FIP SnoopingThe Fibre Channel over Ethernet (FCoE) Transit feature is supported on Ethernet interfaces. When you enable the switch for FCoE transit,the switch functions as a FIP snooping bridge.NOTE: FIP snooping is not supported on Fibre Channel interfaces or in a switch stack.Topics:• Fibre Channel over Ethernet• Ensure Robustness in a Converged Ethernet Network• FIP Snooping on Ethernet Bridges• FIP Snooping in a Switch Stack• Using FIP Snooping• Displaying FIP Snooping Information• FCoE Transit Configuration ExampleFibre Channel over EthernetFCoE provides a converged Ethernet network that allows the combination of storage-area network (SAN) and LAN traffic on a Layer 2 linkby encapsulating Fibre Channel data into Ethernet frames.FCoE works with the Ethernet enhancements provided in data center bridging (DCB) to support lossless (no-drop) SAN and LAN traffic. Inaddition, DCB provides flexible bandwidth sharing for different traffic types, such as LAN and SAN, according to 802.1p priority classes ofservice. DCBx should be enabled on the system before the FIP snooping feature is enabled. For more information, refer to the Data CenterBridging (DCB) chapter.Ensure Robustness in a Converged Ethernet NetworkFibre Channel networks used for SAN traffic employ switches that operate as trusted devices. To communicate with other end devicesattached to the Fibre Channel network, end devices log into the switch to which they are attached.Because Fibre Channel links are point-to-point, a Fibre Channel switch controls all storage traffic that an end device sends and receivesover the network. As a result, the switch can enforce zoning configurations, ensure that end devices use their assigned addresses, andsecure the network from unauthorized access and denial-of-service (DoS) attacks.To ensure similar Fibre Channel robustness and security with FCoE in an Ethernet cloud network, FIP establishes virtual point-to-point linksbetween FCoE end-devices (server ENodes and target storage devices) and FCoE forwarders (FCFs) over transit FCoE-enabled bridges.Ethernet bridges commonly provide ACLs that can emulate a point-to-point link by providing the traffic enforcement required to create aFibre Channel-level of robustness. You can configure ACLs to emulate point-to-point links, providing control over the traffic received ortransmitted into the switch. To automatically generate ACLs, use FIP snooping. In addition, FIP serves as a Layer 2 protocol to:• Operate between FCoE end-devices and FCFs over intermediate Ethernet bridges to prevent unauthorized access to the network andachieve the required security.• Allow transit Ethernet bridges to efficiently monitor FIP frames passing between FCoE end-devices and an FCF. To dynamicallyconfigure ACLs on the bridge to only permit traffic authorized by the FCF, use the FIP snooping data.15322 FIP Snooping