HP VPN Firewall Appliances Network Management Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

121

122

123

124

125

126

127

128

129

130

Configuration prerequisites

Before you enable digest snooping, make sure associated devices of different vendors are connected

and running spanning tree protocols.

To enable digest snooping, you must follow these guidelines:

• With the digest snooping feature enabled, in-the-same-region verification does not need

comparison of configuration digest, so the VLAN-to-instance mappings must be the same on

associated ports.

• When digest snooping is globally enabled, if you modify the VLAN-to-instance mapping or use the

undo stp region-configuration command to restore the default MST region configuration, traffic

might be interrupted because the local VLAN-to-instance mapping is different from that on a

neighbor device. Perform these operations with caution.

• To make digest snooping take effect, you must enable it both globally and on associated ports. HP

recommends that you enable digest snooping on all associated ports first and then globally. This

will make the configuration take effect on all configured ports and reduce impact on the network.

• To avoid loops, do not enable digest snooping on MST region edge ports.

• HP recommends that you enable digest snooping first and then the spanning tree feature. To avoid

traffic interruption, do not configure digest snooping when the network is already operating

correctly.

Configuration procedure

You can enable digest snooping only on an HP device that is connected to a third-party device which

uses its private key to calculate the configuration digest.

To configure digest snooping:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter Ethernet interface

view or Layer 2 aggregate

interface view.

interface interface-type interface-number N/A

3. Enable digest snooping on

the interface.

stp config-digest-snooping

By default, digest snooping

is disabled on a port.

4. Return to system view.

quit N/A

5. Enable global digest

snooping.

stp config-digest-snooping

By default, digest snooping

is disabled globally.

Digest snooping configuration example

1. Network requirements

{ As shown in Figure 54, Firewall A and Firewall B connect to Device, which is a third-party device.

All these devices are in the same region.

{ Enable digest snooping on the ports of Firewall A and Firewall B that connect to Device, so that

the three devices can communicate with one another.