Manualshelf

Administrator Guide

ManualsBrandsDell ManualsComputer equipmentPowerEdge M IO Aggregator
61626364656667686970
The following sections describes how to congure the FIP snooping feature on a switch that functions as a FIP snooping bridge so
that it can perform the following functions:
Performs FIP snooping (allowing and parsing FIP frames) globally on all VLANs or on a per-VLAN basis.
Set the FCoE MAC address prex (FC-MAP) value used by an FCF to assign a MAC address to an ECoE end-device (server
ENode or storage device) after a server successfully logs in.
Set the FCF mode to provide additional port security on ports that are directly connected to an FCF.
Check FIP snooping-enabled VLANs to ensure that they are operationally active.
Process FIP VLAN discovery requests and responses, advertisements, solicitations, FLOGI/FDISC requests and responses,
FLOGO requests and responses, keep-alive packets, and clear virtual-link messages.
How FIP Snooping is Implemented
As soon as the Aggregator is activated in an M1000e chassis as a switch-bridge, existing VL AN-specic and FIP snooping auto-
congurations are applied. The Aggregator snoops FIP packets on VLANs enabled for FIP snooping and allows legitimate sessions.
By default, all FCoE and FIP frames are dropped unless specically permitted by existing FIP snooping-generated ACLs.
FIP Snooping on VLANs
FIP snooping is enabled globally on an Aggregator on all VLANs:
FIP frames are allowed to pass through the switch on the enabled VLANs and are processed to generate FIP snooping ACLs.
FCoE trac is allowed on VLANs only after a successful virtual-link initialization (fabric login FLOGI) between an ENode and an
FCF. All other FCoE trac is dropped.
Atleast one interface is auto-congured for FCF (FIP snooping bridge — FCF) mode on a FIP snooping-enabled VLAN. Multiple
FCF trusted interfaces are auto-congured in a VLAN.
A maximum of eight VLANs are supported for FIP snooping on an Aggregator. FIP snooping processes FIP packets in trac only
from the rst eight incoming VLANs.
FC-MAP Value
The FC-MAP value that is applied globally by the Aggregator on all FCoE VLANs to authorize FCoE trac is auto-congured.
The FC-MAP value is used to check the FC-MAP value for the MAC address assigned to ENodes in incoming FCoE frames. If the
FC-MAP values does not match, FCoE frames are dropped. A session between an ENode and an FCF is established by the switch
—bridge only when the FC-MAP value on the FCF matches the FC-MAP value on the FIP snooping bridge.
Bridge-to-FCF Links
A port directly connected to an FCF is auto-congured in FCF mode. Initially, all FCoE trac is blocked; only FIP frames are allowed
to pass.
FCoE trac is allowed on the port only after a successful FLOGI request/response and conrmed use of the congured FC-MAP
value for the VLAN.
Impact on other Software Features
FIP snooping aects other software features on an Aggregator as follows:
MAC address learning: MAC address learning is not performed on FIP and FCoE frames, which are denied by ACLs dynamically
created by FIP snooping in server-facing ports in ENode mode.
MTU auto-conguration: MTU size is set to mini-jumbo (2500 bytes) when a port is in Switchport mode, the FIP snooping
feature is enabled on the switch, and the FIP snooping is enabled on all or individual VLANs.
Link aggregation group (LAG): FIP snooping is supported on port channels on ports on which PFC mode is on (PFC is
operationally up).
68
FIP Snooping