Table of Contents
Advertisement
Complete Software Guide for Junos
Overview and Topology
Table 489: Components of the FCoE Security Topology
Properties
Switch hardware
VLAN name and ID
Interfaces in
fcoe-vlan
FCoE trusted port to the FCF
3588
®
OS for EX Series Ethernet Switches, Release 10.4
Before you configure FIP snooping and an FCF trusted port, be sure you have:
Configured the VLAN
fcoe-vlan
Switches (CLI Procedure)" on page 1600.
FIP snooping is disabled by default. You enable FIP snooping on a per-VLAN basis for
VLANs that carry FCoE traffic. Ensure that a VLAN that carries FCoE traffic carries only
FCoE traffic, because enabling FIP snooping denies access for all other Ethernet traffic.
In addition, you must configure priority-based flow control (PFC) on all interfaces that
are carrying FCoE traffic, because flow control must be implemented on the link level for
this type of traffic. You configure trunk interfaces that connect to the FCF as trusted
interfaces. The switch must use the same FC-MAP value that is being used by the FCF.
Therefore, if the FCF is using a nondefault FC-MAP value, you must configure the FC-MAP
value on the switch to match that value.
You must also enlarge the maximum transmission unit (MTU) size for all interfaces (both
access and trunk) that are handling FCoE traffic to accommodate the maximum FC
frame and Ethernet header sizes.
FCoE transmissions are vulnerable to address spoofing and man-in-the-middle attacks,
because they are not actually point-to-point links. This example describes how to
configure the switch so that it provides security similar to that provided by traditional
Fibre Channel (FC) networks. The switch is transparent to the ENode and the FCF, so
that the ENode and FCF communicate just as they would for a point-to-point link.
This example shows how to configure FIP snooping on a VLAN of the EX4500 switch
that is connected with one ENode, that is, a server equipped with converged network
adapters (CNAs). The setup for this example includes the VLAN
This example also shows how to configure PFC on the interfaces that are being used for
FCoE traffic and how to configure an FCoE trusted port to handle traffic between the
switch and the FCF gateway to the storage area network (SAN).
The components of the topology for this example are shown in Table 489 on page 3588.
on the switch. See "Configuring VLANs for EX Series
Settings
One EX4500 switch
, tag
fcoe-vlan
20
xe-0/0/1
xe-0/0/2
xe-0/0/3
xe-0/0/30
xe-0/0/30
Copyright © 2010, Juniper Networks, Inc.
on the switch.
fcoe-vlan
Advertisement
Chapters
Table of Contents
Troubleshooting
