Reference Guide
• Global ACLs are applied on server-facing ENode ports.
• Port-based ACLs are applied on ports directly connected to an FCF and on server-facing ENode ports.
• Port-based ACLs take precedence over global ACLs.
• FCoE-generated ACLs take precedence over user-congured ACLs. A user-congured ACL entry cannot deny FCoE and FIP
snooping frames.
The below illustration depicts an Aggregator used as a FIP snooping bridge in a converged Ethernet network. The ToR switch
operates as an FCF for FCoE trac. Converged LAN and SAN trac is transmitted between the ToR switch and an Aggregator. The
Aggregator operates as a lossless FIP snooping bridge to transparently forward FCoE frames between the ENode servers and the
FCF switch.
Figure 8. FIP Snooping on an Aggregator
The following sections describes how to congure the FIP snooping feature on a switch that functions as a FIP snooping bridge so
that it can perform the following functions:
• Performs FIP snooping (allowing and parsing FIP frames) globally on all VLANs or on a per-VLAN basis.
• Set the FCoE MAC address prex (FC-MAP) value used by an FCF to assign a MAC address to an ECoE end-device (server
ENode or storage device) after a server successfully logs in.
• Set the FCF mode to provide additional port security on ports that are directly connected to an FCF.
• Check FIP snooping-enabled VLANs to ensure that they are operationally active.
• Process FIP VLAN discovery requests and responses, advertisements, solicitations, FLOGI/FDISC requests and responses,
FLOGO requests and responses, keep-alive packets, and clear virtual-link messages.
How FIP Snooping is Implemented
As soon as the Aggregator is activated in an Dell PowerEdge FX2 server chassis as a switch-bridge, existing VLAN—specic and FIP
snooping auto-congurations are applied. The Aggregator snoops FIP packets on VLANs enabled for FIP snooping and allows
64
FIP Snooping