Ead Configuration - H3C S5100-SI Operation Manual

Figure 3-1 Typical network application of EAD
After a client passes the authentication, the security Client (software installed on the client PC) interacts
with the security policy server to check the security status of the client. If the client is not compliant with
the security standard, the security policy server issues an ACL to the switch, which then inhibits the
client from accessing any parts of the network except for the virus/patch server.
After the client is patched and compliant with the required security standard, the security policy server
reissues an ACL to the switch, which then assigns access right to the client so that the client can access
more network resources.

EAD Configuration

The EAD configuration includes:
Configuring the attributes of access users (such as username, user type, and password). For local
authentication, you need to configure these attributes on the switch; for remote authentication, you
need to configure these attributes on the AAA sever.
Configuring a RADIUS scheme.
Configuring the IP address of the security policy server.
Associating the ISP domain with the RADIUS scheme.
EAD is commonly used in RADIUS authentication environment.
This section mainly describes the configuration of security policy server IP address. For other related
configuration, refer to
Follow these steps to configure EAD:
To do...
Enter system view
Enter RADIUS scheme
view
Configure the RADIUS
server type to extended
Configure the IP address of
a security policy server
AAA Overview.
Use the command...
system-view
radius scheme
radius-scheme-name
server-type extended
security-policy-server
ip-address
—
—
Required
Required
Each RADIUS scheme supports
up to eight IP addresses of
security policy servers.
3-2
Remarks