Configuration Restrictions And Guidelines; Configuration Procedure; Digest Snooping Configuration Example - HPE FlexFabric 5940 Series Configuration Manual

A spanning tree device identifies devices in the same MST region by determining the configuration
ID in BPDUs. The configuration ID includes the region name, revision level, and configuration digest.
It is 16-byte long and is the result calculated through the HMAC-MD5 algorithm based on
VLAN-to-instance mappings.
Because spanning tree implementations vary by vendor, the configuration digests calculated through
private keys are different. The devices of different vendors in the same MST region cannot
communicate with each other.
To enable communication between an HPE device and a third-party device in the same MST region,
enable Digest Snooping on the HPE device port connecting them.

Configuration restrictions and guidelines

When you configure Digest Snooping, follow these restrictions and guidelines:
•
Before you enable Digest Snooping, make sure associated devices of different vendors are
connected and run spanning tree protocols.
•
With Digest Snooping enabled, in-the-same-region verification does not require comparison of
configuration digest. The VLAN-to-instance mappings must be the same on associated ports.
•
To make Digest Snooping take effect, you must enable Digest Snooping both globally and on
associated ports. As a best practice, enable Digest Snooping on all associated ports first and
then enable it globally. This will make the configuration take effect on all configured ports and
reduce impact on the network.
•
To prevent loops, do not enable Digest Snooping on MST region edge ports.
•
As a best practice, enable Digest Snooping first and then enable the spanning tree feature. To
avoid traffic interruption, do not configure Digest Snooping when the network is already working
well.

Configuration procedure

Use this feature on when your HPE device is connected to a third-party device that uses its private
key to calculate the configuration digest.
To configure Digest Snooping:
Step
Enter system view.
1.
Enter Layer 2 Ethernet
2.
interface or Layer 2
aggregate interface view.
Enable Digest Snooping on
3.
the interface.
Return to system view.
4.
Enable Digest Snooping
5.
globally.

Digest Snooping configuration example

Network requirements
As shown in
these devices are in the same region.
Figure 37, Device A and Device B connect to Device C, which is a third-party device. All
Command
system-view
interface interface-type
interface-number
stp config-digest-snooping
quit
stp global
config-digest-snooping
121
Remarks
N/A
N/A
By default, Digest Snooping is
disabled on ports.
N/A
By default, Digest Snooping is
disabled globally.