Ead configuration, Ead configuration example, 2 ead configuration example – H3C Technologies H3C WX3000 Series Unified Switches User Manual
Page 282
25-2
After the client is patched and compliant with the required security standard, the security policy server
reissues an ACL to the device, which then assigns access right to the client so that the client can access
more network resources.
EAD Configuration
The EAD configuration includes:
z
Configuring the attributes of access users (such as user name, user type, and password). For local
authentication, you need to configure these attributes on the device; for remote authentication, you
need to configure these attributes on the AAA sever.
z
Configuring a RADIUS scheme.
z
Configuring the IP address of the security policy server.
z
Associating the ISP domain with the RADIUS scheme.
EAD is commonly used in RADIUS authentication environment.
This section mainly describes the configuration of security policy server IP address. For other related
configuration, refer to
.
Follow these steps to configure EAD:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter RADIUS scheme view
radius scheme
radius-scheme-name
—
Configure the RADIUS server type
to extended
server-type extended
Required
Configure the IP address of a
security policy server
security-policy-server
ip-address
Required
Each RADIUS scheme supports up
to eight IP addresses of security
policy servers.
EAD Configuration Example
Network requirements
In
z
A user is connected to GigabitEthernet 1/0/1 on the device.
z
The user adopts 802.1x client supporting EAD extended function.
z
You are required to configure the device to use RADIUS server for remote user authentication and
use security policy server for EAD control on users.
The following are the configuration tasks:
z
Connect the RADIUS authentication server 10.110.91.164 and the device, and configure the
device to use port number 1812 to communicate with the server.
z
Configure the authentication server type to extended.
z
Configure the encryption password for exchanging messages between the device and RADIUS
server to “expert”.
z
Configure the IP address 10.110.91.166 of the security policy server.