No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R008C00 CLI-based Configuration Guide

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Application Scenarios for NAC

Application Scenarios for NAC

802.1X Authentication

As shown in Figure 25-78, users' network access needs to be controlled to ensure network security. Only authenticated users are allowed to access network resources authorized by the administrator.

Figure 25-78  Typical application of 802.1X authentication

After the 802.1X client software is installed on the user terminal (the 802.1X client is built in the smartphone), the client can initiate an authentication application to the access device. After exchanging information with the user terminal, the access device sends the user information to the authentication server for authentication. If the authentication succeeds, the access device sets the interface connected to the user to the Up state and allows the user to access the network. If the authentication fails, the access device rejects the user's access request.

MAC Address Authentication

As shown in Figure 25-79, user terminals' network access needs to be controlled to ensure network security. Only authenticated users are allowed to access network resources authorized by the administrator.

Figure 25-79  Typical application of MAC address authentication

If you cannot install the 802.1X client on a terminal or you do not need to install the 802.1X client on a mobile phone, enable MAC address authentication connected to the terminal or mobile phone. Then the access device uses the MAC address of the terminal as the user name and password, and reports the MAC address to the authentication server for authentication. If the authentication succeeds, the access device enables the interface connected to the terminal and allows the terminal to access the network. If the authentication fails, the access device rejects the terminal's access request.

Portal Authentication

As shown in Figure 25-80, user terminals' network access needs to be controlled to ensure network security. Only authenticated users are allowed to access network resources authorized by the administrator.

Figure 25-80  Typical application of Portal authentication

If the user only requires Portal authentication using a web browser, enable Portal authentication on the access device.

When an unauthenticated user accesses the Internet, the access device redirects the user to the Portal authentication website to start Portal authentication. If the authentication succeeds, the access device sets the interface connected to the user to the Up state and allows the user to access the network. If the authentication fails, the access device rejects the user's access request.

Typical Application of WeChat Authentication (Central AP)

In Figure 25-81, shops provide customers with free Wi-Fi hotspots through WeChat public accounts to guide consumption.

To ensure network security, network access of user terminals needs to be controlled. Only the users who pass WeChat authentication are allowed to access network resources authorized by administrators.

Figure 25-81  Typical application of WeChat authentication

WeChat authentication is configured on an access device. When users access the Internet, they are redirected to the WeChat authentication page for WeChat authentication. During WeChat authentication, users can temporarily access the Internet within the pre-authentication period. If a user fails to pass authentication, the access device does not allow the user to access the Internet after the pre-authentication period expires. If the user passes authentication successfully, the access device allows the user to access the Internet.

Translation
Download
Updated: 2019-01-11

Document ID: EDOC1000176006

Views: 116393

Downloads: 309

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next