3-13 EAD ConfigurationIntroduction to EADEndpoint Admission Defense (EAD) is an attack defense solution. Using this solution, you canenhance the active defense capability of network endpoints, prevents viruses and worms fromspreading on the network, and protects the entire network by limiting the access rights of insecureendpoints.With the cooperation of switch, AAA sever, security policy server and security client, EAD is able toevaluate the security compliance of network endpoints and dynamically control their access rights.With EAD, a switch:z Verifies the validity of the session control packets it receives according to the source IP addressesof the packets: It regards only those packets sourced from authentication or security policy serveras valid.z Dynamically adjusts the VLAN, rate, packet scheduling priority and Access Control List (ACL) foruser terminals according to session control packets, whereby to control the access rights of usersdynamically.Typical Network Application of EADEAD checks the security status of users before they can access the network, and forcibly implementsuser access control policies according to the check results. In this way, it can isolate the users that arenot compliant with security standard and force these users to update their virus databases and installsystem patches. Figure 3-1 shows a typical network application of EAD.Figure 3-1 Typical network application of EADAfter a client passes the authentication, the security Client (software installed on the client PC) interactswith the security policy server to check the security status of the client. If the client is not compliant withthe security standard, the security policy server issues an ACL to the switch, which then inhibits theclient from accessing any parts of the network except for the virus/patch server.