Operation Manual – 802.1x-HABP-MAC Authentication
H3C S3610&S5510 Series Ethernet Switches
Chapter 2 EAD Fast Deployment Configuration
2-1
Chapter 2 EAD Fast Deployment Configuration
When configuring EAD fast deployment, go to these sections for information you are
interested in:
z
z
Configuring EAD Fast Deployment
z
Displaying and Maintaining EAD Fast Deployment
z
EAD Fast Deployment Configuration Example
z
Troubleshooting EAD Fast Deployment
2.1 EAD Fast Deployment Overview
As an integrated security scheme, an endpoint admission defense (EAD) scheme can
improve the overall defense capability of a network. However, EAD deployment brings
much workload in actual applications. To solve this problem, you can use 802.1x
functions to implement fast deployment of EAD scheme.
To support the fast deployment of EAD schemes, 802.1x provides the following two
mechanisms:
1)
Limit on accessible network resources
Before successful 802.1x authentication, a user can access only specific IP segments,
each of which may have one or more servers. Users can download EAD client software
or obtain dynamic IP address from the servers.
2)
IE URL redirection
Before successful 802.1x authentication, a user using IE to access the network is
automatically redirected to a specified URL, for example, the EAD client software
download page.
The above two functions bring all 802.1x users accessing the network to a specified
server to download and install the EAD client software, thus easing the deployment of
an EAD scheme.
2.2 Configuring EAD Fast Deployment
2.2.1 Configuration Prerequisites
z
Enable 802.1x globally
z
Enable 802.1x on the specified port, and set the access control mode to
auto
.