3com 4200G ユーザーズマニュアル
176
C
HAPTER
18: AAA C
ONFIGURATION
G
UIDE
Complete Configuration
#
system-view
hwtacacs scheme hwtac
primary authentication 10.110.91.164 49
primary authorization 10.110.91.164 49
key authentication expert
key authorization expert
user-name-format without-domain
quit
#
domain hwtacacs
scheme hwtacacs-scheme hwtac
accounting optional
Precautions
The above describes only the configuration of the HWTACACS scheme on the
switch. The configuration of Telnet users on the HWTACACS server is omitted.
switch. The configuration of Telnet users on the HWTACACS server is omitted.
Configuring EAD
Endpoint Admission Defense (EAD) is an attack defense solution. By controlling
access of terminals, it enhances the active defense capability of network endpoints
and prevents viruses and worms from spreading on the network, thus securing the
entire network.
access of terminals, it enhances the active defense capability of network endpoints
and prevents viruses and worms from spreading on the network, thus securing the
entire network.
With the cooperation of the switch, AAA sever, security policy server and security
client, EAD is able to evaluate the security compliance of network endpoints and
dynamically control their access rights.
client, EAD is able to evaluate the security compliance of network endpoints and
dynamically control their access rights.
With EAD, a switch verifies the validity of the session control packets it receives
according to the source IP addresses of the packets:
according to the source IP addresses of the packets:
It regards only packets from the authentication and security policy servers valid.
It assigns ACLs according to session control packets, thus controlling the access
rights of users dynamically.
rights of users dynamically.
Network Diagram
Figure 47 Network diagram for configuring EAD
Eth1/0/1
Internet
User
Security policy servers
10.110.91.166 /16
Virus patch servers
10.110.91.168/16
Authentication servers
10 .110 .91.164/16