Ead Configuration; Ead Configuration Example - H3C S5600 Series Operation Manual

Operation Manual – AAA
H3C S5600 Series Ethernet Switches
After a client passes the authentication, the security Client (software installed on the
client PC) interacts with the security policy server to check the security status of the
client. If the client is not compliant with the security standard, the security policy server
issues an ACL to the switch, which then inhibits the client from accessing any parts of
the network except for the virus/patch server.
After the client is patched and compliant with the required security standard, the
security policy server reissues an ACL to the switch, which then assigns access right to
the client so that the client can access more network resources.

3.3 EAD Configuration

The EAD configuration includes:
Configuring the attributes of access users (such as username, user type, and
password). For local authentication, you need to configure these attributes on the
switch; for remote authentication, you need to configure these attributes on the
AAA sever.
Configuring a RADIUS scheme.
Configuring the IP address of the security policy server.
Associating the ISP domain with the RADIUS scheme.
EAD is commonly used in RADIUS authentication environment.
This section mainly describes the configuration of security policy server IP address. For
other related configuration, refer to
Follow these steps to configure EAD:
Enter system view
Enter RADIUS
scheme view
Configure the RADIUS
server type to
extended
Configure the IP
address of a security
policy server

3.4 EAD Configuration Example

I. Network requirements
In Figure
To do... Use the command...
system-view
radius scheme
radius-scheme-name
server-type extended
security-policy-server
ip-address
3-2:
AAA Overview.
—
—
Required
Required
Each RADIUS scheme
supports up to eight IP
addresses of security policy
servers.
3-2
Chapter 3 EAD Configuration
Remarks