Concept Guide
Figure 37. FIP Discovery and Login Between an ENode and an FCF
FIP Snooping on Ethernet Bridges
In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF. Then, using
ACLs, a transit bridge can permit only authorized FCoE trac to be transmitted between an FCoE end-device and an FCF. An Ethernet
bridge that provides these functions is called a FIP snooping bridge (FSB).
On a FIP snooping bridge, ACLs are created dynamically as FIP login frames are processed. The ACLs are installed on switch ports
congured for ENode mode for server-facing ports and FCF mode for a trusted port directly connected to an FCF.
Enable FIP snooping on the switch, congure the FIP snooping parameters, and congure CAM allocation for FCoE. When you enable FIP
snooping, all ports on the switch by default become ENode ports.
Dynamic ACL generation on the switch operating as a FIP snooping bridge function as follows:
Port-based ACLs
These ACLs are applied on all three port modes: on ports directly connected to an FCF, server-facing ENode ports,
and bridge-to-bridge links. Port-based ACLs take precedence over global ACLs.
FCoE-generated
ACLs
These take precedence over user-congured ACLs. A user-congured ACL entry cannot deny FCoE and FIP
snooping frames.
The following illustration shows a switch used as a FIP snooping bridge in a converged Ethernet network. The top-of-rack (ToR) switch
operates as an FCF for FCoE trac. Converged LAN and SAN trac is transmitted between the ToR switch and an core switch. The
switch operates as a lossless FIP snooping bridge to transparently forward FCoE frames between the ENode servers and the FCF switch.
FCoE Transit
381