6 802.1x-based ead fast deployment configuration, Ead fast deployment overview, Ead fast deployment implementation – H3C Technologies H3C S7500E Series Switches User Manual

Page 122: Limit on accessible network resources, Url redirection, Configuring ead fast deployment, 1x-based ead fast deployment configuration

6-1

802.1X-Based EAD Fast Deployment

Configuration

This chapter includes these sections:

EAD Fast Deployment Overview

Endpoint Admission Defense (EAD) is an integrated endpoint access control solution. By

allowing the security clients, access devices, security policy servers, and third-party servers in

the network to collaborate with each other, it can improve the overall defense capability of a

network and implement centralized management of users.

Normally, to use EAD on your network, you need to manually deploy the EAD client on each

device, which tends to be time consuming and inefficient. To address the issue, quick EAD

deployment was developed. In conjunction with 802.1X, it can have an access switch to force

all attached devices to download and install the EAD client before permitting them to access the

network.

EAD Fast Deployment Implementation

To support the fast deployment of EAD schemes, 802.1X provides the following two

mechanisms:

Limit on accessible network resources

URL redirection

Limit on accessible network resources

Before successful 802.1X authentication, a user can access only a specific IP segment, which

may have one or more servers. Users can download EAD client software or obtain dynamic IP

address from the servers.

URL redirection

Before successful 802.1X authentication, a user using a web browser to access the network is

automatically redirected to a specified URL, for example, the EAD client software download

page. The server that provides the URL redirection must be in the specific network segment

that users can access before passing 802.1X authentication.

Configuring EAD Fast Deployment

This manual is related to the following products: