R2511-HP MSR Router Series Security Configuration Guide(V5)
110
Configuring EAD fast deployment
The following matrix shows the feature and router compatibility:
Feature MSR900 MSR93
X
MSR20-1
X
MSR20
MSR30
MSR50 MSR1000
EAD fast
deployment
No No No No
Only available
on MSR30-11E
and MSR30-11F
No No
Overview
Endpoint Admission Defense (EAD) is an HP integrated endpoint access control solution, which enables
the security client, security policy server, access device, and third-party server to work together to
improve the threat defensive capability of a network. If a terminal device seeks to access an EAD network,
it must have an EAD client, which performs 802.1X authentication.
EAD fast deployment enables the access device to redirect a user seeking to access the network to
download and install EAD client. This function eliminates the tedious job of the administrator to deploy
EAD clients.
EAD fast deployment is implemented by the following functions:
• Free IP
• URL redirection
Free IP
A free IP is a freely accessible network segment, which has a limited set of network resources such as
software and DHCP servers. An unauthenticated user can access only this segment to download EAD
client, obtain a dynamic IP address from a DHCP server, or perform some other tasks to be compliant
with the network security strategy.
URL redirection
If an unauthenticated 802.1X user is using a web browser to access the network, the EAD fast deployment
function redirects the user to a specific URL, for example, the EAD client software download page.
The server that provides the URL must be on the free IP accessible to unauthenticated users.
Configuration prerequisites
• Enable 802.1X globally.
• Enable 802.1X on the port, and set the port authorization mode to auto.