HABP configuration
This chapter includes these sections:
Introduction to HABP
•
Configuring HABP
•
Displaying and maintaining HABP
•
•
HABP configuration example
Introduction to HABP
The HW Authentication Bypass Protocol (HABP) is intended to enable the downstream network devices
of an access device to bypass 802.1X authentication and MAC authentication configured on the access
device.
As shown in
Switch C. On Switch A, 802.1X authentication is enabled globally and on the ports connecting the
downstream network devices. The end-user devices (the supplicants) run the 802.1X client software for
802.1X authentication. For Switch B and Switch D, where the 802.1X client is not supported (which is
typical of network devices), the communication between them will fail because they cannot pass 802.1X
authentication and their packets will be blocked on Switch A. To allow the two switches to communicate,
you can use HABP.
Figure 71 Network diagram for HABP application
HABP is a link layer protocol that works above the MAC layer. It is built on the client-server model.
Generally, the HABP server is enabled on the authentication device (which is configured with 802.1X or
MAC authentication, such as Switch A in
clients, such as Switch B through Switch E in the example. No device can function as both an HABP server
and a client at the same time. Typically, the HABP server sends HABP requests to all its clients periodically
to collect their MAC addresses, and the clients respond to the requests. After the server learns the MAC
Figure
76, 802.1X authenticator Switch A has two switches attached to it: Switch B and
Figure
76), and the attached switches function as the HABP
206