No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


S12700 V200R011C10 Configuration Guide - User Access and Authentication

This document describes the working mechanisms, configuration procedures, and configuration examples of User Access and Authentication features, such as AAA, DAA, NAC, PPPoE, Policy Association, and IP session.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Overview of NAC

Overview of NAC


Network Admission Control (NAC) is an end-to-end security control technology that authenticates clients and users who attempt to access the network..

With the development of enterprise network, threats increasingly bring risks, such as viruses, Trojan horses, spyware, and malicious network attacks. On a traditional enterprise network, the intranet is considered as secure and threats come from extranet. However, 80% security threats actually come from the intranet. The intranet threats will cause serious damage in a wide range. Even worse, the system and network will break down. In addition, when intranet users browse websites on the external network, the spyware and Trojan horse software may be automatically installed on users' computers, which cannot be sense by the users. The malicious software may spread on the internal network.

The traditional security measures cannot meet requirements on border defense due to increasing security challenges. The security model should be converted into active mode to solve security problems from the roots (terminals), improving information security level of the entire enterprise.

The NAC solution integrates terminal security and access control and takes the check, audit, secure, and isolation measures to improve the proactive protection capability of terminals. This solution ensures security of each terminal and the entire enterprise network.

As shown in Figure 4-1, NAC includes three components: NAC terminal, network access device, and access server.

Figure 4-1  Typical NAC networking diagram
  • NAC terminal: functions as the NAC client and interacts with network access devices to authenticate access users. If 802.1X authentication is used, users must install client software.
  • Network access device: function as the network access control point that enforces enterprise security policies. It allows, rejects, isolates, or restricts users based on the security policies customized for enterprise networks.
  • Access server: includes the access control server, management server, antivirus server, and patch server. It authenticates users, checks terminal security, repairs and upgrades the system, and monitors and audits user actions.


Traditional network security technologies focus on threats from external computers, but typically neglect threats from internal computers. In addition, current network devices cannot prevent attacks initiated by devices on internal networks.

The NAC security framework was developed to ensure the security of network communication services. The NAC security framework improves internal network security by focusing on user terminals, and implement security control over access users to provide end-to-end security.

Updated: 2019-10-21

Document ID: EDOC1000178117

Views: 123846

Downloads: 59

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next