After the client is patched and compliant with the required security standard, the security policy server reissues an ACL to the device, which then assigns access right to the client so that the client can access more network resources.

EAD Configuration

The EAD configuration includes:

z

z z z

Configuring the attributes of access users (such as user name, user type, and password). For local authentication, you need to configure these attributes on the device; for remote authentication, you need to configure these attributes on the AAA sever.

Configuring a RADIUS scheme.

Configuring the IP address of the security policy server. Associating the ISP domain with the RADIUS scheme.

EAD is commonly used in RADIUS authentication environment.

This section mainly describes the configuration of security policy server IP address. For other related configuration, refer to AAA Overview.

Follow these steps to configure EAD:

To do…

Use the command…

Remarks

Enter system view

system-view

 

 

 

Enter RADIUS scheme view

radius scheme

radius-scheme-name

 

 

 

 

 

Configure the RADIUS server

server-type extended

Required

type to extended

 

 

 

 

 

 

 

Required

Configure the IP address of a

security-policy-server

Each RADIUS scheme

supports up to eight IP

security policy server

ip-address

addresses of security policy

 

 

 

 

servers.

 

 

 

EAD Configuration Example

Network requirements

In Figure 3-2:

z

z

z

A user is connected to GigabitEthernet 1/0/1 on the device.

The user adopts iNode client supporting EAD extended function.

You are required to configure the device to use RADIUS server for remote user authentication and use security policy server for EAD control on users.

The following are the configuration tasks:

z

z z

z

Connect the RADIUS authentication server 10.110.91.164 and the device, and configure the device to use port number 1812 to communicate with the server.

Configure the authentication server type to extended.

Configure the encryption password for exchanging messages between the device and RADIUS server to “expert”.

Configure the IP address 10.110.91.166 of the security policy server.

3-2

Page 291
Image 291
3Com WX3000 operation manual EAD Configuration Example, Security-policy-server, Ip-address