2 quick ead deployment configuration, Introduction to quick ead deployment, Quick ead deployment overview – H3C Technologies H3C S3600 Series Switches User Manual

2-1

2

Quick EAD Deployment Configuration

When configuring quick EAD deployment, go to these sections for information you are interested in:

z

Introduction to Quick EAD Deployment

z

Configuring Quick EAD Deployment

z

Displaying and Maintaining Quick EAD Deployment

z

Quick EAD Deployment Configuration Example

z

Troubleshooting

Introduction to Quick EAD Deployment

Quick EAD Deployment Overview

As an integrated solution, an Endpoint Admission Defense (EAD) solution can improve the overall

defense power of a network. In real applications, however, deploying EAD clients proves to be time

consuming and inconvenient.

To address the issue, the H3C S3600 series provides the forcible deployment of EAD clients with

802.1x authentication, easing the work of EAD client deployment.

Operation of Quick EAD Deployment

Quick EAD deployment is achieved with the two functions: restricted access and HTTP redirection.

Restricted access

Before passing 802.1x authentication, a user is restricted (through ACLs) to a specific range of IP

addresses or a specific server. Services like EAD client upgrading/download and dynamic address

assignment are available on the specific server.

HTTP redirection

In the HTTP redirection approach, when the terminal users that have not passed 802.1x authentication

access the Internet through Internet Explorer, they are redirected to a predefined URL for EAD client

download.

The two functions ensure that all the users without an EAD client have downloaded and installed one

from the specified server themselves before they can access the Internet, thus decreasing the

complexity and effort that EAD client deployment may involve.

The quick EAD deployment feature takes effect only when the access control mode of an

802.1x-enabled port is set to auto.