EasyManuals Logo
Home>HP>Switch>3600 v2 Series

HP 3600 v2 Series Security Configuration Guide

HP 3600 v2 Series
398 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #236 background imageLoading...
Page #236 background image
225
HABP configuration
HABP overview
The HW Authentication Bypass Protocol (HABP) is intended to enable the downstream network devices
of an access device to bypass 802.1X authentication and MAC authentication configured on the access
device.
As shown in Figure 90, 80
2
.1X authenticator Switch A has two switches attached to it: Switch B and
Switch C. On Switch A, 802.1X authentication is enabled globally and on the ports connecting the
downstream network devices. The end-user devices (the supplicants) run the 802.1X client software for
802.1X authentication. For Switch B and Switch D, where the 802.1X client is not supported (which is
typical of network devices), the communication between them will fail because they cannot pass 802.1X
authentication and their packets will be blocked on Switch A. To allow the two switches to communicate,
you can use HABP.
Figure 90 Network diagram for HABP application
Internet
Switch B Switch C
Authenticator
Supplicant
Switch A
Supplicant Supplicant
Switch D Switch E
Authentication
server
802.1X enabled
HABP is a link layer protocol that works above the MAC layer. It is built on the client-server model.
Generally, the HABP server is enabled on the authentication device (which is configured with 802.1X or
MAC authentication, such as Switch A in the above example), and the attached switches function as the
HABP clients, such as Switch B through Switch E in the example. No device can function as both an HABP
server and a client at the same time. Typically, the HABP server sends HABP requests to all its clients
periodically to collect their MAC addresses, and the clients respond to the requests. After the server
learns the MAC addresses of all the clients, it registers the MAC addresses as HABP entries. Then, link
layer frames exchanged between the clients can bypass the 802.1X authentication on ports of the server
without affecting the normal operation of the whole network. All HABP packets must travel in a specified
VLAN. Communication between the HABP server and HABP clients is implemented through this VLAN.

Table of Contents

Other manuals for HP 3600 v2 Series

Preview: Command Reference
Command Reference479 pages
Preview: Installation Guide
Installation Guide62 pages
Preview: Compliance And Safety Manual
Compliance And Safety Manual51 pages
Preview: Configuration Guide
Configuration Guide449 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HP 3600 v2 Series and is the answer not in the manual?

HP 3600 v2 Series Specifications

General IconGeneral
BrandHP
Model3600 v2 Series
CategorySwitch
LanguageEnglish

Related product manuals