Chapter 2 Ead Configuration; Introduction To Ead - H3C S7500 Series Operation Manual

Operation Manual – AAA & RADIUS & HWTACACS & EAD
H3C S7500 Series Ethernet Switches

Chapter 2 EAD Configuration

When configuring EAD, go to these sections for information you are interested in:

Introduction to EAD

Typical Network Application of EAD
EAD Configuration
EAD Configuration Example
2.1 Introduction to EAD
Endpoint admission defense (EAD) is an attack defense solution that monitors endpoint
admission. This enhances the active defense ability of endpoints, and prevents viruses
and worms from spreading on the network. With the cooperation among security client,
security policy server, access device, and antivirus software, EAD confines the
endpoints that fail to comply with the security requirements to the quarantine area,
thereby preventing hazardous terminals from compromising network security.
With EAD enabled, the switch determines the validity of session control packets it
receives according to the source IP address of the packets. Only those session control
packets sent from the authentication server and the security policy server can be
regarded as valid.
Basic EAD functions are implemented through the cooperation among security client,
security cooperation device (switch), security policy server, antivirus server, and patch
server, as shown in Figure 2-1.
2-1
Chapter 2 EAD Configuration