Operation Manual – AAA & RADIUS & HWTACACS & EAD
Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2
EAD Configuration
Huawei Technologies Proprietary
2-1
Chapter 2 EAD Configuration
2.1 Introduction to EAD
Endpoint admission defense (EAD) is an attack defense solution that monitors endpoint
admission. This enhances the active defense ability of endpoints, and prevents viruses
and worms from spreading on the network. Meanwhile, EAD protects the entire network
by restricting the access right of those hazardous terminals.
EAD requires the cooperation between switch, AAA sever, security policy server and
security client, thus to evaluate the security compliance of endpoints and dynamically
control their access rights.
After implementing the EAD, the switch determines the validity of packets it receives
according to the source IP address of the packets:
z Only those packets sent from the authentication server and the security policy
server can be regarded as valid.
z The switch dynamically adjusts the VLAN, rate, packet scheduling priority and the
access control list (ACL) on the user terminal according to the session control
packet, thus to control user access right dynamically.
2.2 Typical Network Application of EAD
The EAD scheme checks the security status of the user, and implements the user
access control policy forcibly according to the result. Therefore, those non-compliant
users are isolated and are forced to upgrade virus database software and install system
patches.
Figure 2-1 shows the typical network application of EAD.
Client
Authentication server
Security policy server
Virus patch server
Client
Authentication server
Security policy server
Virus patch server
Figure 2-1 The typical network application of EAD
To Next Page
Loading...
