Operation Manual – AAA & RADIUS & HWTACACS & EADH3C S7500 Series Ethernet Switches Chapter 2 EAD Configuration2-3The security client (software installed on PC) checks the security status of a client thatjust passes the authentication, and interacts with the security policy server. If the clientis not compliant with the security standard, the security policy server issues ACL controlpackets to the switch to control which resources the client can access.After the client’s vulnerability is fixed and it is compliant with the required securitystandard, the security client passes the security state of the client to the security policyserver, which then reissues an ACL to the switch to assign the access right to the clientso that it can access more network resources.2.3 EAD Configuration2.3.1 Configuration prerequisitesEAD is implemented typically in RADIUS scheme. Before configuring EAD, perform thefollowing configuration:z Configuring the attributes, such as the user name, user type, and password foraccess users. If local authentication is to be performed, you need to configurethese attributes on the switch; if remote authentication is to be performed, youneed to configure these attributes on the AAA sever.z Configuring a RADIUS scheme.z Associating domain with RADIUS scheme.For the detailed configuration procedure, refer to AAA & RADIUS & HWTACACSConfiguration.2.3.2 Configuring EADTable 2-1 EAD configurationTo do... Use the command... RemarksEnter system view system-view —Enter RADIUSscheme viewradius schemeradius-scheme-name —Configure theRADIUS server typeto extendedserver-type extendedOptionalBy default, for a new RADIUSscheme, the server type isstandard; The type of RADIUSserver in the default RADIUSscheme system is extended.Configure the IPaddress for thesecurity policy serversecurity-policy-serverip-addressOptionalThis configuration is optional ifthe security policy server andRADIUS server run on the samemachine; otherwise, it is required.