Figure 34. FIP Discovery and Login Between an ENode and an FCF
FIP Snooping on Ethernet Bridges
In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the
login process on an FCF. Then, using ACLs, a transit bridge can permit only authorized FCoE traffic to be
transmitted between an FCoE end-device and an FCF. An Ethernet bridge that provides these functions is
called a FIP snooping bridge (FSB).
On a FIP snooping bridge, ACLs are created dynamically as FIP login frames are processed. The ACLs are
installed on switch ports configured for ENode mode for server-facing ports and FCF mode for a trusted
port directly connected to an FCF.
Enable FIP snooping on the switch, configure the FIP snooping parameters, and configure CAM allocation
for FCoE. When you enable FIP snooping, all ports on the switch by default become ENode ports.
Dynamic ACL generation on the switch operating as a FIP snooping bridge function as follows:
Port-based
ACLs
These ACLs are applied on all three port modes: on ports directly connected to an
FCF, server-facing ENode ports, and bridge-to-bridge links. Port-based ACLs take
precedence over global ACLs.
346
FCoE Transit