Operation Manual – AAAH3C S5600 Series Ethernet Switches Chapter 3 EAD Configuration3-2After a client passes the authentication, the security Client (software installed on theclient PC) interacts with the security policy server to check the security status of theclient. If the client is not compliant with the security standard, the security policy serverissues an ACL to the switch, which then inhibits the client from accessing any parts ofthe network except for the virus/patch server.After the client is patched and compliant with the required security standard, thesecurity policy server reissues an ACL to the switch, which then assigns access right tothe client so that the client can access more network resources.3.3 EAD ConfigurationThe EAD configuration includes:z Configuring the attributes of access users (such as username, user type, andpassword). For local authentication, you need to configure these attributes on theswitch; for remote authentication, you need to configure these attributes on theAAA sever.z Configuring a RADIUS scheme.z Configuring the IP address of the security policy server.z Associating the ISP domain with the RADIUS scheme.EAD is commonly used in RADIUS authentication environment.This section mainly describes the configuration of security policy server IP address. Forother related configuration, refer to AAA Overview.Follow these steps to configure EAD:To do… Use the command… RemarksEnter system view system-view —Enter RADIUSscheme viewradius schemeradius-scheme-name —Configure the RADIUSserver type toextendedserver-type extended RequiredConfigure the IPaddress of a securitypolicy serversecurity-policy-serverip-addressRequiredEach RADIUS schemesupports up to eight IPaddresses of security policyservers.3.4 EAD Configuration ExampleI. Network requirementsIn Figure 3-2: