No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - Security

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document provides the basic concepts, configuration procedures, and configuration examples in different application scenarios of the network management feature supported by the device.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
NAC Fundamentals

NAC Fundamentals

Process

Figure 3-2 shows the basic NAC process.

Figure 3-2  Basic NAC process
  1. The access device works with a security policy server (for example, an AAA server) to authenticate the user when an NAC terminal connects to the network.
  2. The security policy server delivers the authorization information to the access device if the user is authenticated. If the authentication fails, the access device isolates the user.
  3. Based on the authorization information from the security policy server, the access device controls the terminal user's network access rights and establishes a communication channel between the terminal and security policy server.
  4. The NAC terminal directly exchanges information with the security policy server. The terminal reports its status information, including the antivirus database, operating system, and patch versions.
  5. The security policy server checks the terminal status, and redelivers the authorization information to the access device if the NAC terminal does not comply with enterprise security standards.
  6. The access device modifies the terminal user's network access rights according to the authorization information delivered by the security policy server.
  7. Based on the status check result, the NAC terminal connects to the software server to download client software, repair the system, or upgrade the patch or antivirus database until the terminal complies with the enterprise security standards.

Comparison Between Three Authentication Modes

NAC provides three authentication modes: 802.1X authentication, MAC address authentication, and Portal authentication. Table 3-1 compares the three authentication modes.

Table 3-1  Authentication mode comparisons

Item

802.1X Authentication

MAC Address Authentication

Portal Authentication

Client

Required

Not required

Not required

Advantage

High security

No client required

Flexible deployment

Disadvantage

Inflexible deployment

Complex management and MAC address registration required

Low security

Scenario

New network with concentrated users and high requirements for security

Authentication of dumb terminals such as printers and fax machines

Scenario with flexible authentication modes and scattered users

Translation
Download
Updated: 2019-05-20

Document ID: EDOC1100034077

Views: 113857

Downloads: 210

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next