Reference Guide
FIP Snooping on Ethernet Bridges
In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on
an FCF. Then, using ACLs, a transit bridge can permit only authorized FCoE traffic to be transmitted between an FCoE
end-device and an FCF. An Ethernet bridge that provides these functions is called a FIP snooping bridge (FSB).
On a FIP snooping bridge, ACLs are created dynamically as FIP login frames are processed. The ACLs are installed on
switch ports configured for ENode mode for server-facing ports and FCF mode for a trusted port directly connected to an
FCF.
Enable FIP snooping on the switch, configure the FIP snooping parameters, and configure CAM allocation for FCoE
(optional in FTOS version 9.1[0.0]). When you enable FIP snooping, all ports on the switch by default become ENode
ports.
Dynamic ACL generation on the switch operating as a FIP snooping bridge function as follows:
Port-based ACLs These ACLs are applied on all three port modes: on ports directly connected to an FCF, server-
facing ENode ports, and bridge-to-bridge links. Port-based ACLs take precedence over global
ACLs.
FCoE-generated
ACLs
These take precedence over user-configured ACLs. A user-configured ACL entry cannot deny
FCoE and FIP snooping frames.
The following illustration shows a switch used as a FIP snooping bridge in a converged Ethernet network. The top-of-
rack (ToR) switch operates as an FCF for FCoE traffic. Converged LAN and SAN traffic is transmitted between the ToR
switch and an S4820T switch. The switch operates as a lossless FIP snooping bridge to transparently forward FCoE
frames between the ENode servers and the FCF switch.
299