3-2After the client is patched and compliant with the required security standard, the security policy serverreissues an ACL to the device, which then assigns access right to the client so that the client can accessmore network resources.EAD ConfigurationThe EAD configuration includes:z Configuring the attributes of access users (such as user name, user type, and password). For localauthentication, you need to configure these attributes on the device; for remote authentication, youneed to configure these attributes on the AAA sever.z Configuring a RADIUS scheme.z Configuring the IP address of the security policy server.z Associating the ISP domain with the RADIUS scheme.EAD is commonly used in RADIUS authentication environment.This section mainly describes the configuration of security policy server IP address. For other relatedconfiguration, refer to AAA Overview.Follow these steps to configure EAD:To do… Use the command… RemarksEnter system view system-view —Enter RADIUS scheme view radius schemeradius-scheme-name —Configure the RADIUS servertype to extended server-type extended RequiredConfigure the IP address of asecurity policy serversecurity-policy-serverip-addressRequiredEach RADIUS schemesupports up to eight IPaddresses of security policyservers.EAD Configuration ExampleNetwork requirementsIn Figure 3-2:z A user is connected to GigabitEthernet 1/0/1 on the device.z The user adopts iNode client supporting EAD extended function.z You are required to configure the device to use RADIUS server for remote user authentication anduse security policy server for EAD control on users.The following are the configuration tasks:z Connect the RADIUS authentication server 10.110.91.164 and the device, and configure thedevice to use port number 1812 to communicate with the server.z Configure the authentication server type to extended.z Configure the encryption password for exchanging messages between the device and RADIUSserver to “expert”.z Configure the IP address 10.110.91.166 of the security policy server.
