Users Guide
FIP Snooping on Ethernet Bridges
In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF. Then,
using ACLs, a transit bridge can permit only authorized FCoE trac to transmit between an FCoE end-device and an FCF. An
Ethernet bridge that provides these functions is called a FIP snooping bridge (FSB).
NOTE: When you enable FCoE transit on an S5000, the switch functions as a FIP snooping bridge.
On a FIP snooping bridge, ACLs are created dynamically as FIP login frames are processed. The ACLs are installed on switch ports
congured for ENode mode for server-facing ports and FCF mode for a trusted port directly connected to an FCF.
Enable FIP snooping on the S5000 switch, congure the FIP snooping parameters, and congure CAM allocation for FCoE. When
you enable FIP snooping, all ports on the switch by default become ENode ports.
Dynamic ACL generation on the switch operating as a FIP snooping bridge function as follows:
Port-based ACLs These ACLs are applied on all three port modes: on ports directly connected to an FCF, server-facing ENode
ports, and bridge-to-bridge links. Port-based ACLs take precedence over global ACLs.
FCoE-generated
ACLs
These take precedence over user-congured ACLs. A user-congured ACL entry cannot deny FCoE and FIP
snooping frames.
The following illustration shows an S5000 switch enabled for FCoE transit and used as a FIP snooping bridge in a converged
Ethernet network. The top-of-rack (ToR) switch operates as an FCF for FCoE trac. Converged LAN and SAN trac is transmitted
between the ToR switch and an S5000 switch. The switch operates as a lossless FIP snooping bridge to transparently forward FCoE
frames between the ENode servers and the FCF switch.
316
FCoE Transit