Operation Manual - Security
Quidway S3000 Series Ethernet Switches
Chapter 3 HABP Configuration
3-1
Chapter 3 HABP Configuration
3.1 HABP Overview
If 802.1x attribute is configured at a switch, on a switch, 802.1x will run authentication at
those ports where 802.1x is enabled. Only those which pass the authentication are able
to forward packets. For those ports where 802.1x authentication is skipped, packets will
be filtered by 802.1x attribute, so the management over them is also impossible.
HABP(Huawei Authentication Bypass Protocol) attribute can be used to solve this
problem.
HABP packets contain the MAC address and other information of the member switches.
When HABP attribute is enabled at the management switch, 802.1x authentication will
be skipped for HABP packets, so management over switches is possible.
HABP includes HABP server and HABP client. In general, the server regularly sends
HABP request packets to the client to collect the MAC addresses of the member
switches, while the client responds to the request packets and forwards them to the
lower-level switches. HABP server is often enabled at the management switch, while
HABP client is at the member switches.
HABP attribute had better be enabled at a switch where 802.1x is enabled.
3.2 HABP configuration
HABP attribute configuration tasks include:
z
Configuring HABP server
z
Configuring HABP client
3.2.1 Configuring HABP Server
When HABP server is enabled, the management switch sends HABP request packets
to its member switches to collect their MAC addresses, for the convenience of
management. You can define the time interval for transmitting HABP request packets
on the management switch.
To configure HABP server, follow these steps:
z
Enable HABP attribute
z
Configure HABP server
z
Set time interval for HABP request transmission