3-1
3 HABP Configuration
When configuring HABP, go to these sections for information you are interested in:
z Introduction to HABP
z HABP Server Configuration
z HABP Client Configuration
z Displaying and Maintaining HABP Configuration
Introduction to HABP
When a switch is configured with the 802.1x function, 802.1x will authenticate and authorize
802.1x-enabled ports and allow only the authorized ports to forward packets. In case a port fails 802.1x
authentication and authorization, service packets from and to that port will be blocked, making it
impossible to manage the switch attached to the port. The Huawei Authentication Bypass Protocol
(HABP) aims at solving this problem.
An HABP packet carries the MAC addresses of the attached switches with it. It can bypass the 802.1x
authentications when traveling between HABP-enabled switches, through which management devices
can obtain the MAC addresses of the attached switches and thus the management of the attached
switches is feasible.
HABP is built on the client-server model. Typically, the HABP server sends HABP requests to the client
periodically to collect the MAC address(es) of the attached switch(es). The client responds to the
requests, and forwards the HABP requests to the attached switch(es). The HABP server usually runs on
the administrative device while the HABP client runs on the attached switches.
For ease of switch management, it is recommended that you enable HABP for 802.1x-enabled
switches.
HABP Server Configuration
With the HABP server launched, a management device sends HABP request packets regularly to the
attached switches to collect their MAC addresses. You need also to configure the interval on the
management device for an HABP server to send HABP request packets.
Follow these steps to configure an HABP server:
To do... Use the command... Remarks
Enter system view system-view —
Enable HABP habp enable Optional
By default, HABP is enabled.