No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


CLI-based Configuration Guide - Security

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document provides the basic concepts, configuration procedures, and configuration examples in different application scenarios of the network management feature supported by the device.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
NAC Fundamentals

NAC Fundamentals


Figure 3-2 shows the basic NAC process.

Figure 3-2  Basic NAC process
  1. The access device works with a security policy server (for example, an AAA server) to authenticate the user when an NAC terminal connects to the network.
  2. The security policy server delivers the authorization information to the access device if the user is authenticated. If the authentication fails, the access device isolates the user.
  3. Based on the authorization information from the security policy server, the access device controls the terminal user's network access rights and establishes a communication channel between the terminal and security policy server.
  4. The NAC terminal directly exchanges information with the security policy server. The terminal reports its status information, including the antivirus database, operating system, and patch versions.
  5. The security policy server checks the terminal status, and redelivers the authorization information to the access device if the NAC terminal does not comply with enterprise security standards.
  6. The access device modifies the terminal user's network access rights according to the authorization information delivered by the security policy server.
  7. Based on the status check result, the NAC terminal connects to the software server to download client software, repair the system, or upgrade the patch or antivirus database until the terminal complies with the enterprise security standards.

Comparison Between Three Authentication Modes

NAC provides three authentication modes: 802.1X authentication, MAC address authentication, and Portal authentication. Table 3-1 compares the three authentication modes.

Table 3-1  Authentication mode comparisons


802.1X Authentication

MAC Address Authentication

Portal Authentication



Not required

Not required


High security

No client required

Flexible deployment


Inflexible deployment

Complex management and MAC address registration required

Low security


New network with concentrated users and high requirements for security

Authentication of dumb terminals such as printers and fax machines

Scenario with flexible authentication modes and scattered users

Updated: 2019-08-07

Document ID: EDOC1100034077

Views: 125749

Downloads: 230

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next