beautypg.com

Ead configuration, Ead configuration example, Network requirements – H3C Technologies H3C S3600 Series Switches User Manual

Page 553

background image

3-2

After the client is patched and compliant with the required security standard, the security policy server

reissues an ACL to the switch, which then assigns access right to the client so that the client can access

more network resources.

EAD Configuration

The EAD configuration includes:

z

Configuring the attributes of access users (such as username, user type, and password). For local

authentication, you need to configure these attributes on the switch; for remote authentication, you

need to configure these attributes on the AAA sever.

z

Configuring a RADIUS scheme.

z

Configuring the IP address of the security policy server.

z

Associating the ISP domain with the RADIUS scheme.

EAD is commonly used in RADIUS authentication environment.

This section mainly describes the configuration of security policy server IP address. For other related

configuration, refer to

AAA Overview

.

Follow these steps to configure EAD:

To do…

Use the command…

Remarks

Enter system view

system-view

Enter RADIUS scheme
view

radius scheme
radius-scheme-name

Configure the RADIUS
server type to extended

server-type extended

Required

Configure the IP address of
a security policy server

security-policy-server
ip-address

Required

Each RADIUS scheme supports
up to eight IP addresses of
security policy servers.

EAD Configuration Example

Network requirements

In

Figure 3-2

:

z

A user is connected to Ethernet 1/0/1 on the switch.

z

The user adopts 802.1x client supporting EAD extended function.

z

You are required to configure the switch to use RADIUS server for remote user authentication and

use security policy server for EAD control on users.

The following are the configuration tasks:

z

Connect the RADIUS authentication server 10.110.91.164 and the switch, and configure the switch

to use port number 1812 to communicate with the server.

z

Configure the authentication server type to extended.

z

Configure the encryption password for exchanging messages between the switch and RADIUS

server to expert.

z

Configure the IP address 10.110.91.166 of the security policy server.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: