 16 on other models.

  4. Run:

    commit

    The configuration is committed.

Checking the Configuration

Procedure

  • Run the display stp [ interface interface-type interface-number | slot slot-id ] [ brief ] command to view the spanning-tree status and statistics.

Setting RSTP Parameters That Affect RSTP Convergence

RSTP implements rapid convergence by configuring the link type of a port and fast transition mechanism.

Pre-configuration Tasks

Before configuring RSTP parameters that affect RSTP convergence, configure basic RSTP functions.

Setting the RSTP Network Diameter

Context

On a switched network, any two terminals on the switching network are connected through a specific path along which multiple devices reside. The network diameter is the maximum number of devices between any two terminals. A larger network diameter indicates a larger network scale.

An improper network diameter may cause slow network convergence and affects communication. Run the stp bridge-diameter command to set a network diameter based on the network scale, which helps speed up convergence.

It is recommended that all devices use the same network diameter.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    stp bridge-diameter diameter

    The network diameter is configured.

    By default, the network diameter is 7.

    NOTE:
    • RSTP uses a single spanning tree instance on the entire network. As a result, performance deterioration cannot be prevented when the network scale grows. Therefore, the network diameter cannot be larger than 7.

    • It is recommended that you run the stp bridge-diameter diameter command to set the network diameter. Then, the switching device calculates the optimal Forward Delay period, Hello timer value, and Max Age timer value based on the set network diameter.

  3. Run:

    commit

    The configuration is committed.

Setting the RSTP Timeout Interval

Context

If the device does not receive any BPDU from the upstream device in the set period, the device considers that the upstream device fails and then it re-calculates its spanning tree.

Sometimes, the device cannot receive the BPDU in a long time from the upstream device because the upstream device is very busy. In this case, the device should not re-calculate its spanning tree. Therefore, you can set a long period for the device on a stable network to avoid waste of network resources.

If the local switching device does not receive a BPDU from the upstream switching device within the timeout interval, spanning tree recalculation is performed. The timeout interval is calculated as follows:
  • Timeout interval = Hello time x 3 x Timer Factor

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    stp timer-factor factor

    The timeout period for waiting for BPDUs from the upstream device is set.

    By default, the timeout period is 9 times the Hello timer value.

  3. Run:

    commit

    The configuration is committed.

Setting RSTP Timers

Context

The following parameters are used in spanning tree calculation:
  • Forward Delay: determines the interval for port status transition. To prevent temporary loops, an interface first enters the Learning state when transiting from Discarding to Forwarding. The status transition lasts for the time specified by Forward Delay so that the local device can synchronize the status with the remote switch.
  • Hello Time: is the interval at which hello packets are sent. The switching device sends configuration BPDUs at an interval of Hello Time to check whether links are faulty. If the switching device does not receive any BPDU at an interval of the timeout period (timeout period = Hello Time x 3 x Timer Factor), the switching device recalculates the spanning tree due to BPDU timeout.
  • Max Age: determines whether BPDUs expire. The switching device determines whether the received BPDU expires based on this value. If the received BPDU expires, the spanning tree needs to be recalculated.

Devices on a ring network must use the same values of Forward Delay, Hello Time, and Max Age.

Generally, you are not advised to directly adjust the preceding three parameters. This is because the three parameters are relevant to the network scale. It is recommended that the network diameter be adjusted so that the spanning tree protocol automatically adjusts the three parameters. When the default network diameter is used, the default values of the three parameters are used.

To prevent frequent network flapping, make sure that Hello Time, Forward Delay, and Max Age conform to the following formulas:

  • 2 x (Forward Delay - 1.0 second) >= Max Age

  • Max Age >= 2 x (Hello Time + 1.0 second)

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Set Forward Delay, Hello Time, and Max Age.
    1. Run:

      stp timer forward-delay forward-delay

      The value of Forward Delay of the switching device is set.

      By default, the value of Forward Delay of the switching device is 1500 centiseconds.

    2. Run:

      stp timer hello hello-time

      The value of Hello Time of the switching device is set.

      By default, the value of Hello Time of the switching device is 200 centiseconds.

    3. Run:

      stp timer max-age max-age

      The value of Max Age of the switching device is set.

      By default, the value of Max Age of the switching device is 2000 centiseconds.

  3. Run:

    commit

    The configuration is committed.

Setting the Maximum Number of Connections That Affect Spanning Tree Calculation

Context

The interface path cost affects spanning tree calculation. When the path cost changes, the system performs spanning tree recalculation. The interface path cost is affected by the bandwidth, so you can change the interface bandwidth to affect spanning tree calculation.

As shown in Figure 5-97, deviceA and deviceB are connected through two Eth-Trunks. Eth-Trunk 1 has three member interfaces in Up state and Eth-Trunk 2 has two member interfaces in Up state. If each member link has the same bandwidth, deviceA is selected as the root bridge.
  • Eth-Trunk 1 has larger bandwidth than Eth-Trunk 2. After STP calculation, Eth-Trunk 1 on deviceB is selected as the root port and Eth-Trunk 2 is selected as the alternate port.
  • If the maximum number of connections is 1 in Eth-Trunk 1, the path cost of Eth-Trunk 1 is larger than the path cost of Eth-Trunk 2. The system performs spanning tree recalculation. Then Eth-Trunk 1 on deviceB becomes the alternate port and Eth-Trunk 2 becomes the root port.
Figure 5-97 Setting the maximum number of connections
NOTE:

The maximum number of connections affects only the path cost of an interface where spanning tree calculation is performed, but does not affect the actual link bandwidth. The actual bandwidth for an Eth-Trunk to forward traffic depends on the number of active interfaces.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    interface eth-trunk trunk-id

    The Eth-Trunk interface view is displayed.

  3. Run:

    max bandwidth-affected-linknumber link-number

    The maximum number of connections is set.

    By default, the upper threshold for the number of interfaces that determine the bandwidth of an Eth-Trunk is 8 on the CX110 switch module GE switching plane and 16 on other models.

  4. Run:

    commit

    The configuration is committed.

Setting the Link Type of a Port

Context

It is easy to implement rapid convergence on a P2P link. If the two ports connected to a P2P link are root or designated ports, the ports can transit to the forwarding state quickly by sending Proposal and Agreement packets. This reduces the forwarding delay.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    interface interface-type interface-number

    The view of the Ethernet interface participating in STP calculation is displayed.

  3. Run:

    stp point-to-point { auto | force-false | force-true }

    The link type is configured for the interface.

    By default, an interface automatically determines whether to connect to a P2P link. The P2P link supports rapid network convergence.

  4. Run:

    commit

    The configuration is committed.

Setting the Maximum Transmission Rate of an Interface

Context

A larger value of packet-number indicates more BPDUs sent in a hello interval and therefore more system resources occupied. Setting the proper value of packet-number prevents excess bandwidth usage when route flapping occurs.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    interface interface-type interface-number

    The view of the Ethernet interface participating in STP calculation is displayed.

  3. Run:

    stp transmit-limit packet-number

    The maximum number of BPDUs sent by a port in a specified period is set.

    By default, the maximum number of BPDUs that an interface sends per second is the value configured using the stp transmit-limit (system view) command. If the stp transmit-limit (system view) command is not configured, an interface sends a maximum of 6 BPDUs per second.
    NOTE:

    If the same maximum number of BPDUs need to be sent by each interface on a device, run the stp transmit-limit (system view) command. The stp transmit-limit (interface view) command takes precedence over the stp transmit-limit (system view) command. If the stp transmit-limit (interface view) command is run on an interface, the stp transmit-limit (system view) command does not take effect on the interface.

  4. Run:

    commit

    The configuration is committed.

Switching to the RSTP mode

Context

If an interface on an RSTP-enabled device is connected to an STP-enabled device, the interface switches to the STP compatible mode.

If the STP-enabled device is powered off or disconnected from the RSTP-enabled device, the interface cannot switch to the RSTP mode. In this case, you can switch the interface to the RSTP mode by using the stp mcheck command.

In the following cases, you need to manually switch the interface to the RSTP mode:

  • The STP-enabled device is shut down or disconnected.

  • The STP-enabled device is switched to the RSTP mode.

Procedure

  • Switching to the RSTP mode in the interface view
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      interface interface-type interface-number

      The view of the Ethernet interface that participates in spanning tree calculation is displayed.

    3. Run:

      stp mcheck

      The device is switched to the RSTP mode.

    4. Run:

      commit

      The configuration is committed.

  • Switching to the RSTP mode in the system view
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      stp mcheck

      The device is switched to the RSTP mode.

    3. Run:

      commit

      The configuration is committed.

Configuring a Port as an Edge Port and BPDU Filter Port

Context

If a designated port is located at the edge of a network and is directly connected to terminal devices, this port is called edge port.

An edge port does not receive or process configuration BPDUs, or RSTP calculation. It can transit from Disable to Forwarding without any delay.

After a designated port is configured as an edge port, the port can still send BPDUs. Then BPDUs are sent to other networks, causing flapping of other networks. You can configure a port as an edge port and BPDU filter port so that the port does not process or send BPDUs.

After all ports are configured as edge ports and BPDU filter ports in the system view, none of ports on the device send BPDUs or negotiate the STP status with directly connected ports on the peer device. All ports are in forwarding state. This may cause loops on the network, leading to broadcast storms. Exercise caution when you configure a port as an edge port and BPDU filter port.

After a port is configured as an edge port and BPDU filter port in the interface view, the port does not process or send BPDUs. The port cannot negotiate the STP status with the directly connected port on the peer device. Exercise caution when you configure a port as an edge port and BPDU filter port.

Procedure

  • Configuring all ports as edge ports and BPDU filter ports in the system view
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      stp edged-port default

      All ports are configured as edge ports.

      By default, all ports are non-edge ports.

    3. Run:

      stp bpdu-filter default

      All ports are configured as BPDU filter ports.

      By default, all ports are non-BPDU filter ports.

    4. Run:

      commit

      The configuration is committed.

  • Configuring an edge port and BPDU filtering in the interface view
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      interface interface-type interface-number

      The view of the Ethernet interface that participates in spanning tree calculation is displayed.

    3. Run:

      stp edged-port enable

      The port is configured as an edge port.

      By default, all ports are non-edge ports.

    4. Run:

      stp bpdu-filter enable

      The port is configured as a BPDU filter port.

      By default, a port is a non-BPDU filter port.

    5. Run:

      commit

      The configuration is committed.

Checking the Configuration

Procedure

  • Run the display stp [ interface interface-type interface-number | slot slot-id ] [ brief ] command to view the spanning-tree status and statistics.

Configuring RSTP Protection Functions

Huawei datacom devices provide the following RSTP protection functions. You can configure one or more functions.

Configuring BPDU Protection on a Switching Device

Context

Edge ports are directly connected to user terminals and normally, the edge ports will not receive BPDUs. Some attackers may send pseudo BPDUs to attach the switching device. If the edge ports receive the BPDUs, the switching device automatically configures the edge ports as non-edge ports and triggers new spanning tree calculation. Network flapping then occurs. BPDU protection can be used to protect switching devices against malicious attacks.

NOTE:

Do as follows on a switching device having an edge port:

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    stp bpdu-protection

    BPDU protection is enabled on the switching device.

    By default, BPDU protection is disabled on the switching device.

  3. Run:

    commit

    The configuration is committed.

Follow-up Procedure

To allow an edge port to automatically start after being shut down, run the error-down auto-recovery cause bpdu-protection interval interval-value command to configure the auto recovery function and set the delay on the port. After the delay expires, the port automatically goes Up. Note the following when setting this parameter:
  • By default, the auto recovery function is disabled, so there is no delay. When you enable the auto recovery function, you must specify the recovery delay.
  • A smaller value of interval-value indicates a shorter time taken for the edge port to go Up, and a more frequency at which the edge port alternates between Up and Down.
  • A larger value of interval-value indicates a longer time taken for the edge port to go Up, and a longer service interruption time.
  • The auto recovery function takes effect only for the interface that transitions to the error-down state after the error-down auto-recovery command is executed.
Configuring TC Protection on a Switching Device

Context

If attackers forge TC BPDUs to attack the switching device, the switching device receives a large number of TC BPDUs within a short time. If MAC address entries and ARP entries are deleted frequently, the switching device is heavily burdened, causing potential risks to the network.

TC protection is used to suppress TC BPDUs. The number of times that TC BPDUs are processed by a switching device within a given time period is configurable. If the number of TC BPDUs that the switching device receives within a given time exceeds the specified threshold, the switching device handles TC BPDUs only for the specified number of times. Excess TC BPDUs are processed by the switching device as a whole for once after the specified time period expires. This protects the switching device from frequently deleting MAC entries and ARP entries, therefore avoiding overburden.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    stp tc-protection

    TC protection is enabled for a switching device.

    By default, TC protection is not enabled on the switching device.

  3. Run either or both of the following commands to configure TC protection parameters.

    • To set the time for a device to process the maximum number of TC BPDUs, run the stp tc-protection interval interval-value command.

      By default, the time for a device to process the maximum number of TC BPDUs is the Hello time.

    • To set the maximum number of TC BPDUs that a device processes within a specified period, run the stp tc-protection threshold threshold command.

      By default, a device processes one TC BPDU within a specified period.

    NOTE:
    • There are two TC protection parameters: time needed to process the maximum number of TC BPDUs and the maximum number of TC BPDUs processed within a specified period. For example, if the time is set to 10 seconds and the maximum number is set to 5, when a device receives TC BPDUs, the device processes only the first 5 TC BPDUs within 10 seconds and processes the other TC BPDUs after the time expires.

    • The device processes only the maximum number of TC BPDUs specified in the stp tc-protection threshold command within the time specified in the stp tc-protection interval command. The processing of other TC BPDUs is delayed, which may slow down spanning tree convergence.

  4. Run:

    commit

    The configuration is committed.

Configuring Root Protection on a Port

Context

Due to incorrect configurations or malicious attacks on the network, a root bridge may receive BPDUs with a higher priority. Consequently, the legitimate root bridge is no longer able to serve as the root bridge and the network topology is changed, triggering spanning tree recalculation. This also may cause the traffic that should be transmitted over high-speed links to be transmitted over low-speed links, leading to network congestion. The root protection function on a switching device is used to protect the root bridge by preserving the role of the designated port.

NOTE:

Root protection takes effect only on designated ports.

Perform the following steps on the root bridge in an MST region.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    interface interface-type interface-number

    The view of the interface participating in STP calculation is displayed.

  3. Run:

    stp root-protection

    Root protection is enabled on the interface.

    By default, root protection is disabled.

    NOTE:

    Root protection takes effect only on designated ports.

    Root protection and loop protection cannot be configured on a port simultaneously.

  4. Run:

    commit

    The configuration is committed.

Configuring Loop Protection on a Port

Context

On a network running RSTP, a switching device maintains the root port status and status of blocked ports by receiving BPDUs from an upstream switching device. If the switching device cannot receive BPDUs from the upstream because of link congestion or unidirectional-link failure, the switching device re-selects a root port. The original root port becomes a designated port and the original blocked ports change to the Forwarding state. This may cause network loops. To address such a problem, configure loop protection.

After loop protection is configured, if the root port or alternate port does not receive BPDUs from the upstream switching device, the root port is blocked and the switching device notifies the NMS that the port enters the Discarding state. The blocked port remains in the Blocked state and no longer forwards packets. This prevents loops on the network. The root port restores the Forwarding state after receiving new BPDUs.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    interface interface-type interface-number

    The interface view is displayed.

  3. Run:

    stp loop-protection

    Loop protection for the root port or the alternate port is configured on the switching device.

    By default, loop protection is disabled.

    NOTE:

    An alternate port is a backup port for a root port. If a switching device has an alternate port, you need to configure loop protection on both the root port and the alternate port.

    Root protection and loop protection cannot be configured on a port simultaneously.

  4. Run:

    commit

    The configuration is committed.

Checking the Configuration

Procedure

  • Run the display stp [ interface interface-type interface-number | slot slot-id ] [ brief ] command to view the spanning-tree status and statistics.

Setting Parameters for Interworking Between the CX11x&CX31x&CX91x series switch modules and a Non-Huawei Device

To implement interworking between the CX11x&CX31x&CX91x series switch modules and a non-Huawei device, select the fast transition mode based on the Proposal/Agreement mechanism of the non-Huawei device.

Context

The switching device supports the following modes:

  • Enhanced mode: The current interface counts a root port when it calculates the synchronization flag bit.
    1. An upstream device sends a Proposal message to a downstream device requesting fast status transition. After receiving the message, the downstream device sets the port connected to the upstream device as the root port and blocks all non-edge ports.

    2. The upstream device then sends an Agreement message to the downstream device. After the downstream device receives the message, the root port transitions to the Forwarding state.

    3. The downstream device then responds with an Agreement message. After receiving the message, the upstream device sets the port connected to the downstream device as the designated port, and then the status of the designated port changes to Forwarding.

  • Common mode: The current interface ignores the root port when it calculates the synchronization flag bit.
    1. An upstream device sends a Proposal message to a downstream device requesting fast transition. After receiving the message, the downstream device sets the port connected to the upstream device as the root port and blocks all non-edge ports. Then, the status of the root port changes to Forwarding.

    2. The downstream device then responds with an Agreement message. After receiving the message, the upstream device sets the port connected to the downstream device as the designated port, and then the status of the designated port changes to Forwarding.

On a network running STP, if the CX11x&CX31x&CX91x series switch modules connect to a non-Huawei device that uses a different Proposal/Agreement mechanism, the CX11x&CX31x&CX91x series switch modules may fail to communicate with the non-Huawei device. Select the enhanced mode or common mode based on the Proposal/Agreement mechanism of the non-Huawei device.

Pre-configuration Tasks

Before setting parameters for interworking between the CX11x&CX31x&CX91x series switch modules and a non-Huawei device, complete the following task:

  • Configuring basic STP/RSTP functions

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    interface interface-type interface-number

    The view of the Ethernet interface that participates in STP calculation is displayed.

  3. Run:

    stp no-agreement-check

    The fast transition mechanism in common mode is used.

    By default, the fast transition mechanism in enhanced mode is configured on a port.

  4. Run:

    commit

    The configuration is committed.

Translation
Download
Updated: 2019-08-09

Document ID: EDOC1000041694

Views: 58082

Downloads: 3621

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next