Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Disabling VN2VF_Port FIP Snooping on an FCoE-FC Gateway Switch Interface

 

When the switch acts an FCoE-FC gateway, the FCoE-network-facing Ethernet interfaces in the FCoE VLAN are automatically enabled for VN_Port to VF_Port (VN2VF_Port) FIP snooping. You can disable VN2VF_Port FIP snooping on an individual Ethernet interface or you can disable VN2VF_Port FIP snooping globally for all Ethernet interfaces in a gateway Fibre Channel (FC) fabric.

Disable VN2VF_Port FIP snooping on an Ethernet interface by configuring it as an FCoE trusted interface. Disable VN2VF_Port FIP snooping on all Ethernet interfaces in an FC fabric by configuring the FC fabric as FCoE trusted.

Do not disable VN2VF_Port FIP snooping on an interface unless you are certain that the interface is connected to a trusted device. Do not disable VN2VF_Port FIP snooping on an FC fabric unless all of the FCoE-network-facing interfaces in the fabric are either connected to a transit switch that is performing VN2VF_Port FIP snooping on the FCoE devices as they log in to the FC network or all of the interfaces are connected to trusted devices.

VN2VF_Port FIP snooping installs firewall filters that block FIP and FCoE frames from sources that have not logged in to the switch and prevents unauthorized access to the network. Disabling VN2VF_Port FIP snooping disables these firewall filters and permits access to all FIP and FCoE frames transported on that interface.

  • To disable VN2VF_Port FIP snooping on an FCoE-device-facing Ethernet interface in an FCoE VLAN, configure that interface as a trusted interface:

    [edit ethernet-switching-options secure-access-port]

    user@switch# set interface interface-name fcoe-trusted



    For example, to configure interface xe-0/0/7 as a trusted FC interface:

    [edit ethernet-switching-options secure-access-port]

    user@switch# set interface xe-0/0/7 fcoe-trusted
  • To disable VN2VF_Port FIP snooping on all FCoE-device-facing interfaces in a gateway FC fabric, configure that fabric as a trusted fabric:

    [edit]

    user@switch# set fc-fabrics fabric-name protocols fip fcoe-trusted



    For example, to configure an FC fabric named santastic as an FCoE trusted fabric:

    [edit]

    user@switch# set fc-fabrics santastic protocols fip fcoe-trusted