Administrator Guide
Figure 36. FIP Discovery and Login Between an ENode and an FCF
FIP Snooping on Ethernet Bridges
In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF. Then, using
ACLs, a transit bridge can permit only authorized FCoE trac to transmit between an FCoE end-device and an FCF. An Ethernet bridge
that provides these functions is called a FIP snooping bridge (FSB).
NOTE
: When you enable FCoE transit on an S5000, the switch functions as a FIP snooping bridge.
On a FIP snooping bridge, ACLs are created dynamically as FIP login frames are processed. The ACLs are installed on switch ports
congured for ENode mode for server-facing ports and FCF mode for a trusted port directly connected to an FCF.
Enable FIP snooping on the S5000 switch, congure the FIP snooping parameters, and congure CAM allocation for FCoE. When you
enable FIP snooping, all ports on the switch by default become ENode ports.
Dynamic ACL generation on the switch operating as a FIP snooping bridge function as follows:
Port-based ACLs
These ACLs are applied on all three port modes: on ports directly connected to an FCF, server-facing ENode ports,
and bridge-to-bridge links. Port-based ACLs take precedence over global ACLs.
FCoE-generated
ACLs
These take precedence over user-congured ACLs. A user-congured ACL entry cannot deny FCoE and FIP
snooping frames.
The following illustration shows an S5000 switch enabled for FCoE transit and used as a FIP snooping bridge in a converged Ethernet
network. The top-of-rack (ToR) switch operates as an FCF for FCoE trac. Converged LAN and SAN trac is transmitted between the
318
FCoE Transit