91
EAD fast deployment configuration
EAD fast deployment overview
Endpoint Admission Defense (EAD) is an HP integrated endpoint access control solution, which enables
the security client, security policy server, access device, and third-party server to work together to improve
the threat defensive capability of a network. If a terminal device seeks to access a network that deploys
EAD, it must have an EAD client, which performs 802.1X authentication.
EAD fast deployment enables the access device to redirect a user seeking to access the network to
download and install EAD client. This function eliminates the tedious job of the administrator to deploy
EAD clients.
EAD fast deployment implementation
EAD fast deployment is implemented by the following functions:
Free IP
A free IP is a freely accessible network segment, which has a limited set of network resources such as
software and DHCP servers. An unauthenticated user can access only this segment to download EAD
client, obtain a dynamic IP address from a DHCP server, or perform some other tasks to be compliant
with the network security strategy.
URL redirection
If an unauthenticated 802.1X user is using a web browser to access the network, the EAD fast deployment
function redirects the user to a specified URL, for example, the EAD client software download page.
The server that provides the URL must be on the free IP accessible to unauthenticated users.
Configuring EAD fast deployment
Configuration prerequisites
Enable 802.1X globally.
Enable 802.1X on the port, and set the port authorization mode to
auto
.
Configuration procedure
Configuring a free IP
When a free IP is configured, the EAD fast deployment is enabled. To allow a user to obtain a dynamic IP
address before passing 802.1X authentication, make sure the DHCP server is on the free IP segment.
Follow these steps to configure a free IP: