2-1
2
802.1X-based EAD Fast Deployment Configuration
When configuring EAD fast deployment, go to these sections for information you are interested in:
z
EAD Fast Deployment Overview
z
Configuring EAD Fast Deployment
z
Displaying and Maintaining EAD Fast Deployment
z
EAD Fast Deployment Configuration Example
z
Troubleshooting EAD Fast Deployment
EAD Fast Deployment Overview
Overview
Endpoint Admission Defense (EAD) is an integrated endpoint access control solution. By allowing the
security clients, access devices, security policy servers, and third-party servers in the network to
collaborate with each other, it can improve the overall defense capability of a network and implement
centralized management of users.
Normally, to use EAD on your network, you need to manually deploy the EAD client on each device,
which tends to be time consuming and inefficient. To address the issue, quick EAD deployment was
developed. In conjunction with 802.1X, it can have an access switch to force all attached devices to
download and install the EAD client before permitting them to access the network.
EAD Fast Deployment Implementation
To support the fast deployment of EAD schemes, 802.1X provides the following two mechanisms:
1) Limit on accessible network resources
Before successful 802.1X authentication, a user can access only a specific IP segment, which may
have one or more servers. Users can download EAD client software or obtain dynamic IP address from
the servers.
2) URL
redirection
Before successful 802.1X authentication, a user using a Web browser to access the network is
automatically redirected to a specified URL, for example, the EAD client software download page. The
server that provides the URL redirection must be in the specific network segment that users can access
before passing 802.1X authentication.