34
EAD Configuration
Intro
duction to EAD
Endpoint Admission Defense (EAD) is an attack defense solution. Using this solution, you can
the active defense capability of network endpoints, prevents viruses and worms from spreading on the
network, and protects the entire network by limiting the access rights of insecure endpoints.
With the cooperation
evaluate the security compliance of network endpoints and dynamically control their access rights.
With
EAD, a switch:
Verifies th
e validity of the session control packets it receives according to the source IP addresses
of the packets: It regards only those packets sourced from authentication or security policy server
as valid.
Dynamically adjusts the VLAN, rate, and packet sch
session control packets, whereby to control the
Typi
cal Network Application of EAD
EAD checks the security status of users before they can access the network, and forcibly implements
user access control policies according to the check results. In this way, it c
not compliant with security standard and force
system patches.
Figure 34-1 Typical network application of EAD
Virus patch server
Client
EAD
Configuration
The
EAD configuration includes:
Configuring the attributes of access users (such as us
authentication, you need to config
need to configure these attributes on the AAA sever.
of switch, AAA sever, security policy server and security client, EAD is able to
Figure 34-1
shows a typical netwo
Authentication server
Security policy server
ure these attributes on the switch; for remote authentication, you
eduling priority for user terminals according to
access rights of users dynamically.
these users to update their virus databases and install
rk application of EAD.
ername, user type, and password). For local
34-1
enhance
an isolate the users that are