Administrator Guide
• To allow FIP frames to pass through the switch on all VLANs, enable FIP snooping globally on a switch.
• A switch can support a maximum eight FIP snooping VLANs. Congure at least one FCF/bridge-to-bridge port mode interface for any
FIP snooping-enabled VLAN.
• You can congure multiple FCF-trusted interfaces in a VLAN.
• When you disable FIP snooping:
• ACLs are not installed, FIP and FCoE trac is not blocked, and FIP packets are not processed.
• The existing per-VLAN and FIP snooping conguration is stored. The conguration is re-applied the next time you enable the FIP
snooping feature.
• You must apply the CAM-ACL space for the FCoE region before enabling the FIP-Snooping feature. If you do not apply CAM-ACL
space the following error message is displayed:
Dell(conf)#feature fip-snooping
% Error: Cannot enable fip snooping. CAM Region not allocated for Fcoe.
Dell(conf)#
NOTE: You must manually add the CAM-ACL space to the FCoE region, as it is not applied by default.
Enabling the FCoE Transit Feature
The following sections describe how to enable FCoE transit.
NOTE: FCoE transit is disabled by default. To enable this feature, you must follow the Congure FIP
Snooping.
As soon as you enable the FCoE transit feature on a switch-bridge, existing VLAN-specic and FIP snooping congurations are applied.
The FCoE database is populated when the switch connects to a converged network adapter (CNA) or FCF port and compatible DCB
congurations are synchronized. By default, all FCoE and FIP frames are dropped unless specically permitted by existing FIP snooping-
generated ACLs. You can recongure any of the FIP snooping settings.
If you disable FCoE transit, FIP and FCoE trac are handled as normal Ethernet frames and no FIP snooping ACLs are generated. The
VLAN-specic and FIP snooping conguration is disabled and stored until you re-enable FCoE transit and the congurations are re-applied.
Enable FIP Snooping on VLANs
You can enable FIP snooping globally on a switch on all VLANs or on a specied VLAN.
When you enable FIP snooping on VLANs:
• FIP frames are allowed to pass through the switch on the enabled VLANs and are processed to generate FIP snooping ACLs.
• FCoE trac is allowed on VLANs only after a successful virtual-link initialization (fabric login FLOGI) between an ENode and an FCF. All
other FCoE trac is dropped.
• You must congure at least one interface for FCF (FIP snooping bridge-bridge) mode on a FIP snooping-enabled VLAN. You can
congure multiple FCF trusted interfaces in a VLAN.
• A maximum of eight VLANS are supported for FIP snooping on the switch. When enabled globally, FIP snooping processes FIP packets
in trac only from the rst eight incoming VLANs. When enabled on a per-VLAN basis, FIP snooping is supported on up to eight
VLANs.
Congure the FC-MAP Value
You can congure the FC-MAP value to be applied globally by the switch on all or individual FCoE VLANs to authorize FCoE trac.
The congured FC-MAP value is used to check the FC-MAP value for the MAC address assigned to ENodes in incoming FCoE frames. If
the FC-MAP value does not match, FCoE frames are dropped. A session between an ENode and an FCF is established by the switch-
bridge only when the FC-MAP value on the FCF matches the FC-MAP value on the FIP snooping bridge.
372
FCoE Transit