Basic Ead Procedures - 3Com 3C13636 Configuration Manual

3Com Router 3000 Ethernet Family
Configuration Guide
VII. Portal server
A portal server provides portal authentication. To work with EAD, a portal server must
support portal+.
Note:
In Figure 4-1, the security policy server and the RADIUS server are provided by the
CAMS platform, and the portal server is provided by the CAMS portal service
component.
VIII. Third-party server
In an EAD solution, the third-party server could be an antivirus or patch server providing
the virus database update or patch update service to endpoint users.

4.1.2 Basic EAD Procedures

The endpoint authentication process of EAD is divided into two phases: identity
authentication and security authentication.
I. Identity authentication phase
In the identify authentication phase, AAA RADIUS authentication is implemented
through portal+, where user identity is verified by verifying username and password.
This phase involves the following steps:
An unauthenticated endpoint sends an IP packet to the router.
The router checks the received packet and finds out that it is sent from an
unauthenticated IP address. Then, the router sends back a mandatory
authentication request carrying the IP address and port number of a portal server.
After receiving the authentication request, the client obtains the user name and
password and initiates an authentication request to the portal server.
1) After receiving the authentication request, the portal server interacts with the
RADIUS server to complete AAA authentication following the same
authentication procedure adopted by portal.
After an endpoint user passes identity authentication, it is placed in an isolation zone
and can access the update resources in the isolation zone.
II. Security authentication phase
In the security authentication phase, the security policy server evaluates the security
compliance of endpoints based on reported security information. This phase involves
the following steps:
3Com Corporation
4-4
Chapter 4 EAD Configuration