Ead configuration – H3C Technologies H3C S3100 Series Switches User Manual
Page 452
3-2
Figure 3-1 Typical network application of EAD
Virus patch server
Supplicant
Authentication server
Security policy server
After a client passes the authentication, the security Client (software installed on the client PC) interacts
with the security policy server to check the security status of the client. If the client is not compliant with
the security standard, the security policy server issues an ACL to the switch, which then inhibits the
client from accessing any parts of the network except for the virus/patch server.
After the client is patched and compliant with the required security standard, the security policy server
reissues an ACL to the switch, which then assigns access right to the client so that the client can access
more network resources.
EAD Configuration
The EAD configuration includes:
z
Configuring the attributes of access users (such as user name, user type, and password). For local
authentication, you need to configure these attributes on the switch; for remote authentication, you
need to configure these attributes on the AAA sever.
z
Configuring a RADIUS scheme.
z
Configuring the IP address of the security policy server.
z
Associating the ISP domain with the RADIUS scheme.
EAD is commonly used in RADIUS authentication environment.
This section mainly describes the configuration of security policy server IP address. For other related
configuration, refer to
.
Table 3-1 EAD configuration
Operation
Command
Remarks
Enter system view
system-view
—
Enter RADIUS scheme view
radius scheme
radius-scheme-name
—
Configure the RADIUS server
type to extended
server-type extended
Required
Configure the IP address of a
security policy server
security-policy-server
ip-address
Required
Each RADIUS scheme supports
up to eight IP addresses of
security policy servers.