Blade ICE G8124 Manuale Utente
BLADEOS 6.5.2 Application Guide
BMD00220, October 2010
Chapter 14: FCoE and CEE
197
FCoE ACL Rules
When FIP Snooping is enabled on a port, the switch automatically installs the appropriate ACLs to
enforce the following rules for FCoE traffic:
enforce the following rules for FCoE traffic:
Ensure that FIP frames from ENodes may only be addressed to FCFs.
Flag important FIP packets for switch processing.
Ensure no end device uses an FCF MAC address as its source.
Each FCoE port is assumed to be connected to an ENode and include ENode-specific ACLs
installed, until the port is either detected or configured to be connected to an FCF.
installed, until the port is either detected or configured to be connected to an FCF.
Ports that are configured to have FIP snooping disabled will not have any FIP or FCoE related
ACLs installed.
ACLs installed.
Prevent transmission of all FCoE frames from an ENode prior to its successful completion of
login (FLOGI) to the FCF.
login (FLOGI) to the FCF.
After successful completion of FLOGI, ensure that the ENode uses only those FCoE source
addresses assigned to it by FCF.
addresses assigned to it by FCF.
After successful completion of FLOGI, ensure that all ENode FCoE source addresses originate
from or are destined to the appropriate ENode port.
from or are destined to the appropriate ENode port.
After successful completion of each FLOGI, ensure that FCoE frames may only be addressed to
the FCFs that accept them.
the FCFs that accept them.
Initially, a basic set of FCoE-related ACLs will be installed on all ports where FIP snooping is
enabled. As the switch encounters FIP frames and learns about FCFs and ENodes that are attached
or disconnect, ACLs are dynamically installed or expanded to provide appropriate security.
enabled. As the switch encounters FIP frames and learns about FCFs and ENodes that are attached
or disconnect, ACLs are dynamically installed or expanded to provide appropriate security.
When an FCoE connection logs out, or times out (if ACL timeout is enabled), the related ACLs will
be automatically removed.
be automatically removed.
FCoE-related ACLs are independent of manually configured ACLs used for regular Ethernet
purposes (see
purposes (see
). FCoE ACLs generally have a higher priority
over standard ACLs, and do not inhibit non-FCoE and non-FIP traffic.
FCoE VLANs
FCoE packets to any FCF will be confined to the VLAN advertised by the FCF (typically
VLAN 1002). The appropriate VLAN must be configured on the switch with member FCF ports
and must be supported by the participating CNAs. The switch will then automatically add ENode
ports to the appropriate VLAN and enable tagging on those ports.
VLAN 1002). The appropriate VLAN must be configured on the switch with member FCF ports
and must be supported by the participating CNAs. The switch will then automatically add ENode
ports to the appropriate VLAN and enable tagging on those ports.