Operation Manual – 802.1x
H3C S7500 Series Ethernet Switches
Chapter 2 HABP Configuration
When configuring HABP, go to these sections for information you are interested in:
Introduction to HABP
HABP Server Configuration
HABP Client Configuration
Displaying HABP
2.1 Introduction to HABP
With 802.1x enabled, a switch will authenticate and authorize 802.1x-enabled ports.
Packets can be forwarded only by authorized ports. If those ports connected to the
switch are not authenticated and authorized by 802.1x, all packets will be filtered. This
means that users cannot manage the attached switches. Huawei authentication bypass
protocol (HABP) can solve this problem.
HABP packets carry the MAC addresses of the attached switches. Once HABP is
enabled on the switches, HABP packets will be allowed to bypass 802.1x
authentication and travel through the switches. In this way, management devices can
obtain the MAC addresses of the attached switches for high efficient management.
HABP is implemented by HABP server and HABP client. Normally, an HABP server
sends HABP request packets regularly to HABP clients to collect the MAC addresses of
the attached switches. HABP clients will respond to the HABP request packets and
forward the HABP request packets to the lower layer switches. The HABP server
usually resides on management devices and HABP clients usually reside on the
attached switches.
It is recommended to enable HABP for 802.1x-enabled switches for management
purpose.
2.2 HABP Server Configuration
With the HABP server launched, a management device sends HABP request packets
regularly to the attached switches to collect their MAC addresses. The interval to send
HABP request packets is also configured on the management device.
Table 2-1 Configure an HABP server
To do...
Enter system view
Enable HABP
Use the command...
system-view
habp enable
2-1
Chapter 2 HABP Configuration
Remarks
—
Required
Enabled by default