Chapter 3 Ead Configuration; Introduction To Ead; Typical Network Application Of Ead - H3C S5100-SI Series Operation Manual

Operation Manual – AAA
H3C S5100-SI/EI Series Ethernet Switches

Chapter 3 EAD Configuration

Note:
Only the S5100-EI series switches support the EAD configuration.

3.1 Introduction to EAD

Endpoint Admission Defense (EAD) is an attack defense solution. Using this solution,
you can enhance the active defense capability of network endpoints, prevents viruses
and worms from spreading on the network, and protects the entire network by limiting
the access rights of insecure endpoints.
With the cooperation of switch, AAA sever, security policy server and security client,
EAD is able to evaluate the security compliance of network endpoints and dynamically
control their access rights.
With EAD, a switch:
Verifies the validity of the session control packets it receives according to the
source IP addresses of the packets: It regards only those packets sourced from
authentication or security policy server as valid.
Dynamically adjusts the VLAN, rate, packet scheduling priority and Access
Control List (ACL) for user terminals according to session control packets,
whereby to control the access rights of users dynamically.

3.2 Typical Network Application of EAD

EAD checks the security status of users before they can access the network, and
forcibly implements user access control policies according to the check results. In this
way, it can isolate the users that are not compliant with security standard and force
these users to update their virus databases and install system patches.
shows a typical network application of EAD.
3-1
Chapter 3 EAD Configuration
Figure 3-1