3Com 3C13636 Configuration Manual page 1069

3Com Router 3000 Ethernet Family
Configuration Guide
4.3 Portal Authentication-Combined EAD Configuration
Example
I. Network requirements
The following figure presents a scenario, where
A security policy server, a RADIUS server, and a portal server are co-located on a
CAMS server with IP address 10.110.91.146/24.
A patch and antivirus server with IP address 10.22.2.2/24 is located in an isolation
zone.
A security client manager proxy is present with IP address 10.22.2.1/24.
The update-resource ID is 10 and all-resource ID is 20.
A PC (an endpoint) is located on the network segment 172.21.1.2/16.
Configure the router to provide EAD, requiring that:
The PC could only access the antivirus server after passing identity authentication
and before passing security authentication.
The PC could access other network resources after passing security
authentication.
II. Network diagram
Security client
manager proxy
10.22.2.1/24
Pa t c h a n d
a n t iv ir u s s e r v e r
10.22.2.2/24
Figure 4-2 Network diagram for EAD combined with portal authentication
Inte rne t
Security
cooperation router
eth1/0/0:
10.22.2.10/24
Isolation
zone
3Com Corporation
eth0/0/1:
Security policy server
10.110.91.1
/24 RA DIUS server
Portal server
CA MS platf orm
10.110.91.146/24
172.21.1.2/ 16
PC
4-8
Chapter 4 EAD Configuration