3-2After the client is patched and compliant with the required security standard, the security policy serverreissues an ACL to the switch, which then assigns access right to the client so that the client canaccess more network resources.EAD ConfigurationThe EAD configuration includes:z Configuring the attributes of access users (such as username, user type, and password). For localauthentication, you need to configure these attributes on the switch; for remote authentication, youneed to configure these attributes on the AAA sever.z Configuring a RADIUS scheme.z Configuring the IP address of the security policy server.z Associating the ISP domain with the RADIUS scheme.EAD is commonly used in RADIUS authentication environment.This section mainly describes the configuration of security policy server IP address. For other relatedconfiguration, refer to AAA Overview.Follow these steps to configure EAD:To do… Use the command… RemarksEnter system view system-view —Enter RADIUS scheme view radius schemeradius-scheme-name —Configure the RADIUS server typeto extended server-type extended RequiredConfigure the IP address of asecurity policy serversecurity-policy-serverip-addressRequiredEach RADIUS scheme supports up toeight IP addresses of security policyservers.EAD Configuration ExampleNetwork requirementsIn Figure 3-2:z A user is connected to Ethernet 1/0/1 on the switch.z The user adopts 802.1x client supporting EAD extended function.z You are required to configure the switch to use RADIUS server for remote user authentication anduse security policy server for EAD control on users.The following are the configuration tasks:z Connect the RADIUS authentication server 10.110.91.164 and the switch, and configure theswitch to use port number 1812 to communicate with the server.z Configure the authentication server type to extended.z Configure the encryption password for exchanging messages between the switch and RADIUSserver to expert.z Configure the IP address 10.110.91.166 of the security policy server.