Operation Manual – 802.1x-System GuardH3C S3100 Series Ethernet Switches Chapter 2 Quick EAD Deployment Configuration2-1Chapter 2 Quick EAD Deployment ConfigurationNote:The configuration introduced in this chapter is only supported by the S3100-EI seriesswitches.2.1 Introduction to Quick EAD Deployment2.1.1 Quick EAD Deployment OverviewAs an integrated solution, an Endpoint Admission Defense (EAD) solution can improvethe overall defense power of a network. In real applications, however, deploying EADclients proves to be time consuming and inconvenient.To address the issue, the H3C S3100 series provides the forcible deployment of EADclients with 802.1x authentication, easing the work of EAD client deployment.2.1.2 Operation of Quick EAD DeploymentQuick EAD deployment is achieved with the two functions: restricted access and HTTPredirection.I. Restricted accessBefore passing 802.1x authentication, a user is restricted (through ACLs) to a specificrange of IP addresses or a specific server. Services like EAD clientupgrading/download and dynamic address assignment are available on the specificserver.II. HTTP redirectionIn the HTTP redirection approach, when the terminal users that have not passed802.1x authentication access the Internet through Internet Explorer, they are redirectedto a predefined URL for EAD client download.The two functions ensure that all the users without an EAD client have downloaded andinstalled one from the specified server themselves before they can access the Internet,thus decreasing the complexity and effort that EAD client deployment may involve.