- play_arrow Overview
- play_arrow Storage Overview
-
- play_arrow Fibre Channel and FCoE-FC Gateways
- play_arrow Using Fibre Channel and FCoE-FC Gateways
- Understanding Fibre Channel
- Understanding an FCoE-FC Gateway
- Understanding Fibre Channel Fabrics on the QFabric System
- Configuring an FCoE-FC Gateway Fibre Channel Fabric
- Understanding FCoE-FC Gateway Functions
- Disabling the Fabric WWN Verification Check
- Understanding FCoE and FIP Session High Availability
- Understanding FIP Functions
- Understanding FIP Implementation on an FCoE-FC Gateway
- Understanding FIP Parameters on an FCoE-FC Gateway
- Configuring FIP on an FCoE-FC Gateway
- Setting the Maximum Number of FIP Login Sessions per ENode
- Setting the Maximum Number of FIP Login Sessions per FC Interface
- Setting the Maximum Number of FIP Login Sessions per FC Fabric
- Setting the Maximum Number of FIP Login Sessions per Node Device
- Monitoring Fibre Channel Interface Load Balancing
- Troubleshooting Dropped FIP Traffic
- Understanding Fibre Channel Virtual Links
- Understanding Interfaces on an FCoE-FC Gateway
- Example: Setting Up Fibre Channel and FCoE VLAN Interfaces in an FCoE-FC Gateway Fabric
- Configuring a Physical Fibre Channel Interface
- Converting an Ethernet Interface To a Fibre Channel Interface
- Configuring an FCoE VLAN Interface on an FCoE-FC Gateway
- Assigning Interfaces to a Fibre Channel Fabric
- Deleting a Fibre Channel Interface
- Troubleshooting Fibre Channel Interface Deletion
- Disabling VN2VF_Port FIP Snooping on an FCoE-FC Gateway Switch Interface
- Disabling Storm Control on FCoE Interfaces on an FCoE-FC Gateway
- Understanding Load Balancing in an FCoE-FC Gateway Proxy Fabric
- Defining the Proxy Load-Balancing Algorithm
- Simulating On-Demand Fibre Channel Link Load Rebalancing (Dry Run Test)
- Example: Configuring Automated Fibre Channel Interface Load Rebalancing
-
- play_arrow Data Center Bridging (DCBX, PFC)
- play_arrow Using Data Center Bridging (DCBX, PFC)
- Understanding DCB Features and Requirements
- Understanding DCBX
- Configuring the DCBX Mode
- Configuring DCBX Autonegotiation
- Disabling the ETS Recommendation TLV
- Understanding DCBX Application Protocol TLV Exchange
- Defining an Application for DCBX Application Protocol TLV Exchange
- Configuring an Application Map for DCBX Application Protocol TLV Exchange
- Applying an Application Map to an Interface for DCBX Application Protocol TLV Exchange
- Example: Configuring DCBX Application Protocol TLV Exchange
- Understanding CoS Flow Control (Ethernet PAUSE and PFC)
- Example: Configuring CoS PFC for FCoE Traffic
- play_arrow Learn About Technology
-
- play_arrow Configuration Statements and Operational Commands
Enabling VN2VN_Port FIP Snooping and Configuring the Beacon Period on an FCoE Transit Switch
VN_Port to VN_Port (VN2VN_Port) FIP snooping on an FCoE transit switch provides security to help prevent unauthorized access and data transmission on a bridge that connects ENodes in the Ethernet network. VN2VN_Port FIP snooping provides security for virtual links by creating filters based on information gathered (snooped) about FCoE devices during FIP transactions.
VN2VN_Port FIP snooping is conceptually similar to VN2VF_Port FIP snooping between VN_Ports and VF_Ports, but VN2VN_Port FIP snooping does not require traffic between VN_Ports to traverse the Fibre Channel (FC) switch or FCoE forwarder (FCF). Instead, a VN_Port communicates transparently through the transit switch on a virtual link that emulates a direct connection to the VN_Port at the other end of the virtual link.
VN2VN_Port FIP snooping is disabled by default. You enable VN2VN_Port FIP snooping on a per-VLAN basis on VLANs that carry VN2VN_Port FCoE traffic. Ensure that the VLAN carries only FCoE traffic between VN_Ports, because enabling VN2VN_Port FIP snooping denies access for all other traffic, including VN2VF_Port FIP snooping traffic.
All ENodes that you want to communicate using VN2VN_Port FIP snooping must use an FCoE VLAN dedicated to VN2VN_Port traffic. You cannot mix VN2VN_Port FIP snooping traffic with VN2VF_Port FIP snooping traffic in the same FCoE VLAN.
An FCoE VLAN can support either VN2VF_Port FIP snooping or VN2VN_Port FIP snooping, but not both. Configure separate FCoE VLANs for VN2VF_Port FIP snooping traffic and for VN2VN_Port FIP snooping traffic. On FCoE VLANs that are configured as VN2VN_Port FIP snooping VLANs, VN2VF_Port traffic is dropped.
The beacon period is conceptually similar to the FIP keepalive period (timer) for VN2VF_Port FIP snooping virtual link maintenance. The beacon period performs virtual link maintenance for VN2VN_Port FIP snooping. It is the time interval between messages that verify the connection is still valid and the device at the other end of the virtual link is still reachable. You set the beacon period value for each FCoE VLAN that you configure to do VN2VN_Port FIP snooping.
In addition to enabling VN2VN_Port FIP snooping and configuring the beacon period, you must also configure a dedicated FCoE VLAN for the VN2VN_Port traffic, and set the FCoE transit switch ports in the proper port mode and trusted or untrusted state (interfaces are untrusted by default). See the VN2VN_Port FIP snooping configuration example topics for complete configurations of several common network topologies.
There are differences in the way you configure a native VLAN on an interface that depend on whether the switch uses the original CLI or the Enhanced Layer 2 Software (ELS) CLI. This topic includes two configuration procedures, one for switches that run the original CLI, and one for switches that run the ELS CLI.
Original CLI Configuration
To enable VN2VN_Port FIP snooping and set the beacon period on an FCoE VLAN that is dedicated to VN2VN_Port traffic:
- content_copy zoom_out_map
[edit ethernet-switching-options secure-access-port] user@switch# set vlan vlan-name examine-fip examine-vn2vn beacon-period milliseconds
For example, to enable VN2VN_Port FIP snooping on a VLAN named
vlan200
and set the beacon period to90000
milliseconds:content_copy zoom_out_map[edit ethernet-switching-options secure-access-port] user@switch# set vlan vlan200 examine-fip examine-vn2vn beacon-period 90000
ELS CLI Configuration
To enable VN2VN_Port FIP snooping and set the beacon period on an FCoE VLAN that is dedicated to VN2VN_Port traffic:
- content_copy zoom_out_map
[edit] user@switch# set vlans vlan-name forwarding-options fip-security examine-vn2vn beacon-period milliseconds
For example, to enable VN2VN_Port FIP snooping on a VLAN named
vlan200
and set the beacon period to90000
milliseconds:content_copy zoom_out_map[edit] user@switch# set vlans vlan200 forwarding-options fip-security examine-vn2vn beacon-period 90000