Administrator Guide

Figure 37. FIP Discovery and Login Between an ENode and an FCF

FIP Snooping on Ethernet Bridges

In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF. Then, using

ACLs, a transit bridge can permit only authorized FCoE traffic to be transmitted between an FCoE end-device and an FCF. An Ethernet

bridge that provides these functions is called a FIP snooping bridge (FSB).

On a FIP snooping bridge, ACLs are created dynamically as FIP login frames are processed. The ACLs are installed on switch ports

configured for ENode mode for server-facing ports and FCF mode for a trusted port directly connected to an FCF.

Enable FIP snooping on the switch, configure the FIP snooping parameters, and configure CAM allocation for FCoE. When you enable FIP

snooping, all ports on the switch by default become ENode ports.

Dynamic ACL generation on the switch operating as a FIP snooping bridge function as follows:

Port-based ACLs

These ACLs are applied on all three port modes: on ports directly connected to an FCF, server-facing ENode

ports, and bridge-to-bridge links. Port-based ACLs take precedence over global ACLs.

FCoE-generated

ACLs

These take precedence over user-configured ACLs. A user-configured ACL entry cannot deny FCoE and FIP

snooping frames.

The following illustration shows a switch used as a FIP snooping bridge in a converged Ethernet network. The top-of-rack (ToR) switch

operates as an FCF for FCoE traffic. Converged LAN and SAN traffic is transmitted between the ToR switch and an S4048–ON

switch.The switch operates as a lossless FIP snooping bridge to transparently forward FCoE frames between the ENode servers and the

FCF switch.

320

FIP Snooping