4-31
Before enabling digest snooping, ensure that associated devices of different vendors are
interconnected and run MSTP.
Configuring the Digest Snooping feature
You can enable Digest Snooping only on a device that is connected to a third-party device that uses its
private key to calculate the configuration digest.
Follow these steps to configure Digest Snooping:
To do...
Use the command...
Remarks
Enter system view
system-view
—
Enter Ethernet
interface view, or
Layer 2 aggregate
interface view
interface interface-type
interface-number
Enter
interface view
or port group
view
Enter port group
view
port-group manual
port-group-name
Required
Use either command.
Enable digest snooping on the
interface or port group
stp config-digest-snooping
Required
Not enabled by default
Return to system view
quit
—
Enable global digest snooping
stp config-digest-snooping
Required
Not enabled by default
z
With the Digest Snooping feature enabled, comparison of configuration digest is not needed for
in-the-same-region check, so the VLAN-to-instance mappings must be the same on associated
ports.
z
With global Digest Snooping enabled, modification of VLAN-to-instance mappings and removing
of the current region configuration using the
undo stp region-configuration
command are not
allowed. You can only modify the region name and revision level.
z
You need to enable this feature both globally and on associated ports to make it take effect. It is
recommended to enable the feature on all associated ports first and then globally, thus making the
configuration take effect on all configured ports and reducing impact on the network, and disable
the feature globally to disable it on all associated ports.
z
You are recommended not to enable Digest Snooping on MST region edge ports, thus avoiding
loops.
z
You are recommended to enable Digest Snooping first and then MSTP. Do not configure Digest
Snooping when the network works well, thus avoiding traffic interruption.