Operation Manual – 802.1x and System Guard
H3C S3100-52P Ethernet switch
Chapter 3 HABP Configuration
3-1
Chapter 3 HABP Configuration
When configuring HABP, go to these sections for information you are interested in:
z
z
z
z
Displaying and Maintaining HABP Configuration
3.1 Introduction to HABP
When a switch is configured with the 802.1x function, 802.1x will authenticate and
authorize 802.1x-enabled ports and allow only the authorized ports to forward packets.
In case a port fails 802.1x authentication and authorization, service packets from and to
that port will be blocked, making it impossible to manage the switch attached to the port.
The Huawei Authentication Bypass Protocol (HABP) aims at solving this problem.
An HABP packet carries the MAC addresses of the attached switches with it. It can
bypass the 802.1x authentications when traveling between HABP-enabled switches,
through which management devices can obtain the MAC addresses of the attached
switches and thus the management of the attached switches is feasible.
HABP is built on the client-server model. Typically, the HABP server sends HABP
requests to the client periodically to collect the MAC address(es) of the attached
switch(es). The client responds to the requests, and forwards the HABP requests to the
attached switch(es). The HABP server usually runs on the administrative device while
the HABP client runs on the attached switches.
For ease of switch management, it is recommended that you enable HABP for
802.1x-enabled switches.
3.2 HABP Server Configuration
With the HABP server launched, a management device sends HABP request packets
regularly to the attached switches to collect their MAC addresses. You need also to
configure the interval on the management device for an HABP server to send HABP
request packets.
Follow these steps to configure an HABP server:
To do...
Use the command...
Remarks
Enter system view
system-view
—