01-09 STP RSTP Configuration

CloudEngine 8800, 7800, 6800, and 5800 Series
Switches
Configuration Guide - Ethernet Switching 9 STP/RSTP Configuration
9 STP/RSTP Configuration
This chapter describes the concepts and configuration procedures for the Spanning
Tree Protocol (STP) and Rapid Spanning Tree Protocol (RSTP), and provides
configuration examples.
9.1 Overview of STP/RSTP

9.2 Understanding STP/RSTP
9.3 Application Scenarios for STP/RSTP
9.4 Summary of STP/RSTP Configuration Tasks
9.5 Licensing Requirements and Limitations for STP/RSTP
9.6 Default Settings for STP/RSTP
9.7 Configuring STP/RSTP
9.8 Configuring STP Parameters That Affect the STP Convergence Speed
9.9 Setting RSTP Parameters That Affect RSTP Convergence
9.10 Configuring RSTP Protection Functions
9.11 Configuring Interoperability Between Huawei and Non-Huawei Devices
9.12 Maintaining STP/RSTP
9.13 Configuration Examples for STP/RSTP
9.1 Overview of STP/RSTP
Definition
Generally, redundant links are used on an Ethernet switching network to provide
link backup and enhance network reliability. The use of redundant links, however,
may produce loops, causing broadcast storms and making the MAC address table
unstable. As a result, network communication may encounter quality deterioration
or even interruption. STP solves this problem. STP refers to Spanning Tree Protocol
Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 449

Switches
defined in IEEE 802.1D, which develops into Rapid Spanning Tree Protocol (RSTP)
in IEEE 802.1w and then Multiple Spanning Tree Protocol (MSTP) in IEEE 802.1S.
MSTP is compatible with RSTP and STP, and RSTP is compatible with STP. Figure
9-2 compares the STP, RSTP, and MSTP protocols.
Table 9-1 Comparison of STP, RSTP, and MSTP
Spanning Characteristics Usage Scenario

Tree
Protocol
STP ● A loop-free tree topology is All VLANs share one spanning

formed in an STP region to tree, and users or services do not
prevent broadcast storms need to be differentiated.
while implementing link
redundancy.
● Route convergence is slow.
RSTP ● A loop-free tree topology is

formed in an RSTP region to
prevent broadcast storms
while implementing link
redundancy.
● RSTP achieves fast network
convergence.
MSTP ● A loop-free tree topology is Traffic in different VLANs is

formed in an MSTP region to forwarded through different
prevent broadcast storms spanning trees for load
while implementing link balancing. The spanning trees
redundancy. are independent of each other.
● MSTP achieves fast network In this situation, users or services
convergence. are distinguished by VLANs.
● MSTP implements load
balancing among VLANs.
Traffic in different VLANs is
transmitted along different
paths.
Purpose
After a spanning tree protocol is configured on an Ethernet switching network, the
protocol calculates the network topology to implement the following functions:
● Loop prevention: The spanning tree protocol blocks redundant links to prevent
potential loops on the network.
● Link redundancy: If an active link fails and a redundant link exists, the
spanning tree protocol activates the redundant link to ensure network
connectivity.

Switches
9.2 Understanding STP/RSTP
9.2.1 STP Background

STP prevents loops on a local area network (LAN). Devices running STP exchange
information with one another to discover loops on the network, and block certain
ports to eliminate loops. With the growth in scale of LANs, STP has become an
important protocol for a LAN.
Figure 9-1 Typical LAN networking

ServerA
Port1 Port1
S1 S2
Port2 Port2
ServerB
Data flow
On the network shown in Figure 9-1, the following situations may occur:
● Broadcast storms cause a breakdown of the network.
If a loop exists on the network, broadcast storms may occur, leading to a
breakdown of the network. In Figure 9-1, STP is not enabled on the switches.
If ServerA sends a broadcast request, both S1 and S2 receive the request on
port 1 and forward the request through their port 2. Then, S1 and S2 receive
the request forwarded by each other on port 2 and forward the request
through port 1. As this process repeats, resources on the entire network are
exhausted, and the network finally breaks down.
● MAC address table flapping causes unstable MAC address entries.
Assume that no broadcast storm has occurred on the network shown in
Figure 9-1. ServerA sends a unicast packet to ServerB. If ServerB is
temporarily removed from the network at this time, the MAC address entry
for ServerB will be deleted on S1 and S2. The unicast packet sent by ServerA
to ServerB is received by port 1 on S1. S1 has no matching MAC address entry,
so the unicast packet is forwarded to port 2. Then port 2 on S2 receives the
unicast packet from port 2 on S1 and sends it out through port 1. In addition,

Switches
port 1 on S2 also receives the unicast packet sent by ServerA to ServerB, and
sends it out through port 2. As such transmissions repeat, port 1 and port 2
on S1 and S2 continuously receive unicast packets from ServerA. S1 and S2
modify the MAC address entries continuously, causing the MAC address table
to flap. As a result, MAC address entries are damaged.
9.2.2 Basic Concepts of STP
Root Bridge
A tree topology must have a root. As defined in STP, the device that functions as
the root of a tree network is called the root bridge.
There is only one root bridge on the entire STP network. Although the root bridge
is not necessarily at the physical center of the network, it functions as its logical
center. The root bridge changes dynamically with the network topology.
After network convergence, the root bridge generates configuration BPDUs and
sends them to other devices at specific intervals. Other devices process and
forward the configuration BPDUs to communicate the topology changes to
downstream devices.
Metrics for Spanning Tree Calculation

A spanning tree is calculated based on the following metrics: ID and path cost.
● ID
– Bridge ID (BID)
According to IEEE 802.1D, a BID is composed of a bridge priority
(leftmost 16 bits) and a bridge MAC address (rightmost 48 bits).
On an STP network, the device with the smallest BID is elected as the
root bridge.
– Port ID (PID)
A PID is composed of a port priority (leftmost 4 bits) and a port number
(rightmost 12 bits).
The PID is used to select the designated port.
NOTE
The port priority affects the role of a port in a specified spanning tree instance.
For details, see 9.2.4 STP Topology Calculation.
● Path cost
The path cost is a port variable used for link selection. STP calculates path
costs to select robust links, blocks redundant links, and finally trims the
network into a loop-free tree topology.
On an STP network, a port's path cost to the root bridge is the sum of the
path costs of all ports between the port and the root bridge. This path cost is
the root path cost.

Switches
Root Bridge, Root Port, and Designated Port

Three elements are involved in pruning a ring network into a tree network: root
bridge, root port, and designated port. Figure 9-2 shows the three elements in the
STP network architecture.
Figure 9-2 STP network architecture

Root
bridge A B
PC=100;RPC=0 PC=100;RPC=100
S1 S2
B A
PC=100;RPC=0 PC=99;RPC=100
A B
PC=100;RPC=100 PC=99;RPC=199
B A
S3 PC=200;RPC=100 PC=200;RPC=199 S4
PC: path cost

RPC: root path cost
Root port
Designated port
Blocked port
● Root bridge
The root bridge is the bridge with the smallest BID, which is discovered by
exchanging configuration BPDUs.
● Root port
The root port on an STP device is the port with the smallest path cost to the
root bridge and is responsible for forwarding data to the root bridge. An STP
device has only one root port, and there is no root port on the root bridge.
● Designated port
Table 9-2 explains the designated bridge and designated port.
Table 9-2 Designated bridge and designated port
Reference Designated Bridge Designated Port

Object
Device A directly connected The designated bridge's port

device that forwards that forwards configuration
configuration BPDUs to BPDUs to the device
the device

Switches
Reference Designated Bridge Designated Port

Object
LAN A device that forwards The designated bridge's port

configuration BPDUs to that forwards configuration
the LAN BPDUs to the LAN
In Figure 9-3, AP1 and AP2 are ports of S1; BP1 and BP2 are ports of S2; CP1
and CP2 are ports of S3.
– S1 sends configuration BPDUs to S2 through AP1, so S1 is the designated
bridge for S2, and AP1 is the designated port on S1.
– S2 and S3 are connected to the LAN. If S2 forwards configuration BPDUs
to the LAN, S2 is the designated bridge for the LAN, and BP2 is the
designated port on S2.
Figure 9-3 Designated bridge and designated port

S1
AP1 AP2
BP1 CP1
S2 S3
BP2 CP2
LAN
After the root bridge, root ports, and designated ports are selected successfully, a
tree topology is set up on the entire network. When the topology is stable, only
the root port and designated ports forward traffic. The other ports are in Blocking
state; they only receive STP BPDUs and do not forward user traffic.
Comparison Principles
During role election, STP devices compare four fields, which form a BPDU priority
vector {root bridge ID, root path cost, sender BID, PID}.
Table 9-3 describes the four fields carried in a configuration BPDU.

Switches
Table 9-3 Four fields

Field Description
Root bridge ID ID of the root bridge. Each STP network has

only one root bridge.
Root path cost Path cost to the root bridge. It is determined by

the distance between the port sending the
configuration BPDU and the root bridge.
Sender BID BID of the device that sends the configuration

BPDU.
PID PID of the port that sends the configuration

BPDU.
After a device on the STP network receives a configuration BPDU, it compares the
fields listed in Table 9-3 with its own values. The four comparison principles are as
follows:
● Smallest BID: used to select the root bridge. Devices on an STP network select
the device with the smallest BID to become the root bridge. This BID is then
used as the root bridge ID field in Table 9-3.
● Smallest root path cost: used to select the root port on a non-root bridge. The
port with the smallest root path cost is selected as the root port. On the root
bridge, the path cost of each port is 0 and there is no root port.
● Smallest sender BID: used to select the root port among ports with the same
root path cost. The port with the smallest sender BID is selected as the root
port in STP calculation. For example, S2 has a smaller BID than S3 in Figure
9-2. If the BPDUs received on port A and port B of S4 contain the same root
path cost, port B becomes the root port on S4 because the BPDU received on
port B has a smaller sender BID.
● Smallest PID: used to determine which port should be blocked when multiple
ports have the same root path cost. The port with the smallest PID is not
blocked. The PIDs are compared in the scenario shown in Figure 9-4. The
BPDUs received on port A and port B of S1 contain the same root path cost
and sender BID. Port A has a smaller PID than port B. Therefore, port B is
blocked to prevent loops.
Figure 9-4 Scenario where PIDs need to be compared
S1 S2
A B
Designated port
Blocked port

Switches
Port States
Table 9-4 describes the possible states of ports on an STP device.
Table 9-4 STP port states

Port Purpose Description
State
Forwardi A port in Forwarding state can Only the root port and
ng forward user traffic and process designated port can enter the
BPDUs. Forwarding state.
Learning When a port is in Learning state, This is a transitional state, which

the device creates MAC address is designed to prevent temporary
entries based on user traffic loops.
received on the port but does not
forward user traffic through the
port.
Listenin All ports are in Listening state This is a transitional state.

g before the root bridge, root port,
and designated port are selected.
Blocking A port in Blocking state receives This is the final state of a

and processes only BPDUs, and blocked port.
does not forward user traffic.
Disabled A port in Disabled state does not The port is Down.

process BPDUs or forward user
traffic.
Figure 9-5 shows the state transitions of a port.

Switches
Figure 9-5 STP state transitions of a port

5
Listening
5
3
2 4
1
Disabled or 4
Blocking Learning
Down
5
4
3
5
Forwarding
1 The port is initialized or enabled, and enters the Blocking state.
2 The port is selected as the root or designated port, and enters

the Listening state.
3 When the time for keeping the port in a temporary state is
reached, the port enters the Learning or Forwarding state. The
port is selected as the root or designated port.
4 The port is not the root or designated port, and enters the
blocking state.
5 The port is disabled or the link fails.
Table 9-5 describes the MSTP port states.
Table 9-5 MSTP port states

Port Description
State
Forwardi A port in Forwarding state can forward user traffic and process
ng BPDUs.
Learning This is a transitional state. When a port is in Learning state, the

device creates MAC address entries based on user traffic received on
the port but does not forward user traffic through the port.
Discardi A port in Discarding state can only receive BPDUs.

ng
After a Huawei device transitions from the Multiple Spanning Tree Protocol
(MSTP) mode (default mode) to the STP mode, its STP ports support only those

Switches
states defined in MSTP, which are Forwarding, Learning, and Discarding. The
Forwarding and Learning states are the same as the corresponding STP states. A
port in Discarding state can only receive BPDUs.
The following parameters affect the STP port states and convergence speed.
● Hello Time
The Hello Time specifies the interval at which an STP device sends
configuration BPDUs to detect link failures.
When the Hello Time is changed, the new value takes effect only after a new
root bridge is elected. The new root bridge adds the new Hello Time value in
BPDUs it sends to non-root bridges. When the network topology changes,
Topology Change Notification (TCN) BPDUs are transmitted immediately,
irrespective of the Hello Time.
● Forward Delay
The Forward Delay timer specifies the length of delay before a port state
transition. When a link fails, STP calculation is triggered and the spanning tree
structure changes. However, because new configuration BPDUs cannot be
immediately spread over the entire network, convergence takes some time. If
the new root port and designated port forward data before convergence,
transient loops may occur. Therefore, STP defines a port state transition delay
mechanism. The newly selected root port and designated port must wait for
two Forward Delay intervals before transitioning to the Forwarding state.
During this time, the new configuration BPDUs can be transmitted over the
network, preventing transient loops during convergence.
The default Forward Delay timer value is 15 seconds. This means that the port
stays in Listening state for 15 seconds and then stays in Learning state for
another 15 seconds before transitioning to the Forwarding state. The port
does not forward user traffic when it is in Listening or Learning state, which is
key to preventing transient loops.
● Max Age
The Max Age specifies the aging time of BPDUs. This parameter is
configurable on the root bridge.
The Max Age is spread to the entire network with configuration BPDUs. After
a non-root bridge receives a configuration BPDU, it either forwards or discards
the configuration BPDU by comparing the Message Age value with the Max
Age value. The details are as follows:
– If the Message Age value is less than or equal to the Max Age value, the
non-root bridge forwards the configuration BPDU.
– If the Message Age value is larger than the Max Age value, the non-root
bridge discards the configuration BPDU. When this happens, the network
size is considered too large and the non-root bridge disconnects from the
root bridge.
If the configuration BPDU is sent from the root bridge, the value of Message
Age is 0. Otherwise, the value of Message Age is the total time spent to
transmit the BPDU from the root bridge to the local bridge, including the
transmission delay. In real-world situations, the Message Age value of a
configuration BPDU increases by 1 each time the configuration BPDU passes
through a bridge.
Table 9-6 provides the timer values defined in IEEE 802.1D.

Switches
Table 9-6 Values of STP timer parameters

Parameter Default Setting Value Range
Hello Time 200 centiseconds (2 100-1000

seconds)
Max Age 2000 centiseconds (20 600-4000

seconds)
Forward Delay 1500 centiseconds (15 400-3000

seconds)
9.2.3 STP BPDU Format

A BPDU is encapsulated in an Ethernet frame. Its destination MAC address is a
multicast MAC address 01-80-C2-00-00-00. The Length field specifies the MAC
data length, and is followed by the LLC header. Figure 9-6 shows the Ethernet
frame format.
Figure 9-6 Format of an Ethernet frame

6 bytes 6 bytes 2 bytes 3 bytes 38-1492 bytes 4 bytes
DMAC SMAC Length LLC BPDU data CRC
There are two types of STP BPDUs:

● Configuration BPDUs are heartbeat packets. STP-enabled designated ports
send configuration BPDUs at Hello intervals.
● Topology Change Notification (TCN) BPDUs are sent only after a device
detects a network topology change.
Configuration BPDU
Configuration BPDUs are used most commonly and are used for exchanging
topology information among STP devices.
Each bridge actively sends configuration BPDUs during initialization. After the
network topology becomes stable, only the root bridge actively sends
configuration BPDUs. Other bridges send configuration BPDUs only after receiving
configuration BPDUs from upstream devices. A configuration BPDU is at least 35
bytes long, and includes the parameters such as the BID, root path cost, and PID. A
bridge processes a received configuration BPDU only when it finds that at least
one of the sender BID and PID is different from that on the local receive port. If
both fields are the same as those on the receive port, the bridge drops the
configuration BPDU. This reduces the number of BPDUs that a bridge needs to
process.
A configuration BPDU is sent in the following scenarios:
● After STP is enabled on ports of a device, the designated port on the device
sends configuration BPDUs at Hello intervals.

Switches
● When the root port on a device receives a configuration BPDU, the device
sends a copy of the configuration BPDU to each of its designated ports.
● When a designated port receives a low-priority configuration BPDU, the
designated port immediately sends its own configuration BPDU to the
downstream device.
Table 9-7 describes fields in a BPDU.
Table 9-7 Fields in a BPDU
Field Byte Description

s
Protocol Identifier 2 The value is fixed at 0.
Protocol Version 1 The value is fixed at 0.

Identifier
BPDU Type 1 Indicates the type of a BPDU:

● 0x00: configuration BPDU
● 0x80: TCN BPDU
Flags 1 Indicates whether the network topology has

changed.
● The rightmost bit is the Topology Change (TC)
flag.
● The leftmost bit is the Topology Change
Acknowledgment (TCA) flag.
Root Identifier 8 Indicates the BID of the current root bridge.
Root Path Cost 4 Indicates the accumulated path cost from a port to
the root bridge.
Bridge Identifier 8 Indicates the BID of the bridge that sends the BPDU.
Port Identifier 2 Indicates the ID of the port that sends the BPDU.
Message Age 2 Records the time that has elapsed since the original
BPDU was generated on the root bridge.
If the configuration BPDU is sent from the root
bridge, the value of Message Age is 0. Otherwise, the
value of Message Age is the total time spent to
transmit the BPDU from the root bridge to the local
bridge, including the transmission delay. In real-
world situations, the Message Age value of a
configuration BPDU increases by 1 each time the
configuration BPDU passes through a bridge.
Max Age 2 Indicates the aging time of a BPDU.
Hello Time 2 Indicates the interval at which BPDUs are sent.
Forward Delay 2 Indicates the period during which a port stays in the
Listening and Learning states.

Switches
Figure 9-7 shows the Flags field. Only the leftmost and rightmost bits are used in
STP.
Figure 9-7 Format of the Flags field

Reserved
Bit7 Bit0
TCA flag TC flag
TCN BPDU
A TCN BPDU contains only three fields: Protocol Identifier, Version, and Type, as
described in Table 9-7. The Type field is four bytes long and is fixed at 0x80.
When the network topology changes, TCN BPDUs are transmitted upstream until
they reach the root bridge. A TCN BPDU is sent in the following scenarios:
● A port transitions to the Forwarding state.
● A designated port receives a TCN BPDU and sends a copy to the root bridge.
9.2.4 STP Topology Calculation

After STP is enabled on all devices on a network, all devices consider themselves
the root bridge. All ports on the devices are in Listening state (they only transmit
and receive configuration BPDUs and do not forward user traffic). Then the
devices select the root bridge, root ports, and designated ports based on
configuration BPDUs.
BPDU Exchange
Figure 9-8 shows the initial information exchange process. The four parameters in
a pair of brackets represent the root bridge ID (S1_MAC and S2_MAC are BIDs of
the two devices), root path cost, sender BID, and PID carried in configuration
BPDUs. Configuration BPDUs are sent at Hello intervals.
Figure 9-8 Initial BPDU exchange

{S1_MAC,0,S1_MAC,A_PID}
A B
S1 {S2_MAC,0,S2_MAC,B_PID} S2

Switches
STP Algorithm Implementation

1. Initialization
Because each bridge considers itself the root bridge, the BPDU sent from a
port is set as follows:
The root bridge ID is the BID of the local bridge, the root path cost is the
accumulative path cost from the port to the local bridge, the sender BID is the
BID of the local bridge, and the PID is the ID of the port that sends the BPDU.
2. Root bridge election
During network initialization, every device considers itself the root bridge and
sets the root bridge ID to its own BID. Then devices exchange configuration
BPDUs and compare their root bridge IDs to find the device with the smallest
BID, which finally becomes the root bridge.
3. Root port and designated port selection
Table 9-8 describes the process of selecting the root port and designated
port.
Table 9-8 Selecting the root port and designated port
St Process
ep
1 A non-bridge device selects the port that receives the configuration

BPDU with the highest priority as the root port. Table 9-9 describes
the process of selecting the configuration BPDU with the highest
priority.
2 The device generates a configuration BPDU for each port and

calculates the fields in the configuration BPDU based on the
configuration BPDU on the root port and path cost of the root port.
The details are as follows:
● Replaces the root bridge ID with the root bridge ID in the
configuration BPDU on the root port.
● Replaces the root path cost with the accumulated root path cost in
the configuration BPDU on the root port and the path cost of the
root port.
● Replaces the sender BID with the local BID.
● Replaces the PID with the local port ID.
3 The device selects the port state by comparing the calculated

configuration BPDU with the configuration BPDU received on the port.
The details are as follows:
● If the calculated configuration BPDU is superior, the port is selected
as the designated port and periodically sends the calculated
configuration BPDU.
● If the port's own configuration BPDU is superior, the configuration
BPDU on the port is not updated and the port is blocked. Then the
port only receives BPDUs, and does not forward data or send
BPDUs.

Switches
Table 9-9 Selecting the configuration BPDU with the highest priority
St Process
ep
1 Each port decides how to process the received configuration BPDU by

comparing it with its own configuration BPDU. The details are as
follows:
● If the received configuration BPDU is inferior, the port discards the
received configuration BPDU and retains its own configuration
BPDU.
● If the received configuration BPDU is superior, the port replaces its
own configuration BPDU with the received one.
2 The device compares configuration BPDUs on all the ports and selects
the one with the highest priority.
Example of STP Topology Calculation

After the root bridge, root ports, and designated ports are selected successfully, a
tree topology is set up on the entire network. The following example illustrates
how STP calculation is implemented.
Figure 9-9 STP networking and calculated topology

DeviceA
Priority=0 DeviceA
Root
bridge
Port A1 Port A2
STP topology
calculation
5
Pa
st=
th
co
co
th
st=
Pa
10
Port B1 Port C1
Path cost=4
Port B2 Port C2
DeviceB DeviceC
DeviceB DeviceC
Priority=1 Priority=2
Root port
Designated port
Blocked port
As shown in Figure 9-9, DeviceA, DeviceB, and DeviceC are deployed on the
network, with priorities 0, 1, and 2, respectively. The path costs between DeviceA
and DeviceB, DeviceA and DeviceC, and DeviceB and DeviceC are 5, 10, and 4,
respectively.

Switches
Table 9-10 Initial state of each device

Device Port Configuration BPDU
DeviceA Port A1 {0, 0, 0, Port A1}
Port A2 {0, 0, 0, Port A2}
DeviceB Port B1 {1, 0, 1, Port B1}
Port B2 {1, 0, 1, Port B2}
DeviceC Port C1 {2, 0, 2, Port C1}
Port C2 {2, 0, 2, Port C2}
NOTE
The fields that are compared in a configuration BPDU are {root bridge ID, root path cost,
sender BID, PID}.
Table 9-11 Topology calculation process and resulting configuration BPDU

Devi Process Resulting Configuration
ce BPDU
Devi ● Port A1 receives the configuration BPDU ● Port A1: {0, 0, 0, Port
ceA {1, 0, 1, Port B1} from Port B1 and finds it A1}
inferior to its own configuration BPDU {0, ● Port A2: {0, 0, 0, Port
0, 0, Port A1}, so Port A1 discards the A2}
received configuration BPDU.
● Port A2 receives the configuration BPDU
{2, 0, 2, Port C1} from Port C1 and finds its
own configuration BPDU {0, 0, 0, Port A2}
with a higher priority, so Port A2 discards
the received configuration BPDU.
● DeviceA finds that the root bridge and
designated bridge specified in the
configuration BPDUs on its ports are both
itself. Therefore, DeviceA considers itself as
the root bridge and periodically sends
configuration BPDUs from each port
without modifying the BPDUs.

Switches

ce BPDU
Devi ● Port B1 receives the configuration BPDU ● Port B1: {0, 0, 0, Port
ceB {0, 0, 0, Port A1} from Port A1 and finds it A1}
superior to its own configuration BPDU {0, ● Port B2: {1, 0, 1, Port
0, 0, Port B1}, so Port B1 updates its B2}
configuration BPDU.
● Port B2 receives the configuration BPDU
{2, 0, 2, Port C2} from Port C2 and finds it
inferior to its own configuration BPDU {1,
0, 1, Port B2}, so Port B2 discards the
received configuration BPDU.
● DeviceB compares the configuration BPDU ● Root port (Port B1):

on each port and finds that Port B1 has {0, 0, 0, Port A1}
optimal configuration BPDU. DeviceB ● Designated port (Port
selects Port B1 as the root port and retains B2): {0, 5, 1, Port B2}
the configuration BPDU on Port B1.
● DeviceB calculates the configuration BPDU
{0, 5, 1, Port B2} for Port B2 based on the
configuration BPDU and path cost of the
root port, and compares the calculated
configuration BPDU with the original
configuration BPDU {1, 0, 1, Port B2} on
Port B2. The calculated configuration
BPDU is superior to the original one, so
DeviceB selects Port B2 as the designated
port, replaces Port B2's configuration
BPDU with the calculated one, and
periodically sends the configuration BPDU
from Port B2.
Devi ● Port C1 receives the configuration BPDU ● Port C1: {0, 0, 0, Port
ceC {0, 0, 0, Port A2} from Port A2 and finds it A2}
superior to its own configuration BPDU {2, ● Port C2: {1, 0, 1, Port
0, 2, Port C1}, so Port C1 updates its B2}
configuration BPDU.
● Port C2 receives the configuration BPDU
{1, 0, 1, Port B2} from Port B2 and finds it
superior to its own configuration BPDU {1,
0, 1, Port B2}, so Port C2 updates its
configuration BPDU.

Switches

ce BPDU
● DeviceC compares the configuration BPDU ● Root port (Port C1):

on each port and finds that the {0, 0, 0, Port A2}
configuration BPDU on Port C1 is optimal. ● Designated port (Port
DeviceC selects Port C1 as the root port C2): {0, 10, 2, Port C2}
and retains the configuration BPDU on
Port C1.
● DeviceC calculates the configuration BPDU
{0, 10, 2, Port C2} for Port C2 based on the
root port, and compares the calculated
configuration BPDU with the original
configuration BPDU {1, 0, 1, Port B2} on
Port C2. The calculated configuration
BPDU is superior to the original one, so
DeviceC selects Port C2 as the designated
port and replaces its configuration BPDU
with the calculated one.
● Port C2 receives the configuration BPDU ● Port C1: {0, 0, 0, Port

{0, 5, 1, Port B2} from Port B2 and finds it A2}
superior to its own configuration BPDU {0, ● Port C2: {0, 5, 1, Port
10, 2, Port C2}, so Port C2 updates its B2}
configuration BPDU.
● Port C1 receives the configuration BPDU
{0, 0, 0, Port A2} from Port A2 and finds it
the same as its own configuration BPDU,
so Port C1 discards the received
configuration BPDU.

Switches

ce BPDU
● The root path cost of Port C1 is 10 (root ● Blocked port (Port

path cost 0 in the received configuration C1): {0, 0, 0, Port A2}
BPDU plus the link path cost 10), and the ● Root port (Port C2):
root path cost of Port C2 is 9 (root path {0, 5, 1, Port B2}
cost 5 in the received configuration BPDU
plus the link path cost 4). DeviceC finds
that Port C2 has a smaller root path cost
and therefore considers the configuration
BPDU of Port C2 superior to that of Port
C1. DeviceC then selects Port C2 as the
root port and retains its configuration
BPDU.
● DeviceC calculates the configuration BPDU
{0, 9, 2, Port C1} for Port C1 based on the
root port, and finds the calculated
configuration BPDU inferior to the original
configuration BPDU {0, 0, 0, Port A2} on
Port C2. DeviceC blocks Port C1 and does
not update its configuration BPDU. Port C1
no longer forwards data until STP
recalculation is triggered, for example,
when the link between DeviceB and
DeviceC is Down.
After the topology becomes stable, the root bridge still sends configuration BPDUs
at intervals specified by the Hello timer. Each non-root bridge forwards the
received configuration BPDUs through its designated port. When a non-root
bridge receives a superior configuration BPDU on a port, the non-root bridge
replaces the configuration BPDU on the port with the received configuration
BPDU.
STP Topology Changes

Figure 9-10 shows the packet transmission process after an STP topology change.

Switches
Figure 9-10 Packet transmission after a topology change

Root bridge Root bridge
T
A topology change is generated on
point T. Step 2: The root bridge advertises the
Step 1: A TCN is going up to the TC for Max Age + forward delay.
root.
The following is the process that takes place after a topology change occurs:
1. When the status of the interface at point T changes, a downstream device
continuously sends TCN BPDUs to the upstream device to inform the
upstream device and root bridge of topology changes.
2. The upstream device processes only the TCN BPDUs received on the
designated port and drops TCN BPDUs on other ports.
3. The upstream device sets the TCA bit of the Flags field in the configuration
BPDUs to 1 and returns the configuration BPDUs to instruct the downstream
device to stop sending TCN BPDUs.
4. The upstream device sends a copy of the TCN BPDUs toward the root bridge.
5. Steps 1, 2, 3 and 4 are repeated until the root bridge receives the TCN BPDUs.
6. The root bridge sets the TC and TCA bits of the Flags field in the configuration
BPDUs to 1. The TC bit of 1 informs the downstream device of topology
changes and instructs the downstream device to delete MAC address entries.
In this manner, fast network convergence is achieved. The TCA bit of 1
informs the downstream device that the topology changes are known and
instructs the downstream device to stop sending TCN BPDUs.
9.2.5 Advantages of RSTP

In 2001, IEEE 802.1w was published to introduce the Rapid Spanning Tree Protocol
(RSTP), an extension of the Spanning Tree Protocol (STP). RSTP was developed
based on STP and makes supplements and modifications to STP.
Disadvantages of STP
STP ensures a loop-free network but is slow to converge, leading to service quality
deterioration. If the network topology changes frequently, connections on the STP
network are frequently torn down, causing frequent service interruption.
STP has the following disadvantages:

Switches
● STP does not differentiate between port roles according to their states,
making it difficult for less experienced administrators to learn about and
deploy this protocol.
– Ports in Listening, Learning, and Blocking states are the same for users
because they are all prevented from forwarding service traffic.
– In terms of port use and configuration, the essential differences between
ports lie in the port roles but not port states.
Both root and designated ports can be in Listening state or Forwarding
state, so the port roles cannot be differentiated according to their states.
● The STP algorithm does not determine topology changes until the timer
expires, delaying network convergence.
● The STP algorithm requires the root bridge to send configuration BPDUs after
the network topology becomes stable, and other devices process and spread
the configuration BPDUs through the entire network. This also delays
convergence.
Improvements Made in RSTP

RSTP deletes three port states, defines two new port roles (alternate port and
backup port), and makes port attributes identifiable according to port states and
roles. In addition, RSTP provides enhanced features and protection measures to
ensure network stability and fast convergence.
● More port roles are defined to simplify the learning and deployment of the
STP protocol.

Switches
Figure 9-11 Diagram of port roles

S1
root bridge
B A
S2 S3
A A a
S1
root bridge
B A
S2 S3
A B A a
b
Root port
Designated port
Alternate port
Backup port
As shown in Figure 9-11, RSTP defines four port roles: root port, designated
port, alternate port, and backup port.
The functions of the root port and designated port are the same as those
defined in STP. The alternate port and backup port are described as follows:
– During configuration BPDU transmission:
▪ An alternate port is blocked after learning a configuration BPDU sent

by another bridge.
▪ A backup port is blocked after learning a configuration BPDU sent by

itself.
– During user traffic forwarding:
▪ An alternate port acts as a backup of the root port and provides an

alternate path from the designated bridge to the root bridge.

Switches
▪ A backup port acts as a backup of the designated port and provides

a backup path from the root bridge to the related network segment.
After roles of all RSTP ports are determined, the topology convergence is
completed.
● RSTP redefines port states.
RSTP deletes two port states defined in STP, reducing the number of port
states to three. Depending on whether a port can forward user traffic and
learn MAC addresses, the port may be in any of the following states:
– If the port does not forward user traffic or learn MAC addresses, it is in
Discarding state.
– If the port does not forward user traffic but learns MAC addresses, it is in
Learning state.
– If the port forwards user traffic and learns MAC addresses, it is in
Forwarding state.
Table 9-12 compares the port states defined in STP and RSTP. Port states are
not necessarily related to port roles. Table 9-12 lists possible states for
different port roles.
Table 9-12 Comparison between port states defined in STP and RSTP
STP Port State RSTP Port State Port Role
Forwarding Forwarding Root port or designated port
Learning Learning Root port or designated port
Listening Discarding Root port or designated port
Blocking Discarding Alternate port or backup port
Disabled Discarding Disabled port
● RSTP changes the configuration BPDU format and uses the Flags field to
describe port roles.
RSTP retains the basic configuration BPDU format defined in STP and makes
the following minor changes:
– The value of the Type field is changed from 0 to 2. Devices running STP
will drop the configuration BPDUs sent from devices running RSTP.
– The Flags field uses the six bits reserved in STP. This configuration BPDU
is called an RST BPDU. Figure 9-12 shows the Flags field in an RST BPDU.

Switches
Figure 9-12 Format of the Flags field in an RST BPDU

Bit7 Bit6 Bit5 Bit4 Bit3 Bit2 Bit1 Bit0
TCA Agreement Forwarding Learning Port role Proposal TC
Topology Change Topology

Acknowledgment flag Change flag
Port role = 00 Unknown
01 Alternate/Backup port
10 Root port
11 Designated port
● Configuration BPDUs are processed in a different way.

– Transmission frequency of configuration BPDUs
In STP, the root bridge sends configuration BPDUs at Hello intervals after
the topology becomes stable. Non-root bridges send configuration BPDUs
only after they receive configuration BPDUs from upstream devices. This
complicates the STP calculation and slows down network convergence.
RSTP allows non-root bridges to send configuration BPDUs at Hello
intervals after the topology becomes stable, regardless of whether they
have received configuration BPDUs from the root bridge.
– BPDU timeout period
In STP, a device has to wait for one period of Max Age before
determining a negotiation failure. In RSTP, a device determines that the
negotiation between its port and the upstream device has failed if the
port does not receive any configuration BPDUs sent from the upstream
device for three consecutive Hello intervals.
– Processing of inferior BPDUs
When an RSTP port receives an RST BPDU from the upstream designated
bridge, the port compares the received RST BPDU with its own RST BPDU.
If its own RST BPDU is superior to the received one, the port discards the
received RST BPDU and immediately responds to the upstream device
with its own RST BPDU. After receiving the RST BPDU, the upstream
device replaces its own RST BPDU with the received RST BPDU.
In this manner, RSTP processes inferior BPDUs more rapidly, independent
of any timer.
● Rapid convergence
– Proposal/Agreement mechanism
In STP, a port that is selected as a designated port needs to wait at least
one Forward Delay interval (Learning state) before it enters the
Forwarding state. In RSTP, such a port enters the Discarding state, and
then the Proposal/Agreement mechanism allows the port to immediately
enter the Forwarding state. The Proposal/Agreement mechanism must be
applied on P2P links in full-duplex mode.
For details, see 9.2.6 Technical Details of RSTP.
– Fast switchover of the root port
If a root port fails, the best alternate port immediately becomes the root
port and enters the Forwarding state. This is because the network

Switches
segment connected to this alternate port has a designated port

connected to the root bridge.
When the port role changes, the network topology changes accordingly.
For details, see 9.2.6 Technical Details of RSTP.
– Edge ports
In RSTP, a designated port on the network edge is called an edge port. An
edge port directly connects to a terminal and does not connect to any
other switches.
An edge port cannot receive or process configuration BPDUs and does
not participate in RSTP calculation. This port can transition from Disable
to Forwarding state without a delay. An edge port becomes a common
STP port once it is connected to a switch and receives a configuration
BPDU. The spanning tree needs to be recalculated, causing network
flapping.
● Protection functions
Table 9-13 describes protection functions provided by RSTP.
Table 9-13 Protection functions

Protecti Scenario Implementation
on
Functio
n
BPDU On a switch, ports directly BPDU protection enables a switch

protectio connected to a user to set the state of an edge port to
n terminal such as a PC or error-down if the edge port receives
file server are edge ports. an RST BPDU. In this case, the port
Usually, no RST BPDUs remains the edge port, and the
are sent to edge ports. If switch sends a notification to the
a switch receives bogus NMS.
RST BPDUs on an edge
port, the switch
automatically sets the
edge port to a non-edge
port and performs STP
calculation. This causes
network flapping.

Switches

on
Functio
n
Root The root bridge on a If root protection is enabled on a

protectio network may receive designated port, the port role
n superior RST BPDUs due cannot be changed. When the
to incorrect designated port receives a superior
configurations or RST BPDU, the port enters the
malicious attacks. When Discarding state and does not
this occurs, the root forward packets. If the port does
bridge is incorrectly not receive any superior RST BPDUs
changed. As a result, within a period (generally two
traffic may be switched Forward Delay periods), the port
from high-speed links to automatically enters the Forwarding
low-speed links, leading state.
to network congestion. NOTE
Root protection takes effect only on
designated ports.
Loop On an RSTP network, a When loop prevention is enabled, if

preventi switch can only maintain the root port or alternate port does
on the states of the root port not receive RST BPDUs from the
and blocked ports if it is upstream switch for a long time,
continuously receiving the switch sends a notification to
RST BPDUs from the the NMS. The root port enters the
upstream switch. Discarding state, whereas the
If the ports cannot receive blocked port remains in Blocking
RST BPDUs from the state and does not forward packets,
upstream switch because preventing loops on the network.
of link congestion or The root port or alternate port
unidirectional link restores the Forwarding state after
failures, the switch re- receiving new RST BPDUs.
selects a root port. Then, NOTE
the previous root port Loop prevention takes effect only on
the root port and alternate ports.
becomes a designated
port and the blocked
ports change to the
Forwarding state. As a
result, loops may occur on
the network.

Switches

on
Functio
n
TC A switch deletes its MAC After enabling TC BPDU attack

BPDU address entries and ARP defense on a switch, you can set the
attack entries after receiving TC number of times the device
defense BPDUs. An attacker can processes TC BPDUs within a given
use this to their time. If this number is exceeded, the
advantages by sending a switch processes only the specified
large number of bogus TC number of TC BPDUs. Excess TC
BPDUs to the switch in a BPDUs are processed in one go by
short time, causing the the switch after the specified period
device to frequently expires. This function prevents the
delete MAC address switch from frequently deleting its
entries and ARP entries. MAC address entries and ARP
This increases the load on entries, reducing the load on the
the switch and threatens switch and guaranteeing network
network stability. stability.
9.2.6 Technical Details of RSTP

Proposal/Agreement Mechanism
The Proposal/Agreement mechanism of RSTP enables a designated port to quickly
enter the Forwarding state. In Figure 9-13, root bridge S1 establishes a link with
S2. On S2, p2 is an alternate port; p3 is a designated port and is in Forwarding
state; p4 is an edge port.

Switches
Figure 9-13 Proposal/Agreement negotiation process
S1
p0 1 Proposal
3 Agreement
p1
S2
p2 E p4
p3
2 sync 2 sync 2 sync

(Leaves the port (Blocks the (Leaves the port
state unchanged) port) state unchanged)
Designated port
Alternate port
E Edge port
The Proposal/Agreement mechanism works as follows:

1. p0 and p1 become designated ports and send RST BPDUs to each other.
2. The RST BPDU sent from p0 is superior to that of p1, so p1 becomes a root
port and stops sending RST BPDUs.
3. p0 enters the Discarding state and sets the Proposal field in its RST BPDU to
1.
4. After S2 receives an RST BPDU with the Proposal field set to 1, it sets the sync
variable to 1 for all its ports.
5. p2 is already blocked, so its state remains unchanged. p4 is an edge port and
does not participate in calculation. Therefore, only the non-edge designated
port p3 needs to be blocked.
6. After p2 and p3 enter the Discarding state, their sync variable is set to 1. The
sync variable of the root port p1 is also set to 1, and p1 sends an RST BPDU
with the Agreement field set to S1. This RST BPDU carries the same
information as the one sent from the root bridge S1, except that the
Agreement field is set to 1 and the Proposal field is set to 0.
7. After S1 receives this RST BPDU, it identifies that the RST BPDU is a response
to the proposal that it has sent. Then p0 immediately enters the Forwarding
state.
The Proposal/Agreement process can proceed to downstream devices.
STP can select designated ports quickly; however, to prevent loops, all ports must
wait at least one Forward Delay interval before starting data forwarding. RSTP

Switches
blocks non-root ports to prevent loops and uses the Proposal/Agreement

mechanism to shorten the time that an upstream port waits before transitioning
to the Forwarding state.
NOTE
The Proposal/Agreement mechanism applies only to P2P full-duplex links between two
devices. When Proposal/Agreement fails, a designated port is elected after two Forward
Delay intervals, which is the same as designated port election in STP mode.
RSTP Topology Changes

RSTP considers that the network topology has changed when a non-edge port
transitions to the Forwarding state.
When detecting a topology change, RSTP devices react as follows:
● On the device with changed port states: The device starts a TC While timer on
each non-edge designated port. The TC While timer value is two times the
Hello timer value.
Within the TC While time, the device clears MAC address entries learned on
ports whose states have changed and sends out RST BPDUs with the TC bit
set to 1 from these ports.
● On other devices: When other devices receive RST BPDUs, they clear MAC
address entries learned on all their ports except the ports that receive the RST
BPDUs. These devices also start a TC While timer on each non-edge
designated port and repeat the preceding process.
RST BPDUs are then flooded on the entire network.
Interoperability with STP

Although RSTP can interoperate with STP, this will prevent its advantages such as
fast convergence from being leveraged.
On a network with both STP-capable and RSTP-capable devices, STP-capable
devices drop RST BPDUs. If a port on an RSTP-capable device receives a
configuration BPDU from an STP-capable device, the port switches to the STP
mode and starts to send configuration BPDUs after two Hello intervals.
After STP-capable devices are removed, Huawei RSTP-capable devices can switch
back to the RSTP mode.
9.3 Application Scenarios for STP/RSTP

On a complex network, multiple physical links are often deployed between two
devices to implement link redundancy. However, this may lead to loops, which can
cause broadcast storms and damage MAC address entries on network devices.

Switches
Figure 9-14 Typical STP/RSTP application scenario
Network
Root
bridge
PE1 PE2
STP
CE1 CE2
Server1 Server2
Blocked port
As shown in Figure 9-14, STP is deployed on the devices. The devices exchange
information to discover loops on the network and block a port to trim the ring
topology into a loop-free tree topology. The tree topology prevents infinite looping
of packets on the network and ensures packet processing capabilities of the
devices.
9.4 Summary of STP/RSTP Configuration Tasks

Table 9-14 summarizes STP/RSTP configuration tasks.
Table 9-14 STP/RSTP configuration tasks

Scenario Description Task
Configuring basic STP/ Configure STP/RSTP on 9.7 Configuring STP/

RSTP functions devices on a network to RSTP
trim the network into a
tree topology free from
loops.

Switches
Scenario Description Task
Setting STP parameters STP cannot implement 9.8 Configuring STP

that affect the STP rapid convergence. Parameters That Affect
convergence speed However, you can set the STP Convergence
STP parameters, Speed
including the network
diameter, timeout
interval, Hello timer
value, Max Age timer
value, and Forward
Delay timer value to
speed up convergence.
Setting RSTP parameters RSTP supports link type 9.9 Setting RSTP
that affect the RSTP and fast transition Parameters That Affect
convergence speed configuration on ports to RSTP Convergence
implement rapid
convergence.
Configuring RSTP You can configure one or 9.10 Configuring RSTP

protection functions more RSTP protection Protection Functions
functions on a Huawei
device.
Setting parameters for To implement 9.11 Configuring

interoperation between interoperation between a Interoperability
Huawei and non-Huawei Huawei device and a Between Huawei and
devices non-Huawei device, Non-Huawei Devices
select the fast transition
mode based on the
Proposal/Agreement
mechanism of the non-
Huawei device.
9.5 Licensing Requirements and Limitations for STP/

RSTP
Involved Network Element

Other network elements also need to support STP or RSTP.
Licensing Requirements
STP or RSTP is a basic function of the switch, and as such is controlled by the
license for basic software functions. The license for basic software functions has
been loaded and activated before delivery. You do not need to manually activate
it.

Switches
Version Requirements
Table 9-15 Products and minimum version supporting STP or RSTP

Product Minimum Version Required
CE9860EI V200R020C00
CE8860EI V100R006C00
CE8861EI/CE8868EI V200R005C10
CE8850-32CQ-EI V200R002C50
CE8850-64CQ-EI V200R005C00
CE7850EI V100R003C00
CE7855EI V200R001C00
CE6810EI V100R003C00
CE6810-48S4Q-LI/CE6810-48S- V100R003C10
LI
CE6810-32T16S4Q-LI/ V100R005C10
CE6810-24S2Q-LI
CE6850EI V100R001C00
CE6850-48S6Q-HI V100R005C00
CE6850-48T6Q-HI/CE6850U-HI/ V100R005C10
CE6851HI
CE6855HI V200R001C00
CE6856HI V200R002C50
CE6857EI V200R005C10
CE6860EI V200R002C50
CE6865EI V200R005C00
CE6870-24S6CQ-EI V200R001C00
CE6870-48S6CQ-EI V200R001C00
CE6870-48T6CQ-EI V200R002C50
CE6875-48S4CQ-EI V200R003C00
CE6880EI V200R002C50
CE6881, CE6820, CE6863 V200R005C20
CE6881K V200R019C10
CE6881E V200R019C10

Switches
Product Minimum Version Required
CE6863K V200R019C10
CE5810EI V100R002C00
CE5850EI V100R001C00
CE5850HI V100R003C00
CE5855EI V100R005C10
CE5880EI V200R005C10
CE5881 V200R020C00
NOTE
For details about the mapping between software versions and switch models, see the
Hardware Query Tool.
Feature Limitations
● On networks that run STP/RSTP/MSTP/VBST, configure an optimal core switch
as the root bridge to ensure stability of the STP Layer 2 network. Otherwise,
new access devices may trigger STP root bridge switching, causing short
service interruptions.
● When STP or RSTP is enabled on a ring network, STP or RSTP immediately
starts spanning tree calculation. Parameters such as the device priority and
port priority affect spanning tree calculation, and changing these parameters
may cause network flapping. To ensure fast and stable spanning tree
calculation, perform basic configurations on the switch and interfaces before
enabling STP or RSTP.
● RSTP uses a single spanning tree instance on the entire network. As a result,
performance deterioration cannot be prevented when the network scale
grows. Therefore, the network diameter cannot be larger than 7.
● BPDU protection takes effect only for the manually configured edge port.
● Loop prevention and root protection cannot be configured on the same
interface.
● In versions earlier than V200R001C00, STP cannot be configured on a user-
side interface of a VXLAN tunnel. Starting from V200R001C00, STP can be
configured on a user-side interface of a VXLAN tunnel that accesses the
VXLAN as a VLAN. In V200R002C50 and later versions, STP can be configured
on a user-side interface of a VXLAN tunnel when the device is deployed to
provide VXLAN access through a Layer 2 sub-interface or to provide VLAN
access.
● For CE6870EI, In V200R001C00, the bpdu bridge enable command is not
supported on the VXLAN network. To enable BPDU packets to traverse the
VXLAN network, run the undo mac-address bpdu [ mac-address [ mac-
address-mask ] ] command in the system view. In this command, mac-address
specifies the MAC address of BPDU packets that need to traverse the VXLAN
network.

Switches
For CE switches excluding CE5880EI, CE6875EI, CE6880EI, CE6870EI: in

versions earlier than V200R001C00, if the bpdu bridge enable command is
configured on an access-side port on the VXLAN network connected to an STP
network, BPDU packets cannot traverse the VXLAN network. This causes loops
on the STP network. In V200R001C00 and later versions, the bpdu bridge
enable command is not supported on the VXLAN network. If this command is
configured in a version earlier than V200R001C00, it will be deleted from the
device configurations after an upgrade to V200R001C00 or a later version. To
enable BPDU packets to traverse the VXLAN network, run the undo mac-
address bpdu [ mac-address [ mac-address-mask ] ] command in the system
view. In this command, mac-address specifies the MAC address of BPDU
packets that need to traverse the VXLAN network.
9.6 Default Settings for STP/RSTP

Parameter Default Setting
Working mode MSTP
STP/RSTP status Enabled globally and on an interface
Switching device priority 32768
Port priority 128
Algorithm used to calculate dot1t (IEEE 802.1t)

the path cost
Forward Delay 1500 centiseconds (15 seconds)
Hello Time 200 centiseconds (2 seconds)
Max Age 2000 centiseconds (20 seconds)
9.7 Configuring STP/RSTP
9.7.1 Configuring the STP/RSTP Mode

Context
Huawei devices support three working modes: STP, RSTP, and MSTP. STP and RSTP
are not compatible with each other. Therefore, on a ring network, enable either
STP or RSTP.
Procedure
Step 1 Run system-view
The system view is displayed.

Switches
Step 2 Run stp mode { stp | rstp }

The working mode of the device is set to STP or RSTP.
By default, the working mode of a device is MSTP. MSTP is compatible with STP
and RSTP.
Step 3 Run commit
The configuration is committed.
----End
9.7.2 (Optional) Configuring the Root Bridge and Secondary

Root Bridge
Context
Typically, the root bridge of a spanning tree is automatically calculated; however,
you can also manually configure a root bridge or secondary root bridge. The
following provides more details regarding configuring a root bridge or secondary
root bridge:
● Configuring a root bridge: A spanning tree can have only one effective root
bridge. When two or more devices are specified as root bridges for a spanning
tree, the device with the smallest MAC address is elected as the root bridge.
● Configuring a secondary root bridge: You can specify multiple secondary root
bridges for each spanning tree. When the root bridge fails or is powered off, a
secondary root bridge becomes the new root bridge until a new root bridge is
specified. If there are multiple secondary root bridges, the one with the
smallest MAC address becomes the root bridge of the spanning tree.
NOTE
On networks that run STP/RSTP/MSTP/VBST, configure an optimal core switch as the root
bridge to ensure stability of the STP Layer 2 network. Otherwise, new access devices may
trigger STP root bridge switching, causing short service interruptions.
It is recommended that you specify the root bridge and secondary root bridge when
configuring STP/RSTP.
Procedure
● Configure a device as the root bridge.
a. Run system-view
b. Run stp root primary
The device is configured as the root bridge.
By default, a device does not function as the root bridge. After you run
this command, the priority value of the device is set to 0 and cannot be
changed.
c. Run commit

Switches
● Configure a device as the secondary root bridge.

a. Run system-view

b. Run stp root secondary
The device is configured as the secondary root bridge.
By default, a device does not function as the secondary root bridge. After
you run this command, the priority value of the device is set to 4096 and
cannot be changed.
c. Run commit
----End
9.7.3 (Optional) Configuring a Priority for a Device
Context
An STP/RSTP network can have only one root bridge, which is the logical center of
the spanning tree. The root bridge should be a high-performance device deployed
at a high network layer. To ensure a certain device is selected as the root bridge,
you can set a high priority for the device.
Set low priorities for devices that are not suitable as the root bridge, such as low-
performance devices at lower network layers.
A smaller priority value indicates a higher priority of a device.
Procedure
Step 2 Run stp priority priority
A priority is set for the device.
The default priority value of a device is 32768.
If the stp root primary or stp root secondary command has been executed to
configure the device as the root bridge or secondary root bridge, run the undo stp
root command to disable the root bridge or secondary root bridge function and
then run the stp priority priority command to set a priority.
Step 3 Run commit
----End

Switches
9.7.4 (Optional) Configuring a Path Cost for a Port

Context
A path cost is the reference value used for link selection on an STP/RSTP network.
The path cost value range is determined by the calculation method. After the
calculation method is determined, it is recommended that you set smaller path
cost values for the ports with higher link rates.
In the Huawei calculation method, the link rate determines the recommended
value for the path cost. Table 9-16 lists the recommended path costs for ports
with different link rates.
Table 9-16 Recommended path costs for ports with different link rates
Link Rate Recommended Recommended Supported Path

Path Cost Path Cost Range Cost Range
10 Mbit/s 2000 200 to 20000 1 to 200000
100 Mbit/s 200 20 to 2000 1 to 200000
1 Gbit/s 20 2 to 200 1 to 200000
10 Gbit/s 2 2 to 20 1 to 200000
Over 10 Gbit/s 1 1 to 2 1 to 200000
If a network has loops, it is recommended that you set a large path cost for ports
with low link rates. STP/RSTP then blocks these ports.
Procedure
Step 2 (Optional) Run stp pathcost-standard { dot1d-1998 | dot1t | legacy }
A path cost calculation method is specified.
By default, the IEEE 802.1t standard (dot1t) is used to calculate the path costs.
All devices on a network must use the same path cost calculation method.
Step 3 Run interface interface-type interface-number
The view of an interface participating in STP calculation is displayed.
Step 4 Run stp cost cost
A path cost is set for the interface.
The following describes the supported cost range for different calculation
methods:

Switches
● When the Huawei calculation method is used, cost ranges from 1 to 200000.
● When the IEEE 802.1d standard method is used, cost ranges from 1 to 65535.
● When the IEEE 802.1t standard method is used, cost ranges from 1 to
200000000.
● If an Eth-Trunk interface is specified as the member interface of an M-LAG
configured in V-STP mode, the path cost of the Eth-Trunk interface is fixed at
2000.
Step 5 Run commit
----End
9.7.5 (Optional) Configuring a Priority for a Port

Context
In spanning tree calculation, priorities of the ports in a ring affect designated port
election.
To block a port on a device, set a greater priority value than the default priority
value for the port.
Procedure
Step 3 Run stp port priority priority
A priority is set for the port.
The default priority value of a port on a device is 128.
Step 4 Run commit
----End

Switches
9.7.6 Enabling STP/RSTP
Context
NOTICE
Before enabling STP/RSTP, ensure that you have performed all basic
configurations, such as the device priority and port priority, on the device and its
ports. After STP/RSTP is enabled on a ring network, spanning tree calculation
starts immediately on the network. Making changes to configurations will affect
spanning tree calculation and may cause network flapping.
Procedure
Step 2 Run stp enable
STP/RSTP is enabled on the device.
By default, STP/RSTP is enabled on a switch.
Step 3 Run commit
----End
Follow-up Procedure
When the topology of a spanning tree changes, the forwarding paths for
associated VLANs are changed. Devices need to update the ARP entries
corresponding to those VLANs. Depending on how devices process ARP entries,
STP/RSTP convergence mode can be fast or normal.
● In fast mode, ARP entries to be updated are directly deleted.

● In normal mode, ARP entries to be updated are rapidly aged.
The remaining lifetime of ARP entries to be updated is set to 0 to immediately
age the ARP entries out. If the number of ARP aging probes is greater than 0,
the device performs aging probe for these ARP entries.
Run the stp converge { fast | normal } command in the system view to configure
the STP/RSTP convergence mode.
By default, the normal STP/RSTP convergence mode is used. The normal mode is
recommended. If the fast mode is used, ARP entries will be frequently deleted,
causing a high CPU usage (even 100%). As a result, network flapping will
frequently occur.

Switches
9.7.7 Verifying the STP/RSTP Configuration
Procedure
● Run the display stp [ interface interface-type interface-number | slot slot-id ]
[ brief ] command to check the spanning tree status and statistics.
----End
9.8 Configuring STP Parameters That Affect the STP

Convergence Speed
STP cannot implement rapid convergence. However, STP parameters including the
network diameter, timeout interval, Hello timer value, Max Age timer value, and
Forward Delay timer value can be configured to affect the STP convergence speed.
Pre-configuration Tasks
Before setting STP parameters that affect STP convergence, configure basic STP
functions.
9.8.1 Configuring the STP Network Diameter
Context
Any two terminals on a switching network are connected through a specific path
along multiple devices. The network diameter is the maximum number of devices
between any two terminals.
An improper network diameter may cause slow network convergence and affect
communication on the network. To speed up convergence, run the stp bridge-
diameter command to set an appropriate network diameter based on the
network scale. Running this command also allows the switch to calculate the
optimal Forward Delay timer value, Hello timer value, and Max Age timer value
based on the configured network diameter.
It is recommended that all devices be configured with the same network diameter.
Procedure
Step 2 Run stp bridge-diameter diameter
The network diameter is configured.
By default, the network diameter is 7.

Switches
NOTE
RSTP uses a single spanning tree instance on the entire network. As a result, performance
deterioration cannot be prevented when the network scale grows. Therefore, the network
diameter cannot be larger than 7.
Step 3 Run commit

----End
9.8.2 Configuring the STP Timeout Interval

Context
If a device does not receive any BPDUs from the upstream device within the
timeout interval, the device considers the upstream device to have failed and
recalculates the spanning tree.
Sometimes, a device cannot receive the BPDU from the upstream device within
the timeout interval because the upstream device is temporarily busy. In this case,
recalculating the spanning tree will waste network resources. This can be avoided
by increasing the timeout interval. However, only set a long timeout interval if the
network is relatively stable.
The timeout interval is calculated as follows:
Timeout interval = Hello Time x 3 x Timer Factor
Procedure
Step 2 Run stp timer-factor factor
The Timer Factor value is set.
By default, the timeout period is 9 times the Hello timer value.
Step 3 Run commit
----End
9.8.3 Configuring STP Timers

Context
There are three timers used in spanning tree calculation: Forward Delay, Hello
Time, and Max Age. These timers can be configured to affect STP convergence.
However, you are not advised to directly change these timers. Instead, it is
recommended that you set the network diameter so that the spanning tree
protocol automatically adjusts these timers in accordance with the network scale.

Switches
The following timers are used in spanning tree calculation:

● Forward Delay: specifies the delay before a state transition. After the topology
of a ring network changes, it takes some time for the new configuration
BPDU to spread throughout the entire network. As a result, the original
blocked port may be unblocked before a new port is blocked, creating a loop
on the network. The purpose of the Forward Delay timer is to prevent loops.
When the topology changes, all ports will be temporarily blocked during the
Forward Delay.
● Hello Time: specifies the interval at which hello packets are sent. A device
sends configuration BPDUs at the specified interval to detect link failures. If
the switching device does not receive any BPDUs within an interval of Hello
Time x 3 x Timer Factor, the device recalculates the spanning tree.
● Max Age: determines whether a BPDU has timed out. A device determines
that a received configuration BPDU times out when the Max Age expires.
Devices on a ring network must use the same values of Forward Delay, Hello
Time, and Max Age.
NOTICE
To prevent frequent network flapping, make sure that the Hello Time, Forward
Delay, and Max Age timer values conform to the following formulas:
● 2 x (Forward Delay - 1.0 second) ≥ Max Age
● Max Age ≥ 2 x (Hello Time + 1.0 second)
Procedure
Step 2 Set the Forward Delay, Hello Time, and Max Age timers.
1. Run stp timer forward-delay forward-delay
The Forward Delay timer is set for the device.
By default, the Forward Delay timer is 1500 centiseconds (15 seconds).
2. Run stp timer hello hello-time
The Hello Time is set for the device.
By default, the Hello Time is 200 centiseconds (2 seconds).
3. Run stp timer max-age max-age
The Max Age timer is set for the device.
By default, the Max Age timer is 2000 centiseconds (20 seconds).
Step 3 Run commit
----End

Switches
9.8.4 Configuring the Maximum Number of Connections in an

Eth-Trunk that Affects Spanning Tree Calculation
Context
Path costs are a major factor in spanning tree calculation and changing path costs
triggers spanning tree recalculation. The path cost of an interface is affected by its
bandwidth, so you can change the interface bandwidth to affect spanning tree
calculation.
In Figure 9-15, SwitchA and SwitchB are connected through two Eth-Trunk links.
Eth-Trunk 1 has three member interfaces in Up state and Eth-Trunk 2 has two
member interfaces in Up state. Each member link has the same bandwidth, and
SwitchA is selected as the root bridge.
● Eth-Trunk 1 has higher bandwidth than Eth-Trunk 2. After STP calculation,
Eth-Trunk 1 on SwitchB is selected as the root port and Eth-Trunk 2 is selected
as the alternate port.
● If the maximum number of connections affecting bandwidth of Eth-Trunk 1 is
set to 1, the path cost of Eth-Trunk 1 is larger than the path cost of Eth-Trunk
2. Therefore, after the two devices perform spanning tree recalculation, Eth-
Trunk 1 on SwitchB becomes the alternate port and Eth-Trunk 2 becomes the
root port.
Figure 9-15 Configuring the maximum number of connections in an Eth-Trunk

SwitchA SwitchB
Before Eth-Trunk1
configuration Eth-Trunk2
Root bridge
SwitchA SwitchB
After Eth-Trunk1
Root bridge
Alternate port
Root port
Designated port
The maximum number of connections affects only the path cost of an Eth-Trunk
interface participating in spanning tree calculation, and does not affect the actual
bandwidth of the Eth-Trunk link. The actual bandwidth for an Eth-Trunk link
depends on the number of active member interfaces in the Eth-Trunk.
Procedure

Switches
Step 2 Run interface eth-trunk trunk-id

The Eth-Trunk interface view is displayed.
Step 3 Run max bandwidth-affected-linknumber link-number
The maximum number of connections affecting the Eth-Trunk bandwidth is set.
By default, the upper threshold for the number of interfaces that determine the
bandwidth of an Eth-Trunk is 8 on the CE5810EI, 64 on CE6880EI and CE5880EI,
and 16 on other models (excluding the CE6870EI and CE6875EI). For the CE6870EI
and CE6875EI, the upper threshold for the number of interfaces that determine
the bandwidth of an Eth-Trunk depends on the maximum number of configured
LAGs. In an SVF system, the maximum number of connections affecting the
bandwidth of an Eth-Trunk is 8.
Step 4 Run commit
----End

Procedure
----End
9.9 Setting RSTP Parameters That Affect RSTP

Convergence
Before configuring RSTP parameters that affect RSTP convergence, configure basic
RSTP functions. RSTP supports link type and fast transition configuration on ports
to implement rapid convergence.
9.9.1 Setting the RSTP Network Diameter

Context
Any two terminals on a switching network are connected through a specific path
along multiple devices. The network diameter is the maximum number of devices
between any two terminals.
An improper network diameter may cause slow network convergence and affect
communication on the network. To speed up convergence, run the stp bridge-
diameter command to set an appropriate network diameter based on the
network scale. Running this command also allows the switch to calculate the
optimal Forward Delay timer value, Hello timer value, and Max Age timer value
based on the configured network diameter.

Switches
It is recommended that all devices be configured with the same network diameter.
Procedure
Step 2 Run stp bridge-diameter diameter
The network diameter is configured.
By default, the network diameter is 7.
NOTE
RSTP uses a single spanning tree instance on the entire network. As a result, performance
deterioration cannot be prevented when the network scale grows. Therefore, the network
diameter cannot be larger than 7.
Step 3 Run commit
----End
9.9.2 Setting the RSTP Timeout Interval
Context
If a device does not receive any BPDUs from the upstream device within the
timeout interval, the device considers the upstream device to have failed and
recalculates the spanning tree.
Sometimes, a device cannot receive the BPDU from the upstream device within
the timeout interval because the upstream device is temporarily busy. In this case,
recalculating the spanning tree will waste network resources. This can be avoided
by increasing the timeout interval. However, only set a long timeout interval if the
network is relatively stable.
The timeout interval is calculated as follows:
Timeout interval = Hello Time x 3 x Timer Factor
Procedure
Step 2 Run stp timer-factor factor
The Timer Factor value is set.
By default, the timeout period is 9 times the Hello timer value.
Step 3 Run commit

Switches
----End
9.9.3 Setting RSTP Timers

Context
There are three timers used in spanning tree calculation: Forward Delay, Hello
Time, and Max Age. These timers can be configured to affect STP convergence.
However, you are not advised to directly change these timers. Instead, it is
recommended that you set the network diameter so that the spanning tree
protocol automatically adjusts these timers in accordance with the network scale.
The following timers are used in spanning tree calculation:
● Forward Delay: specifies the delay before a state transition. After the topology
of a ring network changes, it takes some time for the new configuration
BPDU to spread throughout the entire network. As a result, the original
blocked port may be unblocked before a new port is blocked, creating a loop
on the network. The purpose of the Forward Delay timer is to prevent loops.
When the topology changes, all ports will be temporarily blocked during the
Forward Delay.
● Hello Time: specifies the interval at which hello packets are sent. A device
sends configuration BPDUs at the specified interval to detect link failures. If
the switching device does not receive any BPDUs within an interval of Hello
Time x 3 x Timer Factor, the device recalculates the spanning tree.
● Max Age: determines whether a BPDU has timed out. A device determines
that a received configuration BPDU times out when the Max Age expires.
Devices on a ring network must use the same values of Forward Delay, Hello
Time, and Max Age.
NOTICE
To prevent frequent network flapping, make sure that the Hello Time, Forward
Delay, and Max Age timer values conform to the following formulas:
● 2 x (Forward Delay - 1.0 second) ≥ Max Age
● Max Age ≥ 2 x (Hello Time + 1.0 second)
Procedure
Step 2 Set the Forward Delay, Hello Time, and Max Age timers.
1. Run stp timer forward-delay forward-delay
The Forward Delay timer is set for the device.
By default, the Forward Delay timer is 1500 centiseconds (15 seconds).

Switches
2. Run stp timer hello hello-time

The Hello Time is set for the device.
By default, the Hello Time is 200 centiseconds (2 seconds).
3. Run stp timer max-age max-age
The Max Age timer is set for the device.
By default, the Max Age timer is 2000 centiseconds (20 seconds).
Step 3 Run commit
----End
9.9.4 Configuring the Maximum Number of Connections in an

Eth-Trunk that Affects Spanning Tree Calculation
Context
Path costs are a major factor in spanning tree calculation and changing path costs
triggers spanning tree recalculation. The path cost of an interface is affected by its
bandwidth, so you can change the interface bandwidth to affect spanning tree
calculation.
In Figure 9-16, SwitchA and SwitchB are connected through two Eth-Trunk links.
Eth-Trunk 1 has three member interfaces in Up state and Eth-Trunk 2 has two
member interfaces in Up state. Each member link has the same bandwidth, and
SwitchA is selected as the root bridge.
● Eth-Trunk 1 has higher bandwidth than Eth-Trunk 2. After STP calculation,
Eth-Trunk 1 on SwitchB is selected as the root port and Eth-Trunk 2 is selected
as the alternate port.
● If the maximum number of connections affecting bandwidth of Eth-Trunk 1 is
set to 1, the path cost of Eth-Trunk 1 is larger than the path cost of Eth-Trunk
2. Therefore, after the two devices perform spanning tree recalculation, Eth-
Trunk 1 on SwitchB becomes the alternate port and Eth-Trunk 2 becomes the
root port.

Switches
Figure 9-16 Configuring the maximum number of connections in an Eth-Trunk

SwitchA SwitchB
Before Eth-Trunk1
Root bridge
SwitchA SwitchB
After Eth-Trunk1
Root bridge
Alternate port
Root port
Designated port
The maximum number of connections affects only the path cost of an Eth-Trunk
interface participating in spanning tree calculation, and does not affect the actual
bandwidth of the Eth-Trunk link. The actual bandwidth for an Eth-Trunk link
depends on the number of active member interfaces in the Eth-Trunk.
Procedure
Step 2 Run interface eth-trunk trunk-id
The Eth-Trunk interface view is displayed.
Step 3 Run max bandwidth-affected-linknumber link-number
The maximum number of connections affecting the Eth-Trunk bandwidth is set.
By default, the upper threshold for the number of interfaces that determine the
bandwidth of an Eth-Trunk is 8 on the CE5810EI, 64 on CE6880EI and CE5880EI,
and 16 on other models (excluding the CE6870EI and CE6875EI). For the CE6870EI
and CE6875EI, the upper threshold for the number of interfaces that determine
the bandwidth of an Eth-Trunk depends on the maximum number of configured
LAGs. In an SVF system, the maximum number of connections affecting the
bandwidth of an Eth-Trunk is 8.
Step 4 Run commit
----End

Switches
9.9.5 Configuring the Link Type for a Port

Context
Configuring a link type for a port as P2P can speed up convergence. If the two
ports connected by a P2P link are root or designated ports, they can transit to the
Forwarding state quickly by sending Proposal and Agreement packets. This reduces
the forwarding delay.
By default, an interface automatically identifies whether it is connected to a P2P
link.
Procedure
The view of an Ethernet interface participating in STP calculation is displayed.
Step 3 Run stp point-to-point { auto | force-false | force-true }
The link type is set for the interface.
The following describes the link type that should be set for different interface
working modes:
Step 4 Run commit
----End
9.9.6 Configuring the Maximum Transmission Rate of an

Interface
Context
If a large number of BPDUs sent from an interface within a Hello Time interval, a
lot of system resources will be consumed. Setting a proper transmission rate
(packet-number) on an interface prevents excess bandwidth usage when network
flapping occurs.
Procedure
The view of an Ethernet interface participating in STP calculation is displayed.
Step 3 Run stp transmit-limit packet-number

Switches
The maximum transmission rate of BPDUs (BPDUs per second) is set for the
interface.
By default, the maximum transmission rate of BPDUs on an interface is the value
configured by the stp transmit-limit (system view) command. If the stp
transmit-limit (system view) command is not configured, an interface sends a
maximum of six BPDUs per Hello Time interval.
NOTE
If the same maximum transmission rate of BPDUs needs to be set for each interface on a
device, run the stp transmit-limit (system view) command. The stp transmit-limit
(interface view) command takes precedence over the stp transmit-limit (system view)
command. If the stp transmit-limit (interface view) command is configured on an
interface, the stp transmit-limit (system view) command does not take effect on that
interface.
Step 4 Run commit

----End
9.9.7 Switching to the RSTP Mode

Context
If an interface on an RSTP-enabled device is connected to an STP-enabled device,
the interface switches to the STP compatible mode.
If the STP-enabled device is powered off or disconnected from the RSTP-enabled
device, or the STP-enabled device is switched to the RSTP mode, the interface does
not automatically switch back to the RSTP mode. In any of these cases, run the
stp mcheck command to switch the interface to the RSTP mode.
Procedure
● Switching to the RSTP mode in the interface view
a. Run system-view
b. Run interface interface-type interface-number
The view of an interface participating in spanning tree calculation is
displayed.
c. Run stp mcheck
The interface is switched to the RSTP mode.
d. Run commit
● Switching to the RSTP mode in the system view
a. Run system-view
b. Run stp mcheck

Switches
The device is switched to the RSTP mode.

c. Run commit
----End
9.9.8 Configuring Edge Ports and BPDU Filter Ports
Context
RSTP defines a port that is located at the edge of a network and directly
connected to a terminal device as an edge port.
An edge port does not process configuration BPDUs or participates in RSTP

calculation. It can transition from the Disable to Forwarding state without any
delay.
Edge ports can still send BPDUs. If the BPDUs are sent to another network, this
network may encounter network flapping. To prevent this problem, configure the
BPDU filter function on edge ports so that the edge ports do not process or send
BPDUs.
NOTICE
After a specified port is configured as an edge port and BPDU filter port in the
interface view, the port does not process or send BPDUs and cannot negotiate the
STP state with the directly connected port on the peer device. In addition, if this
command is run in the system view, all ports will go into the Forwarding state.
This may cause loops on the network, leading to broadcast storms. Exercise
caution when deciding to perform this configuration.
Procedure
● Configuring all ports as edge ports and BPDU filter ports
a. Run system-view

b. Run stp edged-port default
All ports are configured as edge ports.
By default, all ports are non-edge ports.

c. Run stp bpdu-filter default
All ports are configured as BPDU filter ports.
By default, all ports are non-BPDU filter ports.

d. Run commit

● Configuring a specified port as an edge port and BPDU filter port

Switches
a. Run system-view

b. Run interface interface-type interface-number
The view of an Ethernet interface that participates in spanning tree

calculation is displayed.
c. Run stp edged-port enable
The port is configured as an edge port.
By default, all ports are non-edge ports.

d. Run stp bpdu-filter enable
The port is configured as a BPDU filter port.
By default, all ports are non-BPDU filter ports.

e. Run commit
----End
Procedure
----End
9.10 Configuring RSTP Protection Functions
9.10.1 Configuring BPDU Protection on a Device
Context
Typically, edge ports are directly connected to user terminals and will not receive
BPDUs. However, if an edge port receives pseudo BPDUs from a malicious attacker,
the device sets the edge port as a non-edge port and triggers spanning tree
recalculation, which results in network flapping. BPDU protection can be
configured to mitigate such attacks.
NOTE
Perform the following procedure on all devices that have edge ports.
BPDU protection is only valid for the edge port manually configured by the stp edged-port
or stp edged-port default command, and is invalid for the edge port configured by the
automatic detection function.

Switches
Procedure
Step 2 Run stp bpdu-protection
BPDU protection is enabled on the device.
By default, BPDU protection is disabled on a device.
Step 3 Run commit
----End
Follow-up Procedure
After BPDU protection is configured, the edge port that receives BPDUs will enter
the Error-Down state and keeps its attributes. The device records the status of an
interface as Error-Down when it detects that a fault occurs. The interface in Error-
Down state cannot receive or send packets and the interface indicator is off. You
can run the display error-down recovery command to check information about
all interfaces in Error-Down state on the device.
When the interface is in Error-Down state, check the cause. You can use the
following modes to restore the interface status:
● Manual (after interfaces enter the Error-Down state)
When there are few interfaces in Error-Down state, run the shutdown and
undo shutdown commands in the interface view or run the restart command
to restore the interface.
● Auto (before interfaces enter the Error-Down state)
If there are many interfaces in Error-Down state, the manual mode brings in
heavy workload and the configuration of some interfaces may be ignored. To
prevent this problem, run the error-down auto-recovery cause bpdu-
protection interval interval-value command in the system view to enable an
interface in Error-Down state to go Up and set a recovery delay. You can run
the display error-down recovery command to view automatic recovery
information about the interface.
NOTE
This mode is invalid for the interface that has entered the Error-Down state, and is valid
only for the interface that enters the Error-Down state after the error-down auto-recovery
cause bpdu-protection interval interval-value command is run.
9.10.2 Configuring TC Protection on a Device

Context
A switch deletes its MAC address entries and ARP entries after receiving TC BPDUs.
An attacker can use this to their advantage by sending a large number of bogus
TC BPDUs to the switch in a short time, causing the device to frequently delete

Switches
MAC address entries and ARP entries. This increases the load on the switch and
threatens network stability.
After enabling TC BPDU protection on a switch, you can set a limit for the number
of times the device processes TC BPDUs within a given time. If this number is
exceeded, the switch processes only the specified number of TC BPDUs. Any excess
TC BPDUs are processed in one go by the switch after the specified period expires.
This function prevents the switch from frequently deleting its MAC address entries
and ARP entries, reducing the load on the switch and guaranteeing network
stability.
Procedure
Step 2 Run stp tc-protection
TC protection is enabled for the device.
By default, TC protection is disabled on a device.
Step 3 Run either or both of the following commands to configure TC protection
parameters.
● To set the time period during which the device processes the maximum
number of TC BPDUs, run stp tc-protection interval interval-value.
By default, the time period is the Hello Time.
● To set the maximum number of TC BPDUs that the device processes within a
specified period, run stp tc-protection threshold threshold.
By default, a device processes one TC BPDU within a specified period.
NOTE
● There are two TC protection parameters: time period during which the device processes
the maximum number of TC BPDUs and the maximum number of TC BPDUs processed
within the time period. For example, if the time period is set to 10 seconds and the
maximum number of TC BPDUs is set to 5, the device processes only the first five TC
BPDUs within 10 seconds and processes the other TC BPDUs together 10 seconds later.
● The device processes only the maximum number of TC BPDUs configured by the stp tc-
protection threshold command within the time period configured by the stp tc-
protection interval command. Other packets are processed after a delay, so spanning
tree convergence speed may slow down.
Step 4 Run commit

----End
9.10.3 Configuring Root Protection on a Port

Context
If a root bridge receives BPDUs with a higher priority than its own due to incorrect
configurations or malicious attacks, the root bridge is incorrectly changed. As a

Switches
result, traffic may be switched from high-speed links to low-speed links, leading to
network congestion. You can configure root protection on a designated port,
which prevents the port role from being changed.
Perform the following steps on the root bridge in an MST region.
Procedure
Step 3 Run stp root-protection
Root protection is enabled on the interface.
By default, root protection is disabled on an interface. Root protection takes effect
only on designated ports. Root protection and loop protection cannot be
configured on the same interface.
Step 4 Run commit
----End
9.10.4 Configuring Loop Prevention on a Port

Context
On an RSTP network, a switch can only maintain the states of the root port and
blocked ports if it is continuously receiving RST BPDUs from the upstream switch.
If the ports cannot receive RST BPDUs from the upstream switch due to link
congestion or unidirectional link failures, the switch re-selects a root port. The
previous root port then becomes a designated port and the blocked ports change
to the Forwarding state, potentially creating loops on the network. To prevent
such a problem, configure loop protection.
With loop prevention enabled, if the root port or alternate port does not receive
RST BPDUs from the upstream switch for a long time, the switch sends a
notification to the NMS. The root port enters the Discarding state, whereas the
blocked port remains in Blocking state and does not forward packets, preventing
loops on the network. The root port or alternate port reverts to the Forwarding
state after receiving new RST BPDUs.
Procedure
The view of the root port or alternate port is displayed.

Switches
Step 3 Run stp loop-protection
Loop prevention is enabled on the root port or alternate port.
By default, loop prevention is disabled on a port.
NOTE
An alternate port is a backup for a root port. If a device has an alternate port, configure
loop prevention on both the root port and the alternate port.
Root protection and loop prevention cannot be configured on the same port.
Step 4 Run commit
----End
Procedure
----End
9.11 Configuring Interoperability Between Huawei and

Non-Huawei Devices
Context
To implement interoperability between Huawei and non-Huawei devices, select
the fast transition mode based on the Proposal/Agreement mechanism of the
non-Huawei device. A device supports the following fast transition modes:
● Enhanced mode: The device determines the root port when it calculates the
synchronization flag bit. The following describes the process:
a. An upstream device sends a Proposal message to a downstream device to
request fast state transition. After receiving the message, the downstream
device sets the port connected to the upstream device as the root port
and blocks all non-edge ports.
b. The upstream device sends an Agreement message to the downstream
device. After the downstream device receives the message, the root port
transitions to the Forwarding state.
c. The downstream device responds with an Agreement message. After
receiving the message, the upstream device sets the port connected to
the downstream device as the designated port, and then the designated
port transitions to the Forwarding state.
● Common mode: The device ignores the root port when it calculates the
synchronization flag bit. The following describes the process:

Switches
a. An upstream device sends a Proposal message to a downstream device to

request fast state transition. After receiving the message, the downstream
device sets the port connected to the upstream device as the root port
and blocks all non-edge ports. Then, the root port transitions to the
Forwarding state.
b. The downstream device responds with an Agreement message. After
receiving the message, the upstream device sets the port connected to
the downstream device as the designated port, and then the designated
port transitions to the Forwarding state.
On an STP network, if a Huawei device is connected to a non-Huawei device that
uses a different Proposal/Agreement mechanism, the two devices may fail to
interoperate with each other. Select the enhanced mode or common mode based
on the Proposal/Agreement mechanism of the non-Huawei device.
Before setting parameters for interoperation between Huawei and non-Huawei
devices, configure basic STP/RSTP functions.
Procedure
The view of an interface participating in spanning tree calculation is displayed.
Step 3 Run stp no-agreement-check
The common fast transition mode is specified.
By default, the enhanced fast transition mode is used on a port.
Step 4 Run commit
----End
9.12 Maintaining STP/RSTP
9.12.1 Clearing STP/RSTP Statistics

Context
NOTICE
STP/RSTP statistics cannot be restored after being cleared.

Switches
Procedure
● Run the reset stp [ interface interface-type interface-number ] statistics
command to clear spanning tree statistics.
----End
9.12.2 Monitoring STP/RSTP Topology Change Statistics

The statistics about STP/RSTP topology changes can be viewed. If the statistics
increase, network flapping occurs.
Procedure
● Run the display stp [ process process-id ] [ instance instance-id ] topology-
change command to check statistics about STP/RSTP topology changes.
● Run the display stp [ process process-id ] [ instance instance-id ] [ interface
interface-type interface-number | slot slot-id ] tc-bpdu statistics command
to check statistics about sent and received TC/TCN packets.
----End
9.13 Configuration Examples for STP/RSTP

This section only provides configuration examples for individual features. For
details about multi-feature configuration examples, feature-specific configuration
examples, interoperation examples, protocol or hardware replacement examples,
and industry application examples, see the Typical Configuration Examples.
9.13.1 Example for Configuring STP

Networking Requirements
devices for link redundancy (one as the active link and the others as standby
links). However, redundant links may cause loops on the network, which result in
broadcast storms and unstable MAC address entries.
STP can be deployed on a network to eliminate loops by blocking ports. In Figure
9-17, a loop exists on the network, and SwitchA, SwitchB, SwitchC, and SwitchD
are all running STP. These devices exchange STP BPDUs to discover loops and
block some ports to prune the network into a loop-free tree network, improving
packet processing performance.

Switches
Figure 9-17 Networking diagram of STP configuration
Network
10GE1/0/3 10GE1/0/3
10GE1/0/1
SwitchD SwitchA
10GE1/0/1
10GE1/0/2 Root 10GE1/0/2
bridge
STP
10GE1/0/3 10GE1/0/3
10GE1/0/1
SwitchC SwitchB
10GE1/0/1
10GE1/0/2 10GE1/0/2
Server1 Server2
Blocked port
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the STP mode for the devices on the ring network.
2. Configure the root bridge and secondary root bridge.
3. Set a path cost for the ports to be blocked.
4. Enable STP to eliminate loops.
NOTE
The ports connected to servers do not participate in STP calculation. Disable STP on
these ports.
5. Verify the configuration.
Procedure
Step 1 Configure the STP mode for the devices on the ring network. The configurations
on SwitchB, SwitchC, and SwitchD are similar to the configurations on SwitchA,
and are not mentioned here.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchA
[*HUAWEI] commit
[~SwitchA] stp mode stp
[*SwitchA] commit

Switches
Step 2 Configure the root bridge and secondary root bridge.

# Configure SwitchA as the root bridge.
[~SwitchA] stp root primary
[*SwitchA] commit
# Configure SwitchB as the secondary root bridge.

[~SwitchB] stp root secondary
[*SwitchB] commit
Step 3 Set a path cost for the ports to be blocked.

The path cost value range depends on path cost calculation methods, which must
be the same on all switches. This example uses the Huawei proprietary calculation
method.
# On SwitchA, set the path cost calculation method to the Huawei proprietary
method.
[~SwitchA] stp pathcost-standard legacy
[*SwitchA] commit
# On SwitchB, set the path cost calculation method to the Huawei proprietary
method.
[~SwitchB] stp pathcost-standard legacy
[*SwitchB] commit
# Set the path cost of 10GE1/0/1 on SwitchC to 20000.

[~SwitchC] stp pathcost-standard legacy
[*SwitchC] interface 10ge 1/0/1
[*SwitchC-10GE1/0/1] stp cost 20000
[*SwitchC-10GE1/0/1] commit
[~SwitchC-10GE1/0/1] quit
# On SwitchD, set the path cost calculation method to the Huawei proprietary
method.
[~SwitchD] stp pathcost-standard legacy
[*SwitchD] commit
Step 4 Enable STP to eliminate loops.

● Disable STP on the port connected to the server.
# Disable STP on 10GE1/0/2 of SwitchB.
[~SwitchB] interface 10ge 1/0/2
[~SwitchB-10GE1/0/2] stp disable
[*SwitchB-10GE1/0/2] commit
[~SwitchB-10GE1/0/2] quit
# Disable STP on 10GE1/0/2 of SwitchC.

[~SwitchC] interface 10ge 1/0/2
[~SwitchC-10GE1/0/2] stp disable
● Enable STP globally on devices.

[~SwitchA] stp enable
[*SwitchA] commit
[~SwitchB] stp enable
[*SwitchB] commit
[~SwitchC] stp enable
[*SwitchC] commit

Switches
[~SwitchD] stp enable

[*SwitchD] commit
Step 5 Verify the configuration.

After the preceding configuration is complete and the network becomes stable,
perform the following operations to verify the configuration:
# Run the display stp brief command on SwitchA to view the port roles and
states. The following information is displayed:
[~SwitchA] display stp brief
MSTID Port Role STP State Protection Cost Edged
0 10GE1/0/1 DESI forwarding none 2 disable
After SwitchA is configured as the root bridge, 10GE1/0/2 and 10GE1/0/1

connected to SwitchB and SwitchD respectively are elected as designated ports
through spanning tree calculation.
# Run the display stp interface 10GE 1/0/1 brief command on SwitchB to view
the role and state of 10GE1/0/1. The following information is displayed:
[~SwitchB] display stp interface 10ge 1/0/1 brief
10GE1/0/1 is elected as a designated port and is in Forwarding state.

# Run the display stp brief command on SwitchC to check the port roles and
[~SwitchC] display stp brief
0 10GE1/0/1 ALTE discarding none 20000 disable
0 10GE1/0/3 ROOT forwarding none 2 disable
10GE1/0/1 is elected as an alternate port and is in Discarding state.

10GE1/0/3 is elected as a root port and is in Forwarding state.
----End
Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
stp mode stp
stp instance 0 root primary
stp pathcost-standard legacy
#
return
● SwitchB configuration file

#
sysname SwitchB
#
stp mode stp
stp instance 0 root secondary
#
interface 10GE1/0/2
stp disable

Switches
#
return
● SwitchC configuration file

#
sysname SwitchC
#
stp mode stp
#
interface 10GE1/0/1
stp instance 0 cost 20000
#
interface 10GE1/0/2
stp disable
#
return
● SwitchD configuration file

#
sysname SwitchD
#
stp mode stp
#
return
9.13.2 Example for Configuring RSTP

Networking Requirements
devices for link redundancy (one as the active link and the others as standby
links). However, redundant links may cause loops on the network, which result in
broadcast storms and unstable MAC address entries.
RSTP can be deployed on a network to eliminate loops by blocking ports. In
Figure 9-18, a loop exists on the network, and SwitchA, SwitchB, SwitchC, and
SwitchD are all running RSTP. These devices exchange BPDUs to discover the loops
and block the appropriate ports in order to trim the ring topology into a loop-free
tree topology, improving packet processing performance.

Switches
Figure 9-18 Networking diagram of RSTP configuration
Network
10GE1/0/3 10GE1/0/3
10GE1/0/1
SwitchD SwitchA
10GE1/0/1
10GE1/0/2 Root 10GE1/0/2
bridge
RSTP
10GE1/0/3 10GE1/0/3
10GE1/0/1
SwitchC SwitchB
10GE1/0/1
10GE1/0/2 10GE1/0/2
Server1 Server2
Blocked port
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the RSTP mode for the devices on the ring network.
2. Configure the root bridge and secondary root bridge.
3. Set a path cost for the ports to be blocked.
4. Enable RSTP to eliminate loops.
NOTE
The ports connected to servers do not participate in RSTP calculation. Disable RSTP on
these ports.
5. Configure protection functions to protect devices or links.
6. Verify the configuration.
Procedure
Step 1 Configure the RSTP mode for the devices on the ring network. The configurations
on SwitchB, SwitchC, and SwitchD are similar to the configurations on SwitchA,
and are not mentioned here.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchA
[*HUAWEI] commit

Switches
[~SwitchA] stp mode rstp

[*SwitchA] commit
Step 2 Configure the root bridge and secondary root bridge.

# Configure SwitchA as the root bridge.
[~SwitchA] stp root primary
[*SwitchA] commit
# Configure SwitchB as the secondary root bridge.

[~SwitchB] stp root secondary
[*SwitchB] commit
Step 3 Set a path cost for the ports to be blocked.

The path cost value range depends on path cost calculation methods, which must
be the same on all switches. This example uses the Huawei proprietary calculation
method.
# On SwitchA, set the path cost calculation method to the Huawei proprietary
method.
[~SwitchA] stp pathcost-standard legacy
[*SwitchA] commit
# On SwitchB, set the path cost calculation method to the Huawei proprietary
method.
[~SwitchB] stp pathcost-standard legacy
[*SwitchB] commit
# Set the path cost of 10GE1/0/1 on SwitchC to 20000.

[~SwitchC] stp pathcost-standard legacy
[*SwitchC] interface 10ge 1/0/1
[*SwitchC-10GE1/0/1] stp cost 20000
# On SwitchD, set the path cost calculation method to the Huawei proprietary
method.
[~SwitchD] stp pathcost-standard legacy
[*SwitchD] commit
Step 4 Enable RSTP to eliminate loops.

● Disable RSTP on the ports connected to servers.
# Disable RSTP on 10GE1/0/2 of SwitchB.
[~SwitchB] interface 10ge 1/0/2
[~SwitchB-10GE1/0/2] stp disable
[*SwitchB-10GE1/0/2] commit
[~SwitchB-10GE1/0/2] quit
# Disable RSTP on 10GE1/0/2 of SwitchC.

[~SwitchC] interface 10ge 1/0/2
[~SwitchC-10GE1/0/2] stp disable
● Enable RSTP globally on devices.

[~SwitchA] stp enable
[*SwitchA] commit
[~SwitchB] stp enable
[*SwitchB] commit

Switches
[~SwitchC] stp enable

[*SwitchC] commit
[~SwitchD] stp enable
[*SwitchD] commit
Step 5 Configure root protection on the designated ports of the root bridge.
# Configure root protection on 10GE1/0/1 and 10GE1/0/2 of SwitchA.
[~SwitchA] interface 10ge 1/0/1
[~SwitchA-10GE1/0/1] stp root-protection
[*SwitchA-10GE1/0/1] quit
[*SwitchA] interface 10ge 1/0/2
[*SwitchA-10GE1/0/2] stp root-protection
[*SwitchA-10GE1/0/2] quit
[*SwitchA] commit
Step 6 Verify the configuration.

After the preceding configuration is complete and the network becomes stable,
perform the following operations to verify the configuration:
# Run the display stp brief command on SwitchA to view the states and
protection type on RSTP ports. The following information is displayed:
[~SwitchA] display stp brief
0 10GE1/0/1 DESI forwarding root 2 disable
0 10GE1/0/2 DESI forwarding root 2 disable
After SwitchA is configured as the root bridge, 10GE1/0/2 connected to SwitchB

and 10GE1/0/1 connected to SwitchD are elected as designated ports through
spanning tree calculation and configured with root protection.
# Run the display stp interface 10GE 1/0/1 brief command on SwitchB to view
the role and state of 10GE1/0/1. The following information is displayed:
[~SwitchB] display stp interface 10ge 1/0/1 brief
10GE1/0/1 is elected as a designated port and is in Forwarding state.

# Run the display stp brief command on SwitchC to check the port roles and
[~SwitchC] display stp brief
0 10GE1/0/1 ALTE discarding none 20000 disable
0 10GE1/0/3 ROOT forwarding none 2 disable
10GE1/0/1 is elected as an alternate port and is in Discarding state.

10GE1/0/3 is elected as a root port and is in Forwarding state.
----End
Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
stp mode rstp
stp instance 0 root primary

Switches
#
interface 10GE1/0/1
stp root-protection
#
interface 10GE1/0/2
stp root-protection
#
return
● SwitchB configuration file

#
sysname SwitchB
#
stp mode rstp
stp instance 0 root secondary
#
interface 10GE1/0/2
stp disable
#
return
● SwitchC configuration file

#
sysname SwitchC
#
stp mode rstp
#
interface 10GE1/0/1
stp instance 0 cost 20000
#
interface 10GE1/0/2
stp disable
#
return
● SwitchD configuration file

#
sysname SwitchD
#
stp mode rstp
#
return

01-09 STP RSTP Configuration

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

01-09 STP RSTP Configuration

Uploaded by

Copyright:

Available Formats

CloudEngine 8800, 7800, 6800, and 5800 Series

9.1 Overview of STP/RSTP

9.1 Overview of STP/RSTP

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 449

Table 9-1 Comparison of STP, RSTP, and MSTP

Spanning Characteristics Usage Scenario

STP ● A loop-free tree topology is All VLANs share one spanning

RSTP ● A loop-free tree topology is

MSTP ● A loop-free tree topology is Traffic in different VLANs is

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 450

9.2 Understanding STP/RSTP

9.2.1 STP Background

Figure 9-1 Typical LAN networking

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 451

9.2.2 Basic Concepts of STP

Metrics for Spanning Tree Calculation

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 452

Root Bridge, Root Port, and Designated Port

Figure 9-2 STP network architecture

PC: path cost

Table 9-2 Designated bridge and designated port

Reference Designated Bridge Designated Port

Device A directly connected The designated bridge's port

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 453

Reference Designated Bridge Designated Port

LAN A device that forwards The designated bridge's port

Figure 9-3 Designated bridge and designated port

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 454

Table 9-3 Four fields

Root bridge ID ID of the root bridge. Each STP network has

Root path cost Path cost to the root bridge. It is determined by

Sender BID BID of the device that sends the configuration

PID PID of the port that sends the configuration

Figure 9-4 Scenario where PIDs need to be compared

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 455

Table 9-4 STP port states

Learning When a port is in Learning state, This is a transitional state, which

Listenin All ports are in Listening state This is a transitional state.

Blocking A port in Blocking state receives This is the final state of a

Disabled A port in Disabled state does not The port is Down.

Figure 9-5 shows the state transitions of a port.

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 456

Figure 9-5 STP state transitions of a port

1 The port is initialized or enabled, and enters the Blocking state.

2 The port is selected as the root or designated port, and enters

Table 9-5 describes the MSTP port states.

Table 9-5 MSTP port states

Learning This is a transitional state. When a port is in Learning state, the

Discardi A port in Discarding state can only receive BPDUs.

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 457

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 458

Table 9-6 Values of STP timer parameters

Hello Time 200 centiseconds (2 100-1000

Max Age 2000 centiseconds (20 600-4000

Forward Delay 1500 centiseconds (15 400-3000

9.2.3 STP BPDU Format

Figure 9-6 Format of an Ethernet frame

There are two types of STP BPDUs:

Issue 09 (2021-06-03) Copyright © Huawei Technologies Co., Ltd. 459

Table 9-7 describes fields in a BPDU.

Table 9-7 Fields in a BPDU

Field Byte Description

Protocol Identifier 2 The value is fixed at 0.

Protocol Version 1 The value is fixed at 0.