Reference Guide
legitimate sessions. By default, all FCoE and FIP frames are dropped unless specically permitted by existing FIP snooping-generated
ACLs.
FIP Snooping on VLANs
FIP snooping is enabled globally on an Aggregator on all VLANs:
• FIP frames are allowed to pass through the switch on the enabled VLANs and are processed to generate FIP snooping ACLs.
• FCoE trac is allowed on VLANs only after a successful virtual-link initialization (fabric login FLOGI) between an ENode and an
FCF. All other FCoE trac is dropped.
• Atleast one interface is auto-congured for FCF (FIP snooping bridge — FCF) mode on a FIP snooping-enabled VLAN. Multiple
FCF trusted interfaces are auto-congured in a VLAN.
• A maximum of eight VLANs are supported for FIP snooping on an Aggregator. FIP snooping processes FIP packets in trac only
from the rst eight incoming VLANs.
FC-MAP Value
The FC-MAP value that is applied globally by the Aggregator on all FCoE VLANs to authorize FCoE trac is auto-congured.
The FC-MAP value is used to check the FC-MAP value for the MAC address assigned to ENodes in incoming FCoE frames. If the
FC-MAP values does not match, FCoE frames are dropped. A session between an ENode and an FCF is established by the switch
—bridge only when the FC-MAP value on the FCF matches the FC-MAP value on the FIP snooping bridge.
Bridge-to-FCF Links
A port directly connected to an FCF is auto-congured in FCF mode. Initially, all FCoE trac is blocked; only FIP frames are allowed
to pass.
FCoE trac is allowed on the port only after a successful FLOGI request/response and conrmed use of the congured FC-MAP
value for the VLAN.
Impact on other Software Features
FIP snooping aects other software features on an Aggregator as follows:
• MAC address learning: MAC address learning is not performed on FIP and FCoE frames, which are denied by ACLs dynamically
created by FIP snooping in server-facing ports in ENode mode.
• MTU auto-conguration: MTU size is set to mini-jumbo (2500 bytes) when a port is in Switchport mode, the FIP snooping
feature is enabled on the switch, and the FIP snooping is enabled on all or individual VLANs.
• Link aggregation group (LAG): FIP snooping is supported on port channels on ports on which PFC mode is on (PFC is
operationally up).
FIP Snooping Prerequisites
On an Aggregator, FIP snooping requires the following conditions:
• A FIP snooping bridge requires DCBX and PFC to be enabled on the switch for lossless Ethernet connections (refer to
Data
Center Bridging (DCB)
). Dell recommends that you also enable ETS; ETS is recommended but not required. DCBX and PFC
mode are auto-congured on Aggregator ports and FIP snooping is operational on the port. If the PFC parameters in a DCBX
exchange with a peer are not synchronized, FIP and FCoE frames are dropped on the port.
• VLAN membership:
– The Aggregator auto-congures the VLANs which handle FCoE trac. You can recongure VLAN membership on a port
(vlan tagged command).
– Each FIP snooping port is auto-congured to operate in Hybrid mode so that it accepts both tagged and untagged VLAN
frames.
– Tagged VLAN membership is auto-congured on each FIP snooping port that sends and receives FCoE trac and has links
with an FCF, ENode server or another FIP snooping bridge.
– The default VLAN membership of the port should continue to operate with untagged frames. FIP snooping is not supported
on a port that is congured for non-default untagged VLAN membership.
FIP Snooping
65