R3303-HP HSR6800 Routers Security Configuration Guide
105
Configuring EAD fast deployment
Overview
Endpoint Admission Defense (EAD) is an HP integrated endpoint access control solution, which enables
the security client, security policy server, Router, and third-party server to work together to improve the
threat defensive capability of a network. If a terminal device seeks to access an EAD network, it must
have an EAD client, which performs 802.1X authentication.
EAD fast deployment enables the Router to redirect a user seeking to access the network to download
and install EAD client. This function eliminates the tedious job of the administrator to deploy EAD clients.
NOTE:
EAD fast deployment is supported only on a SAP module that is operating in bridge mode.
EAD fast deployment is implemented by the following functions:
• Free IP
• URL redirection
Free IP
A free IP is a freely accessible network segment, which has a limited set of network resources such as
software and DHCP servers. An unauthenticated user can access only this segment to perform operations
to ensure security strategy compliance. For example, the user can download EAD client from a software
server or obtain a dynamic IP address from a DHCP server.
URL redirection
If an unauthenticated 802.1X user is using a web browser to access the network, the EAD fast deployment
function redirects the user to a specific URL, for example, the EAD client software download page.
The server that provides the URL must be on the free IP accessible to unauthenticated users.
Configuration prerequisites
• Enable 802.1X globally.
• Enable 802.1X on the port, and set the port authorization mode to auto.
Configuring a free IP
When a free IP is configured, the EAD fast deployment is enabled. To allow a user to obtain a dynamic
IP address before passing 802.1X authentication, make sure the DHCP server is on the free IP segment.
When global MAC authentication or port security is enabled, the free IP does not take effect.