3com 5500-ei pwr Installation Instruction

 

3-1 

Endpoint Admission Defense (EAD) is an attack defense solution. Using this solution, you can enhance 

the active defense capability of network endpoints, prevents viruses and worms from spreading on the 

network, and protects the entire network by limiting the access rights of insecure endpoints. 

With the cooperation of switch, AAA sever, security policy server and security client, EAD is able to 

evaluate the security compliance of network endpoints and dynamically control their access rights. 

With EAD, a switch: 

z 

Verifies the validity of the session control packets it receives according to the source IP addresses 

of the packets: It regards only those packets sourced from authentication or security policy server 

as valid. 

z 

Dynamically adjusts the VLAN, rate and packet scheduling priority for user terminals according to 

session control packets, whereby to control the access rights of users dynamically. 

EAD checks the security status of users before they can access the network, and forcibly implements 

user access control policies according to the check results. In this way, it can isolate the users that are 

not compliant with security standard and force these users to update their virus databases and install 

system patches. 

 shows a typical network application of EAD. 

Figure 3-1 Typical network application of EAD 

 

The EAD configuration includes: 

z 

Configuring the attributes of access users (such as username, user type, and password). For local 

authentication, you need to configure these attributes on the switch; for remote authentication, you 

need to configure these attributes on the AAA sever. 

z 

Configuring a RADIUS scheme.