Ead Assistant; Smarton - HP MSR Series Configuration Manual
Hpe flexnetwork msr router series
Hide thumbs
Also See for MSR Series:
- Configuration manual (889 pages) ,
- Command reference manual (684 pages) ,
- Wan access configuration manual (293 pages)
Table of Contents
Advertisement
EAD assistant
Endpoint Admission Defense (EAD) is an Hewlett Packard Enterprise integrated endpoint access
control solution to improve the threat defensive capability of a network. The solution enables the
security client, security policy server, access device, and third-party server to operate together. If a
terminal device seeks to access an EAD network, it must have an EAD client, which performs 802.1X
authentication.
The EAD assistant feature enables the access device to redirect a user who is seeking to access the
network to download and install an EAD client. This feature eliminates the administrative task to
deploy EAD clients.
EAD assistant is implemented by the following functionality:
•
Free IP.
A free IP is a freely accessible network segment, which has a limited set of network resources
such as software and DHCP servers. To ensure security strategy compliance, an
unauthenticated user can access only this segment to perform operations. For example, the
user can download EAD client from a software server or obtain a dynamic IP address from a
DHCP server.
•
Redirect URL.
If an unauthenticated 802.1X user is using a Web browser to access the network, the EAD
assistant feature redirects the user to a specific URL. For example, you can use this feature to
redirect the user to the EAD client software download page.
The EAD assistant feature creates an ACL-based EAD rule automatically to open access to the
redirect URL for each redirected user.
EAD rules are implemented by using ACL resources. When the EAD rule timer expires or the user
passes authentication, the rule is removed. If users fail to download EAD client or fail to pass
authentication before the timer expires, they must reconnect to the network to access the free IP.
SmartOn
The SmartOn feature was developed to support the NEC 802.1X client.
As shown in
authentication. The following shows the authentication process:
1.
When a SmartOn-enabled port receives an EAPOL-Start packet from an 802.1X client, it sends
a unicast EAP-Request/Notification packet to the client for SmartOn authentication.
2.
Upon receiving an EAP-Response/Notification from the client, the device compares the switch
ID and password in the packet with the switch ID and password configured on the device.
If they are the same, 802.1X authentication can continue.
If they do not match, SmartOn authentication fails. The access device stops 802.1X
authentication for the client.
Figure
38, the access device performs SmartOn authentication before 802.1X
93
- Quick Links:
- Configuring Local Users
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
