S Series Switch Feature Start-Loop Prevention V1.0 D

S Series Switch
Feature Start - Loop Prevention

Features
Issue
01
Date
2013-10-30
HUAWEI TECHNOLOGIES CO., LTD.
Copyright Huawei Technologies Co., Ltd. 2013. All rights reserved.

No part of this document may be reproduced or transmitted in any form or by any means without prior
written consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and
the customer. All or part of the products, services and features described in this document may not be
within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements,
information, and recommendations in this document are provided "AS IS" without warranties, guarantees
or representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.

Address:
Huawei Industrial Base

Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website:
http://enterprise.huawei.com
Issue 01 (2013-10-30)
Huawei Proprietary and Confidential

Copyright Huawei Technologies Co.,
Ltd.
S Series Switch
Feature Start - Loop Prevention Features
About This Document
About This Document

Overview
This document compares advantages and disadvantages of loop prevention features supported
by Huawei S series switches. It also provides suggestions for using Ethernet ring networks
and Ethernet loop prevention technologies in various scenarios.
This document describes the troubleshooting of SEP, STP, RRPP, Smart Link, ERPS, and
other loop prevention features, including elementary knowledge, configuration guide,
deployment precautions, troubleshooting procedures, troubleshooting cases, and FAQs.
Intended Audience
This document is intended for:
Technical support engineers
Maintenance engineers
Symbol Conventions
The symbols that may be found in this document are defined as follows:
Symbol
Description
Alerts you to a high risk hazard that could, if not avoided,
result in serious injury or death.
Alerts you to a medium or low risk hazard that could, if not
avoided, result in moderate or minor injury.
Alerts you to a potentially hazardous situation that could, if
not avoided, result in equipment damage, data loss,
performance deterioration, or unanticipated results.
Indicates a tip that may help you solve a problem or save your
time.
Provides additional information to emphasize or supplement
important points in the main text.
Issue 01 (2013-10-30)

Ltd.
ii
S Series Switch
About This Document
Change History
Changes between document issues are cumulative. The latest document issue contains all the
changes made in earlier issues.
Issue 01 (2013-10-30)
This is the first official release.
Issue 01 (2013-10-30)

Ltd.
iii
S Series Switch
Contents
Contents
About This Document.......................................................................ii
1 Overview...................................................................................... 1
1.1 Introduction to Loop Prevention Technologies..............................................................................................................1
1.2 Comparison Between Ethernet Loop Prevention Technologies.....................................................................................2
1.3 Scenario Suggestions......................................................................................................................................................5
1.3.1 Usage Suggestions for Ethernet Loop Prevention Technologies.................................................................................5
1.3.2 Example Scenario 1: SEP............................................................................................................................................5
1.3.3 Example Scenario 2: RRPP.........................................................................................................................................6
1.3.4 Example Scenario 3: STP............................................................................................................................................7
1.3.5 Example Scenario 4: SEP+MSTP...............................................................................................................................8
1.3.6 Example Scenario 5: SEP+Smart Link........................................................................................................................9
2 SEP............................................................................................ 11
2.1 Overview......................................................................................................................................................................11
2.1.1 Feature Description....................................................................................................................................................11
2.1.1.1 SEP Working Principle...........................................................................................................................................11
2.1.1.2 SEP Concepts.........................................................................................................................................................12
2.1.1.3 SEP Implementation...............................................................................................................................................15
2.1.2 Version Difference.....................................................................................................................................................27
2.2 Configuration Guide.....................................................................................................................................................28
2.2.1 Scenario 1: SEP Open Ring Networking...................................................................................................................28
2.2.1.1 Networking Description.........................................................................................................................................28
2.2.1.2 Configuration Roadmap.........................................................................................................................................28
2.2.1.3 Configuration Example..........................................................................................................................................29
2.2.2 Scenario 2: SEP Closed Ring Networking................................................................................................................34
2.2.3 Scenario 3: Hybrid Networking of SEP and Smart Link...........................................................................................40
2.2.4 Scenario 4: Hybrid Networking of SEP and MSTP..................................................................................................47
Issue 01 (2013-10-30)

Ltd.
iv
S Series Switch
Contents

2.2.5 Scenario 5: Hybrid Networking of SEP and RRPP...................................................................................................55
2.3 Troubleshooting............................................................................................................................................................68
2.3.1 Troubleshooting Overview........................................................................................................................................68
2.3.2 Fault 1: Traffic Forwarding Fails on SEP Links........................................................................................................68
2.3.2.1 Fault Description....................................................................................................................................................68
2.3.2.2 Troubleshooting Roadmap......................................................................................................................................68
2.3.2.3 Troubleshooting Flowchart.....................................................................................................................................68
2.3.2.4 Troubleshooting Procedure.....................................................................................................................................69
2.3.3 Information Collection Methods...............................................................................................................................71
2.3.3.1 Network Topology..................................................................................................................................................71
2.3.3.2 List of the display Commands................................................................................................................................71
2.4 Troubleshooting Cases..................................................................................................................................................72
2.4.1 Case 1: After the SEP Configuration on a Faulty Port Is Deleted, a Device Cannot Be Managed...........................72
2.4.1.1 Symptom and Networking......................................................................................................................................72
2.4.1.2 Root Cause..............................................................................................................................................................73
2.4.1.3 Identification Method.............................................................................................................................................73
2.4.1.4 Solution...................................................................................................................................................................73
2.4.1.5 Summary.................................................................................................................................................................74
3 STP............................................................................................ 75
3.1 Overview......................................................................................................................................................................75
3.1.1 Feature Description...................................................................................................................................................75
3.1.1.1 Background.............................................................................................................................................................75
3.1.1.2 Introduction to STP................................................................................................................................................75
3.1.1.3 MSTP Concepts......................................................................................................................................................76
3.1.1.4 MSTP Protection....................................................................................................................................................79
3.1.1.5 MSTP Convergence Example.................................................................................................................................80
3.1.2 Version Difference.....................................................................................................................................................81
3.1.3 Implementation on Devices of Other Vendors..........................................................................................................82
3.1.3.1 H3C.........................................................................................................................................................................82
3.1.3.2 Cisco.......................................................................................................................................................................82
3.2 Configuration Guide.....................................................................................................................................................84
3.2.1 Scenario 1: Configuring Basic RSTP Functions.......................................................................................................84
Issue 01 (2013-10-30)

Ltd.
S Series Switch
Contents
3.2.2 Scenario 2: Configuring Basic MSTP Functions......................................................................................................87

3.2.3 Scenario 3: Configuring Huawei Switches to Communicate With a Cisco Switch..................................................95
3.2.4 Deployment Precautions..........................................................................................................................................111
3.2.4.1 Is the bpdu enable Command Configured on the Eth-Trunk After STP Is Enabled on Box Switches?...............111
3.2.4.2 After STP Is Enabled on an Eth-Trunk, Change the Cost of the Eth-Trunk to Be Smaller than the Cost of
Physical Ports...................................................................................................................................................................112
3.3 Troubleshooting..........................................................................................................................................................112
3.3.1 Troubleshooting Overview......................................................................................................................................112
3.3.2 Fault 1: Traffic Cannot Be Transmitted Stably on the STP Network......................................................................113
3.3.2.1 Fault Description..................................................................................................................................................113
3.3.2.2 Troubleshooting Roadmap....................................................................................................................................114
3.3.2.3 Troubleshooting Flowchart...................................................................................................................................115
3.3.2.4 Troubleshooting Procedure...................................................................................................................................116
3.3.3 Fault 2: A Port Cannot Converge Rapidly...............................................................................................................119
3.3.4 Fault 3: CPU Usage Is High on an STP-enabled Device........................................................................................123
3.3.5 Information Collection Methods.............................................................................................................................129
3.3.5.1 Network Topology................................................................................................................................................129
3.3.5.2 List of the display Commands..............................................................................................................................129
3.4 Troubleshooting Cases................................................................................................................................................131
3.4.1 Case 1: After an RSTP-enabled Port Is Shut Down and Restored, RSTP Cannot Converge Quickly....................131
3.4.1.1 Symptom and Networking....................................................................................................................................131
3.4.1.2 Root Cause............................................................................................................................................................131
3.4.1.3 Identification Method...........................................................................................................................................131
3.4.1.4 Solution.................................................................................................................................................................132
3.4.1.5 Summary...............................................................................................................................................................132
3.4.2 Case 2: Member Ports of an Eth-Trunk Are Down and Services Are Interrupted..................................................132
3.4.2.2 Root Cause............................................................................................................................................................133
Issue 01 (2013-10-30)

Ltd.
vi
S Series Switch
Contents

3.4.2.4 Solution.................................................................................................................................................................134
3.4.2.5 Summary...............................................................................................................................................................134
3.4.3 Case 3: Different MSTP Region Configurations Result in the Same Convergence of Multiple Instances.............134
3.4.3.2 Root Cause............................................................................................................................................................135
3.4.3.4 Solution.................................................................................................................................................................135
3.4.3.5 Summary...............................................................................................................................................................136
3.4.4 Case 4: Packets Trigger Root Protection and Services Are Interrupted..................................................................136
3.4.4.2 Root Cause............................................................................................................................................................136
3.4.4.4 Solution.................................................................................................................................................................137
3.4.4.5 Summary...............................................................................................................................................................137
4 RRPP........................................................................................ 138
4.1 RRPP Overview..........................................................................................................................................................138
4.1.1 Feature Description.................................................................................................................................................138
4.1.1.1 Basic RRPP Concepts...........................................................................................................................................138
4.1.1.2 RRPP Packets.......................................................................................................................................................140
4.1.1.3 RRPP Working Principles.....................................................................................................................................141
4.2 Configuration Guide...................................................................................................................................................144
4.2.1 Scenario 1: Configuring Single RRPP Ring with a Single Instance.......................................................................144
4.2.1.1 Networking Description.......................................................................................................................................144
4.2.1.2 Configuration Roadmap.......................................................................................................................................145
4.2.1.3 Configuration Example........................................................................................................................................145
4.2.2 Scenario 2: Configuring Intersecting RRPP Rings with a Single Instance.............................................................150
4.2.3 Scenario 3: Configuring Intersecting RRPP Rings with Multiple Instances...........................................................161
4.2.4.1 Check that All Switches on the RRPP Ring Have the Same Working Mode.......................................................179
4.2.4.2 Suppression of Unknown Unicast Traffic Cannot Be Configured on Transmit Nodes of the RRP Ring............180
4.2.4.3 LDT/LBDT and RRPP Cannot Be Configured Simultaneously on the Same Port..............................................180
4.3.2 An RRPP Temporary Loop Occurs..........................................................................................................................181
Issue 01 (2013-10-30)

Ltd.
vii
S Series Switch
Contents

4.3.3 Information Collection............................................................................................................................................185
4.3.3.2 display Command List..........................................................................................................................................185
4.4.1 Switch Ports Join VLAN 1 by Default. VLAN 1 Is Not Configured as Protected VLAN When RRPP MultiInstance Is Configured, Causing an RRPP Temporary Loop...........................................................................................186
4.4.1.2 Root Cause............................................................................................................................................................186
4.4.1.4 Solution.................................................................................................................................................................187
4.4.1.5 Summary...............................................................................................................................................................188
4.4.2 Multi-Instance Configuration Causes an RRPP Loop.............................................................................................188
4.4.2.2 Root Cause............................................................................................................................................................188
4.4.2.4 Solution.................................................................................................................................................................190
4.4.2.5 Summary...............................................................................................................................................................190
4.4.3 MAC Address Forwarding Entries and ARP Entries Cannot Be Updated Because RRPP Master Node and
Transmit Nodes Work in Different Modes.......................................................................................................................191
4.4.3.2 Root Cause............................................................................................................................................................191
4.4.3.4 Solution.................................................................................................................................................................192
4.4.3.5 Summary...............................................................................................................................................................192
5 Smart Link................................................................................ 193

5.1 Smart Link Overview.................................................................................................................................................193
5.1.1 Feature Description.................................................................................................................................................193
5.1.1.1 Basic Principles and Concepts..............................................................................................................................193
5.1.1.2 Characteristics......................................................................................................................................................193
5.1.2 Version Difference...................................................................................................................................................194
5.2.1 Scenario 1: Configuring Load Balancing Between Active and Standby Links of a Smart Link Group.................194
5.2.2 Scenario 2: Configuring Association Between Monitor Link and Smart Link.......................................................199
Issue 01 (2013-10-30)

Ltd.
viii
S Series Switch
Contents

5.2.3.1 All Ports on the Smart Link Ring Must Be Enabled to Receive Flush Packets...................................................205
5.3.2 Active/Standby Link Switchover Fails in a Smart Link Group...............................................................................205
5.3.3 Monitor Link Group Status Is Incorrect..................................................................................................................208
5.4.1 Smart Link Multi-Instance Is Configured to Balance Load. After that, An Error Occurs When the STP Region Is
Modified...........................................................................................................................................................................211
5.4.1.2 Root Cause............................................................................................................................................................211
5.4.1.4 Solution.................................................................................................................................................................212
5.4.1.5 Summary...............................................................................................................................................................213
5.4.2 Services Are Interrupted After an Active/Standby Link Switchover Occurs in the Smart Link Group..................213
5.4.2.2 Root Cause............................................................................................................................................................214
5.4.2.4 Solution.................................................................................................................................................................214
5.4.2.5 Summary...............................................................................................................................................................214
6 ERPS Overview..........................................................................215
6.1 Introduction to ERPS..................................................................................................................................................215
6.1.1 ERPS........................................................................................................................................................................215
6.1.1.1 Basic ERPS Concepts...........................................................................................................................................215
6.1.1.2 ERPS Single-ring Principle..................................................................................................................................220
6.1.1.3 ERPS Multi-ring Principle...................................................................................................................................225
6.1.1.4 ERPS Multi-instance............................................................................................................................................228
6.2.1 Scenario 1: Configuring a Single ERPS Instance....................................................................................................231
Issue 01 (2013-10-30)

Ltd.
ix
S Series Switch
Contents

6.2.2 Scenario 2: Configuring ERPS Multi-instance........................................................................................................237
6.2.3.1 Associate Ethernet CFM with ERPS When an Intermediate Transmission Device Is Deployed on an ERPS Ring
..........................................................................................................................................................................................246
6.3.2 Traffic Forwarding Fails on an ERPS Link.............................................................................................................247
6.4.1 ERPS Cannot Work Properly When the Switch Connects to an RTN Device........................................................252
6.4.1.2 Root Cause............................................................................................................................................................252
6.4.1.4 Solution.................................................................................................................................................................253
6.4.1.5 Summary...............................................................................................................................................................253
7 LDT&LBDT................................................................................. 254
7.1 LDT&LBDT Overview..............................................................................................................................................254
7.1.1 Loop Detection........................................................................................................................................................254
7.1.2 Loopback Detection.................................................................................................................................................255
7.2.1 Configuring Loop Detection....................................................................................................................................259
7.2.2 Configuring Loopback Detection............................................................................................................................260
Issue 01 (2013-10-30)

Ltd.
S Series Switch
Contents
7.2.3.1 Do Not Configure the Block or Shutdown Action for the Uplink Interface When Loop Detection Is Enabled. .262
7.2.3.2 Set the Recovery Time of the Blocked Interface and Configure the Trap Function............................................263
7.3.2 Chassis Switch Configured with Loop Detection Cannot Detect Loops................................................................264
7.3.3 Switch Configured with Loopback Detection Cannot Detect Loops......................................................................266
7.4.1 S2700SI Configured with Loopback Detection Cannot Detect Loops...................................................................270
7.4.1.2 Root Cause............................................................................................................................................................270
7.4.1.4 Solution.................................................................................................................................................................270
7.4.2 S5700 Configured with Loopback Detection in Untagged Mode Cannot Detect Loops........................................270
7.4.2.2 Root Cause............................................................................................................................................................271
7.4.2.4 Solution.................................................................................................................................................................271
8 FAQ..........................................................................................272
8.1 What Is the Destination MAC Address of SEP Packets?...........................................................................................272
8.2 Which Interface Blocking Modes Does SEP Support?..............................................................................................272
8.3 After the SEP Topology Changes, Which Protocols Can Be Instructed to Update Forwarding Entries?..................272
8.4 What Is the Difference Between bpdu enable and bpdu bridge enable on the Chassis Switch Interface?.................273
8.5 Why the Switch Is Not the Root Bridge After stp root primary Is Configured Globally?.........................................273
8.6 What Does the Message Age Field in STP BPDUs Represent and How Is This Field Used?...................................273
8.7 How Does a Switch Interface Connected to a Non-Huawei Device Process the Received BPDU in a Different
Format?.............................................................................................................................................................................274
8.8 Can S Series Switches Transparently Transmit BPDUs By Default?........................................................................275
8.9 Can S Series Switches Transparently Transmit Cisco PVST+ Packets By Default?.................................................275
8.10 Do BPDUs Sent by S Series Switches Carry VLAN Tags By default, and How Do S Series Switches Process
Tagged BPDUs?...............................................................................................................................................................275
8.11 What Is the Destination MAC Address of RRPP Packets?......................................................................................275
Issue 01 (2013-10-30)

Ltd.
xi
S Series Switch
Contents
8.12 What Are the Precautions for Configuring RRPP?..................................................................................................276

8.13 How Does RRPP Implement Fast Switching?.........................................................................................................276
8.14 Why Statistics on Health Packets Cannot Be Displayed on the RRPP Transit Node?.............................................276
8.15 How Is Load Balancing Implemented When RRPP Is Deployed?...........................................................................277
8.16 What Is the Maximum Number of Devices That Can be Configured on an RRPP Ring?.......................................277
8.17 Can Smart Link and Monitor Link Be Configured on an Eth-Trunk?.....................................................................277
8.18 Can Monitor Link Be Used Separately?...................................................................................................................277
8.19 What Is ERPS?.........................................................................................................................................................277
8.20 What Is the Destination MAC Address of RAPS PDUs?.........................................................................................277
8.21 Can ERPS-enabled S Series Switches Connect to Non-Huawei Devices?..............................................................278
8.22 Do S Series Switches Support Subrings?.................................................................................................................278
8.23 Does ERPS on S Series Switches Support Load Balancing?...................................................................................278
8.24 Can ERPS Be Used with Other Ring Network Protocols on the Same Networking?..............................................278
8.25 Can ERPS Be Configured on an Eth-Trunk?...........................................................................................................278
8.26 What Is the Difference Between Loopback Detection and Loop Detection?...........................................................278
8.27 What Is the Interval for Sending Loopback Detection Packets on an Interface and What Is the Difference Between
the Loopback Detection Packets Sent by Two Interfaces?...............................................................................................279
8.28 After Loop Detection or Loopback Detection Detects Loops, the Interface Is Blocked. Does the Switch Continue to
Send Protocol Packets?.....................................................................................................................................................279
9 Switch Logs and Diagnosis Logs.................................................280

10 Debugging Command Reference.....................................................282
10.1 SEP Debugging Command Reference......................................................................................................................282
10.2 STP Debugging Command Reference......................................................................................................................283
10.3 RPPP Debugging Command Reference...................................................................................................................283
10.4 Smart Link Debugging Command Reference..........................................................................................................283
10.5 ERPS Debugging Command Reference...................................................................................................................284
A Acronyms and Abbreviations......................................................285
Issue 01 (2013-10-30)

Ltd.
xii
S Series Switch
1 Overview
Overview
1.1 Introduction to Loop Prevention

Technologies
Generally, redundant links are used on an Ethernet switching network to enhance network
reliability. However, the use of redundant links may produce loops and cause looping of data
or protocol packets. This results in broadcast storms and affects normal services. Therefore,
broadcast storms caused by Layer 2 loops must be prevented on Ethernet networks.
In addition to the firstly used IEEE 802.1D STP, multiple Ethernet Layer 2 loop prevention
and diagnosis technologies are developed. Currently, Huawei Ethernet switches support loop
prevention technologies including SEP, STP, RRPP, Smart Link, loopback detection, loop
detection, DLDP, and storm control. These technologies are used to remove redundant loops
on Ethernet networks, diagnose faults caused by loops, or reduce impact of loops.
This document analyzes advantages, disadvantages, and usage scenarios of various loop
prevention and diagnosis technologies to help network planning and maintenance engineers
understand characteristics and usage scenarios of these technologies. Detailed principles of
each protocol and technology are described in chapters 2 to 7.
Issue 01 (2013-10-30)

Ltd.
S Series Switch
1 Overview
1.2 Comparison Between Ethernet Loop

Prevention Technologies
Table 1.1 Comparison between protection protocols of Ethernet ring networks
Protecti
on
Protocol
Advantage
SEP
Provides a fast convergence speed.
Ensures that the convergence time

is unrelated to the number of
nodes on a ring network.
Supports open ring, closed ring,

and complex multi-ring.
Works with other Ethernet ring

protocols.
Provides easy maintainability and

logical topology display.
Supports easy configuration and

deployment.
Prevents traffic from being

switched back after link recovery.
Provides flexible selection policy

of the blocked point and better
supports traffic load balancing.
Provides good robustness and does

not cause broadcast storms in
abnormal situations.
Detects unidirectional links

directly.
Provides good interoperability as

an IEEE standard protocol.
STP convergence time is long

(several seconds).
Provides good physical topology

adaptability and supports complex
topologies.
Supports scenarios in which

network cables are connected
incorrectly and cables are
connected before configuration.
A larger network radius indicates

a longer convergence time. It is
recommended that the network
diameter should be smaller than
7.
STP supports load balancing only

when MSTP multi-instance is
used.
STP
Issue 01 (2013-10-30)
Disadvantage
SEP is the latest Huawei proprietary

protocol and is not supported by
non-Huawei devices.
Provides enhanced functions that

can detect TX-RX loopback on
ports.

Ltd.
S Series Switch
1 Overview
Protecti
on
Protocol
Advantage
RRPP

The convergence time can be as
short as 50 ms.
RRPP supports only single ring

topology and major ring/subring topology.
Ensures that the convergence time

is irrelevant to the number of
nodes on a ring network and the
network scale.
RRPP cannot be used with STP

properly.
RRPP has poor robustness and

may cause broadcast storms in
abnormal situations.
RRPP cannot be used to detect

unidirectional link faults.
Each ring must use a unique

control VLAN. Many VLANs
are occupied when multiple
rings are deployed.
RRPP is a Huawei proprietary

non-Huawei devices.
The configuration is complex.
Smart Link does not have its own

heartbeat packet detection
mechanism and cannot protect
links across devices.
Smart Link is a lightweight

protocol that protects only
uplinks and does not provide
redundant protection for the
upper-layer network.
After loop detection is enabled on

member ports of VLANs, the
deployment of other ring
network protection protocols is
restricted.
When loop detection is enabled

on many VLANs or member
ports of VLANs, the system
CPU is burdened.
Detection frames are broadcast to

the entire network, affecting the
network.
The system traverses all ports and

VLANs for loop detection, and
the detection speed is slow.
Smart Link
Provides a faster convergence

speed than STP. The fastest speed
can be 50 ms.
Provides easier configuration than

RRPP.
Loop
Detection
Issue 01 (2013-10-30)
Disadvantage
Supports VLAN-based load

balancing.
Functions as a single-node
technology that does not require the
cooperation of other nodes.

Ltd.
S Series Switch
1 Overview
Protecti
on
Protocol
Advantage
Loopback
Detection
Supports independent deployment

without using other protocols.
Detects loops on a port caused by

incorrect optical fiber connection
or a hub fault.
Detects loops on the network

connected to a port.
Works with other ring network

protocols (STP/RRPP/Smart
Link/SEP) on the same port.
DLDP
Storm
Control
Issue 01 (2013-10-30)
Detects incorrect optical fiber

connections.
Detects unidirectional link faults.
Works with ring network protection

protocols to improve the fault
tolerance capability of the
network.
No detection packet is sent and the

technology is simple and reliable.
Prevents Layer 2 broadcast storms

from affecting the entire network.
Storm control has a good
adaptability and no VLAN needs
to be specified. It supports the
access port, trunk port, hybrid
port, QinQ port, and flexible
QinQ loop detection.
Disadvantage
Detection packets are sent in

loopback detection. When a
large number of ports and
VLANs are detected, the system
CPU is burdened.
Tagged detection frames are

broadcast to the entire network.
The network is affected when
loopback detection is enabled on
many ports.
Loopback detection cannot be

used to detect loops on the
network connected to a port in
QinQ scenarios, including dot1q
tunnel and selective QinQ.
Loopback detection cannot be

configured on an Eth-Trunk or
its member interfaces.
The detection period is long.
DLDP is a Huawei proprietary

non-Huawei devices.
Storm control only suppresses

broadcast storms but cannot detect
the fault point.

Ltd.
S Series Switch
1 Overview
1.3 Scenario Suggestions

1.3.1 Usage Suggestions for Ethernet Loop
Prevention Technologies
Table 1.1 lists suggestions for using Ethernet loop prevention technologies in various
scenarios.
Table 1.1 Usage suggestions for Ethernet loop prevention technologies
Scenario
Suggestion
Highly reliable and redundant

Ethernet networks
STP and SEP are preferential.
STP: suitable for complex Layer 2 networks that

require low convergence performance and high
protocol interoperability.
SEP: suitable for well-planned Layer 2 networks that

require high convergence performance.
Scenarios in which a device is

connected to the network
through two uplinks
Smart Link is recommended.
Scenarios in which abnormal

loops must be prevented
Storm control can be deployed to prevent abnormal loops

from causing broadcast storms and affecting the entire
network. It is recommended that storm control be
deployed on access ports or on downlink ports of
aggregation devices.
Incorrect optical fiber

connections in network
deployment and maintenance
scenarios
DLDP can be deployed to detect incorrect optical fiber

connections.
Incorrect optical fiber

connections or hardware faults
on ports in network
deployment and maintenance
scenarios
If STP is enabled on ports, it directly detects TX-RX

loopback on the ports.
If STP is not enabled on ports, loop detection or

loopback detection is recommended to detect TX-RX
loopback on ports.
1.3.2 Example Scenario 1: SEP

As shown in Figure 1.1, LSW1 to LSW14 form multiple rings; LSW1 to LSW5 are deployed
at the aggregation layer; LSW6 to LSW14 are deployed at the access layer. Layer 2
forwarding is configured at the access layer and aggregation layer.
SEP supports open ring, closed ring, and complex multi-ring. It provides a fast convergence
speed, flexible networking, and easy operation and maintenance (O&M). SEP can be
deployed at the access layer and aggregation layer to implement link redundancy. If the
topology of the access layer changes, the related device in the SEP segment sends Flush-FDB
packets to notify other devices so that these devices can update their MAC address tables and
Issue 01 (2013-10-30)

Ltd.
S Series Switch
1 Overview
ARP tables. The edge devices of the SEP segment send TC packets to notify devices on the
upper-layer network of the topology change in the SEP segment.
Figure 1.1 SEP multi-ring networking
1.3.3 Example Scenario 2: RRPP

A two-layer ring network architecture is often used on a Metro Ethernet. One layer is the
access layer, which is located between PE-AGGs and UPEs, such as RRPP Domain 2 and
RRPP Domain 3 in Figure 1.1. The other layer is the aggregation layer, which is located
between aggregation devices PE-AGGs, such as RRPP Domain 1 in Figure 1.1.
The network architecture has two requirements. When the ring network is complete, the
network is loop-free. When the ring network is faulty, the network converges quickly to
restore communication between nodes on the ring network. RRPP supports typical networking
of one major ring and multiple sub-rings, meeting the two requirements. RRPP rings can be
configured at both the aggregation layer and access layer. The two layers are tangent,
simplifying the network configuration.
Issue 01 (2013-10-30)

Ltd.
S Series Switch
1 Overview
Figure 1.1 RRPP major ring and sub-ring networking
1.3.4 Example Scenario 3: STP

To implement redundancy on a complex network, network designers tend to deploy multiple
physical links between two devices, one of which is the primary link and the others are the
backup links. Loops occur in this situation, causing broadcast storms or damaging MAC
address entries.
STP complies with IEEE standards and enables Huawei devices to communicate with nonHuawei devices. STP has good physical topology adaptability, supports complex topologies,
and prevents loops when RSTP is deployed on the network. As shown in Figure 1.1, RSTP is
enabled on the switches and loops exist on the network. The switches exchange BPDUs to
discover loops on the network and selectively block a redundant port to prune the network
into a loop-free tree network. RSTP prevents infinite looping of packets to ensure packet
processing capabilities of devices.
Issue 01 (2013-10-30)

Ltd.
S Series Switch
1 Overview
Figure 1.1 Typical RSTP networking
1.3.5 Example Scenario 4: SEP+MSTP

As shown in Figure 1.1, multiple Layer 2 switching devices are deployed at the access layer
and multiple Layer 3 devices form a ring network at the aggregation layer. MSTP is deployed
at the aggregation layer to eliminate redundant links. In network capacity expansion
scenarios, SEP can be deployed at the access layer because SEP supports open ring and has a
good convergence performance.
When a link on the ring network fails, SEP can fast restore communication between nodes on
the ring network. Network topology change notification can be deployed on edge devices in
the SEP segment so that the MSTP network can know topology changes of the SEP network
in real time. After receiving TC packets from the SEP network, edge devices on the MSTP
network send TC packets to notify other devices on the network of the topology change. Then
all the devices delete the original MAC addresses and learn new MAC addresses to ensure
fast user traffic switchover.
Issue 01 (2013-10-30)

Ltd.
S Series Switch
1 Overview
Figure 1.1 Typical networking of SEP and MSTP
1.3.6 Example Scenario 5: SEP+Smart Link

Both SEP and Smart Link have a fast convergence speed. Therefore, the hybrid networking of
SEP and Smart Link is often used in medium-sized network environments that have high
performance requirements on access and aggregation devices. As shown in Figure 1.1,
multiple Layer 2 switching devices are deployed at the access layer. Smart Link is enabled on
the devices. A device has a master port and a slave port in a Smart Link group and is
connected to the upper-layer network through two uplinks. Multiple Layer 2 devices form a
ring at the aggregation layer and are enabled with SEP.
Devices in the SEP segment are enabled to process Smart Link Flush packets. After receiving
Flush packets sent by devices on the lower-layer Smart Link network, edge devices on the
upper-layer SEP network send TC packets to notify other devices in the SEP segment of the
lower-layer network topology change. Then all the devices delete the original MAC addresses
and learn new MAC addresses to ensure uninterrupted traffic transmission.
Issue 01 (2013-10-30)

Ltd.
S Series Switch
1 Overview
Figure 1.1 Typical networking of SEP and Smart Link
Issue 01 (2013-10-30)

Ltd.
10
S Series Switch
1 Overview
SEP
2.1 Overview
2.1.1 Feature Description
The Smart Ethernet Protection (SEP) protocol is a ring network protocol applied to the link
layer of an Ethernet network. SEP eliminates loops on a Layer 2 network by blocking
redundant links to prevent infinite packet transmission. This prevents broadcast storms on the
network.
SEP has the following advantages:
Supports various types of complex networks. For example, a network running SEP can
be connected to an upper-layer network running STP, RSTP, MSTP, or RRPP. SEP
supports networks with any topology and can display topologies. The displayed
topologies help users quickly find blocked ports and rapidly locate faults, improving
maintainability.
Enables a device on the Ethernet network to selectively block ports so that traffic is load
balanced.
Prevents traffic from being switched back after link recovery, improving network
stability.
2.1.1.1 SEP Working Principle

SEP is a ring protocol applied to the link layer of an Ethernet network. SEP works on the basis
of SEP segments. A maximum of two ports on a switching device can be added to the same
SEP segment.
The loop protection mechanism can be used in an SEP segment to block a certain port to
eliminate loops on the Ethernet network. When a link on the ring network fails, the device
running SEP immediately unblocks blocked ports and performs link switchover to restore
communication between nodes on the ring network.
On a common SEP network, a physical ring can only have one SEP segment configured and
one blocked port specified. When the SEP segment is in Complete state, the blocked port
prohibits all user packets from passing through. Then all user packets are only transmitted
along one path in the SEP segment. As a result, the link at the secondary edge port side
becomes idle, wasting bandwidth.
Issue 01 (2013-10-30)

Ltd.
11
S Series Switch
1 Overview
To solve the bandwidth wasting problem and implement load balancing, Huawei datacom
devices provide SEP multi-instance. SEP multi-instance allows a physical ring to be
configured with two logical rings, that is, two SEP segments. Each SEP segment
independently detects the integrity of the physical ring and blocks or unblocks ports
accordingly. The two SEP segments do not affect each other.
For details about SEP multi-instance, see "SEP Multi-instance" in section 2.1.1.3"SEP
Implementation."
2.1.1.2 SEP Concepts

SEP Network Architecture
As shown in Figure 1.1, the CE is dual-homed to the Layer 2 network through LSW1 to
LSW5. The two edge devices LSW1 and LSW5 are not directly connected to each other.
LSW1 to LSW5 form an open ring network. This access mode will cause loops on the entire
network. To prevent loops on the network and ensure link connectivity, you need to use a loop
protection mechanism. Figure 1.1 shows a typical SEP-enabled open ring network. SEP
concepts are introduced based on the figure.
Figure 1.1 SEP open ring networking
SEP segment
SEP works on the basis of SEP segments. An SEP segment consists of multiple
interconnected Layer 2 switching devices with the same SEP segment ID and the same
control VLAN ID.
Issue 01 (2013-10-30)

Ltd.
12
S Series Switch
1 Overview
An SEP segment physically corresponds to a ring or linear Ethernet topology. Each SEP
segment contains a control VLAN, edge ports, and common ports.
Control VLAN
In an SEP segment, the control VLAN is only used to transmit SEP packets.
Each SEP segment must be configured with a control VLAN. After a port is added to an
SEP segment configured with a control VLAN, the port is automatically added to the
control VLAN.
Different SEP segments can use the same control VLAN.
Unlike control VLANs, data VLANs are used to transmit data packets.
Node
A node refers to a Layer 2 switching device added to an SEP segment. Each node can
have no more than two ports that belong to the same SEP segment.
Port roles
As defined in the SEP protocol, ports are classified into normal ports and edge ports, as
described in Table 1.1.
Normally, an edge port and a no-neighbor edge port belong to different SEP segments.
Table 1.1 Port roles

Port
Sub-port
Description
Edge port
Primary edge
port
An SEP segment has only one primary edge port, which is

determined by the configuration and primary edge port
election. The primary edge port initiates preemption of the
blocked port, terminates packets, and sends topology change
notification messages to other networks.
Secondary
edge port
An SEP segment has only one secondary edge port, which is

determined by the configuration and secondary edge port
election. The secondary edge port terminates packets and
sends topology change notification messages to other
networks.
No-neighbor
primary edge
port
The port on the edge of an SEP segment is a no-neighbor

edge port, which is determined by the configuration and noneighbor edge port election. The no-neighbor primary edge
port terminates packets and sends topology change
notification messages to other networks. The no-neighbor
primary edge port is usually used to communicate with
devices of other vendors or Huawei devices that do not
support SEP.
No-neighbor
secondary
edge port
An SEP segment has only one no-neighbor secondary edge

port, which is determined by the configuration and noneighbor secondary edge port election. The no-neighbor
secondary edge port terminates packets and sends topology
change notification messages to other networks. The noneighbor secondary edge port is usually used to communicate
with devices of other vendors or Huawei devices that do not
support SEP.
Issue 01 (2013-10-30)

Ltd.
13
S Series Switch
1 Overview
Port
Sub-port
Description
Common
port
In an SEP segment, all ports except edge ports are common

ports.
A common port monitors the status of the directly connected
link enabled with SEP, and sends messages about link status
changes to the neighboring port. The neighboring port then
forwards the notification message to other ports in the SEP
segment. Finally, the message reaches the primary edge port.
The primary edge port determines how to process the
notification message.
Blocked port
In an SEP segment, some ports are blocked to prevent loops.
Any port in an SEP segment may be blocked if no blocked port is specified. When an
SEP segment works normally, there is only one blocked port in the SEP segment.
State of an SEP-enabled port

In an SEP segment, an SEP-enabled port has two states, as described in Table 1.2.
Table 1.2 State of an SEP-enabled port

State
Description
Forwarding
A port in Forwarding state not only forwards user traffic but also sends and
receives SEP packets.
Discarding
A port in Discarding state receives and sends SEP packets.
The port state does not depend on the port role. A port may be in Forwarding or Discarding
state regardless of its role.
SEP Packets
Table 1.3 describes the types of SEP packets.
Table 1.3 SEP packet types
Packet
Type
Sub-type
Description
Hello
The neighbor negotiation mechanism is started after

ports are added to an SEP segment. By exchanging
Hello packets, a port sets up the neighbor relationship
with the neighboring port. After the neighbor
negotiation succeeds, the ports continue to exchange
Hello packets to detect the neighbor status.
LSA
LSA request
packet
After a port is enabled with SEP, the port periodically

sends Link Status Advertisement (LSA) packets to its
Issue 01 (2013-10-30)

Ltd.
14
S Series Switch
Packet
Type
1 Overview
Sub-type
Description
LSA reply packet
neighboring port. After the state machine of the

neighboring port goes Up, the two ports update their
LSDBs. All the link topology information stored on the
port is updated.
TC
When the topology of the local SEP segment changes, a

Topology Change (TC) packet is sent to notify the
upper-layer network that the topology of the lower-layer
network has changed. After receiving the packet, nodes
on the upper-layer network need to update their MAC
address forwarding tables and ARP tables. TC packets
are sent by the edge device between the local SEP
segment and the upper-layer network.
GR
When the local device performs an active/standby

switchover, the device sends an SEP Graceful Restart
(GR) packet. The GR packet is used to notify other
nodes to prolong the aging time in LSA information of
the local device. After the local device completes the
active/standby switchover, the device needs to resend a
GR packet to notify other nodes to restore the normal
aging time in LSA information of the local device.
Packet for
primary
edge port
election
After SEP is enabled on a port, the port considers itself

as the primary edge port if it is qualified for the primary
edge port election. In addition, the port periodically
sends packets for primary edge port election and does
not need to wait until the neighbor negotiation succeeds.
The packets for primary edge port election contain the
port role (primary edge port, secondary edge port, or
common port), bridge MAC address of the port, port ID,
and integrity of the topology database.
Preemption
packet
Preemption
request packet
The preemption packet is used to block a specified port.
Preemption reply
packet
Preemption packets are sent by the elected primary edge

port or the brother port of the no-neighbor primary edge
port.
2.1.1.3 SEP Implementation

Neighbor Negotiation Mechanism
The neighbor negotiation mechanism is started after ports are added to an SEP segment. By
exchanging Hello packets, a port sets up the neighbor relationship with the neighboring port.
After the neighbor negotiation succeeds, the ports continue to exchange Hello packets to
detect the neighbor status.
Neighbor negotiation prevents unidirectional links because neighbor negotiation is
bidirectional. Ports at both ends of a link send Hello packets to each other. If a port does not
Issue 01 (2013-10-30)

Ltd.
15
S Series Switch
1 Overview
receive any Hello packet from the neighboring port, it considers that the neighboring port is
Down.
Neighbor negotiation provides necessary information for obtaining the SEP segment topology.
Ports establish neighbor relationships through neighbor negotiation and links form a complete
SEP segment. The topology of the SEP segment can be displayed.
SEP Link Status Synchronization and Topology Display
Link status synchronization

After neighbor negotiation is complete, links in an SEP segment enter the link state
synchronization stage. Nodes in the SEP segment periodically send LSA packets. After
receiving LSA packets from other nodes, all nodes update their link state databases
(LSDBs). In this way, all nodes in the SEP segment maintain the same LSDB.
If the local device does not receive any LSA packet from its peer device or other devices
in the SEP segment within the period three times as long as the period for sending LSA
packets, the LSDB saving link status information of other devices on the local device
ages out.
When a faulty node in an SEP segment recovers, the node needs to obtain topology
information of all nodes in the SEP segment in real time. The node sends LSA request
packets to a neighboring port. After receiving the packets, the neighboring port sends
LSA ACK reply packets to notify the recovered node of the latest link status.
Topology display
With the topology display function, you can view the topology with the highest network
connectivity on any device in an SEP segment. After link status synchronization, all
devices display the same topology.
Table 1.1 describes SEP topology types.
Table 1.1 SEP topology type

Topolog
y Type
Description
Restriction Conditions
Ring
topology
Each port in the SEP

segment has a
neighboring port in Up
state and a brother port.
That is, each node has
two ports in the SEP
segment.
If the primary edge port is elected on the ring,

the primary edge port is listed first in the
topology information displayed on each port.
If the primary edge port is not elected but the

secondary edge port is elected, the secondary
edge port is listed first in the topology
information displayed on each port.
All topologies except

ring topologies are
linear topologies.
Find the two ports at both ends of the link.
Linear
topology
Issue 01 (2013-10-30)
If one of the two ports is the primary edge port,

the primary edge port is listed first in the
topology information displayed on each port.
If the primary edge port does not exist but the

secondary edge port exists, the secondary
edge port is listed first in the topology
information displayed on each port.

Ltd.
16
S Series Switch
1 Overview
Restriction conditions in Table 1.1 ensure that all the nodes on a ring or linear topology display the same
topology information.
Primary Edge Port Election

Only ports that are configured as no-neighbor edge ports, primary edge ports, and secondary
edge ports can take part in the primary edge port election.
If only one port on a node is enabled with SEP, you must run a related command to set the port role to
edge so that the port can function as an edge port.
As shown in Figure 1.2, when no link is faulty on the network and a port is enabled with SEP:
If the port is a common port, it does not take part in the primary edge port election. That
is, only P1 ports on LSW1 and LSW5 take part in the primary edge port election.
If roles of P1 ports on LSW1 and LSW5 are the same, the port with a larger MAC
address is elected as the primary edge port.
After the primary edge port is elected, the port periodically sends packets for primary edge
port election and does not need to wait until the neighbor negotiation succeeds. The packets
for primary edge port election contain the port role (primary edge port, secondary edge port,
or common port), bridge MAC address of the port, port ID, and integrity of the topology
database.
Figure 1.2 Primary edge port election
As shown in Figure 1.2, if a link in the SEP segment fails, P1 ports on LSW1 and LSW5
receive fault notification packets or the P1 port on LSW5 does not receive any packet for
Issue 01 (2013-10-30)

Ltd.
17
S Series Switch
1 Overview
primary edge port election after timeout. The P1 port on LSW1 becomes the secondary edge
port, and two secondary edge ports exist in the SEP segment.
Both the two secondary edge ports periodically send packets for primary edge port election.
When all link faults in the SEP segment are rectified, the two secondary edge ports can
receive packets for primary edge port election sent by the peer end. They elect a new primary
edge port within an interval (1s by default).
Flexibly Specifying the Blocked Port

Generally, a blocked port is one of the two ports that complete neighbor negotiation last.
Sometimes, the negotiated blocked port may not be the expected one. You can flexibly specify
a blocked port. The specified port is not blocked immediately. The blocked port will be
moved from the current blocked point to the specified point only after the preemption
mechanism works.
Port blocking modes

You can configure port blocking modes to specify the location of the blocked port. Table
2.1 describes the port blocking modes supported by SEP.
Table 2.1 SEP port blocking modes

Mode
Description
Specifying the port

with the highest
priority as the
blocked port
SEP compares port priorities as follows:
Compares configured port priority values. A larger value indicates

a higher priority.
Compares the bridge MAC addresses of ports if their priority

values are the same. A smaller bridge MAC address indicates a
higher priority.
Compares port numbers if their bridge MAC addresses are the

same. A smaller port number indicates a higher priority.
Specifying the port

in the middle of the
SEP segment as the
blocked port
Specifying the
blocked port
according to the
configured hop
counts of the ports
The hop count of the primary edge port is 1 and the hop count of the
neighboring port of the primary edge port is 2. Hop counts of other
ports increase at a step of 1 in the downstream direction of the
primary edge port.
Issue 01 (2013-10-30)

Ltd.
18
S Series Switch
1 Overview
Mode
Description
Specifying the
blocked port
according to the
device name and
port number
After SEP is enabled, the port to be blocked is determined by the

device name and port name. Before specifying the blocked port,
you can use the display command to view details about the current
ring topology, obtain information about all ports in the topology,
and specify the device name and port name.
If the ring contains several devices with the same device name and
port name, the blocked port searches these devices from the primary
edge port and blocks the first searched device with the device name
and port name.
If you change the device name or port name after specifying the port to be
blocked, the port cannot preempt to be the blocked port.
Preemption function
After the port blocking mode is specified, two preemption modes determine whether the
blocked port is moved from the current point to the specified point. The two modes are
the preemption mode and non-preemption mode, as described in Table 2.2.
Table 2.2 SEP preemption modes

Preemption
Mode
Description
Non-preemption
In this mode, when all link faults are rectified or the last two ports
enabled with SEP complete the neighbor negotiation, ports send
blocking status packets to each other. Then the port with the highest
priority is blocked, and the other ports enter the Forwarding state.
Preemption
This mode is classified into the delayed preemption mode and

manual preemption mode.
Preemption can be
performed only on
the device where the
primary edge port or
no-neighbor primary
edge port resides.
Delayed preemption
When the last faulty port recovers, the edge ports do not receive
any fault notification packet. If the primary edge port does not
receive fault notification packets within 3 seconds, it
immediately starts the delay timer. After the delay timer expires,
nodes in the SEP segment start preemption of the blocked port.
Manual preemption
In this mode, if the link status data of the primary edge port and
secondary edge port is integrated, the primary edge port or the
brother port of the no-neighbor primary edge port sends
preemption packets to block the specified port. The port
immediately sends a packet to advertise its status after being
blocked. The original blocked port enters the Forwarding state.
Manual preemption is complete.
A device can have at most two ports in the same SEP segment. If one port is
the no-neighbor primary edge port, the other port is the brother port of the
no-neighbor primary edge port.
The sending of preemption packets is determined by whether the brother port
Issue 01 (2013-10-30)

Ltd.
19
S Series Switch
1 Overview
Preemption
Mode
Description
of the no-neighbor primary edge port is the blocked port.
If the blocked port is the brother port of the no-neighbor primary edge
port, no preemption packet needs to be sent.
If the blocked port is not the brother port of the no-neighbor primary edge
port, the brother port of the no-neighbor primary edge port sends
preemption packets.
Topology Change Notification

Table 2.3 describes the situations in which the topology of the SEP-enabled network changes.
Table 2.3 SEP topology change notifications
SEP Topology
Change
Notification
Description
Port faults
A port in a complete SEP segment fails, as shown in Figure 1.3.

A port fault can be a link fault or the incorrect neighbor status on a
port.
Other ports in the SEP segment receive the fault notification packet.
If the device on which the faulty port is located has a port in
Forwarding state, the port sends Flush-FDB (Forwarding Database)
packets to other nodes to notify them of the topology change.
Port faults are

rectified and
blocked port
preemption takes
effect
Issue 01 (2013-10-30)
Faults occur in an SEP segment. When all faulty ports recover,

preemption of the blocked port is triggered.
Preemption of the blocked port is triggered by the primary edge
port. When other ports in the SEP segment receive preemption
packets from the primary edge port, they send Flush-FDB packets to
other nodes in the SEP segment to notify these nodes of the
topology change.

Ltd.
20
S Series Switch
1 Overview
Figure 1.3 SEP topology change notification
The function of advertising SEP topology changes is configured on a device that is connected to both
upper-layer and lower-layer networks so that when the topology of either of the networks changes, the
device can inform the other network of the change.
Table 3.1 describes topology change notifications.
Issue 01 (2013-10-30)

Ltd.
21
S Series Switch
1 Overview
Table 3.1 SEP topology change notifications

Topology
Change
Notificatio
n
Scenario
Description
Solution
From a lowerlayer network

to an upperlayer network
A network
running SEP
is connected
running other
protocols.
When the blocked port is manually

changed on the lower-layer SEPenabled network, the topology of the
SEP segment changes. As the upperlayer network cannot detect the
topology change, traffic is interrupted.
Configure
SEP topology
change
notification.
The protocols
include SEP,
STP, and
RRPP.
From an upperlayer network

to a lower-layer
network
Issue 01 (2013-10-30)
When a port is faulty on the lowerlayer SEP-enabled network and causes

topology change, the upper-layer
network cannot detect the topology
change. As a result, traffic is
interrupted.
A host is
connected to
an SEPenabled
network using
a Smart Link
group.
When an active/standby link

switchover is performed in the Smart
Link group, the Smart Link group
sends Smart Link Flush packets to the
remote device in the SEP segment. If
the device in the SEP segment cannot
identify Smart Link Flush packets, the
device cannot detect the lower-layer
network topology change. As a result,
traffic is interrupted.
Enable
devices in the
SEP segment
to process
Smart Link
Flush packets.
A network
running SEP
is connected
that is
deployed with
the CFM
function.
When a fault occurs on the upper-layer

network and causes topology change,
the lower-layer SEP-enabled network
cannot detect the topology change. As
a result, traffic is interrupted.
Configure
association
between SEP
and CFM. As
shown in
Figure 1.4,
configure
association
between SEP
and CFM on
LSW1.

Ltd.
22
S Series Switch
1 Overview
Figure 1.4 Association between SEP and CFM
As shown in Figure 1.4, association between SEP and CFM is configured on LSW1. When
CFM detects a fault on the upper-layer network, LSW1 notifies the OAM management
module of the fault by sending a CFM packet to switch the SEP status of the port bound to
CFM to Down.
When the port on LSW1 bound to CFM becomes Down, a port on LSW2 that is the
downstream peer device of LSW1 needs to send Flush-FDB packets to report the topology
change to other nodes in the SEP segment. After other devices in the SEP segment receive
Flush-FDB packets, the blocked port in the SEP segment switches to the Forwarding state and
sends Flush-FDB packets to trigger other nodes in the SEP segment to update their MAC
address tables and ARP tables. The lower-layer network then can detect faults on the upperlayer network, ensuring reliable service transmission.
Issue 01 (2013-10-30)

Ltd.
23
S Series Switch
1 Overview
SEP Topology Change Suppression

When the topology of an SEP segment changes, ports in the segment send packets to notify
devices in other segments or the upper-layer network. However, ports in an SEP segment may
generate a lot of topology change (TC) notification packets in the following situations:
Link interruption
Malicious topology change attacks
Multi-layer SEP networking
As shown in 2.2.2.1.1Step 1Figure 1.1, the SEP networking contains three layers of SEP
segments. When the topology of SEP segment 3 changes and SEP TC notification packets
pass through LSW4 or LSW6, the number of TC notification packets is multiplied by two,
and the packets are expanded to SEP segment 2. Similarly, when SEP TC notification packets
pass through an SEP segment, the number of packets is multiplied by two.
Figure 1.5 Multi-layer SEP networking
TC notification packets sent frequently reduce the CPU processing capability and make
devices in SEP segments frequently send Flush-FDB packets, occupying bandwidth. TC
notification packets must be suppressed to prevent the situation. The suppression measures are
as follows:
Issue 01 (2013-10-30)

Ltd.
24
S Series Switch
1 Overview
Suppress the source based on the topology change. The TC notification packets sent by
the same source port are not processed repeatedly.
Configure devices to process a certain number of TC notification packets within a

specified time (the time is configurable). By default, a device processes three TC
notification packets from different sources in 2s.
Avoid deploying an SEP networking that contains too many layers (more than three
layers) of SEP segments.
SEP Multi-instance
As shown in Figure 1.6, on a common SEP network, a physical ring can only be configured
with one SEP segment and one blocked port.
When the SEP segment is in Complete state, the blocked port prohibits all user packets from
passing through. Then all user packets can only be transmitted along the link at the primary
edge port side in the SEP segment. As a result, the link at the secondary edge port side
becomes idle, wasting bandwidth.
Figure 1.6 SEP networking
SEP multi-instance allows a physical ring to be configured with two logical rings, that is, two
SEP segments. In an SEP segment, all devices, port roles, and control VLANs must comply
with basic SEP principles. A physical ring has two blocked ports. Each blocked port
independently detects the integrity of the physical ring and blocks or unblocks itself
accordingly. The two ports do not affect each other.
A physical ring can contain one or two SEP segments. Each SEP segment must be configured
with one protected instance, and each instance indicates a VLAN range. The topology
calculated by an SEP segment only takes effect in the SEP segment and does not affect other
SEP segments.
Different protected instances are configured for SEP segments. Each blocked port only takes
effect for VLANs protected by the local SEP segment. Data of different VLANs is transmitted
through different paths. This implements load balancing and link backup.
Issue 01 (2013-10-30)

Ltd.
25
S Series Switch
1 Overview
Figure 1.7 SEP multi-instance networking
As shown in Figure 1.7, LSW1 to LSW4 form an SEP multi-instance ring that contains two
SEP segments. P1 is the blocked port in SEP segment 1 and P2 is the blocked port in SEP
segment 2.
Configure protected instance 1 in SEP segment 1 to protect data of VLAN 100 to VLAN
200. The transmission path is LSW1->LSW2. P2 is the blocked port in SEP segment 2.
Only data of VLAN 201 to VLAN 400 is blocked and data of VLAN 100 to VLAN 200
can pass through.
Configure protected instance 2 in SEP segment 2 to protect data of VLAN 201 to VLAN
400. The transmission path is LSW3->LSW4. P1 is the blocked port in SEP segment 1.
Only data of VLAN 100 to VLAN 200 is blocked and data of VLAN 201 to VLAN 400
can pass through.
When a node or link fails, each SEP segment calculates the topology change independently
and updates LSDB on each node.
As shown in Figure 1.8, a fault occurs on the link between LSW3 and LSW4. In SEP segment
1, the link fault does not affect the data transmission path of VLAN 100 to VLAN 200, but
interrupts the data transmission path of VLAN 201 to VLAN 400 in the SEP segment.
Issue 01 (2013-10-30)

Ltd.
26
S Series Switch
1 Overview
Figure 1.8 Link fault in SEP multi-instance
After the link between LSW3 and LSW4 is faulty, LSW3 in SEP segment 2 sends LSA
packets to notify other nodes in SEP segment 2 to update their LSDBs. The blocked port
switches to the Forwarding state. After the topology in SEP segment 2 reconverges, the data
transmission path of VLAN 201 to VLAN 400 is LSW3->LSW1->LSW2.
When the faulty link between LSW3 and LSW4 recovers, devices in SEP segment 2 perform
delayed preemption again. When delayed preemption times out, P1 becomes the blocked port
again, and sends LSA packets to notify nodes in SEP segment 2 to update their LSDBs. After
the topology in SEP segment 2 reconverges, the data transmission path of VLAN 201 to
VLAN 400 is switched back to LSW3->LSW4.
2.1.2 Version Difference

SEP does not change too much in different versions. The differences are as follows:
SEP multi-instance is supported since V100R006. SEP allows a port to join two SEP
segments for load balancing.
Association between SEP and Smart Link is supported since V100R006. SEP allows
Smart Link Flush packets to be sent to advertise SEP topology changes to other SEP
segments or remote devices.
Deleting MAC address entries on a port is supported since V100R006. SEP allows MAC
address entries and ARP entries on a port to be deleted. When the topology changes, SEP
updates only MAC address entries and ARP entries on a port. This reduces entry update
time and improves performance.
Issue 01 (2013-10-30)

Ltd.
27
S Series Switch
1 Overview
2.2 Configuration Guide

2.2.1 Scenario 1: SEP Open Ring Networking
2.2.1.1 Networking Description
As shown in Figure 1.1, the CE is dual-homed to the upper-layer Layer 2 network through
LSW1 to LSW5. LSW1 to LSW5 form an open ring network. The open ring network is
deployed at the access layer to implement Layer 2 transparent transmission of unicast and
multicast packets. SEP runs at the access layer to implement protective switchover between
access ring networks.
On an open ring network, two edge ports of the ring are deployed on the two edge devices.
Figure 1.1 SEP open ring networking
2.2.1.2 Configuration Roadmap

The configuration roadmap is as follows:
1.
Issue 01 (2013-10-30)
Configure basic SEP functions.

Ltd.
28
S Series Switch
2.
1 Overview
Configure SEP segment 1 on LSW1 to LSW5 and configure VLAN 10 as the control
VLAN of SEP segment 1.
Add all devices on the ring to SEP segment 1, and configure the roles of GE1/0/1 on
LSW1 and GE1/0/1 on LSW5 in SEP segment 1.
On the device where the primary edge port is located, specify that the port with the
highest priority will be blocked.
Set priorities of the ports in the SEP segment. Set the highest priority for GE1/0/2 on
LSW3 and retain the default priority of the other ports so that GE1/0/2 on LSW3 will
be blocked.
Configure delayed preemption on the device where the primary edge port is located.
Configure the Layer 2 forwarding function on CE1 and LSW1 to LSW5.
2.2.1.3 Configuration Example

To complete the configuration, you need the following data:
SEP segment ID
Control VLAN ID of the SEP segment
Roles of ports in the SEP segment
SEP preemption mode
Port blocking mode
Priorities of ports in the SEP segment
Step 1 Configure basic SEP functions.

1.
# Configure LSW1.
<Switch> system-view
[Switch] sysname LSW1
[LSW1] sep segment 1
[LSW1-sep-segment1] control-vlan 10
[LSW1-sep-segment1] protected-instance all
[LSW1-sep-segment1] quit
# Configure LSW2.
< Switch > system-view
# Configure LSW3.
# Configure LSW4.
Issue 01 (2013-10-30)

Ltd.
29
S Series Switch
1 Overview

# Configure LSW5.
< Switch> system-view
The control VLAN must be a VLAN that has not been created or used, but the configuration file
automatically displays the command for creating a VLAN. Each SEP segment must have a control
VLAN. After a port is added to an SEP segment that has a control VLAN, the port is automatically
added to the control VLAN.
2.
Add all devices on the ring to SEP segment 1 and configure port roles on the devices.
By default, STP is enabled on Layer 2 ports. Before adding a port to an SEP segment, disable STP on the
port.
# On LSW1, configure GE1/0/1 as the primary edge port and GE1/0/3 as the secondary
edge port.
[LSW1] interface gigabitethernet 1/0/1
[LSW1-GigabitEthernet1/0/1] stp disable
[LSW1-GigabitEthernet1/0/1] sep segment 1 edge primary
[LSW1-GigabitEthernet1/0/1] quit
# Configure LSW2.
[LSW2-GigabitEthernet1/0/1] sep segment 1
# Configure LSW3.
# Configure LSW4.
Issue 01 (2013-10-30)

Ltd.
30
S Series Switch
1 Overview

# Configure LSW5.
[LSW5-GigabitEthernet1/0/1] sep segment 1 edge secondary
3.
Configure the function of flexibly specifying the blocked port.

# On LSW1 where the primary edge port is located, specify that the port with the highest
priority is blocked.
[LSW1-sep-segment1] block port optimal
4.
Set the priority of GE1/0/2 on LSW3.

[LSW3-GigabitEthernet1/0/2] sep segment 1 priority 128
5.
Set the preemption mode.

# Configure the delayed preemption mode on LSW1.
[LSW1-sep-segment1] preempt delay 30
When delayed preemption is configured, you must set the delay because there is no default delay.
When the last faulty port recovers, the edge ports do not receive any fault notification packet.
If the primary edge port does not receive fault notification packets within 3 seconds, it
immediately starts the delay timer. After the delay timer expires, nodes in the SEP segment
start preemption of the blocked port.
To implement delayed preemption in this example, you need to simulate a port fault and then
rectify the fault. For example, run the shutdown command on GE1/0/2 of LSW2 to simulate
a port fault. Then run the undo shutdown command on GE1/0/2 to rectify the fault.
Step 2 Configure the Layer 2 forwarding function on CE1 and LSW1 to LSW5.
The configuration details are not provided here. For details, see configuration files in this
example.
----End
Configuration Files
Configuration file of LSW1

#
sysname LSW1
#
vlan batch 10 100 200
#
sep segment 1
control-vlan 10
block port optimal
preempt delay 30
protected-instance 0 to 48
Issue 01 (2013-10-30)

Ltd.
31
S Series Switch
1 Overview
#
interface GigabitEthernet1/0/1
port hybrid tagged vlan 10 100
stp disable
sep segment 1 edge primary
#
port hybrid pvid vlan 200
port hybrid tagged vlan 100
port hybrid untagged vlan 200
#
return

#
sysname LSW2
#
vlan batch 10 100
#
sep segment 1
control-vlan 10
#
stp disable
sep segment 1
#
stp disable
sep segment 1
#
return

#
sysname LSW3
#
vlan batch 10 100
#
sep segment 1
control-vlan 10
#
stp disable
sep segment 1
#
stp disable
sep segment 1
sep segment 1 priority 128
#
Issue 01 (2013-10-30)

Ltd.
32
S Series Switch
1 Overview
#
return

#
sysname LSW4
#
vlan batch 10 100
#
sep segment 1
control-vlan 10
#
stp disable
sep segment 1
#
stp disable
sep segment 1
#
return

#
sysname LSW5
#
#
sep segment 1
control-vlan 10
#
stp disable
sep segment 1 edge secondary
#
#
return
Configuration file of CE1

#
sysname CE1
#
vlan batch 100
#
Issue 01 (2013-10-30)

Ltd.
33
S Series Switch
1 Overview

#
return
2.2.2 Scenario 2: SEP Closed Ring Networking

In the networking, user devices are dual-homed to a Layer 2 network through multiple Layer
2 switching devices. The two edge devices on the upper-layer Layer 2 network are directly
connected. The networking is deployed at the aggregation layer to implement Layer 2
transparent transmission of unicast and multicast packets. SEP runs at the aggregation layer to
implement link redundancy.
As shown in Figure 1.1, multiple Layer 2 switching devices LSW1 to LSW5 form a ring
network. SEP runs at the aggregation layer.
When there is no faulty link on the ring network, SEP can eliminate loops on the
network.
When a link on the ring network fails, SEP can fast restore communication between
nodes on the ring network.
Figure 1.1 SEP closed ring networking
Issue 01 (2013-10-30)

Ltd.
34
S Series Switch
1 Overview

1.
2.
Add all devices on the ring to SEP segment 1, and configure the roles of GE1/0/1 and
GE1/0/3 on LSW1 in SEP segment 1.
On the device where the primary edge port is located, specify that the port with the
highest priority will be blocked.
Set priorities of the ports in the SEP segment. Set the highest priority for GE1/0/2 on
LSW3 and retain the default priority of the other ports so that GE1/0/2 on LSW3 will
be blocked.
Configure delayed preemption on the device where the primary edge port is located.

To complete the configuration, you need the following data:
SEP segment ID
Control VLAN ID of the SEP segment
Roles of ports in the SEP segment
SEP preemption mode
Port blocking mode
Priorities of ports in the SEP segment

1.
# Configure LSW1.
# Configure LSW2.
# Configure LSW3.
Issue 01 (2013-10-30)

Ltd.
35
S Series Switch
1 Overview

# Configure LSW4.
# Configure LSW5.
2.
Add all devices on the ring to SEP segment 1 and configure port roles on the devices.
port.
# On LSW1, configure GE1/0/1 as the primary edge port and GE1/0/3 as the secondary
edge port.
[LSW1-GigabitEthernet1/0/1] sep segment 1 edge primary
[LSW1-GigabitEthernet1/0/3] sep segment 1 edge secondary
# Configure LSW2.
# Configure LSW3.
Issue 01 (2013-10-30)

Ltd.
36
S Series Switch
1 Overview

# Configure LSW4.
# Configure LSW5.
3.

# On LSW1 where the primary edge port is located, specify that the port with the highest
priority is blocked.
[LSW1-sep-segment1] block port optimal
4.
Set the priority of GE1/0/2 on LSW3.

[LSW3-GigabitEthernet1/0/2] sep segment 1 priority 128
5.

# Configure the delayed preemption mode on LSW1 where the primary edge port is
located.
[LSW1-sep-segment1] preempt delay 30
When delayed preemption is configured, you must set the delay because there is no default delay.
When the last faulty port recovers, the edge ports do not receive any fault notification
packet. If the primary edge port does not receive fault notification packets within 3
seconds, it immediately starts the delay timer. After the delay timer expires, nodes in the
SEP segment start preemption of the blocked port.
To implement delayed preemption in this example, you need to simulate a port fault and
then rectify the fault. For example, run the shutdown command on GE1/0/2 of LSW2 to
simulate a port fault. Then run the undo shutdown command on GE1/0/2 to rectify the
fault.
Step 2 Configure the Layer 2 forwarding function on CE1 and LSW1 to LSW5.
example.
Issue 01 (2013-10-30)

Ltd.
37
S Series Switch
1 Overview
Step 3 Verify the configuration.

Run the shutdown command on GE1/0/1 of LSW3 to simulate a port fault, and then run the
display sep interface command on LSW3 to check whether GE1/0/2 of LSW3 switches from
the Discarding state to the Forwarding state.
<LSW3> display sep interface gigabitethernet 1/0/2
SEP segment 1
---------------------------------------------------------------Interface
Port Role
Neighbor Status
Port Status
---------------------------------------------------------------GE1/0/2
common
up
forwarding
----End
Configuration Files

#
sysname LSW1
#
#
sep segment 1
control-vlan 10
block port optimal
preempt delay 30
#
stp disable
#
#
port hybrid tagged vlan 10 100 200
stp disable
#
return

#
sysname LSW2
#
vlan batch 10 100
#
sep segment 1
control-vlan 10
#
Issue 01 (2013-10-30)

Ltd.
38
S Series Switch
1 Overview
stp disable
sep segment 1
#
stp disable
sep segment 1
#
return

#
sysname LSW3
#
vlan batch 10 100
#
sep segment 1
control-vlan 10
#
stp disable
sep segment 1
#
stp disable
sep segment 1
sep segment 1 priority 128
#
#
return

#
sysname LSW4
#
vlan batch 10 100
#
sep segment 1
control-vlan 10
#
stp disable
sep segment 1
#
stp disable
Issue 01 (2013-10-30)

Ltd.
39
S Series Switch
1 Overview
sep segment 1
#
return

#
sysname LSW5
#
#
sep segment 1
control-vlan 10
#
stp disable
sep segment 1
#
#
port hybrid tagged vlan 10 100 200
stp disable
sep segment 1
#
return

#
sysname CE1
#
vlan batch 100
#
#
return
2.2.3 Scenario 3: Hybrid Networking of SEP and

Smart Link
Both SEP and Smart Link have a fast convergence speed. Therefore, the hybrid networking of
SEP and Smart Link is often used in network environments in which performance
requirements on access and aggregation devices are high and the number of access devices is
small. As shown in Figure 1.1, multiple Layer 2 switching devices are deployed at the access
layer and multiple Layer 2 devices form a ring network at the aggregation layer. Smart Link is
deployed at the access layer. A device has a master port and a slave port in a Smart Link group
and is connected to the upper-layer network through two uplinks. SEP is deployed at the
aggregation layer.
Issue 01 (2013-10-30)

Ltd.
40
S Series Switch
1 Overview
Devices in the SEP segment are enabled to process Smart Link Flush packets. After receiving
Flush packets sent by devices on the lower-layer Smart Link network, edge devices on the
upper-layer SEP network send TC packets to notify other devices in the SEP segment of the
lower-layer network topology change. Then all the devices delete the original MAC addresses
and learn new MAC addresses to ensure uninterrupted traffic transmission.
Figure 1.1 Hybrid networking of SEP and Smart Link

1.
Issue 01 (2013-10-30)
Configure SEP segment 1 on PE1 to PE4 and configure VLAN 10 as the control
Add PE1 to PE4 to SEP segment 1, and configure the roles of ports on PE1 in SEP
segment 1.
On the device where the primary edge port is located, specify that the port in the
middle of the SEP segment will be blocked.
Ltd.
41
S Series Switch
2.
3.
1 Overview
Configure manual preemption.
Enable PE3 and PE4 to process Smart Link Flush packets. The Smart Link groups are
connected to PE3 and PE4.
Configure basic Smart Link functions.
Add the GE1/0/1 and GE1/0/2 ports on CE1 and CE2 to two Smart Link groups
respectively. The GE1/0/1 ports are the master ports and GE1/0/2 ports are the slave
ports. The control VLANs of the two Smart Link groups are VLAN 20 and VLAN 30
respectively.
On PE3 and PE4, configure GE1/0/3 and GE1/0/4 to receive Smart Link Flush
packets.

1.
Configure SEP segment 1 and configure VLAN 10 as the control VLAN of SEP segment
1.
# Configure PE1.
<PE1> system-view
[PE1] sep segment 1
[PE1-sep-segment1] control-vlan 10
[PE1-sep-segment1] protected-instance all
[PE1-sep-segment1] quit
# Configure PE2.
< PE2> system-view
[PE2] sep segment 1
# Configure PE3.
< PE3> system-view
[PE3] sep segment 1
# Configure PE4.
< PE4> system-view
[PE4] sep segment 1
2.
Add PE1 to PE4 to SEP segment 1 and configure port roles.

# Configure PE1.
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] stp disable
[PE1-GigabitEthernet1/0/1] sep segment 1 edge primary
[PE1-GigabitEthernet1/0/1] quit
Issue 01 (2013-10-30)

Ltd.
42
S Series Switch
1 Overview
[PE1-GigabitEthernet1/0/2] sep segment 1 edge secondary

# Configure PE2.
[PE2-GigabitEthernet1/0/1] sep segment 1
# Configure PE3.
# Configure PE4.
3.

# On PE1 where the no-neighbor primary edge port is located, specify that the port in the
middle of the SEP segment is blocked.
[PE1] sep segment 1
[PE1-sep-segment1] block port middle
4.

# Configure the manual preemption mode on PE1.
[PE1-sep-segment1] preempt manual
5.
Enable PE3 and PE4 to process Smart Link Flush packets.

# Enable PE3 and PE4 to process Smart Link Flush packets.
# Configure PE3.
[PE3] sep segment 1
[PE3-sep-segment1] deal smart-link-flush
# Configure PE4.
[PE4] sep segment 1
[PE4-sep-segment1] deal smart-link-flush
Step 2 Configure basic Smart Link functions.

Issue 01 (2013-10-30)

Ltd.
43
S Series Switch
1.
1 Overview
Configure the Smart Link function on CE1 and CE2.

# Configure CE1.
<CE1> system-view
[CE1] smart-link group 1
[CE1-smlk-group1] port GigabitEthernet1/0/1 master
[CE1-smlk-group1] port GigabitEthernet1/0/2 slave
[CE1-smlk-group1] flush send control-vlan 20
[CE1-smlk-group1] smart-link enable
[CE1-smlk-group1] quit
# Configure CE2.
<CE2> system-view
[CE2] smart-link group 1
[CE2-smlk-group1] port GigabitEthernet1/0/1 master
[CE2-smlk-group1] port GigabitEthernet1/0/2 slave
[CE2-smlk-group1] flush send control-vlan 30
[CE2-smlk-group1] smart-link enable
[CE2-smlk-group1] quit
2.
On PE3 and PE4, configure GE1/0/3 and GE1/0/4 to receive Smart Link Flush packets.
# Configure PE3.
[PE3] interface GigabitEthernet1/0/3
[PE3-GigabitEthernet1/0/3] smart-link flush receive control-vlan 20
# Configure PE4.
Step 3 Configure the Layer 2 forwarding function on CE1, CE2, and PE1 to PE4.
example.
----End
Configuration Files
Configuration file of PE1

#
sysname PE1
#
#
sep segment 1
control-vlan 10
block port middle
#
Issue 01 (2013-10-30)

Ltd.
44
S Series Switch
1 Overview
port link-type trunk
port trunk allow-pass vlan 10 100 200
stp disable
#
stp disable
#
return

#
sysname PE2
#
#
sep segment 1
control-vlan 10
#
stp disable
sep segment 1
#
stp disable
sep segment 1
#
stp disable
sep segment 1
#
return

#
sysname PE3
#
vlan batch 10 20 30 100 200
#
sep segment 1
control-vlan 10
#
Issue 01 (2013-10-30)

Ltd.
45
S Series Switch
1 Overview
stp disable
sep segment 1
#
stp disable
sep segment 1
#
port trunk allow-pass vlan 10 20 100 200
smart-link flush receive control-vlan 20
#
#
return

#
sysname PE4
#
vlan batch 10 20 30 100 200
#
sep segment 1
control-vlan 10
#
stp disable
sep segment 1
#
stp disable
sep segment 1
#
#
#
return
Issue 01 (2013-10-30)

Ltd.
46
S Series Switch
1 Overview
#
sysname CE1
#
vlan batch 20 100
#
port trunk allow-pass vlan 20 100
stp disable
#
stp disable
#
smart-link group 1
smart-link enable
port GigabitEthernet1/0/1 master
port GigabitEthernet1/0/2 slave
flush send control-vlan 20
#
return

#
sysname CE2
#
vlan batch 30 200
#
stp disable
#
stp disable
#
smart-link group 1
smart-link enable
flush send control-vlan 30
#
return

MSTP
As shown in Figure 1.1, multiple Layer 2 switching devices are deployed at the access layer
and multiple Layer 3 devices form a ring network at the aggregation layer. MSTP is deployed
at the aggregation layer to eliminate redundant links. SEP can be deployed at the access layer.
Issue 01 (2013-10-30)

Ltd.
47
S Series Switch
1 Overview
network.
Topology change notification can be deployed on edge devices in the SEP segment so
that the upper-layer network can know topology changes of the lower-layer network in
real time.
After receiving TC packets from the lower-layer network, edge devices on the upper-layer
network send TC packets to notify other devices on the network of the topology change. Then
all the devices delete the original MAC addresses and learn new MAC addresses to ensure
uninterrupted traffic transmission.
Figure 1.1 Hybrid networking of SEP and MSTP

Issue 01 (2013-10-30)

Ltd.
48
S Series Switch
1.
1 Overview
Add LSW1 to LSW3 to SEP segment 1 and configure port roles on the edge devices
of the SEP segment, namely, LSW1 and LSW2.
PE1 and PE2 do not support the SEP protocol. Therefore, the ports on LSW1 and LSW2 connected to
the PEs must be no-neighbor edge ports.
2.
3.
On the device where the no-neighbor primary edge port is located, specify that the
port in the middle of the SEP segment will be blocked.
Configure manual preemption.
Configure the topology change notification function so that the upper-layer network
running MSTP can be notified of topology changes in the SEP segment.
Configure basic MSTP functions.
Add PE1 to PE4 to an MST region RG1.
Create VLANs on PE1 to PE4 and add ports on the MSTP ring to the VLANs.
Configure PE3 as the root bridge and PE4 as the backup root bridge.
Configure the Layer 2 forwarding function on CE and LSW1 to LSW3.

1.
1.
# Configure LSW1.
# Configure LSW2.
# Configure LSW3.
Issue 01 (2013-10-30)

Ltd.
49
S Series Switch
1 Overview
2.
Add LSW1 to LSW3 to SEP segment 1 and configure port roles.

# Configure LSW1.
[LSW1-GigabitEthernet1/0/1] sep segment 1 edge no-neighbor primary
# Configure LSW2.
[LSW2-GigabitEthernet1/0/1] sep segment 1 edge no-neighbor secondary
# Configure LSW3.
3.

# On LSW1 where the no-neighbor primary edge port is located, specify that the port in
the middle of the SEP segment is blocked.
[LSW1-sep-segment1] block port middle
4.

# Configure the manual preemption mode on LSW1.
[LSW1-sep-segment1] preempt manual
5.
Configure the topology change notification function.

# Configure SEP segment 1 to notify the MSTP network of topology changes.
# Configure LSW1.
[LSW1-sep-segment1] tc-notify stp
# Configure LSW2.
[LSW2-sep-segment1] tc-notify stp
Issue 01 (2013-10-30)

Ltd.
50
S Series Switch
1 Overview
Step 2 Configure basic MSTP functions.

1.
Configure an MST region.

# Configure PE1.
[Switch] sysname PE1
[PE1] stp region-configuration
[PE1-mst-region] region-name RG1
[PE1-mst-region] active region-configuration
[PE1-mst-region] quit
# Configure PE2.
# Configure PE3.
# Configure PE4.
2.
Create a VLAN and add ports on the ring network to the VLAN.
# On PE1, create VLAN 100 and add GE1/0/1, GE1/0/2, and GE1/0/3 to VLAN 100.
[PE1] vlan 100
[PE1-vlan100] quit
[PE1] interface gigabitethernet
[PE1-GigabitEthernet1/0/1] port
1/0/1
hybrid tagged vlan 100
1/0/2
1/0/3
# On PE2, PE3, and PE4, create VLAN 100 and add GE1/0/1, GE1/0/2, and GE1/0/3 to
VLAN 100.
The configurations of PE2, PE3, and PE4 are similar to the configuration of PE1, and are
not mentioned here. For details, see configuration files in this example.
3.
Issue 01 (2013-10-30)
Enable MSTP.
Ltd.
51
S Series Switch
1 Overview
# Configure PE1.
[PE1] stp enable
# Configure PE2.
[PE2] stp enable
# Configure PE3.
[PE3] stp enable
# Configure PE4.
[PE4] stp enable
4.
Configure PE3 as the root bridge and PE4 as the backup root bridge.
# Set the priority of PE3 to 0 in MSTI0 to ensure that PE3 functions as the root bridge.
[PE3] stp instance 0 priority 0
[PE3] stp root primary
# Set the priority of PE4 to 4096 in MSTI0 to ensure that PE4 functions as the backup
root bridge.
[PE4] stp instance 0 priority 4096
[PE4] stp root secondary
Step 3 Configure the Layer 2 forwarding function on CE and LSW1 to LSW3.

example.
After the configurations are complete and the network becomes stable, perform the following
operations to verify the configurations. LSW3 is used as an example.
Run the shutdown command on GE1/0/1 of LSW2 to simulate a port fault, and then run the
display sep interface command on LSW3 to check whether GE1/0/2 of LSW3 switches from
the Discarding state to the Forwarding state.
<LSW3> display sep interface gigabitethernet 1/0/2
SEP segment 1
---------------------------------------------------------------Interface
Port Role
Neighbor Status
Port Status
---------------------------------------------------------------GE1/0/2
common
up
forwarding
----End
Configuration Files

#
sysname LSW1
#
vlan batch 10 100
#
sep segment 1
control-vlan 10
block port middle
tc-notify stp
Issue 01 (2013-10-30)

Ltd.
52
S Series Switch
1 Overview
#
stp disable
sep segment 1 no-neighbor edge primary
#
stp disable
sep segment 1
#
return

#
sysname LSW2
#
vlan batch 10 100
#
sep segment 1
control-vlan 10
tc-notify stp
#
stp disable
sep segment 1
#
stp disable
sep segment 1 no-neighbor edge secondary
#
return

#
sysname LSW3
#
vlan batch 10 100
#
sep segment 1
control-vlan 10
#
stp disable
sep segment 1
#
stp disable
sep segment 1
#
Issue 01 (2013-10-30)

Ltd.
53
S Series Switch
1 Overview
port hybrid tagged vlan vlan 100
#
return

#
sysname PE1
#
vlan batch 100
#
stp region-configuration
region-name RG1
active region-configuration
#
#
#
#
return

#
sysname PE2
#
vlan batch 100
#
region-name RG1
#
#
#
#
return

#
sysname PE3
#
vlan batch 100 200
#
stp instance 0 root primary
#
Issue 01 (2013-10-30)

Ltd.
54
S Series Switch
1 Overview
region-name RG1
#
#
#
#
return

#
sysname PE4
#
vlan batch 100 200
#
stp instance 0 root secondary
#
region-name RG1
#
#
#
#
return
Configuration file of CE
#
sysname CE
#
vlan batch 100
#
#
return
Issue 01 (2013-10-30)

Ltd.
55
S Series Switch
1 Overview

RRPP
The hybrid networking of SEP and RRPP is often applied to a scenario that has an RRPP ring
network deployed. SEP supports open ring networks. It is easy to connect an SEP network to
the existing RRPP ring network. As shown in Figure 1.1, multiple Layer 2 switching devices
at the access and aggregation layers form ring networks and are connected to the core layer.
RRPP is deployed at the aggregation layer to eliminate redundant links. SEP can be deployed
at the access layer.
network.
Topology change notification can be deployed on edge devices in the SEP segment so
that the upper-layer network can know topology changes of the lower-layer network in
real time.
After receiving TC packets from the lower-layer SEP network, edge devices on the upperlayer RRPP network send COMMON-FLUSH-FDB packets to notify other devices on the
network of the topology change. Then all the devices delete the original MAC addresses and
learn new MAC addresses to ensure uninterrupted traffic transmission.
Issue 01 (2013-10-30)

Ltd.
56
S Series Switch
1 Overview
Figure 1.1 Hybrid networking of SEP and RRPP

1.
2.
Issue 01 (2013-10-30)
On PE1, PE2, and LSW1 to LSW3, configure SEP segment 1 and configure VLAN
10 as the control VLAN of SEP segment 1.
Add PE1, PE2, and LSW1 to LSW3 to SEP segment 1 and configure port roles on the
edge devices of the SEP segment, namely, PE1 and PE2.
On the device where the primary edge port is located, specify the port blocking mode.
Configure the SEP preemption mode to ensure that the specified blocked port is
available when the fault is rectified.
Configure the topology change notification function so that the upper-layer network
running RRPP can be notified of topology changes in the SEP segment.
Configure basic RRPP functions.

Ltd.
57
S Series Switch
3.
1 Overview
Add PE1 to PE4 to RRPP domain 1. Create control VLAN 5 on PE1 to PE4 and
configure a protected VLAN.
Configure PE1 as the master node and PE2 to PE4 as transit nodes of the master ring,
and configure primary and secondary ports on the nodes.
Create VLANs on PE1 to PE4 and add ports on the RRPP ring to the VLANs.
Configure the Layer 2 forwarding function on CE and LSW1 to LSW3.

1.
1.
# Configure PE1.
<PE1> system-view
[PE1] sep segment 1
# Configure PE2.
<PE2> system-view
[PE2] sep segment 1
# Configure LSW1.
<LSW1> system-view
# Configure LSW2.
<LSW2> system-view
# Configure LSW3.
<LSW3> system-view
2.
Add PE1, PE2, and LSW1 to LSW3 to SEP segment 1 and configure port roles.
port.
# Configure PE1.
Issue 01 (2013-10-30)

Ltd.
58
S Series Switch
1 Overview
[PE1-GigabitEthernet1/0/1] sep segment 1 edge primary

# Configure LSW1.
# Configure LSW2.
# Configure LSW3.
# Configure PE2.
[PE1-GigabitEthernet1/0/1] sep segment 1 edge secondary
After the configurations are complete, run the display sep topology command on PE1 to
view topology information of the SEP segment. The command output shows that the
blocked port is one of the two ports that complete neighbor negotiation last.
[PE1] display sep topology
SEP segment 1
----------------------------------------------------------------System Name
Port Name
Port Role
Port Status
----------------------------------------------------------------PE1
GE1/0/1
primary
forwarding
LSW1
GE1/0/1
common
forwarding
LSW1
GE1/0/2
common
forwarding
LSW3
GE1/0/2
common
forwarding
LSW3
GE1/0/1
common
forwarding
LSW2
GE1/0/2
common
forwarding
LSW2
GE1/0/1
common
forwarding
PE2
GE1/0/1
secondary
discarding
3.
Issue 01 (2013-10-30)
Flexibly specify the blocked port.

Ltd.
59
S Series Switch
1 Overview
# On PE1 where the primary edge port is located, specify that the port in the middle of
the SEP segment is blocked.
[PE1] sep segment 1
[PE1-sep-segment1] block port middle
4.

# Configure the manual preemption mode on PE1.
[PE1-sep-segment1] preempt manual
5.
Configure the topology change notification function.

# Configure SEP segment 1 to notify the RRPP network of topology changes.
# Configure PE1.
[PE1-sep-segment1] tc-notify rrpp
# Configure PE2.
[PE2] sep segment 1
[PE2-B-sep-segment1] tc-notify rrpp
[PE2-B-sep-segment1] quit
After the configurations are complete, perform the following operations to verify the
configurations. PE1 is used as an example.
6.
Run the display sep topology command on PE1 to view topology information of the
SEP segment.
The topology information shows that GE1/0/2 of LSW3 is in Discarding state, and the
other ports are in Forwarding state.
[PE1] display sep topology
SEP segment 1
----------------------------------------------------------------System Name
Port Name
Port Role
Port Status
----------------------------------------------------------------PE1
GE1/0/1
primary
forwarding
LSW1
GE1/0/1
common
forwarding
LSW1
GE1/0/2
common
forwarding
LSW3
GE1/0/2
common
discarding
LSW3
GE1/0/1
common
forwarding
LSW2
GE1/0/2
common
forwarding
LSW2
GE1/0/1
common
forwarding
PE2
GE1/0/1
secondary
forwarding
7.
Run the display sep interface verbose command on PE1 to view detailed information
about ports in the SEP segment.
[PE1] display sep interface verbose
SEP segment 1
Control-vlan
:10
Preempt Delay Timer
:0
TC-Notify Propagate to :rrpp
---------------------------------------------------------------Interface
:GE1/0/1
Port Role
:Config = primary / Active = primary
Port Priority
:64
Port Status
:forwarding
Neighbor Status
:up
Neighbor Port
:LSW1 - GE1/0/1 (00e0-0829-7c00.0000)
NBR TLV
rx :2124
tx :2126
Issue 01 (2013-10-30)

Ltd.
60
S Series Switch
1 Overview
LSP INFO TLV

LSP ACK TLV
PREEMPT REQ TLV
PREEMPT ACK TLV
TC Notify
EPA
rx
rx
rx
rx
rx
rx
:2939
:113
:0
:3
:5
:363
tx
tx
tx
tx
tx
tx
:135
:768
:3
:0
:3
:397
Step 2 Configure basic RRPP functions.

1.
Add PE1 to PE4 to RRPP domain 1. Create control VLAN 5 on PE1 to PE4 and
configure a protected VLAN.
# Configure PE1.
[PE1-mst-region] instance 1 vlan 5 6 100
[PE1] rrpp domain 1
[PE1-rrpp-domain-region1] control-vlan 5
[PE1-rrpp-domain-region1] protected-vlan reference-instance 1
# Configure PE2.
[PE2] rrpp domain 1
# Configure PE3.
[PE3] rrpp domain 1
# Configure PE4.
[PE4] rrpp domain 1
2.
Create a VLAN and add ports on the ring network to the VLAN.
[PE1] vlan 100
[PE1-vlan100] quit
[PE1-GigabitEthernet1/0/1] port link-type trunk
[PE1-GigabitEthernet1/0/1] port trunk allow-pass vlan 100
Issue 01 (2013-10-30)

Ltd.
61
S Series Switch
1 Overview

[PE2] vlan 100
[PE2-vlan100] quit
[PE3] vlan 100
[PE3-vlan100] quit
[PE4] vlan 100
[PE4-vlan100] quit
Issue 01 (2013-10-30)

Ltd.
62
S Series Switch
1 Overview
3.
Configure PE1 as the master node and PE2 to PE4 as transit nodes of the master ring,
and configure primary and secondary ports on the nodes.
# Configure PE1.
[PE1] rrpp domain 1
[PE1-rrpp-domain-region1] ring 1 node-mode master primary-port
gigabitethernet1/0/2 secondary-port gigabitethernet1/0/3 level 0
[PE1-rrpp-domain-region1] ring 1 enable
# Configure PE2.
[PE2] rrpp domain 1
[PE2-rrpp-domain-region1] ring 1 node-mode transit primary-port
# Configure PE3.
[PE3] rrpp domain 1
# Configure PE4.
[PE4] rrpp domain 1
4.
Enable RRPP.
# Configure PE1.
[PE1] rrpp enable
# Configure PE2.
[PE2] rrpp enable
# Configure PE3.
[PE3] rrpp enable
# Configure PE4.
[PE4] rrpp enable
After the configurations are complete, run the display rrpp brief or display rrpp
verbose domain command on the devices. PE1 is used as an example.
[PE1] display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge
RRPP Protocol Status: Enable
RRPP Working Mode: HW
RRPP Linkup Delay Timer: 0 sec (0 sec default)
Number of RRPP Domains: 1
Domain Index
: 1
Control VLAN
: major 5
sub 6
Protected VLAN : Reference Instance 1
Hello Timer
: 1 sec(default is 1 sec)
Ring Ring
Node Primary/Common
ID
Level Mode Port
Issue 01 (2013-10-30)
Fail Timer : 6 sec(default is 6 sec)

Secondary/Edge
Is
Port
Enabled

Ltd.
63
S Series Switch
1 Overview
---------------------------------------------------------------------------1
0
M
GigabitEthernet1/0/2
Yes
The command output shows that RRPP is enabled on PE1. In domain 1, VLAN 5 is the
major control VLAN, VLAN6 is the sub-control VLAN, and VLANs mapping instance 1
are the protected VLANs. PE1 is the master node on ring 1. The primary node is
GE1/0/2 and the secondary port is GE1/0/3.
[PE1] display rrpp verbose domain 1
Domain Index
: 1
Control VLAN
: major 5
sub 6
Hello Timer
RRPP Ring
Ring Level
Node Mode
Ring State
Is Enabled
Primary port
Secondary port
:
:
:
:
:
:
:
1
0
Master
Complete
Enable
Is Active: Yes
Port status: UP
Port status: BLOCKED
The command output shows that VLAN 5 is the major control VLAN, VLAN6 is the
sub-control VLAN, and VLANs mapping instance 1 are the protected VLANs in domain
1. PE1 is the master node in domain 1 and is in Complete state. The primary node is
GE1/0/2 and the secondary port is GE1/0/3.
Step 3 Configure the Layer 2 forwarding function on CE and LSW1 to LSW3.
example.
----End
Configuration Files

#
sysname LSW1
#
vlan batch 10 100
#
sep segment 1
control-vlan 10
#
undo port trunk allow-pass vlan 1
stp disable
sep segment 1
#
stp disable
Issue 01 (2013-10-30)

Ltd.
64
S Series Switch
1 Overview
sep segment 1
#
return

#
sysname LSW2
#
vlan batch 10 100
#
sep segment 1
control-vlan 10
#
stp disable
sep segment 1
#
stp disable
sep segment 1
#
return

#
sysname LSW3
#
vlan batch 10 100
#
sep segment 1
control-vlan 10
#
stp disable
sep segment 1
#
stp disable
sep segment 1
#
port trunk allow-pass vlan 100
#
return
Issue 01 (2013-10-30)

Ltd.
65
S Series Switch
1 Overview
#
sysname PE1
#
vlan batch 5 to 6 10 100
#
rrpp enable
#
instance 1 vlan 5 to 6 100
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode master primary-port GigabitEthernet 1/0/2 secondary-port
GigabitEthernet 1/0/3 level 0
ring 1 enable
#
sep segment 1
control-vlan 10
block port middle
tc-notify rrpp
#
stp disable
#
port trunk allow-pass vlan 5 to 6 100
stp disable
#
stp disable
#
return

#
sysname PE2
#
#
rrpp enable
#
#
rrpp domain 1
control-vlan 5
Issue 01 (2013-10-30)

Ltd.
66
S Series Switch
1 Overview
ring 1 node-mode transit primary-port GigabitEthernet 1/0/2 secondary-port
ring 1 enable
#
sep segment 1
control-vlan 10
tc-notify rrpp
#
stp disable
#
stp disable
#
stp disable
#
return

#
sysname PE3
#
#
rrpp enable
#
#
rrpp domain 1
control-vlan 5
ring 1 enable
#
stp disable
#
port trunk allow-pass vlan 5 to 6 100 200
stp disable
Issue 01 (2013-10-30)

Ltd.
67
S Series Switch
1 Overview
#
port default vlan 200
#
return

#
sysname PE4
#
#
rrpp enable
#
#
rrpp domain 1
control-vlan 5
ring 1 enable
#
stp disable
#
port trunk allow-pass vlan 5 to 6 100 200
stp disable
#
#
return
Configuration file of CE
#
sysname CE
#
vlan batch 100
#
#
return
Issue 01 (2013-10-30)

Ltd.
68
S Series Switch
1 Overview
2.3 Troubleshooting
2.3.1 Troubleshooting Overview
SEP supports various complex networking and has a fast convergence time. SEP enables a
device on the Ethernet network to selectively block ports so that traffic is load balanced. SEP
is widely used because of its advantages. Various problems occur when SEP is used. The
major problem is that SEP causes traffic forwarding failure. This section describes common
causes of SEP faults, and provides the corresponding troubleshooting flowchart and trouble
shooting procedure.
2.3.2 Fault 1: Traffic Forwarding Fails on SEP Links

2.3.2.1 Fault Description
After SEP is configured on a ring network, traffic cannot be forwarded normally.
This fault is often caused by one of the following reasons:
The SEP configuration is incorrect.
A port does not allow data packets of the specified VLAN to pass.
A physical port is faulty.
2.3.2.2 Troubleshooting Roadmap

The troubleshooting roadmap is as follows:
1.
Check whether the topology and status of the SEP segment are normal.
2.
Check whether ports on the ring network allow data packets of the specified VLAN to
pass.
3.
Check whether physical ports on the ring network are in Down state.
4.
Check whether physical ports on the ring network are faulty.
2.3.2.3 Troubleshooting Flowchart

Rectify the fault according to Figure 1.1.
Issue 01 (2013-10-30)

Ltd.
69
S Series Switch
1 Overview
Figure 1.1 SEP link troubleshooting flowchart
2.3.2.4 Troubleshooting Procedure

Step 1 Check whether the topology and status of the SEP segment are normal.
In normal situations, an SEP segment contains only one primary edge port and one secondary
edge port. Other ports in the SEP segment are common ports.
Run the display sep topology [ segment segment-id ] [ verbose ] command in any view to
check the topology and status of the SEP segment.
<Quidway> display sep topology
SEP segment 1
---------------------------------------------------------------System Name
Port Name
Port Role
Port Status
----------------------------------------------------------------
Issue 01 (2013-10-30)

Ltd.
70
S Series Switch
LSW1
LSW2
LSW2
LSW3
LSW3
LSW4
LSW4
LSW5
LSW5
LSW1
1 Overview
GE1/0/1
GE1/0/1
GE1/0/2
GE1/0/0
GE1/0/2
GE1/0/1
GE1/0/2
GE1/0/1
GE1/0/3
GE1/0/3
primary
common
common
common
common
common
common
common
common
secondary
forwarding
forwarding
forwarding
forwarding
discarding
forwarding
forwarding
forwarding
forwarding
forwarding
If the topology and status of the SEP segment are abnormal, perform the following
operations:
Check whether the SEP configuration is correct.
Check the status of ports in the SEP segment and go to .
If the topology and status of the SEP segment are normal, go to .
Step 2 Check whether the port is in Down state.

Run the display interface command in any view to check the status of the port.
<Quidway> display interface GigabitEthernet 1/0/1
GigabitEthernet1/0/1 current state : DOWN
Line protocol current state : DOWN
Description:HUAWEI, Quidway Series, GigabitEthernet1/0/1 Interface
Switch Port, PVID :
1, TPID : 8100(Hex), The Maximum Frame Length is 1600
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 000b-0918-8bc1
Port Mode: COMMON COPPER
Speed :
10, Loopback: NONE
Duplex: HALF, Negotiation: ENABLE
Mdi
: AUTO
Last 300 seconds input rate 0 bits/sec, 0 packets/sec
Last 300 seconds output rate 0 bits/sec, 0 packets/sec
Input peak rate 0 bits/sec, Record time: Output peak rate 0 bits/sec, Record time: Input: 0 packets, 0 bytes
Unicast
:
0, Multicast
:
0
Broadcast
:
0, Jumbo
:
0
CRC
:
0, Giants
:
0
Jabbers
:
0, Fragments
:
0
Runts
:
0, DropEvents
:
0
Alignments
:
0, Symbols
:
0
Ignoreds
:
0, Frames
:
0
Discard
:
0, Total Error
:
0
Output: 0 packets, 0 bytes
Unicast
:
0, Multicast
:
0
Broadcast
:
0, Jumbo
:
0
Collisions
:
0, Deferreds
:
0
Late Collisions:
0, ExcessiveCollisions:
0
Buffers Purged :
0
Discard
:
0, Total Error
:
0
Input bandwidth utilization threshold : 100.00%
Output bandwidth utilization threshold: 100.00%
Input bandwidth utilization : 0.00%
Output bandwidth utilization : 0.00%
Issue 01 (2013-10-30)

Ltd.
71
S Series Switch
1 Overview
If the port is in Down state, run the display this command in the interface view to check
whether the port has been shut down.
If the command output displays shutdown, run the undo shutdown command in the
interface view.
If shutdown is not displayed, go to .
If the port is in Up state, go to .
Step 3 Check whether physical ports are faulty.
If physical ports are faulty, rectify the fault.
If physical ports are working properly, go to Step 4.
Step 4 Check whether ports in the SEP segment allow data packets of the specified VLAN to pass.
Run the display this command in the interface view to check whether the port allows data
packets of the specified VLAN to pass.
[Quidway] interface GigabitEthernet 1/0/1
[Quidway-GigabitEthernet1/0/1] display this
stp disable
#
return
If the port does not allow packets of the specified VLAN to pass, configure it to allow
packets of this VLAN to pass.
If the port allows packets of the specified VLAN to pass, go to Step 5.
Step 5 Collect the following information and contact Huawei technical support personnel:
Results of the preceding troubleshooting procedure
Configuration file, logs, and alarms of devices
----End
2.3.3 Information Collection Methods

If the fault cannot be located, collect the following information. If non-Huawei devices are
involved, collect information according to the command reference. For methods of collecting
switch logs and diagnosis logs, see chapter 9"Switch Logs and Diagnosis Logs."
2.3.3.1 Network Topology

Collect network topology information including device names, system MAC addresses, and
names of connected ports.
2.3.3.2 List of the display Commands

Command
Description
display version
Displays version information.
display device
Displays device status information.
Issue 01 (2013-10-30)

Ltd.
72
S Series Switch
1 Overview
Command
Description
display patch-information
Displays patch information.
display cpu-usage (slot slot-id)
Displays the CPU usage.
display memory-usage (slot slot-id)
Displays the memory usage.
display current-configuration
Displays the device configuration.
display interface
Displays traffic on all ports. (Collect the

information once every five minutes and twice
in total.)
display sep topology
Displays the topology and status of the SEP

segment.
2.4 Troubleshooting Cases

2.4.1 Case 1: After the SEP Configuration on a Faulty
Port Is Deleted, a Device Cannot Be Managed
2.4.1.1 Symptom and Networking
As shown in Figure 1.1, SwitchA, SwitchB, SwitchC, SwitchG, SwitchF, and SwitchE form
SEP segment 1. SwitchC, SwitchD, and SwitchE form SEP segment 2. The link between
SwitchC and SwitchD is faulty. After the SEP configuration on the faulty port of SwitchD is
deleted, SwitchD cannot be managed.
Figure 1.1 Networking
Issue 01 (2013-10-30)

Ltd.
73
S Series Switch
1 Overview
2.4.1.2 Root Cause

When the link between SwitchC and SwitchD is faulty, the blocked port in SEP segment 2 is
unblocked. The two faulty ports are in Discarding state. After the SEP configuration on the
faulty port of SwitchD is deleted, SEP segment 2 selects a new blocked port between the two
connected ports of SwitchD and SwitchE. Both the two links connecting SwitchD to SwitchC
and SwitchE fail. As a result, SwitchD cannot be managed.
2.4.1.3 Identification Method

Run the display sep topology segment <segment-id> command to view the current topology
information and locate the faulty port.
# display sep topology segment <segment-id>
<SwitchD> display sep topology segment 2
SEP segment 2
SEP detects a segment failure that may be caused by an incomplete topology
----------------------------------------------------------------System Name
Port Name
Port Role
Port Status
----------------------------------------------------------------SwitchE
GE0/0/3
secondary
forwarding
SwitchD
GE0/0/1
common
forwarding
SwitchD
GE0/0/2
common
discarding
2.4.1.4 Solution
When deleting SEP configurations in an open ring scenario, you are advised to delete the
configurations from one end of the open ring. When only one SEP-enabled port is left, shut
down the port and then delete the SEP configuration on the port.
2.4.1.5 Summary
When deleting SEP configurations, you need to consider the deployment of service VLANs in
the SEP segment. Otherwise, a device may become unmanageable or services may be
interrupted because of multiple blocked ports.
Issue 01 (2013-10-30)

Ltd.
74
S Series Switch
1 Overview
STP
3.1 Overview
3.1.1.1 Background
On a Layer 2 switching network, packets will be generated and transmitted infinitely once a
loop occurs, causing a broadcast storm. All available bandwidth is consumed by the broadcast
storm, and therefore valid packets cannot be transmitted on the network.
The Spanning Tree Protocol (STP) is developed to solve the problem. STP is a Layer 2
management protocol. It selectively blocks redundant links to eliminate loops on Layer 2
networks. STP also supports link backup.
Like other protocols, STP evolves continuously with the network development. In the
beginning, the IEEE802.1D-1998 STP protocol was widely used. The IEEE 802.1w Rapid
Spanning Tree Protocol (RSTP) and the IEEE 802.1s Multiple Spanning Tree Protocol
(MSTP) were developed on the basis of STP afterwards.
3.1.1.2 Introduction to STP

In a narrow sense, STP refers to the STP protocol defined in IEEE 802.1D-1998.
STP is a link-layer management protocol that detects and prevents loops on Layer 2 networks.
STP blocks redundant links and prunes a network into a tree topology free from loops. To
implement the STP function, devices are required to exchange information. The exchanged
information units are called bridge protocol data units (BPDUs).
BPDU is also named configuration information. In this document, STP packets are called
BPDUs. STP BPDUs are Layer 2 packets and the destination MAC address in the packets is
the multicast address 01-80-C2-00-00-00. The data area in STP BPDUs contains all
information used for STP calculation.
However, STP convergence is slow. A port must wait 30s to enter the Forwarding state.
To solve the slow convergence problem of STP, RSTP was defined in IEEE 802.1w released
by the IEEE in 2001. Based on STP, RSTP provides a faster convergence speed and has the
following three improvements:
Issue 01 (2013-10-30)

Ltd.
75
S Series Switch
1 Overview
Configures alternate ports that are used to implement fast switchover for root ports and
configures backup ports for designated ports.
On a point-to-point link connecting only two switch ports, designated ports enter the
Forwarding state without delay after one-way handshake with the downstream bridge.
Defines ports directly connected to terminals rather than other bridges as edge ports.
Edge ports can directly enter the Forwarding state after being configured manually.
However, both RSTP and STP have a defect, that is, all the VLANs on the same LAN share
the same spanning tree. As a result, data traffic cannot be load balanced among different
VLANs. In addition, packets of some VLANs may fail to be forwarded.
MSTP is a new spanning tree protocol defined in IEEE 802.1s and has obvious advantages
compared with STP and RSTP. MSTP has the following features:
Divides a switching network into multiple regions. Each region has multiple spanning
trees, which are independent of each other. MSTP uses a Common and Internal Spanning
Tree (CIST) to prevent loops in the entire network topology.
Maps multiple VLANs to one instance. The topology of each multiple spanning tree
instance (MSTI) is calculated independently (each instance has an independent spanning
tree). Traffic from different VLAN is load balanced among the instances.
Provides a fast port transition mechanism similar to that used in RSTP.
MSTP is compatible with STP and RSTP.
3.1.1.3 MSTP Concepts

As shown in Figure 1.1, the LAN contains four MST regions. Each region consists of four
switches. MSTP concepts are clarified based on Figure 1.1.
Figure 1.1 MSTP network diagram
A0
VLAN1--> MSTI1
VLAN2--> MSTI2
other VLANs-->MSTI0
D0
VLAN1--> MSTI1
VLAN2,VLAN3--> MSTI2
other VLANs-->MSTI0
B0
C0
VLAN1--> MSTI1
VLAN2,VLAN3--> MSTI2
other VLANs-->MSTI0
CST
Issue 01 (2013-10-30)
VLAN1--> MSTI1
VLAN2--> MSTI2
other VLANs-->MSTI0

Ltd.
76
S Series Switch
1 Overview
MST region
A multiple spanning tree (MST) region consists of several switches in a LAN and
network segments between the switches. The devices run MSTP and have the same
region name, mapping between VLANs and MSTIs, and MSTP revision level. As shown
in Figure 1.1, the A0 region is an MST region.
A LAN can comprise several directly or indirectly connected MST regions. In Figure
1.1, the LAN comprises four MST regions, namely, A0, B0, C0, and D0.
MSTI
Multiple spanning trees can be generated in an MST region. Each spanning tree is
independent of one another and maps a VLAN. Such a spanning tree is called a multiple
spanning tree instance (MSTI). As shown in Figure 1.2, the D0 region contains three
MSTIs, namely, MSTI 0, MSTI 1, and MSTI 2.
CST
The common spanning tree (CST) is a single spanning tree that connects all MST regions
on a switching network. If each MST region is considered as a switch, the CST is a
spanning tree generated by STP and RSTP calculation. In Figure 1.1, the dotted blue line
indicates the CST.
IST
The internal spanning tree (IST) is a spanning tree in instance 0 of each MST region. It is
a fragment of the CIST in the MST region. IST is also called MSTI 0. In Figure 1.2,
MSTI 0 is an IST. The ISTs of all MST regions and the CST form a complete spanning
tree, that is, the CIST.
CIST
The Common and Internal Spanning Tree (CIST) is a single spanning tree calculated by
STP and RSTP. CIST connects all switches on a switching network.
Figure 1.2 Mappings between the MSTI, IST and VLAN
D0
SwitchA
AP1
MSTI1
root switch: SwitchC
MSTI2
root switch: SwitchB
SwitchB
SwitchC
SwitchD
Issue 01 (2013-10-30)
MSTI0 (IST)
root switch: SwitchA
VLAN1
VLAN2,VLAN3
other VLANs
MSTI1
MSTI2
MSTI0
VLAN mapping table

Ltd.
77
S Series Switch
1 Overview
The VLAN mapping table is an attribute of an MST region. It describes the mapping
between a VLAN and an MSTI. As shown in Figure 1.2, VLAN 1 maps to MSTI 1,
VLAN 2 and VLAN 3 map to MSTI 2, and other VLANs map to MSTI 0 in the MST
region D0.
Regional root
Regional roots are classified into CIST regional roots and MSTI regional roots. A CIST
regional root is the root of an IST, and an MSTI regional root is the root of an MSTI. If
topologies of spanning trees in an MST region are different, regional roots may be
different.
CIST root
The CIST root is the root switch of the CIST.
External root path cost

The external root path cost is the cost of the shortest path from a port to the CIST root.
Internal root path cost

The internal root path cost is the cost of the shortest path from a port to a regional root.
Bridge ID
The bridge ID contains 64 bits in total. The leftmost 16 bits are the STP priority of a
switch and the other 48 bits are the MAC address of the switch.
Edge port
An edge port is the port located at the edge of the whole region and is not connected to
any switch. Generally, the edge port is directly connected to a user terminal.
Region edge port

A region edge port is located at the edge of an MST region and connects ports in
different MST regions, MST regions and regions running STP, or MST regions and
regions running RSTP.
Port role
During MSTP calculation, MSTP defines five port roles: root port, designated port,
alternate port, backup port, and master port. A port can function as different roles in
different MSTIs. Figure 1.3 shows port roles defined in MSTP.
Figure 1.3 Port roles defined in MSTP
SwitchA
root
AP2
AP3
root port
CP1
BP1
SwitchC
CP2
CP3
designated port
SwitchB
alternate port
BP2
backup port
Root port
On a non-root switch, the root port is the port closest to the root switch. The root
switch does not have a root port. The root port is responsible for forwarding data to
the tree root.
Issue 01 (2013-10-30)

Ltd.
78
S Series Switch
1 Overview
As shown in Figure 1.3, SwitchA is the root switch. CP1 is the root port of SwitchC
and BP1 is the root port of SwitchB.
Designated port
The designated port is responsible for forwarding data to the downstream network
segment or switch.
As shown in Figure 1.3, AP2 and AP3 are the designated ports of SwitchA, and CP2
is the designated port of SwitchC.
Alternate port
The alternate port is the backup port of the root port. If the root port is blocked, the
alternate port becomes the root port. As shown in Figure 1.3, BP2 is an alternate port.
Backup port
When two ports of a switch are connected, a loop is formed, and then the switch
blocks one of the two ports. The blocked port is a backup port. The other port is in
Forwarding state and becomes a designated port. As shown in Figure 1.3, CP3 is the
backup port. The backup port is the backup port of the designated port.
Master port
A master port connects an MST region to the CIST root. It is on the shortest path
from the MST region to the CIST root. The master port is the root port in the
IST/CIST and is the master port in other MSTIs.
Port state
A port can function as different roles in different MSTIs.
The state of a port depends on whether the port learns MAC addresses and forwards user
traffic. A port can be in the following three states:
Forwarding state: The port learns MAC addresses and forwards user traffic.
Learning state: The port learns MAC addresses but does not forward user traffic.
Discarding state: The port does not learn MAC addresses or forward user traffic.
3.1.1.4 MSTP Protection
BPDU protection
On a switch, ports that are directly connected to the user terminal such as a PC or file
server are configured as edge ports to implement fast port state transition. Usually, no
BPDU is sent to edge ports. If the switch is attacked by pseudo BPDUs, the switch
automatically sets these ports as non-edge ports after these ports receive BPDUs, and
recalculates the spanning tree. As a result, network flapping occurs.
MSTP provides the BPDU protection function to prevent such attacks. After the BPDU
protection function is enabled, the switch shuts down the edge ports that receive BPDUs.
At the same time, the shutdown command configuration is generated on the ports. The
edge ports shut down by the switch can be manually started only by the network
administrator.
Root protection
The valid root switch may receive a BPDU with a higher priority due to incorrect
configurations or malicious attacks on the network. This results in the position loss of the
root switch and the incorrect change of the network topology. In this case, the traffic
transmitted on a high-speed link is switched to a low-speed link, which causes network
congestion.
To address this problem, the switch provides the root protection function. The root
protection function protects the role of the root switch by retaining the role of the
Issue 01 (2013-10-30)

Ltd.
79
S Series Switch
1 Overview
designated port. After root protection is enabled on a port, the port remains as the
designated port in all instances.
When the port receives a BPDU with a higher priority, the port stops forwarding packets
and enters the Discarding state, but does not change into a non-designated port. If the
port does not receive any BPDU with a higher priority within a certain period, it restores
to the forwarding state.
Loop protection
The switch maintains states of the root port and blocked ports by continuously receiving
BPDUs from the upstream switch. If these ports cannot receive any BPDU from the
upstream switch because of link congestion or link failures, the switch selects a new root
port. Then the previous root port becomes a designated port and the blocked ports turn to
the Forwarding state. This may cause network loops.
The loop protection function prevents such network loops. After loop protection is
enabled, the root port is blocked if it does not receive any BPDU from the upstream
switch. The blocked ports are still blocked and cannot forward packets. Therefore,
network loops will not be generated.
TC protection
After receiving TC-BPDUs, the switch implements the operation of deleting MAC
address entries and ARP entries. If a malicious attacker sends pseudo TC-BPDUs to
attack the switch, the switch will receive a large number of TC-BPDUs within a short
period, and delete its MAC address entries and ARP entries frequently. As a result, the
switch is heavily burdened, threatening the network stability.
After TC protection is enabled, the number of times that TC-BPDUs are processed by the
switch within a certain period is configurable (the default period is 2s, and the default
number of times is different in different versions). If the number of TC-BPDUs that the
switch receives within the given time exceeds the specified threshold, the switch
processes TC-BPDUs only for the specified number of times. For the excess TC-BPDUs,
the switch processes them once in a unified way after the timer expires. In this way, the
switch is prevented from frequently deleting its MAC address entries and ARP entries,
and therefore relieved from the ensuing burdens.
3.1.1.5 MSTP Convergence Example

The MSTP calculation process is introduced based on Figure 1.1.
Figure 1.1 MSTP calculation process
Table 1.1 lists initial parameters of devices and ports in Figure 1.1.
Issue 01 (2013-10-30)

Ltd.
80
S Series Switch
1 Overview
Table 1.1 Initial parameters of devices and ports

Device
Bridge ID
Port
Cost
Switch A
0. BridgeA
AP1
20000
AP2
20000
BP1
20000
BP2
20000
CP1
30000
CP2
20000
Switch B
Switch C
32768. BridgeB
32768. BridgeC
Root switch election

All STP-enabled ports on the three switches send BPDUs carrying the local bridge ID as
the root bridge ID. AP1 and AP2 of SwitchA receive BPDUs from SwitchB and SwitchC
respectively. The STP priority of SwitchA is set to 0 globally. Therefore, SwitchA is
elected as the root switch.
Port role selection

On the root switch SwitchA, both AP1 and AP2 are designated ports.
The shortest path from non-root switches SwitchB and SwitchC to the root switch
SwitchA is calculated based on the root port concept (on a non-root switch, the root port
is the port closest to the root switch).
The calculation process of SwitchB is as follows:

The cost of the path AP1-> BP1 from the root switch SwitchA to SwitchB is 20000,
which is the cost of BP1.
The cost of the path AP2-> CP1->BP2 from the root switch SwitchA to SwitchB is
50000, which is the cost of CP1 plus the cost of BP2.
The shortest path from SwitchB to the root switch SwitchA is from AP1 to BP1.
The calculation process of SwitchC is as follows:

The cost of the path AP2->CP1 from the root switch SwitchA to SwitchC is 30000,
which is the cost of CP1.
The cost of the path AP1->BP1->CP2 from the root switch SwitchA to SwitchC is
40000, which is the cost of BP1 plus the cost of CP2.
The shortest path from SwitchC to the root switch SwitchA is from AP2 to CP1.
Therefore, BP1 is the root port of SwitchB and CP1 is the root port of SwitchC.
The link between BP2 and CP2 is a redundant link. BP2 or CP2 must be blocked. The
path cost from the root port to the root bridge is used in selection of the designated port
(used to forward data to the downstream network segment or switch). BP2 is more
suitable than CP2 and is selected as the designated port. CP2 is the alternate port.

STP does not change too much in different versions. The changes are mainly in the aspects of
maintainability and default value.
Issue 01 (2013-10-30)
STP is globally enabled on Sx7 series switches by default since V100R006.

Ltd.
81
S Series Switch
1 Overview
On S series switches since V100R006, you can run the display stp region-configuration
digest command to view the digest of an STP region and determine whether a device is
in the region.
[Switch]display stp region-configuration digest
Oper configuration
Format selector
:0
Region name
:286ed4e8d272
Revision level
:0
Digest
:0xAC36177F50283CD4B83821D8AB26DE62
The attribute of an edge port changes.

In versions earlier than V200R001, if you run the display stp interface command to
view the STP status information of a port that is not configured with the stp edged-port
enable command, the edge port attribute is displayed as follows:
Port Edged
or
Port Edged
:Config=default / Active=disabled
:Config=disabled / Active=disabled (on a chassis switch in
V100R002)
In V200R001, the information is displayed as follows:
Port Edged
:Config=default / Active=enabled
In V200R001, the automatic detection function of the edge port attribute is supported. If
the port has never received any BPDU, the edge port attribute takes effect automatically.
(The stp edged-port enable command configuration is not automatically generated on
the port. Therefore, the value of the Config field is still default.)
In V200R001, if the stp edged-port enable command is configured on a port, root

protection and loop protection can be configured on the port. In other versions, an error
message is displayed.
3.1.3 Implementation on Devices of Other Vendors

3.1.3.1 H3C
STP-related command configuration of H3C switches is similar to that of S series switches.
By default, H3C switches use the legacy standard to calculate the path cost while S series
switches use the dot1t standard. When H3C switches are connected to S series switches,
configure the same calculation standard for the switches.
On some H3C switches in old models, when STP is not enabled globally or when STP is
enabled globally but not on ports, the ports receive BPDUs and forward them as common
multicast data packets in VLANs. Ports on S series switches discard the BPDUs by default.
3.1.3.2 Cisco
Cisco switches support the following spanning tree protocols: Per VLAN Spanning Tree
(PVST), Per VLAN Spanning Tree Plus (PVST+), Rapid PVST+, and Multiple Spanning Tree
(MST). Some BPDUs of these spanning tree protocols use Cisco proprietary BPDU formats,
which are different from the BPDU format defined by IEEE.
When a Cisco switch runs PVST+ or Rapid PVST+, the link type of the port on the
Cisco switch determines whether the switch can communicate with an S series switch.
Issue 01 (2013-10-30)
If the port link type is trunk and the port is deleted from VLAN 1, the Cisco switch
cannot communicate with the S series switch. If the port on the Cisco switch sends
proprietary BPDUs in VLANs except VLAN 1, the S series switch does not process
the BPDUs by default and forwards the BPDUs as common multicast data packets.
Ltd.
82
S Series Switch
1 Overview
The S series switch can also have the l2protocol-tunnel transparent transmission
configured to transparently transmit the BPDUs.
If the port link type is trunk and the port is added to VLAN 1, the Cisco switch can
communicate with the S series switch only in VLAN 1.
If the port link type is access, the Cisco switch can communicate with the S series
switch.
When the Cisco switch runs MST, the switch is considered to work in standard MSTP
mode and can communicate with the S series switch.
When an MSTP-enabled S series switch and an MST-enabled Cisco switch have the
same region configuration (the same region name, revision level, and mapping between
VLANs and instances), the two switches use different keys to generate MSTP digests in
BPDUs. Therefore, digests in BPDUs sent by ports on the two switches are different.
The two switches belong to different MST regions because they generate different
digests. They can implement only inter-region interoperation. To implement intra-region
interoperation, run the stp config-digest-snoop command on the S series switch to
enable the digest snooping function.
Set the spanning tree mode.

Switch(config)#spanning-tree mode mst
Configure an MST region.

Switch
Switch
Switch
Switch
(config)#spanning-tree mst configuration

(config-mst)#name MSTP
(config-mst)#instance 1 vlan 6
(config-mst)#instance 2 vlan 8
Set the priority of an MSTI.

Switch (config)#spanning-tree mst 1 priority 8192
View relevant information.

Switch
Switch
Switch
Switch
#show spanning-tree configuration

#show spanning-tree mst configuration digest
# show spanning-tree mst 1
# show spanning-tree mst interface fastethernet 0/2
Example:
Switch # show spanning-tree mst 1
###### MST01
vlans mapped:
Bridge
address 0015.fa90.7c80
Root
address 5489-98f5-a0a0
port
Fa0/2
19
Interface
-------------Fa0/2
Fa0/3
6
priority
priority
cost
8193 (8192 sysid 1)

4097 (4096 sysid 1)
200000
rem hops
Role Sts Cost

Prio.Nbr Type
--- ---- -------- ---- --- --------------------------Root FWD 200000
128.2
P2p
Altn BLK 200000
128.3
P2p
When an S series box switch transparently transmits PVST+ packets through l2protocol-tunnel, run the
bpdu mac-address 0100-0ccc-cccd command on the switch.
Issue 01 (2013-10-30)

Ltd.
83
S Series Switch
1 Overview

3.2.1 Scenario 1: Configuring Basic RSTP Functions
As shown in Figure 1.1, loops exist on the network. RSTP is enabled on SwitchA, SwitchB,
SwitchC, and SwitchD. The switches exchange BPDUs to discover loops on the network and
selectively block a redundant port to prune the network into a loop-free tree network. RSTP
prevents infinite looping of packets to ensure packet processing capabilities of devices.
Figure 1.1 Configuring RSTP functions

1.
Configure STP on the switches to work in RSTP mode.
2.
Configure the root bridge and backup root bridge.
3.
Configure the path cost on a port so that the port can be blocked.
4.
Enable RSTP to prevent loops.

The ports connected to PCs do not participate in RSTP calculation. Disable RSTP on these ports.
Issue 01 (2013-10-30)

Ltd.
84
S Series Switch
1 Overview

Step 1 Configure basic RSTP functions.
1.
Configure STP on the switches to work in RSTP mode.

# Configure STP on SwitchA to work in RSTP mode.
<Quidway> system-view
[Quidway] sysname SwitchA
[Switch] stp mode rstp
# Configure STP on SwitchB to work in RSTP mode.

[Quidway] sysname SwitchB
[SwitchB] stp mode rstp
# Configure STP on SwitchC to work in RSTP mode.

[Quidway] sysname SwitchC
[SwitchC] stp mode rstp
# Configure STP on SwitchD to work in RSTP mode.

[Quidway] sysname SwitchD
[SwitchD] stp mode rstp
2.
Configure the root bridge and backup root bridge.

# Configure SwitchA as the root bridge.
[SwitchA] stp root primary
# Configure SwitchD as the backup root bridge.

[SwitchD] stp root secondary
3.
Configure the path cost on a port so that the port can be blocked.
The path cost range is decided by the algorithm. The Huawei proprietary algorithm is used as an
example. Set the path costs of the ports to 20000.
The switches on the same network must use the same algorithm to calculate path costs.
# On SwitchC, set the path cost of GE1/0/1 to 20000.

[SwitchC] interface gigabitethernet 1/0/1
[SwitchC-GigabitEthernet1/0/1] stp cost 20000
[SwitchC-GigabitEthernet1/0/1] quit
4.
Enable RSTP to prevent loops.
Disable RSTP on ports connected to PCs.

# On SwitchB, disable RSTP on GE1/0/2.
[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] stp disable
[SwitchB-GigabitEthernet1/0/2] quit
# On SwitchC, disable RSTP on GE1/0/2.

[SwitchC-GigabitEthernet1/0/2] stp disable
Enable RSTP globally.

# Enable RSTP globally on SwitchA.
Issue 01 (2013-10-30)

Ltd.
85
S Series Switch
1 Overview
[SwitchA] stp enable
# Enable RSTP globally on SwitchB.

[SwitchB] stp enable
# Enable RSTP globally on SwitchC.

[SwitchC] stp enable
# Enable RSTP globally on SwitchD.

[SwitchD] stp enable

operations to verify the configurations.
# On SwitchA, run the display stp brief command to check the port role and state. The
displayed information is as follows:
[SwitchA] display stp brief
MSTID Port
0
0
Role
DESI
DESI
STP State
FORWARDING
FORWARDING
Protection
NONE
NONE
After SwitchA is configured as the root bridge, GE1/0/2 and GE1/0/1 connected to SwitchB
and SwitchD respectively are elected as designated ports in STP calculation.
# On SwitchB, run the display stp interface gigabitethernet 1/0/1 brief command to check
the state of GE1/0/1. The displayed information is as follows:
[SwitchB] display stp interface gigabitethernet 1/0/1 brief
MSTID Port
Role STP State
Protection
0
DESI FORWARDING
NONE
GE1/0/1 is elected as the designated port and is in FORWARDING state.

# On SwitchC, run the display stp brief command to check the port status. The displayed
information is as follows:
[SwitchC] display stp brief
MSTID Port
0
0
Role
ALTE
ROOT
STP State
DISCARDING
FORWARDING
Protection
NONE
NONE
GE1/0/1 is elected as the alternate port and is in DISCARDING state.

GE1/0/3 is elected as the root port and is in FORWARDING state.
----End
Configuration Files
Configuration file of SwitchA

#
sysname SwitchA
#
stp mode rstp
stp pathcost-standard legacy
stp enable
Issue 01 (2013-10-30)

Ltd.
86
S Series Switch
1 Overview
#
return
Configuration file of SwitchB

#
sysname SwitchB
#
stp mode rstp
stp enable
#
stp disable
#
return
Configuration file of SwitchC

#
sysname SwitchC
#
stp mode rstp
stp enable
#
stp instance 0 cost 20000
#
stp disable
#
return
Configuration file of SwitchD

#
sysname SwitchD
#
stp
stp
stp
stp
mode rstp
instance 0 root secondary
pathcost-standard legacy
enable
#
return
3.2.2 Scenario 2: Configuring Basic MSTP Functions

As shown in Figure 1.1, MSTP is enabled on SwitchA, SwitchB, SwitchC, and SwitchD.
MSTP introduces multi-instance to load balance traffic from VLAN 2 to VLAN 10 and
VLAN 11 to VLAN 20. MSTP uses the VLAN mapping table to define the mapping between
VLANs and MSTIs.
Issue 01 (2013-10-30)

Ltd.
87
S Series Switch
1 Overview
Figure 1.1 Configuring basic MSTP functions

1.
Configure basic MSTP functions on the switches.
2.
Configure Layer 2 forwarding on the switches.
Issue 01 (2013-10-30)

Ltd.
88
S Series Switch
1 Overview

Step 1 Configure basic MSTP functions.
1.
Add SwitchA, SwitchB, SwitchC, and SwitchD to the region RG1, and create instances
MSTI1 and MSTI2.
# Configure an MST region on SwitchA.
[SwitchA] stp region-configuration
[SwitchA-mst-region] region-name RG1
[SwitchA-mst-region] instance 1 vlan 2 to 10
[SwitchA-mst-region] active region-configuration
[SwitchA-mst-region] quit
# Configure an MST region on SwitchB.

[SwitchB] stp region-configuration
[SwitchB-mst-region] region-name RG1
[SwitchB-mst-region] instance 1 vlan 2 to 10
[SwitchB-mst-region] active region-configuration
[SwitchB-mst-region] quit
# Configure an MST region on SwitchC.

[Quidway] sysname SwitchC
[SwitchC] stp region-configuration
[SwitchC-mst-region] region-name RG1
[SwitchC-mst-region] instance 1 vlan 2 to 10
[SwitchC-mst-region] active region-configuration
[SwitchC-mst-region] quit
# Configure an MST region on SwitchD.

[Quidway] sysname SwitchD
[SwitchD] stp region-configuration
[SwitchD-mst-region] region-name RG1
[SwitchD-mst-region] instance 1 vlan 2 to 10
[SwitchD-mst-region] active region-configuration
[SwitchD-mst-region] quit
2.
Configure root bridges and backup root bridges for MSTI1 and MSTI2 in RG1.
Configure the root bridge and backup root bridge for MSTI1.
# Configure SwitchA as the root bridge of MSTI1.
[SwitchA] stp instance 1 root primary
# Configure SwitchB as the backup root bridge of MSTI1.

[SwitchB] stp instance 1 root secondary
Configure the root bridge and backup root bridge for MSTI2.
# Configure SwitchB as the root bridge of MSTI2.
Issue 01 (2013-10-30)

Ltd.
89
S Series Switch
1 Overview
[SwitchB] stp instance 2 root primary
# Configure SwitchA as the backup root bridge of MSTI2.

[SwitchA] stp instance 2 root secondary
3.
Set path costs to values larger than the default value for ports to be blocked in MSTI1
and MSTI2.
The path cost range is decided by the algorithm. The Huawei proprietary algorithm is used as an
example. Set the path costs of the ports to 20000.
The switches on the same network must use the same algorithm to calculate path costs.
# Set the path cost algorithm on SwitchA to Huawei proprietary algorithm.

[SwitchA] stp pathcost-standard legacy
# Set the path cost algorithm on SwitchB to Huawei proprietary algorithm.

[SwitchB] stp pathcost-standard legacy
# Set the path cost algorithm on SwitchC to Huawei proprietary algorithm. Set the path
cost of GE1/0/2 in MSTI2 to 20000.
[SwitchC] stp pathcost-standard legacy
[SwitchC-GigabitEthernet1/0/2] stp instance 2 cost 20000
# Set the path cost algorithm on SwitchD to Huawei proprietary algorithm. Set the path
cost of GE1/0/2 in MSTI1 to 20000.
[SwitchD] stp pathcost-standard legacy
[SwitchD] interface gigabitethernet 1/0/2
[SwitchD-GigabitEthernet1/0/2] stp instance 1 cost 20000
[SwitchD-GigabitEthernet1/0/2] quit
4.
Enable MSTP to prevent loops.
Enable MSTP globally.

# Enable MSTP on SwitchA.
# Enable MSTP on SwitchB.

[SwitchB] stp enable
# Enable MSTP on SwitchC.

[SwitchC] stp enable
# Enable MSTP on SwitchD.

[SwitchD] stp enable
Disable MSTP on ports connected to terminals.

# On SwitchC, disable STP on GE1/0/1.
# On SwitchD, disable STP on GE1/0/1.

[SwitchD-GigabitEthernet1/0/1] stp disable
Step 2 Configure Layer 2 forwarding on switches on the ring network.

Issue 01 (2013-10-30)

Ltd.
90
S Series Switch
1 Overview
Create VLAN 2 to VLAN 20 on SwitchA, SwitchB, SwitchC, and SwitchD.

# Create VLAN 2 to VLAN 20 on SwitchA.
[SwitchA] vlan batch 2 to 20
# Create VLAN 2 to VLAN 20 on SwitchB.

[SwitchB] vlan batch 2 to 20
# Create VLAN 2 to VLAN 20 on SwitchC.

[SwitchC] vlan batch 2 to 20
# Create VLAN 2 to VLAN 20 on SwitchD.

[SwitchD] vlan batch 2 to 20
Add ports connected to the ring network to VLANs.

# Add GE1/0/1 of SwitchA to VLANs.
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] port link-type trunk
[SwitchA-GigabitEthernet1/0/1] port trunk allow-pass vlan 2 to 20
[SwitchA-GigabitEthernet1/0/1] quit
# Add GE1/0/2 of SwitchA to VLANs.

# Add GE1/0/1 of SwitchB to VLANs.

[SwitchB-GigabitEthernet1/0/1] port link-type trunk
[SwitchB-GigabitEthernet1/0/1] port trunk allow-pass vlan 2 to 20
# Add GE1/0/2 of SwitchB to VLANs.

# Add GE1/0/1 of SwitchC to VLANs.

[SwitchC-GigabitEthernet1/0/1] port link-type access
[SwitchC-GigabitEthernet1/0/1] port default vlan 2

[SwitchC-GigabitEthernet1/0/2] port link-type trunk
[SwitchC-GigabitEthernet1/0/2] port trunk allow-pass vlan 2 to 20

# Add GE1/0/1 of SwitchD to VLANs.

Issue 01 (2013-10-30)

Ltd.
91
S Series Switch
1 Overview
[SwitchD-GigabitEthernet1/0/1] port link-type access

[SwitchD-GigabitEthernet1/0/1] port default vlan 11

[SwitchD-GigabitEthernet1/0/2] port link-type trunk
[SwitchD-GigabitEthernet1/0/2] port trunk allow-pass vlan 2 to 20


# Run the display stp brief command on SwitchA to view the state and protection type on
ports. The displayed information is as follows:
[SwitchA] display stp brief
MSTID Port
0
0
1
1
2
2
Role
DESI
DESI
DESI
DESI
DESI
ROOT
STP State
FORWARDING
FORWARDING
FORWARDING
FORWARDING
FORWARDING
FORWARDING
Protection
NONE
NONE
ROOT
NONE
NONE
NONE
In MSTI1, GE1/0/2 and GE1/0/1 of SwitchA are set as designated ports because SwitchA is
the root bridge of MSTI1. In MSTI2, GE1/0/1 of SwitchA is set as the designated port and
GE1/0/2 is set as the root port.
# Run the display stp brief command on SwitchB. The displayed information is as follows:
[SwitchB] display stp brief
MSTID Port
0
0
1
1
2
2
Role
DESI
ROOT
DESI
ROOT
DESI
DESI
STP State
FORWARDING
FORWARDING
FORWARDING
FORWARDING
FORWARDING
FORWARDING
Protection
NONE
NONE
NONE
NONE
NONE
NONE
In MSTI2, GE1/0/1 and GE1/0/2 of SwitchB are set as designated ports because SwitchB is
the root bridge of MSTI2. In MSTI1, GE1/0/1 of SwitchB is set as the designated port and
GE1/0/2 is set as the root port.
# Run the display stp interface brief command on SwitchC. The displayed information is as
follows:
[SwitchC] display stp interface gigabitethernet 1/0/3 brief
MSTID Port
Role STP State
Protection
0
ROOT FORWARDING
NONE
1
ROOT FORWARDING
NONE
Issue 01 (2013-10-30)

Ltd.
92
S Series Switch
1 Overview
2
ROOT FORWARDING
NONE
[SwitchC] display stp interface gigabitethernet 1/0/2 brief
MSTID Port
Role STP State
Protection
0
DESI FORWARDING
NONE
1
DESI FORWARDING
NONE
2
ALTE DISCARDING
NONE
GE1/0/3 of SwitchC is the root port in MSTI1 and MSTI2. GE1/0/2 of SwitchC is blocked in
MSTI2 and is set as the designated port in MSTI1.
# Run the display stp interface brief command on SwitchD. The displayed information is as
follows:
[SwitchD] display stp interface gigabitethernet 1/0/3 brief
MSTID Port
Role STP State
Protection
0
ALTE DISCARDING
NONE
1
ROOT FORWARDING
NONE
2
ROOT FORWARDING
NONE
[SwitchD] display stp interface gigabitethernet 1/0/2 brief
MSTID Port
Role STP State
Protection
0
ROOT FORWARDING
NONE
1
ALTE DISCARDING
NONE
2
DESI FORWARDING
NONE
GE1/0/3 of SwitchD is the root port in MSTI1 and MSTI2. GE1/0/2 of SwitchD is blocked in
MSTI1 and is set as the designated port in MSTI2.
----End
Configuration Files

#
sysname SwitchA
#
vlan batch 2 to 20
#
stp enable
#
region-name RG1
instance 1 vlan 2 to 10
#
port trunk allow-pass vlan 2 to 20
stp root-protection
#
Issue 01 (2013-10-30)

Ltd.
93
S Series Switch
1 Overview
#
return

#
sysname SwitchB
#
vlan batch 2 to 20
#
stp enable
#
region-name RG1
#
stp root-protection
#
#
return

#
sysname SwitchC
#
vlan batch 2 to 20
#
stp enable
#
region-name RG1
#
port link-type access
port default vlan 2
stp disable
#
#
Issue 01 (2013-10-30)

Ltd.
94
S Series Switch
1 Overview
#
return

#
sysname SwitchD
#
vlan batch 2 to 20
#
stp enable
#
region-name RG1
#
port link-type access
stp disable
#
#
#
return
3.2.3 Scenario 3: Configuring Huawei Switches to

Communicate With a Cisco Switch
As shown in Figure 1.1, SwitchA, SwitchB, and CiscoSW form a closed topology. SwitchA
and SwitchB are S series switches. Configure CiscoSW to work in different spanning tree
modes so that S series switches can transparently transmit Cisco proprietary BPDUs or use
STP to prevent Layer 2 loops.
Issue 01 (2013-10-30)

Ltd.
95
S Series Switch
1 Overview
Figure 1.1 Interoperation with a Cisco switch

1.
Configure the Cisco switch to work in PVST mode and configure S series switches to
transparently transmit Cisco proprietary BPDUs.
2.
Configure the Cisco switch to work in Rapid PVST mode and communicate with S series
switches.
3.
Configure the Cisco switch to work in MST mode and communicate with S series
switches.

Step 1 Configure the Cisco switch to work in PVST mode and configure S series switches to
transparently transmit Cisco proprietary BPDUs.
1.
Configure the Cisco switch to work in PVST mode

# Set the spanning tree mode of CiscoSW.
Switch#configure terminal
Switch(config)#hostname Ciscosw
Ciscosw(config)# spanning-tree mode
Ciscosw(config)#exit
2.
pvst
Add ports of CiscoSW to a VLAN.

# Create a VLAN and add ports of CiscoSW to the VLAN.
Ciscosw
Ciscosw
Ciscosw
Ciscosw
Ciscosw
Ciscosw
Ciscosw
Ciscosw
Ciscosw
Ciscosw
Ciscosw
3.
Issue 01 (2013-10-30)
(config)#vlan 100
(config-vlan)#exit
(config)#interface FastEthernet 1/0/1
(config-if)#switchport mode trunk
(config-if)#switchport trunk encapsulation dot1q
(config-if)#switchport trunk allowed vlan 100
(config-if)#interface FastEthernet 1/0/3
(config-if)#switchport trunk encapsulation dot1q
(config-if)#switchport trunk allowed vlan 100
(config-if)#exit
Configure S series switches to transparently transmit proprietary BPDUs sent by

CiscoSW using hardware transparent transmission.
Ltd.
96
S Series Switch
1 Overview
# Configure ports on SwitchA.

[SwitchA] vlan 100
[SwitchA] interface Ethernet2/0/2
[SwitchA-Ethernet2/0/2] stp disable
[SwitchA-Ethernet2/0/2] port link-type trunk
[SwitchA-Ethernet2/0/2] port trunk allow-pass vlan 100
[SwitchA-Ethernet2/0/2]quit
# Configure ports on SwitchB.

<Quidway>
[Quidway]
[SwitchB]
[SwitchB]
system-view
sysname SwitchB
vlan 100
interface Ethernet0/0/1
[SwitchBEthernet0/0/1] stp disable

[SwitchBEthernet0/0/1] port link-type trunk
[SwitchBEthernet0/0/1] port trunk allow-pass vlan 100
[SwitchBEthernet0/0/1]quit
[SwitchB] interface Ethernet0/0/2
[SwitchB Ethernet0/0/2] stp disable
[SwitchB Ethernet0/0/2] port link-type trunk
[SwitchB Ethernet0/0/2] port trunk allow-pass vlan 100
[SwitchB Ethernet0/0/2]quit
4.
Verify the configuration.

After the configurations are complete and the network becomes stable, perform the
following operations to verify the configurations.
# Run the show spanning-tree command on CiscoSW to check the port status. The
Ciscosw#show spanning-tree
VLAN0100
Spanning tree enabled protocol ieee
Root ID
Priority
32868
Address
a8b1.d44b.f280
This bridge is the root
Hello Time
2 sec Max Age 20 sec
Bridge ID
Priority
Address
Hello Time
Aging Time
32868 (priority 32768 sys-id-ext 100)

a8b1.d44b.f280
2 sec Max Age 20 sec Forward Delay 15 sec
300 sec
Interface
Role Sts Cost
------------------- ---- --- ---------------------------------------Fa1/0/1
Desg FWD 19
Fa1/0/3
Back BLK 19
Issue 01 (2013-10-30)
Forward Delay 15 sec
Prio.Nbr Type
-------128.3
128.5

Ltd.
P2p
P2p
97
S Series Switch
1 Overview
Ciscosw#show spanning-tree interface FastEthernet 1/0/1 detail

Port 3 (FastEthernet1/0/1) of VLAN0100 is designated forwarding
Port path cost 19, Port priority 128, Port Identifier 128.3.
Designated root has priority 32868, address a8b1.d44b.f280
Designated bridge has priority 32868, address a8b1.d44b.f280
Designated port id is 128.3, designated path cost 0
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default
BPDU: sent 20, received 0
Ciscosw#show spanning-tree interface FastEthernet 1/0/3 detail
Port 5 (FastEthernet1/0/3) of VLAN0100 is backup blocking
Port path cost 19, Port priority 128, Port Identifier 128.5.
Designated root has priority 32868, address a8b1.d44b.f280
Designated bridge has priority 32868, address a8b1.d44b.f280
Designated port id is 128.3, designated path cost 0
Timers: message age 2, forward delay 0, hold 0
Number of transitions to forwarding state: 0
Link type is point-to-point by default
BPDU: sent 0, received 23
Ciscosw#
5.
Configure S series switches to transparently transmit proprietary BPDUs sent by

CiscoSW using l2protocol-tunnel transparent transmission.
# Configure l2protocol-tunnel transparent transmission on SwitchA.
[SwitchA] vlan 100
[SwitchA]bpdu mac-address 0100-0ccc-cccd
[SwitchA] l2protocol-tunnel pvst+ group-mac 0100-1111-1111
[SwitchA-Ethernet2/0/3] l2protocol-tunnel pvst+ enable
# Configure l2protocol-tunnel transparent transmission on SwitchB.

[SwitchB] vlan 100
[SwitchB] bpdu mac-address 0100-0ccc-cccd
[SwitchB] l2protocol-tunnel pvst+ group-mac 0100-1111-1111
[SwitchBEthernet0/0/1] l2protocol-tunnel pvst+ enable
Issue 01 (2013-10-30)

Ltd.
98
S Series Switch
1 Overview

6.

VLAN0100
Spanning tree enabled protocol ieee
Root ID
Priority
32868
Address
a8b1.d44b.f280
Hello Time
Bridge ID
Priority
Address
Hello Time
Aging Time

a8b1.d44b.f280
300 sec
Interface
Role Sts Cost
------------------- ---- --- ---------------------------------------Fa1/0/1
Desg FWD 19
Fa1/0/3
Back BLK 19
Prio.Nbr Type
-------128.3
128.5
P2p
P2p
# Run the display l2protocol-tunnel statistics command on SwitchA to check the

packet statistics of l2protocol-tunnel transparent transmission on a port. The displayed
< SwitchA>display l2protocol-tunnel statistics Ethernet 2/0/3 pvst+
----------------------------------------------------------------------------Port
Protocol
Drop
Input
Output
Drop
Threshold Packets
Packets
Packets
----------------------------------------------------------------------------Eth2/0/3
pvst+
0
0
193
0
# Run the display l2protocol-tunnel statistics command on SwitchB to check the

packet statistics of l2protocol-tunnel transparent transmission on a port. The displayed
<SwitchB>display l2protocol-tunnel statistics Ethernet 0/0/1 pvst+
----------------------------------------------------------------------------Port
Protocol
Drop
Input
Output
Drop
Threshold Packets
Packets
Packets
----------------------------------------------------------------------------Eth0/0/1
pvst+
0
193
0
0
Configuration Files
Configuration file of CiscoSW

!
hostname Ciscosw
!
spanning-tree mode pvst
Issue 01 (2013-10-30)

Ltd.
99
S Series Switch
1 Overview
spanning-tree extend system-id

!
vlan 100
!
interface FastEthernet1/0/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 100
switchport mode trunk
!
switchport trunk allowed vlan 100
end
Configuration file of hardware transparent transmission on SwitchA

#
sysname SwitchA
#
vlan 100
#
stp disable
#
stp disable
#return
Configuration file of hardware transparent transmission on SwitchB

#
sysname SwitchB
#
vlan 100
#
stp disable
#
stp disable
#
return
Configuration file of l2protocol-tunnel transparent transmission on SwitchA

#
sysname SwitchA
#
vlan 100
#
Issue 01 (2013-10-30)

Ltd.
100
S Series Switch
1 Overview
l2protocol-tunnel pvst+ group-mac 0100-1111-1111

#
bpdu mac-address 0100-0ccc-cccd
#
stp disable
#
stp disable
l2protocol-tunnel pvst+ enable
#
return
Configuration file of l2protocol-tunnel transparent transmission on SwitchB

#
sysname SwitchB
#
vlan 100
#
#
#
stp disable
#
stp disable
#
return
Step 2 Configure the Cisco switch to work in Rapid PVST mode

1.
Configure the Cisco switch to work in Rapid PVST mode

Ciscosw(config)#spanning-tree mode
2.
rapid-pvst
# Configure the MST region on CiscoSW.

Ciscosw(config)#spanning-tree mst configuration
Ciscosw(config-mst)#name REG01
Ciscosw(config-mst)#instance 1 vlan 1
Ciscosw(config-mst)#show pending
Pending MST configuration
Issue 01 (2013-10-30)

Ltd.
101
S Series Switch
Name
Revision
1 Overview
[REG01]
0
Instances configured 3
Instance Vlans mapped

---------------------------------------------------------------------------0
2-99,101-4094
1
1
2
100
-----------------------------------------------------------------------------Ciscosw(config-mst)#exit
3.

Ciscosw
Ciscosw
Ciscosw
Ciscosw
Ciscosw
(config)#vlan 100
(config-vlan)#exit
(config-if)#switchport trunk encapsulation
dot1q
Ciscosw(config-if)#switchport trunk allowed vlan 1,100

Ciscosw (config-if)#interface FastEthernet 1/0/3
Ciscosw (config-if)#switchport mode trunk
Ciscosw (config-if)#switchport trunk encapsulation dot1q
Ciscosw (config-if)#exit
4.
Enable STP on ports of S series switches for the switches to communicate with CiscoSW
in instance 1.
# Configure STP region and ports on SwitchA.
[SwitchA]stp region-configuration
[SwitchA-mst-region]instance 1 vla 1
[SwitchA-mst-region]instance 2 vlan 100
[SwitchA-mst-region]region-name REG01
[SwitchA-mst-region]check region-configuration
Admin configuration
Format selector
:0
Region name
:REG01
Revision level
:0
Instance
VLANs Mapped
0
2 to 99, 101 to 4094
1
1
2
100
[SwitchA -mst-region]active region-configuration
[SwitchAmst-region]quit
[SwitchA] bpdu mac-address 0100-0ccc-cccd
[SwitchA] l2protocol-tunnel pvst+ group-mac 0100-1111-1111
[SwitchA] vlan 100
Issue 01 (2013-10-30)

Ltd.
102
S Series Switch
1 Overview
[SwitchA-Ethernet2/0/3] l2protocol-tunnel pvst+ enable
[SwitchA-Ethernet2/0/3] stp config-digest-snoop
# Configure STP region and ports on SwitchB.

[SwitchB stp enable
[SwitchBstp region-configuration
[SwitchB-mst-region]instance 1 vla 1
[SwitchB-mst-region]instance 2 vlan 100
[SwitchB-st-region]region-name REG01
[SwitchB-st-region]check region-configuration
Admin configuration
Format selector
:0
Region name
:REG01
Revision level
:0
Instance
VLANs Mapped
0
2 to 99, 101 to 4094
1
1
2
100
[SwitchB-mst-region]active region-configuration
[SwitchB-mst-region]quit
[SwitchB] bpdu mac-address 0100-0ccc-cccd
[SwitchB] l2protocol-tunnel pvst+ group-mac 0100-1111-1111
[SwitchB] vlan 100
[SwitchB Ethernet0/0/1] l2protocol-tunnel pvst+ enable
[SwitchB Ethernet0/0/1] stp config-digest-snoop
5.

# Run the display stp brief command on SwitchA to check the port status. The displayed
[SwitchA]display stp brief
MSTID Port
0
Ethernet2/0/3
0
Ethernet2/0/2
1
Ethernet2/0/3
1
Ethernet2/0/2
2
Ethernet2/0/3
Issue 01 (2013-10-30)
Role
DESI
DESI
DESI
DESI
DESI
STP State
FORWARDING
FORWARDING
FORWARDING
FORWARDING
FORWARDING

Ltd.
Protection
NONE
NONE
NONE
NONE
NONE
103
S Series Switch
2
1 Overview
Ethernet2/0/2
DESI
FORWARDING
NONE
The command output shows that SwitchA is the root bridge in MSTI 0, MSTI 1, and
MSTI 2.
# Run the display stp brief command on SwitchB to check the port status. The displayed
[SwitchB]display stp brief
MSTID Port
0
Ethernet0/0/1
0
Ethernet0/0/2
1
Ethernet0/0/1
1
Ethernet0/0/2
2
Ethernet0/0/1
2
Ethernet0/0/2
Role STP State

DESI FORWARDING
ROOT FORWARDING
DESI FORWARDING
ROOT FORWARDING
DESI FORWARDING
ROOT FORWARDING
Protection
NONE
NONE
NONE
NONE
NONE
NONE
The command output shows that SwitchB uses MSTP to communicate with SwitchA in
MSTI 0, MSTI 1, and MSTI 2.
VLAN0001
Spanning tree enabled protocol rstp
Root ID
Priority
32768
Address
286e.d4e8.d272
Cost
19
Port
3 (FastEthernet1/0/1)
Hello Time
Bridge ID
Priority
Address
Hello Time
Aging Time

a8b1.d44b.f280
300 sec
Interface
Role Sts Cost
------------------- ---- --- ---------------------------------------Fa1/0/1
Root FWD 19
Fa1/0/3
Altn BLK 19
Prio.Nbr Type
-------128.3
128.5
VLAN0100
Spanning tree enabled protocol rstp
Root ID
Priority
32868
Address
a8b1.d44b.f280
Hello Time
Bridge ID
Priority
Address
Hello Time
Aging Time
P2p
P2p

a8b1.d44b.f280
300 sec
Interface
Role Sts Cost
Prio.Nbr Type
------------------- ---- --- --------- ---------------------------------------
Issue 01 (2013-10-30)

Ltd.
104
S Series Switch
1 Overview
Fa1/0/1
Fa1/0/3
Ciscosw#
Desg FWD 19
Back BLK 19
128.3
128.5
P2p
P2p
When CiscoSW works in Rapid PVST mode, ports send standard RSTP packets in
VLAN 1. CiscoSW communicates with S series switches in VLAN 1. CiscoSW sends
proprietary BPDUs in VLAN 100. After l2protocol-tunnel transparent transmission is
configured on S series switches, Cisco Rapid PVST converges after the BPDUs are
transparently transmitted.
Configuration Files

!
hostname Ciscosw
!
spanning-tree mode rapid-pvst
!
spanning-tree mst configuration
name REG01
instance 1 vlan 1
instance 2 vlan 100
!
vlan 100
!
switchport trunk allowed vlan 1,100
!
!
end

#
sysname SwitchA
#
vlan 100
#
stp enable
#
#
#
region-name REG01
instance 1 vlan 1
instance 2 vlan 100
#
Issue 01 (2013-10-30)

Ltd.
105
S Series Switch
1 Overview

#
stp config-digest-snoop
#
return

#
sysname SwitchB
#
vlan 100
#
stp enable
#
#
#
#
#
return
Step 3 Configure the Cisco switch to work in MST mode

1.
Configure the Cisco switch to work in MST mode

Ciscosw(config)#spanning-tree mode
mst
# Set CiscoSW as the root bridge of MSTI 1.

Ciscosw(config)#spanning-tree
2.
mst 1 root primary
Configure the MST region on CiscoSW.

Ciscosw(config)#spanning-tree mst configuration
Ciscosw(config-mst)#name REG01
Ciscosw(config-mst)#show pending
Pending MST configuration
Name
[REG01]
Issue 01 (2013-10-30)

Ltd.
106
S Series Switch
Revision
1 Overview
Instances configured 3
Instance Vlans mapped

---------------------------------------------------------------------------0
1-99,101-199,201-4094
1
100
2
200
-----------------------------------------------------------------------------Ciscosw(config-mst)#exit
3.

Ciscosw
Ciscosw
Ciscosw
Ciscosw
Ciscosw
Ciscosw
Ciscosw
(config)#vlan 100
(config-vlan)#exit
(config)#vlan 200
(config-vlan)#exit
(config-if)#switchport trunk encapsulation
dot1q

Ciscosw (config-if)#interface FastEthernet 1/0/3
Ciscosw (config-if)#switchport mode trunk
Ciscosw (config-if)#switchport trunk encapsulation dot1q
Ciscosw (config-if)#exit
4.
Enable STP on ports of S series switches for the switches to communicate with CiscoSW
in instance 1 and instance 2.
# Configure STP region and ports on SwitchA.
[SwitchA]stp region-configuration
[SwitchA-mst-region]instance 1 vla 100
[SwitchA-mst-region]instance 2 vlan 200
[SwitchA-mst-region]region-name REG01
[SwitchA-mst-region]check region-configuration
Admin configuration
Format selector
:0
Region name
:REG01
Revision level
:0
Instance
VLANs Mapped
0
1 to 99, 101 to 199, 201 to 4094
1
100
2
200
[SwitchA -mst-region]active region-configuration
[SwitchAmst-region]quit
[SwitchA] vlan 100
[SwitchA-vlan100]quit
[SwitchA] vlan 200
[SwitchA-vlan200]quit
Issue 01 (2013-10-30)

Ltd.
107
S Series Switch
1 Overview
[SwitchA-Ethernet2/0/2] port trunk allow-pass vlan 100 200

[SwitchA-Ethernet2/0/3] port trunk allow-pass vlan 100 200
[SwitchA-Ethernet2/0/3] stp config-digest-snoop
# Configure STP region and ports on SwitchB.

[SwitchB stp enable
[SwitchBstp region-configuration
[SwitchB-mst-region]instance 1 vla 100
[SwitchB-mst-region]instance 2 vlan 200
[SwitchB-st-region]region-name REG01
[SwitchB-st-region]check region-configuration
Admin configuration
Format selector
:0
Region name
:REG01
Revision level
:0
Instance
VLANs Mapped
0
1 to 99, 101 to 199, 201 to 4094
1
100
2
200
[SwitchB-mst-region]active region-configuration
[SwitchB-mst-region]quit
[SwitchB] vlan 100
[SwitchB-vlan100]quit
[SwitchB] vlan 200
[SwitchB-vlan200]quit
[SwitchBEthernet0/0/1] port trunk allow-pass vlan 100 200
[SwitchBEthernet0/0/1] stp config-digest-snoop
[SwitchBEthernet0/0/2] port trunk allow-pass vlan 100 200

# Run the display stp brief command on SwitchA to check the port status. The displayed
[SwitchA]display stp brief
MSTID Port
0
Ethernet2/0/3
0
Ethernet2/0/2
1
Ethernet2/0/3
1
Ethernet2/0/2
2
Ethernet2/0/3
Issue 01 (2013-10-30)
Role STP State

DESI FORWARDING
DESI FORWARDING
ROOT FORWARDING
DESI FORWARDING
DESI FORWARDING

Ltd.
Protection
NONE
NONE
NONE
NONE
NONE
108
S Series Switch
2
1 Overview
Ethernet2/0/2
DESI
FORWARDING
NONE
The command output shows that SwitchA is the root bridge in MSTI 0 and MSTI 2.
# Run the display stp brief command on SwitchB to check the port status. The displayed
[SwitchB]display stp brief
MSTID Port
0
Ethernet0/0/1
0
Ethernet0/0/2
1
Ethernet0/0/1
1
Ethernet0/0/2
2
Ethernet0/0/1
2
Ethernet0/0/2
Role STP State

DESI FORWARDING
ROOT FORWARDING
ROOT FORWARDING
ALTE DISCARDING
DESI FORWARDING
ROOT FORWARDING
Protection
NONE
NONE
NONE
NONE
NONE
NONE
# Run the show spanning-tree command on CiscoSW to check the port status. The displayed
MST0
Spanning tree enabled protocol mstp
Root ID
Priority
32768
Address
286e.d4e8.d272
Cost
0
Port
Hello Time
Bridge ID
Priority
Address
Hello Time
Interface
------------------Fa1/0/1
Fa1/0/3
Fa1/0/23
Role
---Altn
Root
Desg

a8b1.d44b.f280
Sts
--BLK
FWD
LRN
Cost
--------200000
200000
200000
Prio.Nbr
-------128.3
128.5
128.25
MST1
Root ID
Priority
24577
Address
a8b1.d44b.f280
Hello Time
Bridge ID
Priority
Address
Hello Time
Interface
------------------Fa1/0/1
Fa1/0/3
Issue 01 (2013-10-30)
Role
---Desg
Desg
Type
-------------------------------P2p
P2p
P2p

a8b1.d44b.f280
Sts
--FWD
FWD
Cost
--------200000
200000
Prio.Nbr
-------128.3
128.5
Type
-------------------------------P2p
P2p

Ltd.
109
S Series Switch
1 Overview
MST2
Root ID
Priority
32770
Address
286e.d4e8.d272
Cost
200000
Port
Hello Time
Bridge ID
Priority
Address
Hello Time
Interface
------------------Fa1/0/1
Fa1/0/3
Role
---Altn
Root

a8b1.d44b.f280
Sts
--BLK
FWD
Cost
--------200000
200000
Prio.Nbr
-------128.3
128.5
Type
-------------------------------P2p
P2p
The command output shows that CiscoSW is the root bridge in MSTI 1. The three switches
use MSTP to communicate with each other in MSTI 0, MSTI 1, and MSTI 2.
Configuration Files

!
hostname Ciscosw
!
spanning-tree mode mst
!
spanning-tree mst configuration
name REG01
instance 1 vlan 100
instance 2 vlan 200
!
spanning-tree mst 1 priority 24576
!
vlan 100
!
vlan 200
!
!
!
end

#
Issue 01 (2013-10-30)

Ltd.
110
S Series Switch
1 Overview
sysname SwitchA
#
vlan batch 100 200
#
stp enable
#
region-name REG01
instance 1 vlan 100
instance 2 vlan 100
#
#
#
return

#
sysname SwitchB
#
vlan batch 100 200
#
stp enable
#
#
#
return
----End
3.2.4 Deployment Precautions

3.2.4.1 Is the bpdu enable Command Configured on the EthTrunk After STP Is Enabled on Box Switches?
Description: On box switches, ports send STP BPDUs to the CPU after BPDU is enabled
globally or on ports. If the bpdu enable command is not configured globally or on ports, the
ports cannot send BPDUs to the CPU after receiving the BPDUs. STP then cannot converge.
Root cause: On box switches, STP BPDUs are sent to the CPU after BPDU is enabled
globally or on ports.
Issue 01 (2013-10-30)

Ltd.
111
S Series Switch
1 Overview
Identification method: For S2300/S2700 switches in V100R005 and earlier versions, check
whether the bpdu enable command is configured globally. For other box switches in
V100R005 and earlier versions, check whether the bpdu enable command is configured on
physical ports and the Eth-Trunk. For box switches in V100R006 and later versions, the bpdu
enable command is configured globally or on ports by default on corresponding models.
Solution: After STP is globally enabled on box switches, run the bpdu enable command on
the Eth-Trunk participated in STP calculation.
Versions involved: versions earlier than V100R006
3.2.4.2 After STP Is Enabled on an Eth-Trunk, Change the

Cost of the Eth-Trunk to Be Smaller than the Cost of Physical
Ports
Description: After the physical status of member ports changes, the cost of the Eth-Trunk
changes. As a result, STP reconverges and services are affected.
Root cause: The cost of the Eth-Trunk is the cost of a member port divided by the number of
member ports. Therefore, the Eth-Trunk cost changes after the status of member ports
changes. A smaller cost indicates better link quality. You are advised to change the cost of the
Eth-Trunk to be smaller than the cost of physical ports.
Identification method: Check whether STP is enabled on the Eth-Trunk.
Solution: Change the cost of the Eth-Trunk to be smaller than the cost of physical ports.
Versions involved: all versions
3.3 Troubleshooting
As an IEEE standard protocol, STP has advantages such as good compatibility, low network
planning requirements, and easy configuration. Therefore, STP is widely used on Layer 2
networks.
STP-related problems on the network can be classified into the following categories:
Global configuration or configuration on ports is incorrect.
Network environment is unstable or network planning is improper.
Huawei devices cannot communicate with non-Huawei devices.
Issue 01 (2013-10-30)

Ltd.
112
S Series Switch
1 Overview
Figure 1.1 STP troubleshooting flowchart
3.3.2 Fault 1: Traffic Cannot Be Transmitted Stably

on the STP Network
After STP is globally enabled on a switch, check devices on the STP network where the
switch is located. Analyze the STP role and state of ports to check whether STP converges
normally.
For S series switches, confirm whether STP is enabled globally using the following method:
Run the display stp command to confirm whether STP is enabled globally. If STP is not
enabled globally, the Protocol Status field displays Disabled in the command output.

Issue 01 (2013-10-30)

Ltd.
113
S Series Switch
1 Overview
1.
Check whether the stp disable command is configured on ports.
2.
Check whether the STP region configuration is correct and whether ports are added to
VLANs correctly.
3.
Check whether the STP role and state of ports are normal.
4.
Check whether ports receive and send BPDUs normally.
Issue 01 (2013-10-30)

Ltd.
114
S Series Switch
1 Overview

Figure 1.1 Troubleshooting flowchart
Issue 01 (2013-10-30)

Ltd.
115
S Series Switch
1 Overview

Step 1 Check whether the stp disable command is configured on ports.
If Layer 2 loops may occur in an STP closed ring and STP is not enabled on some ports,
network storm may occur and affect normal service traffic forwarding.
Ports can participate in STP calculation only when STP is enabled globally and on ports.
By default, STP is enabled on ports of S series switches. If the stp disable command is not
configured on a port, STP is enabled on the port.
After STP is enabled globally, run the display stp brief command to check information about
all STP-enabled ports whose physical state is Up.
display
display
stp brief
interface
GigabitEthernet
2/0/6
Step 2 Check the mapping between VLANs and MSTIs.

When ports work in MSTP mode, a region can contain multiple MSTIs. Each MSTI maps
corresponding VLANs and converges independently. STP/RSTP is used among different
regions for them to converge. The convergence result of MSTI 0 takes effect for all MSTIs.
Run the display stp region-configuration command to check the region configuration of the
switch. The region configuration contains the mapping between VLANs and MSTIs.
Switches in the same region must have the same region name, revision level, and mapping
between VLANs and MSTIs. The CIST includes all ports on all switches, and an MSTI
includes only ports of the same MSTI in the same region. Therefore, ports added to a VLAN
participate in STP calculation in the MSTI which the VLAN belongs to.
display stp region-configuration
Oper configuration
Format selector
:0
Region name
:4c1fcc1f56b7
Revision level
:0
Instance
0
1
2
Issue 01 (2013-10-30)
Vlans Mapped
1 to 99, 201 to 299, 401 to 4094
100 to 200
300 to 400

Ltd.
116
S Series Switch
1 Overview
If the mapping between VLANs and MSTIs is not configured in an MST region, all VLANs belong
to MSTI0 by default. That is, traffic of all VLANs on all ports of the switch is forwarded according
to the port status calculated by MSTI0.
By default, S series switches use the system MAC address as the region name.
STP calculation based on the MSTI instead of VLAN. In an STP-enabled closed topology, there
must be ports in Discarding state in an MSTI. If the VLAN configuration on ports does not construct
a Layer 2 broadcast domain in the closed network, STP does not need to be enabled on relevant ports
to avoid services being influenced by the port in Discarding state.
Changes in parameters (especially the VLAN mapping table) in an MST region cause spanning tree
recalculation and route flapping on a network. Therefore, you are advised to run the check regionconfiguration command in the MST region view before activating the configuration of the MST
region to check whether parameters of the MST region are set correctly. After verifying that
parameters of the MST region are correct, run the active region-configuration command to activate
the configuration of the MST region.
The active region-configuration command activates the name, VLAN mapping table, and MSTP
revision level of the MST region. You are advised to run the active region-configuration command
after complete all the configurations to reduce network flapping.
Step 3 Check whether the STP role and state of ports are normal.
The port roles include the designated port (DESI), root port (ROOT), alternate port (ALTE),
backup port (BACK), and master port (MAST). The alternate port and backup port do not
forward traffic and they are always in Discarding state. Other ports are in Forwarding state
normally and forward traffic.
Generally, two directly connected STP-enabled ports cannot be designated ports at the same
time. If both ports are designated ports and are in Forwarding state, check whether the
problem is caused by the following reasons:
For S3300/S3700/S5300/S5700 switches in V100R005, the bpdu enable command must be
configured on ports (including Eth-Trunk) participated in STP calculation. For S2300/S2700
switches in V100R005, the bpdu enable command must be configured globally. Otherwise,
the received STP BPDUs are not processed.
For box switches in V100R006, the bpdu enable command is configured globally on
S2300/S2700 switches and on ports of other models by default. Chassis switches do not have
this restriction.
If the STP state of a designated port is Discarding, check whether root protection or loop
protection is configured on the port.
#
stp loop-protection
#
stp root-protection
#
display stp brief
MSTID Port
0
0
Role
ROOT
DESI
STP State
FORWARDING
FORWARDING
Protection
LOOP
ROOT
If the root protection and loop protection are not configured on the port, go to Step 4.
Step 4 Check whether ports receive and send STP BPDUs normally.
Issue 01 (2013-10-30)

Ltd.
117
S Series Switch
1 Overview
Run the display stp interface command to check the number of BPDUs received and sent by
a port.
display stp interface GigabitEthernet 2/0/6
----[CIST][Port14(GigabitEthernet2/0/6)][FORWARDING]---Port Protocol
:enabled
Port Role
:Designated Port
Port Priority
:128
Port Cost(Dot1T )
:Config=auto / Active=20000
Desg. Bridge/Port
:32768.4c1f-cc1f-56b7 / 128.14
Port Edged
Point-to-point
:Config=auto / Active=true
Transit Limit
:147 packets/hello-time
Protection Type
:None
Port Stp Mode
:MSTP
Port Protocol Type :Config=auto / Active=dot1s
BPDU Encapsulation :Config=stp / Active=stp
PortTimes
:Hello 2s MaxAge 20s FwDly 15s RemHop 20
TC or TCN send :2
TC or TCN received :0
BPDU Sent
:103219
TCN: 0, Config: 0, RST: 0, MST: 103219
BPDU Received
:0
The BPDU Sent field displays the total number of BPDUs sent by the port and the BPDU
Received field displays the total number of BPDUs received by the port. TCN indicates
topology change notification packets. Config indicates traditional STP packets. RST indicates
RSTP packets. MST indicates MSTP packets. Normally, only the number increases
periodically in the BPDU Sent field for designated ports and in the BPDU Received field for
other ports. After the convergence is stable, the number of BPDUs sent and received by a port
is fixed.
If the numbers in both the BPDU Sent field and BPDU Received field increase, run the
debugging stp interface <interface-type> <interface-number> packet all command to
enable STP debugging. BPDUs received and sent by a port are displayed. Check whether the
displayed information remains unchanged.
<Switch> debugging stp interface GigabitEthernet 2/0/6 packet all
<Switch> terminal monitor
<Switch>terminal debugging
Jun 24 2001 10:29:41.60.1+01:00 DST Switch MSTP/7/PKT:
Port55(GigabitEthernet2/0/6) Rcvd Packet(Length: 102)
ProtocolVersionID
: 03
BPDUType
: 02
Flags
: 7c( DESIGNATED Learning Forwarding
Agreement )
CIST Root Identifier
: 0.101b-5498-d3e0
CIST External Path Cost
: 0
CIST Bridge Identifier
: 0.101b-5498-d3e0
CIST Port Identifier
: 128.126
Message Age
: 0
Max Age
: 20
Hello Time
: 2
Forward Delay
: 15
Version 1 Length
: 0
Version 3 Length
: 64
Issue 01 (2013-10-30)

Ltd.
118
S Series Switch
1 Overview
CIST Regional Root Identifier

CIST Internal Root Path Cost
CIST Remaining Hops
Instance
:
:
:
:
0.101b-5498-d3e0
0
20
0
Disable the debugging.

<Switch> undo terminal monitor
<Switch>undo terminal debugging
<Switch>undo debugging all
Figure 1.1 shows meanings of bits in the Flags field.

Figure 1.1 Bits in the RSTP/MSTP Flags field
Multiple bits may be set to 1 at the same time. For example, in the configuration messages
periodically received by GE2/0/6, the Flags field displays 0x7C (binary digits: 0-1-1-1-1-1-00). It means that the Agreement, Forwarding, and Learning bits are set to 1, and the Port Role
bit is set to 11, meaning that the peer port is a designated port.
In TC packets, the Topology Change bit is set to 1.
----End
3.3.3 Fault 2: A Port Cannot Converge Rapidly

After STP is enabled on a switch globally and on ports, ports cannot forward packets for a
long time after the port status changes. Check configurations of the switch and the peer
device.
Run the display stp brief command to check information about all STP-enabled ports whose
physical status is Up. The STP State field displays the forwarding status of a port. A port can
normally forward packets only when it is in Forwarding state.

1.
Issue 01 (2013-10-30)
Check whether the peer port is enabled with STP.

Ltd.
119
S Series Switch
1 Overview
2.
Check whether the port works in traditional STP mode.
3.
Check whether the port works in point-to-point mode.
Issue 01 (2013-10-30)

Ltd.
120
S Series Switch
1 Overview

Issue 01 (2013-10-30)

Ltd.
121
S Series Switch
1 Overview

Step 1 Check whether the peer port is enabled with STP.
Terminals, PCs, and servers do not support STP. If the switch is connected to these devices,
configure the port on the switch as an edge port or disable STP on the port.
Run the stp edged-port enable or stp disable command on the port.
Otherwise, when the cable is removed or installed, or the shutdown/undo shutdown
command is run on the port, the port converges slowly because the peer port does not send
STP BPDUs to the port. The port must wait twice the forward-delay time (15s by default)
before forwarding packets normally.
Step 2 Check whether the port works in traditional STP mode.
STP is always downward compatible during its development process. On devices that are
globally configured to work in RSTP/MSTP mode, ports automatically transit to STP mode
after receiving traditional STP BPDUs.
Run the display stp interface command to check the actual working mode of a port.
----[Port28(GigabitEthernet2/0/6)][FORWARDING]---Port Protocol
:Enabled
Port Role
:Designated Port
Port Priority
:128
Port Cost(Dot1T )
Designated Bridge/Port
:32768.0026-0000-9140 / 128.28
Port Edged
Point-to-point
Transit Limit
:147 packets/s
Protection Type
:None
Port STP Mode
:STP
PortTimes
TC or TCN send
:12
BPDU Sent
:24
BPDU Received
:1
The fast port transition mechanism is also called the Proposal/Agreement mechanism.
Traditional STP mode cannot provide the fast transition mechanism. A port must wait twice
the forward-delay time (15s by default) to enter the Forwarding state. The type of STP
BPDUs sent and received by a port can be obtained based on the number of BPDUs displayed
in the BPDU Sent field and BPDU Received field.
S series switches support the Proposal/Agreement mechanism in enhanced mode and in
common mode. The enhanced mode is the default mode.
Enhanced mode: The current port calculates the root port when calculating the
synchronization flag bit.
Issue 01 (2013-10-30)
An upstream device sends a Proposal packet to a downstream device, requesting for

fast transition. After receiving the packet, the downstream device sets the port
connected to the upstream device as a root port and blocks all non-edge ports.
Ltd.
122
S Series Switch
1 Overview
The upstream device then sends an Agreement packet to the downstream device.
After the downstream device receives the packet, the status of the root port changes
to Forwarding.
The downstream device sends an Agreement packet to the upstream device. After
receiving the Agreement packet, the upstream device sets the port connected to the
downstream device as a designated port. The designated port then enters the
Forwarding state.
Common mode: The current port does not calculate the root port when calculating the
synchronization flag bit.
An upstream device sends a Proposal packet to a downstream device, requesting for

fast transition. After receiving the Proposal packet, the downstream device sets the
port connected to the upstream device as a root port and blocks all non-edge ports.
The root port then enters the Forwarding state.
downstream device as a designated port. The designated port then enters the
Forwarding state.
When an S series switch is connected to an upstream RSTP-enabled switch or a non-Huawei

device, fast transition cannot be performed on the upstream device. Run the stp noagreement-check command on the S series switch to avoid the problem.
After a port automatically switches to STP-compatible mode, you need to run the stp mcheck
command on the port to switch the port back to MSTP mode manually in the following cases:
The switch running STP is shut down or disconnected.
The switch running STP is switched to MSTP mode.

For two directly connected switching devices in a spanning tree, the switching device closer to the root
bridge is the upstream device of the other switching device.
Step 3 Check whether the link type of a port is point-to-point (P2P).

The RSTP/MSTP mode provides the fast transition mechanism. When STP is enabled on both
ends of a link and the link type is P2P, the fast transition mechanism can be implemented on
the ports.
You can run the stp point-to-point command to configure the link type on S series switches.
The link type of a port is auto by default. That is, RSTP/MSTP checks whether the link of a
port is a P2P link. The link can be a P2P link only when both ends work in full duplex mode.
Run the display interface <interface-type> <interface-num> command to check whether a
port works in full duplex mode.
Run the display stp interface command to check the link type of a port.
----[CIST][Port14(GigabitEthernet2/0/6)][FORWARDING]---Port Protocol
:enabled
Port Role
:Designated Port
Port Priority
:128
Port Cost(Dot1T )
Desg. Bridge/Port
:32768.4c1f-cc1f-56b7 / 128.14
Port Edged
Point-to-point
Transit Limit
:147 packets/hello-time
Issue 01 (2013-10-30)

Ltd.
123
S Series Switch
1 Overview
Protection Type
:None
Port Stp Mode
:MSTP
PortTimes
TC or TCN send :2
BPDU Sent
:103219
BPDU Received
:0
In the preceding command output, Config=auto indicates that the configured value is auto,
and Active=true indicates that the link type of the port is P2P.
If the fast transition mechanism cannot be implemented on the port when the link type is P2P,
contact Huawei technical support personnel.
----End
3.3.4 Fault 3: CPU Usage Is High on an STP-enabled

Device
When service traffic is interrupted sometimes on an STP-enabled network, check whether
ports continuously receive TC packets and whether ports receive multiple types of STP
BPDUs.
After receiving TC packets, STP-enabled ports updates forwarding entries. When the STP
convergence modes are different, the switch processes ARP entries in different ways. In the
display stp command output, the STP Converge Mode field indicates the STP convergence
mode of the device.

1.
Check whether ports continuously receive TC packets.
2.
Check whether ports receive multiple types of STP BPDUs.
3.
Check whether there are attack packets.
Issue 01 (2013-10-30)

Ltd.
124
S Series Switch
1 Overview


Step 1 Whether ports continuously receive TC packets.
Run the display cpu-usage command to check tasks with high CPU usage on the chassis or
LPU. If the PPI task has high CPU usage on box or chassis switches, check whether ports
continuously receive a large number of TC packets. If the PPI task does not have a high CPU
usage, go to .
When a non-edge port enters the Forwarding state, TC packets are generated.
Issue 01 (2013-10-30)

Ltd.
125
S Series Switch
1 Overview
In traditional STP mode, the flooding path of TCN packets is shown in the following figure:
In RSTP/MSTP mode, the flooding path of TC packets is shown in the following figure:
Generally, a switch updates forwarding entries after receiving a TC packet indicating the
topology change. Then traffic is transmitted through new paths. When ports continuously
receive TC packets, the switch updates forwarding entries frequently, occupying CPU
resources and affecting service traffic forwarding.
Check TC packets received and sent by ports using the following commands:
display stp tc (The command is used in the hidden view on chassis switches in V100R003
and earlier versions. It displays only the number of received packets and does not differentiate
TC and TCN packets.)
display stp tc-bpdu statistics (The command is supported by chassis switches since
V100R006 and by box switches since V100R005.)
display stp topology-change (The command is supported by chassis switches since
V100R006 and by box switches since V100R005.)
[Frame-hidecmd]display
stp tc (The command displays only the total number of TC or TCN packets
received by ports.)
---------- Stp Instance 0 tc or tcn count ---------Port GigabitEthernet3/0/0
0
Port GigabitEthernet3/0/23
29
[Switch]display stp tc-bpdu statistics
-------------------------- STP TC/TCN information -------------------------MSTID Port
TC(Send/Receive)
TCN(Send/Receive)
0
21/4
0/1
0
93/0
0/1
Issue 01 (2013-10-30)

Ltd.
126
S Series Switch
1 Overview
0
115/0
0/0
0
110/0
0/0
0
29/5
0/0
[Switch]display stp topology-change
CIST topology change information
Number of topology changes
:35
Time since last topology change
:0 days 1h:7m:30s
Topology change initiator(notified)
:GigabitEthernet2/0/6
Topology change last received from
:101b-5498-d3e0
Number of generated topologychange traps :
38
Number of suppressed topologychange traps:
8
MSTI 1 topology change information
Number of topology changes
:0
If the command output shows that ports continuously receive a large number of TC packets,
run the stp tc-protection command to enable TC protection on the switch to suppress TC
packets. The switch then is protected against TC packets. Run the stp tc-protection threshold
command to set the number of times that TC packets are processed in a specified Hello time.
After receiving TC packets, the switch updates forwarding entries. When the STP
convergence modes are different, the switch processes ARP entries in different ways. The
normal convergence mode is recommended.
If the STP convergence mode is fast, the switch deletes the related ARP entries directly.
If the STP convergence mode is normal, the switch sets the remaining aging time of the ARP
entries to 0 and ages them.
By default, the STP convergence mode is normal on chassis switches since V100R003 and on box
switches since V100R005. The mode is fast by default on switches in earlier versions.
By default, TC protection is disabled on S series switches, and the TC protection threshold is 3 in

versions earlier than V100R006 and 1 in V100R006.
If the PPI task still has high CPU usage after TC protection is enabled and STP convergence
mode is changed, go to Step 2.
Step 2 Check whether ports receive multiple types of STP BPDUs.
Due to network changes, the stable STP ring may reconverge.
Run the display stp history command on chassis switches to check role calculation history on
ports. If the role of ports keeps changing, ports receive packets from different devices,
indicating a problem on the network.
On chassis switches in versions earlier than V200R001 (hidden view), the displayed
[Switch-hidecmd]display stp history
---------- Stp Instance 0 history trace ---------GigabitEthernet6/0/16 Root->Desi
at 2001/06/20 11:40:14 UTC+00:00
{4096.101b-5498-1234 0 4096.101b-5498-1234 0 4096.101b-5498-1234 128.63}
GigabitEthernet6/0/16 Desi->Root
at 2001/06/20 11:37:53 UTC+00:00
{0.0489-98f5-a0a0 259999 4096.101b-5498-1234 0 4096.101b-5498-1234 128.63}
(0.0489-98f5-a0a0: root MAC address; 259999: external path cost; 4096.101b-5498-1234: region root MAC address; 0:
external path cost; 4096.101b-5498-1234: designated bridge MAC address; 128.63: configured port priority)
Issue 01 (2013-10-30)

Ltd.
127
S Series Switch
1 Overview
On S series switches in V200R001 and later versions (diagnosis view), the displayed
[Switch-diagnose]display stp history
Stp Instance 0 history trace:
Port Name: GigabitEthernet0/0/6
Role Transation: Root->Desi
IsAged: Yes
Time: 2008/10/05 00:12:25 UTC+00:00
RootPriority: 0
RootMac: 101b-5498-d3e0
PathExtCost: 0
RegRootPriority: 32768
RegRootMac: 0000-0a88-1580
PathInCost: 0
DesignatedPriority: 0
DesignateMac: 101b-5498-d3e0
PortPriority: 128
PortId: 7
Run the following commands to enable STP debugging to collect exchanged STP BPDUs and
event information when the network is faulty.
<Switch> debugging stp interface <interface-type> <interface-number> packet
<Switch>debugging stp event
all
When locating the fault, pay attention to the situation that some network devices can transparently
transmit STP BPDUs by default although STP is not globally enabled on the devices.
Step 3 Check whether there are attack packets.

When a link is faulty or attack packets exist on the network, port cannot receive STP BPDUs
sent by the peer device, and STP state is switched as shown in the following logs:
Jul 26 2012
instance 0,
Jul 26 2012
instance 0,
02:26:40
MSTP set
02:26:43
MSTP set
Switch %%01MSTP/6/SET_PORT_DISCARDING(l):In MSTP process 0

port GigabitEthernet4/0/10 state as discarding.
Switch %%01MSTP/6/SET_PORT_FORWARDING(l):In MSTP process 0
port GigabitEthernet4/0/10 state as forwarding.
Run the display interface command to check whether the physical status, rate, and full
duplex mode of a port are normal and whether there are error packets in the inbound direction.
If links are normal, run the display stp interface <interface-type> <interface-number>
command to check the number displayed in the BPDU Received field as shown in
3.2.4"Deployment Precautions." If the number does not increase periodically and the BPDU
configuration on the port is correct, bind a traffic policy in the inbound direction of the port to
collect traffic statistics about STP BPDUs. This confirms whether the peer device periodically
sends STP BPDUs. Perform the following configurations:
Configure a traffic policy.
[Switch]traffic classifier stp
[Switch-classifier-stp]if-match destination-mac 0180-c200-0000
[Switch]traffic behavior stp
[Switch-behavior-stp]statistic enable
[Switch]traffic policy stp
[Switch-trafficpolicy-stp]classifier stp behavior stp
Issue 01 (2013-10-30)

Ltd.
128
S Series Switch
1 Overview
[Switch]interface GigabitEthernet 2/0/6

[Switch-GigabitEthernet2/0/6]traffic-policy
stp inbound
View the traffic statistics.

[Switch]display traffic policy statistics interface GigabitEthernet
inbound
Interface: GigabitEthernet2/0/6
Traffic policy inbound: stp
Rule number: 1
Current status: OK!
--------------------------------------------------------------------Board : 2
Item
Packets
Bytes
--------------------------------------------------------------------Matched
4
492
+--Passed
4
492
+--Dropped
0
0
+--Filter
0
0
+--CAR
0
0
2/0/6
If the traffic statistics show that STP BPDUs increase periodically, but the number displayed
in the BPDU Received field does not increase periodically, run the display cpu-defend
statistics all command to check whether a large number of other packets are sent to the CPU
for processing.
[Switch]display cpu-defend statistics all
CPCAR on slot 1
------------------------------------------------------------------------------Packet Type
Pass(Bytes) Drop(Bytes)
Pass(Packets)
Drop(Packets)
arp-request
8639817608
136756196
127257200
2011692
arp-reply
591903504
8257252
8704451
121430
stp
2436513867
0
17536915
0
smart-link
0
0
0
0
ldt
0
0
0
0
lacp
0
0
0
0
lldp
0
0
0
0
dldp
0
0
0
0
vrrp
0
0
0
0
mpls-oam
0
0
0
0
isis
0
0
0
0
dhcp-client
0
0
0
0
dhcp-server
0
0
0
0
igmp
0
0
0
0
pim
0
0
0
0
S series switches use the CPCAR mechanism to classify packets sent to the control plane, and
limit the rate of these packets and schedule packets in queues to ensure security of the control
plane. If some packets exceed the CPCAR threshold and are discarded, run the display cpudefend configuration all command to check whether these packets are in the same queue
with STP BPDUs.
[Frame]dis cpu-defend configuration all
Car Configurations on main board.
---------------------------------------------------------------------Packet Name
Status
Cir(Kbps)
Cbs(Byte) Queue Port-Type
Issue 01 (2013-10-30)

Ltd.
129
S Series Switch
1 Overview
---------------------------------------------------------------------8021X
Enabled
256
32000
3
NA
arp-mff
Enabled
128
16000
3
NA
arp-miss
Enabled
128
16000
3
NA
arp-reply
Enabled
128
16000
3
NA
arp-request
Enabled
128
16000
3
NA
ssh
stp
Enabled
Enabled
128
512
16000
64000
5
5
NA
NA
---------------------------------------------------------------------Car Configurations On Slot 3.

---------------------------------------------------------------------Packet Name
Status
Cir(Kbps)
Cbs(Byte) Queue Port-Type
---------------------------------------------------------------------8021X
Disabled
256
32000
3
NA
arp-mff
Disabled
64
10000
3
NA
arp-miss
Enabled
64
10000
3
NA
arp-reply
Enabled
64
10000
3
UNI
arp-request
Enabled
64
10000
3
UNI
ssh
stp
Enabled
Enabled
128
128
16000
16000
5
5
NNI
NA
If the reason for high CPU usage still cannot be found, contact Huawei technical support
personnel.
On S series switches in different models and versions, packet types displayed in the display cpudefend statistics all command output may be different.
For box switches in some versions, STP state changes of ports are not recorded in the log buffer by
default. Run the info-center source MSTP channel 4 log level informational command to adjust
the log level.
----End
3.3.5 Information Collection Methods


3.3.5.2 List of the display Commands

Command
Description
display version
display device
Displays device status information.
Issue 01 (2013-10-30)

Ltd.
130
S Series Switch
1 Overview
Command
Description
Displays the CPU usage.
Displays the memory usage.
display interface
Displays traffic on all ports. (Collect the

information once every five minutes and twice
in total.)
display stp region-configuration
Displays the configuration of an STP region.
display stp brief
Displays brief information about instances, port

roles, STP states, and protection. (Collect the
information once every 15s and five times in
total.)
display stp
Displays status and statistics of spanning tree

instances. (Collect the information once every
five minutes and twice in total.)
display stp history (in hidden view for

chassis switches in versions earlier than
V200R001 and diagnosis view in
V200R001)
Displays history records of STP calculation.
display stp tc (in hidden view for chassis

switches in V100R003 and earlier
versions)
Displays the numbers of TC/TCN packets

received and sent by ports. (Collect the
information once every 15s and five times in
total.)
display stp tc-bpdu statistics (supported

by chassis switches since V100R006 and
by box switches since V100R005.)
display logbuffer
Displays information in the log buffer.
display trapbuffer
Displays information in the trap buffer.
reset stp statistics
Clears statistics about received and sent STP

BPDUs.
Issue 01 (2013-10-30)

Ltd.
131
S Series Switch
1 Overview

3.4.1 Case 1: After an RSTP-enabled Port Is Shut
Down and Restored, RSTP Cannot Converge Quickly
H3Csw-1
H3Csw-2
S5700
Two H3C switches and one S5700 form an RSTP ring. H3Csw-1 is the root bridge. The link
between the S5700 and H3Csw-2 is redundant when the network is stable.
Shut down the port on H3Csw-1 connected to the S5700 and restore the port to check the
RSTP fast convergence mechanism. After the link between H3Csw-1 and the S5700 recovers,
the port on H3Csw-1 remains in Discarding state and changes to Forwarding state after 30s.
3.4.1.2 Root Cause

When the port on H3Csw-1 connected to the S5700 is Up, H3Csw-1 sends BPDUs with the
Proposal bit, but does not send BPDUs with the Agreement bit. Therefore, the
Proposal/Agreement mechanism does not take effect.

By default, the S5700 uses the Proposal/Agreement mechanism in enhanced mode. It
responds after receiving Agreement packets sent by the upstream device.
The upstream device sends a Proposal packet to the downstream device, requesting for
fast transition. After receiving the packet, the downstream device sets the port connected
to the upstream device as a root port and blocks all non-edge ports.
The upstream device then sends an Agreement packet to the downstream device. After
the downstream device receives the packet, the status of the root port changes to
Forwarding.
downstream device as a designated port. The designated port then enters the Forwarding
state.
H3Csw-1 uses the Proposal/Agreement mechanism in common mode. Run the debugging stp
interface GigabitEthernet0/0/8 packet receive command on the S5700 to view STP BPDUs
received by ports. Only RSTP BPDUs with the Proposal bit are displayed.
Port50(GigabitEthernet0/0/8) Rcvd Packet(Length: 43)
Issue 01 (2013-10-30)

Ltd.
132
S Series Switch
1 Overview
ProtocolVersionID
BPDUType
Flags
Root Identifier
Root Path Cost
Bridge Identifier
Port Identifier
Message Age
Max Age
Hello Time
Forward Delay
Version 1 Length
:
:
:
:
:
:
:
:
:
:
:
:
02
02( RST BPDU )
0e( Proposal DESIGNATED )
0.000f-e2e0-7425
0
0.000f-e2e0-7425
128.206
0
20
2
15
0
3.4.1.4 Solution
On the S5700, run the stp no-agreement-check command on ports connected to H3C
switches for the S5700 to communicate with H3C switches.
3.4.1.5 Summary
When S series switches work with non-Huawei devices, run the stp no-agreement-check
command on S series switches to configure the transition mode according to the
Proposal/Agreement mechanism of non-Huawei devices.
3.4.2 Case 2: Member Ports of an Eth-Trunk Are

Down and Services Are Interrupted
S5700
Ge0/0/21
S7700
H3Csw
Ge5/0/1
Ge6/0/0
All ports are added to VLAN 100. GE0/0/21 of S5700 (in V100R006C00SPC800) receives
service traffic and sends the traffic to GE5/0/1 of H3Csw through the connected link
aggregation group (LAG). GE5/0/1 then forwards the traffic to GE6/0/0 of S7700.
The LAG information on H3Csw and S5700 is displayed as follows:
<H3Csw>display link-aggregation verbose 1
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Aggregation ID: 1, AggregationType: Static,
Loadsharing Type: Shar
Aggregation Description:
System ID: 0x8000, 000f-e21e-98a5
Port Status: S -- Selected, T -- sTandby
Local:
Port
Status Priority Flag Oper-Key Link-Status
-------------------------------------------------------------------------------GigabitEthernet0/0/1
S
32768
0x3d 1
Up
S
32768
0x3d 1
Up
S
32768
0x3d 1
Up
Issue 01 (2013-10-30)

Ltd.
133
S Series Switch
1 Overview
Remote:
Actor
Partner Priority Flag Oper-Key SystemID
1
32768
0x3d 305
0x8000,0025-9efb-597a
2
32768
0x3d 305
0x8000,0025-9efb-597a
3
32768
0x3d 305
0x8000,0025-9efb-597a
<S5700>display eth-trunk 1
Eth-Trunk1's state information is:
Local:
LAG ID: 1
WorkingMode: STATIC
Preempt Delay: Disabled
Hash arithmetic: According to SIP-XOR-DIP
System Priority: 32768
System ID: 0025-9efb-597a
Least Active-linknumber: 1 Max Active-linknumber: 8
Operate status: up
Number Of Up Port In Trunk: 3
-------------------------------------------------------------------------------ActorPortName
Status
PortType PortPri PortNo PortKey PortState Weight
Selected 1GE
32768
1
305
10111100 1
Selected 1GE
32768
2
305
10111100 1
Selected 1GE
32768
3
305
10111100 1
Partner:
-------------------------------------------------------------------------------ActorPortName
SysPri
SystemID
PortPri PortNo PortKey PortState
32768
000f-e21e-98a5 32768
0
1
10111100
32768
000f-e21e-98a5 32768
1
1
10111100
32768
000f-e21e-98a5 32768
2
1
10111100
After the optical fiber connecting the two GE0/0/2 ports is removed, the two ports are Down
and service traffic is interrupted for about 30s.
3.4.2.2 Root Cause

S5700 has STP enabled globally and works in MSTP mode. The STP mode of S7700 is RSTP.
H3Csw is not globally enabled with STP, but ports on H3Csw can transparently transmit STP
BPDUs by default. After a member port in the LAG is Down, the cost of the entire LAG
changes and STP reconverges. Because STP is not enabled on the peer end of GE0/0/21 on
S5700, STP converges slowly on GE0/0/21.

The configuration shows that STP is globally enabled on S5700. H3Csw is not globally
enabled with STP, but ports on H3Csw can transparently transmit STP BPDUs. After
receiving RSTP BPDUs from S7700, S5700 negotiates with S7700.
[S5700]dis stp brief
MSTID Port
Role
STP State
0
Eth-Trunk1
ROOT FORWARDING
0
DESI FORWARDING
<H3Csw>dis stp brief
Protocol Status
:disabled
Protocol Std.
:IEEE 802.1s
Version
:3
CIST Bridge-Prio. :32768
MAC address
:000f-e21e-98a5
Max age(s)
:20
Issue 01 (2013-10-30)

Ltd.
Protection
NONE
NONE
134
S Series Switch
1 Overview
Forward delay(s)
Hello time(s)
Max hops
:15
:2
:20
The STP cost of an Eth-Trunk is the cost of a member port divided by the number of member
ports. By default, the cost of GE ports on S5700 is 20000. When all the three member ports in
Eth-Trunk 1 are Up, the STP cost of Eth-Trunk 1 is 6666 (20000/3). After the optical fiber
connected to GE0/0/2 is removed, only two member ports in Eth-Trunk 1 are Up, and the STP
cost of Eth-Trunk 1 is 10000 (20000/2). When selecting port roles, STP calculates the path
cost according to the STP cost of ports.
Eth-Trunk 1 is the root port of S5700. After the STP cost of Eth-Trunk 1 changes, STP
calculation is triggered and STP reconverges on GE0/0/21. Because STP is not enabled on the
peer end of GE0/0/21 on S5700, STP converges slowly on GE0/0/21 and traffic is interrupted
for 30s.
3.4.2.4 Solution
1.
Configure GE0/0/21 on S5700 as an STP edge port.
2.
Set the STP cost of Eth-Trunk 1 to 10000 so that STP convergence is not triggered after
member ports of Eth-Trunk 1 are Down.
3.4.2.5 Summary
If STP is globally enabled on a device and a port is connected to a peer device that is not
enabled with STP, configure the port as an STP edge port or disable STP on the port.
STP is triggered to reconverge after the status of member ports in an Eth-Trunk changes.
Set the STP cost of the Eth-Trunk to a fixed value smaller than the cost of its physical
member ports.
3.4.3 Case 3: Different MSTP Region Configurations

Result in the Same Convergence of Multiple
Instances
Switch-1
Swtich-2
GE0/0/20
GE0/0/23
GE0/0/24
STP is enabled on two S series switches connected through GE0/0/20, GE0/0/23, and
GE0/0/24 on the two switches. Configure MSTP multi-instance.
instance 1 vlan 101
instance 2 vlan 99
The GE0/0/20 ports belong to instance 1 and 2. The GE0/0/23 ports only belong to instance 1.
The GE0/0/24 ports only belong to instance 2.
The GE0/0/20 ports in instance 1 and 2 are in Forwarding state. However, the GE0/0/20 ports
are required to be in different STP state in instance 1 and 2.
Issue 01 (2013-10-30)

Ltd.
135
S Series Switch
1 Overview
3.4.3.2 Root Cause

The two switches are configured with different region names. STP converges in the CIST.

Check the STP convergence information of the two switches.
<Switch-1>display stp brief
MSTID Port
0
0
0
1
1
2
2
Role STP State

DESI FORWARDING
DESI FORWARDING
DESI FORWARDING
DESI FORWARDING
DESI FORWARDING
DESI FORWARDING
DESI FORWARDING
<Switch-2>display stp brief

MSTID Port
0
0
0
1
1
2
2
Role
ROOT
ALTE
ALTE
MAST
ALTE
MAST
ALTE
STP State
FORWARDING
DISCARDING
DISCARDING
FORWARDING
DISCARDING
FORWARDING
DISCARDING
Protection
NONE
NONE
NONE
NONE
NONE
NONE
NONE
Protection
NONE
NONE
NONE
NONE
NONE
NONE
NONE
Check the STP region configurations of the two switches.

[Switch-1]display stp region-configuration
Oper configuration
Format selector
:0
Region name
:vlan101
Instance
Vlans Mapped
0
1 to 98, 100, 102 to 4094
1
101
2
99
[Switch-2]display stp region-configuration
Oper configuration
Format selector
:0
Region name
:vlan99
Instance
Vlans Mapped
0
1 to 98, 100, 102 to 4094
1
101
2
99
Revision level
Revision level
:0
:0
The command output shows that the two switches have different region names. They perform
calculation between regions and the calculation of instance 0 takes effect for all instances.
3.4.3.4 Solution
All region configurations of the two switches are the same except the region name, and no
service is loaded on the two switches. Change the region name of Switch-2 to solve the
problem.
[Switch-2]stp region-configuration
Issue 01 (2013-10-30)

Ltd.
136
S Series Switch
1 Overview
[Switch-2-mst-region]region-name vlan101
[Switch-2-mst-region] active region-configuration
3.4.3.5 Summary
By default, S series switches use the system MAC address as the region name. In MSTP
planning, pay attention to the region name and mapping between VLANs and instances in the
region configuration. Changes in the region configuration trigger MSTP recalculation. After
the network is stable, consider the impact on services when changing the region configuration.
3.4.4 Case 4: Packets Trigger Root Protection and

Services Are Interrupted
Switch-1
Eth-trunk0
Switch-2
GE0/19
ATAE
slot7
GE0/19
GE0/15
ATAE
slot8
GE0/17
O&M
switch
Two S series switches and the ATAE switch board form an STP ring. The two slots of the
ATAE switch board can be considered as two switches that are connected through GE0/15
ports on the two slots. Swtich-1 is the root bridge and Swtich-2 is the backup root bridge. In
normal situations, GE0/19 of ATAE slot8 is the blocked port. Switch-1 and Switch-2 have
VRRP enabled and function as gateways of the ATAE switchboard. When the two switches
are faulty, service traffic sent by the ATAE switch board is interrupted.
Services are temporarily restored after Swtich-1 is powered off.
3.4.4.2 Root Cause

On Switch-1, root protection is enabled on ports connected to Switch-2 and ATAE slot7. After
O&M switch with a higher priority is incorrectly connected to the network, root protection is
triggered to take effect. All ports that have root protection enabled are blocked and services
are interrupted.

After the fault occurs, check the VRRP state on Switch-1 and Switch-2. Both of the two
switches are the Master, indicating that VRRP heartbeat packet forwarding is faulty.
Normally, VRRP heartbeat packets are forwarded through the Eth-Trunk between the two
Issue 01 (2013-10-30)

Ltd.
137
S Series Switch
1 Overview
switches. If the Eth-Trunk negotiation fails after the fault occurs, STP reconverges and
heartbeat packets are forwarded through the ATAE switch board.
Power on Swith-1 but do not connect it the the network. Check the configuration file of
Switch-1. The configuration file shows that STP root protection is enabled on all ports in Up
state. After receiving STP BPDUs with a higher priority, the ports enter the Discarding state
and stop forwarding packets. Because Switch-1 is restarted, it is unknown whether Switch-1
receives packets with a higher priority when the fault occurs. Analyze the STP history
calculation information of the ATAE switch board.
According to the STP history calculation information, GE0/19 of ATAE slot8 receives STP
BPDUs from the device whose MAC address is 000f-e2f6-1d18 and the priority is 0,
triggering STP recalculation.
GigabitEthernet0/19
Alte->Desi
at 2011/10/29 04:38:06
{0.5489-98f5-26bf 18 4096. 5489-98f5-834d 0 4096. 5489-98f5-834d 128.18}
GigabitEthernet0/17
Desi->Root
at 2011/10/29 04:38:06
{0.000f-e2f6-1d18 0 0.000f-e2f6-1d18 0 0.000f-e2f6-1d18 128.16}
GigabitEthernet0/15
Root->Desi
at 2011/10/29 04:38:06
{0. 5489-98f5-26bf 20000 32768.0018-8200-5428 0 32768.0018-8200-5428 128.14}
STP selects the root bridge according to the bridge ID (the bridge priority and MAC address).
When two devices have the same bridge priority, the device with a smaller system MAC
address has a smaller bridge ID and a higher priority. When the fault occurs, ATAE slot8
receives STP BPDUs with a higher priority (0.000f-e2f6-1d18) than the priority (0.000f-e2f626bf) of the original root bridge Switch-1. As a result, ports configured with STP root
protection on Switch-1 are blocked. VRRP heartbeat packets cannot be forwarded between
Switch-1 and Switch-2. Both the two switches become the VRRP master and services are
interrupted.
It is found that 000f-e2f6-1d18 is the system MAC address of an O&M switch connected to
GE0/17. The switch is incorrectly connected to the network when the fault occurs.
3.4.4.4 Solution
Disable STP on ports that are not added to the STP ring on the ATAE switch board.
3.4.4.5 Summary
If a device with a higher priority sends packets to preempt to be the root bridge, services may
be interrupted. When configuring root protection to protect the root bridge, consider the
situation and avoid it beforehand.
Issue 01 (2013-10-30)

Ltd.
138
S Series Switch
1 Overview
RRPP
4.1 RRPP Overview

Rapid Ring Protection Protocol (RRPP) is a link layer (Layer 2) protocol used to prevent
loops on Ethernet ring networks.
When the network is complete, RRPP-enabled switches detect loops on the network and block
some ports to eliminate loops. When a network fault occurs, the RRPP-enabled switches
unblock the blocked ports and switch data traffic to a running link.
4.1.1.1 Basic RRPP Concepts

After an RRPP domain and RRRP ring are created, RRPP assigns different roles to nodes on
the RRRP ring. Nodes on the ring network exchange and process RRPP packets through
primary and secondary ports to detect the ring network status and transmit information about
topology changes. The nodes block or unblock the ports based on the ring network status.
RRPP can prevent loops when the ring is complete, and rapidly switch service data to the
backup link if a device or link fails, ensuring nonstop service transmission.
Issue 01 (2013-10-30)

Ltd.
139
S Series Switch
1 Overview
RRPP Network Architecture

Figure 1.1 RRPP networking
RRPP domain
An RRPP domain consists of a group of interconnected switches/routers with the same
domain ID and control VLAN ID. The RRPP domain contains the following entities:
major ring, sub-ring, control VLAN, master node, transit node, edge node, assistant edge
node, common port, edge port, primary port, and secondary port.
RRPP ring
A physical RRPP ring uses an Ethernet ring topology. Each RRPP ring is a unit of the
RRPP domain that it belongs to. An RRPP domain comprises a single ring or multiple
interconnected rings. When multiple interconnected rings exist, one ring is the major ring
and the others are sub-rings.
Control VLAN
A control VLAN is used to transmit only RRPP packets. An RRPP domain has two
control VLANs: major control VLAN and sub-control VLAN.
RRPP packets on the major ring are transmitted in the major control VLAN, and RRPP
packets on the sub-rings are transmitted in the sub-control VLAN.
Node
Each switch on an RRPP ring is a node. Nodes on the RRPP ring are classified into
following types:
Issue 01 (2013-10-30)
Master node

Ltd.
140
S Series Switch
1 Overview
The master node determines how to handle topology changes. Each RRPP ring must
have only one master node.
Any switch on the Ethernet ring can serve as the master node.
Transit node
On an RRPP ring, all nodes except the master node are transit nodes. A transit node
monitors the status of its directly-connected links and notifies the master node of link
changes.
Edge node and assistant edge node

On the link where the major ring and sub-ring overlap, if the switch on one
intersection point is an edge node, the switch on the other intersection point is an
assistant edge node. A switch serves as an edge node or an assistant edge node on the
sub-ring, and serves as a transit node on the major ring.
Port role
Primary port and secondary port

On the master node and transit nodes, one of the two ports connected to an Ethernet
ring can be configured as the primary port and the other as the secondary port.
The master node sends Hello packets from its primary port and receives Hello
packets on its secondary port. The primary port and secondary port of a transit node
provide the same function.
Common port and edge port

On an edge node or assistant edge node, the port that connects to both the major ring
and sub-ring is the common port, and the port that connects to only the sub-ring is the
edge port.
Hello Timer and Fail Timer

When RRPP detects the link status on the Ethernet ring, the master node sends Hello packets
according to the Hello timer and determines whether the secondary port receives the Hello
packets according to the Fail timer.
The Hello timer specifies the interval at which the master node sends Hello packets from
the primary port. The Hello timer value ranges from 1 to 10, in seconds.
The Fail timer specifies the maximum delay period during which the primary port sends
a Hello packet and the secondary port receives the Hello packet. The Fail timer value
ranges from 3 to 30, in seconds.
The Fail timer on the transit node specifies the time to unblock the temporarily blocked port.
When a link becomes faulty, RRPP immediately sends a LINK-DOWN packet to notify the master node
of the link fault. The master node then unblocks the secondary port. When the link recovers, the master
node sends a COMPLETE-FLUSH-FDB packet to request the transit node to unblock the temporarily
blocked port. This process is irrelevant to the value range of the Hello and Fail timers.
4.1.1.2 RRPP Packets

RRPP employs various types of packets to implement the polling mechanism and link state
change notification mechanism, as well as to request transmit nodes to update their port status
and MAC address forwarding entries. RRPP packets are unicast packets. Different packets
carry different destination MAC addresses and contain identification information such as
domain IDs and ring IDs.
Issue 01 (2013-10-30)

Ltd.
141
S Series Switch
1 Overview
Packet Type
Table 1.1 lists different types of RRPP packets.
Table 1.1 Types of RRPP packets
Type
Description
HEALTH
(HELLO)
Packet sent by the master node to check for loops on a network.
LINK-DOWN
Packet sent by a transit node, edge node, or assistant edge node to

notify the master node that a port goes Down.
COMMONFLUSH-FDB
Packet sent by the master node to request that transit nodes update their
MAC address forwarding entries and ARP entries.
COMPLETEFLUSH-FDB
Packet sent by the master node to request that transit nodes, edge
nodes, or assistant edge nodes update their MAC address forwarding
entries and ARP entries, and enable transit nodes to unblock
temporarily blocked ports of the data VLAN.
EDGE-HELLO
Packet sent by an edge node on a sub-ring and received by an assistant

edge node on the same sub-ring to check whether a major ring is in
Complete state in the domain where the sub-ring is located.
MAJOR-FAULT
Packet sent by an assistant edge node on a sub-ring to notify the edge

node that a major ring in the RRPP domain has failed if the assistant
edge node does not receive the EDGE-HELLO packet from the edge
node within a specified period.
4.1.1.3 RRPP Working Principles

Polling Mechanism
The polling mechanism allows the master node to monitor the ring status and take
corresponding measures to handle topology changes through Hello packets. The master node
periodically sends Hello packets according to the value of the Hello timer and checks whether
the secondary port receives the Hello packet within the delay time specified by the Fail timer.
In this way, the master node determines whether to unblock the secondary port.
Process of the polling mechanism
1.
The master node periodically sends Hello packets from its primary port based on the
value of the Hello timer.
2.
The Hello packet is transmitted along transit nodes on the ring. Normally, the master
node receives the Hello packet on its secondary port.
Issue 01 (2013-10-30)
If the master node receives the Hello packet on its secondary port before the Fail
timer times out, the master node considers the ring complete.
If the master node does not receive the Hello packet on its secondary port after the
Fail timer times out, the master node considers the ring faulty.

Ltd.
142
S Series Switch
1 Overview
Link State Change Notification Mechanism

The switch that serves as the master node on the RRPP ring needs to fast detect status change
of links on the ring. The master node can fast detect faults on its directly-connected links. To
enable the master node to fast detect faults on non-directly connected links, link fault
notification mechanism is implemented. To enable the master node to detect the link recovery,
link recovery mechanism is required.
Compared with the polling mechanism, the link state change notification mechanism can
detect and handle ring network topology changes faster. The initiator of the mechanism is a
transit node. A transit node keeps monitoring the link status on its own ports. When the link
status on a port becomes Down, the node immediately sends a LINK-DOWN packet to the
master node to inform the change. Then, the master node determines how to handle the
change. When the link status on the port becomes Up again, the transit node does not need to
send any packet to the master node.
Path Status Detection Mechanism for Sub-Ring Protocol Packets

on the Major Ring
This mechanism applies to networks where multiple sub-rings are intersecting with the major
ring to prevent loops among sub-rings after secondary ports are unblocked.
When the common link between the major ring and sub-ring is faulty and more than one noncommon link is faulty, the master node on each sub-ring blocks its secondary port because it
cannot receive any Hello packet on the secondary port. In this case, broadcast loops may
occur between sub-rings. To prevent loops, the path status detection mechanism for sub-ring
protocol packets on the major ring is introduced. The edge node on a sub-ring periodically
sends EDGE-HELLO packets to the two RRPP ports on the major ring. If the assistant edge
node receives the EDGE-HELLO packets within the specified period, the protocol packet path
is normal; if the assistant edge node receives no EDGE-HELLO packet within the specified
period, the path is disconnected. The assistant edge node then sends a MAJOR-FAULT packet
to the edge node. After receiving the MAJOR-FAULT packet, the edge node blocks its edge
port.
In this way, the edge node works with the assistant edge node and blocks the edge port before
the secondary port of the master node on the sub-ring is unblocked to avoid data loops among
sub-rings.
RRPP Multi-Instance
On a common RRPP network, a physical ring contains only one RRPP domain and a physical
ring has only one master node. When the master node is in Complete state, the master node
blocks the secondary port, prohibiting all user packets from passing through. Then all user
packets are transmitted on the RRPP ring along one path. As a result, the link at the secondary
port side of the master node becomes idle, wasting bandwidth.
RRPP multi-instance is implemented by domain, allowing one physical ring to have multiple
RRPP domains configured. In a domain, all ports, node roles, and topologies comply with
RRPP rules. Therefore, a physical ring has multiple master nodes. Each master node
independently detects the completeness of the physical ring and blocks or unblocks its
secondary port accordingly. RRPP domains have different protected VLANs configured.
RRPP in a domain takes effect only for data from its protected VLANs. When the master node
in a domain blocks its secondary port, data from protected VLANs in other domains are not
affected. This implements link backup and traffic load balancing.
Issue 01 (2013-10-30)

Ltd.
143
S Series Switch
1 Overview
As shown in Figure 2.1, Instance 1 is created in Domain 1, and data of VLANs 100 to 200 is
mapped to Instance 1 and transmitted along the path Switch A->Switch C->Switch E. Master
2 (Switch C) serves as the master node in Domain 2. The secondary port on Master 2 is
blocked. Only data in VLANs 201 to 400 is prohibited and data in VLANs 100 to 200 can
pass through. Instance2 is created in Domain 2, and data in VLANs 201 to 400 is mapped to
Instance2 and transmitted along the path Switch B->Switch D->Switch E. Master 1 (Switch
D) serves as the master node in Domain 1. The secondary port on Master 1 is blocked. Only
data in VLANs 100 to 200 is prohibited and data in VLANs 201 to 400 can pass through.
Figure 2.1 RRPP multi-instance
Ring Group
In RRPP multi-instance, sub-rings are grouped to reduce the number of received and sent
EDGE-HELLO packets and to improve system performance.
In the path status detection mechanism for sub-ring protocol packets on the major ring, the
edge node on a sub-ring periodically sends EDGE-HELLO packets to the two RRPP ports on
the major ring to detect the completeness of the path for sub-ring protocol packets.
As shown in Figure 2.2, the edge nodes on multiple sub-rings (sub-ring 2 and sub-ring 3 in
Domain 1; sub-ring 2 and sub-ring 3 in Domain 2) are the same device, and the assistant edge
nodes on the sub-rings are also the same device. In addition, the edge nodes and assistant edge
nodes connect to the major ring in the same link. The EDGE-HELLO packets from edge
nodes on the sub-rings arrive at assistant edge nodes along the same path. In this case, the
sub-rings with the same edge nodes and assistant edge nodes can be added to a ring group. A
sub-ring in the ring group is selected to send EDGE-HELLO packets to detect the path for
sub-ring protocol packets on the major ring. This reduces the number of received and sent
EDGE-HELLO packets and improves system performance.
Issue 01 (2013-10-30)

Ltd.
144
S Series Switch
1 Overview
Figure 2.2 Ring group in RRPP multi-instance

4.2.1 Scenario 1: Configuring Single RRPP Ring with
a Single Instance
As shown in Figure 1.1, SwitchA, SwitchB, SwitchC, and SwitchD constitute a ring network.
The network is required to prevent loops when the ring is complete and implement fast
convergence to rapidly restore communication between nodes on the ring when the ring fails.
You can enable RRPP on SwitchA, SwitchB, SwitchC, and SwitchD to meet this requirement.
Issue 01 (2013-10-30)

Ltd.
145
S Series Switch
1 Overview
Figure 1.1 Single RRPP ring

1.
Configure ports to be added to the RRPP ring on the switches so that VLAN data can
pass through the ports. Disable protocols that conflict with RRPP, such as STP.
2.
Create an RRPP domain and its control VLAN.
3.
Map VLANs that are allowed on the RRPP ring to instance 1, including data VLANs 100
to 300 and control VLANs 20 and 21.
4.
In the RRPP domain, configure a protected VLAN, create an RRPP ring, and configure
SwitchA, SwitchB, SwitchC, and SwitchD as nodes on ring 1 in domain 1. Configure
SwitchA as the master node on ring 1, and configure other switches as transit nodes.
5.
Enable the RRPP ring and RRPP protocol on the switches to make RRPP take effect.

Step 1 Create an RRPP domain and its control VLAN.
# Create RRPP domain 1 on SwitchA (the master node on ring 1) and configure VLAN
20 as the major control VLAN.
<SwitchA>system-view
[SwichA] rrpp domain 1
[SwichA-rrpp-domain-region1] control-vlan 20
[SwichA-rrpp-domain-region1] quit
# The configurations on SwitchB, SwitchC, and SwitchD are similar to that on SwitchA
and not provided here. For details, see the configuration files.
Step 2 Map instance 1 to control VLAN 20 and VLAN 21, and data VLANs 100 to 300. The process
to create the VLANs is not provided here.
Issue 01 (2013-10-30)

Ltd.
146
S Series Switch
1 Overview
[SwichA] stp region-configuration

[SwitchA-mst-region] instance 1 vlan 20 21 100 to 300
Step 3 Configure the ports to be added to the RRPP ring as trunk ports, allow data VLANs 100 to
300 to pass through the ports, and disable STP on the ports.
[SwitchA-GigabitEthernet1/0/1] stp disable
Step 4 Specify a protected VLAN, and create and enable an RRPP ring.
# Configure the protected VLAN on SwitchA, configure SwitchA as the master node on
ring 1, and specify the primary and secondary ports.
[SwitchA] rrpp domain 1
[SwitchA-rrpp-domain-region1] protected-vlan reference-instance 1
[SwitchA-rrpp-domain-region1] ring 1 node-mode master primary-port
gigabitethernet 1/0/1 secondary-port gigabitethernet 1/0/2 level 0
[SwitchA-rrpp-domain-region1] ring 1 enable
[SwitchA-rrpp-domain-region1] quit
# Configure the protected VLAN on SwitchB, configure SwitchB as a transit node on

ring 1, and specify the primary and secondary ports.
[SwitchB] rrpp domain 1
[SwitchB-rrpp-domain-region1] protected-vlan reference-instance 1
[SwitchB-rrpp-domain-region1] ring 1 node-mode transit primary-port
[SwitchB-rrpp-domain-region1] ring 1 enable
[SwitchB-rrpp-domain-region1] quit
# The configurations on SwitchC and SwitchD are similar to that on SwitchB and not
provided here. For details, see the configuration files.
Step 5 Enable RRPP.
After the RRPP ring configuration is complete, enable RRPP on each node of the ring to
activate the RRPP ring. The configuration procedure is as follows:
# Enable RRPP on SwitchA.
[SwitchA] rrpp enable
# Enable RRPP on SwitchB.

[SwitchB] rrpp enable
# Enable RRPP on SwitchC.

Issue 01 (2013-10-30)

Ltd.
147
S Series Switch
1 Overview
[SwitchC] rrpp enable
# Enable RRPP on SwitchD.

[SwitchD] rrpp enable

After the preceding configurations are complete and the network becomes stable, run the
following commands to verify the configuration. Switch A is used as an example.
Run the display rrpp brief command on SwitchA. The command output is as
follows:
<SwitchA> display rrpp brief
Domain Index : 1
Control VLAN : major 20
sub 21
Hello Timer
sec)
Ring
Ring
Is
ID
Level
Enabled
Fail Timer : 6 sec(default is 6
Node
Primary/Common
Secondary/Edge
Mode
Port
Port
------------------------------------------------------------------------------1
0
M
Yes
The command output shows that RRPP is enabled on SwitchA, the major control
VLAN of domain 1 is VLAN 20 and the sub-control VLAN is VLAN 21, and
SwitchA is the master node on ring 1. The primary port is GigabitEthernet1/0/1 and
the secondary port is GigabitEthernet1/0/2.
Run the display rrpp verbose domain command on SwitchA. The command output
is as follows:
# Check detailed information about SwitchA in domain 1.
<SwitchA> display rrpp verbose domain 1
Domain Index
: 1
Control VLAN
: major 20
sub 21
Hello Timer
sec)
RRPP Ring
Ring Level
Node Mode
Ring State
Is Enabled
Issue 01 (2013-10-30)
:
:
:
:
:
1
0
Master
Complete
Enable

Ltd.
Is Active : Yes
148
S Series Switch
1 Overview
Primary port
: GigabitEthernet1/0/1
Secondary port : GigabitEthernet1/0/2
Port status: UP
The command output shows that the RRPP ring is complete.
Configuration Files

#
sysname SwitchA
#
vlan batch 20 to 21 100 to 300
#
rrpp enable
#
instance 1 vlan 20 to 21 100 to 300
#
rrpp domain 1
control-vlan 20
ring 1 node-mode master primary-port GigabitEthernet1/0/1 secondary-port
GigabitEthernet1/0/2 level 0
ring 1 enable
#
port trunk allow-pass vlan 20 to 21 100 to 300
stp disable
#
stp disable
#

#
sysname SwitchB
#
#
rrpp enable
#
#
rrpp domain 1
control-vlan 20
ring 1 node-mode transit primary-port GigabitEthernet1/0/1 secondary-port
Issue 01 (2013-10-30)

Ltd.
149
S Series Switch
1 Overview
ring 1 enable
#
stp disable
#
stp disable
#

#
sysname SwitchC
#
#
rrpp enable
#
#
rrpp domain 1
control-vlan 20
ring 1 enable
#
stp disable
#
stp disable
#

#
sysname SwitchD
#
#
rrpp enable
#
Issue 01 (2013-10-30)

Ltd.
150
S Series Switch
1 Overview

#
rrpp domain 1
control-vlan 20
ring 1 enable
#
stp disable
#
stp disable
#
4.2.2 Scenario 2: Configuring Intersecting RRPP

Rings with a Single Instance
A metro Ethernet network uses a two-layer structure: one is the aggregation layer between
aggregation switches PE-AGGs and the other is the access layer between PE-AGGs and
UPEs.
Figure 1.1 Intersecting RRPP rings with a single instance
As shown in Figure 1.1, the network is required to prevent loops when the ring is complete
and implement fast convergence to rapidly restore communication between nodes on the ring
Issue 01 (2013-10-30)

Ltd.
151
S Series Switch
1 Overview
when the ring fails. RRPP can meet this requirement. RRPP supports multiple rings. In this
example, configure the aggregation layer as the major ring and the access layer as the subring, which simplifies the network configuration.
Figure 1.2 is the simplified networking diagram of Figure 1.1. SwitchB, SwitchA, SwitchD,
and SwitchC map PE-AGG1, PE-AGG2, PE-AGG3, and UPE1 respectively. Figure 1.2 is
used as an example to describe how to configure intersecting RRPP rings with a single
instance.
Figure 1.2 Intersecting RRPP rings with a single instance

1.
Create an RRPP domain and its control VLAN.
2.
Map the VLANs that need to pass through the RRPP ring to instance 1, including data
VLANs 2 to 9 and control VLANs 10 and 11 (VLAN 11 is the sub-control VLAN
generated by the switch).
3.
Configure the switches to work in RRPP mode defined by Huawei.
4.
5.
Configure a protected VLAN and create an RRPP ring in the RRPP domain.
6.
Configure ring 1 (major ring) in domain 1 on SwitchA, SwitchB, and SwitchD.
Configure ring 2 (sub-ring) in domain 1 on SwitchA, SwitchC, and SwitchD.
Configure SwitchB as the master node on the major ring and configure SwitchA and
SwitchD as transit nodes on the major ring.
Configure SwitchC as the master node on the sub-ring, configure SwitchA as the
edge node on the sub-ring, and configure SwitchD as the assistant edge node on the
sub-ring.
VLANs that are not mentioned in this example are considered nonexistent. However, switch ports join
VLAN 1 by default. You need to remove corresponding ports from VLAN 1.

Step 1 Configure SwitchB as the master node on the major ring.
Issue 01 (2013-10-30)

Ltd.
152
S Series Switch
1 Overview
# Create data VLANs 2 to 9 on SwitchB.

[Switch] sysname SwitchB
[SwitchB] vlan batch 2 to 9
# Configure instance 1, and map it to the data VLANs and control VLANs allowed by
the RRPP ports.
[SwitchB-mst-region] quit
# Configure domain 1 on SwitchB. Then configure VLAN 10 as the major control

VLAN and bind instance 1 to the protected VLAN in domain 1.
[SwitchB-rrpp-domain-region1] control-vlan 10
[SwitchB-rrpp-domain-region1] protected-vlan reference-instance 1
# Configure the ports to be added to the RRPP ring as trunk ports, allow VLANs 2 to 9 to
pass through the ports, and disable STP on the ports.
# Configure the primary and secondary ports on the master node of the major ring.
[SwitchB-rrpp-domain-region1] ring 1 node-mode master primary-port
[SwitchB-rrpp-domain-region1] ring 1 enable
Step 2 Configure SwitchC as the master node on the sub-ring.

# Create data VLANs 2 to 9 on SwitchC.
[Switch] sysname SwitchC
[SwitchC] vlan batch 2 to 9
the RRPP ports.
[SwitchC] stp region-configuration
[SwitchC-mst-region] active region-configuration
[SwitchC-mst-region] quit
# Configure domain 1 on SwitchC. Then configure VLAN 10 as the major control

[SwitchC] rrpp domain 1
[SwitchC-rrpp-domain-region1] control-vlan 10
Issue 01 (2013-10-30)

Ltd.
153
S Series Switch
1 Overview
[SwitchC-rrpp-domain-region1] protected-vlan reference-instance 1

[SwitchC-rrpp-domain-region1] quit
# Configure the primary and secondary ports on the master node of the sub-ring.
[SwitchC] rrpp domain 1
[SwitchC-rrpp-domain-region1] ring 2 node-mode master primary-port
[SwitchC-rrpp-domain-region1] ring 2 enable
[SwitchC-rrpp-domain-region1] quit
Step 3 Configure SwitchA as the transit node on the major ring and the edge node on the sub-ring.
# Create data VLANs 2 to 9 on SwitchA.
[Switch] sysname SwitchA
the RRPP ports.
# Configure domain 1 on SwitchA. Then configure VLAN 10 as the major control

[SwitchA-rrpp-domain-region1] control-vlan 10
[SwitchA-rrpp-domain-region1] protected-vlan reference-instance 1
Issue 01 (2013-10-30)

Ltd.
154
S Series Switch
1 Overview
[SwitchA-GigabitEthernet1/0/3]

stp disable
quit
# Configure the primary and secondary ports on the transit node of the major ring.
[SwitchA-rrpp-domain-region1] ring 1 node-mode transit primary-port
# Configure the common and edge ports of the edge node on the sub-ring.
[SwitchA-rrpp-domain-region1] ring 2 node-mode edge common-port
gigabitethernet 1/0/2 edge-port gigabitethernet 1/0/3
Step 4 Configure SwitchD as the transit node on the major ring and the assistant edge node on the
sub-ring.
# Create data VLANs 2 to 9 on SwitchD.
[Switch] sysname SwitchD
[SwitchD] vlan batch 2 to 9
the RRPP ports.
[SwitchD] stp region-configuration
[SwitchD-mst-region] active region-configuration
[SwitchD-mst-region] quit
# Configure domain 1 on SwitchD. Then configure VLAN 10 as the major control

[SwitchD] rrpp domain 1
[SwitchD-rrpp-domain-region1] control-vlan 10
[SwitchD-rrpp-domain-region1] protected-vlan reference-instance 1
[SwitchD-rrpp-domain-region1] quit
Issue 01 (2013-10-30)

Ltd.
155
S Series Switch
1 Overview
# Configure the primary and secondary ports on the transit node of the major ring.
[SwitchD-rrpp-domain-region1] ring 1 node-mode transit primary-port
[SwitchD-rrpp-domain-region1] ring 1 enable
# Configure the common and edge ports on the assistant edge node of the sub-ring.
[SwitchD-rrpp-domain-region1] ring 2 node-mode assistant-edge common-port
[SwitchD-rrpp-domain-region1] ring 2 enable
Step 5 Enable RRPP.

activate the RRPP ring.
# Enable RRPP on SwitchA.
[SwitchA] rrpp enable
following commands to verify the configuration.
Run the display rrpp brief command on SwitchB. The command output is as
follows:
<SwitchB> display rrpp brief
Domain Index : 1
sub 11
Hello Timer
sec)
Ring
Ring
Is
ID
Level
Enabled
Node
Primary/Common
Secondary/Edge
Mode
Port
Port
--------------------------------------------------------------------------1
0
M
Yes
Issue 01 (2013-10-30)

Ltd.
156
S Series Switch
1 Overview
The command output shows that RRPP is enabled on SwitchB, the major control
VLAN is VLAN 10 and the sub-control VLAN is VLAN 11, and SwitchB is the
master node on the major ring, with GE2/0/1 as the primary port and GE2/0/2 as the
secondary port.
Run the display rrpp verbose domain command on SwitchB. The command output
is as follows:
<SwitchB> display rrpp verbose domain 1
Domain Index
: 1
Control VLAN
: major 10
sub 11
Hello Timer
sec)
RRPP Ring
Ring Level
Node Mode
Ring State
Is Enabled
Primary port
Secondary port
:
:
:
:
:
:
:
1
0
Master
Complete
Enable
Is Active : Yes
Port status: UP
The command output shows that the ring is in Complete state, and the secondary port
on the master node is blocked.
Run the display rrpp brief command on SwitchC. The command output is as
follows:
<SwitchC> display rrpp brief
Domain Index : 1
sub 11
Hello Timer
: 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6
sec)
Ring
Ring
Is
ID
Level
Enabled
Node
Primary/Common
Secondary/Edge
Mode
Port
Port
------------------------------------------------------------------------------2
1
M
Yes
The command output shows that RRPP is enabled on SwitchC, the major control
VLAN is VLAN 10 and the sub-control VLAN is VLAN 11, and SwitchC is the
master node on the sub-ring, with GE1/0/1 as the primary port and GE1/0/2 as the
secondary port.
Issue 01 (2013-10-30)
Run the display rrpp verbose domain command on SwitchC. The command output
is as follows:
Ltd.
157
S Series Switch
1 Overview
<SwitchC> display rrpp verbose domain 1

Domain Index : 1
sub 11
Hello Timer
sec)
RRPP Ring
: 2
Ring Level
: 1
Node Mode
: Master
Ring State
: Complete
Is Enabled
: Enable
Primary port
: GigabitEthernet2/0/1
Secondary port : GigabitEthernet2/0/2
Is Active : Yes
Port status: UP
The command output shows that the sub-ring is in Complete state, and the secondary
port of the master node on the sub-ring is blocked.
Run the display rrpp brief command on SwitchA. The command output is as
follows:
<SwitchA> display rrpp brief
Domain Index : 1
sub 11
Hello Timer
sec)
Ring
Ring
Is
ID
Level
Enabled
Node
Primary/Common
Secondary/Edge
Mode
Port
Port
------------------------------------------------------------------------------1
0
T
Yes
2
1
E
Yes
The command output shows that RRPP is enabled on SwitchA, the major control
VLAN is VLAN 10 and the sub-control VLAN is VLAN 11, and SwitchA is the
transit node on the major ring 1, with GE1/0/2 as the primary port and GE1/0/1 as the
secondary port. SwitchA is also the edge node on sub-ring 2, with GE1/0/2 as the
common port and GE1/0/3 as the edge port.
Run the display rrpp verbose domain command on SwitchA. The command output
is as follows:
<SwitchA> display rrpp verbose domain 1
Domain Index : 1
Issue 01 (2013-10-30)

Ltd.
158
S Series Switch
1 Overview

sub 11
Hello Timer
sec)
RRPP Ring
:
Ring Level
:
Node Mode
:
Ring State
:
Is Enabled
:
Primary port :
Secondary port:
1
0
Transit
Linkup
Enable
Is Active : Yes
Port status: UP
Port status: UP
RRPP Ring
Ring Level
Node Mode
Ring State
Is Enabled
Common port
Edge port
2
1
Edge
Linkup
Enable
Is Active : Yes
Port status: UP
Port status: UP
:
:
:
:
:
:
:
Run the display rrpp brief command on SwitchD. The command output is as
follows:
<SwitchD> display rrpp brief
Domain Index : 1
sub 11
Hello Timer
sec)
Ring
Ring
Is
ID
Level
Enabled
Node
Primary/Common
Secondary/Edge
Mode
Port
Port
------------------------------------------------------------------------------1
0
T
Yes
2
1
A
Yes
The command output shows that RRPP is enabled on SwitchD, the major control
VLAN is VLAN 10 and the sub-control VLAN is VLAN 11, and SwitchD is the
transit node on the major ring 1, with GE1/0/2 as the primary port and GE1/0/1 as the
secondary port. SwitchD is also the assistant edge node on sub-ring 2, with GE1/0/2
as the common port and GE1/0/3 as the edge port.
Issue 01 (2013-10-30)

Ltd.
159
S Series Switch
1 Overview
Run the display rrpp verbose domain command on SwitchD. The command output
is as follows:
<SwitchD> display rrpp verbose domain 1
Domain Index : 1
sub 11
Hello Timer
sec)
RRPP Ring
:
Ring Level
:
Node Mode
:
Ring State
:
Is Enabled
:
Primary port :
Secondary port:
1
0
Transit
Linkup
Enable
RRPP Ring
Ring Level
Node Mode
: 2
: 1
: Assistant-edge
Ring State
Is Enabled
Common port
Edge port
:
:
:
:
Linkup
Enable
Is Active : Yes
Port status: UP
Port status: UP
Is Active : Yes
Port status: UP
Port status: UP
Configuration Files

#
sysname SwitchA
#
vlan batch 2 to 11
#
rrpp enable
#
#
rrpp domain 1
control-vlan 10
ring 1 enable
ring 2 node-mode edge common-port GigabitEthernet1/0/2 edge-port
ring 2 enable
#
stp disable
#
Issue 01 (2013-10-30)

Ltd.
160
S Series Switch
1 Overview
undo port trunk allow-pass vlan
port trunk allow-pass vlan 2 to
stp disable
#
undo port trunk allow-pass vlan
port trunk allow-pass vlan 2 to
stp disable
#
return
1
11
1
9 11

#
sysname SwitchB
#
vlan batch 2 to 11
#
rrpp enable
#
#
rrpp domain 1
control-vlan 10
ring 1 enable
#
stp disable
#
stp disable
#
return

#
sysname SwitchC
#
vlan batch 2 to 11
#
rrpp enable
#
Issue 01 (2013-10-30)

Ltd.
161
S Series Switch
1 Overview
#
rrpp domain 1
control-vlan 10
ring 2 enable
#
stp disable
#
stp disable
#
return

#
sysname SwitchD
#
vlan batch 2 to 11
#
rrpp enable
#
#
rrpp domain 1
control-vlan 10
ring 1 enable
ring 2 node-mode assistant-edge common-port GigabitEthernet1/0/2 edge-port
ring 2 enable
#
stp disable
#
Issue 01 (2013-10-30)

Ltd.
162
S Series Switch
1 Overview
stp disable
#
stp disable
#
return
4.2.3 Scenario 3: Configuring Intersecting RRPP

Rings with Multiple Instances
As shown in Figure 1.1, idle links on the ring network are required to forward data. In this
way, data in different VLANs are forwarded along different paths, improving network usage
efficiency and implementing load balancing. All the switches on the network are Huawei
devices; therefore, the RRPP version defined by Huawei is used.
Issue 01 (2013-10-30)

Ltd.
163
S Series Switch
1 Overview
Figure 1.1 Intersecting RRPP rings with multiple instances
Table 1.1 lists the mappings between protected VLANs and instances in Domain 1 and
Domain 2.
Table 1.1 Mappings between protected VLANs and instances.
Domain
ID
Control VLAN
Data VLAN
Instance
Domain 1
VLAN 5 and VLAN 6
VLANs 100 to 200
Instance 1
Domain 2
VLAN 10 and VLAN 11
VLANs 201 to 300
Instance 2
Table 1.2 lists the master node on each ring, and the primary and secondary ports on each
master node.
Issue 01 (2013-10-30)

Ltd.
164
S Series Switch
1 Overview
Table 1.2 Master node and its primary and secondary ports
Ring ID
Master
Node
Primary
Port
Secondary
Port
Ring Type
Ring 1 in
Domain 1
PE-AGG
GE1/0/0
GE2/0/0
Major ring
Ring 1 in
Domain 2
PE-AGG
GE2/0/0
GE1/0/0
Major ring
Ring 2 in
Domain 1
CE1
GE1/0/0
GE2/0/0
Sub-ring
Ring 2 in
Domain 2
CE1
GE2/0/0
GE1/0/0
Sub-ring
Ring 3 in
Domain 1
CE2
GE1/0/0
GE2/0/0
Sub-ring
Ring 3 in
Domain 2
CE2
GE2/0/0
GE1/0/0
Sub-ring
Table 1.3 lists the edge nodes, assistant edge nodes, common and edge ports of the sub-rings.
Table 1.3 Edge nodes, assistant edge nodes, common port, and edge ports of the sub-rings
Ring ID
Edge
Node
Commo
n Port
Edge
Port
EdgeAssistant
Node
Commo
n Port
Edge
Port
Ring 2 in
Domain 1
UPE B
GE1/0/0
GE3/0/0
UPE C
GE2/0/0
GE3/0/0
Ring 3 in
Domain 1
UPE B
GE1/0/0
GE3/0/1
UPE C
GE2/0/0
GE3/0/1
Ring 2 in
Domain 2
UPE B
GE1/0/0
GE3/0/0
UPE C
GE2/0/0
GE3/0/0
Ring 3 in
Domain 2
UPE B
GE1/0/0
GE3/0/1
UPE C
GE2/0/0
GE3/0/1

1.
Create different RRPP domains and control VLANs.
2.
Map the VLANs that need to pass through Domain 1 to instance 1, including data
VLANs and control VLANs.
3.
Map the VLANs that need to pass through Domain 2 to instance 2, including data
VLANs and control VLANs.
4.
Issue 01 (2013-10-30)

Ltd.
165
S Series Switch
1 Overview
5.
Configure the switches to work in RRPP mode defined by Huawei.
6.
Configure protected VLANs and create RRPP rings in RRPP domains.
Add UPEA, UPEB, UPEC, UPED, and PE-AGG to ring 1 in Domain 1 and ring 1 in
Domain 2.
Add CE 1, UPEB, and UPEC to ring 2 in Domain 1 and ring 2 in Domain 2.
Add CE 2, UPEB, and UPEC to ring 3 in Domain 1 and ring 3 in Domain 2.
Configure PE-AGG as the master node and configure UPEA, UPEB, UPEC, and
UPED as transit nodes on ring 1 in Domain 1 and ring 1 in Domain 2.
Configure CE 1 as the master node, UPEB as an edge node, and UPEC as an assistant
edge node on ring 2 in Domain 1 and ring 2 in Domain 2.
Configure CE 2 as the master node, UPEB as an edge node, and UPEC as an assistant
edge node on ring 3 in Domain 1 and ring 3 in Domain 2.
7.
To prevent topology flapping, set the LinkUp timer on the master nodes.
8.
To reduce the number of EDGE-HELLO packets sent on the major ring and increase
available bandwidth, add the four sub-rings to a ring group.
9.
VLANs that are not mentioned in this example are considered nonexistent. However, switch ports join
VLAN 1 by default. You need to remove corresponding ports from VLAN 1.

Step 1 Create instances.
# Create data VLANs 100 to 300 on CE 1.
[Switch] sysname CE1
[CE1] vlan batch 100 to 300
# Create instance 1, and map the control VLANs 5 and 6, and data VLANs 100 to 200 in
Domain 1 to instance 1.
[CE1] stp region-configuration
[CE1-mst-region] instance 1 vlan 5 6 100 to 200
# Create instance 2, and map the control VLANs 10 and 11 and data VLANs 201 to 300
in Domain 2 to instance 2.
[CE1-mst-region] instance 2 vlan 10 11 201 to 300
# Activate the configuration.

[CE1-mst-region] active region-configuration
[CE1-mst-region] quit
# The configurations on CE 2, UPEA, UPEB, UPEC, UPED, and PE-AGG are similar to
that on CE 1 and not provided here. For details, see the configuration files.
Step 2 Configure the ports to be added to the RRPP rings.
# Configure the RRPP ports as trunk ports to allow data from VLANs 100 to 300 to pass
through and disable STP on the ports to be added to the RRPP rings.
[CE1] interface gigabitethernet 1/0/0
[CE1-GigabitEthernet1/0/0] port link-type trunk
[CE1-GigabitEthernet1/0/0] port trunk allow-pass vlan 100 to 300
[CE1-GigabitEthernet1/0/0] stp disable
[CE1-GigabitEthernet1/0/0] quit
Issue 01 (2013-10-30)

Ltd.
166
S Series Switch
1 Overview
[CE1] interface gigabitethernet 2/0/0

[CE1-GigabitEthernet2/0/0] port link-type trunk
[CE1-GigabitEthernet2/0/0] port trunk allow-pass vlan 100 to 300
[CE1-GigabitEthernet2/0/0] stp disable
[CE1-GigabitEthernet2/0/0] quit
Step 3 Create RRPP domains and configure protected VLANs and control VLANs.
# Configure the VLANs mapped to instance 1 as the protected VLANs in Domain 1, and
VLAN 5 as the control VLAN.
[CE1] rrpp domain 1
[CE1-rrpp-domain-region1] protected-vlan reference-instance 1
[CE1-rrpp-domain-region1] control-vlan 5
[CE1-rrpp-domain-region1] quit
# Configure the VLANs mapped to instance 2 as the protected VLANs in Domain 2, and
VLAN 10 as the control VLAN.
[CE1] rrpp domain 2
[CE1-rrpp-domain-region2] protected-vlan reference-instance 2
[CE1-rrpp-domain-region2] control-vlan 10
Step 4 Create RRPP rings.
# Configure PE-AGG as the master node on ring 1 in Domain 1, with GE1/0/0 as the
primary port and GE2/0/0 as the secondary port.
[PE-AGG] rrpp domain 1
[PE-AGG-rrpp-domain-region1] ring 1 node-mode master primary-port
[PE-AGG-rrpp-domain-region1] ring 1 enable
[PE-AGG-rrpp-domain-region1] quit
# Configure PE-AGG as the master node on ring 1 in Domain 2, with GE2/0/0 as the
primary port and GE1/0/0 as the secondary port.
[PE-AGG] rrpp domain 2
[PE-AGG-rrpp-domain-region2] ring 1 node-mode master primary-port
[PE-AGG-rrpp-domain-region2] ring 1 enable
[PE-AGG-rrpp-domain-region2] quit
# Configure UPEA as a transit node on ring 1 in Domain 1 and specify its primary and
secondary ports.
[UPEA] rrpp domain 1
[UPEA-rrpp-domain-region1] ring 1 node-mode transit primary-port
[UPEA-rrpp-domain-region1] ring 1 enable
[UPEA-rrpp-domain-region1] quit
# Configure UPEA as a transit node on ring 1 in Domain 2 and specify its primary and
secondary ports.
[UPEA] rrpp domain 2
[UPEA-rrpp-domain-region2] ring 1 node-mode transit primary-port
Issue 01 (2013-10-30)

Ltd.
167
S Series Switch
1 Overview
[UPEA-rrpp-domain-region2] ring 1 enable

[UPEA-rrpp-domain-region2] quit
# Configure UPED as a transit node on ring 1 in Domain 1 and specify its primary and
secondary ports.
[UPED] rrpp domain 1
[UPED-rrpp-domain-region1] ring 1 node-mode transit primary-port
[UPED-rrpp-domain-region1] ring 1 enable
[UPED-rrpp-domain-region1] quit
# Configure UPED as a transit node on ring 1 in Domain 2 and specify its primary and
secondary ports.
[UPED] rrpp domain 2
[UPED-rrpp-domain-region2] ring 1 node-mode transit primary-port
[UPED-rrpp-domain-region2] ring 1 enable
[UPED-rrpp-domain-region2] quit
# Configure UPEB as a transit node on ring 1 in Domain 1 and specify its primary and
secondary ports.
[UPEB] rrpp domain 1
[UPEB-rrpp-domain-region1] ring 1 node-mode transit primary-port
[UPEB-rrpp-domain-region1] ring 1 enable
[UPEB-rrpp-domain-region1] quit
# Configure UPEB as a transit node on ring 1 in Domain 2 and specify its primary and
secondary ports.
[UPEB-rrpp-domain-region2] ring 1 node-mode transit primary-port
# Configure UPEB as an edge node on ring 2 in Domain 1, with GE1/0/0 as the common
port and GE3/0/0 as the edge port.
[UPEB-rrpp-domain-region1] ring 2 node-mode edge common-port gigabitethernet
1/0/0 edge-port gigabitethernet 3/0/0
Issue 01 (2013-10-30)

Ltd.
168
S Series Switch
1 Overview
# Configure UPEC as a transit node on ring 1 in Domain 1 and specify its primary and
secondary ports.
[UPEC] rrpp domain 1
[UPEC-rrpp-domain-region1] ring 1 node-mode transit primary-port
[UPEC-rrpp-domain-region1] ring 1 enable
[UPEC-rrpp-domain-region1] quit
# Configure UPEC as a transit node on ring 1 in Domain 2 and specify its primary and
secondary ports.
[UPEC-rrpp-domain-region2] ring 1 node-mode transit primary-port
# Configure UPEC as an assistant edge node on ring 2 in Domain 1, with GE2/0/0 as the
[UPEC-rrpp-domain-region1] ring 2 node-mode assistant-edge common-port
# Configure CE 1 as the master node on ring 2 in Domain 1, with GE1/0/0 as the primary
port and GE2/0/0 as the secondary port.
Issue 01 (2013-10-30)

Ltd.
169
S Series Switch
1 Overview
[CE1] rrpp domain 1

[CE1-rrpp-domain-region1] ring 2 node-mode master primary-port gigabitethernet
1/0/0 secondary-port gigabitethernet 2/0/0 level 1
[CE1-rrpp-domain-region1] ring 2 enable
[CE1] rrpp domain 2
[CE2] rrpp domain 1
[CE2] rrpp domain 2
Step 5 Enable RRPP.

activate the RRPP ring. The configuration procedure is as follows:
# Enable RRPP.
[CE1] rrpp enable
Step 6 Configure ring groups.
# Create ring group 1, which consists of four sub-rings: ring 2 in Domain 1, ring 3 in
Domain 1, ring 2 in Domain 2, and ring 3 in Domain 2.
[UPEC] rrpp ring-group 1
[UPEC-rrpp-ring-group1] domain 1 ring 2 to 3
[UPEC-rrpp-ring-group1] domain 2 ring 2 to 3
[UPEC-rrpp-ring-group1] quit
# Create ring group 1, which consists of four sub-rings: ring 2 in Domain 1, ring 3 in
Domain 1, ring 2 in Domain 2, and ring 3 in Domain 2.
[UPEB] rrpp ring-group 1
[UPEB-rrpp-ring-group1] domain 1 ring 2 to 3
[UPEB-rrpp-ring-group1] domain 2 ring 2 to 3
[UPEB-rrpp-ring-group1] quit
Step 7 Set the LinkUp timer.
Issue 01 (2013-10-30)

Ltd.
170
S Series Switch
1 Overview
# Set the LinkUp timer to 1 second.

[CE1] rrpp linkup-delay-timer 1

[CE2] rrpp linkup-delay-timer 1

[PE-AGG] rrpp linkup-delay-timer 1

following commands to verify the configuration. UPEB and PE-AGG are used as
examples.
Run the display rrpp brief command on UPEB. The command output is as follows:
[UPEB] display rrpp brief
Domain Index : 1
sub 6
Hello Timer
Ring
Ring
Node
Primary/Common
ID
Level
Mode
Port
Enabled

Secondary/Edge
Is
Port
------------------------------------------------------------------------------1
0
T
Yes
2
1
E
Yes
3
1
E
Yes
Domain Index :
Control VLAN :
Protected VLAN:
Hello Timer
:
Ring
Ring
ID
Level
Enabled
2
major 10
sub 11
Reference Instance 2
1 sec(default is 1 sec)
Node
Primary/Common
Mode
Port

Secondary/Edge
Is
Port
------------------------------------------------------------------------------1
0
T
Yes
2
1
E
Yes
3
1
E
Yes
The command output shows that RRPP is enabled on UPEB.
Issue 01 (2013-10-30)
In Domain 1:
Ltd.
171
S Series Switch
1 Overview
The major control VLAN is VLAN 5 and the protected VLANs are the VLANs mapped
to instance 1.
UPEB is a transit node on ring 1, with the primary port GE1/0/0 and secondary port
GE2/0/0.
UPEB is an edge node on ring 2, with the common port GE1/0/0 and edge port
GE3/0/0.
GE3/0/1.
In Domain 2:
The major control VLAN is VLAN 10 and the protected VLANs are the VLANs mapped
to instance 2.
1.
UPEB is a transit node on ring 1, with the primary port GE1/0/0 and secondary port
GE2/0/0.
GE3/0/0.
GE3/0/1.
Run the display rrpp brief command on PE-AGG. The command output is as follows:
[PE-AGG] display rrpp brief
Domain Index : 1
sub 6
Hello Timer
: 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
Ring
Ring
Node
Primary/Common
Secondary/Edge
Is
ID
Level
Mode
Port
Port
Enabled
-------------------------------------------------------------------------------1
0
M
Yes
Domain Index :
Control VLAN :
Protected VLAN:
Hello Timer
:
2
major 10
sub 11
Reference Instance 2
1 sec(default is 1 sec)
Ring
Ring
Node
Primary/Common
Secondary/Edge
Is
ID
Level
Mode
Port
Port
Enabled
-------------------------------------------------------------------------------1
0
M
Yes
The command output shows that RRPP is enabled on PE-AGG, and the LinkUp timer is 2
seconds.
Issue 01 (2013-10-30)

Ltd.
172
S Series Switch
1 Overview
In Domain 1, the major control VLAN is VLAN 5 and the protected VLANs are the VLANs
mapped to instance 1. PE-AGG is the master node on ring 1, with the primary port GE1/0/0
and secondary port GE2/0/0.
In Domain 2, the major control VLAN is VLAN 10, the protected VLANs are the VLANs
mapped to instance 2. PE-AGG is the master node on ring 1, with the primary port GE2/0/0
and secondary port GE1/0/0.
Run the display rrpp verbose domain command on UPEB. The command output is as
follows:
# Check detailed information about UPEB in Domain 1.
[UPEB] display rrpp verbose domain 1
Domain Index : 1
sub 6
Protected VLAN: Reference Instance 1
Hello Timer
RRPP Ring
:
Ring Level
:
Node Mode
:
Ring State
:
Is Enabled
:
Primary port :
Secondary port:
1
0
Transit
LinkUp
Enable
Is Active : Yes
Port status: UP
Port status: UP
RRPP Ring
:
Ring Level
:
Node Mode
:
Ring State
:
Is Enabled
:
Primary port :
Secondary port:
2
1
Edge
LinkUp
Enable
Is Active : Yes
Port status: UP
Port status: UP
RRPP Ring
:
Ring Level
:
Node Mode
:
Ring State
:
Is Enabled
:
Primary port :
Secondary port:
3
1
Edge
LinkUp
Enable
Is Active : Yes
Port status: UP
Port status: UP
The command output shows that the control VLAN in Domain 1 is VLAN 5, and the
protected VLANs are the VLANs mapping instance 1.
UPEB is a transit node on ring 1 in Domain 1 and is in LinkUp state.
UPEB is an edge node on ring 2 in Domain 1 and is in LinkUp state. GE1/0/0 is the common
port and GE3/0/0 is the edge port.
# Check detailed information about UPEB in Domain 2.
<UPEB> display rrpp verbose domain 2
Domain Index : 2
sub 11
Issue 01 (2013-10-30)

Ltd.
173
S Series Switch
1 Overview

Hello Timer
RRPP Ring
:
Ring Level
:
Node Mode
:
Ring State
:
Is Enabled
:
Primary port :
Secondary port:
1
0
Transit
LinkUp
Enable
Is Active : Yes
Port status: UP
Port status: UP
RRPP Ring
:
Ring Level
:
Node Mode
:
Ring State
:
Is Enabled
:
Primary port :
Secondary port:
2
1
Edge
LinkUp
Enable
Is Active : Yes
Port status: UP
Port status: UP
RRPP Ring
:
Ring Level
:
Node Mode
:
Ring State
:
Is Enabled
:
Primary port :
Secondary port:
3
1
Edge
LinkUp
Enable
Is Active : Yes
Port status: UP
Port status: UP
UPEB is a transit node on ring 1 in Domain 2 and is in LinkUp state.
Run the display rrpp verbose domain command on PE-AGG. The command output is as
follows:
# Check detailed information about PE-AGG in Domain 1.
[PE-AGG] display rrpp verbose domain 1
Domain Index : 1
sub 6
Hello Timer
RRPP Ring
:
Ring Level
:
Node Mode
:
Ring State
:
Is Enabled
:
Primary port :
Secondary port:
Issue 01 (2013-10-30)
1
0
Master
Complete
Enable
Is Active : Yes
Port status: UP

Ltd.
174
S Series Switch
1 Overview
PE-AGG is the master node in Domain 1 and is in Complete state.
GE1/0/0 is the primary port and GE2/0/0 is the secondary port.
# Check detailed information about PE-AGG in Domain 2.
[PE-AGG] display rrpp verbose domain 2
Domain Index : 2
sub 11
Hello Timer
RRPP Ring
:
Ring Level
:
Node Mode
:
Ring State
:
Is Enabled
:
Primary port :
Secondary port:
1
0
Master
Complete
Enable
Is Active : Yes
Port status: UP
PE-AGG is the master node in Domain 2 and is in Complete state.
GE2/0/0 is the primary port and GE1/0/0 is the secondary port.
Run the display rrpp ring-group command on UPEB to check the configuration of the ring
group.
# Check the configuration of ring group 1.
[UPEB] display
Ring Group 1:
domain 1 ring
domain 2 ring
domain 1 ring
rrpp ring-group 1
2 to 3
2 to 3
2 send Edge-Hello packet
Configuration Files
Configuration file of CE 1
#
sysname CE1
#
vlan batch 5 to 6 10 to 11 100 to 300
#
rrpp enable
rrpp linkup-delay-timer 1
#
#
rrpp domain 1
control-vlan 5
Issue 01 (2013-10-30)

Ltd.
175
S Series Switch
1 Overview
ring 2 enable
rrpp domain 2
control-vlan 10
ring 2 enable
#
port trunk allow-pass vlan 6 11 100 to 300
stp disable
#
stp disable
#
return
Configuration file of CE 2
#
sysname CE2
#
#
rrpp enable
#
#
rrpp domain 1
control-vlan 5
ring 3 enable
rrpp domain 2
control-vlan 10
ring 3 enable
#
Issue 01 (2013-10-30)

Ltd.
176
S Series Switch
1 Overview
stp disable
#
stp disable
#
return
Configuration file of UPEA

#
sysname UPEA
#
#
rrpp enable
#
#
rrpp domain 1
control-vlan 5
ring 1 enable
rrpp domain 2
control-vlan 10
ring 1 enable
#
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
stp disable
#
return
Configuration file of UPEB

#
sysname UPEB
#
#
Issue 01 (2013-10-30)

Ltd.
177
S Series Switch
1 Overview
rrpp enable
#
#
rrpp domain 1
control-vlan 5
ring 1 enable
ring 2 enable
ring 3 enable
rrpp domain 2
control-vlan 10
ring 1 enable
ring 2 enable
ring 3 enable
#
rrpp ring-group 1
domain 1 ring 2 to 3
#
stp disable
#
stp disable
#
stp disable
#
Issue 01 (2013-10-30)

Ltd.
178
S Series Switch
1 Overview

stp disable
#
return
Configuration file of UPEC

#
sysname UPEC
#
#
rrpp enable
#
#
rrpp domain 1
control-vlan 5
ring 1 enable
ring 2 enable
ring 3 enable
rrpp domain 2
control-vlan 10
ring 1 enable
ring 2 enable
ring 3 enable
#
rrpp ring-group 1
#
stp disable
#
Issue 01 (2013-10-30)

Ltd.
179
S Series Switch
1 Overview

stp disable
#
stp disable
#
stp disable
#
return
Configuration file of the UPED

#
sysname UPED
#
#
rrpp enable
#
#
rrpp domain 1
control-vlan 5
ring 1 enable
rrpp domain 2
control-vlan 10
ring 1 enable
#
stp disable
#
stp disable
Issue 01 (2013-10-30)

Ltd.
180
S Series Switch
1 Overview
#
return
Configuration file of PE-AGG

#
sysname PE-AGG
#
#
rrpp enable
#
#
rrpp domain 1
control-vlan 5
ring 1 node-mode master primary-port
ring 1 enable
rrpp domain 2
control-vlan 10
ring 1 node-mode master primary-port
ring 1 enable
#
stp disable
#
stp disable
#
return
GigabitEthernet1/0/0 secondary-port
GigabitEthernet2/0/0 secondary-port
to 11 100 to 300
to 11 100 to 300

4.2.4.1 Check that All Switches on the RRPP Ring Have the
Same Working Mode
Description: All nodes on the RRPP ring must have the same working mode configured.
They can work in either the RRPP mode defined by Huawei or the RRPP mode defined by
international standards.
Root cause: If nodes on the RRPP ring work in different RRPP modes, transit nodes cannot
identify the COMMON-FLUSH-FBD and COMPLETE-FLUSH-FDB packets. As a result,
Issue 01 (2013-10-30)

Ltd.
181
S Series Switch
1 Overview
the transit nodes fail to update their MAC address forwarding entries and ARP entries when a
link fails or a faulty link recovers. Traffic forwarding is therefore affected.
Identification method: Run the display rrpp brief domain <domain-id> command to
check working modes of all nodes on the RRPP ring.
Solution: If devices from different vendors are used on the network, configure the devices to
work in the RRPP mode defined by international standards. If only Huawei devices are used
on the network, configure the devices to work in the RRPP mode defined by Huawei.
Versions involved: All versions
4.2.4.2 Suppression of Unknown Unicast Traffic Cannot Be

Configured on Transmit Nodes of the RRP Ring
Description: Suppression of unknown unicast traffic cannot be configured on primary and
secondary ports of transmit nodes on the RRPP ring; otherwise, a network loop may occur.
Root cause: RRPP packets may be discarded when the unknown unicast packets on the
network are of a large amount, which causes the master node on the RRPP ring unable to
receive the Hello packets. If the master node receives no Hello packet on its secondary port, it
unblocks the secondary port, causing a loop.
Identification method: Run the display current-configuration interface command to check
whether suppression of unknown unicast traffic is configured on primary and secondary ports
of all transmit nodes.
Solution: Do not configure suppression of unknown unicast traffic on primary and secondary
ports of transmit nodes on the RRPP ring.
4.2.4.3 LDT/LBDT and RRPP Cannot Be Configured

Simultaneously on the Same Port
Description: LDT/LBDT and RRPP cannot be configured simultaneously on the same port;
otherwise, a loop may occur.
Root cause: The port that has been blocked by RRPP can still forward LDT/LBDT packets.
When the RRPP ring is complete, LDT/LBDT packets cause a network loop, resulting in
broadcast storms.
Identification method: Run the display current-configuration interface command to check
whether LDT/LBDT is enabled on primary and secondary ports of all nodes.
Solution: Do not configure LDT/LBDT on primary and secondary ports on the RRPP ring.
4.3 Troubleshooting
RRPP is configured during network deployment. Roles of RRPP nodes and ports on the ring
are configured by the user rather than obtained through automatic calculation. Therefore,
Issue 01 (2013-10-30)

Ltd.
182
S Series Switch
1 Overview
RRPP must be correctly configured. Incorrect RRPP configuration may cause a temporary
loop or status errors.
4.3.2 An RRPP Temporary Loop Occurs

If RRPP is incorrectly configured, a loop may occur, causing broadcast storms. The common
causes are as follows:
RRPP is not configured on a certain device and ports on the ring are not added to the
control VLAN. As a result, RRPP packets cannot pass through the device, and the
secondary port of the master node cannot receive the Hello packet. The master node
unblocks the secondary port, causing a loop.
The master node is not configured on the ring. In this case, all nodes on the RRPP ring
are configured as transit nodes. All ports are unblocked, causing a loop.
The protected VLAN is incorrectly configured. Some VLANs are allowed by ports on
the RRPP ring. However, protected VLANs referenced by the instance do not include
these VLANs. Data from these VLANs cannot be managed by RRPP, causing a loop.
When RRPP snooping is enabled, the trust 8021p command is not configured on
corresponding ports. If the trust 8021p command is not configured on ports that transmit
RRPP packets, RRPP packets are transmitted with other data packets. When there is a
large number of packets to be transmitted, RRPP packets may be discarded, and Hello
packets may not reach the secondary port of the master node in a timely manner. The
master node then unblocks the secondary port, causing a loop.

1.
Check whether RRPP is correctly configured on all nodes.
2.
Check whether the values of Fail timers are set the same on nodes of the RRPP ring.
Issue 01 (2013-10-30)

Ltd.
183
S Series Switch
1 Overview


Step 1 Check whether RRPP is correctly configured on all nodes.
Run the display current-configuration configuration rrpp-domain-region command
to check whether RRPP configurations are correct, and run the display stp regionconfiguration command to check whether RRPP multi-instance is configured and
whether some data VLANs are not configured as protected VLANs.
# display current-configuration configuration rrpp-domain-region
[Switch] display current-configuration configuration rrpp-domain-region
#
rrpp domain 1
control-vlan 1025
Issue 01 (2013-10-30)

Ltd.
184
S Series Switch
1 Overview

ring 1 enable
#
return
[Switch]
# display stp region-configuration
[Switch] display stp region-configuration
Oper configuration
Format selector
:0
Region name
:707be8c800e9
Revision level
:0
Instance
0
[Switch]
VLANs Mapped
1 to 4094
Run the display vlan <vlan-id> command to check whether ports of devices on the
RRPP ring that are not enabled with RRPP allow the control VLAN. If the devices are on
a major ring, check whether the ports allow the major control VLAN; if the devices are
on a sub-ring, check whether the ports allow sub-control VLAN.
[Switch] display vlan 1025
------------------------------------------------------------------------------U: Up;
D: Down;
TG: Tagged;
UT: Untagged;
MP: Vlan-mapping;
ST: Vlan-stacking;
#: ProtocolTransparent-vlan;
*: Management-vlan;
------------------------------------------------------------------------------VID Type
Ports
------------------------------------------------------------------------------2000 common TG:GE0/0/1(U)
GE0/0/3(U)
VID Status Property
MAC-LRN Statistics Description
------------------------------------------------------------------------------2000 enable default
enable disable
VLAN 2000
[Switch]
If a VPLS network is on the RRPP ring, check whether RRPP snooping is enabled and
whether the trust 8021p command is configured on corresponding ports. You can run the
display rrpp snooping enable/vsi command to check ports that have RRPP snooping
enabled, VSIs, and VLANs. If RRPP snooping is not enabled, check the reasons and
deploy RRPP snooping according to actual situations.
[Switch] display rrpp snooping enable all
Port
VsiName
Vlan
--------------------------------------------------------------------------[Quidway]
Run the display rrpp brief domain <domain id> and display rrpp verbose domain
<domain id> ring <ring id> commands to check current RRPP status.
# display rrpp brief domain <domain id>
< Switch> display rrpp brief
Issue 01 (2013-10-30)

Ltd.
185
S Series Switch
1 Overview

Domain Index
Control VLAN
Hello Timer
: 1
: major 2001
sub 2002
Ring Ring
Node Primary/Common
Secondary/Edge
Is
ID
Level Mode Port
Port
Enabled
---------------------------------------------------------------------------1
0
M
Eth-Trunk0
Eth-Trunk1
Yes
< Switch>
# display rrpp verbose domain <domain id> ring <ring id>
< Switch> display rrpp verbose domain 1 ring 1
Domain Index
: 1
Control VLAN
: major 2001
sub 2002
Hello Timer
RRPP Ring
Ring Level
Node Mode
Ring State
Is Enabled
Primary port
Secondary port
:
:
:
:
:
:
:
1
0
Master
Complete
Enable
Eth-Trunk0
Eth-Trunk1
Is Active: Yes
Port status: UP
< Switch>
Step 2 Check whether the values of Fail timers on nodes of the RRPP ring are the same.
Run the display rrpp brief domain <domain-id> and display rrpp verbose domain
<domain-id> ring <ring-id> commands to check whether values of Fail timers on all
nodes are the same.
# display rrpp brief domain <domain id>
<Quidway> display rrpp brief
Domain Index
Control VLAN
Hello Timer
: 1
: major 2001
sub 2002
Ring Ring
Node Primary/Common
Secondary/Edge
Is
ID
Level Mode Port
Port
Enabled
---------------------------------------------------------------------------1
0
M
Eth-Trunk0
Eth-Trunk1
Yes
<Quidway>
# display rrpp verbose domain <domain id> ring <ring id>
<Quidway> display rrpp verbose domain 1 ring 1
Issue 01 (2013-10-30)

Ltd.
186
S Series Switch
1 Overview
Domain Index
Control VLAN
Hello Timer
: 1
: major 2001
sub 2002
RRPP Ring
Ring Level
Node Mode
Ring State
Is Enabled
Primary port
Secondary port
:
:
:
:
:
:
:
1
0
Master
Complete
Enable
Eth-Trunk0
Eth-Trunk1
Is Active: Yes
Port status: UP
<Quidway>
4.3.3 Information Collection


names of connected interfaces.
4.3.3.2 display Command List

Command
Description
display version
display device
Displays device status.
display cpu-usage [slot <slot-id>]
Displays CPU usage.
display memory-usage [slot <slot-id>]
Displays memory usage.
display interface
Displays traffic on all ports every 5 minutes

or twice.
display rrpp brief [domain <domain-id>]
Displays brief information about RRPP

domains.
display rrpp verbose domain <domain-id>

[ring <ring-id>]
Displays detailed information about RRPP

domains.
display rrpp statistics domain<domain-id>

[ring <ring-id>]
Displays statistics information about RRPP

domains.
display logbuffer
display trapbuffer
Issue 01 (2013-10-30)

Ltd.
187
S Series Switch
1 Overview
Command
Description
reset rrpp statistics domain <domain-id>

[ring <ring-id>]
Clears statistics on RRPP packets.

4.4.1 Switch Ports Join VLAN 1 by Default. VLAN 1 Is
Not Configured as Protected VLAN When RRPP MultiInstance Is Configured, Causing an RRPP Temporary
Loop
Figure 1.1 Networking diagram
As shown in Figure 1.1, Switch A, Switch B, Switch C, and Switch D constitute an RRPP
ring. Data from VLANs 10 and 20 is protected on the RRPP ring. VLAN 10 and VLAN 20
are added to instance 1. The protected VLANs are configured to reference instance 1. Switch
ports join VLAN 1 by default, causing data from VLAN 1 to form a loop.
4.4.1.2 Root Cause

Switch ports join VLAN 1 by default. VLAN 1 not configured as a protected VLAN on the
RRPP ring. As a result, data from VLAN 1 is not prohibited and causes a loop on the RRPP
ring.
Issue 01 (2013-10-30)

Ltd.
188
S Series Switch
1 Overview

1.
Run the display current-configuration interface GigabitEthernet 1/0/0 command to

check RRPP configurations on switch ports. If the undo port trunk allow-pass vlan
command is not displayed, the ports join VLAN 1 by default.
[Switch]display current-configuration interface GigabitEthernet 1/0/0
#
stp disable
#
return
[Switch]
2.
Run the display stp region-configuration command to check multi-instance

configurations.
[Switch]display stp region-configuration
Oper configuration
Format selector
:0
Region name
:00e084701700
Revision level
:0
Instance
0
1
[Switch]
3.
VLANs Mapped
1 to 9, 11 to 19, 21 to 4094
10, 20

to check RRPP configurations. VLANs in instance 1 are protected. VLAN 1 is not added
to instance 1; therefore, the RRPP ring cannot protect data from VLAN 1.
[Switch]display current-configuration configuration rrpp-domain-region
#
rrpp domain 1
control-vlan 1025
ring 1 enable
#
return
[Switch]
4.4.1.4 Solution
1.
Add VLAN 1 to instance 1.

[Switch] stp region-configuration
Info: Please activate the stp region-configuration after it is modified.
[Quidway-mst-region] instance 1 vlan 1 10 20
[Quidway-mst-region] active region-configuration
Info: This operation may take a few seconds. Please wait for a moment...done.
[Quidway-mst-region]quit
[Quidway] display stp region-configuration
Oper configuration
Format selector
:0
Region name
:00e084701700
Issue 01 (2013-10-30)

Ltd.
189
S Series Switch
1 Overview
Revision level
:0
Instance
VLANs Mapped
0
2 to 9, 11 to 19, 21 to 4094
1
1, 10, 20
[Switch]
If VLAN 1 is useless, configure the ports to prohibit VLAN 1.
[Switch] interface GigabitEthernet1/0/0
[Switch-GigabitEthernet1/0/0] undo port trunk allow-pass vlan 1
4.4.1.5 Summary
When planning the protected VLANs on the RRPP ring, note that switch ports are added to
VLAN 1 by default. You need to add VLAN 1 to the protected VLANs to prevent loops.
4.4.2 Multi-Instance Configuration Causes an RRPP

Loop
As shown in Figure 1.1, SwitchA, SwitchB, and SwitchC form an RRPP ring. SwitchB
functions as the master node. SwitchC is the transit node. Ports GE2/0/4 and GE1/0/5 on
SwitchA allow control VLAN 2515. VLANs mapping instance 0 on SwitchB and SwitchC are
protected VLANs. RRPP multi-instance is configured on SwitchB. Packets from VLANs in
other instances cause a loop. As a result, many access devices are disconnected.
4.4.2.2 Root Cause

RRPP multi-instance is configured on SwitchB. The RRPP ring protects only VLANs in
instance 0. The three VLANs in instance 1 are not protected by RRPP. As a result, a loop
occurs.
Issue 01 (2013-10-30)

Ltd.
190
S Series Switch
1 Overview

1.
Check RRPP configurations.

to check RRPP domain configurations.
[SwitchB] display current-configuration configuration rrpp-domain-region
#
rrpp domain 1
control-vlan 2515
ring 1 enable
#
return
[SwitchB]
2.
Check multi-instance configurations.

Run the display stp region-configuration command to check multi-instance
configurations.
[SwitchB] display stp
Oper configuration
Format selector
Region name
Revision level
Instance
0
1
[SwitchB]
3.
region-configuration
:0
:00259e5cec21
:0
Vlans Mapped
1 to 2499, 2501 to 2542, 2544 to 2572, 2574 to 4094
2500, 2543, 2573
Check VLAN configurations.

Run the display vlan command to check ports of VLANs in instance 1.
# SwitchB
[SwitchB] display vlan 2500
VLAN ID
Type
Status
MAC Learning
---------------------------------------------------------2500
common
enable
enable
---------------Tagged
Port: GigabitEthernet0/1/1
---------------Interface
Physical
UP
DOWN
#SwitchC
[SwitchB] display vlan 2500
VLAN ID
Type
Status
MAC Learning
---------------------------------------------------------2500
common
enable
enable
---------------Tagged
---------------Interface
Issue 01 (2013-10-30)
Physical

Ltd.
191
S Series Switch
1 Overview
UP
UP
# SwitchA
[SwitchB]display vlan 2500
VLAN ID Type
Status
MAC Learning Broadcast/Multicast/Unicast
Property
------------------------------------------------------------------------------2500
common
enable
enable
forward
forward
forward
default
---------------Tagged
---------------Interface
Physical
UP
UP
UP
UP
DOWN
UP
The command output shows that each port on the ring allows VLAN 2500, and some
ports that are not on the ring also allow VLAN 2500. VLAN 2500 is added to instance 1.
The RRPP ring protects VLANs in instance 0. Consequently, data from VLAN 2500 is
not blocked, causing a loop.
4.4.2.4 Solution
RRPP is configured to protect all VLANs. In this case, delete instance 1.
Info: Please activate the stp region-configuration after it is modified.
[SwitchB-mst-region] undo instance 1
Info: This operation may take a few seconds. Please wait for a moment...done.
SwitchB-mst-region]quit
[SwitchB] display stp region-configuration
Oper configuration
Format selector
:0
Region name
:00259e5cec21
Revision level
:0
Instance
0
[SwitchB]
Vlans Mapped
1 to 4094
4.4.2.5 Summary
When deploying an RRPP ring, ensure that multi-instance configurations on the device do not
affect the RRPP ring.
Issue 01 (2013-10-30)

Ltd.
192
S Series Switch
1 Overview
4.4.3 MAC Address Forwarding Entries and ARP

Entries Cannot Be Updated Because RRPP Master
Node and Transmit Nodes Work in Different Modes
As shown in Figure 1.1, SwitchA, SwitchB, SwitchC, and SwitchD form an RRPP ring.
SwitchA is the master node, and SwitchB, SwitchC, and SwitchD are the transit nodes. When
the link between SwitchB, SwitchC, and SwitchD becomes faulty or recovers from a fault,
other transit nodes do not update their MAC address forwarding entries or ARP entries.
Traffic forwarding is affected.
4.4.3.2 Root Cause

SwitchA uses the RRPP working mode defined by international standards, while SwitchB,
SwitchC, and SwitchD use the RRPP working mode defined by Huawei. When a transit node
becomes faulty, COMMON-FLUSH-FDB and COMPLETE-FLUSH-FDB packets sent by
SwitchA cannot be processed by the transit nodes. As a result, MAC address forwarding
entries and ARP entries on these nodes are not updated. Traffic forwarding is affected.

Check whether the master node and transit nodes on the RRPP ring use the same RRPP
version. If RRPP versions are different, this problem occurs.
Run the display rrpp brief domain <domain-id> command to check node types and RRPP
working modes.
# GB
< SwitchA > display rrpp brief
M - Master , T - Transit , EM - Edge Master, ET - Edge Transit
Issue 01 (2013-10-30)

Ltd.
193
S Series Switch
1 Overview

RRPP Working Mode: GB
RRPP Linkup Delay Timer: 0 sec (0 sec default).
Domain Index
: 1
Control VLAN
: major 2015
sub 2016
Hello Timer
Ring Ring
Node Primary
Secondary/Edge
Is
ID
Level Mode Port
Port
Enabled
---------------------------------------------------------------------------1
0
M
Yes
< SwitchA >
# HW
< SwitchB > display rrpp brief domain 1
RRPP Linkup Delay Timer: 0 sec (0 sec default).
Domain Index
: 1
Control VLAN
: major 2015
sub 2016
Hello Timer
Ring Ring
Node Primary/Common
Secondary/Edge
Is
ID
Level Mode Port
Port
Enabled
---------------------------------------------------------------------------1
0
T
Yes
< SwitchB >
4.4.3.4 Solution
Configure all nodes on the RRPP ring to work in the same RRPP working mode.
4.4.3.5 Summary
All nodes on the RRPP ring must have the same RRPP working mode configured. They can
work in the mode defined by Huawei or the mode defined by international standards.
Issue 01 (2013-10-30)

Ltd.
194
S Series Switch
1 Overview
Smart Link
5.1 Smart Link Overview

5.1.1.1 Basic Principles and Concepts
Smart Link is a solution developed to provide efficient link redundancy and switchover for
dual-homed networks. Compared with the Spanning Tree Protocol (STP), Smart Link
provides faster convergence; compared with the Rapid Ring Protection Protocol (RRPP) and
SEP (Smart Ethernet Protection), Smart Link requires simpler configuration methods.
Monitor Link supplements Smart Link by introducing a port association solution. A Monitor
Link group consists of an uplink port and several downlink ports. If the uplink port fails, the
Monitor Link group automatically shuts down the downlink ports. When the uplink port
recovers, the Monitor Link group also recovers the downlink ports.
5.1.1.2 Characteristics
Figure 1.1 Smart Link networking
Issue 01 (2013-10-30)

Ltd.
195
S Series Switch
1 Overview
As shown in Figure 1.1, link redundancy can be provided on the dual-homed network, but a
loop (SwitchA --> SwitchB -->SwitchD --> SwitchC --> SwitchA) results in broadcast
storms. STP can be used to prevent loops, but the convergence speed is low. When the active
link becomes faulty, traffic is switched to the standby link. During the switchover, a large
amount of traffic is lost because the convergence takes several seconds. STP cannot be
applied to the networks that require short convergence time. RRPP and SEP can improve the
convergence performance, but they are applied to complicated ring networks and are difficult
to configure. New devices require extra configurations, and the configurations are complex.
When the ring network fails, you need to troubleshoot the fault on the devices one by one.
To address the preceding problem, Huawei introduces Smart Link on dual-homed networks to
implement link redundancy and rapid link status transition. This solution ensures high
performance and simplifies network configurations. In addition, Monitor Link supplements
Smart Link by introducing a port association solution, which monitors uplink status and
widens the scope of link backup.
Smart Link has the following advantages:
Preventing broadcast storms caused by loops. When two links are running properly on a
dual-homed network, only one link transmits traffic and the other link is blocked.
Ensuring nonstop data forwarding. When the active link is faulty, traffic is switched to
the standby link in milliseconds.
Simplifying configurations.

Starting from V200R003C00SPC300, Smart Link supports multiple control VLANs and
passwords on a port, and can switch traffic and perform accurate computation based on the
control VLANs. In versions earlier than V200R003C00SPC300, Smart Link supports only
one control VLAN and password on a port.

5.2.1 Scenario 1: Configuring Load Balancing
Between Active and Standby Links of a Smart Link
Group
As shown in Figure 1.1, the customer network is dual-homed to the MAN to ensure network
reliability. Packets of VLAN 100 and VLAN 500 are transmitted through the standby link,
and packets of other VLANs are transmitted through the active link. When the active link
fails, packets on the active link can be switched to the standby link rapidly. When the standby
link fails, packets of VLAN 100 and VLAN 500 can be switched to the active link rapidly.
The service interruption duration is controlled within milliseconds.
Issue 01 (2013-10-30)

Ltd.
196
S Series Switch
1 Overview
Figure 1.1 Configuring load balancing between active and standby links of a Smart Link group

1.
Configure Smart Link multi-instance on SwitchA and add uplink ports to the Smart Link
group.
2.
Configure load balancing on SwitchA.
3.
Enable the revertive switching function on SwitchA.
4.
Enable SwitchA to send Flush packets.
5.
Enable SwitchB and SwitchC to receive Flush packets.
6.
Enable the Smart Link group function on SwitchA.

Step 1 Create a control VLAN on SwitchA, and add corresponding ports to the VLAN.
<SwitchA> system-view
[SwitchA] vlan batch 10 100 500
[SwitchA] interface gigabitethernet
[SwitchA-GigabitEthernet1/0/1] port
Issue 01 (2013-10-30)
1/0/1
link-type trunk
trunk allow-pass vlan 10 100 500
1/0/2
link-type trunk
trunk allow-pass vlan 10 100 500

Ltd.
197
S Series Switch
1 Overview
The configurations on SwitchB and SwitchC are similar to SwitchA.

Step 2 Configure VLAN mapping on SwitchA.
[SwitchA-mst-region] instance 10 vlan 100 500
Step 3 Disable STP on uplink ports, add the ports to the Smart Link group, and specify the master
and slave ports.
# Configure SwitchA.
[SwitchA] smart-link group 1
[SwitchA-smlk-group1] port gigabitethernet 1/0/1 master
[SwitchA-smlk-group1] port gigabitethernet 1/0/2 slave
Step 4 Configure load balancing on SwitchA.

[SwitchA-smlk-group1] load-balance instance 10 slave
Step 5 Enable revertive switching and set the WTR time.

[SwitchA-smlk-group1] restore enable
[SwitchA-smlk-group1] timer wtr 30
Step 6 Enable the function of sending Flush packets.

[SwitchA-smlk-group1] flush send control-vlan 10 password simple 123
Step 7 Enable the Smart Link group function on SwitchA.

[SwitchA-smlk-group1] smart-link enable
Step 8 Enable the function of receiving Flush packets.

# Configure SwitchB.
[SwitchB-GigabitEthernet1/0/1] smart-link flush receive control-vlan 10
password simple 123
password simple 123
# Configure SwitchC.
[SwitchC-GigabitEthernet1/0/1] smart-link flush receive control-vlan 10
password simple 123
Issue 01 (2013-10-30)

Ltd.
198
S Series Switch
1 Overview

[SwitchC-GigabitEthernet1/0/2] smart-link flush receive control-vlan 10
password simple 123

# Run the display smart-link group command to view information about the Smart
Link group on SwitchA. If the following information is displayed, the configuration is
successful:
The Smart Link group function is enabled.
The WTR time is 30 seconds.
The control VLAN ID is 10.
GigabitEthernet 1/0/1 is the master port and is in Active state, and GigabitEthernet
1/0/2 is the slave port and is in Inactive state. The load balancing function is
configured.
<SwitchA> display smart-link group 1
Smart Link group 1 information :
Smart Link group was enabled
Wtr-time is: 30 sec.
Load-Balance Instance: 10
There is no protected-vlan reference-instance
DeviceID: 0018-2000-0083 Control-vlan ID: 10
Member
Role
State
Flush Count Last-Flush-Time
-----------------------------------------------------------------------GigabitEthernet1/0/1
Master Active
1
2009/01/05
10:33:46 UTC+05:00
Slave
Inactive 0
0000/00/00
00:00:00 UTC+05:00
# Run the shutdown command to shut down GigabitEthernet 1/0/1, and you can find
that GigabitEthernet 1/0/1 is in Inactive state and GigabitEthernet 1/0/2 is in Active
state.
[SwitchA-GigabitEthernet1/0/1] shutdown
[SwitchA-GigabitEthernet1/0/1] display smart-link group 1
Member
Role
State
Master Inactive 1
2009/01/05
10:33:46 UTC+05:00
Slave
Active
1
2009/01/05
10:34:46 UTC+05:00
# Run the undo shutdown command to enable GigabitEthernet 1/0/1. Wait for 30
seconds, and you can find that GigabitEthernet 1/0/1 is in Active state and GE 1/0/2
is in Inactive state.
[SwitchA-GigabitEthernet1/0/1] undo shutdown
[SwitchA-GigabitEthernet1/0/1] display smart-link group 1
Issue 01 (2013-10-30)

Ltd.
199
S Series Switch
1 Overview

Member
Role
State
Master Active
2
2009/01/05
10:35:46 UTC+05:00
Slave
Inactive 1
2009/01/05
10:34:46 UTC+05:00
Configuration Files

#
sysname SwitchA
#
#
instance 10 vlan 100 500
#
stp disable
#
stp disable
#
smart-link group 1
load-balance instance 10 slave
restore enable
smart-link enable
timer wtr 30
flush send control-vlan 10 password simple 123
#
return

#
sysname SwitchB
#
#
smart-link flush receive control-vlan 10 password simple 123
#
Issue 01 (2013-10-30)

Ltd.
200
S Series Switch
1 Overview

#
return

#
sysname SwitchC
#
#
#
#
return
5.2.2 Scenario 2: Configuring Association Between

Monitor Link and Smart Link
As shown in Figure 1.1, SwitchC on the MAN is connected to user networks. It accesses the
backbone network through uplink devices SwitchA and SwitchB in dual-homed mode.
SwitchA and SwitchC are dual-homed to uplink devices. One of each link pair needs to be
blocked to prevent loops. When the active link fails, the data flows can be rapidly switched to
the standby link to ensure nonstop services.
In addition, a monitoring mechanism is required to prevent service interruption caused by
faults of the uplink. When the uplink fails, the downlink can rapidly detect the fault and link
switching can be performed immediately to shorten the duration of service interruption.
Issue 01 (2013-10-30)

Ltd.
201
S Series Switch
1 Overview
Figure 1.1 Association between Smart Link and Monitor Link

1.
Configure a Smart Link group on SwitchA and SwitchC and add corresponding ports to
the Smart Link group.
2.
Configure a Monitor Link group on SwitchA and SwitchB.
3.
Enable SwitchA and SwitchC to send Flush packets.
4.
Enable SwitchA and SwitchB to receive Flush packets.

Step 1 Configure the same control VLAN on SwitchA, SwitchB, and SwitchC. Add the ports of the
Smart Link group or Monitor Link group to this VLAN.
The configuration details are not provided here. For details, see "VLAN Configuration" in the
S9300&S9300E Terabit Routing Switch Configuration Guide - Ethernet Configuration.
Step 2 Create a Smart Link group.
Issue 01 (2013-10-30)

Ltd.
202
S Series Switch
1 Overview
<SwitchA> system-view
[SwitchA-smlk-group1] quit
<SwitchC> system-view
[SwitchC] smart-link group 2
[SwitchC-smlk-group1] quit
Step 3 Add ports to the Smart Link group and specify the master and slave ports.
[SwitchA] interface gigabitethernet1/0/1
[SwitchA] interface gigabitethernet1/0/2
[SwitchA-smlk-group1] port gigabitethernet 1/0/1 master
[SwitchA-smlk-group1] port gigabitethernet 1/0/2 slave
[SwitchC] interface gigabitethernet1/0/1
[SwitchC] interface gigabitethernet1/0/2
[SwitchC-smlk-group2] port gigabitethernet 1/0/1 master
[SwitchC-smlk-group2] port gigabitethernet 1/0/2 slave
Step 4 Enable revertive switching and set the WTR time.

[SwitchA-smlk-group1] restore enable
[SwitchA-smlk-group1] timer wtr 30
[SwitchC-smlk-group2] restore enable
[SwitchC-smlk-group2] timer wtr 30
Step 5 Enable the function of sending or receiving Flush packets.

[SwitchA-smlk-group1] flush send control-vlan 10 password simple 123
[SwitchA-GigabitEthernet2/0/1] smart-link flush receive control-vlan 10
password simple 123
[SwitchA-GigabitEthernet2/0/2] smart-link flush receive control-vlan 10
password simple 123
Issue 01 (2013-10-30)

Ltd.
203
S Series Switch
1 Overview
<SwitchB> system-view
password simple 123
password simple 123
[SwitchC-smlk-group2] flush send control-vlan 10 password simple 123
Step 6 Enable the Smart Link group function.

[SwitchA-smlk-group1] smart-link enable
[SwitchC-smlk-group2] smart-link enable
[SwitchC-smlk-group2] quit
Step 7 Create a Monitor Link group and add the uplink and downlink ports to the Monitor Link
group.
[SwitchA] monitor-link group 1
[SwitchA-mtlk-group1] smart-link group 1 uplink
[SwitchA-mtlk-group1] port gigabitethernet 2/0/1 downlink 1
[SwitchB] monitor-link group 2
[SwitchB-mtlk-group2] port gigabitethernet 1/0/1 uplink
[SwitchB-mtlk-group2] port gigabitethernet 2/0/1 downlink 1
Step 8 Set the WTR time of a Monitor Link group.

[SwitchA-mtlk-group1] timer recover-time 10
[SwitchB-mtlk-group2] timer recover-time 10

<SwitchA> display smart-link group 1
There is no Load-Balance
Member
Role
State
Master Active
1
2009/01/05 10:33:46
UTC
Issue 01 (2013-10-30)

Ltd.
204
S Series Switch
1 Overview
+05:00
Slave
Inactive 0
0000/00/00 00:00:00
UTC
+05:00
<SwitchA> display monitor-link group 1
Monitor Link group 1 information :
Recover-timer is 3 sec.
Member
Role
State Last-up-time
Last-downtim
e
Smart-link1
UpLk
UP
0000/00/00 00:00:00 UTC+05:00
0000/0
0/00 00:00:00 UTC+05:00
DwLk[1] UP
0000/00/00 00:00:00 UTC+05:00
0000/0
0/00 00:00:00 UTC+05:00
Configuration Files

#
sysname SwitchA
#
vlan batch 10
#
stp disable
#
stp disable
#
#
#
smart-link group 1
smart-link enable
timer wtr 30
restore enable
#
monitor-link group 1
smart-link group 1 uplink
Issue 01 (2013-10-30)

Ltd.
205
S Series Switch
1 Overview
port GigabitEthernet2/0/1 downlink 1

timer recover-time 10
#
return

#
sysname SwitchB
#
vlan batch 10
#
#
#
#
monitor-link group 2
port GigabitEthernet1/0/1 uplink
port GigabitEthernet2/0/1 downlink 1
timer recover-time 10
#
return

#
sysname SwitchC
#
vlan batch 10
#
stp disable
#
stp disable
#
smart-link group 2
restore enable
smart-link enable
timer wtr 30
#
Issue 01 (2013-10-30)

Ltd.
206
S Series Switch
1 Overview
return

5.2.3.1 All Ports on the Smart Link Ring Must Be Enabled to
Receive Flush Packets
Description: All ports on the Smart Link ring must be able to receive Flush packets;
otherwise, the ports cannot detect network changes and are unable to update their MAC
address entries and ARP entries.
Root Cause: Only after the function of receiving Flush packets is configured, the ports can
receive and process Flush packets sent by Smart Link, and update their MAC address entries
and ARP entries when the network changes.
Identification Method: Run the display this command in the interface view to check
whether the smart-link flush receive control-vlan x command is configured.
Solution: Configure the control VLAN and password for receiving Flush packets.
5.3 Troubleshooting
Smart Link is a commonly used feature in dual-homed scenarios. The state of Smart Link
depends on the port state. The upper-layer network is notified of network changes through the
Flush packets sent by Smart Link. Incorrect configurations cause a traffic switching failure in
the Smart Link group.
5.3.2 Active/Standby Link Switchover Fails in a

Smart Link Group
Smart Link can detect only the physical status of ports. Normally, no Smart Link packet is
exchanged. Only when a link switchover occurs, Flush packets are sent to update MAC
address entries and ARP entries on the ring network. If the active/standby link switchover
fails in a Smart Link group, service forwarding is interrupted.

1.
Check status of ports in the Smart Link group.
2.
Check whether the Force and Lock functions are enabled in the Smart Link group.
3.
Check whether the function of sending Flush packets is enabled for the Smart Link group
and whether corresponding ports are added to the control VLAN.
4.
Check whether the function of receiving Flush packets is enabled, whether the control
VLAN and password are correct, and whether corresponding ports are added to the
control VLAN.
Issue 01 (2013-10-30)

Ltd.
207
S Series Switch
1 Overview

Issue 01 (2013-10-30)

Ltd.
208
S Series Switch
1 Overview

Step 1 Check the member port status in the Smart Link group.
Run the display interface interface-type interface-number command to view the port
status through the value of the current state field.
If the value of the current state field is Down, rectify the fault according to
Connected Ethernet Interfaces Down.
If the value of the current state field is Up, the port is Up. Go to step 2.
Step 2 Check the Smart Link group status.

Run the display smart-link group { all | group-id } command to view the Smart Link
group status through the value of the State field.
If one port is Active and the other port is Inactive, the Smart Link group status is
correct. Go to step 4.
If the Smart Link group status is incorrect, go to step 3.
Step 3 Check whether data flows are locked on a port in the Smart Link group.
Run the display smart-link group group-id command to check whether data flows are
locked on a port in the Smart Link group through the value of the Link status field.
<Quidway> display smart-link group 1
Link status:lock
Load-Balance Instance: 1 to 2
Member
Role
State
-----------------------------------------------------------------------GigabitEthernet1/0/1 Master
Active
1
2008/11/21 16:37:20 UTC05:00
GigabitEthernet1/0/2 Slave
Inactive
2
2008/11/21 17:45:20 UTC05:00
If the value of the Link status field is lock or force, data flows are locked on the
master or slave port in the Smart Link group. Run the undo smart-link { force |
lock } command to unlock data flows in the Smart Link group.
If no information is displayed in the Link status field, data flows are not locked in
the Smart Link group. Go to step 8.
Step 4 Check whether packets are discarded on member ports in the Smart Link group. Use the
following method to check whether packets are discarded:
Run the ping-c count -t timeout command to view packet loss information in the
command output.
If the network is unreliable, set the packet transmission count (-c) and timeout (-t) to the upper limits.
This makes the test result accurate.
If there are discarded packets, go to step 5.
If no packet is discarded, go to step 8.
Step 5 Check whether the function of sending Flush packets is enabled.

Issue 01 (2013-10-30)

Ltd.
209
S Series Switch
1 Overview
Run the display this command in the Smart Link group view to check whether the
function of sending Flush packets is enabled.
If the information "flush send control-vlan vlan-id" is not displayed, run the flush
send command to enable the function of sending Flush packets.
If the information "flush send control-vlan vlan-id" is displayed, go to step 6.
Step 6 Check whether the control VLAN is created. Ensure that member ports of the Smart Link
group join the control VLAN.
Run the display vlan vlan-id command.
If the following information is displayed, member ports of the Smart Link group join
the control VLAN. Go to step 7.
------------------------------------------------------------------------------U: Up;
D: Down;
TG: Tagged;
UT: Untagged;
MP: Vlan-mapping;
ST: Vlan-stacking;
#: ProtocolTransparent-vlan;
*: Management-vlan;
------------------------------------------------------------------------------VID Type
Ports
------------------------------------------------------------------------------10
common TG:GE1/0/3(U)
GE1/0/2(U)
If the preceding information is not displayed, create a control VLAN and add member
ports of the Smart Link group to the control VLAN.
Step 7 Check whether the function of receiving Flush packets is enabled on the peer device.
Run the display this command in the interface view.
If the information "smart-link flush receive control-vlan vlan-id" is displayed, go to

step 8.
If the information "smart-link flush receive control-vlan vlan-id" is not displayed, run
the smart-link flush receive command to enable the function of receiving Flush
packets
Configuration file, logs, and alarms of switches
MAC address entries on the devices with the Smart Link group configured
5.3.3 Monitor Link Group Status Is Incorrect

The Monitor Link group usually works with Smart Link. It can also work independently as an
association function. If the Monitor Link group status becomes faulty, link switchover fails.
Services are interrupted.

Issue 01 (2013-10-30)

Ltd.
210
S Series Switch
1 Overview
1.
Check the status of the member ports in the Monitor Link group.
2.
Check whether member ports join the service VLAN.


Step 1 Check the status of the member ports in the Monitor Link group.
Run the display monitor-link group group-id command to view the State field.
<Quidway> display monitor-link group 1
Monitor Link group 1 information :
Recover-timer is 5 sec.
Member
Role
State Last-up-time
Last-down-time
GigabitEthernet1/0/1 UpLk
UP
0000/00/00 00:00:00
0000/00/00 00:00:00
UTC+00:00
GigabitEthernet1/0/2 DwLk[1] DOWN 0000/00/00 00:00:00
0000/00/00
00:00:00 UTC+00:00
If the value of the State field is DOWN, rectify the fault according to Connected
Ethernet Interfaces Down.
A link fault, a unidirectional OAM connectivity fault, or a failure to establish OAM connections may
occur on the uplink port. If the uplink port belongs to a Smart Link group, the uplink port is considered
as faulty if none of the maser and slave ports in the Smart Link group are in active state or the Smart
Link group is not enabled.
Issue 01 (2013-10-30)

Ltd.
211
S Series Switch
1 Overview
If the value of the State field is UP, go to step 2.
Step 2 Check whether member ports of the Monitor Link group are added to the service VLAN.
Run the display current-configuration interface interface-type interface-number command
in the member interface view to check whether member ports of the Monitor Link group are
added to the service VLAN.
If any member port of the Monitor Link group is not added to the service VLAN, add
the member port to the service VLAN.
If member ports of the Monitor Link group are added to the service VLAN, go to step
3.
Configuration file, logs, and alarms of switches


names of connected interfaces.

Command
Description
display version
display device
Displays CPU usage.
display interface
Displays traffic on all ports every 5 minutes or

twice.
display smart-link group x
Displays information about the Smart Link

group.
display monitor-link group x
Displays information about the Monitor Link

group.
display logbuffer
display trapbuffer
Issue 01 (2013-10-30)

Ltd.
212
S Series Switch
1 Overview

5.4.1 Smart Link Multi-Instance Is Configured to
Balance Load. After that, An Error Occurs When the
STP Region Is Modified
Smart Link multi-instance is configured. An error occurs when VLAN 40 or VLAN 2 is added
to instance 10.
[Switch-mst-region]instance 10 vlan 40
[Switch-mst-region]active region-configuration
Error: The instance 20 has been used in Smart Link group, please cancel the Smart
Link configuration first.
5.4.1.2 Root Cause

[Switch-mst-region]check region-configuration
Admin configuration
Format selector
:0
Region name
:286ed4fcf061
Revision level
:0
Instance
0
10
Vlans Mapped
1, 3 to 39, 41, 43 to 49, 51 to 900, 925 to 948, 973 to 1000,
1201 to 1700, 2001 to 3050, 3053 to 3100, 3126 to 3136, 3138 to
3148, 3173 to 3300, 3325 to 3348, 3373 to 4091, 4093 to 4094
2, 40, 42, 50, 901 to 924, 949 to 972, 1001 to 1200, 1701 to
2000, 3051 to 3052, 3101 to 3125, 3137, 3149 to 3172, 3301 to
3324, 3349 to 3372, 4092
Run the check region-configuration command to check STP region configurations that do
not take effect after the active region-configuration command is executed.
[Switch-mst-region]display stp region-configuration
Oper configuration
Format selector
:0
Region name
:286ed4fcf061
Revision level
:0
Instance
0
10
20
Vlans Mapped
1 to 41, 43 to 47, 51 to 900, 997 to 1000, 1601 to 1700, 2001 to
3050, 3053 to 3100, 3197 to 3300, 3397 to 4091, 4093 to 4094
42, 50, 901 to 924, 949 to 972, 1001 to 1200, 1701 to 2000, 3051
to 3052, 3101 to 3124, 3149 to 3172, 3301 to 3324, 3349 to 3372,
4092
48 to 49, 925 to 948, 973 to 996, 1201 to 1600, 3125 to 3148,
3173 to 3196, 3325 to 3348, 3373 to 3396
The display stp region-configuration command output shows the STP region configurations
that take effect after the active region-configuration command is run.
Issue 01 (2013-10-30)

Ltd.
213
S Series Switch
1 Overview
Compare the command outputs of the two commands, and you can find that instance 20 has
been deleted from the device before. The operation of adding VLAN 2 or VLAN 40 to
instance 10 does not take effect when the active region-configuration command is executed.
Check the device configurations, and you can find that two Smart Link groups have been
created on the device, and instances 10 and 20 are all reference instances of the Smart Link
groups.
smart-link group 1
protected-vlan reference-instance 0 10 20
load-balance reference-instance 20 slave
restore enable
smart-link enable
smart-link group 2
protected-vlan reference-instance 0 10 20
load-balance reference-instance 20 slave
restore enable
smart-link enable
timer wtr 30
The error message is as follows:

Error: The instance 20 has been used in Smart Link group, please cancel the Smart
Link configuration first.
After the Smart Link group is bound to instance 20, the operation of deleting instance 20 is
performed on the device. The error message is displayed when the active regionconfiguration command is executed at that time. The analysis of the system logs also shows
that the related operation has been performed.
Mar 30 2012 14:03:44 Switch %%01SHELL/5/CMDRECORD(l): Record command information.
(Task=vt0, Ip=61.160.100.16, User=sjzx2011, Command="undo instance 20")
Mar 30 2012 14:03:46 Switch %%01SHELL/6/DISPLAY_CMDRECORD(l): Record command
information. (Task=vt0, Ip=61.160.100.16, User=sjzx2011, Command="display this")
Mar 30 2012 14:03:52 Switch %%01SHELL/5/CMDRECORD(l): Record command information.
(Task=vt0, Ip=61.160.100.16, User=sjzx2011, Command="active region-configuration")
Therefore, the error message is still displayed when VLAN 2 or VLAN 40 is added to
instance 10.

The error message indicates that the operation of deleting instance 20 has been performed on
the device before.
Run the check region-configuration command in the STP region to check the STP region
configurations that do not take effect.
5.4.1.4 Solution
Disable the Smart Link group function and unbind the Smart Link group from instance 20.
Delete instance 20 in the STP region view and then run the active region-configuration
command. After that, re-configure instance 20 and run the active region-configuration
command again.
Issue 01 (2013-10-30)

Ltd.
214
S Series Switch
1 Overview
5.4.1.5 Summary
STP region configurations are not only applicable to the STP function. Instances in the STP
region may also be bound to ring features such as RRPP and Smart Link.
When modifying STP region configurations, run the check region-configuration command
to check whether region parameters that do not take effect are correctly configured. Then run
the active region-configuration command to check whether messages indicating an
activation failure are displayed.
5.4.2 Services Are Interrupted After an

Active/Standby Link Switchover Occurs in the Smart
Link Group
Figure 1.1 Active/standby link switchover in a Smart Link group
As shown in Figure 1.1, the Smart Link group is enabled on SW4. A is the master port while
B is the slave port. When A becomes down, traffic is switched to B. However, traffic from
SW1 is interrupted.
Issue 01 (2013-10-30)

Ltd.
215
S Series Switch
1 Overview
5.4.2.2 Root Cause

Ports on SW1 are not enabled to receive Flush packets. When an active/standby link
switchover occurs on SW4, SW1 cannot receive the Flush packets sent from SW4, and fail to
update the ARP entries (updating the outbound port to B). Layer 3 traffic is still forwarded to
the outbound port A on SW1. As a result, traffic is still forwarded along the original active
link which is already blocked. Packets cannot pass through. Services are interrupted.

Check whether the function of receiving Flush packets is enabled on corresponding ports.
5.4.2.4 Solution
Enable all ports on the Smart Link ring, including A and B on SW1, SW2, and SW3 to receive
Flush packets.
5.4.2.5 Summary
In addition to switches connecting to ports in the Smart Link group, all ports on the Smart
Link ring must be able to receive Flush packets.
Issue 01 (2013-10-30)

Ltd.
216
S Series Switch
1 Overview
ERPS Overview
6.1 Introduction to ERPS

6.1.1 ERPS
Ethernet Ring Protection Switching (ERPS) is a protocol defined by the International
Telecommunication Union - Telecommunication Standardization Sector (ITU-T) to prevent
loops at Layer 2. As the standard number is ITU-T G.8032/Y1344, ERPS is also called
G.8032. ERPS defines Ring Auto Protection Switching (RAPS) Protocol Data Units (PDUs)
and protection switching mechanisms.
ERPS has two versions: ERPSv1 released in June 2008 and ERPSv2 released in August 2010.
ERPSv2 is compatible with ERPSv1 and provides the following enhancements:
Multi-ring topologies, such as intersecting rings
RAPS PDU transmission modes on subrings
Two manual port blocking modes: forced switch (FS) and manual switch (MS)
Revertive and non-revertive switching
Faster protection switching on Ethernet networks is required. STP does not meet the
requirement for convergence performance. RRPP and SEP are Huawei proprietary ring
protocols, which cannot be used for communication between Huawei and non-Huawei
devices on a ring network.
ERPS is a standard protocol issued by the ITU-T to prevent loops on ring networks, and
inherits advantages of ring network technologies such as STP. It optimizes detection and
performs fast convergence. In addition, ERPS provides good compatibility that can be used
for communication between Huawei and non-Huawei devices on a ring network.
ERPS brings the following benefits:
On networks with loops, ERPS can prevent broadcast storms and fast switch services.
ERPS provides fast convergence, ensuring carrier-class reliability.
ERPS is a standard protocol issued by the ITU-T to prevent loops on ring networks. It
allows all ERPS-capable devices on a ring network to communicate.
Issue 01 (2013-10-30)

Ltd.
217
S Series Switch
1 Overview
6.1.1.1 Basic ERPS Concepts

ERPS is a protocol used to prevent loops at the link layer of an Ethernet network. An ERPS
ring, as a basic unit, contains several nodes. ERPS blocks the RPL owner port and controls
common ports so that the port switches between Forwarding and Discarding and loops are
eliminated. In addition, the control VLAN, data VLAN, and protected instance are used to
implement ERPS functions.
As shown in Figure 1.1, a CE connects to a ring network consisting of LSW1 through LSW4.
This access mode makes the network reliable; however, to eliminate loops and ensure link
connectivity, a mechanism used to prevent loops is required.
Figure 1.1 ERPS single-ring networking
ERPS can be deployed on a network as shown in Figure 1.1.
ERPS Ring
An ERPS ring consists of interconnected Layer 2 switching devices configured with the same
control VLAN. An ERPS ring is the basic unit for ERPS.
An ERPS ring can be a major ring or a subring. By default, an ERPS ring is a major ring. The
major ring is a closed ring, and a subring is a non-closed ring. You can configure the major
ring and subring using command lines.
Only ERPSv2 supports the subring configuration.
Node
A node refers to a Layer 2 switching device added to an ERPS ring. A maximum of two ports
on a node can be added to the same ERPS ring.
Port Role
As defined in the ERPS protocol, ports are classified into the RPL owner port, RPL neighbor
port, and common port. Only ERPSv2 supports the RPL neighbor port.
Issue 01 (2013-10-30)

Ltd.
218
S Series Switch
1 Overview
RPL owner port

An ERPS ring has only one RPL owner port, which is configured by the user. Blocking
the RPL owner port prevents loops on the ERPS ring.
When the node where the RPL owner port resides receives an RAPS PDU indicating that
a link or node on the ring fails, it unblocks the RPL owner port to allow the port to send
and receive traffic. This ensures nonstop traffic forwarding. The link where the RPL
owner port resides is a ring protection link (RPL).
RPL neighbor port

An RPL neighbor port is a ring port directly connected to an RPL owner port. Normally,
RPL owner and neighbor ports are both blocked to prevent loops. When an ERPS ring
fails, both RPL owner and neighbor ports are unblocked. RPL neighbor ports are used to
reduce the number of FDB entry updates on the device where the RPL neighbor port
resides.
Common port
On an ERPS ring, the ports except the RPL owner port are common ports. A common
port monitors the status of the directly-connected ERPS link, and sends RAPS PDUs to
inform the other ports if the link status changes.
Port Status
On an ERPS ring, an ERPS-enabled port can be in either of the following states:
Forwarding: The port forwards user traffic and sends and receives RAPS PDUs.
Discarding: The port only sends RAPS PDUs.
Control VLAN
A control VLAN is configured for an ERPS ring to transmit RAPS PDUs. Each ERPS ring
must be configured with a control VLAN. After a port is added to an ERPS ring configured
with a control VLAN, the port is added to the control VLAN automatically. Different ERPS
rings cannot be configured with the same control VLAN ID. Unlike control VLANs, data
VLANs are used to transmit data packets.
Protected Instance
On a Layer 2 device running ERPS, the VLAN in which RAPS PDUs and data packets are
transmitted must be mapped to a protected instance so that ERPS forwards or blocks the
VLAN packets. Otherwise, VLAN packets may cause broadcast storms on the ring network,
causing the network to be unavailable.
Timer
ERPS defines four timers: guard timer, WTR timer, holdoff timer, and WTB timer (only in
ERPSv2).
Guard timer
After a faulty link, a node recovers, or a clear operation is executed, the nodes on the two
ends of the link or the recovered node sends RAPS No Request (NR) messages to inform
the other nodes of the link or node recovery and starts a guard timer. Before the timer
expires, each involved node does not process any RAPS PDUs to avoid receiving out-ofdate RAPS (NR) messages. After the timer expires, if the involved node still receives an
RAPS NR message, the local port enters the Forwarding state.
Issue 01 (2013-10-30)

Ltd.
219
S Series Switch
1 Overview
WTR timer
If the RPL owner port is unblocked due to a link or node failure, the involved port may
not go Up immediately after the link or node recovers. To prevent the RPL owner port
from alternating between Up and Down, the node where the RPL owner port resides
starts a WTR timer after receiving an RAPS NR message. If the node receives an RAPS
Signal Fail (SF) message before the timer expires, it terminates the WTR timer. If the
node does not receive any RAPS SF message before the timer expires, it unblocks the
RPL owner port when the timer expires and sends an RAPS (NR, RB) (RAPS no request,
root blocked) message. After receiving this RAPS (NR, RB) message, the nodes set their
recovered ports on the ring to the Forwarding state.
Holdoff timer
Protection switching sequence requirements vary for Layer 2 networks running ERPS.
For example, in a multi-layer service application, if a server fails, a period of time is
needed for the server to recover. No protection switching is performed immediately after
the server fails, and the client does not detect the failure in this period of time. A holdoff
timer can be set. If a fault occurs, the fault is not immediately reported to ERPS. Instead,
the hold-off timer starts. If the fault persists after the timer expires, the fault will be
reported to ERPS.
WTB timer
The WTB timer starts after forcible or manual switching is performed. When multiple
nodes on an ERPS ring are in forcible or manual switching state, the clear operation
takes effect only after the WTB timer expires so that the RPL owner port will not be
blocked immediately.
The WTB timer value cannot be configured. Its value is the guard timer value plus 5.
The default WTB timer value is 7s.
Revertive and Non-revertive Switching

After link faults are rectified, whether to re-block the RPL owner port depends on the
switching mode.
In revertive switching, the RPL owner port is re-blocked after the WTR timer expires,
and the traffic channel is blocked on the RPL.
In non-revertive switching, the traffic channel continues to use the RPL.
By default, ERPS rings use revertive switching.

ERPSv1 supports only revertive switching. ERPSv2 supports both revertive and non-revertive
switching.
Port Blocking Modes

When bandwidth of the link of the RPL owner port is used to carry more user traffic, block a
link with low bandwidth so that user traffic is transmitted on the RPL. ERPS supports two
manual port blocking modes: forced switch (FS) and manual switch (MS).
FS: forcibly blocks a port immediately after FS is configured, irrespective of whether

link failures have occurred.
MS: forcibly blocks a port when link failures and FS conditions are absent.
In addition to FS and MS operations, ERPS also supports the clear operation:
Issue 01 (2013-10-30)
Clears the FS or MS operation.

Ltd.
220
S Series Switch
1 Overview
Triggers revertive switching before the WTR or wait to block (WTB) timer expires on an
ERPS ring in revertive switching mode.
Triggers revertive switching on an ERPS ring in non-revertive switching mode.
Only ERPSv2 supports port blocking modes.
RAPS PDU Transmission Mode on Subrings

ERPSv2 supports single and multi-ring topologies. In multi-ring topologies, RAPS PDUs are
transmitted through virtual channels (VCs) or non-virtual channels (NVCs) on subrings.
VC: RAPS PDUs on sub-rings are transmitted to the major ring through interconnection
nodes. The RPL owner port of a sub-ring blocks both RAPS PDUs and data traffic.
NVCs: RAPS PDUs on sub-rings are terminated on the interconnection nodes. The RPL
owner port blocks data traffic but not RAPS PDUs on each sub-ring.
On the network shown in Figure 1.2, a major ring is interconnected with two sub-rings. The
sub-ring on the left has a VC, whereas the sub-ring on the right has an NVC.
Figure 1.2 Interconnected rings with a VC or NVC
By default, sub-rings use NVCs to transmit RAPS PDUs, except for the scenario shown in
Figure 1.3.
When sub-ring links are not contiguous, VCs must be used. On the network shown in Figure 1.3, links b
and d belong to major rings 1 and 2, respectively; links a and c belong to the sub-ring. As links a and c
are not contiguous, they cannot detect the status change between each other, so VCs must be used for
RAPS PDU transmission.
Issue 01 (2013-10-30)

Ltd.
221
S Series Switch
1 Overview
Figure 1.3 VC application
Table 3.1 lists the advantages and disadvantages of RAPS PDU transmission modes on subrings with VCs or NVCs.
Table 3.1 Comparison between RAPS PDU transmission modes on sub-rings with VCs or NVCs
RAPS PDU
Transmission
Mode on
Subrings
Advantage
Disadvantage
VC
Applies to scenarios in
which sub-ring links are
incontiguous.
Requires VC resource reservation and

control VLAN assignment from
adjacent rings.
NVC
Does not need resource

reservation or control
VLAN assignment from
adjacent rings.
Inapplicable to scenarios in which

sub-ring links are incontiguous.
6.1.1.2 ERPS Single-ring Principle

ERPS is a standard ring protocol used to prevent loops on ERPS rings at the Ethernet link
layer. A maximum of two ports on a Layer 2 switching device can be added to the same ERPS
ring.
To prevent loops on an ERPS ring, you can enable a loop prevention mechanism to block the
Ring Protection Link (RPL) owner port to eliminate redundant Ethernet links. If a link on the
ring network fails, the ERPS-enabled device immediately unblocks the blocked port and
performs link switching to restore communication between nodes on the ring network.
This section describes how ERPS is implemented on a single ring when links are normal,
when a link fails, and when the link recovers.
Issue 01 (2013-10-30)

Ltd.
222
S Series Switch
1 Overview
Links Are Normal

On the network shown in Figure 1.1, LSW1 through LSW5 constitute a ring network, and
they can communicate with each other.
To prevent loops, ERPS blocks the RPL owner port and also the RPL neighbor port (if
any is configured). All other ports can transmit service traffic.
All ports on the ERPS ring send RAPS NR messages to all other nodes on the ring at an
interval of 5s, indicating that ERPS links are normal.
Figure 1.1 ERPS single ring networking (links are normal)
A Link Fails
As shown in Figure 1.2, if the link between LSW4 and LSW5 fails, the ERPS protection
switching mechanism is triggered. The ports on both ends of the faulty link are blocked and
the RPL owner port and RPL neighbor port are unblocked to send and receive packets. This
ensures nonstop traffic forwarding. The process is as follows:
Issue 01 (2013-10-30)
After LSW4 and LSW5 detect the link fault, they block their ports on the faulty link and
update FDB entries.

Ltd.
223
S Series Switch
1 Overview
LSW4 and LSW5 send three consecutive RAPS SF messages to the other LSWs and
then send one RAPS SF message at an interval of 5s afterwards.
After receiving the RAPS PDUs, LSW3 where the RPL owner port resides unblocks the
RPL owner port and updates FDB entries; the other LSWs update local FDB entries.
Similarly, after receiving the RAPS PDUs, LSW2 where the RPL owner port resides
unblocks the RPL neighbor port and updates FDB entries.
Figure 1.2 ERPS single ring networking (a link is faulty)
The Link Recovers

After the link fault is rectified, either of two situations may occur:
If the ERPS ring uses revertive switching, the RPL owner port is blocked again, and the
link that has recovered is used to forward traffic.
If the ERPS ring uses non-revertive switching, the RPL remains unblocked, and the link
that has recovered is still blocked.
The following example uses revertive switching to illustrate the process after the link
recovers:
Issue 01 (2013-10-30)
After the link between LSW4 and LSW5 recovers, LSW4 and LSW5 start a guard timer
to avoid receiving out-of-date RAPS PDUs. The two devices do not receive any RAPS
Ltd.
224
S Series Switch
1 Overview
PDUs before the timer expires. At the same time, LSW4 and LSW5 send RAPS NR
messages to the other LSWs.
After receiving an RAPS NR message, LSW3 on which the RPL owner port resides
starts the WTR timer. After the WTR timer expires, LSW3 blocks the RPL owner port
and sends RAPS (NR, RB) messages.
After receiving an R-APS (NR, RB) message, LSW4 and LSW5 unblock the ports at the
two ends of the link that has recovered, stop sending RAPS NR messages, and update
FDB entries. The other LSWs also update FDB entries after receiving an R-APS (NR,
RB) message.
Protection Switching
Forced switch (FS)

As shown in Figure 1.3, LSW1 through LSW5 on the ERPS ring can communicate with
each other. A forced switch (FS) operation is performed on the LSW5's port that connects
to LSW4, and the LSW5's port is blocked. Then the RPL owner port and RPL neighbor
port are unblocked to send and receive traffic. This mechanism ensures that traffic is not
interrupted. The process is as follows:
Issue 01 (2013-10-30)
After the LSW4's port that connects to LSW5 is forcibly blocked, LSW5 updates
FDB entries.
LSW5 sends three consecutive RAPS SF messages to the other LSWs and then sends
one RAPS SF message at an interval of 5s afterwards.
After receiving an RAPS SF message, the other LSWs update FDB entries. LSW3 on
which the RPL owner port resides and LSW2 on which the RPL neighbor port resides
unblock the respective RPL owner port and RPL neighbor port, and update FDB
entries.

Ltd.
225
S Series Switch
1 Overview
Figure 1.3 Layer 2 ERPS ring networking (a link fails)
Clear
After a clear operation is performed on LSW5, the port that is forcibly blocked sends
RAPS NR messages to all other ports on the ERPS ring.
If the ERPS ring uses revertive switching, the RPL owner port starts the WTB timer
after receiving an RAPS NR message. After the WTB timer expires, the FS operation
is cleared. Then the RPL owner port is blocked, and the blocked port on LSW5 is
unblocked. If a clear operation is performed on LSW3 on which the RPL owner port
resides before the WTB timer expires, the RPL owner port is immediately blocked,
and the blocked port on LSW5 is unblocked.
If the ERPS ring uses non-revertive switching and the RPL owner port needs to be
blocked, perform a clear operation on LSW3 on which the RPL owner port resides.
Manual switch
Compared with an FS operation, a manual switch (MS) operation triggers protection
switching in a similar way except that an MS operation does not take effect in FS, MS, or link
failure conditions.
Issue 01 (2013-10-30)

Ltd.
226
S Series Switch
1 Overview
6.1.1.3 ERPS Multi-ring Principle

ERPSv1 supports only single ring topology, whereas ERPSv2 supports single and multi-ring
topologies.
A multi-ring network consists of one or more major rings and sub-rings. A sub-ring can have a
VC or NVC, depending on whether R-APS PDUs on the sub-ring will be transmitted to a
major ring.
This section describes how ERPS is implemented on a multi-ring network with sub-rings that
have NVCs when links are normal, when a link fails, and when the link recovers.
Links Are Normal

On the multi-ring network shown in Figure 1.1, LSW1 through LSW5 constitute a major ring;
LSW2, LSW3, and LSW6 constitute subring 1, and LSW3, LSW4, and LSW7 constitute
subring 2. The LSWs on each ring can communicate with each other.
To prevent loops, each ring blocks its RPL owner port.
All ports on each ring send R-APS (NR) messages to all other nodes on the same ring at
an interval of 5s. The RAPS NR messages on each subring are terminated on the
interconnection nodes and therefore are not transmitted to the major ring.
Traffic between PC1 and the upper-layer network travels along the path PC1 -> LSW6 ->
LSW2 -> LSW1 -> NPE1; traffic between PC2 and the upper-layer network travels along the
path PC2 -> LSW7 -> LSW4 -> LSW5 -> NPE2.
Issue 01 (2013-10-30)

Ltd.
227
S Series Switch
1 Overview
Figure 1.1 ERPS multi-ring networking (links are normal)
A Link Fails
As shown in Figure 1.2, if the link between LSW4 and LSW7 fails, the ERPS protection
switching mechanism is triggered. The ports on both ends of the faulty link are blocked, and
the RPL owner port on subring 2 is unblocked to send and receive traffic. In this situation,
traffic from PC1 still travels along the original path. LSW2 and LSW3 inform the other nodes
on the major ring of the topology change so that traffic from PC2 is also not interrupted.
Traffic between PC2 and the upper-layer network travels along the path PC2 -> LSW7 ->
LSW3 -> LSW2 -> LSW1 -> LSW5 -> NPE2. The process is as follows:
.1
After LSW4 and LSW7 detect the link fault, they block their ports on the faulty link and
update FDB entries.
.2
LSW7 sends three consecutive RAPS SF messages to the other LSWs and then sends
one RAPS SF message at an interval of 5s afterwards.
.3
LSW7 then unblocks the RPL owner port and updates FDB entries.
Issue 01 (2013-10-30)

Ltd.
228
S Series Switch
1 Overview
.4
After the interconnection node LSW3 receives an RAPS SF message, it updates FDB
entries. LSW3 and LSW4 then send an RAPS Event message within the major ring to
notify the topology change in subring 2.
.5
After receiving the RAPS Event message, the other LSWs on the major ring update FDB
entries.
Then traffic from PC2 is switched to a normal link.

Figure 1.2 ERPS multi-ring networking (a link is faulty)
The Link Recovers

After the link fault is rectified, either of two situations may occur:
If the ERPS ring uses revertive switching, the RPL owner port is blocked again, and the
link that has recovered is used to forward traffic.
If the ERPS ring uses non-revertive switching, the RPL remains unblocked, and the link
that has recovered is still blocked.
Issue 01 (2013-10-30)

Ltd.
229
S Series Switch
1 Overview
The following example uses revertive switching to illustrate the process after the link
recovers:
.1
After the link between LSW4 and LSW7 recovers, LSW4 and LSW7 start a guard timer
to avoid receiving out-of-date RAPS PDUs. The two devices do not receive any RAPS
PDUs before the timer expires. Then LSW4 and LSW7 send RAPS NR messages within
subring 2.
.2
LSW7 on which the RPL owner port resides starts the WTR timer. After the WTR timer
expires, LSW7 blocks the RPL owner port and unblocks its port on the link that has
recovered and then sends RAPS (NR, RB) messages within subring 2.
.3
After receiving an RAPS (NR, RB) message from LSW7, LSW4 unblocks its port on the
recovered link, stops sending RAPS NR messages, and updates FDB flush entries.
LSW3 also updates FDB entries after receiving an RAPS (NR, RB) message from
LSW7.
.4
LSW3 and LSW4, interconnection nodes, then send an RAPS Event message within the
major ring to notify the link recovery of subring 2.
.5
After receiving the RAPS Event message, the other LSWs on the major ring update FDB
entries.
Then traffic changes to the normal state, as shown in Figure 1.2.
6.1.1.4 ERPS Multi-instance

On a common ERPS network, a physical ring can be configured with a single ERPS ring, and
a single blocked port can be specified on the ring. When the ERPS ring is in normal state, the
blocked port prevents all service packets from passing through. As a result, all service data is
transmitted through one path over the ERPS ring, and the other link on the blocked port
becomes idle, wasting bandwidth. As shown in Figure 1.1, when only ERPS Ring1 is
configured, Interface1 is blocked and data is forwarded through Data Flow1. The link where
SwitchC, SwitchD, and SwitchE reside is idle.
Issue 01 (2013-10-30)

Ltd.
230
S Series Switch
1 Overview
Figure 1.1 Networking of ERPS multi-instance
To improve link use efficiency, only two logical rings can be configured on the same physical
ring in the ERPS multi-instance. A port may have different roles in different ERPS rings and
different ERPS rings use different control VLANs. A physical ring can have two blocked ports
accordingly. Each blocked port independently monitors the physical ring status and then
blocks or unblocks the ports. An ERPS ring must be configured with a protected instance, and
each instance specifies a range of VLANs. The topology calculated for a specific ERPS ring
only takes effect on the ERPS ring. Different VLANs can use separate paths, implementing
traffic load balancing and link backup.
As shown in Figure 1.1, ERPS Ring1 and ERPS Ring2 can be configured on the physical ring
consisting of SwitchA through SwitchE. Interface1 is the blocked port in ERPS Ring1. The
VLANs mapping to the protected instance is VLAN 100 to VLAN 200. Interface2 is the
blocked port in ERPS Ring2. The VLANs mapping to the protected instance is VLAN 300 to
VLAN 400. After the configuration is completed, data from VLAN 100 to VLAN 200 is
forwarded through Data Flow1, and data from VLAN 300 to VLAN 400 is forwarded through
Data Flow2. In this manner, load balancing is implemented and link use efficiency is
improved.
Issue 01 (2013-10-30)

Ltd.
231
S Series Switch
1 Overview

Starting from V200R001, devices support ERPS. There is slight difference between ERPS
supported by different versions.
Starting from V200R001, switches support ERPSv1. ERPS is a standard protocol issued
by the ITU-T to prevent loops on ring networks. It allows all ERPS-capable devices on a
ring network to communicate. Switches support only single-ring networking.
Starting from V200R003, switches support ERPSv2. ERPSv2 was released by G.8032
ITU-T in August 2010. ERPSv2 is compatible with ERPSv1 and provides the following
enhancements: multi-ring networking, FS, MS, revertive/non-revertive switching, and
CFM association.
Issue 01 (2013-10-30)

Ltd.
232
S Series Switch
1 Overview

6.2.1 Scenario 1: Configuring a Single ERPS Instance
As shown in Figure 1.1, to improve network reliability, the aggregation layer uses the ring
network (SwitchA through SwitchE constitute a ring network). This ring network
(aggregation ring) implements Layer 2 aggregation and connects to the Layer 3 network. In
addition, devices on the ring network may come from different vendors.
The aggregation ring needs to use a protocol that protects rings and implements fast
switching. This protocol is required to provide good compatibility so that devices from
different vendors can communicate.
ERPS can be deployed on devices on the ring network to protect rings and implement fast
switching. Because ERPS is a standard protocol issued by the ITU-T, ERPS allows devices
from different vendors to communicate.
Packets belong to VLANs 100 through 200. To prevent loops on the ring network, deploy
ERPS on devices of the ring network. Data packets from the CEs are transmitted as follows:
Issue 01 (2013-10-30)
Packets sent from CE1 are forwarded through SwitchB and SwitchA. Packets sent from
CE2 are forwarded through SwitchC, SwitchB, and SwitchA. Packets sent from CE3 are
forwarded through SwitchD and SwitchE.

Ltd.
233
S Series Switch
1 Overview
Figure 1.1 ERPS single-ring networking

1.
Configure Layer 2 forwarding on SwitchA through SwitchE.
2.
Create an ERPS ring, and configure a control VLAN and a protected instance. The
control VLAN is configured for an ERPS ring to transmit RAPS PDUs. The VLAN in
which RAPS PDUs and data packets are transmitted must be mapped to a protected
instance so that ERPS forwards or blocks the VLAN packets.
3.
Add Layer 2 ports connecting the switches to the ERPS ring and configure GE1/0/2 on
SwitchC as the RPL owner port. Normally, the RPL owner port is blocked to eliminate
loops. When a link on the ring network fails, ERPS immediately unblocks the blocked
port and performs link switching to restore communication between nodes on the ring
network.
4.
Set the guard timer and WTR timer for the ERPS ring.
Issue 01 (2013-10-30)

Ltd.
234
S Series Switch
1 Overview

Step 1 Configure Layer 2 forwarding on SwitchA through SwitchE.
1/0/1
link-type trunk
trunk allow-pass vlan 100 to 200
1/0/2
link-type trunk
trunk allow-pass vlan 100 to 200
# The configurations of SwitchB, SwitchC, SwitchD, and SwitchE are similar to the
configuration of SwitchA, and configuration details are not mentioned here.
Step 2 Create an ERPS ring, configure VLAN 10 as the control VLAN to transmit RAPS PDUs, and
bind VLANs 100 through 200 to a protected instance.
[SwitchA] erps ring 1
[SwitchA-erps-ring1] control-vlan 10
[SwitchA-erps-ring1] protected-instance 1
[SwitchA-erps-ring1] quit
[SwitchA-mst-region] instance 1 vlan 10 100 to 200
Step 3 Disable STP on interfaces, add interfaces to the ERPS ring, and configure GE1/0/2 on
SwitchC as the RPL owner port.
[SwitchA-GigabitEthernet1/0/1] erps ring 1
[SwitchC-GigabitEthernet1/0/1] erps ring 1
Issue 01 (2013-10-30)

Ltd.
235
S Series Switch
1 Overview

[SwitchC-GigabitEthernet1/0/2] erps ring 1 rpl owner
# The configurations of SwitchB, SwitchD, and SwitchE are similar to the configuration of
SwitchA, and configuration details are not mentioned here.
Step 4 Set the guard timer and WTR timer for the ERPS ring.
[SwitchA-erps-ring1] wtr-timer 6
[SwitchA-erps-ring1] guard-timer 100
After the preceding configurations are complete, perform the following operations to verify
the configuration. The display on SwitchC is used as an example.
Run the display erps ring 1 command to view brief information about the ERPS ring, and
ports of SwitchC that have been added to the ring.
[SwitchC] display erps ring 1
D : Discarding
F : Forwarding
R : RPL Owner
Ring Control WTR Timer Guard Timer Port 1
Port 2
ID
VLAN
(min)
(csec)
-------------------------------------------------------------------------------1
10
6
100 (F)GE1/0/1
(D,R)GE1/0/2
--------------------------------------------------------------------------------
Run the display erps ring 1 verbose command to view detailed information about the ERPS
ring, and ports of SwitchC that have been added to the ring.
[SwitchC] display erps ring 1 verbose
Ring ID
: 1
Description
: Ring 1
Control Vlan
: 10
Protected Instance
: 1
WTR Timer Setting (min)
: 6
Running (s)
: 0
Guard Timer Setting (csec)
: 100
Running (csec)
: 0
Holdoff Timer Setting (deciseconds) : 0
Running (deciseconds) : 0
Ring State
: Idle
RAPS_MEL
: 7
: 0 days 0h:33m:4s
-------------------------------------------------------------------------------Port
Port Role
Port Status
Signal Status
-------------------------------------------------------------------------------GE1/0/1
Common
Forwarding
Non-failed
GE1/0/2
RPL Owner
Discarding
Non-failed
----End
Issue 01 (2013-10-30)

Ltd.
236
S Series Switch
1 Overview
Configuration Files

#
sysname SwitchA
#
vlan batch 10 100 to 200
#
instance 1 vlan 10 100 to 200
#
erps ring 1
control-vlan 10
protected-instance 1
wtr-timer 6
guard-timer 100
#
port trunk allow-pass vlan 10 100 to 200
stp disable
erps ring 1
#
stp disable
erps ring 1
#
return

#
sysname SwitchB
#
#
#
erps ring 1
control-vlan 10
wtr-timer 6
guard-timer 100
#
stp disable
erps ring 1
#
Issue 01 (2013-10-30)

Ltd.
237
S Series Switch
1 Overview

stp disable
erps ring 1
#
return

#
sysname SwitchC
#
#
#
erps ring 1
control-vlan 10
wtr-timer 6
guard-timer 100
#
stp disable
erps ring 1
#
stp disable
erps ring 1 rpl owner
#
return

#
sysname SwitchD
#
#
#
erps ring 1
control-vlan 10
wtr-timer 6
guard-timer 100
#
Issue 01 (2013-10-30)

Ltd.
238
S Series Switch
1 Overview
stp disable
erps ring 1
#
stp disable
erps ring 1
#
return
Configuration file of SwitchE

#
sysname SwitchE
#
#
#
erps ring 1
control-vlan 10
wtr-timer 6
guard-timer 100
#
stp disable
erps ring 1
#
stp disable
erps ring 1
#
return
6.2.2 Scenario 2: Configuring ERPS Multi-instance

As shown in Figure 1.1, to improve network reliability, the aggregation layer uses the ring
network (SwitchA through SwitchE constitute a ring network). This ring network implements
Layer 2 aggregation and connects to the Layer 3 network. In addition, devices on the ring
network may come from different vendors.
The aggregation ring needs to use a protocol that protects rings and implements fast
switching. This protocol is required to provide good compatibility so that devices from
different vendors can communicate. Link resources need to be fully used to transmit data.
ERPS can be deployed on devices on the ring network to protect rings and implement fast
switching. Because ERPS is a standard protocol issued by the ITU-T, ERPS allows devices
Issue 01 (2013-10-30)

Ltd.
239
S Series Switch
1 Overview
from different vendors to communicate. Huawei ERPS supports multi-instance so that data
from different VLANs can be forwarded through different paths, maximizing link usage.
Data packets from VLANs 100 to 200 and VLANs 300 to 400 need to be transmitted from the
ring network to the Layer 3 network. To prevent loops on the ring network, deploy ERPS on
devices of the ring network. To make full use of link resources, data packets from VLANs 100
to 200 need to be transmitted along the path SwitchC -> SwitchB -> SwitchA, and data
packets from VLANs 300 to 400 need to be transmitted along the path SwitchC -> SwitchD
-> SwitchE so that load balancing is implemented.
Figure 1.1 Networking of ERPS multi-instance

1.
Configure Layer 2 forwarding on SwitchA through SwitchE.
2.
Create ERPS ring 1, and configure a control VLAN and protected instance. VLANs 100
to 200 are bound to the protected instance.
Issue 01 (2013-10-30)

Ltd.
240
S Series Switch
1 Overview
3.
Add Layer 2 ports to ERPS ring 1 and configure GE1/0/2 on Switch C as the RPL owner
port. Normally, the RPL owner port is blocked, so data packets from VLANs 100 to 200
are transmitted along the path SwitchC -> SwitchB -> SwitchA.
4.
Set the guard timer and WTR timer for ERPS ring 1.
5.
Create ERPS ring 2, and configure a control VLAN and protected instance. The control
VLAN on ERPS ring 2 is different from that on ERPS ring 1, and VLANs 300 to 400 are
bound to the protected instance.
6.
Add Layer 2 ports to ERPS ring 2 and configure GE1/0/1 on Switch C as the RPL owner
port. Normally, the RPL owner port is blocked, so data packets from VLANs 300 to 400
are transmitted along the path SwitchC -> SwitchD -> SwitchE. That is, data packets
from VLANs 100 to 200 and VLANs 300 to 400 are forwarded through different paths,
implementing load balancing.
7.
Set the guard timer and WTR timer for ERPS ring 2.

Step 1 Configure Layer 2 forwarding on SwitchA through SwitchE.
[SwitchA] vlan batch 100 to 200 300
to 400
1/0/1
link-type trunk
trunk allow-pass vlan 100 to 200 300 to 400
1/0/2
link-type trunk
trunk allow-pass vlan 100 to 200 300 to 400
Step 2 Create ERPS ring 1, configure VLAN 10 as the control VLAN to transmit RAPS PDUs, and
bind VLANs 100 through 200 to the protected instance.
Step 3 Disable STP on interfaces, add interfaces to the ERPS ring, and configure GE1/0/2 on
SwitchC as the RPL owner port.
Issue 01 (2013-10-30)

Ltd.
241
S Series Switch
1 Overview

Step 4 Set the guard timer and WTR timer for ERPS ring 1.
Step 5 Create ERPS ring 2, configure VLAN 20 as the control VLAN to transmit RAPS PDUs, and
bind VLANs 300 through 400 to the protected instance.
Step 6 Disable STP on interfaces, add interfaces to ERPS ring 2, and configure GE1/0/1 on SwitchC
as the RPL owner port.
Issue 01 (2013-10-30)

Ltd.
242
S Series Switch
1 Overview
Step 7 Set the guard timer and WTR timer for ERPS ring 2.
After the preceding configurations are complete, perform the following operations to verify
the configuration. The display on SwitchC is used as an example.
D : Discarding
F : Forwarding
R : RPL Owner
Port 2
ID
VLAN
(min)
(csec)
-------------------------------------------------------------------------------1
10
6
100 (F)GE1/0/1
(D,R)GE1/0/2
--------------------------------------------------------------------------------
D : Discarding
F : Forwarding
R : RPL Owner
Port 2
ID
VLAN
(min)
(csec)
--------------------------------------------------------------------------------
Issue 01 (2013-10-30)

Ltd.
243
S Series Switch
1 Overview
2
20
6
100 (D,R)GE1/0/1
(F)GE1/0/2
--------------------------------------------------------------------------------
Ring ID
: 1
Description
: Ring 1
Control Vlan
: 10
Protected Instance
: 1
: 6
Running (s)
: 0
: 100
Running (csec)
: 0
Ring State
: Idle
RAPS_MEL
: 7
: 0 days 0h:33m:4s
-------------------------------------------------------------------------------Port
Port Role
Port Status
Signal Status
-------------------------------------------------------------------------------GE1/0/1
Common
Forwarding
Non-failed
GE1/0/2
RPL Owner
Discarding
Non-failed
Ring ID
: 2
Description
: Ring 2
Control Vlan
: 20
Protected Instance
: 2
: 6
Running (s)
: 0
: 100
Running (csec)
: 0
Ring State
: Idle
RAPS_MEL
: 7
: 0 days 0h:33m:4s
-------------------------------------------------------------------------------Port
Port Role
Port Status
Signal Status
-------------------------------------------------------------------------------GE1/0/1
RPL Owner
Discarding
Non-failed
GE1/0/2
Common
Forwarding
Non-failed
----End
Configuration Files

#
sysname SwitchA
#
vlan batch 10 20 100 to 200 300 to 400
#
Issue 01 (2013-10-30)

Ltd.
244
S Series Switch
1 Overview
#
erps ring 1
control-vlan 10
wtr-timer 6
guard-timer 100
erps ring 2
control-vlan 20
wtr-timer 6
guard-timer 100
#
port trunk allow-pass vlan 10 20 100 to 200 300 to 400
stp disable
erps ring 1
erps ring 2
#
stp disable
erps ring 1
erps ring 2
#
return

#
sysname SwitchB
#
vlan batch 10 20 100 to 200 300 to 400
#
#
erps ring 1
control-vlan 10
wtr-timer 6
guard-timer 100
erps ring 2
control-vlan 20
wtr-timer 6
guard-timer 100
#
stp disable
erps ring 1
Issue 01 (2013-10-30)

Ltd.
245
S Series Switch
1 Overview
erps ring 2
#
stp disable
erps ring 1
erps ring 2
#
return

#
sysname SwitchC
#
vlan batch 10 20 100 to 200 300 to 400
#
#
erps ring 1
control-vlan 10
wtr-timer 6
guard-timer 100
erps ring 2
control-vlan 20
wtr-timer 6
guard-timer 100
#
stp disable
erps ring 1
#
stp disable
erps ring 2
#
return

#
sysname SwitchD
#
vlan batch 10 20 100 to 200 300 to 400
#
Issue 01 (2013-10-30)

Ltd.
246
S Series Switch
1 Overview

#
erps ring 1
control-vlan 10
wtr-timer 6
guard-timer 100
erps ring 2
control-vlan 20
wtr-timer 6
guard-timer 100
#
stp disable
erps ring 1
erps ring 2
#
stp disable
erps ring 1
erps ring 2
#
return
Configuration file of SwitchE

#
sysname SwitchE
#
vlan batch 10 20 100 to 200 300 to 400
#
#
erps ring 1
control-vlan 10
wtr-timer 6
guard-timer 100
erps ring 2
control-vlan 20
wtr-timer 6
guard-timer 100
#
Issue 01 (2013-10-30)

Ltd.
247
S Series Switch
1 Overview
stp disable
erps ring 1
erps ring 2
#
stp disable
erps ring 1
erps ring 2
#
return

6.2.3.1 Associate Ethernet CFM with ERPS When an
Intermediate Transmission Device Is Deployed on an ERPS
Ring
Description: When an intermediate transmission device is deployed on an ERPS ring,
associate Ethernet CFM with ERPS so that link faults on the intermediate transmission device
can be detected.
Root cause: ERPS does not provide a mechanism to detect link faults. When an intermediate
transmission device is deployed on an ERPS ring and link faults on the intermediate
transmission device occur, ERPS cannot detect the faults. As a result, the RPS owner port
cannot be unblocked, and service traffic is affected.
Identification method: Commands cannot be used to check whether an intermediate
transmission device is deployed on an ERPS ring, so learn about the network deployment
solution. If association between Ethernet CFM and ERPS is not supported, do not deploy an
intermediate transmission device on an ERPS ring.
Solution: Run the erps ring ring-id track cfm md md-name ma ma-name mep mep-id
remote-mep rmep-id command in the interface view to associate Ethernet CFM with ERPS.
Versions involved: V200R003C00 and later versions
Issue 01 (2013-10-30)

Ltd.
248
S Series Switch
1 Overview
6.3 Troubleshooting
Faster protection switching on Ethernet networks is required. STP does not meet the
requirement for convergence performance. RRPP and SEP are Huawei proprietary ring
protocols, which cannot be used for communication between Huawei and non-Huawei
devices on a ring network. ERPS is a standard protocol issued by the ITU-T to prevent loops
on ring networks. It allows all ERPS-capable devices on a ring network to communicate.
During ERPS application, ERPS faults may occur. This section describes how to troubleshoot
ERPS faults.
6.3.2 Traffic Forwarding Fails on an ERPS Link

This section describes the possible causes of a traffic forwarding failure on an ERPS link and
provides a step-by-step troubleshooting procedure.

After ERPS is configured, user data traffic cannot be correctly forwarded due to abnormal
ring status.

The link fails.
The ERPS configuration is incorrect.
The interface does not allow packets of the specified VLAN to pass.

Figure 1.1 shows the troubleshooting flowchart.
Issue 01 (2013-10-30)

Ltd.
249
S Series Switch
1 Overview
Figure 1.1 ERPS link troubleshooting flowchart

Step 1 Check the port roles on the ERPS ring and status of each device on the ring.
An ERPS ring should have only one ring protection link (RPL) owner and all the other ports
should be common ports.
Run the display erps [ ring ring-id ] [ verbose ] command in any view to check whether the
ERPS status is Idle. (Perform this operation on each device on the ERPS ring.)
[Switch] display erps ring 1 verbose
Ring ID
: 1
Description
: Ring 1
Control Vlan
: 1025
Protected Instance
: 0 to 48
: 1
Running (s)
: 0
: 200
Running (csec)
: 0
Ring State
: Idle
RAPS_MEL
: 7
: 0 days 0h:2m:53s
-------------------------------------------------------------------------------Port
Port Role
Port Status
Signal Status
Issue 01 (2013-10-30)

Ltd.
250
S Series Switch
1 Overview
-------------------------------------------------------------------------------GE1/0/1
Common
Forwarding
Non-failed
GE1/0/2
RPL Owner
Discarding
Non-failed
If the ERPS status on a device is not Idle, check that the ERPS configuration is correct.
Go to step 2.
If the ERPS status on all devices is Idle, go to step 4.
Step 2 Check whether the interface with an MEP configured is in Down state.
Run the display interface command in any view to check the interface status.
<Switch> display interface gigabitethernet1/0/1
GigabitEthernet1/0/1 current state : DOWN
Line protocol current state : DOWN
Description:HUAWEI, Quidway Series, GigabitEthernet1/0/1 Interface
Switch Port, PVID :
1, TPID : 8100(Hex), The Maximum Frame Length is 1600
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 000b-0918-8bc1
Port Mode: COMMON COPPER
Speed :
10, Loopback: NONE
Duplex: HALF, Negotiation: ENABLE
Mdi
: AUTO
Last 300 seconds input rate 0 bits/sec, 0 packets/sec
Last 300 seconds output rate 0 bits/sec, 0 packets/sec
Input peak rate 0 bits/sec, Record time: Output peak rate 0 bits/sec, Record time: Input: 0 packets, 0 bytes
Unicast
:
0, Multicast
:
0
Broadcast
:
0, Jumbo
:
0
CRC
:
0, Giants
:
0
Jabbers
:
0, Fragments
:
0
Runts
:
0, DropEvents
:
0
Alignments
:
0, Symbols
:
0
Ignoreds
:
0, Frames
:
0
Discard
:
0, Total Error
:
0
Output: 0 packets, 0 bytes
Unicast
:
0, Multicast
:
0
Broadcast
:
0, Jumbo
:
0
Collisions
:
0, Deferreds
:
0
Late Collisions:
0, ExcessiveCollisions:
0
Buffers Purged :
0
Discard
:
0, Total Error
:
0
Input bandwidth utilization threshold : 100.00%
Output bandwidth utilization threshold: 100.00%
Input bandwidth utilization : 0.00%
Output bandwidth utilization : 0.00%
If the interface is in Down state, run the display this command in the interface view to
check whether the interface has been shut down.
If the command output displays shutdown, run the undo shutdown command in the
interface view.
If the command output does not display shutdown, go to step 3.
If the interface is in Up state, go to step 4.
Step 3 Check whether the physical interface is working properly.
Issue 01 (2013-10-30)

Ltd.
251
S Series Switch
1 Overview
If the physical interface is faulty, rectify the fault according to Ethernet Interface
Troubleshooting.
If the physical interface is working properly, go to step 4.
Step 4 Check whether the interface allows data packets of the specified VLAN to pass.
Run the display this command in the interface view to check the VLANs allowed by the
interface.
[Quidway-GigabitEthernet1/0/1] display this
#
stp disable
erps ring 1
#
If the interface does not allow packets of the specified VLAN to pass, configure it to
allow packets of this VLAN to pass.
If the interface allows packets of the specified VLAN to pass, go to step 5.
Step 5 Collect the following information and contact Huawei technical support personnel.
Configuration file, logs, and alarms of the device
----End



Command
Description
display version
display device
Displays CPU usage.
Issue 01 (2013-10-30)

Ltd.
252
S Series Switch
1 Overview
Command
Description
display interface

twice.
display erps [ring ring-id] statistics
Displays ERPS statistics.
display erps [ring ring-id] verbose
Displays detailed ERPS information.
display logbuffer
display trapbuffer
reset erps statistics
Clears statistics on received and sent RAPS

PDUs.
Issue 01 (2013-10-30)

Ltd.
253
S Series Switch
1 Overview

6.4.1 ERPS Cannot Work Properly When the Switch
Connects to an RTN Device
As shown in Figure 1.1, SwitchA, SwitchB, RTA, and RTB constitute a ring network, and
ERPS is deployed on the four devices. Both the RPL owner port and switch port are blocked.
Figure 1.1 ERPS networking
6.4.1.2 Root Cause

RAPS PDUs sent by the RTN and switch are different. The value of EtherType in RAPS
PDUs sent by the RTN is 0x8809. Actually, the value should be 0x8802. As a result, the
switch cannot send the RAPS PDUs from the RTN. The switch interface is also blocked.

1.
Run the display erps verbose command to check the ERPS port status.
<SwtichB> display erps verbose
Ring ID
Description
Control Vlan
Protected Instance
Holdoff Timer Setting (deciseconds)
Ring State
Issue 01 (2013-10-30)
:
:
:
:
:
:
:
:
1
Ring 1
4094
1
5
Running (s)
: 0
50
Running (csec)
: 0
0
Pending

Ltd.
254
S Series Switch
1 Overview
RAPS_MEL
: 7
: 0 days 0h:31m:36s
------------------------------------------------------------------------------Port
Port Role
Port Status
Signal Status
------------------------------------------------------------------------------Eth-Trunk1
Common
Forwarding
Non-failed
GE2/0/36
Common
Discarding
Non-failed
The RPL owner port of the RTN and GE2/0/36 on SwitchB are blocked, indicating that
the ERPS port status is abnormal.
2.
Run the display erps statistics command to check whether the switch receives RAPS
PDUs from the RTN.
<SwtichB> display erps statistics
------------------------------------------------------------------------------Ring Port
Direction
SF
NR
NRRB
------------------------------------------------------------------------------1 Eth-Trunk1
RX
0
80
0
1 Eth-Trunk1
TX
0
16
0
1 GE2/0/36
RX
0
0
0
1 GE2/0/36
TX
0
11
0
The preceding information shows that GE2/0/36 does not receive RAPS PDUs from
RTNB. Capture packets on the link of GE2/0/36 and compare the RAPS PDUs sent by
the RTN and switch. The value of EtherType in RAPS PDUs sent by the RTN is 0x8809,
and the value of EtherType in RAPS PDUs sent by the switch is 0x8802. The correct
value of EtherType is 0x8802. As a result, the switch cannot send RAPS PDUs from the
RTN.
6.4.1.4 Solution
When customer requirements are met, deploy a loop prevention technology.
6.4.1.5 Summary
In ERPS interworking scenarios, check whether RAPS PDUs sent by devices are correct.
Issue 01 (2013-10-30)

Ltd.
255
S Series Switch
1 Overview
LDT&LBDT
7.1 LDT&LBDT Overview

7.1.1 Loop Detection
Introduction to Loop Detection
Loop detection is a link layer protocol designed for Ethernet networks. An interface with loop
detection enabled detects loops in the local VLAN. After loop detection is configured on an
interface, the device uses the interface to send loop detection packets and detects loops in the
VLAN that the interface belongs to.
When detecting that loop detection packets sent from the interface can be received by other
interfaces on the device, the device considers that loops exist on the network of this interface.
The device sends a trap message to the user and records the event in the log. In addition, the
device sets the interface status (shutdown by default) based on the interface working mode to
minimize the impact of loops on the entire network.
Applicable Scenario of Loop Detection

As shown in Figure 1.1, loops occur because incorrect connections or configuration during
network plan. Each switch is configured to allow VLAN 100. As a result, loops occur in
VLAN 100. Loops cause broadcast storms.
The user requires that loops can be detected and removed in a timely manner to prevent
broadcast storms. To reduce the impact of loops on the network, configure loop detection on
the switches to detect loops and set the interface status.
Issue 01 (2013-10-30)

Ltd.
256
S Series Switch
1 Overview
Figure 1.1 Loop detection
Loop detection can only detect loops but cannot remove loops like the Multiple Spanning Tree Protocol
(MSTP). Before enabling loop detection, disable the loop prevention protocol. An interface blocked by a
loop prevention protocol cannot continue to send loop detection packets.
Loop Detection Implementation

Loop detection is enabled based on VLANs. The device sends loop detection packets with the
destination MAC address of all Fs to all interfaces in a VLAN.
When detecting that broadcast loop detection packets sent from the interface can be received
by other interfaces on the device, the device considers that loops exist on the network of this
interface. The device sends a trap message to the user and records the event in the log. In
addition, the device sets the interface status (shutdown by default) based on the interface
working mode to minimize the impact of loops on the entire network. You can run the loopdetection mode { port-trap | port-blocking | port-nolearning | port-shutdown|portquitvlan } command to configure the action to take after a loop is detected.
7.1.2 Loopback Detection

Introduction to Loopback Detection
Loopback detection detects loops on a network by periodically sending loopback detection
packets. Loopback detection detects loops on a network connected to an interface by checking
whether packets sent out from the interface are received by the interface of the same device. If
detection packets are received by the same interface, a loopback occurs on the interface or
loops occur on the network connected to the interface. If detection packets are received by
other interfaces on the same device, loops occur on the network connected to the interface.
Applicable Scenario of Loopback Detection

Loopback detection applies to the following scenarios:
Issue 01 (2013-10-30)
During network deployment, a loopback usually occurs on a TX-RX interface because

optical fibers are connected incorrectly or the interface is damaged by high voltage. As
shown in Figure 1.1, a loopback occurs on an interface of the switch. As a result, packets
Ltd.
257
S Series Switch
1 Overview
sent from this interface is looped back to the interface, which may cause traffic
forwarding errors or MAC address flapping on the interface.
Figure 1.1 Applicable scenario 1 of loopback detection
As shown in Figure 1.2, a loop occurs on the network connected to the switch. Packets
sent from an interface are sent back to this interface.
Issue 01 (2013-10-30)
As shown in Figure 1.3, a loop occurs on the network where the switch resides. Packets
sent from Interface 1 are forwarded by devices on other networks and looped back to
Interface 2.

Ltd.
258
S Series Switch
1 Overview
You can configure loopback detection on the switch interface to detect loops in the preceding
scenarios. When the device detects a loop on the network connected to one of its interfaces,
the device shuts down this interface to eliminate the loop. When the device detects that the
loop has been removed, it recovers communication on the interface.
Loopback detection cannot prevent loops on the entire network. It only detects loops on a single
node.
A large number of broadcast packets are sent during loopback detection, occupying system
resources; therefore, disable loopback detection if it is not required.
Loopback detection cannot be configured on an Eth-Trunk or its member interfaces.
Loopback detection cannot be used with STP.
V200R003 and later versions support applicable scenario 3.
Loopback Detection Implementation

An interface enabled with loopback detection sends the following two types of frames
(V200R001 is used as an example):
Untagged loopback detection packet: The destination MAC address in the packet is the
BPDU MAC address. This packet is used to detect loopback on a TX-RX interface. The
interface can receive and send untagged loopback detection packets, without being added
to a VLAN.
Tagged loopback detection packet: The destination MAC address in the packet is the
broadcast MAC address with all Fs. This packet is used to detect loops on the
downstream network connected to the interface. The interface can receive and send
tagged loopback detection packets only after the interface is added to a VLAN.
After loopback detection is enabled on an interface, the interface periodically sends detection
packets and checks whether loopback packets are received. If a loopback occurs on an
interface, the device sets the interface in loopback detection state to minimize the impact of
loopback on the entire network. You can run the loopback-detect action { block | nolearn |
shutdown | trap } command to configure an action to take after a loopback is detected. The
default action is shutdown.
Issue 01 (2013-10-30)

Ltd.
259
S Series Switch
1 Overview

Loop Detection
The recovery time on an interface enabled with loop detection is as follows:
V100R003 and earlier versions: 0
V100R006 and later versions: 255s
In V100R003 and earlier versions, if the action is set to block or shutdown, run the
loop-detection recovery-time command to set the recovery time. Otherwise, the
blocked or shutdown interface cannot be restored after a loop is detected.
Starting from V200R001, loop detection can be configured on an Eth-Trunk.
Starting from V200R003, a chassis switch enabled with loop detection can detect loops
in a maximum of 4K VLANs. When a loop is detected on an interface, the interface is
removed from the VLAN to remove loops.
Loopback Detection
Starting from V100R006, the S2300SI/S2700SI supports untagged loopback detection

packets in which the destination MAC address is 0180-c200-000a. On other box
switches, the destination MAC address in untagged loopback detection packets is
changed from all Fs to 0180-c200-000a, starting from V100R006. The patch
V100R006SPH011 is used to change the destination MAC address globally.
The recovery time on an interface enabled with loopback detection is as follows:
V100R003 and earlier versions: three times the detection interval (over 90s)
V100R006 and later versions: three times the packet sending interval (over 15s)
Starting from V200R001, chassis switches support loopback detection.
Starting from V200R003, a box switch enabled with loopback detection can detect
loopback on two interfaces.
Issue 01 (2013-10-30)

Ltd.
260
S Series Switch
1 Overview

7.2.1 Configuring Loop Detection
As shown in Figure 1.1, when packets sent from an interface are sent back to the interface, a
loop exists on the interface. Loops may cause broadcast storms. The loop detection function is
used to detect loops on interfaces.
Figure 1.1 Loop detection networking

1.
Enable loop detection globally.
2.
Enable loop detection in a VLAN.
3.
Enable loop detection on an interface.
4.
Set the loop detection interval on the interface.
5.
Set the recovery time of the blocked interface.

Step 1 Enable loopback detection globally.
[Quidway] loop-detection enable
Step 2 Enable loop detection in a VLAN.

[Quidway] loop-detection enable vlan 200
Step 3 Enable loop detection on an interface.

Issue 01 (2013-10-30)

Ltd.
261
S Series Switch
1 Overview
[Quidway-GigabitEthernet1/0/0]
stp disable
loop-detection mode port-shutdown
Step 4 Set the loop detection interval on the interface.

[Quidway] loop-detection interval-time 10
Step 5 Set the recovery time of the blocked interface.

[Quidway-GigabitEthernet1/0/0] loop-detection recovery-time 20

GE 9/0/0 is automatically shut down when a loop is detected.
----End
Configuration Files
Configuration file of the switch
#
sysname Quidway
#
vlan batch 200
#
loop-detection enable
loop-detection interval-time 10
loop-detection enable vlan 200
#
stp disable
loop-detection mode port-shutdown
loop-detection recovery-time 20
#
return
7.2.2 Configuring Loopback Detection

As shown in Figure 1.1, if there is a loop on the network connected to GE0/0/1, broadcast
storms will occur on the switch or even the entire network. Configure loopback detection on
the switch to detect whether a loopback exists on the interface, which helps determine
whether a loop occurs on the network connected to the interface.
Issue 01 (2013-10-30)

Ltd.
262
S Series Switch
1 Overview
Figure 1.1 Loopback detection networking

1.
Enable loopback detection on an interface.
2.
Specify the VLAN ID of loopback detection packets.
3.
Configure loopback detection parameters.

Step 1 Enable loopback detection on the interface.
[Quidway] interface gigabitethernet 0/0/1
[Quidway-GigabitEthernet0/0/1] loopback-detect enable
[Quidway-GigabitEthernet0/0/1] quit
Step 2 Specify the VLAN ID of loopback detection packets.

[Quidway] vlan 100
[Quidway-vlan100] quit
[Quidway] interface gigabitethernet 0/0/1
[Quidway-GigabitEthernet0/0/1] port hybrid tagged vlan 100
[Quidway-GigabitEthernet0/0/1] loopback-detect packet vlan 100
Step 3 Configure loopback detection parameters.

# Configure the device to block the interface when a loopback is detected.
[Quidway-GigabitEthernet0/0/1] loopback-detect action block
# Set the interface recovery time after a loopback is removed.

[Quidway-GigabitEthernet0/0/1] loopback-detect recovery-time 30
[Quidway-GigabitEthernet0/0/1] quit
# Set the interval for sending loopback detection packets.

[Quidway] loopback-detect packet-interval 10
Issue 01 (2013-10-30)

Ltd.
263
S Series Switch
1 Overview

When a loop occurs on the network connected to GigabitEthernet0/0/1, the interface is
blocked. The interface will recover 30s after the loop is removed.
----End
Configuration Files
Configuration file of the switch
#
sysname Quidway
#
vlan batch 100
#
loopback-detect packet-interval 10
#
loopback-detect enable
loopback-detect recovery-time 30
loopback-detect packet vlan 100
#
return

7.2.3.1 Do Not Configure the Block or Shutdown Action for
the Uplink Interface When Loop Detection Is Enabled
Description: The action to take after a loop is detected is set to block or shutdown. When a
loop is detected, the switch blocks or shuts down the uplink interface, causing a service
interruption.
Root cause: If loop detection is enabled on the uplink interface and in many VLANs, MAC
address entries on the uplink device are occupied. If loop detection is enabled in 4K VLANs,
many MAC address entries are consumed.
Identification method: Run the display loop-detection interface command to view the loop
detection configuration on the uplink interface.
Solution: Do not configure loop detection on an uplink interface that is often considered
secure. If loop detection needs to be enabled on an uplink interface, configure the trap
function.
Versions involved: all versions
For details on how to configure loop detection, see S Series Chassis Switch Loop Detection Deployment
Guide.
7.2.3.2 Set the Recovery Time of the Blocked Interface and

Configure the Trap Function
Description: When configuring loop detection, set the recovery time of the blocked interface
and configure the trap function.
Issue 01 (2013-10-30)

Ltd.
264
S Series Switch
1 Overview
Root cause: When an interface enabled with loop detection detects a loop, chassis switches in
V1R6 and earlier versions do not record logs. The loop detection trap function needs to be
enabled.
Identification method:
Set the recovery time of the blocked interface:
Chassis switch
[Quidway-GigabitEthernet1/0/0] loop-detection recovery-time 20
Box switch of V1R5 and later versions

[Quidway-GigabitEthernet0/0/1]loopback-detect recovery-time 20
Enable the trap function:
Chassis switch of V1R1/V1R2

[Quidway] snmp-agent trap enable loop-detection
Chassis switch of V1R3 and later versions

[Quidway] snmp-agent trap enable feature-name ldp
Box switch of V1R5/V1R6

The trap function is enabled by default.
Box switch of V2R1

[Quidway] snmp-agent trap enable feature-name lbdt
Solution: When configuring loopback detection, set the recovery time of the
blocked interface and configure the trap function.
Versions involved: V100R001/V100R002/V100R003 of chassis switches and

V100R005/V100R006/V200R001 of box switches
For details on how to configure loop detection, see S Series Chassis Switch Loop Detection Deployment
Guide.
Issue 01 (2013-10-30)

Ltd.
265
S Series Switch
1 Overview
7.3 Troubleshooting
Loop detection is used to detect loops. Sometimes, loops cannot be detected.
Box switches send untagged loopback detection packets to detect loops. Check whether
the downlink device can transparently transmit BPDUs.
The chassis switch configured with loop detection cannot detect loops. Check whether
the downlink device can transparently transmit packets from the VLAN in which loop
detection is enabled.
7.3.2 Chassis Switch Configured with Loop Detection

Cannot Detect Loops
The chassis switch configured with loop detection cannot detect loops.

1.
Check whether the loop detection configuration is correct.
2.
Check whether the downlink device can transparently transmit packets from the VLAN
in which loop detection is enabled.
Issue 01 (2013-10-30)

Ltd.
266
S Series Switch
1 Overview

Figure 1.1 Failure to detect loops

Step 1 Check whether the loop detection configuration is correct.
Run the display loop-detection command to check the VLAN enabled with loop detection. If
loop detection is not enabled, run the loop-detection enable vlan command to enable loop
detection in the VLAN.
[Quidway]display loop-detection
Loop Detection is enabled.
Detection interval time is 5 seconds.
Following vlans enable loop-detection:
vlan 1 to 800
Following ports are blocked for loop:
NULL
Following ports are shutdown for loop:
NULL
Issue 01 (2013-10-30)

Ltd.
267
S Series Switch
1 Overview
Following ports are nolearning for loop:

NULL
Following ports are trapped for loop:
NULL
Following ports are quitvlan for loop:
NULL
Run the display loop-detection interface command to check whether the interface is added
to the VLAN. If not, add the interface to the VLAN.
[Quidway]display loop-detection interface GigabitEthernet 1/0/1
The port is enabled.
The port's status list:
Status
WorkMode
Recovery-time
EnabledVLAN
----------------------------------------------------------------------Normal
Shutdown
255
1
Normal
Shutdown
255
2
Normal
Shutdown
255
3
Normal
Shutdown
255
4
Normal
Shutdown
255
5
Step 2 Check whether the downlink interface is added to the VLAN enabled with loop detection.
Check whether the downlink interface is added to the VLAN enabled with loop detection and
ensure that loop detection packets can be forwarded.
Step 3 If the fault persists, contact Huawei technical support personnel.
----End
7.3.3 Switch Configured with Loopback Detection

Cannot Detect Loops
Loops occur on the downstream device connected to the switch with loopback detection
enabled, but the switch cannot detect loops.

1.
Check whether the loopback detection configuration is correct.
2.
Check whether the downlink device can transparently transmit loopback detection
packets.
Issue 01 (2013-10-30)

Ltd.
268
S Series Switch
1 Overview

Figure 1.1 Failure to detect loops

Step 1 Check whether the loopback detection configuration is correct.
Run the display loopback-detect command to check whether loopback detection is enabled
globally and on the interface. If not, run the loopback-detect enable command to enable
loopback detection globally and on the interface.
<S53EI_117> display loopback-detect
Loopback-detect sending-packet interval:
Interface
RecoverTime
Action
Status
block
NORMAL
If the interface uses untagged loopback detection packets to detect a loopback, you are
advised to run the loopback-detect packet vlan command (excluding the S2300SI/S2700SI).
Issue 01 (2013-10-30)

Ltd.
269
S Series Switch
1 Overview
Starting from V200R001, when the action is set to shutdown, the buildrun information is not generated
when a loop is detected. The interface status is displayed as LOOPBACK-DETECT DOWN in the
display interface command output. After the loop is eliminated, run the shutdown and undo shutdown
commands to restore the interface. If the recovery time is reached, the interface is restored when no loop
exists in all VLANs including the VLAN specified by the PVID in untagged mode.
Step 2 Check whether the downlink device can transparently transmit loopback detection packets.
If the switch interface is configured to use tagged loopback detection packets, check whether
the downlink device is added to the VLAN. Ensure that loopback detection packets can be
forwarded.
If the switch interface is configured to use untagged loopback detection packets, perform
either of the following operations:
V100R006: Load V100R006SPH011 and run the loopback-detect untagged macaddress command to change the destination MAC address to all Fs (excluding
S2300SI/S2700SI).
V200R001: Check whether the downlink device can transparently transmit BPDUs with
the destination MAC address as 0180-c200-000a.
Step 3 If the fault persists, contact Huawei technical support personnel.

----End



Command
Description
display version
display device
Displays CPU usage.
display interface

twice.
display loop-detection
Displays information about the loop detection

function in the system.
Issue 01 (2013-10-30)

Ltd.
270
S Series Switch
1 Overview
Command
Description
display loop-detection interface
Displays information about the loop detection

function on an interface.
display loopback-detect
Displays the loopback detection configuration and

status of interfaces with loopback detection
enabled.
Issue 01 (2013-10-30)

Ltd.
271
S Series Switch
1 Overview

7.4.1 S2700SI Configured with Loopback Detection
Cannot Detect Loops
The S2700SI V100R006C03 connects to the S2700EI, and the S2700EI connects to the office
network.
The inbound bandwidth usage of the downlink interface on the S2700SI increases
continuously. Loops occur on the office network, but the S2700SI configured with loopback
detection cannot detect loops.
7.4.1.2 Root Cause

Starting from V100R006, the S2700SI supports loopback detection. Because the S2700SI has
no ACL resources, it uses the BPDU register to capture protocol packets for detecting loops.
In untagged mode, the S2700SI sends BPDUs. In this situation, the downlink device must be
able to transparently transmit BPDUs. The downlink switch S2700EI terminates BPDUs or
sends BPDUs to the CPU for processing. Loopback detection packets sent by the S2300SI
interface cannot be forwarded by the S2300Ei, so the S2300SI cannot detect loops.

Configure loopback detection on the S2300SI and check whether the downlink device can
transparently transmit BPDUs.
7.4.1.4 Solution
The S2300SI does not support loopback detection. It is recommended that loopback detection
be configured on the S2300EI to detect loops.
7.4.2 S5700 Configured with Loopback Detection in

Untagged Mode Cannot Detect Loops
The S5700 version is V100R006C00SPC800.
Issue 01 (2013-10-30)

Ltd.
272
S Series Switch
1 Overview
Loops occur on the S5700SI. Although loopback detection in untagged mode is configured on
GE0/0/40 of the S5700EI, the S5700EI cannot detect loops on the S5700SI.
7.4.2.2 Root Cause

On the box switch of V100R006, the destination MAC address of untagged loopback
detection packets is 0180-c200-000a. After receiving untagged loopback detection packets
with the destination MAC address of 0180-c200-000a, GE0/0/40 on the S5700SI terminates
the packets. That is, the box switch of V100R006 does not support loopback detection in
untagged mode.

When loopback detection in untagged mode is configured on the box switch, check whether
the downlink switch can transparently transmit untagged loopback detection packets with the
destination MAC address of 0180-c200-000a.
7.4.2.4 Solution
Load the patch V100R006SPH011. Change the destination MAC address in untagged
loopback detection packets to all Fs so that packets can be broadcast on the downlink device.
Then loops can be detected.
Issue 01 (2013-10-30)

Ltd.
273
S Series Switch
1 Overview
FAQ
8.1 What Is the Destination MAC Address of

SEP Packets?
The destination MAC address of P2P packets such as SEP neighbor packets is 0025-9efb3d6f.
The destination MAC address of packets broadcast in the SEP segment, for example, packets
for primary edge port election, is 0025-9efb-3d70.
8.2 Which Interface Blocking Modes Does SEP

Support?
SEP supports the following interface blocking modes:
[Quidway-sep-segment1]block port ?
hop
Hop count
middle
Port in the middle of the segment
optimal Port with the highest priority
sysname Specify the system name
Specify a blocked interface based on the configured hop count.
Specify the interface in the middle of a SEP segment as the blocked interface.
Specify the interface with the highest priority as the blocked interface.
Specify a blocked interface based on the device and interface names.
8.3 After the SEP Topology Changes, Which

Protocols Can Be Instructed to Update
Forwarding Entries?
After the SEP topology changes, SEP can instruct RRPP, segment, Smart Link, and STP to
update forwarding entries.
Issue 01 (2013-10-30)

Ltd.
274
S Series Switch
1 Overview
[Quidway-sep-segment1]tc-notify ?
rrpp
Rapid ring protection protocol
segment
Segment
smart-link Smart-link
stp
Spanning Tree Protocol
8.4 What Is the Difference Between bpdu

enable and bpdu bridge enable on the Chassis
Switch Interface?
To differentiate the bpdu enable command on the box switch, the chassis switch of
V100R003 uses the bpdu bridge enable command.
The bpdu enable command on the interface of the S9300 V100R002 and the bpdu bridge
enable command on the interface of the S9300 starting from V100R003 enable the interface
to forward BPDUs. The interface uses the hardware to forward the packets that have the
destination MAC address of the BPDU MAC address and are not sent to the CPU. The
display bpdu mac-address command can be used to check the BPDU MAC address.
8.5 Why the Switch Is Not the Root Bridge

After stp root primary Is Configured Globally?
The stp root primary command sets the STP priority to 0, but cannot ensure that the switch
is the root bridge. If the priority of another switch is 0 and the bridge MAC address is smaller
than that of the local device, the local device is not selected as the root bridge.
8.6 What Does the Message Age Field in STP

BPDUs Represent and How Is This Field Used?
The switch determines whether the received configuration BPDU expires according to the
Max Age value. If the Message Age value is larger than or equal to the Max Age value, the
configuration BPDU ages. If the configuration BPDU expires, the switch recalculates the
spanning tree.
The Message Age field in STP BPDUs is described as follows:
Issue 01 (2013-10-30)
STP compares the Message Age value with the Max Age value to determine whether the
configuration BPDU expires. When the switch receives a configuration BPDU from its
upstream device, it determines whether the Message Age value in the configuration
BPDU is smaller than the Max Age value. If the Message Age value in the configuration
BPDU is smaller than the Max Age value, the switch sends the configuration BPDU with
the Message Age value plus 1 to the downstream bridge. If the Message Age value in the
configuration BPDU is larger than or equal to the Max Age value, the switch considers
that the configuration BPDU expires, and the receive interface enters the Discarding
state. The switch then sends a configuration BPDU with itself as the root bridge. In this
case, the Message Age value in the configuration BPDU received by the downstream
bridge is 0.
Ltd.
275
S Series Switch
1 Overview
RSTP re-defines increments of the Message Age value. Each time a configuration BPDU
passes through a bridge, the increment of the Message Age value is the maximum value
between 1/16 of the Max Age that is rounded off and 1. When the Max Age value is
smaller than 24, the increment is 1. When the Max Age value is larger than or equal to 24
and smaller than 40, the increment is 2. When the Max Age value is equal to 40, the
increment is 3, and so on.
The implementation of MSTP is similar to that of RSTP.
On S series switches, the default value of Max Age is 2000 centiseconds (20s).
The Max Age value is invalid for MSTIs. If the switch is the CIST root bridge, it determines
whether the configuration BPDU expires according to the Max Age value. If the switch is not
the CIST root bridge, it uses its configured Max Age value.
The Hello time, Forward delay, and Max Age must conform to the following formulas:
2 x (Forward delay - 1.0 seconds) >= Max Age
Max Age >= 2 x (Hello time + 1.0 seconds)
STP works properly only when the three values conform to the preceding formulas.
It is recommended the default values of the Hello time (2s), Forward delay (15s), and Max
Age (20s) be used on S series switches.
8.7 How Does a Switch Interface Connected to

a Non-Huawei Device Process the Received
BPDU in a Different Format?
S series switches comply with IEEE 802.1s MSTP and support dot1s and legacy formats. By
default, the packet format is auto. In auto mode, the switch interface is allowed to
automatically switch to the MSTP protocol packet format used by the remote end based on the
packet format received from the remote end.
When the switch interface is configured to receive only packets in dot1s or legacy format, it
does not process the received packets in a different format and generates the following alarm:
MSTP/3/PACKET_ERR_COMPLIAN:The port compliance protocol type of the the packet
received by MSTP from the port [port-name] is invalid.
If this situations, perform the following operations:

1.
Use a packet capture tool to record received error packets.
2.
Query and record the information about the interface on the remote end, including the
manufacturer, version, and configuration.
3.
Issue 01 (2013-10-30)
If a Huawei device is used, run the display version, display interface, and display
current-configuration commands.
If a non-Huawei device is used, run commands provided by the manufacturer to

obtain information on the device.
If an invalid packet was received by MSTP and hence the STP status was incorrect, loops
may occur at Layer 2. It is recommended that the interface be shut down to prevent
broadcast storms. To view the STP status and check whether loops occur, run the display
stp brief command. After confirming that loops are removed, run the undo shutdown
command to enable the interface.
Ltd.
276
S Series Switch
4.
1 Overview
Provide the error packets and collected information to Huawei technical support
personnel.
8.8 Can S Series Switches Transparently

Transmit BPDUs By Default?
By default, box switches cannot transparently transmit BPDUs. To transparently transmit
BPDUs, configure a Layer 2 protocol tunnel.
On the chassis switch, run the stp disable and bpdu enable/bpdu bridge enable commands
to configure the interface to transparently transmit BPDUs.
8.9 Can S Series Switches Transparently

Transmit Cisco PVST+ Packets By Default?
S series switches can transparently transmit Cisco PVST+ packets as common multicast data
packets or using the Layer 2 protocol tunnel. When a box switch transparently transmits Cisco
PVST+ packets using the Layer 2 protocol tunnel, run the bpdu mac-address 0100-0ccccccd command.
8.10 Do BPDUs Sent by S Series Switches

Carry VLAN Tags By default, and How Do S
Series Switches Process Tagged BPDUs?
BPDUs sent by S series switches do not carry VLAN tags by default. You can run the stp
bpdu vlan vlan-id command to configure the interface to add the VLAN ID to outgoing
BPDUs. Before running this command, ensure that the interface has been added to the VLAN.
When the STP-enabled interface receives tagged BPDUs, the interface that does not join the
VLAN specified by the VLAN tag in the BPDUs discards the BPDUs. If the interface has
been added to the VLAN specified by the VLAN tag in the BPDUs, and the stp bpdu vlan
command is not used or the VLAN ID in the stp bpdu vlan vlan-id command is the same as
the VLAN ID in BPDUs, the interface correctly processes the BPDUs. If the VLAN ID in the
stp bpdu vlan vlan-id command is different from the VLAN ID in BPDUs, the interface
discards the BPDUs.

RRPP Packets?
Packet Type
Destination MAC Address
HEALTH (HELLO)
000F-E207-8217
LINK-DOWN
000F-E207-8257
Issue 01 (2013-10-30)

Ltd.
277
S Series Switch
1 Overview
Packet Type
Destination MAC Address
COMMON-FLUSH-FDB
000F-E207-8297
COMPLETE-FLUSH-FDB
EDGE-HELLO
MAJOR-FAULT
EDGE-HELLO and MAJOR-FAULT packets use the

same destination MAC address depending on the ring ID.
000F-E207-82D7~000F-E207-8316
8.12 What Are the Precautions for Configuring

RRPP?
RRPP and MSTP cannot be configured simultaneously. Before creating an RRPP ring, disable
STP on the interfaces to be added to the RRPP ring.
The RRPP convergence speed depends on the number of domains and rings. The convergence
speed is high when the number of domains and rings is small.
8.13 How Does RRPP Implement Fast

Switching?
The RRPP switchover time is guaranteed by the switchover mechanism, which is irrelevant to
the interval for sending Hello packets. Although the minimum interval for sending Hello
packets is 1s, Hello packets are used only for loop detection.
The switchover mechanism of an RRPP ring is as follows:
If a link on the ring is faulty, the port directly connected to the link goes Down.
The transit node immediately sends a Link-Down packet to the master node to report the
link status change.
When receiving the Link-Down packet, the master node considers that the ring fails, so it
unblocks the secondary port and sends a packet to instruct other transit nodes to refresh
Forwarding DataBases (FDBs).
After other transit nodes refresh their FDBs, the data stream is switched to a link in the
Up state.
8.14 Why Statistics on Health Packets Cannot

Be Displayed on the RRPP Transit Node?
Because the RRPP transit node does not send Health packets, the statistics on Health packets
are 0. There are statistics on Health packets on the master node. Check whether received and
sent Health packets are normal according to the statistics on Health packets on the master
node.
Issue 01 (2013-10-30)

Ltd.
278
S Series Switch
1 Overview
Run the display rrpp statistics domain id command to view the statistics on RRPP packets.
8.15 How Is Load Balancing Implemented

When RRPP Is Deployed?
On an RRPP network, for the protected instance, each ring supports only one blocking port, so
load balancing cannot be implemented on each ring. You can configure two domains and add
interfaces to the two domains so that different blocking ports in two domains are used,
implementing load balancing.
8.16 What Is the Maximum Number of Devices

That Can be Configured on an RRPP Ring?
Primary and secondary ports of the master node send Hello packets. If the secondary port
periodically receives Hello packets, the master node considers the RRPP ring in Complete
state and blocks the secondary port to eliminate loops. Hello packets are forwarded fast
depending on the chip. The maximum number of devices that can be configured on an RRPP
ring is not limited. When many devices are configured on an RRPP ring, it takes a long time
to rectify any link or node fault. It is recommended that a maximum of 16 devices be
configured on an RRPP ring.
8.17 Can Smart Link and Monitor Link Be

Configured on an Eth-Trunk?
Smart Link and Monitor Link can be configured on an Eth-Trunk.
8.18 Can Monitor Link Be Used Separately?

Monitor Link can be used separately.
8.19 What Is ERPS?

Ethernet Ring Protection Switching (ERPS) is a protocol defined by the International
Telecommunication Union - Telecommunication Standardization Sector (ITU-T) to prevent
loops at Layer 2. As the standard number is ITU-T G.8032/Y1344, ERPS is also called
G.8032. ERPS defines Ring Auto Protection Switching (RAPS) Protocol Data Units (PDUs)
and protection switching mechanisms.
Issue 01 (2013-10-30)

Ltd.
279
S Series Switch
1 Overview

RAPS PDUs?
The destination MAC address of RAPS PDUs is 0119-a700-0001.
8.21 Can ERPS-enabled S Series Switches

Connect to Non-Huawei Devices?
Siemens, Juniper, Alcatel-Lucent, and Cisco have their G.8032 implementations. S series
switches enabled with G.8032 can connect to devices from Siemens, Juniper, Alcatel-Lucent,
and Cisco.
8.22 Do S Series Switches Support Subrings?

V200R001 supports only ring-ring networking in which downlink subrings cannot be used.
8.23 Does ERPS on S Series Switches Support

Load Balancing?
One or two ERPS rings can be configured on a physical ring. You can configure different
protected instances for different ERPS rings. Different VLANs can use separate paths,
implementing traffic load balancing and link backup.
8.24 Can ERPS Be Used with Other Ring

Network Protocols on the Same Networking?
ERPS cannot be used with other ring network protocols on the same networking.
8.25 Can ERPS Be Configured on an Eth-Trunk?

ERPS can be configured on an Eth-Trunk.
8.26 What Is the Difference Between Loopback

Detection and Loop Detection?
The difference between loopback detection and loop detection is as follows:
Issue 01 (2013-10-30)
Loopback detection is used on the edge switch to prevent fiber loopback on the switch
interface or packets from being looped back to the local interface. Loop detection is used
on the aggregation switch to detect loopback and loops on the layer 2 network.
Ltd.
280
S Series Switch
1 Overview
Loopback detection is configured on an interface, and loop detection is configured in the

system.
Starting from V200R001, chassis switches support loopback detection. Starting from
V200R003, a box switch enabled with loopback detection can detect loops on two interfaces.
8.27 What Is the Interval for Sending Loopback

Detection Packets on an Interface and What Is
the Difference Between the Loopback
Detection Packets Sent by Two Interfaces?
V100R003 and V100R005:

An interface sends a loopback detection packet every 100 ms. You can set the interval for
sending loopback detection packets by using the loopback-detect interval interval-time
command. In the command, interval-time ranges from 5 to 300, in seconds. By default,
the interval for sending loopback detection packets is 30s.
The difference between the loopback detection packets sent by two interfaces is that the
protocol numbers carried in packets are different, which is used to distinguish different
interfaces. By default, the protocol ID of interface 1 on the S3300 is 0x606 and the
protocol IDs of the other interfaces are incremented. You can run the loopback-detect
protocol protocol-id command to manually set the protocol ID. The protocol ID must be
different from any existing protocol ID. For details, see the command reference.
V100R006
An interface sends a loopback detection packet every 5s. You can set the interval for
sending loopback detection packets by using the loopback-detect packet-interval
packet-interval-time command. In the command, packet-interval-time ranges from 1 to
300, in seconds.
The switch adds the interface index to outgoing loop detection packets. When an
interface receives loop detection packets, it differentiates the loop detection packets
according to the interface index.
Detection packets are sent frequently; therefore, the CPU usage will increase if the loop
detection function is enabled on all interfaces.
8.28 After Loop Detection or Loopback

Detection Detects Loops, the Interface Is
Blocked. Does the Switch Continue to Send
Protocol Packets?
Loop detection packets and tagged loopback detection packets are broadcast packets with the
destination MAC address as all Fs. After the interface is blocked, the switch cannot send loop
detection packets or tagged loopback detection packets. The destination MAC address of
untagged loopback detection packets is the BPDU MAC address. After the interface is
blocked, the switch can continue to send untagged loopback detection packets.
Issue 01 (2013-10-30)

Ltd.
281
S Series Switch
1 Overview
Switch Logs and Diagnosis Logs
Chassis Switch
Command for collecting diagnosis information:

display diagnostic-information
Log files and diagnosis logs
Step 1: Run the save logfile command in the common view to save the configuration
file.
Step 2: Run the save diag-logfile command in the hidden view (diagnosis view after
V200R001) to save the diagnosis log file.
Step 3: Start the FTP server on the PC and download the primary log files and
diagnosis log files to the PC.
Log files of the master MPUs on an S9300 or S7700 series are stored in cfcard:/logfile, and those of
the slave MPUs are stored in slave#cfcard:/logfile.
The following table lists log file names.
Version
Issue 01 (2013-10-30)
Log File Name
Diagnosis File
Name
V100R002
log.txt
diag.txt
V100R003
log.log
log.dblg
V100R006
log.log
log.dblg
V200R001
log.log
log.dblg

Ltd.
282
S Series Switch
1 Overview
Log files and diagnosis log files of the master MPUs are mandatory. If a fault triggers a switchover
or the slave MPUs fail, you must collect log files and diagnosis log files of the slave MPUs. If a CSS
is torn down, collect log files and diagnosis log files on the four MPUs.
When the size of a log file exceeds the threshold, the switch automatically archives the log file and
saves it as a .zip file. For example, 2012-11-27.05-00-25.log.zip and 2012-11-15.05-22-32.diag.zip
are respectively an archived log file and a diagnosis log file. The file name indicates the archiving
time. Therefore, collect the log file and diagnosis log file generated when the fault occurs.
If the FTP server is unavailable, run the more command, such as more log.log. To collect diagnosis
log files of V100R003 or later, run the display diag-logfile command in the hidden view
(V100R003/V100R006) or diagnosis view (V200R001 or later), for example, display diag-logfile
cfcard:/logfile/log.dblg. It takes a long time to collect a large log file. FTP is recommended for
downloading log files.
Box Switch
Command for collecting diagnosis information:

display diagnostic-information
Logs
In V100R003 and V100R005:
Step 1: Run the display logbuffer command to collect information in the log buffer.
Step 2: Run the display trapbuffer command to collect information in the trap
buffer.
Box switches support log file recording from V100R006; therefore, perform the
following operations to collect log files:
Issue 01 (2013-10-30)
Step 1: Run the save logfile command in the common view to save the configuration
file.
Step 2: Start the FTP server on the PC and download the primary log files and
diagnosis log files to the PC.
Log files of box switches are saved in flash:/syslogfile and flash:/resetinfo.
If a CSS is torn down or fails to be reset, collect log files of all devices in the CSS.
Box switches have only a small number of log files. Send all files in directories syslogfile and
resetinfo to R&D for analysis.
Directories syslogfile or resetinfo may not exist on some models due to hardware restrictions, so
you do not need to collect log files.

Ltd.
283
S Series Switch
10
1 Overview
Debugging Command Reference
10.1 SEP Debugging Command Reference

Command
Description
debug sep common [ segment <segmentid> | interface { { <interface-type>

<interface-number> } | <interface-name> }
]
Enables SEP common debugging on a SEP

segment or interface.
debug sep error [ segment <segment-id> |

interface { { <interface-type> <interfacenumber> } | <interface-name> } ]
Enables the debugging of SEP errors on a

SEP segment or interface.
debug sep machine [ segment <segmentid> | interface { { <interface-type>

]
Enables the debugging of SEP state machine

on a SEP segment or interface.
debug sep message [ segment <segmentid> | interface { { <interface-type>

]
Enables the debugging of SEP messages on a

SEP segment or interface.
debugging sep pdu [ lsa | nbr | preempt |

epa ] [ transmit | receive ] [ segment
<segment-id> | interface { { <interfacetype> <interface-number> } | <interfacename> } ]
Enables the debugging of SEP PDUs. The

packet type, transmission direction, SEP
segment ID, and interface can be specified.
debug sep all [ segment <segment-id> |

interface { { <interface-type> <interfacenumber> } | <interface-name> } ]
Enables all the SEP debugging on a SEP

segment or interface.
Issue 01 (2013-10-30)

Ltd.
284
S Series Switch
1 Overview
10.2 STP Debugging Command Reference

Command
Description
debugging [ interface interface-type

interface-number ] stp event
Enables the debugging of STP events on

an interface.
debugging stp interface interface-type

interface-number packet { all | receive |
send }
Enables the debugging of received and

sent STP BPDUs.
debugging stp instance instance-id event
Enables the debugging of STP events in an

instance.
10.3 RPPP Debugging Command Reference

Command
Description
debugging rrpp [domain <domain-id>

[ring <ring-id>]] error
Enables the debugging of RRPP errors.

[ring <ring-id>]] event
Enables the debugging of RRPP events.

[ring <ring-id>]] packet
Enables the debugging of RRPP packets.
debugging rrpp all
Enables all the RRPP debugging.
10.4 Smart Link Debugging Command

Reference
Command
Description
debugging smart-link event
Enables the debugging of Smart Link events.
debugging smart-link error
Enables the debugging of Smart Link errors.
debugging smart-link flush {all|receive|

send}
Enables the debugging of received and sent

Smart Link flush packets.
debugging smart-link fsm-machine
Enables the debugging of Smart Link state

machine.
Issue 01 (2013-10-30)

Ltd.
285
S Series Switch
1 Overview
10.5 ERPS Debugging Command Reference

Command
Description
debugging erps error [ ring <ring-id> | interface

{ { <interface-type> <interface-number> } |
<interface-name> } ]
Enables the debugging of ERPS

errors on a specified ring or
interface.
debugging erps fsm [ ring <ring-id> ]

state machine on a specified ring or
interface.
debugging erps message [ ring <ring-id> | interface

Enables the debugging of RAPS

PDUs on a specified ring or
interface.
debugging erps message [receive | transmit] [ ring

<ring-id> | interface { { <interface-type>
<interface-number> } | <interface-name> } ]

packets. The transmission direction,
ring ID, and interface can be
specified.
debugging erps error [ ring <ring-id> | interface

Enables all the ERPS debugging on

a specified ring or interface.
Issue 01 (2013-10-30)

Ltd.
286
S Series Switch
A Acronyms and Abbreviations
Acronyms and Abbreviations
SEP
Smart Ethernet Protection
LSA
Link Status Advertisement
RRPP
Rapid Ring Protection Protocol
STP
Spanning Tree Protocol
RSTP
Rapid Spanning Tree Protocol
MSTP
Multiple Spanning Tree Protocol
BPDU
Bridge Protocol Data Unit
TC
Topology Change
SMLK
Smart Link
ERPS
Ethernet Ring Protection Switching
LDT
Loop Detection
LBDT
Loopback-detect
DLDP
Device Link Detection Protocol
Issue 01 (2013-10-30)

Ltd.
287

S Series Switch Feature Start-Loop Prevention V1.0 D

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

S Series Switch Feature Start-Loop Prevention V1.0 D

Hochgeladen von

Copyright:

Verfügbare Formate

S Series Switch

Feature Start - Loop Prevention

HUAWEI TECHNOLOGIES CO., LTD.

Copyright Huawei Technologies Co., Ltd. 2013. All rights reserved.

Trademarks and Permissions

Huawei Technologies Co., Ltd.

Huawei Industrial Base

Huawei Proprietary and Confidential

About This Document

About This Document

Technical support engineers

Huawei Proprietary and Confidential

About This Document

Huawei Proprietary and Confidential

Huawei Proprietary and Confidential

2.2.4.1 Networking Description.........................................................................................................................................47

Huawei Proprietary and Confidential

3.2.2 Scenario 2: Configuring Basic MSTP Functions......................................................................................................87

Huawei Proprietary and Confidential

3.4.2.3 Identification Method...........................................................................................................................................133

Huawei Proprietary and Confidential

4.3.2.1 Fault Description..................................................................................................................................................181

5 Smart Link................................................................................ 193

Huawei Proprietary and Confidential

5.2.2.3 Configuration Example........................................................................................................................................200

Huawei Proprietary and Confidential

6.2.1.1 Networking Description.......................................................................................................................................231

Huawei Proprietary and Confidential

Huawei Proprietary and Confidential

8.12 What Are the Precautions for Configuring RRPP?..................................................................................................276

9 Switch Logs and Diagnosis Logs.................................................280

A Acronyms and Abbreviations......................................................285

Huawei Proprietary and Confidential

1.1 Introduction to Loop Prevention

Huawei Proprietary and Confidential

1.2 Comparison Between Ethernet Loop

Provides a fast convergence speed.

Ensures that the convergence time

Supports open ring, closed ring,

Works with other Ethernet ring

Provides easy maintainability and

Supports easy configuration and

Prevents traffic from being

Provides flexible selection policy

Provides good robustness and does

Detects unidirectional links

Provides good interoperability as

STP convergence time is long

Provides good physical topology

Supports scenarios in which

A larger network radius indicates

STP supports load balancing only

SEP is the latest Huawei proprietary

Provides enhanced functions that

Huawei Proprietary and Confidential

Provides a fast convergence speed.

RRPP supports only single ring

Ensures that the convergence time

RRPP cannot be used with STP

RRPP has poor robustness and

RRPP cannot be used to detect

Each ring must use a unique

RRPP is a Huawei proprietary

The configuration is complex.