Administrator Guide
transmitted between an FCoE end-device and an FCF. An Ethernet bridge that provides these functions is
called a FIP snooping bridge (FSB).
On a FIP snooping bridge, ACLs are created dynamically as FIP login frames are processed. The ACLs are
installed on switch ports configured for ENode mode for server-facing ports and FCF mode for a trusted port
directly connected to an FCF.
Enable FIP snooping on the switch and configure the FIP snooping parameters. When you enable FIP
snooping, all ports on the switch by default become ENode ports.
Dynamic ACL generation on the switch operating as a FIP snooping bridge function as follows:
Global ACLs These are applied on server-facing ENode ports.
Port-based ACLs These ACLs are applied on all three port modes: on ports directly connected to an FCF,
server-facing ENode ports, and bridge-to-bridge links. Port-based ACLs take
precedence over global ACLs.
FCoE-generated
ACLs
These take precedence over user-configured ACLs. A user-configured ACL entry
cannot deny FCoE and FIP snooping frames.
The following illustration shows an FN IOM used as a FIP snooping bridge in a converged Ethernet network.
The top-of-rack (ToR) switch operates as an FCF for FCoE traffic. Converged LAN and SAN traffic is
FCoE Transit 340