Users Guide
congurations are synchronized. By default, all FCoE and FIP frames are dropped unless specically permitted by existing FIP snooping-
generated ACLs. You can recongure any of the FIP snooping settings.
If you disable FCoE transit, FIP and FCoE trac are handled as normal Ethernet frames and no FIP snooping ACLs are generated. The
VLAN-specic and FIP snooping conguration is disabled and stored until you re-enable FCoE transit and the congurations are re-applied.
Enable FIP Snooping on VLANs
You can enable FIP snooping globally on a switch on all VLANs or on a specied VLAN.
When you enable FIP snooping on VLANs:
• FIP frames are allowed to pass through the switch on the enabled VLANs and are processed to generate FIP snooping ACLs.
• FCoE trac is allowed on VLANs only after a successful virtual-link initialization (fabric login FLOGI) between an ENode and an FCF. All
other FCoE trac is dropped.
• You must congure at least one interface for FCF (FCoE Forwarder) mode on a FIP snooping-enabled VLAN. You can congure
multiple FCF trusted interfaces in a VLAN.
• A maximum of eight VLANS are supported for FIP snooping on the switch. When enabled globally, FIP snooping processes FIP packets
in trac only from the rst eight incoming VLANs. When enabled on a per-VLAN basis, FIP snooping is supported on up to eight
VLANs.
Congure the FC-MAP Value
You can congure the FC-MAP value to be applied globally by the switch on all or individual FCoE VLANs to authorize FCoE trac.
The congured FC-MAP value is used to check the FC-MAP value for the MAC address assigned to ENodes in incoming FCoE frames. If
the FC-MAP value does not match, FCoE frames are dropped. A session between an ENode and an FCF is established by the switch-
bridge only when the FC-MAP value on the FCF matches the FC-MAP value on the FIP snooping bridge.
Congure a Port for a Bridge-to-Bridge Link
If a switch port is connected to another FIP snooping bridge, congure the FCoE-Trusted Port mode for bridge-bridge links.
Initially, all FCoE trac is blocked. Only FIP frames with the ALL_FCF_MAC and ALL_ENODE_MAC values in their headers are allowed to
pass. After the switch learns the MAC address of a connected FCF, it allows FIP frames destined to or received from the FCF MAC
address.
FCoE trac is allowed on the port only after the switch learns the FC-MAP value associated with the specied FCF MAC address and
veries that it matches the congured FC-MAP value for the FCoE VLAN.
NOTE
: It is not recommended to use the Brigde-to-bridge links.
Congure a Port for a Bridge-to-FCF Link
If a port is directly connected to an FCF, congure the port mode as FCF. Initially, all FCoE trac is blocked; only FIP frames are allowed to
pass.
FCoE trac is allowed on the port only after a successful fabric login (FLOGI) request/response and conrmed use of the congured FC-
MAP value for the VLAN.
FLOGI and fabric discovery (FDISC) request/response packets are trapped to the CPU. They are forwarded after the necessary ACLs are
installed.
320
FIP Snooping