Ead Configuration - Huawei Quidway S5600 Series Operation Manual

Operation Manual – AAA & RADIUS & HWTACACS & EAD
Quidway S5600 Series Ethernet Switches-Release 1510
After a client is authenticated by the authentication server, the security policy server
sends to the switch an isolation ACL that limits client access rights. Meanwhile, the
security software in the client checks the security conditions of the client and sends the
conditions to the security policy server. If the client security conditions are not compliant
with the defined security specifications, the client is limited to some specific resources,
for example, virus patch server. If the client security conditions are compliant with the
defined security specifications, the security policy will distribute to the switch a safe
ACL that grants the client more access rights.
Note:
The system does not support the scenario that the security policy server issues
QoS-Profile and isolation ACL at the same time.

2.3 EAD Configuration

The EAD configuration includes the following:
Configuring the attributes, such as the user name, user type, and password for
access users. If local authentication is performed, you need to configure these
attributes on the switch; if remote authentication is performed, you need to
configure these attributes on AAA sever.
Configuring RADIUS scheme.
Configuring IP address for the security policy server.
Associating domain with RADIUS scheme.
EAD is implemented typically in RADIUS scheme.
This section mainly describes configuration of IP address for the security policy server.
For other related information, refer to Chapter 1 "AAA & RADIUS & HWTACACS
Configuration".
Table 2-1 EAD configuration
Enter system view
Enter RADIUS scheme
view
Operation
system-view
radius
radius-scheme-name
Huawei Technologies Proprietary
Command
scheme
2-2
Chapter 2 EAD Configuration
Description
—
—