Typical Examples of MSTP/RRPP/SEP/VBST

S300, S500, S2700, S3700, S5700, S6700, S7700, and S9700 Series Switches Typical Configuration Examples(V100 and V200)

This document provides campus networks typical configuration examples and feature typical configuration examples. "Campus Networks Typical Configuration Examples" provides typical campus network networking modes and a variety of deployment examples."Feature Typical Configuration Examples" provides typical configuration examples of a single feature on a switch. You can configure required features after deploying a campus network.

Rate and give feedback:

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

Typical Examples of MSTP/RRPP/SEP/VBST

Example for Configuring STP
Example for Configuring RSTP
Example for Configuring MSTP
Example for Configuring MSTP and VRRP
Example for Configuring a Single RRPP Ring with a Single Instance
Example for Configuring Tangent RRPP Rings
Example for Configuring RRPP Snooping on a VPLS Network
Example for Configuring SEP and MSTP on a Network
Example for Configuring SEP and RRPP on a Network
Example for Configuring VBST

Example for Configuring STP

Overview

Generally, redundant links are used on an Ethernet switching network to provide link backup and enhance network reliability. The use of redundant links, however, may produce loops, causing broadcast storms and rendering the MAC address table unstable. As a result, the communication quality deteriorates, and communication services may be interrupted. The Spanning Tree Protocol (STP) is used to solve these problems. STP prevents loops. Devices running STP discover loops on the network by exchanging information with each other, and block some ports to eliminate loops.

STP refers to STP defined in IEEE 802.1D, the Rapid Spanning Tree Protocol (RSTP) defined in IEEE 802.1w, and the Multiple Spanning Tree Protocol (MSTP) defined in IEEE 802.1s.

MSTP is compatible with RSTP and STP, and RSTP is compatible with STP. Table 3-34 compares STP, RSTP, and MSTP.

Table 3-34 Comparisons among STP, RSTP, and MSTP

Spanning Tree Protocol	Characteristics	Application Scenario
STP	Forms a loop-free tree to prevent broadcast storms and implement redundancy. Provides slow convergence.	User or service traffic does not need to be differentiated, and all VLANs share a spanning tree.
RSTP	Forms a loop-free tree to prevent broadcast storms and implement redundancy. Provides fast convergence.
MSTP	Forms multiple loop-free trees to prevent broadcast storms and implement redundancy. Provides fast convergence. Implements load balancing among VLANs and forwards traffic in different VLANs along different paths.	User or service traffic needs to be differentiated and load balanced. Traffic from different VLANs is forwarded through different spanning trees that are independent of each other.

Configuration Notes

This example applies to all versions of all S series switches.
The ports connected to terminals do not participate in STP calculation. Therefore, configure the ports as edge ports or disable STP on the ports.

Networking Requirements

After a network designer deploys a network, STP can be deployed on the network to prevent loops. When loops exist on a network, STP blocks a port to eliminate the loops. In Figure 3-92, SwitchA, SwitchB, SwitchC, and SwitchD running STP exchange STP BPDUs to discover loops on the network and block ports to prune the network into a loop-free tree network. STP prevents infinite looping of packets to ensure packet processing capabilities of switches.

Figure 3-92 STP networking

Configuration Roadmap

The configuration roadmap is as follows:

Configure the switching devices on the ring network to work in STP mode.
Configure the root bridge and secondary root bridge.
Configure the path cost of a port so that the port can be blocked.
Enable STP to eliminate loops.

Procedure

Configure basic STP functions.
1. Configure the switching devices on the ring network to work in STP mode.
  
  # Configure SwitchA to work in STP mode.
```
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] stp mode stp
```
  # Configure SwitchB to work in STP mode.
```
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] stp mode stp
```
  # Configure SwitchC to work in STP mode.
```
<HUAWEI> system-view
[HUAWEI] sysname SwitchC
[SwitchC] stp mode stp
```
  # Configure SwitchD to work in STP mode.
```
<HUAWEI> system-view
[HUAWEI] sysname SwitchD
[SwitchD] stp mode stp
```
2. Configure the root bridge and secondary root bridge.
  
  # Configure SwitchA as the root bridge.
```
[SwitchA] stp root primary
```
  # Configure SwitchD as the secondary root bridge.
```
[SwitchD] stp root secondary
```
3. Configure the path cost of a port so that the port can be blocked.
  - The path cost range depends on the algorithm. Huawei's proprietary algorithm is used as an example. Set the path costs of the ports to be blocked to 20000.
  - Switching devices on the same network must use the same algorithm to calculate the path cost of ports.
  # Configure SwitchA to use Huawei's proprietary algorithm to calculate the path cost.
```
[SwitchA] stp pathcost-standard legacy
```
  # Configure SwitchB to use Huawei's proprietary algorithm to calculate the path cost.
```
[SwitchB] stp pathcost-standard legacy
```
  # Configure SwitchC to use Huawei's proprietary algorithm to calculate the path cost.
```
[SwitchC] stp pathcost-standard legacy
```
  # Set the path cost of GigabitEthernet1/0/1 on SwitchC to 20000.
```
[SwitchC] interface gigabitethernet 1/0/1
[SwitchC-GigabitEthernet1/0/1] stp cost 20000
[SwitchC-GigabitEthernet1/0/1] quit
```
  # Configure SwitchD to use Huawei's proprietary algorithm to calculate the path cost.
```
[SwitchD] stp pathcost-standard legacy
```
4. Enable STP to eliminate loops.
  - Configure the ports connected to PCs as edge ports.
    
    # Configure GigabitEthernet1/0/2 of SwitchB as an edge port.
```
[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] stp edged-port enable
[SwitchB-GigabitEthernet1/0/2] quit
```
    (Optional) Configure BPDU protection on SwitchB.
```
[SwitchB] stp bpdu-protection
```
    # Configure GigabitEthernet1/0/2 of SwitchC as an edge port.
```
[SwitchC] interface gigabitethernet 1/0/2
[SwitchC-GigabitEthernet1/0/2] stp edged-port enable
[SwitchC-GigabitEthernet1/0/2] quit
```
    (Optional) Configure BPDU protection on SwitchC.
```
[SwitchC] stp bpdu-protection
```
    If edge ports are connected to network devices that have STP enabled and BPDU protection is enabled, the edge ports will be shut down and their attributes remain unchanged after they receive BPDUs.
  - Enable STP globally on devices.
    
    # Enable STP globally on SwitchA.
```
[SwitchA] stp enable
```
    # Enable STP globally on SwitchB.
```
[SwitchB] stp enable
```
    # Enable STP globally on SwitchC.
```
[SwitchC] stp enable
```
    # Enable STP globally on SwitchD.
```
[SwitchD] stp enable
```
Verify the configuration.
After the configuration is complete and the network topology becomes stable, perform the following operations to verify the configuration.

# Run the display stp brief command on SwitchA to view the port status and protection type. The displayed information is as follows:
```
[SwitchA] display stp brief
 MSTID  Port                        Role  STP State     Protection
   0    GigabitEthernet1/0/1        DESI  FORWARDING      NONE
   0    GigabitEthernet1/0/2        DESI  FORWARDING      NONE
```
After SwitchA is configured as the root bridge, GigabitEthernet1/0/2 and GigabitEthernet1/0/1 connected to SwitchB and SwitchD are selected as designed ports.

# Run the display stp interface gigabitethernet 1/0/1 brief command on SwitchB to check the status of GigabitEthernet1/0/1. The following information is displayed:
```
[SwitchB] display stp interface gigabitethernet 1/0/1 brief
 MSTID  Port                        Role  STP State     Protection
   0    GigabitEthernet1/0/1        DESI  FORWARDING      NONE      
```
GigabitEthernet1/0/1 becomes the designated port and is in FORWARDING state.

# Run the display stp brief command on SwitchC to check the port status.
```
[SwitchC] display stp brief
 MSTID  Port                        Role  STP State     Protection
   0    GigabitEthernet1/0/1        ALTE  DISCARDING      NONE     
   0    GigabitEthernet1/0/3        ROOT  FORWARDING      NONE      
```
GigabitEthernet1/0/3 becomes the root port and is in FORWARDING state.

GigabitEthernet1/0/1 becomes the alternate port and is in DISCARDING state.

Configuration Files

SwitchA configuration file

#
sysname SwitchA  
#
stp mode stp
stp instance 0 root primary 
stp pathcost-standard legacy
#
return

SwitchB configuration file

# 
sysname SwitchB   
# 
stp mode stp   
stp bpdu-protection
stp pathcost-standard legacy
#  
interface GigabitEthernet1/0/2   
 stp edged-port enable 
#  
return

SwitchC configuration file

# 
sysname SwitchC  
#  
stp mode stp
stp bpdu-protection 
stp pathcost-standard legacy
#  
interface GigabitEthernet1/0/1          
 stp instance 0 cost 20000 
#  
interface GigabitEthernet1/0/2     
 stp edged-port enable 
#  
return

SwitchD configuration file

# 
sysname SwitchD 
# 
stp mode stp  
stp instance 0 root secondary      
stp pathcost-standard legacy
#   
return

Example for Configuring RSTP

Overview

STP refers to STP defined in IEEE 802.1D, the Rapid Spanning Tree Protocol (RSTP) defined in IEEE 802.1w, and the Multiple Spanning Tree Protocol (MSTP) defined in IEEE 802.1s.

MSTP is compatible with RSTP and STP, and RSTP is compatible with STP. Table 3-35 compares STP, RSTP, and MSTP.

Table 3-35 Comparisons among STP, RSTP, and MSTP

Spanning Tree Protocol	Characteristics	Application Scenario
STP	Forms a loop-free tree to prevent broadcast storms and implement redundancy. Provides slow convergence.	User or service traffic does not need to be differentiated, and all VLANs share a spanning tree.
RSTP	Forms a loop-free tree to prevent broadcast storms and implement redundancy. Provides fast convergence.
MSTP	Forms multiple loop-free trees to prevent broadcast storms and implement redundancy. Provides fast convergence. Implements load balancing among VLANs and forwards traffic in different VLANs along different paths.	User or service traffic needs to be differentiated and load balanced. Traffic from different VLANs is forwarded through different spanning trees that are independent of each other.

Configuration Notes

This example applies to all versions of all S series switches.
The ports connected to terminals do not participate in RSTP calculation. Therefore, configure the ports as edge ports or disable STP on the ports.

Networking Requirements

After a network designer deploys a network, RSTP can be deployed on the network to prevent loops. When loops exist on a network, RSTP blocks a port to eliminate the loops. In Figure 3-93, SwitchA, SwitchB, SwitchC, and SwitchD running RSTP exchange RSTP BPDUs to discover loops on the network and block ports to prune the network into a loop-free tree network. RSTP prevents infinite looping of packets to ensure packet processing capabilities of switches.

Figure 3-93 RSTP networking

Configuration Roadmap

The configuration roadmap is as follows:

Configure basic RSTP functions on switching devices of the ring network.
1. Configure the switching devices on the ring network to work in RSTP mode.
2. Configure the root bridge and secondary root bridge.
3. Configure the path cost of a port so that the port can be blocked.
4. Enable RSTP to eliminate loops.
Enable protection functions to protect devices or links. For example, enable root protection on the designed port of the root bridge.

Procedure

Configure basic RSTP functions.
1. Configure the switching devices on the ring network to work in RSTP mode.
  
  # Configure SwitchA to work in RSTP mode.
```
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] stp mode rstp
```
  # Configure SwitchB to work in RSTP mode.
```
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] stp mode rstp
```
  # Configure SwitchC to work in RSTP mode.
```
<HUAWEI> system-view
[HUAWEI] sysname SwitchC
[SwitchC] stp mode rstp
```
  # Configure SwitchD to work in RSTP mode.
```
<HUAWEI> system-view
[HUAWEI] sysname SwitchD
[SwitchD] stp mode rstp
```
2. Configure the root bridge and secondary root bridge.
  
  # Configure SwitchA as the root bridge.
```
[SwitchA] stp root primary
```
  # Configure SwitchD as the secondary root bridge.
```
[SwitchD] stp root secondary
```
3. Configure the path cost of a port so that the port can be blocked.
  - The path cost range depends on the algorithm. Huawei's proprietary algorithm is used as an example. Set the path costs of the ports to be blocked to 20000.
  - Switching devices on the same network must use the same algorithm to calculate the path cost of ports.
  # Configure SwitchA to use Huawei's proprietary algorithm to calculate the path cost.
```
[SwitchA] stp pathcost-standard legacy
```
  # Configure SwitchB to use Huawei's proprietary algorithm to calculate the path cost.
```
[SwitchB] stp pathcost-standard legacy
```
  # Configure SwitchC to use Huawei's proprietary algorithm to calculate the path cost.
```
[SwitchC] stp pathcost-standard legacy
```
  # Set the path cost of GigabitEthernet1/0/1 on SwitchC to 20000.
```
[SwitchC] interface gigabitethernet 1/0/1
[SwitchC-GigabitEthernet1/0/1] stp cost 20000
[SwitchC-GigabitEthernet1/0/1] quit
```
  # Configure SwitchD to use Huawei's proprietary algorithm to calculate the path cost.
```
[SwitchD] stp pathcost-standard legacy
```
4. Enable RSTP to eliminate loops.
  - Configure the ports connected to PCs as edge ports.
    
    # Configure GigabitEthernet1/0/2 on SwitchB as an edge port.
```
[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] stp edged-port enable
[SwitchB-GigabitEthernet1/0/2] quit
```
    (Optional) Configure BPDU protection on SwitchB.
```
[SwitchB] stp bpdu-protection
```
    # Configure GigabitEthernet1/0/2 on SwitchC as an edge port.
```
[SwitchC] interface gigabitethernet 1/0/2
[SwitchC-GigabitEthernet1/0/2] stp edged-port enable
[SwitchC-GigabitEthernet1/0/2] quit
```
    (Optional) Configure BPDU protection on SwitchC.
```
[SwitchC] stp bpdu-protection
```
    If edge ports are connected to network devices that have STP enabled and BPDU protection is enabled, the edge ports will be shut down and their attributes remain unchanged after they receive BPDUs.
  - Enable RSTP globally on devices.
    
    # Enable RSTP on SwitchA.
```
[SwitchA] stp enable
```
    # Enable RSTP globally on SwitchB.
```
[SwitchB] stp enable
```
    # Enable RSTP globally on SwitchC.
```
[SwitchC] stp enable
```
    # Enable RSTP globally on SwitchD.
```
[SwitchD] stp enable
```

Enable protection functions. The following uses root protection on the designated port of the root bridge as an example.

# Configure root protection on GigabitEthernet1/0/1 of SwitchA.

[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] stp root-protection
[SwitchA-GigabitEthernet1/0/1] quit

# Configure root protection on GigabitEthernet1/0/2 of SwitchA.

[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] stp root-protection
[SwitchA-GigabitEthernet1/0/2] quit

Verify the configuration.
After the configuration is complete and the network topology becomes stable, perform the following operations to verify the configuration.

# Run the display stp brief command on SwitchA to view the status and protection type on the ports. The displayed information is as follows:
```
[SwitchA] display stp brief
 MSTID  Port                        Role  STP State     Protection
   0    GigabitEthernet1/0/1        DESI  FORWARDING      ROOT
   0    GigabitEthernet1/0/2        DESI  FORWARDING      ROOT
```
After SwitchA is configured as the root bridge, GigabitEthernet1/0/2 and GigabitEthernet1/0/1 connected to SwitchB and SwitchD become designed ports and configured with root protection.

# Run the display stp interface gigabitethernet 1/0/1 brief command on SwitchB to check the status of GigabitEthernet1/0/1. The following information is displayed:
```
[SwitchB] display stp interface gigabitethernet 1/0/1 brief
 MSTID  Port                        Role  STP State     Protection
   0    GigabitEthernet1/0/1        DESI  FORWARDING      NONE      
```
GigabitEthernet1/0/1 becomes the designated port and is in FORWARDING state.

# Run the display stp brief command on SwitchC to check the port status.
```
[SwitchC] display stp brief
 MSTID  Port                        Role  STP State     Protection
   0    GigabitEthernet1/0/1        ALTE  DISCARDING      NONE     
   0    GigabitEthernet1/0/2        DESI  FORWARDING      NONE     
   0    GigabitEthernet1/0/3        ROOT  FORWARDING      NONE     
```
GE1/0/1 becomes the alternate port and is in DISCARDING state.

GE1/0/3 becomes the root port and is in FORWARDING state.

Configuration Files

SwitchA configuration file

#
sysname SwitchA                 
#                                
stp mode rstp                   
stp instance 0 root primary     
stp pathcost-standard legacy
#                                
interface GigabitEthernet1/0/1  
 stp root-protection             
#                                
interface GigabitEthernet1/0/2  
 stp root-protection             
#
return

SwitchB configuration file

#                                
sysname SwitchB               
#                                
stp mode rstp
stp bpdu-protection                   
stp pathcost-standard legacy
#                             
interface GigabitEthernet1/0/2        
 stp edged-port enable
#                                
return

SwitchC configuration file

#                                
sysname SwitchC                                   
#                                
stp mode rstp
stp bpdu-protection                   
stp pathcost-standard legacy
#                                
interface GigabitEthernet1/0/1       
 stp instance 0 cost 20000       
#                                
interface GigabitEthernet1/0/2        
 stp edged-port enable
#                                
return

SwitchD configuration file

#                                
sysname SwitchD                        
#                                
stp mode rstp                   
stp instance 0 root secondary   
stp pathcost-standard legacy
#                                
return

Example for Configuring MSTP

Overview

STP refers to STP defined in IEEE 802.1D, the Rapid Spanning Tree Protocol (RSTP) defined in IEEE 802.1w, and the Multiple Spanning Tree Protocol (MSTP) defined in IEEE 802.1s.

MSTP is compatible with RSTP and STP, and RSTP is compatible with STP. Table 3-36 compares STP, RSTP, and MSTP.

Table 3-36 Comparisons among STP, RSTP, and MSTP

Spanning Tree Protocol	Characteristics	Application Scenario
STP	Forms a loop-free tree to prevent broadcast storms and implement redundancy. Provides slow convergence.	User or service traffic does not need to be differentiated, and all VLANs share a spanning tree.
RSTP	Forms a loop-free tree to prevent broadcast storms and implement redundancy. Provides fast convergence.
MSTP	Forms multiple loop-free trees to prevent broadcast storms and implement redundancy. Provides fast convergence. Implements load balancing among VLANs and forwards traffic in different VLANs along different paths.	User or service traffic needs to be differentiated and load balanced. Traffic from different VLANs is forwarded through different spanning trees that are independent of each other.

Configuration Notes

This example applies to all versions of all S series switches.
The ports connected to terminals do not participate in MSTP calculation. Therefore, configure the ports as edge ports or disable STP on the ports.

Networking Requirements

To implement redundancy on a complex network, network designers tend to deploy multiple physical links between two devices, one of which is the primary link and the others are backup links. Loops may occur, causing broadcast storms or rendering the MAC address table unstable. MSTP can be used to prevent loops. MSTP blocks redundant links and prunes a network into a tree topology free from loops.

In Figure 3-94, SwitchA, SwitchB, SwitchC, and SwitchD run MSTP. MSTP uses multiple instances to implement load balancing of traffic in VLANs 2 to 10 and VLANs 11 to 20. The VLAN mapping table that defines the mapping between VLANs and MSTIs can be used.

Figure 3-94 MSTP networking

Configuration Roadmap

The configuration roadmap is as follows:

Configure basic MSTP functions on switching devices of the ring network.
Enable protection functions to protect devices or links. For example, enable root protection on the designed port of the root bridge in each MSTI.

When the link between the root bridge and secondary root bridge goes Down, the port enabled with root protection becomes Discarding because root protection takes effect.

To improve reliability, you are advised to bind the link between the root bridge and secondary root bridge to an Eth-Trunk.
Configure Layer 2 forwarding on devices.

Procedure

Configure basic MSTP functions.

Configure SwitchA, SwitchB, SwitchC, and SwitchD (access switches) in the MST region RG1 and create MSTI 1 and MSTI 2.

Two switches belong to the same MST region when they have the same:

Name of the MST region
Mapping between VLANs and MSTIs
Revision level of the MST region

# Configure an MST region of root bridge SwitchA in MSTI 1.

<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] stp region-configuration
[SwitchA-mst-region] region-name RG1 //Configure the region name as RG1.
[SwitchA-mst-region] instance 1 vlan 2 to 10 //Map VLANs 2 to 10 to MSTI 1.
[SwitchA-mst-region] instance 2 vlan 11 to 20 //Map VLANs 11 to 20 to MSTI 2.
[SwitchA-mst-region] active region-configuration //Activate the MST region configuration.
[SwitchA-mst-region] quit

# Configure an MST region of root bridge SwitchB in MSTI 1.

<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] stp region-configuration
[SwitchB-mst-region] region-name RG1 //Configure the region name as RG1.
[SwitchB-mst-region] instance 1 vlan 2 to 10 //Map VLANs 2 to 10 to MSTI 1.
[SwitchB-mst-region] instance 2 vlan 11 to 20 //Map VLANs 11 to 20 to MSTI 2.
[SwitchB-mst-region] active region-configuration //Activate the MST region configuration.
[SwitchB-mst-region] quit

# Configure an MST region of SwitchC.

<HUAWEI> system-view
[HUAWEI] sysname SwitchC
[SwitchC] stp region-configuration
[SwitchC-mst-region] region-name RG1 //Configure the region name as RG1.
[SwitchC-mst-region] instance 1 vlan 2 to 10 //Map VLANs 2 to 10 to MSTI 1.
[SwitchC-mst-region] instance 2 vlan 11 to 20 //Map VLANs 11 to 20 to MSTI 2.
[SwitchC-mst-region] active region-configuration //Activate the MST region configuration.
[SwitchC-mst-region] quit

# Configure an MST region of SwitchD.

<HUAWEI> system-view
[HUAWEI] sysname SwitchD
[SwitchD] stp region-configuration
[SwitchD-mst-region] region-name RG1 //Configure the region name as RG1.
[SwitchD-mst-region] instance 1 vlan 2 to 10 //Map VLANs 2 to 10 to MSTI 1.
[SwitchD-mst-region] instance 2 vlan 11 to 20 //Map VLANs 11 to 20 to MSTI 2.
[SwitchD-mst-region] active region-configuration //Activate the MST region configuration.
[SwitchD-mst-region] quit

Configure root bridges and secondary root bridges of MSTI 1 and MSTI 2 in the MST region RG1.
- Configure the root bridge and secondary root bridge in MSTI 1.
  
  # Configure SwitchA as the root bridge in MSTI 1.
```
[SwitchA] stp instance 1 root primary
```
  # Configure SwitchB as the secondary root bridge in MSTI 1.
```
[SwitchB] stp instance 1 root secondary
```
- Configure the root bridge and secondary root bridge in MSTI 2.
  
  # Configure SwitchB as the root bridge in MSTI 2.
```
[SwitchB] stp instance 2 root primary
```
  # Configure SwitchA as the secondary root bridge in MSTI 2.
```
[SwitchA] stp instance 2 root secondary
```
Set the path costs of the ports to be blocked in MSTI 1 and MSTI 2 to be larger than the default values.
- The path cost range depends on the algorithm. Huawei's proprietary algorithm is used as an example. Set the path costs of the ports to be blocked in MSTI 1 and MSTI 2 to 20000.
- Switching devices on the same network must use the same algorithm to calculate the path cost of ports.
Configure SwitchA to use Huawei's proprietary algorithm to calculate the path cost.
```
[SwitchA] stp pathcost-standard legacy
```
# Configure SwitchB to use Huawei's proprietary algorithm to calculate the path cost.
```
[SwitchB] stp pathcost-standard legacy
```
# Configure SwitchC to use Huawei's proprietary algorithm to calculate the path cost and set the path cost of GE1/0/2 to 20000 in MSTI 2.
```
[SwitchC] stp pathcost-standard legacy
[SwitchC] interface gigabitethernet 1/0/2
[SwitchC-GigabitEthernet1/0/2] stp instance 2 cost 20000
[SwitchC-GigabitEthernet1/0/2] quit
```
# Configure SwitchD to use Huawei's proprietary algorithm to calculate the path cost and set the path cost of GE1/0/2 to 20000 in MSTI 1.
```
[SwitchD] stp pathcost-standard legacy
[SwitchD] interface gigabitethernet 1/0/2
[SwitchD-GigabitEthernet1/0/2] stp instance 1 cost 20000
[SwitchD-GigabitEthernet1/0/2] quit
```
Enable MSTP to eliminate loops.
- Enable MSTP globally on devices.
```
[SwitchA] stp enable
```
  # Enable MSTP on SwitchB.
```
[SwitchB] stp enable
```
  # Enable MSTP on SwitchC.
```
[SwitchC] stp enable
```
  # Enable MSTP on SwitchD.
```
[SwitchD] stp enable
```
- Configure the ports connected to the terminal as edge ports.
  
  # Configure GE1/0/1 of SwitchC as an edge port.
```
[SwitchC] interface gigabitethernet 1/0/1
[SwitchC-GigabitEthernet1/0/1] stp edged-port enable
[SwitchC-GigabitEthernet1/0/1] quit
```
  (Optional) Configure BPDU protection on SwitchC.
```
[SwitchC] stp bpdu-protection
```
  # Configure GE1/0/1 of SwitchC as an edge port.
```
[SwitchD] interface gigabitethernet 1/0/1
[SwitchD-GigabitEthernet1/0/1] stp edged-port enable
[SwitchD-GigabitEthernet1/0/1] quit
```
  (Optional) Configure BPDU protection on SwitchD.
```
[SwitchD] stp bpdu-protection
```
  If edge ports are connected to network devices that have STP enabled and BPDU protection is enabled, the edge ports will be shut down and their attributes remain unchanged after they receive BPDUs.

Enable protection functions. For example, enable root protection on the designed port of the root bridge in each MSTI.

# Enable root protection on GE1/0/1 of SwitchA.

[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] stp root-protection
[SwitchA-GigabitEthernet1/0/1] quit

# Enable root protection on GE1/0/1 of SwitchB.

[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] stp root-protection
[SwitchB-GigabitEthernet1/0/1] quit

Configure Layer 2 forwarding on switches of the ring network.

Create VLANs 2 to 20 on SwitchA, SwitchB, SwitchC, and SwitchD.

# Create VLANs 2 to 20 on SwitchA.
```
[SwitchA] vlan batch 2 to 20
```
# Create VLANs 2 to 20 on SwitchB.
```
[SwitchB] vlan batch 2 to 20
```
# Create VLANs 2 to 20 on SwitchC.
```
[SwitchC] vlan batch 2 to 20
```
# Create VLANs 2 to 20 on SwitchD.
```
[SwitchD] vlan batch 2 to 20
```

Add ports connected to the ring to VLANs.

# Add GE1/0/1 on SwitchA to VLANs.

[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] port link-type trunk
[SwitchA-GigabitEthernet1/0/1] port trunk allow-pass vlan 2 to 20
[SwitchA-GigabitEthernet1/0/1] quit

# Add Eth-Trunk1 on SwitchA to VLANs.

[SwitchA] interface Eth-Trunk 1
[SwitchA-Eth-Trunk1] trunkport gigabitethernet 1/0/2
[SwitchA-Eth-Trunk1] trunkport gigabitethernet 1/0/3
[SwitchA-Eth-Trunk1] port link-type trunk
[SwitchA-Eth-Trunk1] port trunk allow-pass vlan 2 to 20
[SwitchA-Eth-Trunk1] quit

# Add GE1/0/1 on SwitchB to VLANs.

[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] port link-type trunk
[SwitchB-GigabitEthernet1/0/1] port trunk allow-pass vlan 2 to 20
[SwitchB-GigabitEthernet1/0/1] quit

# Add Eth-Trunk1 on SwitchB to VLANs.

[SwitchB] interface Eth-Trunk 1
[SwitchB-Eth-Trunk1] trunkport gigabitethernet 1/0/2
[SwitchB-Eth-Trunk1] trunkport gigabitethernet 1/0/3
[SwitchB-Eth-Trunk1] port link-type trunk
[SwitchB-Eth-Trunk1] port trunk allow-pass vlan 2 to 20
[SwitchB-Eth-Trunk1] quit

# Add GE1/0/1 on SwitchC to VLANs.

[SwitchC] interface gigabitethernet 1/0/1
[SwitchC-GigabitEthernet1/0/1] port link-type access
[SwitchC-GigabitEthernet1/0/1] port default vlan 2
[SwitchC-GigabitEthernet1/0/1] quit

# Add GE1/0/2 on SwitchC to VLANs.

[SwitchC] interface gigabitethernet 1/0/2
[SwitchC-GigabitEthernet1/0/2] port link-type trunk
[SwitchC-GigabitEthernet1/0/2] port trunk allow-pass vlan 2 to 20
[SwitchC-GigabitEthernet1/0/2] quit

# Add GE1/0/3 on SwitchC to VLANs.

[SwitchC] interface gigabitethernet 1/0/3
[SwitchC-GigabitEthernet1/0/3] port link-type trunk
[SwitchC-GigabitEthernet1/0/3] port trunk allow-pass vlan 2 to 20
[SwitchC-GigabitEthernet1/0/3] quit

# Add GE1/0/1 on SwitchD to VLANs.

[SwitchD] interface gigabitethernet 1/0/1
[SwitchD-GigabitEthernet1/0/1] port link-type access
[SwitchD-GigabitEthernet1/0/1] port default vlan 11
[SwitchD-GigabitEthernet1/0/1] quit

# Add GE1/0/2 on SwitchD to VLANs.

[SwitchD] interface gigabitethernet 1/0/2
[SwitchD-GigabitEthernet1/0/2] port link-type trunk
[SwitchD-GigabitEthernet1/0/2] port trunk allow-pass vlan 2 to 20
[SwitchD-GigabitEthernet1/0/2] quit

# Add GE1/0/3 on SwitchD to VLANs.

[SwitchD] interface gigabitethernet 1/0/3
[SwitchD-GigabitEthernet1/0/3] port link-type trunk
[SwitchD-GigabitEthernet1/0/3] port trunk allow-pass vlan 2 to 20
[SwitchD-GigabitEthernet1/0/3] quit

Verify the configuration.

After the configuration is complete and the network topology becomes stable, perform the following operations to verify the configuration.

MSTI 1 and MSTI 2 are used as examples, so you do not need to check the port status in MSTI 0.

# Run the display stp brief command on SwitchA to view the port status and protection type. The displayed information is as follows:

[SwitchA] display stp brief
 MSTID  Port                        Role  STP State       Protection
   0    GigabitEthernet1/0/1        DESI  FORWARDING      ROOT
   0    Eth-Trunk1                  DESI  FORWARDING      NONE
   1    GigabitEthernet1/0/1        DESI  FORWARDING      ROOT
   1    Eth-Trunk1                  DESI  FORWARDING      NONE
   2    GigabitEthernet1/0/1        DESI  FORWARDING      ROOT
   2    Eth-Trunk1                  ROOT  FORWARDING      NONE

In MSTI 1, Eth-Trunk1 and GE1/0/1 on SwitchA are designed ports because SwitchA is the root bridge. In MSTI 2, GE1/0/1 on SwitchA is the designed port and Eth-Trunk1 is the root port.

# Run the display stp brief command on SwitchB. The following information is displayed:

[SwitchB] display stp brief
 MSTID  Port                        Role  STP State       Protection
   0    GigabitEthernet1/0/1        DESI  FORWARDING      ROOT
   0    Eth-Trunk1                  ROOT  FORWARDING      NONE
   1    GigabitEthernet1/0/1        DESI  FORWARDING      ROOT
   1    Eth-Trunk1                  ROOT  FORWARDING      NONE
   2    GigabitEthernet1/0/1        DESI  FORWARDING      ROOT
   2    Eth-Trunk1                  DESI  FORWARDING      NONE

In MSTI 2, GE1/0/1 and Eth-Trunk1 on SwitchB are designed ports because SwitchB is the root bridge. In MSTI 1, GE1/0/1 on SwitchB is the designed port and Eth-Trunk1 is the root port.

# Run the display stp interface brief command on SwitchC. The following information is displayed:

[SwitchC] display stp interface gigabitethernet 1/0/3 brief
 MSTID  Port                        Role  STP State       Protection
   0    GigabitEthernet1/0/3        ROOT  FORWARDING      NONE
   1    GigabitEthernet1/0/3        ROOT  FORWARDING      NONE
   2    GigabitEthernet1/0/3        ROOT  FORWARDING      NONE

[SwitchC] display stp interface gigabitethernet 1/0/2 brief
 MSTID  Port                        Role  STP State       Protection
   0    GigabitEthernet1/0/2        DESI  FORWARDING      NONE
   1    GigabitEthernet1/0/2        DESI  FORWARDING      NONE
   2    GigabitEthernet1/0/2        ALTE  DISCARDING      NONE

GE1/0/3 on SwitchC is the root port in MSTI 1 and MSTI 2. GE1/0/2 on SwitchC is blocked in MSTI 2 and is the designated port in MSTI 1.

# Run the display stp interface brief command on SwitchD. The following information is displayed:

[SwitchD] display stp interface gigabitethernet 1/0/3 brief
 MSTID  Port                        Role  STP State       Protection
   0    GigabitEthernet1/0/3        ROOT  FORWARDING      NONE
   1    GigabitEthernet1/0/3        ROOT  FORWARDING      NONE
   2    GigabitEthernet1/0/3        ROOT  FORWARDING      NONE

[SwitchD] display stp interface gigabitethernet 1/0/2 brief
 MSTID  Port                        Role  STP State       Protection
   0    GigabitEthernet1/0/2        ALTE  DISCARDING      NONE
   1    GigabitEthernet1/0/2        ALTE  DISCARDING      NONE
   2    GigabitEthernet1/0/2        DESI  FORWARDING      NONE

GE1/0/3 on SwitchD is the root port in MSTI 1 and MSTI 2. GE1/0/2 on SwitchD is blocked in MSTI 1 and is the designated port in MSTI 2.

Configuration Files

SwitchA configuration file

#
sysname SwitchA
#
vlan batch 2 to 20
#
stp instance 1 root primary
stp instance 2 root secondary
stp pathcost-standard legacy
#
stp region-configuration
 region-name RG1
 instance 1 vlan 2 to 10
 instance 2 vlan 11 to 20
 active region-configuration
#
interface Eth-Trunk1
 port link-type trunk
 port trunk allow-pass vlan 2 to 20
#
interface GigabitEthernet1/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 20
 stp root-protection
#
interface GigabitEthernet1/0/2
 eth-trunk 1
#
interface GigabitEthernet1/0/3
 eth-trunk 1
#
return

SwitchB configuration file

#
sysname SwitchB
#
vlan batch 2 to 20
#
stp instance 1 root secondary
stp instance 2 root primary
stp pathcost-standard legacy
#
stp region-configuration
 region-name RG1
 instance 1 vlan 2 to 10
 instance 2 vlan 11 to 20
 active region-configuration
#
interface Eth-Trunk1
 port link-type trunk
 port trunk allow-pass vlan 2 to 20
#
interface GigabitEthernet1/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 20
 stp root-protection
#
interface GigabitEthernet1/0/2
 eth-trunk 1
#
interface GigabitEthernet1/0/3
 eth-trunk 1
#
return

SwitchC configuration file

#
sysname SwitchC
#
vlan batch 2 to 20
#
stp bpdu-protection
stp pathcost-standard legacy
#
stp region-configuration
 region-name RG1
 instance 1 vlan 2 to 10
 instance 2 vlan 11 to 20
 active region-configuration
#
interface GigabitEthernet1/0/1
 port link-type access
 port default vlan 2
 stp edged-port enable 
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk allow-pass vlan 2 to 20
 stp instance 2 cost 20000
#
interface GigabitEthernet1/0/3
 port link-type trunk
 port trunk allow-pass vlan 2 to 20
#
return

SwitchD configuration file

#
sysname SwitchD
#
vlan batch 2 to 20
#
stp bpdu-protection
stp pathcost-standard legacy
#
stp region-configuration
 region-name RG1
 instance 1 vlan 2 to 10
 instance 2 vlan 11 to 20
 active region-configuration
#
interface GigabitEthernet1/0/1
 port link-type access
 port default vlan 11
 stp edged-port enable 
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk allow-pass vlan 2 to 20
 stp instance 1 cost 20000
#
interface GigabitEthernet1/0/3
 port link-type trunk
 port trunk allow-pass vlan 2 to 20
#
return

Example for Configuring MSTP and VRRP

Overview

When VRRP is deployed on a network, multiple devices transmit services simultaneously. Each virtual device consists of one master and several backups. If redundant links need to be deployed for access backup, MSTP needs to be deployed to eliminate loops and ensure load balancing of traffic.

Configuration Notes

The ports connected to terminals do not participate in MSTP calculation. Therefore, configure the ports as edge ports or disable STP on the ports.
This example applies to the following products:
- S2720-EI: V200R011C10 and later versions
- S2730S-S
- S3700-EI, S3700-HI
- S5720-LI, S5720S-LI, S5720-SI, S5720S-SI, S5720I-SI, S5700-EI, S5700-HI, S5710-EI, S5720-EI, S5710-HI, S5720-HI, S5730-HI, S5730-SI, S5730S-EI, S5731-H, S5731-S, S5731S-S, S5731S-H, S5732-H, S5735-L-I, S5735-L1, S300, S5735-L, S5735S-L, S5735S-L1, S5735S-L-M, S5735-S-I, S5735S-H, S5736-S, S5735-S, S500, S5735S-S
- S6720-LI, S6720S-LI, S6720-SI, S6720S-SI, S6700-EI, S6720-EI, S6720S-EI, S6720-HI, S6730-H, S6730S-H, S6730-S, S6730S-S
- S7703, S7706, S7712, S7703 PoE, S7706 PoE
- S9703, S9706, S9712

For the product models whose applicable versions are not listed above, see Table 3-1 in "Applicable Products and Versions" for details.

To view detailed information about software mappings, visit Info-Finder, select a product series or product model, and click Hardware Center.

Networking Requirements

In Figure 3-95, hosts connect to the network through SwitchC. SwitchC is dual-homed to SwitchA and SwitchB and connects to the Internet. Redundant links are deployed for access backup. The use of redundant links, however, may produce loops, causing broadcast storms and rendering the MAC address table unstable.

It is required that network loops be prevented when redundant links are deployed, traffic be switched to another link when one link is disconnected, and network bandwidth be effectively used.

MSTP can be configured on the network. MSTP blocks redundant links and prunes a network into a tree topology free from loops. VRRP can be configured on SwitchA and SwitchB. HostA connects to the Internet with SwitchA as the default gateway and SwitchB as the backup gateway; HostB connects to the Internet with SwitchB as the default gateway and SwitchA as the backup gateway. This setting implements reliability and traffic load balancing.

Figure 3-95 Networking for configuring MSTP and VRRP

Device	Interface	VLANIF Interface	IP Address
SwitchA	GE1/0/1 and GE1/0/2	VLANIF 2	10.1.2.102/24
	GE1/0/1 and GE1/0/2	VLANIF 3	10.1.3.102/24
	GE1/0/3	VLANIF 4	10.1.4.102/24
SwitchB	GE1/0/1 and GE1/0/2	VLANIF 2	10.1.2.103/24
	GE1/0/1 and GE1/0/2	VLANIF 3	10.1.3.103/24
	GE1/0/3	VLANIF 5	10.1.5.103/24

Configuration Roadmap

The configuration roadmap is as follows:

Configure basic MSTP functions on switching devices of the ring network.
1. Configure an MST region and create multi-instance, and map VLAN 2 to MSTI 1 and VLAN 3 to MSTI 2 to load balance traffic.
2. Configure the root bridge and secondary root bridge in each MST region.
3. Configure the path cost of a port in each MSTI so that the port can be blocked.
4. Enable MSTP to prevent loops.
  - Enable MSTP globally.
  - Enable MSTP on all ports except the ports connected to hosts.
Enable protection functions to protect devices or links. For example, enable root protection on the designed port of the root bridge in each MSTI.
Configure Layer 2 forwarding on devices.
Assign an IP address to each interface and configure a routing protocol to ensure network connectivity.

In this example, SwitchA and SwitchB need to support VRRP and OSPF. For details about the models supporting VRRP and OSPF, see the documentation.
Create VRRP groups 1 and 2 on SwitchA and SwitchB. In VRRP group 1, configure SwitchA as the master and SwitchB as the backup. In VRRP group 2, configure SwitchB as the master and SwitchA as the backup.

Procedure

Configure basic MSTP functions.

Configure SwitchA, SwitchB, and SwitchC in the MST region RG1 and create MSTI 1 and MSTI 2.

# Configure an MST region on SwitchA.

<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] stp region-configuration //Enter the MST region view.
[SwitchA-mst-region] region-name RG1 //Configure the region name as RG1.
[SwitchA-mst-region] instance 1 vlan 2 //Maps VLAN 2 to MSTI 1.
[SwitchA-mst-region] instance 2 vlan 3 //Maps VLAN 3 to MSTI 2.
[SwitchA-mst-region] active region-configuration //Activate the MST region configuration.
[SwitchA-mst-region] quit

# Configure an MST region on SwitchB.

<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] stp region-configuration //Enter the MST region view.
[SwitchB-mst-region] region-name RG1 //Configure the region name as RG1.
[SwitchB-mst-region] instance 1 vlan 2 //Maps VLAN 2 to MSTI 1.
[SwitchB-mst-region] instance 2 vlan 3 //Maps VLAN 3 to MSTI 2.
[SwitchB-mst-region] active region-configuration //Activate the MST region configuration.
[SwitchB-mst-region] quit

# Configure an MST region on SwitchC.

<HUAWEI> system-view
[HUAWEI] sysname SwitchC
[SwitchC] stp region-configuration //Enter the MST region view.
[SwitchC-mst-region] region-name RG1 //Configure the region name as RG1.
[SwitchC-mst-region] instance 1 vlan 2 //Maps VLAN 2 to MSTI 1.
[SwitchC-mst-region] instance 2 vlan 3 //Maps VLAN 3 to MSTI 2.
[SwitchC-mst-region] active region-configuration //Activate the MST region configuration.
[SwitchC-mst-region] quit

Configure root bridges and secondary root bridges of MSTI 1 and MSTI 2 in the MST region RG1.
- Configure the root bridge and secondary root bridge in MSTI 1.
  
  # Configure SwitchA as the root bridge in MSTI 1.
```
[SwitchA] stp instance 1 root primary
```
  # Configure SwitchB as the secondary root bridge in MSTI 1.
```
[SwitchB] stp instance 1 root secondary
```
- Configure the root bridge and secondary root bridge in MSTI 2.
  
  # Configure SwitchB as the root bridge in MSTI 2.
```
[SwitchB] stp instance 2 root primary
```
  # Configure SwitchA as the secondary root bridge in MSTI 2.
```
[SwitchA] stp instance 2 root secondary
```
Set the path costs of the ports to be blocked in MSTI 1 and MSTI 2 to be larger than the default values.
- The path cost range depends on the algorithm. Huawei's proprietary algorithm is used as an example. Set the path costs of the ports to be blocked in MSTI 1 and MSTI 2 to 20000.
- Switching devices on the same network must use the same algorithm to calculate the path cost of ports.
# Configure SwitchA to use Huawei's proprietary algorithm to calculate the path cost.
```
[SwitchA] stp pathcost-standard legacy
```
# Configure SwitchB to use Huawei's proprietary algorithm to calculate the path cost.
```
[SwitchB] stp pathcost-standard legacy
```
# Configure SwitchC to use Huawei's proprietary algorithm to calculate the path cost, and set the path cost of GE1/0/1 in MSTI 2 to 20000 and path cost of GE1/0/4 in MSTI 1 to 20000.
```
[SwitchC] stp pathcost-standard legacy
[SwitchC] interface gigabitethernet 1/0/1
[SwitchC-GigabitEthernet1/0/1] stp instance 2 cost 20000
[SwitchC-GigabitEthernet1/0/1] quit
[SwitchC] interface gigabitethernet 1/0/4
[SwitchC-GigabitEthernet1/0/4] stp instance 1 cost 20000
[SwitchC-GigabitEthernet1/0/4] quit
```

Enable MSTP to eliminate loops.

Enable MSTP globally on devices.

# Enable MSTP on SwitchA.
```
[SwitchA] stp enable
```
# Enable MSTP on SwitchB.
```
[SwitchB] stp enable
```
# Enable MSTP on SwitchC.
```
[SwitchC] stp enable
```

Configure the ports connected to hosts as edge ports.

[SwitchC] interface gigabitethernet 1/0/2
[SwitchC-GigabitEthernet1/0/2] stp edged-port enable
[SwitchC-GigabitEthernet1/0/2] quit
[SwitchC] interface gigabitethernet 1/0/3
[SwitchC-GigabitEthernet1/0/3] stp edged-port enable
[SwitchC-GigabitEthernet1/0/3] quit

(Optional) Configure BPDU protection on SwitchC.

[SwitchC] stp bpdu-protection

Configure the ports connected to the router as edge ports.

# Configure the SwitchA.
```
[SwitchA] interface gigabitethernet 1/0/3
[SwitchA-GigabitEthernet1/0/3] stp edged-port enable
[SwitchA-GigabitEthernet1/0/3] quit
```
(Optional) Configure BPDU protection on SwitchA.
```
[SwitchA] stp bpdu-protection
```
# Configure the SwitchB.
```
[SwitchB] interface gigabitethernet 1/0/3
[SwitchB-GigabitEthernet1/0/3] stp edged-port enable
[SwitchB-GigabitEthernet1/0/3] quit
```
(Optional) Configure BPDU protection on SwitchB.
```
[SwitchB] stp bpdu-protection
```
If edge ports are connected to network devices that have STP enabled and BPDU protection is enabled, the edge ports will be shut down and their attributes remain unchanged after they receive BPDUs.

Enable protection functions. For example, enable root protection on the designed port of the root bridge in each MSTI.

# Enable root protection on GE1/0/1 of SwitchA.

[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] stp root-protection
[SwitchA-GigabitEthernet1/0/1] quit

# Enable root protection on GE1/0/1 of SwitchB.

[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] stp root-protection
[SwitchB-GigabitEthernet1/0/1] quit

Configure Layer 2 forwarding on switches of the ring network.

Create VLAN 2 and VLAN 3 on SwitchA, SwitchB, and SwitchC.

# Create VLAN 2 and VLAN 3 on SwitchA.
```
[SwitchA] vlan batch 2 to 3
```
# Create VLAN 2 and VLAN 3 on SwitchB.
```
[SwitchB] vlan batch 2 to 3
```
# Create VLAN 2 and VLAN 3 on SwitchC.
```
[SwitchC] vlan batch 2 to 3
```

Add ports connected to the ring to VLANs.

# Add GE1/0/1 on SwitchA to VLANs.

[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] port link-type trunk
[SwitchA-GigabitEthernet1/0/1] port trunk allow-pass vlan 2 to 3
[SwitchA-GigabitEthernet1/0/1] quit

# Add GE1/0/2 on SwitchA to VLANs.

[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] port link-type trunk
[SwitchA-GigabitEthernet1/0/2] port trunk allow-pass vlan 2 to 3
[SwitchA-GigabitEthernet1/0/2] quit

# Add GE1/0/1 on SwitchB to VLANs.

[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] port link-type trunk
[SwitchB-GigabitEthernet1/0/1] port trunk allow-pass vlan 2 to 3
[SwitchB-GigabitEthernet1/0/1] quit

# Add GE1/0/2 on SwitchB to VLANs.

[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] port link-type trunk
[SwitchB-GigabitEthernet1/0/2] port trunk allow-pass vlan 2 to 3
[SwitchB-GigabitEthernet1/0/2] quit

# Add GE1/0/1 on SwitchC to VLANs.

[SwitchC] interface gigabitethernet 1/0/1
[SwitchC-GigabitEthernet1/0/1] port link-type trunk
[SwitchC-GigabitEthernet1/0/1] port trunk allow-pass vlan 2 to 3
[SwitchC-GigabitEthernet1/0/1] quit

# Add GE1/0/2 on SwitchC to VLANs.

[SwitchC] interface gigabitethernet 1/0/2
[SwitchC-GigabitEthernet1/0/2] port link-type access
[SwitchC-GigabitEthernet1/0/2] port default vlan 2
[SwitchC-GigabitEthernet1/0/2] quit

# Add GE1/0/3 on SwitchC to VLANs.

[SwitchC] interface gigabitethernet 1/0/3
[SwitchC-GigabitEthernet1/0/3] port link-type access
[SwitchC-GigabitEthernet1/0/3] port default vlan 3
[SwitchC-GigabitEthernet1/0/3] quit

# Add GE1/0/4 on SwitchC to VLANs.

[SwitchC] interface gigabitethernet 1/0/4
[SwitchC-GigabitEthernet1/0/4] port link-type trunk
[SwitchC-GigabitEthernet1/0/4] port trunk allow-pass vlan 2 to 3
[SwitchC-GigabitEthernet1/0/4] quit

Verify the configuration.

After the configuration is complete and the network topology becomes stable, perform the following operations to verify the configuration.

MSTI 1 and MSTI 2 are used as examples, so you do not need to check the port status in MSTI 0.

# Run the display stp brief command on SwitchA to view the port status and protection type. The displayed information is as follows:

[SwitchA] display stp brief
 MSTID      Port                        Role  STP State       Protection
   0        GigabitEthernet1/0/1        DESI  FORWARDING      ROOT
   0        GigabitEthernet1/0/2        DESI  FORWARDING      NONE
   1        GigabitEthernet1/0/1        DESI  FORWARDING      ROOT
   1        GigabitEthernet1/0/2        DESI  FORWARDING      NONE
   2        GigabitEthernet1/0/1        DESI  FORWARDING      ROOT
   2        GigabitEthernet1/0/2        ROOT  FORWARDING      NONE

In MSTI 1, GE1/0/2 and GE1/0/1 on SwitchA are designed ports because SwitchA is the root bridge. In MSTI 2, GE1/0/1 on SwitchA is the designed port and GE1/0/2 is the root port.

# Run the display stp brief command on SwitchB. The displayed information is as follows:

[SwitchB] display stp brief
 MSTID      Port                        Role  STP State       Protection
   0        GigabitEthernet1/0/1        DESI  FORWARDING      ROOT
   0        GigabitEthernet1/0/2        ROOT  FORWARDING      NONE
   1        GigabitEthernet1/0/1        DESI  FORWARDING      ROOT
   1        GigabitEthernet1/0/2        ROOT  FORWARDING      NONE
   2        GigabitEthernet1/0/1        DESI  FORWARDING      ROOT
   2        GigabitEthernet1/0/2        DESI  FORWARDING      NONE

In MSTI 2, GE1/0/1 and GE1/0/2 on SwitchB are designed ports because SwitchB is the root bridge. In MSTI 1, GE1/0/1 on SwitchB is the designed port and GE1/0/2 is the root port.

# Run the display stp interface brief command on SwitchC. The displayed information is as follows:

[SwitchC] display stp interface gigabitethernet 1/0/1 brief
 MSTID      Port                        Role  STP State       Protection
   0        GigabitEthernet1/0/1        ROOT  FORWARDING      NONE
   1        GigabitEthernet1/0/1        ROOT  FORWARDING      NONE
   2        GigabitEthernet1/0/1        ALTE  DISCARDING      NONE

[SwitchC] display stp interface gigabitethernet 1/0/4 brief
 MSTID      Port                        Role  STP State       Protection
   0        GigabitEthernet1/0/4        ALTE  DISCARDING      NONE
   1        GigabitEthernet1/0/4        ALTE  DISCARDING      NONE
   2        GigabitEthernet1/0/4        ROOT  FORWARDING      NONE

GE1/0/1 on SwitchC is the root port in MSTI 1 and is blocked in MSTI 2. GE1/0/4 on SwitchC is blocked in MSTI 1 and is the designated port in MSTI 2.

Configure devices to ensure network connectivity.

# Assign an IP address to each interface. SwitchA is used as an example. The configuration of SwitchB is similar to that of SwitchA, and is not mentioned here. For details, see the configuration files.

[SwitchA] vlan batch 4
[SwitchA] interface gigabitethernet 1/0/3
[SwitchA-GigabitEthernet1/0/3] port link-type trunk
[SwitchA-GigabitEthernet1/0/3] port trunk allow-pass vlan 4
[SwitchA-GigabitEthernet1/0/3] quit
[SwitchA] interface vlanif 2
[SwitchA-Vlanif2] ip address 10.1.2.102 24
[SwitchA-Vlanif2] quit
[SwitchA] interface vlanif 3
[SwitchA-Vlanif3] ip address 10.1.3.102 24
[SwitchA-Vlanif3] quit
[SwitchA] interface vlanif 4
[SwitchA-Vlanif4] ip address 10.1.4.102 24
[SwitchA-Vlanif4] quit

# Configure OSPF between SwitchA, SwitchB, and router. SwitchA is used as an example. The configuration of SwitchB is similar to that of SwitchA, and is not mentioned here. For details, see the configuration files.

[SwitchA] ospf 1
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] network 10.1.4.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit

Configure VRRP groups.

# Configure VRRP group 1 on SwitchA and SwitchB, set the priority of SwitchA to 120 and the preemption delay to 20s, and set the default priority for SwitchB.

[SwitchA] interface vlanif 2 
[SwitchA-Vlanif2] vrrp vrid 1 virtual-ip 10.1.2.100 //Create VRRP group 1 and set the virtual IP address to 10.1.2.100.
[SwitchA-Vlanif2] vrrp vrid 1 priority 120 //Set the priority of VRRP group 1 to 120.
[SwitchA-Vlanif2] vrrp vrid 1 preempt-mode timer delay 20 //Set the preemption delay of VRRP group 1 to 20s.
[SwitchA-Vlanif2] quit

[SwitchB] interface vlanif 2
[SwitchB-Vlanif2] vrrp vrid 1 virtual-ip 10.1.2.100 //Create VRRP group 1 and set the virtual IP address to 10.1.2.100.
[SwitchB-Vlanif2] quit

# Configure VRRP group 2 on SwitchA and SwitchB, set the priority of SwitchB to 120 and the preemption delay to 20s, and set the default priority for SwitchA.

[SwitchB] interface vlanif 3
[SwitchB-Vlanif3] vrrp vrid 2 virtual-ip 10.1.3.100 //Create VRRP group 2 and set the virtual IP address to 10.1.3.100.
[SwitchB-Vlanif3] vrrp vrid 2 priority 120 //Set the priority of VRRP group 2 to 120.
[SwitchB-Vlanif3] vrrp vrid 2 preempt-mode timer delay 20 //Set the preemption delay of VRRP group 2 to 20s.
[SwitchB-Vlanif3] quit

[SwitchA] interface vlanif 3
[SwitchA-Vlanif3] vrrp vrid 2 virtual-ip 10.1.3.100 //Create VRRP group 2 and set the virtual IP address to 10.1.3.100.
[SwitchA-Vlanif3] quit

# Set virtual IP address 10.1.2.100 of VRRP group 1 as the default gateway of HostA, and virtual IP address 10.1.3.100 of VRRP group 2 as the default gateway of HostB.

Verify the configuration.

# After the configuration is complete, run the display vrrp command on SwitchA. The following output shows that SwitchA is the master in VRRP group 1 and the backup in VRRP group 2.

[SwitchA] display vrrp
  Vlanif2 | Virtual Router 1
    State : Master
    Virtual IP : 10.1.2.100
    Master IP : 10.1.2.102
    PriorityRun : 120
    PriorityConfig : 120                                                        
    MasterPriority : 120                                                        
    Preempt : YES   Delay Time : 20 s                                           
    TimerRun : 1 s                                                              
    TimerConfig : 1 s                                                           
    Auth type : NONE                                                            
    Virtual MAC : 0000-5e00-0101                                                
    Check TTL : YES                                                             
    Config type : normal-vrrp                                                   
    Backup-forward : disabled
    Create time : 2012-05-11 11:39:18                                           
    Last change time : 2012-05-26 11:38:58

  Vlanif3 | Virtual Router 2
    State : Backup
    Virtual IP : 10.1.3.100
    Master IP : 10.1.3.103
    PriorityRun : 100
    PriorityConfig : 100                                                        
    MasterPriority : 120                                                        
    Preempt : YES   Delay Time : 0 s                                            
    TimerRun : 1 s                                                              
    TimerConfig : 1 s                                                           
    Auth type : NONE                                                            
    Virtual MAC : 0000-5e00-0102                                                
    Check TTL : YES                                                             
    Config type : normal-vrrp                                                   
    Backup-forward : disabled
    Create time : 2012-05-11 11:40:18                                           
    Last change time : 2012-05-26 11:48:58

# After the configuration is complete, run the display vrrp command on SwitchB. The following output shows that SwitchB is the backup in VRRP group 1 and the master in VRRP group 2.

[SwitchB] display vrrp
  Vlanif2 | Virtual Router 1
    State : Backup
    Virtual IP : 10.1.2.100
    Master IP : 10.1.2.102
    PriorityRun : 100
    PriorityConfig : 100                                                        
    MasterPriority : 120                                                        
    Preempt : YES   Delay Time : 0 s                                            
    TimerRun : 1 s                                                              
    TimerConfig : 1 s                                                           
    Auth type : NONE                                                            
    Virtual MAC : 0000-5e00-0101                                                
    Check TTL : YES                                                             
    Config type : normal-vrrp                                                   
    Backup-forward : disabled
    Create time : 2012-05-11 11:39:18                                           
    Last change time : 2012-05-26 11:38:58

  Vlanif3 | Virtual Router 2
    State : Master
    Virtual IP : 10.1.3.100
    Master IP : 10.1.3.103
    PriorityRun : 120
    PriorityConfig : 120                                                        
    MasterPriority : 120                                                        
    Preempt : YES   Delay Time : 20 s                                            
    TimerRun : 1 s                                                              
    TimerConfig : 1 s                                                           
    Auth type : NONE                                                            
    Virtual MAC : 0000-5e00-0102                                                
    Check TTL : YES                                                             
    Config type : normal-vrrp                                                   
    Backup-forward : disabled
    Create time : 2012-05-11 11:40:18                                           
    Last change time : 2012-05-26 11:48:58

Configuration Files

SwitchA configuration file

#
sysname SwitchA
#
vlan batch 2 to 4
#
stp instance 1 root primary
stp instance 2 root secondary
stp bpdu-protection
stp pathcost-standard legacy
#
stp region-configuration
 region-name RG1
 instance 1 vlan 2
 instance 2 vlan 3
 active region-configuration  
#
interface Vlanif2
 ip address 10.1.2.102 255.255.255.0
 vrrp vrid 1 virtual-ip 10.1.2.100
 vrrp vrid 1 priority 120
 vrrp vrid 1 preempt-mode timer delay 20
#
interface Vlanif3
 ip address 10.1.3.102 255.255.255.0
 vrrp vrid 2 virtual-ip 10.1.3.100
#
interface Vlanif4
 ip address 10.1.4.102 255.255.255.0
 #
interface GigabitEthernet1/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 3
 stp root-protection
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk allow-pass vlan 2 to 3
#
interface GigabitEthernet1/0/3
 port link-type trunk
 port trunk allow-pass vlan 4
 stp edged-port enable
#
ospf 1
 area 0.0.0.0
  network 10.1.2.0 0.0.0.255
  network 10.1.3.0 0.0.0.255
  network 10.1.4.0 0.0.0.255
#
return

SwitchB configuration file

#
sysname SwitchB
#
vlan batch 2 to 3 5
#
stp instance 1 root secondary
stp instance 2 root primary
stp bpdu-protection
stp pathcost-standard legacy
#
stp region-configuration
 region-name RG1
 instance 1 vlan 2
 instance 2 vlan 3
 active region-configuration  
#
interface Vlanif2
 ip address 10.1.2.103 255.255.255.0
 vrrp vrid 1 virtual-ip 10.1.2.100
#
interface Vlanif3
 ip address 10.1.3.103 255.255.255.0
 vrrp vrid 2 virtual-ip 10.1.3.100
 vrrp vrid 2 priority 120
 vrrp vrid 2 preempt-mode timer delay 20
#
interface Vlanif5
 ip address 10.1.5.103 255.255.255.0
#
interface GigabitEthernet1/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 3
 stp root-protection
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk allow-pass vlan 2 to 3
#
interface GigabitEthernet1/0/3
 port link-type trunk
 port trunk allow-pass vlan 5
 stp edged-port enable
#
ospf 1
 area 0.0.0.0
  network 10.1.2.0 0.0.0.255
  network 10.1.3.0 0.0.0.255
  network 10.1.5.0 0.0.0.255
#
return

SwitchC configuration file

#
sysname SwitchC
#
vlan batch 2 to 3
#
stp bpdu-protection
stp pathcost-standard legacy
#
stp region-configuration
 region-name RG1
 instance 1 vlan 2
 instance 2 vlan 3
 active region-configuration  
#
interface GigabitEthernet1/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 3
 stp instance 2 cost 20000
#
interface GigabitEthernet1/0/2
 port link-type access
 port default vlan 2
 stp edged-port enable
#
interface GigabitEthernet1/0/3
 port link-type access
 port default vlan 3
 stp edged-port enable
#
interface GigabitEthernet1/0/4
 port link-type trunk
 port trunk allow-pass vlan 2 to 3
 stp instance 1 cost 20000
#
return

Example for Configuring a Single RRPP Ring with a Single Instance

Overview

In most situations, the ring network topology is applied to MANs and enterprise networks to improve network reliability. When a fault occurs on a node or on a link between nodes, data services are switched to the standby link to ensure service continuity. However, broadcast storms may occur on a ring network.

Many protocols can prevent broadcast storms on ring networks. However, if a fault occurs on a ring network, it takes time for the devices to switch data services to the standby link. If the convergence time is too long, services are interrupted.

To shorten the convergence time and eliminate the impact of network scale on convergence time, Huawei developed the Rapid Ring Protection Protocol (RRPP). Compared with other Ethernet ring technologies, RRPP has the following advantages:

RRPP is suitable for networks composed of many network nodes because the number of nodes does not affect convergence time.
RRPP prevents broadcast storms caused by data loops when an Ethernet ring is complete.
When a link on an Ethernet ring network fails, the standby link can rapidly restore the communication among the Ethernet ring network nodes.

Configuration Notes

STP and Smart Link must be disabled on the interface added to an RRPP domain.
DHCP and MAC address limiting rules cannot be configured in an RRPP control VLAN.
When the mapping between the protected instance and MUX VLAN needs to be configured, you are advised to configure the principal VLAN, subordinate group VLAN, and subordinate separate VLAN in the MUX VLAN in the protected instance. Otherwise, loops may occur.
This example applies to all versions of all S series switches.

Networking Requirements

In Figure 3-96, SwitchA, SwitchB, and SwitchC constitute a ring network. The network is required to prevent loops when the ring is complete and to implement fast convergence to rapidly restore communication between nodes in the ring when the ring fails. You can enable RRPP on SwitchA, SwitchB, and SwitchC to meet this requirement.

Figure 3-96 Networking of a single RRPP ring

Configuration Roadmap

The configuration roadmap is as follows:

Create an RRPP domain and its control VLAN.
Map VLANs from which data needs to pass through in the RRPP ring to instance 1, including data VLANs 100 to 300 and control VLANs 20 and 21 (VLAN 21 is the sub-control VLAN generated by the device).
Configure interfaces to be added to the RRPP domain on the devices so that data can pass through the interfaces. Disable protocols that conflict with RRPP, such as STP.
In the RRPP domain, configure a protected VLAN, create an RRPP ring and configure SwitchA, SwitchB, and SwitchC as nodes in ring 1 in domain 1. Configure SwitchA as the master node in ring 1 and configure SwitchB and SwitchC as transit nodes in ring 1.
Enable the RRPP ring and RRPP on devices.

Procedure

Create an RRPP domain and its control VLAN.

# Configure SwitchA. The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and are not mentioned here. For details, see the configuration files.

<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] rrpp domain 1
[SwitchA-rrpp-domain-region1] control-vlan 20    //Each RRPP domain has a major control VLAN and a sub-control VLAN. You only need to specify the major control VLAN. The system uses the VLAN whose ID is one greater than the ID of the major control VLAN as the sub-control VLAN.
[SwitchA-rrpp-domain-region1] quit

Map instance 1 to control VLANs 20 and 21 and data VLANs 100 to 300.

# Configure SwitchA. The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and are not mentioned here. For details, see the configuration files.

[SwitchA] vlan batch 100 to 300
[SwitchA] stp region-configuration
[SwitchA-mst-region] instance 1 vlan 20 21 100 to 300  //Add the major control VLAN, sub-control VLAN, and data VLANs to instance 1.
[SwitchA-mst-region] active region-configuration
[SwitchA-mst-region] quit

Configure the interfaces to be added to the RRPP ring as trunk interfaces, configure the interfaces to allow VLANs 100 to 300 to pass through, and disable STP on the interfaces.

# Configure SwitchA. The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and are not mentioned here. For details, see the configuration files.

[SwitchA] interface gigabitethernet 2/0/1
[SwitchA-GigabitEthernet2/0/1] port link-type trunk
[SwitchA-GigabitEthernet2/0/1] undo port trunk allow-pass vlan 1
[SwitchA-GigabitEthernet2/0/1] port trunk allow-pass vlan 100 to 300  
[SwitchA-GigabitEthernet2/0/1] stp disable
[SwitchA-GigabitEthernet2/0/1] quit
[SwitchA] interface gigabitethernet 2/0/2
[SwitchA-GigabitEthernet2/0/2] port link-type trunk
[SwitchA-GigabitEthernet2/0/2] undo port trunk allow-pass vlan 1
[SwitchA-GigabitEthernet2/0/2] port trunk allow-pass vlan 100 to 300 
[SwitchA-GigabitEthernet2/0/2] stp disable
[SwitchA-GigabitEthernet2/0/2] quit

Specify a protected VLAN, and create and enable an RRPP ring.

# Configure SwitchA.

[SwitchA] rrpp domain 1
[SwitchA-rrpp-domain-region1] protected-vlan reference-instance 1  //Configure instance 1 as the protected instance of the RRPP domain.
[SwitchA-rrpp-domain-region1] ring 1 node-mode master primary-port gigabitethernet 2/0/1 secondary-port gigabitethernet 2/0/2 level 0
[SwitchA-rrpp-domain-region1] ring 1 enable
[SwitchA-rrpp-domain-region1] quit

# Configure SwitchB.

[SwitchB] rrpp domain 1
[SwitchB-rrpp-domain-region1] protected-vlan reference-instance 1
[SwitchB-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet 2/0/1 secondary-port gigabitethernet 2/0/2 level 0
[SwitchB-rrpp-domain-region1] ring 1 enable
[SwitchB-rrpp-domain-region1] quit

# Configure SwitchC.

[SwitchC] rrpp domain 1
[SwitchC-rrpp-domain-region1] protected-vlan reference-instance 1
[SwitchC-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet 2/0/1 secondary-port gigabitethernet 2/0/2 level 0
[SwitchC-rrpp-domain-region1] ring 1 enable
[SwitchC-rrpp-domain-region1] quit

Enable RRPP.
# Configure SwitchA. The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and are not mentioned here. For details, see the configuration files.
```
[SwitchA] rrpp enable
```

Verify the configuration.

After the configuration is complete and the network topology becomes stable, perform the following operations to verify the configuration. The display on SwitchA is used as an example.

# Run the display rrpp brief command on SwitchA. The following information is displayed:

[SwitchA] display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge

RRPP Protocol Status:  Enable
RRPP Working Mode: HW
RRPP Linkup Delay Timer: 0 sec (0 sec default)
Number of RRPP Domains: 1

Domain Index  : 1
Control VLAN  : major 20    sub 21
Protected VLAN : Reference Instance 1
Hello Timer   : 1 sec(default is 1 sec)  Fail Timer : 6 sec(default is 6 sec)

 Ring   Ring    Node     Primary/Common           Secondary/Edge          Is
 ID     Level   Mode     Port                     Port                    Enabled
 ----------------------------------------------------------------------------
 1      0       M        GigabitEthernet2/0/1     GigabitEthernet2/0/2    Yes

According to the preceding information, RRPP is enabled on SwitchA. The major control VLAN of RRPP domain 1 is VLAN 20 and the sub-control VLAN is VLAN 21. SwitchA is the master node in ring 1. The primary interface is GigabitEthernet2/0/1 and the secondary interface is GigabitEthernet2/0/2.

# Run the display rrpp verbose domain command on SwitchA. The following information is displayed:

[SwitchA] display rrpp verbose domain 1
Domain Index   : 1
Control VLAN   : major 20    sub 21
Protected VLAN : Reference Instance 1
Hello Timer    : 1 sec(default is 1 sec)  Fail Timer : 6 sec(default is 6 sec) 

RRPP Ring      : 1
Ring Level     : 0
Node Mode      : Master
Ring State     : Complete
Is Enabled     : Enable                       Is Active: Yes
Primary port   : GigabitEthernet2/0/1         Port status: UP
Secondary port : GigabitEthernet2/0/2         Port status: BLOCKED

The command output shows that the RRPP ring is complete.

Configuration Files

SwitchA configuration file

#
sysname SwitchA
#
vlan batch 20 to 21 100 to 300
#
rrpp enable
#
stp region-configuration
 instance 1 vlan 20 to 21 100 to 300
 active region-configuration
#
rrpp domain 1
 control-vlan 20
 protected-vlan reference-instance 1
 ring 1 node-mode master primary-port GigabitEthernet2/0/1 secondary-port GigabitEthernet2/0/2 level 0
 ring 1 enable
#
interface GigabitEthernet2/0/1
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 20 to 21 100 to 300 
 stp disable
#
interface GigabitEthernet2/0/2
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 20 to 21 100 to 300 
 stp disable
#
return

SwitchB configuration file

#
sysname SwitchB
#
vlan batch 20 to 21 100 to 300
#
rrpp enable
#
stp region-configuration
 instance 1 vlan 20 to 21 100 to 300
 active region-configuration
#
rrpp domain 1
 control-vlan 20
 protected-vlan reference-instance 1
 ring 1 node-mode transit primary-port GigabitEthernet2/0/1 secondary-port GigabitEthernet2/0/2 level 0
 ring 1 enable
#
interface GigabitEthernet2/0/1
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 20 to 21 100 to 300 
 stp disable
#
interface GigabitEthernet2/0/2
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 20 to 21 100 to 300 
 stp disable
#
return

SwitchC configuration file

#
sysname SwitchC
#
vlan batch 20 to 21 100 to 300
#
rrpp enable
#
stp region-configuration
 instance 1 vlan 20 to 21 100 to 300
 active region-configuration
#
rrpp domain 1
 control-vlan 20
 protected-vlan reference-instance 1
 ring 1 node-mode transit primary-port GigabitEthernet2/0/1 secondary-port GigabitEthernet2/0/2 level 0
 ring 1 enable
#
interface GigabitEthernet2/0/1
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 20 to 21 100 to 300 
 stp disable
#
interface GigabitEthernet2/0/2
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 20 to 21 100 to 300 
 stp disable
#
return

Relevant Information

Video

Configure RRPP

Example for Configuring Tangent RRPP Rings

Overview

Generally, a metro Ethernet network uses two-layer rings:

One layer is the aggregation layer between aggregation devices PE-AGGs, for example, RRPP domain 1 in Figure 3-97.
The other layer is the access layer between PE-AGGs and UPEs, for example, RRPP domain 2 and RRPP domain 3 in Figure 3-97.

In Figure 3-97, intersecting RRPP rings can be used. RRPP rings are configured at aggregation and access layers, and the two layers are connected through tangent RRPP rings.

Figure 3-97 Tangent RRPP rings

Two tangent rings cannot belong to the same RRPP domain. The tangent point of the two tangent rings belongs to two RRPP domains, and the major node can be located in the tangent point.

When there are multiple tangent RRPP rings, a fault on a ring does not affect other domains and the convergence process of RRPP rings in a domain is the same as that of a single ring.

Configuration Notes

STP and Smart Link must be disabled on the interface added to an RRPP domain.
DHCP and MAC address limiting rules cannot be configured in an RRPP control VLAN.
When the mapping between the protected instance and MUX VLAN needs to be configured, you are advised to configure the principal VLAN, subordinate group VLAN, and subordinate separate VLAN in the MUX VLAN in the protected instance. Otherwise, loops may occur.
This example applies to all versions of all S series switches.

Networking Requirements

In Figure 3-97, the network is required to prevent loops when the ring is complete and to implement fast convergence to rapidly restore communication between nodes in the ring when the ring fails. RRPP can meet this requirement. RRPP supports multiple rings. You can configure RRPP rings at the aggregation and access layers. The two rings are tangent, simplifying the network configuration.

SwitchA, SwitchB, SwitchC, SwitchD, and SwitchE in Figure 3-98 correspond to UPE1, UPE2, PE-AGG3, PE-AGG2, and PE-AGG1 in Figure 3-97, respectively. Figure 3-98 is used as an example to describe how to configure tangent RRPP rings with a single instance.

Figure 3-98 Networking of tangent RRPP rings

Configuration Roadmap

The configuration roadmap is as follows:

Map the VLANs that need to pass through ring 1 to instance 1, including data VLANs and control VLANs, which are used for configuring protected VLANs.

Map the VLANs that need to pass through ring 2 to instance 2, including data VLANs and control VLANs, which are used for configuring protected VLANs.
Create RRPP domains, control VLANs and configure protected VLANs for configuring RRPP rings.
Configure interfaces to be added to the RRPP domain on the devices so that data can pass through the interfaces. Disable protocols that conflict with RRPP, such as STP.
Create RRPP rings in RRPP domains.
1. Configure SwitchA, SwitchB, and SwitchC to be in ring 2 of RRPP domain 2.
2. Configure SwitchC, SwitchD, and SwitchE to be in ring 1 of RRPP domain 1.
3. Configure SwitchA as the master node in ring 2, and configure SwitchB and SwitchC as transit nodes in ring 2.
4. Configure SwitchE as the master node in ring 1, and configure SwitchC and SwitchD as transit nodes in ring 1.
Enable the RRPP ring and RRPP on devices.

Procedure

Configure instance 2 and map it to the data VLANs and control VLANs allowed by the RRPP interface.
# Configure SwitchA. The configurations of SwitchB, SwitchC, SwitchD, and SwitchE are similar to the configuration of SwitchA, and are not mentioned here. For details, see the configuration files.
```
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] stp region-configuration
[SwitchA-mst-region] instance 2 vlan 20 to 21  ///Add the major control VLAN and sub-control VLAN to instance 1.
[SwitchA-mst-region] active region-configuration
[SwitchA-mst-region] quit
```

Create RRPP domains and configure control VLANs and protected VLANs of the RRPP domains.

# Configure SwitchE. The configurations of SwitchA, SwitchB, SwitchC, and SwitchD are similar to the configuration of SwitchE, and are not mentioned here. For details, see the configuration files.

[SwitchE] rrpp domain 1
[SwitchE-rrpp-domain-region1] control-vlan 10  //Each RRPP domain has a major control VLAN and a sub-control VLAN. You only need to specify the major control VLAN. The system uses the VLAN whose ID is one greater than the ID of the major control VLAN as the sub-control VLAN.
[SwitchE-rrpp-domain-region1] protected-vlan reference-instance 1   //Configure instance 1 as the protected instance of the RRPP domain.
[SwitchE-rrpp-domain-region1] quit

Configure the interfaces to be added to RRPP rings as trunk interfaces and disable STP on the interfaces.

# Configure SwitchA. The configurations of SwitchB, SwitchC, SwitchD, and SwitchE are similar to the configuration of SwitchA, and are not mentioned here. For details, see the configuration files.

[SwitchA] interface gigabitethernet 2/0/1
[SwitchA-GigabitEthernet2/0/1] port link-type trunk
[SwitchA-GigabitEthernet2/0/1] undo port trunk allow-pass vlan 1
[SwitchA-GigabitEthernet2/0/1] stp disable
[SwitchA-GigabitEthernet2/0/1] quit
[SwitchA] interface gigabitethernet 2/0/2
[SwitchA-GigabitEthernet2/0/2] port link-type trunk
[SwitchA-GigabitEthernet2/0/2] undo port trunk allow-pass vlan 1
[SwitchA-GigabitEthernet2/0/2] stp disable
[SwitchA-GigabitEthernet2/0/2] quit

Create and enable the RRPP ring.

Configure nodes in ring 2.

# Configure SwitchA as the master node in ring 2 and specify the primary and secondary interfaces.

[SwitchA] rrpp domain 2
[SwitchA-rrpp-domain-region2] ring 2 node-mode master primary-port gigabitethernet 2/0/1 secondary-port gigabitethernet 2/0/2 level 0
[SwitchA-rrpp-domain-region2] ring 2 enable
[SwitchA-rrpp-domain-region2] quit

# Configure SwitchB as a transit node in ring 2 (major ring) and specify the primary and secondary interfaces.

[SwitchB] rrpp domain 2
[SwitchB-rrpp-domain-region2] ring 2 node-mode transit primary-port gigabitethernet 2/0/1 secondary-port gigabitethernet 2/0/2 level 0
[SwitchB-rrpp-domain-region2] ring 2 enable
[SwitchB-rrpp-domain-region2] quit

# Configure SwitchC as a transit node in ring 2 and specify the primary and secondary interfaces.

[SwitchC] rrpp domain 2
[SwitchC-rrpp-domain-region2] ring 2 node-mode transit primary-port gigabitethernet 2/0/1 secondary-port gigabitethernet 2/0/2 level 0
[SwitchC-rrpp-domain-region2] ring 2 enable
[SwitchC-rrpp-domain-region2] quit

Configure nodes in ring 1.

# Configure SwitchE as the master node in ring 1 (major ring) and specify the primary and secondary interfaces.

[SwitchE] rrpp domain 1
[SwitchE-rrpp-domain-region1] ring 1 node-mode master primary-port gigabitethernet 1/0/1 secondary-port gigabitethernet 1/0/2 level 0
[SwitchE-rrpp-domain-region1] ring 1 enable
[SwitchE-rrpp-domain-region1] quit

# Configure SwitchC as a transit node in ring 1 and specify the primary and secondary interfaces.

[SwitchC] rrpp domain 1
[SwitchC-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet 1/0/1 secondary-port gigabitethernet 1/0/2 level 0
[SwitchC-rrpp-domain-region1] ring 1 enable
[SwitchC-rrpp-domain-region1] quit

# Configure SwitchD as a transit node in ring 1 and specify the primary and secondary interfaces.

[SwitchD] rrpp domain 1
[SwitchD-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet 1/0/1 secondary-port gigabitethernet 1/0/2 level 0
[SwitchD-rrpp-domain-region1] ring 1 enable
[SwitchD-rrpp-domain-region1] quit

Enable RRPP.
# Configure SwitchA. The configurations of SwitchB, SwitchC, SwitchD, and SwitchE are similar to the configuration of SwitchA, and are not mentioned here. For details, see the configuration files.
```
[SwitchA] rrpp enable
```

Verify the configuration.

After the configuration is complete and the network topology becomes stable, perform the following operations to verify the configuration. The tangent point SwitchC is used as an example.

# Run the display rrpp brief command on SwitchC. The following information is displayed:

[SwitchC] display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge

RRPP Protocol Status:  Enable
RRPP Working Mode: HW
RRPP Linkup Delay Timer: 0 sec (0 sec default)
Number of RRPP Domains: 2

Domain Index   : 1
Control VLAN   : major 10    sub 11
Protected VLAN : Reference Instance 1
Hello Timer    : 1 sec(default is 1 sec)  Fail Timer : 6 sec(default is 6 sec)
 Ring   Ring    Node     Primary/Common           Secondary/Edge          Is
 ID     Level   Mode     Port                     Port                    Enabled
 ----------------------------------------------------------------------------
 1      0       T        GigabitEthernet1/0/1     GigabitEthernet1/0/2    Yes

Domain Index   : 2
Control VLAN   : major 20    sub 21
Protected VLAN : Reference Instance 2
Hello Timer    : 1 sec(default is 1 sec)  Fail Timer : 6 sec(default is 6 sec)
 Ring   Ring    Node     Primary/Common           Secondary/Edge          Is
 ID     Level   Mode     Port                     Port                    Enabled
 ----------------------------------------------------------------------------
 2      0       T        GigabitEthernet2/0/1     GigabitEthernet2/0/2    Yes

According to the preceding information, RRPP is enabled on SwitchC. The major control VLAN of RRPP domain 1 is VLAN 10 and the sub-control VLAN is VLAN 11. SwitchC is a transit node in ring 1. The primary interface is GigabitEthernet1/0/1 and the secondary interface is GigabitEthernet1/0/2.

The major control VLAN of SwitchC in RRPP domain 2 is VLAN 20 and the sub-control VLAN is VLAN 21. SwitchC is a transit node in ring 2. The primary interface is GigabitEthernet2/0/1 and the secondary interface is GigabitEthernet2/0/2.

On SwitchC, run the display rrpp verbose domain command. The following information is displayed.

# Check detailed information about RRPP domain 1 on SwitchC.

[SwitchC] display rrpp verbose domain 1
Domain Index  : 1
Control VLAN   : major 10    sub 11
Protected VLAN : Reference Instance 1 
Hello Timer    : 1 sec(default is 1 sec)  Fail Timer : 6 sec(default is 6 sec) 

RRPP Ring      : 1
Ring Level     : 0
Node Mode      : Transit
Ring State     : LinkUp
Is Enabled     : Enable                       Is Active: Yes
Primary port   : GigabitEthernet1/0/1         Port status: UP
Secondary port : GigabitEthernet1/0/2         Port status: UP

# Check detailed information about RRPP domain 2 on SwitchC.

[SwitchC] display rrpp verbose domain 2
Domain Index   : 2
Control VLAN   : major 20    sub 21
Protected VLAN : Reference Instance 2 
Hello Timer    : 1 sec(default is 1 sec)  Fail Timer : 6 sec(default is 6 sec) 

RRPP Ring      : 2
Ring Level     : 0
Node Mode      : Transit
Ring State     : LinkUp
Is Enabled     : Enable                       Is Active: Yes
Primary port   : GigabitEthernet2/0/1         Port status: UP
Secondary port : GigabitEthernet2/0/2         Port status: UP

Configuration Files

SwitchA configuration file

#
sysname SwitchA
#
vlan batch 20 to 21
#
rrpp enable
#
stp region-configuration
 instance 2 vlan 20 to 21
 active region-configuration
#
rrpp domain 2
 control-vlan 20
 protected-vlan reference-instance 2
 ring 2 node-mode master primary-port GigabitEthernet2/0/1 secondary-port GigabitEthernet2/0/2 level 0
 ring 2 enable
#
interface GigabitEthernet2/0/1
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 20 to 21
 stp disable
#
interface GigabitEthernet2/0/2
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 20 to 21
 stp disable
#
return

SwitchB configuration file

#
sysname SwitchB
#
vlan batch 20 to 21
#
rrpp enable
#
stp region-configuration
 instance 2 vlan 20 to 21
 active region-configuration
#
rrpp domain 2
 control-vlan 20
 protected-vlan reference-instance 2
 ring 2 node-mode transit primary-port GigabitEthernet2/0/1 secondary-port GigabitEthernet2/0/2 level 0
 ring 2 enable
#
interface GigabitEthernet2/0/1
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 20 to 21
 stp disable
#
interface GigabitEthernet2/0/2
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 20 to 21
 stp disable
#
return

SwitchC configuration file

#
sysname SwitchC
#
vlan batch 10 to 11 20 to 21
#
rrpp enable
#
stp region-configuration
 instance 1 vlan 10 to 11
 instance 2 vlan 20 to 21
 active region-configuration
#
rrpp domain 1
 control-vlan 10
 protected-vlan reference-instance 1
 ring 1 node-mode transit primary-port GigabitEthernet1/0/1 secondary-port GigabitEthernet1/0/2 level 0
 ring 1 enable
rrpp domain 2
 control-vlan 20
 protected-vlan reference-instance 2
 ring 2 node-mode transit primary-port GigabitEthernet2/0/1 secondary-port GigabitEthernet2/0/2 level 0
 ring 2 enable
#
interface GigabitEthernet1/0/1
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 10 to 11
 stp disable
#
interface GigabitEthernet1/0/2
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 10 to 11
 stp disable
#
interface GigabitEthernet2/0/1
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 20 to 21
 stp disable
#
interface GigabitEthernet2/0/2
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 20 to 21
 stp disable
#
return

SwitchD configuration file

#
sysname SwitchD
#
vlan batch 10 to 11
#
rrpp enable
#
stp region-configuration
 instance 1 vlan 10 to 11
 active region-configuration
#
rrpp domain 1
 control-vlan 10
 protected-vlan reference-instance 1
 ring 1 node-mode transit primary-port GigabitEthernet1/0/1 secondary-port GigabitEthernet1/0/2 level 0
 ring 1 enable
#
interface GigabitEthernet1/0/1
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 10 to 11
 stp disable
#
interface GigabitEthernet1/0/2
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 10 to 11
 stp disable
#
return

SwitchE configuration file

#
sysname SwitchE
#
vlan batch 10 to 11
#
rrpp enable
#
stp region-configuration
 instance 1 vlan 10 to 11
 active region-configuration
#
rrpp domain 1
 control-vlan 10
 protected-vlan reference-instance 1
 ring 1 node-mode master primary-port GigabitEthernet1/0/1 secondary-port GigabitEthernet1/0/2 level 0
 ring 1 enable
#
interface GigabitEthernet1/0/1
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 10 to 11
 stp disable
#
interface GigabitEthernet1/0/2
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 10 to 11
 stp disable
#
return

Relevant Information

Video

Configure RRPP

Example for Configuring RRPP Snooping on a VPLS Network

Overview

RRPP snooping notifies a VPLS network of changes in an RRPP ring. After RRPP snooping is enabled on sub-interfaces or VLANIF interfaces, the VPLS network can transparently transmit RRPP packets, detect changes in the RRPP ring, and update forwarding entries. This ensures that traffic can be rapidly switched to a non-blocking path.

In Figure 3-99, UPEs constitute an RRPP ring and connect to the VPLS network where NPEs are located. NPEs are connected through a PW, so they cannot serve as RRPP nodes to respond to RRPP packets. As a result, the VPLS network cannot detect changes to the RRPP ring status. When the RRPP ring topology changes, each node on the VPLS network forwards downstream data according to the MAC address table generated before the RRPP ring topology changes. Consequently, the downstream traffic cannot be forwarded

Figure 3-99 Networking for configuring RRPP snooping on a VPLS network

You can enable RRPP snooping on the sub-interface or VLANIF interface of NPED and associate the interface with VSIs on the local device. When the RRPP ring is faulty, NPED on the VPLS network deletes forwarding entries of VSIs (including the associated VSIs) on the local node and forwarding entries of NPEB to re-learn forwarding entries. This ensures that traffic can be switched to a normal path and downstream traffic can be properly forwarded.

Configuration Notes

RRPP and RRPP snooping cannot be configured on the same interface.
SA series cards and XGE interfaces connected to ET1D2IPS0S00, ET1D2FW00S00, ET1D2FW00S01, ET1D2FW00S02, and ACU2 cards do not support RRPP snooping. In earlier versions of V200R007C00, X1E series cards do not support RRPP snooping.
This example applies to the following products:
- S5700-HI, S5710-EI, S5720-EI, S5710-HI, S5720-HI, S5730-HI, S5731-H, S5731S-H, S5731-S, S5731S-S, S5732-H
- S6700-EI, S6720-EI, S6720S-EI, S6720-HI, S6730S-S, S6730-H, S6730S-H
- S7703, S7706, S7712, S7703 PoE, S7706 PoE
- S9703, S9706, S9712
For the product models whose applicable versions are not listed above, see Table 3-1 in "Applicable Products and Versions" for details.

To view detailed information about software mappings, visit Info-Finder, select a product series or product model, and click Hardware Center.

Relevant Information

Video

Configure RRPP

Networking Requirements

In Figure 3-100, SwitchA, SwitchB, SwitchC, and SwitchD constitute an RRPP ring. The network is required to prevent loops when the ring is complete and to implement fast convergence to rapidly restore communication between nodes in the ring when the ring fails. The VPLS network can transparently transmit RRPP packets, detect RRPP ring status changes, and update forwarding entries so that traffic can be rapidly switched to a normal path according to the ring status.

Figure 3-100 Networking of RRPP snooping

Configuration Roadmap

The configuration roadmap is as follows:

Configure a VPLS network.
Configure an RRPP ring to prevent loops and implement fast convergence when a device fails.
Enable RRPP snooping so that the VPLS network can transparently transmit RRPP packets and detect RRPP ring status change.
Associate interfaces with VSIs so that SwitchC and SwitchD on the VPLS network can delete the MAC address tables of their VSIs when a fault occurs on the RRPP ring network.

VLAN termination sub-interfaces can be created on a non-VCMP client.

Procedure

Configure VPLS. SwitchC is used as an example. The configuration of SwitchD is similar to the configuration of SwitchC, and is not mentioned here. For details, see the configuration files.

This example provides only configurations of sub-interfaces on SwitchC and SwitchD connected to the RRPP ring. The configurations of devices on the VPLS network are not mentioned.

# Configure GE2/0/0.10 on SwitchC to allow the packets of VLAN 10 to pass through and bind GE2/0/0.10 to VSI 10.

<HUAWEI> system-view
[HUAWEI] sysname SwitchC
[SwitchC] interface gigabitethernet 2/0/0
[SwitchC-GigabitEthernet2/0/0] undo portswitch
[SwitchC-GigabitEthernet2/0/0] quit
[SwitchC] interface gigabitethernet 2/0/0.10
[SwitchC-GigabitEthernet2/0/0.10] dot1q termination vid 10
[SwitchC-GigabitEthernet2/0/0.10] l2 binding vsi VSI10  //Bind a VSI to the sub-interface.
[SwitchC-GigabitEthernet2/0/0.10] quit

# Configure GE2/0/0.20 on SwitchC to allow packets of VLAN 20 (control VLAN of RRPP) to pass through and bind GE2/0/0.20 to VSI 20.

[SwitchC] interface gigabitethernet 2/0/0.20
[SwitchC-GigabitEthernet2/0/0.20] dot1q termination vid 20
[SwitchC-GigabitEthernet2/0/0.20] l2 binding vsi VSI20
[SwitchC-GigabitEthernet2/0/0.20] quit

Create an RRPP domain and its control VLAN.

# Create VLAN 10 on SwitchA.

<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 10
[SwitchA] stp region-configuration
[SwitchA-mst-region] instance 1 vlan 10 20 21  //Add the major control VLAN, sub-control VLAN, and data VLAN to instance 1.
[SwitchA-mst-region] active region-configuration
[SwitchA-mst-region] quit

# Configure SwitchA (master node in ring 1) in RRPP domain 1 and VLAN 20 as the control VLAN.

[SwitchA] rrpp domain 1
[SwitchA-rrpp-domain-region1] protected-vlan reference-instance 1  //Configure instance 1 as the protected instance of the RRPP domain.
[SwitchA-rrpp-domain-region1] control-vlan 20                      //Each RRPP domain has a major control VLAN and a sub-control VLAN. You only need to specify the major control VLAN. The system uses the VLAN whose ID is one greater than the ID of the major control VLAN as the sub-control VLAN.
[SwitchA-rrpp-domain-region1] quit

# Create VLAN 10 on SwitchB.

<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] vlan batch 10
[SwitchB] stp region-configuration
[SwitchB-mst-region] instance 1 vlan 10 20 21
[SwitchB-mst-region] active region-configuration
[SwitchB-mst-region] quit

# Configure SwitchB (transit node in ring 1) in RRPP domain 1 and VLAN 20 as the control VLAN.

[SwitchB] rrpp domain 1
[SwitchB-rrpp-domain-region1] protected-vlan reference-instance 1
[SwitchB-rrpp-domain-region1] control-vlan 20
[SwitchB-rrpp-domain-region1] quit

Disable STP on the interfaces to be added to the RRPP ring.

# Disable STP on the interfaces to be added to the RRPP ring on SwitchA.

[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] port link-type trunk
[SwitchA-GigabitEthernet1/0/1] port trunk allow-pass vlan 10
[SwitchA-GigabitEthernet1/0/1] stp disable
[SwitchA-GigabitEthernet1/0/1] quit
[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] port link-type trunk
[SwitchA-GigabitEthernet1/0/2] port trunk allow-pass vlan 10
[SwitchA-GigabitEthernet1/0/2] stp disable
[SwitchA-GigabitEthernet1/0/2] quit

# Disable STP on the interfaces to be added to the RRPP ring on SwitchB.

[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] port link-type trunk
[SwitchB-GigabitEthernet1/0/1] port trunk allow-pass vlan 10
[SwitchB-GigabitEthernet1/0/1] stp disable
[SwitchB-GigabitEthernet1/0/1] quit
[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] port link-type trunk
[SwitchB-GigabitEthernet1/0/2] port trunk allow-pass vlan 10
[SwitchB-GigabitEthernet1/0/2] stp disable
[SwitchB-GigabitEthernet1/0/2] quit

Create an RRPP ring.

# Configure SwitchA as the master node in ring 1 and specify the primary and secondary interfaces.

[SwitchA] rrpp domain 1
[SwitchA-rrpp-domain-region1] ring 1 node-mode master primary-port gigabitethernet 1/0/1 secondary-port gigabitethernet 1/0/2 level 0
[SwitchA-rrpp-domain-region1] ring 1 enable
[SwitchA-rrpp-domain-region1] quit

# Configure SwitchB as a transit node in ring 1 (major ring) and specify the primary and secondary interfaces.

[SwitchB] rrpp domain 1
[SwitchB-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet 1/0/1 secondary-port gigabitethernet 1/0/2 level 0
[SwitchB-rrpp-domain-region1] ring 1 enable
[SwitchB-rrpp-domain-region1] quit

Enable RRPP.
# Enable RRPP on SwitchA.
```
[SwitchA] rrpp enable
```
# Enable RRPP on SwitchB.
```
[SwitchB] rrpp enable
```

Configure RRPP snooping.

# Enable RRPP snooping on GE2/0/0.20 of SwitchC.

[SwitchC] interface gigabitethernet 2/0/0.20
[SwitchC-GigabitEthernet2/0/0.20] rrpp snooping enable

# Enable RRPP snooping on GE2/0/0.20 of SwitchD.

[SwitchD] interface gigabitethernet 2/0/0.20
[SwitchD-GigabitEthernet2/0/0.20] rrpp snooping enable

Configure association between interfaces and VSIs.

# Associate VSI 10 with GE2/0/0.20 on SwitchC.

[SwitchC-GigabitEthernet2/0/0.20] rrpp snooping vsi VSI10
[SwitchC-GigabitEthernet2/0/0.20] quit

# Associate VSI 10 with GE2/0/0.20 on SwitchD.

[SwitchD-GigabitEthernet2/0/0.20] rrpp snooping vsi VSI10
[SwitchD-GigabitEthernet2/0/0.20] quit

Verify the configuration.

After the configuration is complete and the network topology becomes stable, perform the following operations to verify the configuration. SwitchA is used as an example.

Run the display rrpp brief command on SwitchA. The following information is displayed:

[SwitchA] display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge

RRPP Protocol Status: Enable
RRPP Working Mode: HW
RRPP Linkup Delay Timer: 0 sec (0 sec default)
Number of RRPP Domains: 1

Domain Index   : 1
Control VLAN   : major 20    sub 21
Protected VLAN : Reference Instance 1
Hello Timer    : 1 sec(default is 1 sec)  Fail Timer : 6 sec(default is 6 sec)

 Ring   Ring    Node     Primary/Common        Secondary/Edge        Is
 ID     Level   Mode     Port                  Port                  Enabled
 ----------------------------------------------------------------------------
 1      0       M        GigabitEthernet1/0/1  GigabitEthernet1/0/2  Yes

Run the display rrpp verbose domain command on SwitchA. The following information is displayed.

# Check detailed information about RRPP domain 1 on SwitchA.

[SwitchA] display rrpp verbose domain 1
Domain Index   : 1
Control VLAN   : major 20    sub 21
Protected VLAN : Reference Instance 1
Hello Timer    : 1 sec(default is 1 sec)  Fail Timer : 6 sec(default is 6 sec) 

RRPP Ring      : 1
Ring Level     : 0
Node Mode      : Master
Ring State     : Complete
Is Enabled     : Enable                       Is Active : Yes
Primary port   : GigabitEthernet1/0/1         Port status: UP
Secondary port : GigabitEthernet1/0/2         Port status: BLOCKED

# Check the RRPP snooping configuration on GE2/0/0.20 of SwitchC.

[SwitchC] display rrpp snooping enable interface gigabitethernet 2/0/0.20
  Port                            VsiName           Vlan  
--------------------------------------------------------------------------- 
  GigabitEthernet2/0/0.20         VSI20             20

The preceding information shows that VSI 20 and VLAN 20 are associated with GE2/0/0.20.

# Check information about other VSIs associated with GE2/0/0.20 on SwitchC.

[SwitchC] display rrpp snooping vsi interface gigabitethernet 2/0/0.20
  Port                               VsiName
--------------------------------------------------------------------- 
  GigabitEthernet2/0/0.20            VSI10
  GigabitEthernet2/0/0.20            VSI20

The preceding information shows that GE2/0/0.20 is associated with VSI 10 and VSI 20.

Configuration Files

SwitchA configuration file

#
sysname SwitchA
#
vlan batch 10 20 to 21
#
rrpp enable
#
stp region-configuration
 instance 1 vlan 10 20 to 21
 active region-configuration
#
rrpp domain 1
 control-vlan 20
 protected-vlan reference-instance 1
 ring 1 node-mode master primary-port GigabitEthernet1/0/1 secondary-port GigabitEthernet1/0/2 level 0
 ring 1 enable
#
interface GigabitEthernet1/0/1
 port link-type trunk
 port trunk allow-pass vlan 10 20 to 21
 stp disable
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk allow-pass vlan 10 20 to 21
 stp disable
#
return

SwitchB configuration file

#
sysname SwitchB
#
vlan batch 10 20 to 21
#
rrpp enable
#
stp region-configuration
 instance 1 vlan 10 20 to 21
 active region-configuration
#
rrpp domain 1
 control-vlan 20
 protected-vlan reference-instance 1
 ring 1 node-mode transit primary-port GigabitEthernet1/0/1 secondary-port GigabitEthernet1/0/2 level 0
 ring 1 enable
#
interface GigabitEthernet1/0/1
 port link-type trunk
 port trunk allow-pass vlan 10 20 to 21
 stp disable
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk allow-pass vlan 10 20 to 21
 stp disable
#
return

SwitchC configuration file

#
sysname SwitchC
#
interface GigabitEthernet2/0/0
 undo portswitch
#
interface GigabitEthernet2/0/0.10
 dot1q termination vid 10
 l2 binding vsi VSI10
#
interface GigabitEthernet2/0/0.20
 dot1q termination vid 20
 l2 binding vsi VSI20
 rrpp snooping enable
 rrpp snooping vsi VSI10
#
return

SwitchD configuration file

#
sysname SwitchD
#
interface GigabitEthernet2/0/0
 undo portswitch
#
interface GigabitEthernet2/0/0.10
 dot1q termination vid 10
 l2 binding vsi VSI10
#
interface GigabitEthernet2/0/0.20
 dot1q termination vid 20
 l2 binding vsi VSI20
 rrpp snooping enable
 rrpp snooping vsi VSI10
#
return

Example for Configuring SEP and MSTP on a Network

Overview

Generally, redundant links are used to provide link backup and enhance network reliability. The use of redundant links, however, may produce loops. Loops cause infinite looping of packets, leading to broadcast storms and MAC address table instability. As a result, the communication quality deteriorates, and communication services may be interrupted. To block redundant links and ensure that they can be restored immediately to resume communication when a link fault occurs on a ring network, you can deploy SEP and MSTP on the ring network.

Configuration Notes

This example applies to all versions of all S series switches.

Networking Requirements

Company A needs to deploy multiple Layer 2 access devices. In Figure 3-101, Layer 2 switching devices form a ring at the access layer, and Layer 3 devices form a ring at the aggregation layer. The aggregation layer uses MSTP to eliminate redundant links. Company A requires that services be rapidly switched to prevent traffic interruption when a link at the access layer fails.

You can deploy multiple Layer 2 devices in a ring and configure SEP to meet the following requirements of company A:

When there is no faulty link on the ring network, SEP can eliminate loops.
When a link fails on the ring network, SEP can quickly restore communication between nodes in the ring.
The topology change notification function is configured on an edge device in a SEP segment so that devices on the upper-layer network can promptly detect topology changes on the lower-layer network. After receiving a topology change notification from a lower-layer network, a device on an upper-layer network sends a TC packet to instruct other devices to delete original MAC addresses and learn new MAC addresses. This ensures nonstop traffic forwarding.

Figure 3-101 SEP and MSTP networking

In this example, NPE1 and NPE2 use NE40Es running V600R008C00.

To ensure reliability of the entire network, you are advised to configure the following functions:

VRRP group between NPE1 and NPE2 to improve device-level reliability
BFD session between NPE1 and NPE2 to detect the link status and therefore implement fast switchover in the VRRP group

Configuration Roadmap

The configuration roadmap is as follows:

Configure basic SEP functions.
1. Configure SEP segment 1 on LSW1 to LSW3 and configure VLAN 10 as the control VLAN of SEP segment 1.
2. Add LSW1 to LSW3 to SEP segment 1 and configure interface roles on edge devices (LSW1 and LSW2) of the SEP segment.
  
  PE1 and PE2 do not support the SEP protocol; therefore, the interfaces of LSW1 and LSW2 connected to the PEs must be no-neighbor edge interfaces.
3. On the device where the no-neighbor primary edge interface is located, specify the interface in the middle of the SEP segment as the interface to block.
4. Configure manual preemption.
5. Configure the topology change notification function so that the upper-layer network running MSTP can be notified of topology changes in the SEP segment.
Configure basic MSTP functions.
1. Add PE1 to PE4, LSW1, and LSW2 to the MST region RG1.
2. Create VLANs on PE1 to PE4, LSW1, and LSW2 and add interfaces on the STP ring to the VLANs.
3. Configure PE3 as the root bridge and PE4 as the secondary root bridge.
Set up a single-hop BFD session between NPE1 and NPE2 to detect the status of the interfaces configured with VRRP. Then, report the detection result to VRRP to complete VRRP fast switching.
Configure VRRP.
1. Create VRRP group 1 on GE 1/0/1 of NPE1, and set a higher VRRP priority for NPE1 to ensure that NPE1 functions as the master.
2. Create VRRP group 1 in the view of GE 1/0/1 interface of NPE2, and allow NPE2 to use the default VRRP priority.
3. Bind a BFD session to VRRP group 1.
Configure Layer 2 forwarding on the CE and LSW1 to LSW3.

PE1 and PE2 are aggregation switches, PE3 is the root bridge, PE4 is the secondary root bridge, LSWs are access switches, and CEs are user-side switches.

Procedure

Configure basic SEP functions.

Configure SEP segment 1 on LSW1 to LSW3 and configure VLAN 10 as the control VLAN of SEP segment 1.

# Configure access switch LSW1.

<HUAWEI> system-view
[HUAWEI] sysname LSW1
[LSW1] sep segment 1 //Create SEP segment 1.
[LSW1-sep-segment1] control-vlan 10 //Configure VLAN 10 as the control VLAN of SEP segment 1.
[LSW1-sep-segment1] protected-instance all //Configure all protected instances of SEP segment 1.
[LSW1-sep-segment1] quit

# Configure access switch LSW2.

<HUAWEI> system-view
[HUAWEI] sysname LSW2
[LSW2] sep segment 1 //Create SEP segment 1.
[LSW2-sep-segment1] control-vlan 10 //Configure VLAN 10 as the control VLAN of SEP segment 1.
[LSW2-sep-segment1] protected-instance all //Configure all protected instances of SEP segment 1.
[LSW2-sep-segment1] quit

# Configure access switch LSW3.

<HUAWEI> system-view
[HUAWEI] sysname LSW3
[LSW3] sep segment 1 //Create SEP segment 1.
[LSW3-sep-segment1] control-vlan 10 //Configure VLAN 10 as the control VLAN of SEP segment 1.
[LSW3-sep-segment1] protected-instance all //Configure all protected instances of SEP segment 1.
[LSW3-sep-segment1] quit

The control VLAN must be a VLAN that has not been created or used. However, the command for creating a common VLAN is automatically displayed in the configuration file after the control VLAN is created.
Each SEP segment must have a control VLAN. After an interface is added to a SEP segment that has a control VLAN, the interface is automatically added to the control VLAN.

Add access switch LSW1 to LSW3 to SEP segment 1 and configure interface roles.

By default, STP is enabled on Layer 2 interfaces. Before adding an interface to a SEP segment, disable STP on the interface.

# Configure access switch LSW1.

[LSW1] interface gigabitethernet 1/0/1
[LSW1-GigabitEthernet1/0/1] port link-type hybrid
[LSW1-GigabitEthernet1/0/1] sep segment 1 edge no-neighbor primary //Configure the interface as the no-neighbor primary edge interface and add it to SEP segment 1.
[LSW1-GigabitEthernet1/0/1] quit
[LSW1] interface gigabitethernet 1/0/2
[LSW1-GigabitEthernet1/0/2] port link-type hybrid
[LSW1-GigabitEthernet1/0/2] stp disable //Disable STP.
[LSW1-GigabitEthernet1/0/2] sep segment 1 //Add the interface to SEP segment 1.
[LSW1-GigabitEthernet1/0/2] quit

# Configure access switch LSW2.

[LSW2] interface gigabitethernet 1/0/1
[LSW2-GigabitEthernet1/0/1] port link-type hybrid
[LSW2-GigabitEthernet1/0/1] sep segment 1 edge no-neighbor secondary //Configure the interface as the no-neighbor secondary edge interface and add it to SEP segment 1.
[LSW2-GigabitEthernet1/0/1] quit
[LSW2] interface gigabitethernet 1/0/2
[LSW2-GigabitEthernet1/0/2] port link-type hybrid
[LSW2-GigabitEthernet1/0/2] stp disable //Disable STP.
[LSW2-GigabitEthernet1/0/2] sep segment 1 //Add the interface to SEP segment 1.
[LSW2-GigabitEthernet1/0/2] quit

# Configure access switch LSW3.

[LSW3] interface gigabitethernet 1/0/1
[LSW3-GigabitEthernet1/0/1] port link-type hybrid
[LSW3-GigabitEthernet1/0/1] stp disable //Disable STP.
[LSW3-GigabitEthernet1/0/1] sep segment 1 //Add the interface to SEP segment 1.
[LSW3-GigabitEthernet1/0/1] quit
[LSW3] interface gigabitethernet 1/0/2
[LSW3-GigabitEthernet1/0/2] port link-type hybrid
[LSW3-GigabitEthernet1/0/2] stp disable //Disable STP.
[LSW3-GigabitEthernet1/0/2] sep segment 1 //Add the interface to SEP segment 1.
[LSW3-GigabitEthernet1/0/2] quit

Specify a blocking interface.

# In SEP segment 1, set the mode of blocking an interface on access switch LSW1 where the no-neighbor primary edge interface is located to block the interface in the middle of the SEP segment.
```
[LSW1] sep segment 1
[LSW1-sep-segment1] block port middle
```
Configure a preemption mode.

# Configure manual preemption on access switch LSW1.
```
[LSW1-sep-segment1] preempt manual
```
Configure the SEP topology change notification function.

Configure devices in SEP segment 1 to notify the MSTP network of topology changes.

# Configure access switch LSW1.
```
[LSW1-sep-segment1] tc-notify stp
[LSW1-sep-segment1] quit
```
# Configure access switch LSW2.
```
[LSW2] sep segment 1
[LSW2-sep-segment1] tc-notify stp
[LSW2-sep-segment1] quit
```

Configure basic MSTP functions.

Configure an MST region.

# Configure aggregation switch PE1.

<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] stp region-configuration //Enter the MST region view.
[PE1-mst-region] region-name RG1 //Configure the MST region name as RG1.
[PE1-mst-region] active region-configuration //Activate MST region configuration.
[PE1-mst-region] quit

# Configure aggregation switch PE2.

<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] stp region-configuration //Enter the MST region view.
[PE2-mst-region] region-name RG1 //Configure the MST region name as RG1.
[PE2-mst-region] active region-configuration //Activate MST region configuration.
[PE2-mst-region] quit

# Configure aggregation switch PE3.

<HUAWEI> system-view
[HUAWEI] sysname PE3
[PE3] stp region-configuration //Enter the MST region view.
[PE3-mst-region] region-name RG1 //Configure the MST region name as RG1.
[PE3-mst-region] active region-configuration //Activate MST region configuration.
[PE3-mst-region] quit

# Configure aggregation switch PE4.

<HUAWEI> system-view
[HUAWEI] sysname PE4
[PE4] stp region-configuration //Enter the MST region view.
[PE4-mst-region] region-name RG1 //Configure the MST region name as RG1.
[PE4-mst-region] active region-configuration //Activate MST region configuration.
[PE4-mst-region] quit

# Configure access switch LSW1.

[LSW1] stp region-configuration //Enter the MST region view.
[LSW1-mst-region] region-name RG1 //Configure the MST region name as RG1.
[LSW1-mst-region] active region-configuration //Activate MST region configuration.
[LSW1-mst-region] quit

# Configure access switch LSW2.

[LSW2] stp region-configuration //Enter the MST region view.
[LSW2-mst-region] region-name RG1 //Configure the MST region name as RG1.
[LSW2-mst-region] active region-configuration //Activate MST region configuration.
[LSW2-mst-region] quit

Create a VLAN and add interfaces on the ring network to the VLAN.

# On aggregation switch PE1, create VLAN 100 and add GE1/0/1, GE1/0/2, and GE1/0/3 to VLAN 100.
```
[PE1] vlan 100
[PE1-vlan100] quit
[PE1]interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] port link-type hybrid
[PE1-GigabitEthernet1/0/1] port hybrid tagged vlan 100
[PE1-GigabitEthernet1/0/1] quit
[PE1]interface gigabitethernet 1/0/2
[PE1-GigabitEthernet1/0/2] port link-type hybrid
[PE1-GigabitEthernet1/0/2] port hybrid tagged vlan 100
[PE1-GigabitEthernet1/0/2] quit
[PE1]interface gigabitethernet 1/0/3
[PE1-GigabitEthernet1/0/3] port link-type hybrid
[PE1-GigabitEthernet1/0/3] port hybrid tagged vlan 100
[PE1-GigabitEthernet1/0/3] quit
```
# On aggregation switch PE2, PE3, and PE4, create VLAN 100 and add GE1/0/1, GE1/0/2, and GE1/0/3 to VLAN 100.

The configurations of aggregation switch PE2, PE3, and PE4 are similar to the configuration of aggregation switch PE1, and are not mentioned here. For details, see configuration files in this example.

On access switch LSW1 and LSW2, create VLAN 100 and add GE1/0/1 to VLAN 100. The configurations of access switch LSW1 and LSW2 are similar to the configuration of aggregation switch PE1, and are not mentioned here. For details, see configuration files in this example.
Enable MSTP.

# Configure aggregation switch PE1.
```
[PE1] stp enable
```
# Configure aggregation switch PE2.
```
[PE2] stp enable
```
# Configure aggregation switch PE3.
```
[PE3] stp enable
```
# Configure aggregation switch PE4.
```
[PE4] stp enable
```
# Configure access switch LSW1.
```
[LSW1] stp enable
```
# Configure access switch LSW2.
```
[LSW2] stp enable
```
Configure aggregation switch PE3 as the root bridge and aggregation switch PE4 as the secondary root bridge.

# Set the priority of aggregation switch PE3 to 0 in MSTI 0 to ensure that aggregation switch PE3 functions as the root bridge.
```
[PE3] stp root primary
```
# Set the priority of aggregation switch PE4 to 4096 in MSTI 0 to ensure that aggregation switch PE4 functions as the secondary root bridge.
```
[PE4] stp root secondary
```

Configure VLAN 100 to transmit VRRP packets and VLAN 200 to transmit BFD packets.

# Configure aggregation switch PE3.

[PE3] vlan batch 100 200
[PE3] interface gigabitethernet 1/0/2
[PE3-GigabitEthernet1/0/2] port link-type hybrid
[PE3-GigabitEthernet1/0/2] port hybrid tagged vlan 100 200
[PE3-GigabitEthernet1/0/2] quit
[PE3] interface gigabitethernet 1/0/3
[PE3-GigabitEthernet1/0/2] port link-type hybrid
[PE3-GigabitEthernet1/0/2] port hybrid tagged vlan 100 200
[PE3-GigabitEthernet1/0/2] quit

# Configure aggregation switch PE4.

[PE4] vlan batch 100 200
[PE4] interface gigabitethernet 1/0/2
[PE4-GigabitEthernet1/0/2] port link-type hybrid
[PE4-GigabitEthernet1/0/2] port hybrid tagged vlan 100 200
[PE4-GigabitEthernet1/0/2] quit
[PE4] interface gigabitethernet 1/0/3
[PE4-GigabitEthernet1/0/3] port link-type hybrid
[PE4-GigabitEthernet1/0/3] port hybrid tagged vlan 100 200
[PE4-GigabitEthernet1/0/3] quit

Configure a BFD session.

Configure IP addresses for interfaces.

# Configure an IP address for an interface on NPE1 and create a sub-interface for the interface.

<HUAWEI> system-view
[HUAWEI] sysname NPE1
[NPE1] vlan 100
[NPE1-vlan100] quit
[NPE1] interface gigabitethernet 1/0/1
[NPE1-GigabitEthernet1/0/1] undo shutdown
[NPE1-GigabitEthernet1/0/1] ip address 10.2.1.1 24
[NPE1-GigabitEthernet1/0/1] quit
[NPE1] interface gigabitethernet 1/0/1.1
[NPE1-GigabitEthernet1/0/1.1] undo shutdown
[NPE1-GigabitEthernet1/0/1.1] vlan-type dot1q 100
[NPE1-GigabitEthernet1/0/1.1] ip address 10.1.1.1 24
[NPE1-GigabitEthernet1/0/1.1] quit

# Configure an IP address for an interface on NPE2 and create a sub-interface for the interface.

<HUAWEI> system-view
[HUAWEI] sysname NPE2
[NPE2] vlan 100
[NPE2-vlan100] quit
[NPE2] interface gigabitethernet 1/0/1
[NPE2-GigabitEthernet1/0/1] undo shutdown
[NPE2-GigabitEthernet1/0/1] ip address 10.2.1.2 24
[NPE2-GigabitEthernet1/0/1] quit
[NPE2] interface gigabitethernet 1/0/1.1
[NPE2-GigabitEthernet1/0/1.1] undo shutdown
[NPE2-GigabitEthernet1/0/1.1] vlan-type dot1q 100
[NPE2-GigabitEthernet1/0/1.1] ip address 10.1.1.2 24
[NPE2-GigabitEthernet1/0/1.1] quit

Create a BFD session.

# Enable BFD on NPE1 and configure a BFD session between NPE1 and NPE2.

[NPE1] bfd
[NPE1-bfd] quit
[NPE1] bfd NPE2 bind peer-ip default-ip interface gigabitethernet 1/0/1 //Configure a static BFD session to monitor the link of the VRRP group.
[NPE1-bfd-session-npe2] discriminator local 1
[NPE1-bfd-session-npe2] discriminator remote 2
[NPE1-bfd-session-npe2] commit
[NPE1-bfd-session-npe2] quit

# Enable BFD on NPE2 and configure a BFD session between NPE1 and NPE2.

[NPE2] bfd
[NPE2-bfd] quit
[NPE2] bfd NPE1 bind peer-ip default-ip interface gigabitethernet 1/0/1 //Configure a static BFD session to monitor the link of the VRRP group.
[NPE2-bfd-session-npe1] discriminator local 2
[NPE2-bfd-session-npe1] discriminator remote 1
[NPE2-bfd-session-npe1] commit
[NPE2-bfd-session-npe1] quit

# After completing the configuration, run the display bfd session all on NPE1 and NPE2. The command output shows that the BFD session is set up between NPE1 and NPE2 and its status is Up.

Use the display on NPE1 as an example.

[NPE1] display bfd session all
--------------------------------------------------------------------------------
Local Remote PeerIpAddr      State     Type        InterfaceName
--------------------------------------------------------------------------------
1     2      224.0.0.184     Up        S_IP_IF     GigabitEthernet1/0/1
--------------------------------------------------------------------------------
     Total UP/DOWN Session Number : 1/0

Configure association between BFD status and sub-interface status.

# Configure NPE1.

[NPE1] bfd
[NPE1-bfd] quit
[NPE1] bfd NPE2
[NPE1-bfd-session-npe2] process-interface-status sub-if
[NPE1-bfd-session-npe2] commit
[NPE1-bfd-session-npe2] quit

# Configure NPE2.

[NPE2] bfd
[NPE2-bfd] quit
[NPE2] bfd NPE1
[NPE2-bfd-session-npe1] process-interface-status sub-if
[NPE2-bfd-session-npe1] commit
[NPE2-bfd-session-npe1] quit

After completing the preceding configurations, run the display bfd session all verbose command on NPE1 and NPE2. Check that the Proc interface status field displays Enable (Sub-If).

Use the display on NPE1 as an example.

[NPE1] display bfd session all verbose
--------------------------------------------------------------------------------
Session MIndex : 257       (One Hop) State : Up        Name : npe2
--------------------------------------------------------------------------------
  Local Discriminator    : 1                Remote Discriminator   : 2
  Session Detect Mode    : Asynchronous Mode Without Echo Function
  BFD Bind Type          : Interface(GigabitEthernet1/0/1)
  Bind Session Type      : Static
  Bind Peer IP Address   : 224.0.0.184
  NextHop Ip Address     : 224.0.0.184
  Bind Interface         : GigabitEthernet1/0/1
  FSM Board Id           : 0                TOS-EXP                : 7
  Min Tx Interval (ms)   : 1000             Min Rx Interval (ms)   : 1000
  Actual Tx Interval (ms): 1000             Actual Rx Interval (ms): 1000
  Local Detect Multi     : 3                Detect Interval (ms)   : 3000
  Echo Passive           : Disable          Acl Number             : -
  Destination Port       : 3784             TTL                    : 255
  Proc Interface Status  : Enable(Sub-If)   Process PST            : Disable
  WTR Interval (ms)      : -                Local Demand Mode      : Disable
  Active Multi           : 3
  Last Local Diagnostic  : No Diagnostic
  Bind Application       : IFNET
  Session TX TmrID       : 93               Session Detect TmrID   : 94
  Session Init TmrID     : -                Session WTR TmrID      : -
  Session Echo Tx TmrID  : -
  PDT Index              : FSM-0 | RCV-0 | IF-0 | TOKEN-0
  Session Description    : -
--------------------------------------------------------------------------------

     Total UP/DOWN Session Number : 1/0

Configure VRRP.

# Configure an IP address for an interface on NPE1, create VRRP group 1, and set the VRRP priority of NPE1 to 120 so that NPE1 can function as the master.

[NPE1] interface gigabitethernet 1/0/1.1
[NPE1-GigabitEthernet1/0/1.1] vrrp vrid 1 virtual-ip 10.1.1.10
[NPE1-GigabitEthernet1/0/1.1] vrrp vrid 1 priority 120 //The default priority of a device in a VRRP group is 100. Change the priority of the master to be higher than that of the backup.
[NPE1-GigabitEthernet1/0/1.1] vrrp vrid 1 preempt-mode timer delay 10 //A device in a VRRP group uses immediate preemption by default. Change the preemption delay of the master to prevent service interruptions on an unstable network where devices in the VRRP group preempt to be the master.

# Configure an IP address for an interface on NPE2, create VRRP group 1, and allow NPE2 to use the default value so that NPE1 can function as the backup.
```
[NPE2] interface gigabitethernet 1/0/1.1
[NPE2-GigabitEthernet1/0/1.1] vrrp vrid 1 virtual-ip 10.1.1.10
```

# On NPE1, bind the VRRP group and the BFD session.

[NPE1-GigabitEthernet1/0/1.1] vrrp vrid 1 track bfd-session 1 peer
[NPE1-GigabitEthernet1/0/1.1] quit

# On NPE2, bind the VRRP group and the BFD session.

[NPE2-GigabitEthernet1/0/1.1] vrrp vrid 1 track bfd-session 2 peer
[NPE2-GigabitEthernet1/0/1.1] quit

After completing the preceding configurations, run the display vrrp command on NPE1. Check that the status of NPE1 is Master. Run the display vrrp command on NPE2. Check that the status of NPE2 is Backup.

[NPE1] display vrrp
GigabitEthernet1/0/1.1 | Virtual Router 1
    State : Master
    Virtual IP : 10.1.1.10
    Master IP      : 10.1.1.1
    PriorityRun : 120
    PriorityConfig : 120
    MasterPriority : 120
    Preempt : YES   Delay Time : 10
    TimerRun : 1
    TimerConfig : 1
    Auth Type : NONE
    Virtual Mac :  0000-5e00-0101
    Check TTL : YES
    Config type : normal-vrrp
    Backup-forward : disabled
    Config track link-bfd down-number : 0
    Track BFD : 1  type: peer
    BFD-session state : UP
    Create time : 2013-12-29 22:46:32 UTC+07:00
    Last change time : 2013-12-29 22:46:35 UTC+07:00

[NPE2] display vrrp
GigabitEthernet1/0/1.1 | Virtual Router 1
    State : Backup
    Virtual IP : 10.1.1.10
    Master IP      : 10.1.1.2
    PriorityRun : 100
    PriorityConfig : 100
    MasterPriority : 120
    Preempt : YES   Delay Time : 0
    TimerRun : 1
    TimerConfig : 1
    Auth Type : NONE
    Virtual Mac :  0000-5e00-0101
    Check TTL : YES
    Config type : normal-vrrp
    Backup-forward : disabled
    Config track link-bfd down-number : 0
    Track BFD : 2  type: peer
    BFD-session state : UP
    Create time : 2013-12-29 22:46:32 UTC+07:00
    Last change time : 2013-12-29 22:46:35 UTC+07:00

Configure the Layer 2 forwarding function on the user-side switch CE and access switch LSW1 to LSW3.
The configuration details are not mentioned here. For details, see configuration files in this example.

Verify the configuration.

After the configuration is complete and the network topology becomes stable, perform the following operations to verify the configuration.

# Run the shutdown command on GE1/0/1 of LSW2 to simulate a fault, and then run the display sep interface command on LSW3 to check whether GE1/0/2 on LSW3 changes from the discarding state to the forwarding state.

<LSW3> display sep interface gigabitethernet 1/0/2
SEP segment 1
----------------------------------------------------------------
Interface           Port Role     Neighbor Status     Port Status
----------------------------------------------------------------
GE1/0/2             common        up                  forwarding

Run the shutdown command on GE 1/0/1.1 on NPE1 to simulate an interface fault, and then run the display vrrp command on NPE2 to check whether the status of NPE2 changes from backup to master.

[NPE2] display vrrp
GigabitEthernet1/0/1.1 | Virtual Router 1
    State : Master
    Virtual IP : 10.1.1.10
    Master IP      : 10.1.1.2
    PriorityRun : 100
    PriorityConfig : 100
     MasterPriority : 100
    Preempt : YES   Delay Time : 0
    TimerRun : 1
    TimerConfig : 1
    Auth Type : NONE
    Virtual Mac :  0000-5e00-0101
    Check TTL : YES
    Config type : normal-vrrp
    Backup-forward : disabled
    Config track link-bfd down-number : 0
    Track BFD : 2  type: peer
    BFD-session state : DOWN  
    Create time : 2013-12-29 22:46:32 UTC+07:00
    Last change time : 2013-12-30 00:12:10 UTC+07:00

Configuration Files

LSW1 configuration file

#
sysname LSW1
#
vlan batch 10 100
#
stp region-configuration
 region-name RG1
 active region-configuration
#
sep segment 1
 control-vlan 10
 block port middle
 tc-notify stp
 protected-instance 0 to 4094
#
interface GigabitEthernet1/0/1
 port link-type hybrid
 port hybrid tagged vlan 10 100
 sep segment 1 edge no-neighbor primary 
#
interface GigabitEthernet1/0/2
 port link-type hybrid
 port hybrid tagged vlan 10 100
 stp disable
 sep segment 1
#
return

LSW2 configuration file

#
sysname LSW2
#
vlan batch 10 100
#
stp region-configuration
 region-name RG1
 active region-configuration
#
sep segment 1
 control-vlan 10
 tc-notify stp
 protected-instance 0 to 4094
#
interface GigabitEthernet1/0/1
 port link-type hybrid
 port hybrid tagged vlan 10 100
 sep segment 1 edge no-neighbor secondary
#
interface GigabitEthernet1/0/2
 port link-type hybrid
 port hybrid tagged vlan 10 100
 stp disable
 sep segment 1
#
return

LSW3 configuration file

#
sysname LSW3
#
vlan batch 10 100
#
sep segment 1
 control-vlan 10
 protected-instance 0 to 4094
#
interface GigabitEthernet1/0/1
 port link-type hybrid
 port hybrid tagged vlan 10 100
 stp disable
 sep segment 1
#
interface GigabitEthernet1/0/2
 port link-type hybrid
 port hybrid tagged vlan 10 100
 stp disable
 sep segment 1
#
interface GigabitEthernet1/0/3
 port link-type hybrid
 port hybrid tagged vlan vlan 100
#
return

PE1 configuration file

#
sysname PE1
#
vlan batch 100
#
stp region-configuration
 region-name RG1
 active region-configuration
#
interface GigabitEthernet1/0/1
 port link-type hybrid
 port hybrid tagged vlan 100
#
interface GigabitEthernet1/0/2
 port link-type hybrid
 port hybrid tagged vlan 100
#
interface GigabitEthernet1/0/3
 port link-type hybrid
 port hybrid tagged vlan 100
#
return

PE2 configuration file

#
sysname PE2
#
vlan batch 100
#
stp region-configuration
 region-name RG1
 active region-configuration
#
interface GigabitEthernet1/0/1
 port link-type hybrid
 port hybrid tagged vlan 100
#
interface GigabitEthernet1/0/2
 port link-type hybrid
 port hybrid tagged vlan 100
#
interface GigabitEthernet1/0/3
 port link-type hybrid
 port hybrid tagged vlan 100
#
return

PE3 configuration file

#
sysname PE3
#
vlan batch 100
#
stp instance 0 root primary
#
stp region-configuration
 region-name RG1
 active region-configuration
#
interface GigabitEthernet1/0/1
 port link-type hybrid
 port hybrid tagged vlan 100
#
interface GigabitEthernet1/0/2
 port link-type hybrid
 port hybrid tagged vlan 100 200
#
interface GigabitEthernet1/0/3
 port link-type hybrid
 port hybrid tagged vlan 100 200
#
return

PE4 configuration file

#
sysname PE4
#
vlan batch 100
#
stp instance 0 root secondary
#
stp region-configuration
 region-name RG1
 active region-configuration
#
interface GigabitEthernet1/0/1
 port link-type hybrid
 port hybrid tagged vlan 100
#
interface GigabitEthernet1/0/2
 port link-type hybrid
 port hybrid tagged vlan 100 200
#
interface GigabitEthernet1/0/3
 port link-type hybrid
 port hybrid tagged vlan 100 200
#
return

NPE1 configuration file

#
 sysname NPE1
#
 vlan batch 100
#
 bfd
#
interface GigabitEthernet1/0/1
 undo shutdown
 ip address 10.2.1.1 255.255.255.0
#
interface GigabitEthernet1/0/1.1
 vlan-type dot1q 100
 ip address 10.1.1.1 255.255.255.0
 vrrp vrid 1 virtual-ip 10.1.1.10
 vrrp vrid 1 priority 120
 vrrp vrid 1 preempt-mode timer delay 10
 vrrp vrid 1 track bfd-session 1 peer
#
bfd npe2 bind peer-ip default-ip interface GigabitEthernet1/0/1
 discriminator local 1
 discriminator remote 2
 process-interface-status sub-if
 commit
#
return

NPE2 configuration file

#
 sysname NPE2
#
 vlan batch 100
#
 bfd
#
interface GigabitEthernet1/0/1
 undo shutdown
 ip address 10.2.1.2 255.255.255.0
#
interface GigabitEthernet1/0/1.1
 vlan-type dot1q 100
 ip address 10.1.1.2 255.255.255.0
 vrrp vrid 1 virtual-ip 10.1.1.10
 vrrp vrid 1 track bfd-session 2 peer
#
bfd npe1 bind peer-ip default-ip interface GigabitEthernet1/0/1
 discriminator local 2
 discriminator remote 1
 process-interface-status sub-if
 commit
#
return

CE configuration file

#
sysname CE
#
vlan batch 100
#
interface GigabitEthernet1/0/1
 port link-type hybrid
 port hybrid tagged vlan 100
#
return

Example for Configuring SEP and RRPP on a Network

Overview

Generally, redundant links are used to provide link backup and enhance network reliability. The use of redundant links, however, may produce loops. Loops cause infinite looping of packets, leading to broadcast storms and MAC address table instability. As a result, the communication quality deteriorates, and communication services may be interrupted. To block redundant links and ensure that the blocked links can be restored immediately to resume communication when a link fault occurs on a ring network, you can deploy SEP and RRPP on the ring network.

Configuration Notes

This example applies to all versions of all S series switches.

Networking Requirements

In Figure 3-102, Layer 2 switching devices at access and aggregation layers constitute a ring network and connect to the core layer. The aggregation layer uses RRPP to eliminate redundant links, and the access layer uses SEP.

When there is no faulty link on the ring network, SEP can eliminate loops on the Ethernet network.
When a link fails on the ring network, SEP can quickly restore communication between nodes in the ring.
The topology change notification function is configured on an edge device in a SEP segment so that devices on the upper-layer network can promptly detect topology changes on the lower-layer network.

After receiving a topology change notification from a lower-layer network, a device on an upper-layer network sends a TC packet to instruct other devices to delete original MAC addresses and learn new MAC addresses. This ensures nonstop traffic forwarding.

Figure 3-102 SEP and RRPP networking

In this example, NPE1 and NPE2 use NE40Es running V600R008C00.

To ensure reliability of the entire network, you are advised to configure the following functions:

VRRP group between NPE1 and NPE2 to improve device-level reliability
BFD session between NPE1 and NPE2 to detect the link status and therefore implement fast switchover in the VRRP group

Configuration Roadmap

The configuration roadmap is as follows:

Configure basic SEP functions.
1. Configure SEP segment 1 on PE1, PE2, and LSW1 to LSW3 and configure VLAN 10 as the control VLAN of SEP segment 1.
2. Add PE1, PE2, and LSW1 to LSW3 to SEP segment and configure interface roles on edge devices (PE1 and PE2) of the SEP segment.
3. On the device where the primary edge interface is located, specify the mode in which an interface is blocked.
4. Configure a SEP preemption mode to ensure that the specified blocked interface takes effect when the fault is rectified.
5. Configure the topology change notification function so that the upper-layer network running RRPP can be notified of topology changes in the SEP segment.
Configure basic RRPP functions.
1. Add PE1 to PE4 to RRPP domain 1, configure VLAN 5 as the control VLAN on PE1 to PE4, and configure the protected VLAN.
2. Configure PE1 as the master node and PE2 to PE4 as the transit nodes on the major ring, and configure primary and secondary interfaces of the master node.
3. Create VLANs on PE1 to PE4 and add interfaces on the RRPP ring to the VLANs.
Set up a single-hop BFD session between NPE1 and NPE2 to detect the status of the interfaces configured with VRRP. Then, report the detection result to VRRP to complete VRRP fast switching.
Configure VRRP.
1. Create VRRP group 1 on GE 1/0/1 of NPE1, and set a higher VRRP priority for NPE1 to ensure that NPE1 functions as the master.
2. Create VRRP group 1 in the view of GE 1/0/1 interface of NPE2, and allow NPE2 to use the default VRRP priority.
3. Bind a BFD session to VRRP group 1.
Configure Layer 2 forwarding on the CE, LSW1 to LSW3, and PE1 to PE4.

PEs are aggregation switches, LSWs are access switches, and CEs are user-side switches.

Procedure

Configure basic SEP functions.

Configure SEP segment 1 and configure VLAN 10 as the control VLAN of SEP segment 1.

# Configure aggregation switch PE1.

<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] sep segment 1 //Create SEP segment 1.
[PE1-sep-segment1] control-vlan 10 //Configure VLAN 10 as the control VLAN of SEP segment 1.
[PE1-sep-segment1] protected-instance all //Configure all protected instances of SEP segment 1.
[PE1-sep-segment1] quit

# Configure aggregation switch PE2.

<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] sep segment 1 //Create SEP segment 1.
[PE2-sep-segment1] control-vlan 10 //Configure VLAN 10 as the control VLAN of SEP segment 1.
[PE2-sep-segment1] protected-instance all //Configure all protected instances of SEP segment 1.
[PE2-sep-segment1] quit

# Configure access switch LSW1.

<HUAWEI> system-view
[HUAWEI] sysname LSW1
[LSW1] sep segment 1 //Create SEP segment 1.
[LSW1-sep-segment1] control-vlan 10 //Configure VLAN 10 as the control VLAN of SEP segment 1.
[LSW1-sep-segment1] protected-instance all //Configure all protected instances of SEP segment 1.
[LSW1-sep-segment1] quit

# Configure access switch LSW2.

<HUAWEI> system-view
[HUAWEI] sysname LSW2
[LSW2] sep segment 1 //Create SEP segment 1.
[LSW2-sep-segment1] control-vlan 10 //Configure VLAN 10 as the control VLAN of SEP segment 1.
[LSW2-sep-segment1] protected-instance all //Configure all protected instances of SEP segment 1.
[LSW2-sep-segment1] quit

# Configure access switch LSW3.

<HUAWEI> system-view
[HUAWEI] sysname LSW3
[LSW3] sep segment 1 //Create SEP segment 1.
[LSW3-sep-segment1] control-vlan 10 //Configure VLAN 10 as the control VLAN of SEP segment 1.
[LSW3-sep-segment1] protected-instance all //Configure all protected instances of SEP segment 1.
[LSW3-sep-segment1] quit

The control VLAN must be a VLAN that has not been created or used. However, the command for creating a common VLAN is automatically displayed in the configuration file after the control VLAN is created.
Each SEP segment must have a control VLAN. After an interface is added to a SEP segment that has a control VLAN, the interface is automatically added to the control VLAN.

Add aggregation switch PE1, aggregation switch PE2, and access switch LSW1 to LSW3 to SEP segment 1 and configure interface roles.

By default, STP is enabled on Layer 2 interfaces. Before adding an interface to a SEP segment, disable STP on the interface.

# Configure aggregation switch PE1.

[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] port link-type trunk
[PE1-GigabitEthernet1/0/1] stp disable //Disable STP.
[PE1-GigabitEthernet1/0/1] sep segment 1 edge primary //Configure the interface as the primary edge interface and add it to SEP segment 1.
[PE1-GigabitEthernet1/0/1] quit

# Configure access switch LSW1.

[LSW1] interface gigabitethernet 1/0/1
[LSW1-GigabitEthernet1/0/1] port link-type trunk
[LSW1-GigabitEthernet1/0/1] stp disable //Disable STP.
[LSW1-GigabitEthernet1/0/1] sep segment 1 //Add the interface to SEP segment 1.
[LSW1-GigabitEthernet1/0/1] quit
[LSW1] interface gigabitethernet 1/0/2
[LSW1-GigabitEthernet1/0/2] port link-type trunk
[LSW1-GigabitEthernet1/0/2] stp disable //Disable STP.
[LSW1-GigabitEthernet1/0/2] sep segment 1 //Add the interface to SEP segment 1.
[LSW1-GigabitEthernet1/0/2] quit

# Configure access switch LSW2.

[LSW2] interface gigabitethernet 1/0/1
[LSW2-GigabitEthernet1/0/1] port link-type trunk
[LSW2-GigabitEthernet1/0/1] stp disable //Disable STP.
[LSW2-GigabitEthernet1/0/1] sep segment 1 //Add the interface to SEP segment 1.
[LSW2-GigabitEthernet1/0/1] quit
[LSW2] interface gigabitethernet 1/0/2
[LSW2-GigabitEthernet1/0/2] port link-type trunk
[LSW2-GigabitEthernet1/0/2] stp disable //Disable STP.
[LSW2-GigabitEthernet1/0/2] sep segment 1 //Add the interface to SEP segment 1.
[LSW2-GigabitEthernet1/0/2] quit

# Configure access switch LSW3.

[LSW3] interface gigabitethernet 1/0/1
[LSW3-GigabitEthernet1/0/1] port link-type trunk
[LSW3-GigabitEthernet1/0/1] stp disable //Disable STP.
[LSW3-GigabitEthernet1/0/1] sep segment 1 //Add the interface to SEP segment 1.
[LSW3-GigabitEthernet1/0/1] quit
[LSW3] interface gigabitethernet 1/0/2
[LSW3-GigabitEthernet1/0/2] port link-type trunk
[LSW3-GigabitEthernet1/0/2] stp disable //Disable STP.
[LSW3-GigabitEthernet1/0/2] sep segment 1 //Add the interface to SEP segment 1.
[LSW3-GigabitEthernet1/0/2] quit

# Configure aggregation switch PE2.

[PE2] interface gigabitethernet 1/0/1
[PE2-GigabitEthernet1/0/1] port link-type trunk
[PE2-GigabitEthernet1/0/1] stp disable //Disable STP.
[PE2-GigabitEthernet1/0/1] sep segment 1 edge secondary //Configure the interface as the secondary edge interface and add it to SEP segment 1.
[PE2-GigabitEthernet1/0/1] quit

After the configuration is complete, run the display sep topology command on aggregation switch PE1 to check the topology of the SEP segment. The command output shows that the blocked interface is one of the two interfaces on the link that last completes neighbor negotiation.

[PE1] display sep topology
SEP segment 1
-------------------------------------------------------------------------
System Name          Port Name        Port Role       Port Status     Hop
-------------------------------------------------------------------------
PE1                  GE1/0/1          primary         forwarding      1
LSW1                 GE1/0/1          common          forwarding      2
LSW1                 GE1/0/2          common          forwarding      3
LSW3                 GE1/0/2          common          forwarding      4
LSW3                 GE1/0/1          common          forwarding      5
LSW2                 GE1/0/2          common          forwarding      6
LSW2                 GE1/0/1          common          forwarding      7
PE2                  GE1/0/1          secondary       discarding      8

Specify a blocked interface.

# In SEP segment 1, set the mode of blocking an interface on aggregation switch PE1 where the primary edge interface is located to block the interface in the middle of the SEP segment.
```
[PE1] sep segment 1
[PE1-sep-segment1] block port middle 
```
Configure a preemption mode.

# In SEP segment 1, configure the manual preemption mode on aggregation switch PE1 where the primary edge interface is located.
```
[PE1-sep-segment1] preempt manual
```
Configure the SEP topology change notification function.

Configure devices in SEP segment 1 to notify the RRPP network of topology changes.

# Configure aggregation switch PE1.
```
[PE1-sep-segment1] tc-notify rrpp
[PE1-sep-segment1] quit
```
# Configure aggregation switch PE2.
```
[PE2] sep segment 1
[PE2-sep-segment1] tc-notify rrpp
[PE2-sep-segment1] quit
```

After the configuration is complete, perform the following operations to verify the configuration. Aggregation switch PE1 is used as an example.

Run the display sep topology command on aggregation switch PE1 to check the topology of the SEP segment.

The command output shows that GE1/0/2 of access switch LSW3 is in discarding state and other interfaces are in forwarding state.

[PE1] display sep topology
SEP segment 1
-------------------------------------------------------------------------
System Name          Port Name        Port Role       Port Status     Hop
-------------------------------------------------------------------------
PE1                  GE1/0/1          primary         forwarding      1
LSW1                 GE1/0/1          common          forwarding      2
LSW1                 GE1/0/2          common          forwarding      3
LSW3                 GE1/0/2          common          discarding      4
LSW3                 GE1/0/1          common          forwarding      5
LSW2                 GE1/0/2          common          forwarding      6
LSW2                 GE1/0/1          common          forwarding      7
PE2                  GE1/0/1          secondary       forwarding      8

Run the display sep interface verbose command on aggregation switch PE1 to check detailed information about interfaces in the SEP segment.

[PE1] display sep interface verbose
SEP segment 1
Control-vlan             :10
Preempt Delay Timer      :0
TC-Notify Propagate to :rrpp
----------------------------------------------------------------
Interface              :GE1/0/1
Port Role              :Config = primary / Active =  primary
Port Priority          :64
Port Status            :forwarding
Neighbor Status        :up
Neighbor Port          :LSW1 - GE1/0/1 (00e0-0829-7c00.0000)
NBR TLV             rx :2124             tx :2126
LSP INFO TLV        rx :2939             tx :135
LSP ACK TLV         rx :113              tx :768
PREEMPT REQ TLV     rx :0                tx :3
PREEMPT ACK TLV     rx :3                tx :0
TC Notify           rx :5                tx :3
EPA                 rx :363              tx :397

Configure basic RRPP functions.

Add aggregation switch PE1 to PE4 to RRPP domain 1, configure VLAN 5 as the control VLAN on aggregation switch PE1 to PE4, and configure the protected VLAN.

# Configure aggregation switch PE1.

[PE1] stp region-configuration //Enter the MST region view.
[PE1-mst-region] instance 1 vlan 5 6 100 //Map VLAN 5, VLAN 6, and VLAN 100 to MSTI 1.
[PE1-mst-region] active region-configuration //Activate MST region configuration.
[PE1-mst-region] quit
[PE1] rrpp domain 1 //Create RRPP domain 1.
[PE1-rrpp-domain-region1] control-vlan 5 //Configure VLAN 5 as the control VLAN of RRPP domain 1.
[PE1-rrpp-domain-region1] protected-vlan reference-instance 1 //Configure the protected VLAN in protected instance 1.

# Configure aggregation switch PE2.

[PE2] stp region-configuration //Enter the MST region view.
[PE2-mst-region] instance 1 vlan 5 6 100 //Map VLAN 5, VLAN 6, and VLAN 100 to MSTI 1.
[PE2-mst-region] active region-configuration //Activate MST region configuration.
[PE2-mst-region] quit
[PE2] rrpp domain 1 //Create RRPP domain 1.
[PE2-rrpp-domain-region1] control-vlan 5 //Configure VLAN 5 as the control VLAN of RRPP domain 1.
[PE2-rrpp-domain-region1] protected-vlan reference-instance 1 //Configure the protected VLAN in protected instance 1.

# Configure aggregation switch PE3.

[PE3] stp region-configuration //Enter the MST region view.
[PE3-mst-region] instance 1 vlan 5 6 100 //Map VLAN 5, VLAN 6, and VLAN 100 to MSTI 1.
[PE3-mst-region] active region-configuration //Activate MST region configuration.
[PE3-mst-region] quit
[PE3] rrpp domain 1 //Create RRPP domain 1.
[PE3-rrpp-domain-region1] control-vlan 5 //Configure VLAN 5 as the control VLAN of RRPP domain 1.
[PE3-rrpp-domain-region1] protected-vlan reference-instance 1 //Configure the protected VLAN in protected instance 1.

# Configure aggregation switch PE4.

[PE4] stp region-configuration //Enter the MST region view.
[PE4-mst-region] instance 1 vlan 5 6 100 //Map VLAN 5, VLAN 6, and VLAN 100 to MSTI 1.
[PE4-mst-region] active region-configuration //Activate MST region configuration.
[PE4-mst-region] quit
[PE4] rrpp domain 1 //Create RRPP domain 1.
[PE4-rrpp-domain-region1] control-vlan 5 //Configure VLAN 5 as the control VLAN of RRPP domain 1.
[PE4-rrpp-domain-region1] protected-vlan reference-instance 1 //Configure the protected VLAN in protected instance 1.

The control VLAN must be a VLAN that has not been created or used. However, the command for creating a common VLAN is automatically displayed in the configuration file after the control VLAN is created.

Create a VLAN and add interfaces on the ring network to the VLAN.

# On aggregation switch PE1, create VLAN 100 and add GE1/0/1, GE1/0/2, and GE1/0/3 to VLAN 100.

[PE1] vlan 100
[PE1-vlan100] quit
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] stp disable //Disable STP.
[PE1-GigabitEthernet1/0/1] port link-type trunk
[PE1-GigabitEthernet1/0/1] port trunk allow-pass vlan 100
[PE1-GigabitEthernet1/0/1] quit
[PE1] interface gigabitethernet 1/0/2
[PE1-GigabitEthernet1/0/2] stp disable //Disable STP.
[PE1-GigabitEthernet1/0/2] port link-type trunk
[PE1-GigabitEthernet1/0/2] port trunk allow-pass vlan 100
[PE1-GigabitEthernet1/0/2] quit
[PE1] interface gigabitethernet 1/0/3
[PE1-GigabitEthernet1/0/3] stp disable //Disable STP.
[PE1-GigabitEthernet1/0/3] port link-type trunk
[PE1-GigabitEthernet1/0/3] port trunk allow-pass vlan 100
[PE1-GigabitEthernet1/0/3] quit

# On aggregation switch PE2, create VLAN 100 and add GE1/0/1, GE1/0/2, and GE1/0/3 to VLAN 100.

[PE2] vlan 100
[PE2-vlan100] quit
[PE2] interface gigabitethernet 1/0/1
[PE2-GigabitEthernet1/0/1] stp disable //Disable STP.
[PE2-GigabitEthernet1/0/1] port link-type trunk
[PE2-GigabitEthernet1/0/1] port trunk allow-pass vlan 100
[PE2-GigabitEthernet1/0/1] quit
[PE2] interface gigabitethernet 1/0/2
[PE2-GigabitEthernet1/0/2] stp disable //Disable STP.
[PE2-GigabitEthernet1/0/2] port link-type trunk
[PE2-GigabitEthernet1/0/2] port trunk allow-pass vlan 100
[PE2-GigabitEthernet1/0/2] quit
[PE2] interface gigabitethernet 1/0/3
[PE2-GigabitEthernet1/0/3] stp disable //Disable STP.
[PE2-GigabitEthernet1/0/3] port link-type trunk
[PE2-GigabitEthernet1/0/3] port trunk allow-pass vlan 100
[PE2-GigabitEthernet1/0/3] quit

# On aggregation switch PE3, create VLAN 100 and add GE1/0/1 and GE1/0/2 to VLAN 100.

[PE3] vlan 100
[PE3-vlan100] quit
[PE3] interface gigabitethernet 1/0/1
[PE3-GigabitEthernet1/0/1] stp disable //Disable STP.
[PE3-GigabitEthernet1/0/1] port link-type trunk
[PE3-GigabitEthernet1/0/1] port trunk allow-pass vlan 100
[PE3-GigabitEthernet1/0/1] quit
[PE3] interface gigabitethernet 1/0/2
[PE3-GigabitEthernet1/0/2] stp disable //Disable STP.
[PE3-GigabitEthernet1/0/2] port link-type trunk
[PE3-GigabitEthernet1/0/2] port trunk allow-pass vlan 100
[PE3-GigabitEthernet1/0/2] quit

# On aggregation switch PE4, create VLAN 100 and add GE1/0/1 and GE1/0/2 to VLAN 100.

[PE4] vlan 100
[PE4-vlan100] quit
[PE4] interface gigabitethernet 1/0/1
[PE4-GigabitEthernet1/0/1] stp disable //Disable STP.
[PE4-GigabitEthernet1/0/1] port link-type trunk
[PE4-GigabitEthernet1/0/1] port trunk allow-pass vlan 100
[PE4-GigabitEthernet1/0/1] quit
[PE4] interface gigabitethernet 1/0/2
[PE4-GigabitEthernet1/0/2] stp disable //Disable STP.
[PE4-GigabitEthernet1/0/2] port link-type trunk
[PE4-GigabitEthernet1/0/2] port trunk allow-pass vlan 100
[PE4-GigabitEthernet1/0/2] quit

Configure aggregation switch PE1 as the master node and aggregation switch PE2 to PE4 as the transit nodes on the major ring, and configure primary and secondary interfaces of the master node.

# Configure aggregation switch PE1.

[PE1] rrpp domain 1 //Enter the view of RRPP domain 1.
[PE1-rrpp-domain-region1] ring 1 node-mode master primary-port gigabitethernet 1/0/2 secondary-port gigabitethernet 1/0/3 level 0 //Configure the master node on RRPP primary ring 1 in RRPP domain 1, and configure GE1/0/2 as the primary interface and GE1/0/3 as the secondary interface.
[PE1-rrpp-domain-region1] ring 1 enable //Enable the RRPP ring.

# Configure aggregation switch PE2.

[PE2] rrpp domain 1 //Enter the view of RRPP domain 1.
[PE2-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet 1/0/2 secondary-port gigabitethernet 1/0/3 level 0 //Configure the transit node on RRPP primary ring 1 in RRPP domain 1, and configure GE1/0/2 as the primary interface and GE1/0/3 as the secondary interface.
[PE2-rrpp-domain-region1] ring 1 enable //Enable the RRPP ring.

# Configure aggregation switch PE3.

[PE3] rrpp domain 1 //Enter the view of RRPP domain 1.
[PE3-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet 1/0/1 secondary-port gigabitethernet 1/0/2 level 0 //Configure the transit node on RRPP primary ring 1 in RRPP domain 1, and configure GE1/0/1 as the primary interface and GE1/0/2 as the secondary interface.
[PE3-rrpp-domain-region1] ring 1 enable //Enable the RRPP ring.

# Configure aggregation switch PE4.

[PE4] rrpp domain 1 //Enter the view of RRPP domain 1.
[PE4-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet1/0/1 secondary-port gigabitethernet1/0/2 level 0 //Configure the transit node on RRPP primary ring 1 in RRPP domain 1, and configure GE1/0/1 as the primary interface and GE1/0/2 as the secondary interface.
[PE4-rrpp-domain-region1] ring 1 enable //Enable the RRPP ring.

Enable RRPP.

# Configure aggregation switch PE1.
```
[PE1] rrpp enable
```
# Configure aggregation switch PE2.
```
[PE2] rrpp enable
```
# Configure aggregation switch PE3.
```
[PE3] rrpp enable
```
# Configure aggregation switch PE4.
```
[PE4] rrpp enable
```

After the configuration is complete, run the display rrpp brief or display rrpp verbose domain command. Aggregation switch PE1 is used as an example.

[PE1] display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge

RRPP Protocol Status: Enable
RRPP Working Mode: HW
RRPP Linkup Delay Timer: 0 sec (0 sec default)
Number of RRPP Domains: 1

Domain Index   : 1
Control VLAN   : major 5    sub 6
Protected VLAN : Reference Instance 1
Hello Timer    : 1 sec(default is 1 sec)  Fail Timer : 6 sec(default is 6 sec)

 Ring  Ring   Node  Primary/Common           Secondary/Edge           Is
 ID    Level  Mode  Port                     Port                     Enabled
 ----------------------------------------------------------------------------
 1     0      M     GigabitEthernet1/0/2     GigabitEthernet1/0/3    Yes

According to the preceding information, RRPP is enabled on aggregation switch PE1. The major control VLAN is VLAN 5 and the sub-control VLAN is VLAN 6 in RRPP domain 1. VLANs mapping Instance1 are protected VLANs. Aggregation switch PE1 is the master node in ring 1. The primary interface is GE1/0/2 and the secondary interface is GE1/0/3.

[PE1] display rrpp verbose domain 1
Domain Index   : 1
Control VLAN   : major 5    sub 6
Protected VLAN : Reference Instance 1
Hello Timer    : 1 sec(default is 1 sec)  Fail Timer : 6 sec(default is 6 sec)
RRPP Ring      : 1
Ring Level     : 0
Node Mode      : Master
Ring State     : Complete
Is Enabled     : Enable                             Is Active: Yes
Primary port   : GigabitEthernet1/0/2               Port status: UP
Secondary port : GigabitEthernet1/0/3               Port status: BLOCKED

The major control VLAN is VLAN 5 and the sub-control VLAN is VLAN 6 in RRPP domain 1. VLANs mapping Instance1 are protected VLANs. Aggregation switch PE1 is the master node in Complete state. The primary interface is GE1/0/2 and the secondary interface is GE1/0/3.

Configure VLAN 100 to transmit VRRP packets and VLAN 200 to transmit BFD packets.

# Configure aggregation switch PE3.

[PE3] vlan batch 100 200
[PE3] interface gigabitethernet 1/0/2
[PE3-GigabitEthernet1/0/2] stp disable //Disable STP.
[PE3-GigabitEthernet1/0/2] port link-type trunk
[PE3-GigabitEthernet1/0/2] port trunk allow-pass vlan 100 200
[PE3-GigabitEthernet1/0/2] quit
[PE3] interface gigabitethernet 1/0/3
[PE3-GigabitEthernet1/0/3] stp disable //Disable STP.
[PE3-GigabitEthernet1/0/3] port link-type trunk
[PE3-GigabitEthernet1/0/3] port trunk allow-pass vlan 100 200
[PE3-GigabitEthernet1/0/3] quit

# Configure aggregation switch PE4.

[PE4] vlan batch 100 200
[PE4] interface gigabitethernet 1/0/2
[PE4-GigabitEthernet1/0/2] stp disable //Disable STP.
[PE4-GigabitEthernet1/0/2] port link-type trunk
[PE4-GigabitEthernet1/0/2] port trunk allow-pass vlan 100 200
[PE4-GigabitEthernet1/0/2] quit
[PE4] interface gigabitethernet 1/0/3
[PE4-GigabitEthernet1/0/3] stp disable //Disable STP.
[PE4-GigabitEthernet1/0/3] port link-type trunk
[PE4-GigabitEthernet1/0/3] port trunk allow-pass vlan 100 200
[PE4-GigabitEthernet1/0/3] quit

Configure a BFD session.

Configure IP addresses for interfaces.

# Configure an IP address for an interface on NPE1 and create a sub-interface for the interface.

<HUAWEI> system-view
[HUAWEI] sysname NPE1
[NPE1] vlan 100
[NPE1-vlan100] quit
[NPE1] interface gigabitethernet 1/0/1
[NPE1-GigabitEthernet1/0/1] undo shutdown
[NPE1-GigabitEthernet1/0/1] ip address 10.2.1.1 24
[NPE1-GigabitEthernet1/0/1] quit
[NPE1] interface gigabitethernet 1/0/1.1
[NPE1-GigabitEthernet1/0/1.1] undo shutdown
[NPE1-GigabitEthernet1/0/1.1] vlan-type dot1q 100
[NPE1-GigabitEthernet1/0/1.1] ip address 10.1.1.1 24
[NPE1-GigabitEthernet1/0/1.1] quit

# Configure an IP address for an interface on NPE2 and create a sub-interface for the interface.

<HUAWEI> system-view
[HUAWEI] sysname NPE2
[NPE2] vlan 100
[NPE2-vlan100] quit
[NPE2] interface gigabitethernet 1/0/1
[NPE2-GigabitEthernet1/0/1] undo shutdown
[NPE2-GigabitEthernet1/0/1] ip address 10.2.1.2 24
[NPE2-GigabitEthernet1/0/1] quit
[NPE2] interface gigabitethernet 1/0/1.1
[NPE2-GigabitEthernet1/0/1.1] undo shutdown
[NPE2-GigabitEthernet1/0/1.1] vlan-type dot1q 100
[NPE2-GigabitEthernet1/0/1.1] ip address 10.1.1.2 24
[NPE2-GigabitEthernet1/0/1.1] quit

Create a BFD session.

# Enable BFD on NPE1 and configure a BFD session between NPE1 and NPE2.

[NPE1] bfd
[NPE1-bfd] quit
[NPE1] bfd NPE2 bind peer-ip default-ip interface gigabitethernet 1/0/1 //Configure a static BFD session to monitor the link of the VRRP group.
[NPE1-bfd-session-npe2] discriminator local 1
[NPE1-bfd-session-npe2] discriminator remote 2
[NPE1-bfd-session-npe2] commit
[NPE1-bfd-session-npe2] quit

# Enable BFD on NPE2 and configure a BFD session between NPE1 and NPE2.

[NPE2] bfd
[NPE2-bfd] quit
[NPE2] bfd NPE1 bind peer-ip default-ip interface gigabitethernet 1/0/1 //Configure a static BFD session to monitor the link of the VRRP group.
[NPE2-bfd-session-npe1] discriminator local 2
[NPE2-bfd-session-npe1] discriminator remote 1
[NPE2-bfd-session-npe1] commit
[NPE2-bfd-session-npe1] quit

# After completing the configuration, run the display bfd session all on NPE1 and NPE2. The command output shows that the BFD session is set up between NPE1 and NPE2 and its status is Up.

Use the display on NPE1 as an example.

[NPE1] display bfd session all
--------------------------------------------------------------------------------
Local Remote PeerIpAddr      State     Type        InterfaceName
--------------------------------------------------------------------------------
1     2      224.0.0.184     Up        S_IP_IF     GigabitEthernet1/0/1
--------------------------------------------------------------------------------
     Total UP/DOWN Session Number : 1/0

Configure association between BFD status and sub-interface status.

# Configure NPE1.

[NPE1] bfd
[NPE1-bfd] quit
[NPE1] bfd NPE2
[NPE1-bfd-session-npe2] process-interface-status sub-if
[NPE1-bfd-session-npe2] commit
[NPE1-bfd-session-npe2] quit

# Configure NPE2.

[NPE2] bfd
[NPE2-bfd] quit
[NPE2] bfd NPE1
[NPE2-bfd-session-npe1] process-interface-status sub-if
[NPE2-bfd-session-npe1] commit
[NPE2-bfd-session-npe1] quit

After completing the preceding configurations, run the display bfd session all verbose command on NPE1 and NPE2. Check that the Proc interface status field displays Enable (Sub-If).

Use the display on NPE1 as an example.

[NPE1] display bfd session all verbose
--------------------------------------------------------------------------------
Session MIndex : 257       (One Hop) State : Up        Name : npe2
--------------------------------------------------------------------------------
  Local Discriminator    : 1                Remote Discriminator   : 2
  Session Detect Mode    : Asynchronous Mode Without Echo Function
  BFD Bind Type          : Interface(GigabitEthernet1/0/1)
  Bind Session Type      : Static
  Bind Peer IP Address   : 224.0.0.184
  NextHop Ip Address     : 224.0.0.184
  Bind Interface         : GigabitEthernet1/0/1
  FSM Board Id           : 0                TOS-EXP                : 7
  Min Tx Interval (ms)   : 1000             Min Rx Interval (ms)   : 1000
  Actual Tx Interval (ms): 1000             Actual Rx Interval (ms): 1000
  Local Detect Multi     : 3                Detect Interval (ms)   : 3000
  Echo Passive           : Disable          Acl Number             : -
  Destination Port       : 3784             TTL                    : 255
  Proc Interface Status  : Enable(Sub-If)   Process PST            : Disable
  WTR Interval (ms)      : -                Local Demand Mode      : Disable
  Active Multi           : 3
  Last Local Diagnostic  : No Diagnostic
  Bind Application       : IFNET
  Session TX TmrID       : 93               Session Detect TmrID   : 94
  Session Init TmrID     : -                Session WTR TmrID      : -
  Session Echo Tx TmrID  : -
  PDT Index              : FSM-0 | RCV-0 | IF-0 | TOKEN-0
  Session Description    : -
--------------------------------------------------------------------------------

     Total UP/DOWN Session Number : 1/0

Configure VRRP.

# Configure an IP address for an interface on NPE1, create VRRP group 1, and set the VRRP priority of NPE1 to 120 so that NPE1 can function as the master.

[NPE1] interface gigabitethernet 1/0/1.1
[NPE1-GigabitEthernet1/0/1.1] vrrp vrid 1 virtual-ip 10.1.1.10
[NPE1-GigabitEthernet1/0/1.1] vrrp vrid 1 priority 120 //The default priority of a device in a VRRP group is 100. Change the priority of the master to be higher than that of the backup.
[NPE1-GigabitEthernet1/0/1.1] vrrp vrid 1 preempt-mode timer delay 10 //A device in a VRRP group uses immediate preemption by default. Change the preemption delay of the master to prevent service interruptions on an unstable network where devices in the VRRP group preempt to be the master.

# Configure an IP address for an interface on NPE2, create VRRP group 1, and allow NPE2 to use the default value so that NPE1 can function as the backup.
```
[NPE2] interface gigabitethernet 1/0/1.1
[NPE2-GigabitEthernet1/0/1.1] vrrp vrid 1 virtual-ip 10.1.1.10
```

# On NPE1, bind the VRRP group and the BFD session.

[NPE1-GigabitEthernet1/0/1.1] vrrp vrid 1 track bfd-session 1 peer
[NPE1-GigabitEthernet1/0/1.1] quit

# On NPE2, bind the VRRP group and the BFD session.

[NPE2-GigabitEthernet1/0/1.1] vrrp vrid 1 track bfd-session 2 peer
[NPE2-GigabitEthernet1/0/1.1] quit

[NPE1] display vrrp
GigabitEthernet1/0/1.1 | Virtual Router 1
    State : Master
    Virtual IP : 10.1.1.10
    Master IP      : 10.1.1.1
    PriorityRun : 120
    PriorityConfig : 120
    MasterPriority : 120
    Preempt : YES   Delay Time : 10
    TimerRun : 1
    TimerConfig : 1
    Auth Type : NONE
    Virtual Mac :  0000-5e00-0101
    Check TTL : YES
    Config type : normal-vrrp
    Backup-forward : disabled
    Config track link-bfd down-number : 0
    Track BFD : 1  type: peer
    BFD-session state : UP
    Create time : 2013-12-29 22:46:32 UTC+07:00
    Last change time : 2013-12-29 22:46:35 UTC+07:00

[NPE2] display vrrp
GigabitEthernet1/0/1.1 | Virtual Router 1
    State : Backup
    Virtual IP : 10.1.1.10
    Master IP      : 10.1.1.2
    PriorityRun : 100
    PriorityConfig : 100
    MasterPriority : 120
    Preempt : YES   Delay Time : 0
    TimerRun : 1
    TimerConfig : 1
    Auth Type : NONE
    Virtual Mac :  0000-5e00-0101
    Check TTL : YES
    Config type : normal-vrrp
    Backup-forward : disabled
    Config track link-bfd down-number : 0
    Track BFD : 2  type: peer
    BFD-session state : UP
    Create time : 2013-12-29 22:46:32 UTC+07:00
    Last change time : 2013-12-29 22:46:35 UTC+07:00

Configure Layer 2 forwarding on the user-side switch CE, access switch LSW1 to LSW3, and aggregation switch PE1 to PE4.
The configuration details are not mentioned here. For details, see configuration files in this example.

Verify the configuration.

After the configuration is complete and the network topology becomes stable, perform the following operations to verify the configuration.

[LSW3] display sep interface gigabitethernet 1/0/2
SEP segment 1
----------------------------------------------------------------
Interface           Port Role     Neighbor Status     Port Status
----------------------------------------------------------------
GE1/0/2             common        up                  forwarding

Run the shutdown command on GE 1/0/1.1 on NPE1 to simulate an interface fault, and then run the display vrrp command on NPE2 to check whether the status of NPE2 changes from backup to master.

[NPE2] display vrrp
GigabitEthernet1/0/1.1 | Virtual Router 1
    State : Master
    Virtual IP : 10.1.1.10
    Master IP      : 10.1.1.2
    PriorityRun : 100
    PriorityConfig : 100
     MasterPriority : 100
    Preempt : YES   Delay Time : 0
    TimerRun : 1
    TimerConfig : 1
    Auth Type : NONE
    Virtual Mac :  0000-5e00-0101
    Check TTL : YES
    Config type : normal-vrrp
    Backup-forward : disabled
    Config track link-bfd down-number : 0
    Track BFD : 2  type: peer
    BFD-session state : DOWN  
    Create time : 2013-12-29 22:46:32 UTC+07:00
    Last change time : 2013-12-30 00:12:10 UTC+07:00

Configuration Files

LSW1 configuration file

#
sysname LSW1
#
vlan batch 10 100
#
sep segment 1
 control-vlan 10
 protected-instance 0 to 4094
#
interface GigabitEthernet1/0/1
 port link-type trunk
 port trunk allow-pass vlan 10 100
 stp disable
 sep segment 1
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk allow-pass vlan 10 100
 stp disable
 sep segment 1
#
return

LSW2 configuration file

#
sysname LSW2
#
vlan batch 10 100
#
sep segment 1
 control-vlan 10
 protected-instance 0 to 4094
#
interface GigabitEthernet1/0/1
 port link-type trunk
 port trunk allow-pass vlan 10 100
 stp disable
 sep segment 1
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk allow-pass vlan 10 100
 stp disable
 sep segment 1
#
return

LSW3 configuration file

#
sysname LSW3
#
vlan batch 10 100
#
sep segment 1
 control-vlan 10
 protected-instance 0 to 4094
#
interface GigabitEthernet1/0/1
 port link-type trunk
 port trunk allow-pass vlan 10 100
 stp disable
 sep segment 1
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk allow-pass vlan 10 100
 stp disable
 sep segment 1
#
interface GigabitEthernet1/0/3
 port link-type trunk
 port trunk allow-pass vlan 100
#
return

PE1 configuration file

#
sysname PE1
#
vlan batch 5 to 6 10 100
#
rrpp enable
#
stp region-configuration
 instance 1 vlan 5 to 6 100
 active region-configuration
#
rrpp domain 1
 control-vlan 5
 protected-vlan reference-instance 1
 ring 1 node-mode master primary-port GigabitEthernet 1/0/2 secondary-port GigabitEthernet 1/0/3 level 0
 ring 1 enable
#
sep segment 1
 control-vlan 10
 block port middle
 tc-notify rrpp
 protected-instance 0 to 4094
#
interface GigabitEthernet1/0/1
 port link-type trunk
 port trunk allow-pass vlan 10 100
 stp disable
 sep segment 1 edge primary
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk allow-pass vlan 5 to 6 100
 stp disable
#
interface GigabitEthernet1/0/3
 port link-type trunk
 port trunk allow-pass vlan 5 to 6 100
 stp disable
#
return

PE2 configuration file

#
sysname PE2
#
vlan batch 5 to 6 10 100
#
rrpp enable
#
stp region-configuration
 instance 1 vlan 5 to 6 100
 active region-configuration
#
rrpp domain 1
 control-vlan 5
 protected-vlan reference-instance 1
 ring 1 node-mode transit primary-port GigabitEthernet 1/0/2 secondary-port GigabitEthernet 1/0/3 level 0
 ring 1 enable
#
sep segment 1
 control-vlan 10
 tc-notify rrpp
 protected-instance 0 to 4094
#
interface GigabitEthernet1/0/1
 port link-type trunk
 port trunk allow-pass vlan 10 100
 stp disable
 sep segment 1 edge secondary
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk allow-pass vlan 5 to 6 100
 stp disable
#
interface GigabitEthernet1/0/3
 port link-type trunk
 port trunk allow-pass vlan 5 to 6 100
 stp disable
#
return

PE3 configuration file

#
sysname PE3
#
vlan batch 5 to 6 100 200
#
rrpp enable
#
stp region-configuration
 instance 1 vlan 5 to 6 100
 active region-configuration
#
rrpp domain 1
 control-vlan 5
 protected-vlan reference-instance 1
 ring 1 node-mode transit primary-port GigabitEthernet 1/0/1 secondary-port GigabitEthernet 1/0/2 level 0
 ring 1 enable
#
interface GigabitEthernet1/0/1
 port link-type trunk
 port trunk allow-pass vlan 100
 stp disable
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk allow-pass vlan 5 to 6 100 200
 stp disable
#
interface GigabitEthernet1/0/3
 port link-type trunk
 port trunk allow-pass 100 200
 stp disable
#
return

PE4 configuration file

#
sysname PE4
#
vlan batch 5 to 6 100 200
#
rrpp enable
#
stp region-configuration
 instance 1 vlan 5 to 6 100
 active region-configuration
#
rrpp domain 1
 control-vlan 5
 protected-vlan reference-instance 1
 ring 1 node-mode transit primary-port GigabitEthernet 1/0/1 secondary-port GigabitEthernet 1/0/2 level 0
 ring 1 enable
#
interface GigabitEthernet1/0/1
 port link-type trunk
 port trunk allow-pass vlan 100
 stp disable
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk allow-pass vlan 5 to 6 100 200
 stp disable
#
interface GigabitEthernet1/0/3
 port link-type trunk
 port trunk allow-pass 100 200
 stp disable
#
return

NPE1 configuration file

#
 sysname NPE1
#
 vlan batch 100
#
 bfd
#
interface GigabitEthernet1/0/1
 undo shutdown
 ip address 10.2.1.1 255.255.255.0
#
interface GigabitEthernet1/0/1.1
 vlan-type dot1q 100
 ip address 10.1.1.1 255.255.255.0
 vrrp vrid 1 virtual-ip 10.1.1.10
 vrrp vrid 1 priority 120
 vrrp vrid 1 preempt-mode timer delay 10
 vrrp vrid 1 track bfd-session 1 peer
#
bfd npe2 bind peer-ip default-ip interface GigabitEthernet1/0/1
 discriminator local 1
 discriminator remote 2
 process-interface-status sub-if
 commit
#
return

NPE2 configuration file

#
 sysname NPE2
#
 vlan batch 100
#
 bfd
#
interface GigabitEthernet1/0/1
 undo shutdown
 ip address 10.2.1.2 255.255.255.0
#
interface GigabitEthernet1/0/1.1
 vlan-type dot1q 100
 ip address 10.1.1.2 255.255.255.0
 vrrp vrid 1 virtual-ip 10.1.1.10
 vrrp vrid 1 track bfd-session 2 peer
#
bfd npe1 bind peer-ip default-ip interface GigabitEthernet1/0/1
 discriminator local 2
 discriminator remote 1
 process-interface-status sub-if
 commit
#
return

CE configuration file

#
sysname CE1
#
vlan batch 100
#
interface GigabitEthernet1/0/1
 port link-type trunk
 port trunk allow-pass vlan 100
#
return

Example for Configuring VBST

Overview

VLAN-based Spanning Tree (VBST) constructs a spanning tree in each VLAN so that traffic from different VLANs can be forwarded through different spanning trees. VBST is a Huawei proprietary that is equivalent to the Spanning Tree Protocol (STP) or Rapid Spanning Tree Protocol (RSTP) running in each VLAN. Spanning trees in different VLANs are independent of each other.

Currently, the three standard spanning tree protocols are STP, RSTP, and Multiple Spanning Tree Protocol (MSTP). STP and RSTP cannot implement VLAN-based load balancing, because all the VLANs on a LAN share a spanning tree and packets in all VLANs are forwarded along this spanning tree. In addition, the blocked link does not carry any traffic, which wastes bandwidth and may prevent some VLANs from forwarding packets. MSTP is generally preferred because it is compatible with STP and RSTP, ensures fast convergence, and provides multiple paths to load balance traffic.

On enterprise networks, enterprise users need functions that are easy to use and maintain, whereas the configuration of MSTP multi-instance and multi-process is complex and requires in-depth knowledge.

To address this issue, Huawei developed VBST. VBST constructs a spanning tree in each VLAN so that traffic from different VLANs is load balanced along different spanning trees. In addition, VBST is easy to configure and maintain.

Configuration Notes

This example applies to all models of V200R005C00 and later versions.

When configuring VBST on the switch, pay attention to the following points:

When HVRP is enabled on a modular switch, do not change the STP mode to VBST.
When VBST is enabled on a ring network, VBST immediately starts spanning tree calculation. Parameters such as the device priority and port priority affect spanning tree calculation, and changes of these parameters may cause network flapping. To ensure fast and stable spanning tree calculation, perform basic configurations on the switch and interfaces before enabling VBST.
If the protected instance has been configured in a SEP segment or ERPS ring but the mapping between protected instances and VLANs is not configured, VBST cannot be enabled.
VBST cannot be enabled in the ignored VLAN or control VLAN used by ERPS, RRPP, SEP, or Smart Link.
If 1:N (N>1) mapping between MSTIs and VLANs has been configured on the switch, you must delete the mapping before changing the STP working mode to VBST.
If stp vpls-subinterface enable has been configured on the switch, you must run the undo stp vpls-subinterface enable command on the interface before changing the STP working mode to VBST.
If the device has been configured as the root bridge or secondary root bridge, run the undo stp vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> root command to disable the root bridge or secondary root bridge function and run the stp vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> priority priority command to change the device priority.
When the number of MSTIs that are dynamically specified exceeds the number of protected VLANs, STP is disabled in a created VLAN in the configuration file, for example, stp vlan 100 disable.
To prevent frequent network flapping, ensure that the values of Hello time, Forward Delay, and Max Age conform to the following formulas:
- 2 x (Forward Delay - 1.0 second) >= Max Age
- Max Age >= 2 x (Hello Time + 1.0 second)
It is recommended that fast convergence in normal mode be used. If the fast mode is used, frequently deleting ARP entries may result in 100% CPU usage of the MPU and LPU. As a result, packet processing expires and network flapping occurs.
After all ports are configured as edge ports and BPDU filter ports in the system view, none of ports on the switch send BPDUs or negotiate the VBST status with directly connected ports on the peer device. All ports are in forwarding state. This may cause loops on the network, leading to broadcast storms. Exercise caution when you configure a port as an edge port and BPDU filter port.
After a port is configured as an edge port and BPDU filter port in the interface view, the port does not process or send BPDUs. The port cannot negotiate the VBST status with the directly connected port on the peer device. Exercise caution when you configure a port as an edge port and BPDU filter port.
Root protection takes effect only on designated ports.
An alternate port is the backup of the root port. If a switch has an alternate port, configure loop protection on both the root port and alternate port.

Networking Requirements

In Figure 3-103, SwitchC and SwitchD (access switches) are dual-homed to SwitchA and SwitchB (aggregation switches). SwitchC transmits traffic from VLAN 10 and VLAN 20, and SwitchD transmits traffic from VLAN 20 and VLAN 30. A ring network is formed between the access layer and aggregation layer. The enterprise requires that service traffic in each VLAN be correctly forwarded and service traffic from different VLANs be load balanced to improve link use efficiency.

Figure 3-103 VBST networking

Configuration Roadmap

VBST can be used to eliminate loops between the access layer and aggregation layer and ensures that service traffic in each VLAN is correctly forwarded. In addition, traffic from different VLANs can be load balanced. The configuration roadmap is as follows:

Configure Layer 2 forwarding on access and aggregation switches.
Configure basic VBST functions on SwitchA, SwitchB, SwitchC, and SwitchD. Perform the following operations so that a spanning tree shown in Figure 3-103 is formed through calculation:
- Configure SwitchA and SwitchB as the root bridge and secondary root bridge of VLAN 10 respectively, configure SwitchA and SwitchB as the root bridge and secondary root bridge of VLAN 20 respectively, and configure SwitchB and SwitchA as the root bridge and secondary root bridge of VLAN 30 respectively.
- Set a larger path cost for GE1/0/2 on SwitchC in VLAN 10 and VLAN 20 so that GE1/0/2 is blocked in spanning trees of VLAN 10 and VLAN 20. Set a larger path cost for GE1/0/2 on SwitchD in VLAN 20 and VLAN 30 so that GE1/0/2 is blocked in the spanning tree of VLAN 20 and VLAN 30.
Configure ports on SwitchC and SwitchD connected to terminals as edge ports to reduce VBST topology calculation and improve topology convergence.

Procedure

Configure Layer 2 forwarding on switches of the ring network.

Create VLAN 10, VLAN 20, and VLAN 30 on SwitchA, SwitchB, SwitchC, and SwitchD.

# Create VLAN 10, VLAN 20, and VLAN 30 on aggregation switch SwitchA.

<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 10 20 30

# Create VLAN 10, VLAN 20, and VLAN 30 on aggregation switch SwitchB.

<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] vlan batch 10 20 30

# Create VLAN 10 and VLAN 20 on access switch SwitchC.

<HUAWEI> system-view
[HUAWEI] sysname SwitchC
[SwitchC] vlan batch 10 20

# Create VLAN 20 and VLAN 30 on access switch SwitchD.

<HUAWEI> system-view
[HUAWEI] sysname SwitchD
[SwitchD] vlan batch 20 30

Add ports connected to the ring to VLANs.

# Add GE1/0/1 on SwitchA to VLAN 10, VLAN 20, and VLAN 30.

[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] port link-type trunk
[SwitchA-GigabitEthernet1/0/1] port trunk allow-pass vlan 10 20 30
[SwitchA-GigabitEthernet1/0/1] quit

# Add GE1/0/2 on SwitchA to VLAN 20 and VLAN 30.

[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] port link-type trunk
[SwitchA-GigabitEthernet1/0/2] port trunk allow-pass vlan 20 30
[SwitchA-GigabitEthernet1/0/2] quit

# Add GE1/0/3 on SwitchA to VLAN 10 and VLAN 20.

[SwitchA] interface gigabitethernet 1/0/3
[SwitchA-GigabitEthernet1/0/3] port link-type trunk
[SwitchA-GigabitEthernet1/0/3] port trunk allow-pass vlan 10 20
[SwitchA-GigabitEthernet1/0/3] quit

# Add GE1/0/1 on SwitchB to VLAN 10, VLAN 20, and VLAN 30.

[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] port link-type trunk
[SwitchB-GigabitEthernet1/0/1] port trunk allow-pass vlan 10 20 30
[SwitchB-GigabitEthernet1/0/1] quit

# Add GE1/0/2 on SwitchB to VLAN 10 and VLAN 20.

[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] port link-type trunk
[SwitchB-GigabitEthernet1/0/2] port trunk allow-pass vlan 10 20
[SwitchB-GigabitEthernet1/0/2] quit

# Add GE1/0/3 on SwitchB to VLAN 20 and VLAN 30.

[SwitchB] interface gigabitethernet 1/0/3
[SwitchB-GigabitEthernet1/0/3] port link-type trunk
[SwitchB-GigabitEthernet1/0/3] port trunk allow-pass vlan 20 30
[SwitchB-GigabitEthernet1/0/3] quit

# Add GE1/0/2 on SwitchC to VLAN 10 and VLAN 20.

[SwitchC] interface gigabitethernet 1/0/2
[SwitchC-GigabitEthernet1/0/2] port link-type trunk
[SwitchC-GigabitEthernet1/0/2] port trunk allow-pass vlan 10 20
[SwitchC-GigabitEthernet1/0/2] quit

# Add GE1/0/3 on SwitchC to VLAN 10 and VLAN 20.

[SwitchC] interface gigabitethernet 1/0/3
[SwitchC-GigabitEthernet1/0/3] port link-type trunk
[SwitchC-GigabitEthernet1/0/3] port trunk allow-pass vlan 10 20
[SwitchC-GigabitEthernet1/0/3] quit

# Add GE1/0/4 on SwitchC to VLAN 10 and GE1/0/5 to VLAN 20.

[SwitchC] interface gigabitethernet 1/0/4
[SwitchC-GigabitEthernet1/0/4] port link-type access
[SwitchC-GigabitEthernet1/0/4] port default vlan 10
[SwitchC-GigabitEthernet1/0/4] quit
[SwitchC] interface gigabitethernet 1/0/5
[SwitchC-GigabitEthernet1/0/5] port link-type access
[SwitchC-GigabitEthernet1/0/5] port default vlan 20
[SwitchC-GigabitEthernet1/0/5] quit

# Add GE1/0/2 on SwitchD to VLAN 20 and VLAN 30.

[SwitchD] interface gigabitethernet 1/0/2
[SwitchD-GigabitEthernet1/0/2] port link-type trunk
[SwitchD-GigabitEthernet1/0/2] port trunk allow-pass vlan 20 30
[SwitchD-GigabitEthernet1/0/2] quit

# Add GE1/0/3 on SwitchD to VLAN 20 and VLAN 30.

[SwitchD] interface gigabitethernet 1/0/3
[SwitchD-GigabitEthernet1/0/3] port link-type trunk
[SwitchD-GigabitEthernet1/0/3] port trunk allow-pass vlan 20 30
[SwitchD-GigabitEthernet1/0/3] quit

# Add GE1/0/4 on SwitchD to VLAN 20 and GE1/0/5 to VLAN 30.

[SwitchD] interface gigabitethernet 1/0/4
[SwitchD-GigabitEthernet1/0/4] port link-type access
[SwitchD-GigabitEthernet1/0/4] port default vlan 20
[SwitchD-GigabitEthernet1/0/4] quit
[SwitchD] interface gigabitethernet 1/0/5
[SwitchD-GigabitEthernet1/0/5] port link-type access
[SwitchD-GigabitEthernet1/0/5] port default vlan 30
[SwitchD-GigabitEthernet1/0/5] quit

Configure basic VBST functions.
1. Configure switches on the ring network to work in VBST mode.
  
  # Configure SwitchA to work in VBST mode.
```
[SwitchA] stp mode vbst
```
  # Configure SwitchB to work in VBST mode.
```
[SwitchB] stp mode vbst
```
  # Configure SwitchC to work in VBST mode.
```
[SwitchC] stp mode vbst
```
  # Configure SwitchD to work in VBST mode.
```
[SwitchD] stp mode vbst
```
2. Configure the root bridge and secondary root bridge.
  - Configure the root bridge and secondary root bridge in VLAN 10.
    
    # Configure SwitchA as the root bridge in VLAN 10.
```
[SwitchA] stp vlan 10 root primary
```
    # Configure SwitchB as the secondary root bridge in VLAN 10.
```
[SwitchB] stp vlan 10 root secondary
```
  - Configure the root bridge and secondary root bridge in VLAN 20.
    
    # Configure SwitchA as the root bridge in VLAN 20.
```
[SwitchA] stp vlan 20 root primary
```
    # Configure SwitchB as the secondary root bridge in VLAN 20.
```
[SwitchB] stp vlan 20 root secondary
```
  - Configure the root bridge and secondary root bridge in VLAN 30.
    
    # Configure SwitchB as the root bridge in VLAN 30.
```
[SwitchB] stp vlan 30 root primary
```
    # Configure SwitchA as the secondary root bridge in VLAN 30.
```
[SwitchA] stp vlan 30 root secondary
```
3. Configure the path cost for a port in each VLAN so that the port can be blocked.
  - The path cost range depends on the algorithm. IEEE 802.1t standard is used as an example. Set the path costs of the ports to be blocked to 2000000.
  - All switches on the same network must use the same path cost calculation method.
  # Set the path cost of GE1/0/2 on SwitchC to 2000000 in VLAN 10 and VLAN 20.
```
[SwitchC] interface gigabitethernet 1/0/2
[SwitchC-GigabitEthernet1/0/2] stp vlan 10 cost 2000000
[SwitchC-GigabitEthernet1/0/2] stp vlan 20 cost 2000000
[SwitchC-GigabitEthernet1/0/2] quit
```
  # Set the path cost of GE1/0/2 on SwitchD to 2000000 in VLAN 20 and VLAN 30.
```
[SwitchD] interface gigabitethernet 1/0/2
[SwitchD-GigabitEthernet1/0/2] stp vlan 20 cost 2000000
[SwitchD-GigabitEthernet1/0/2] stp vlan 30 cost 2000000
[SwitchD-GigabitEthernet1/0/2] quit
```
4. Enable VBST to eliminate loops.
  - Disable VBST in VLAN 1 on all devices.
    
    By default, all ports join VLAN 1 and VBST is enabled in VLAN 1. To reduce spanning tree calculation, disable VBST in VLAN 1. To prevent loops in VLAN 1 after VBST is disabled, delete ports from VLAN 1.
    
    # Disable VBST in VLAN 1 on SwitchA.
```
[SwitchA] stp vlan 1 disable
```
    # Disable VBST in VLAN 1 on SwitchB.
```
[SwitchB] stp vlan 1 disable
```
    # Disable VBST in VLAN 1 on SwitchC.
```
[SwitchC] stp vlan 1 disable
```
    # Disable VBST in VLAN 1 on SwitchD.
```
[SwitchD] stp vlan 1 disable
```
    # Delete GE1/0/1, GE1/0/2, and GE1/0/3 on SwitchA from VLAN 1.
```
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] undo port trunk allow-pass vlan 1
[SwitchA-GigabitEthernet1/0/1] quit
[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] undo port trunk allow-pass vlan 1
[SwitchA-GigabitEthernet1/0/2] quit
[SwitchA] interface gigabitethernet 1/0/3
[SwitchA-GigabitEthernet1/0/3] undo port trunk allow-pass vlan 1
[SwitchA-GigabitEthernet1/0/3] quit
```
    # Delete GE1/0/1, GE1/0/2, and GE1/0/3 on SwitchB from VLAN 1.
```
[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] undo port trunk allow-pass vlan 1
[SwitchB-GigabitEthernet1/0/1] quit
[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] undo port trunk allow-pass vlan 1
[SwitchB-GigabitEthernet1/0/2] quit
[SwitchB] interface gigabitethernet 1/0/3
[SwitchB-GigabitEthernet1/0/3] undo port trunk allow-pass vlan 1
[SwitchB-GigabitEthernet1/0/3] quit
```
    # Delete GE1/0/2, and GE1/0/3 on SwitchB from VLAN 1.
```
[SwitchC] interface gigabitethernet 1/0/2
[SwitchC-GigabitEthernet1/0/2] undo port trunk allow-pass vlan 1
[SwitchC-GigabitEthernet1/0/2] quit
[SwitchC] interface gigabitethernet 1/0/3
[SwitchC-GigabitEthernet1/0/3] undo port trunk allow-pass vlan 1
[SwitchC-GigabitEthernet1/0/3] quit
```
    # Delete GE1/0/2, and GE1/0/3 on SwitchD from VLAN 1.
```
[SwitchD] interface gigabitethernet 1/0/2
[SwitchD-GigabitEthernet1/0/2] undo port trunk allow-pass vlan 1
[SwitchD-GigabitEthernet1/0/2] quit
[SwitchD] interface gigabitethernet 1/0/3
[SwitchD-GigabitEthernet1/0/3] undo port trunk allow-pass vlan 1
[SwitchD-GigabitEthernet1/0/3] quit
```
  - Enable VBST globally.
    
    # Enable VBST on SwitchA globally.
```
[SwitchA] stp enable
```
    # Enable VBST on SwitchB globally.
```
[SwitchB] stp enable
```
    # Enable VBST on SwitchC globally.
```
[SwitchC] stp enable
```
    # Enable VBST on SwitchD globally.
```
[SwitchD] stp enable
```
  - Enable VBST globally.
    
    By default, VBST is enabled globally.
    
    Run the display stp global command to check the VBST status. If VBST is disabled, run the stp enable command in the system view to enable VBST globally.
  - Enable VBST in a VLAN.
    
    By default, VBST is enabled in a VLAN.
    
    Run the display stp vlan vlan-id command to check the VBST status. If the message "The protocol is disabled" is displayed, VBST is disabled in the VLAN. Run the stp vlan vlan-id enable command in the system view to enable VBST in the VLAN.
  - Enable VBST on a port.
    
    By default, VBST is enabled on a Layer 2 Ethernet interface.
    
    Run the display stp interface interface-type interface-number command to check the VBST status on a port. If the message "The protocol is disabled" is displayed, VBST is disabled on the port. Run the stp enable command in the interface view to enable VBST on the port.

Configure ports connected to terminals as edge ports to improve topology convergence.

# On SwitchC and SwitchD, configure GE1/0/4 and GE1/0/5 connected to terminals as edge ports.

[SwitchC] interface gigabitethernet 1/0/4
[SwitchC-GigabitEthernet1/0/4] stp edged-port enable
[SwitchC-GigabitEthernet1/0/4] quit
[SwitchC] interface gigabitethernet 1/0/5
[SwitchC-GigabitEthernet1/0/5] stp edged-port enable
[SwitchC-GigabitEthernet1/0/5] quit

[SwitchD] interface gigabitethernet 1/0/4
[SwitchD-GigabitEthernet1/0/4] stp edged-port enable
[SwitchD-GigabitEthernet1/0/4] quit
[SwitchD] interface gigabitethernet 1/0/5
[SwitchD-GigabitEthernet1/0/5] stp edged-port enable
[SwitchD-GigabitEthernet1/0/5] quit

Verify the configuration.

After the configuration is complete and the network topology becomes stable, perform the following operations to verify the configuration.

# Run the display stp bridge local command on SwitchA to check the STP working mode.

[SwitchA] display stp bridge local
VLAN-ID          Bridge ID Hello Max Forward Protocol
                            Time Age   Delay
----- -------------------- ----- --- ------- ---------------------------
   10    10.0200-0000-6703     2  20      15 VBST
   20    20.0200-0000-6703     2  20      15 VBST
   30  4126.0200-0000-6703     2  20      15 VBST

The preceding information shows that the VBST mode is used.

# Run the display stp brief command on SwitchA to check the port status.

[SwitchA] display stp brief
 VLAN-ID   Port                        Role  STP State     Protection
      10   GigabitEthernet1/0/1        DESI  FORWARDING    NONE
      10   GigabitEthernet1/0/3        DESI  FORWARDING    NONE
      20   GigabitEthernet1/0/1        DESI  FORWARDING    NONE
      20   GigabitEthernet1/0/2        DESI  FORWARDING    NONE
      20   GigabitEthernet1/0/3        DESI  FORWARDING    NONE
      30   GigabitEthernet1/0/1        ROOT  FORWARDING    NONE
      30   GigabitEthernet1/0/2        DESI  FORWARDING    NONE

The preceding information shows that SwitchA participates in spanning tree calculation in VLAN 10, VLAN 20, and VLAN 30. For example, SwitchA is the root bridge in VLAN 10 and VLAN 20, so GE1/0/1 and GE1/0/3 in VLAN 10 are selected as designated ports. GE1/0/1, GE1/0/2, and GE1/0/3 in VLAN 20 are selected as designated ports. SwitchA is the secondary root bridge in VLAN 30, so GE1/0/1 is selected as the root port and GE1/0/2 is selected as the designated port in VLAN 30.

# Run the display stp vlan 10 command on SwitchA to check detailed information about VLAN 10.

[SwitchA] display stp vlan 10
-------[VLAN 10 Global Info]-------                                             
Bridge ID           :10    .0200-0000-6703  
Bridge Diameter     :7                                     
Config Times        :Hello 2s MaxAge 20s FwDly 15s                              
Active Times        :Hello 2s MaxAge 20s FwDly 15s                              
Root ID / RPC       :10    .0200-0000-6703 / 0 (This bridge is the root)         
RootPortId          :0.0                                                        
Root Type           :Primary 
BPDU-Protection     :Disabled
STP Converge Mode   :Normal
Time since last TC  :0 days 0h:10m:46s
Number of TC        :1 
 ----[Port4093(GigabitEthernet1/0/1)][FORWARDING]----                           
 Port Role             :Designated Port                                            
 Port Priority         :128                                                        
 Port Cost(Dot1T)      :Config=Auto / Active=20000                                  
 Desg. Bridge/Port     :10    .0200-0000-6703 / 128.4093                            
 Port Edged            :Config=Default / Active=Disabled                           
 Point-to-point        :Config=Auto / Active=true 
 Port Revert Slow      :Disabled
 Port Agreement Legacy :Disabled
 Transit Limit         :6 packets/hello                                            
 Protection Type       :None 
 Port STP Mode         :VBST  
 BPDU Encapsulation    :Config=VBST / Active=VBST
 ----[Port4092(GigabitEthernet1/0/3)][FORWARDING]----                          
 Port Role             :Designated Port                                          
 Port Priority         :128                                                        
 Port Cost(Dot1T)      :Config=Auto / Active=199999                                 
 Desg. Bridge/Port     :10    .0200-0000-6703 / 128.4092                            
 Port Edged            :Config=Default / Active=Disabled                           
 Point-to-point        :Config=Auto / Active=true    
 Port Revert Slow      :Disabled
 Port Agreement Legacy :Disabled
 Transit Limit         :6 packets/hello                                            
 Protection Type       :None 
 Port STP Mode         :VBST  
 BPDU Encapsulation    :Config=VBST / Active=VBST

The preceding information shows that SwitchA is selected as the root bridge in VLAN 10 and GE1/0/1 and GE1/0/3 are selected as designated ports in FORWARDING state.

# Run the display stp brief command on SwitchB, SwitchC, and SwitchD to check the port status.

[SwitchB] display stp brief
 VLAN-ID   Port                        Role  STP State     Protection
      10   GigabitEthernet1/0/1        ROOT  FORWARDING    NONE
      10   GigabitEthernet1/0/2        DESI  FORWARDING    NONE
      20   GigabitEthernet1/0/1        ROOT  FORWARDING    NONE
      20   GigabitEthernet1/0/2        DESI  FORWARDING    NONE
      20   GigabitEthernet1/0/3        DESI  FORWARDING    NONE
      30   GigabitEthernet1/0/1        DESI  FORWARDING    NONE
      30   GigabitEthernet1/0/3        DESI  FORWARDING    NONE

[SwitchC] display stp brief
 VLAN-ID   Port                        Role  STP State     Protection
      10   GigabitEthernet1/0/2        ALTE  DISCARDING    NONE
      10   GigabitEthernet1/0/3        ROOT  FORWARDING    NONE
      10   GigabitEthernet1/0/4        DESI  FORWARDING    NONE
      20   GigabitEthernet1/0/2        ALTE  DISCARDING    NONE
      20   GigabitEthernet1/0/3        ROOT  FORWARDING    NONE
      20   GigabitEthernet1/0/5        DESI  FORWARDING    NONE

[SwitchD] display stp brief
 VLAN-ID   Port                        Role  STP State     Protection
      20   GigabitEthernet1/0/2        ALTE  DISCARDING    NONE
      20   GigabitEthernet1/0/3        ROOT  FORWARDING    NONE
      20   GigabitEthernet1/0/4        DESI  FORWARDING    NONE
      30   GigabitEthernet1/0/2        ALTE  DISCARDING    NONE
      30   GigabitEthernet1/0/3        ROOT  FORWARDING    NONE
      30   GigabitEthernet1/0/5        DESI  FORWARDING    NONE

The preceding information shows that SwitchB participates in spanning tree calculation in VLAN 10, VLAN 20, and VLAN 30, SwitchC participates in spanning tree calculation in VLAN 10 and VLAN 20, and SwitchD participates in spanning tree calculation in VLAN 20 and VLAN 30. After the calculation is complete, ports are selected as different roles to eliminate loops.

Different spanning trees are formed in VLAN 10, VLAN 20, and VLAN 30, and traffic in VLAN 10, VLAN 20, and VLAN 30 is forwarded along different spanning trees to implement load balancing.

Configuration Files

SwitchA configuration file

#
sysname SwitchA
#
vlan batch 10 20 30
#
stp mode vbst
#
stp vlan 1 disable
stp vlan 30 root secondary
stp vlan 10 20 root primary
#
interface GigabitEthernet1/0/1
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 10 20 30
#
interface GigabitEthernet1/0/2
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 20 30
#
interface GigabitEthernet1/0/3
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 10 20
#
return

SwitchB configuration file

#
sysname SwitchB
#
vlan batch 10 20 30
#
stp mode vbst
#
stp vlan 1 disable
stp vlan 10 20 root secondary
stp vlan 30 root primary
#
interface GigabitEthernet1/0/1
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 10 20 30
#
interface GigabitEthernet1/0/2
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 10 20
#
interface GigabitEthernet1/0/3
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 20 30
#
return

SwitchC configuration file

#
sysname SwitchC
#
vlan batch 10 20
#
stp mode vbst
#
stp vlan 1 disable
#
interface GigabitEthernet1/0/2
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 10 20
 stp vlan 10 20 cost 2000000
#
interface GigabitEthernet1/0/3
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 10 20
#
interface GigabitEthernet1/0/4
 port link-type access
 port default vlan 10
 stp edged-port enable
#
interface GigabitEthernet1/0/5
 port link-type access
 port default vlan 20
 stp edged-port enable
#
return

SwitchD configuration file

#
sysname SwitchD
#
vlan batch 20 30
#
stp mode vbst
#
stp vlan 1 disable
#
interface GigabitEthernet1/0/2
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 20 30
 stp vlan 20 30 cost 2000000
#
interface GigabitEthernet1/0/3
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 20 30
#
interface GigabitEthernet1/0/4
 port link-type access
 port default vlan 20
 stp edged-port enable
#
interface GigabitEthernet1/0/5
 port link-type access
 port default vlan 30
 stp edged-port enable
#
return

Example for Configuring STP
Example for Configuring RSTP
Example for Configuring MSTP
Example for Configuring MSTP and VRRP
Example for Configuring a Single RRPP Ring with a Single Instance
Example for Configuring Tangent RRPP Rings
Example for Configuring RRPP Snooping on a VPLS Network
Example for Configuring SEP and MSTP on a Network
Example for Configuring SEP and RRPP on a Network
Example for Configuring VBST

Translation

Español 日本語 Русский 简体中文

Download

Updated: 2023-07-29

Document ID: EDOC1000069520

Downloads: 41239

Average rating:

This Document Applies to these Products

Related Version

Digital Signature File

Digital Signature Authentication Mode

Enterprise

Huawei Cloud

Carrier

Consumer

Corporate

Example for Configuring STP

Overview

Configuration Notes

Networking Requirements

Configuration Roadmap

Procedure

Configuration Files

Related Content

Example for Configuring RSTP

Overview

Configuration Notes

Networking Requirements

Configuration Roadmap

Procedure

Configuration Files

Related Content

Example for Configuring MSTP

Overview

Configuration Notes

Networking Requirements

Configuration Roadmap

Procedure

Configuration Files

Related Content

Example for Configuring MSTP and VRRP

Overview

Configuration Notes

Networking Requirements

Configuration Roadmap

Procedure

Configuration Files

Example for Configuring a Single RRPP Ring with a Single Instance

Overview

Configuration Notes

Networking Requirements

Configuration Roadmap

Procedure

Configuration Files

Relevant Information

Example for Configuring Tangent RRPP Rings

Overview

Configuration Notes

Networking Requirements

Configuration Roadmap

Procedure

Configuration Files

Relevant Information

Example for Configuring RRPP Snooping on a VPLS Network

Overview

Configuration Notes

Relevant Information

Networking Requirements

Configuration Roadmap

Procedure

Configuration Files

Example for Configuring SEP and MSTP on a Network

Overview

Configuration Notes

Networking Requirements

Configuration Roadmap

Procedure

Configuration Files

Related Content

Example for Configuring SEP and RRPP on a Network

Overview

Configuration Notes

Networking Requirements

Configuration Roadmap

Procedure

Configuration Files

Example for Configuring VBST

Overview

Configuration Notes

Networking Requirements