No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


S600-E V200R013C00 Configuration Guide - User Access and Authentication

This document describes the configurations of User Access and Authentication Configuration, including AAA, NAC, and Policy Association.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Overview of NAC

Overview of NAC


Network Admission Control (NAC) is an end-to-end security control technology that authenticates users who attempt to access the network to ensure network security.

Comparison Between Three NAC Authentication Modes

NAC provides 802.1X authentication, MAC address authentication, and Portal authentication. You can select a proper authentication mode or a combination of multiple authentication modes based on your application scenarios. The combination of multiple authentication modes varies according to the device type and configuration. Table 2-1 compares the three NAC authentication modes.

Table 2-1  Comparison between NAC authentication modes


802.1X Authentication

MAC Address Authentication

Portal Authentication

Application scenario

New network with concentrated users and high requirements for information security

Authentication of dumb terminals such as printers and fax machines

Scenario where users are sparsely distributed and move frequently



Not required

Not required


High security

No client required

Flexible deployment


Inflexible deployment

Complex management and MAC address registration required

Low security


To configure NAC, you must enable authentication, authorization, and accounting (AAA). NAC and AAA work together to implement access authentication.

  • NAC is used for interaction between users and access devices. It controls the user access mode (802.1X, MAC address, or Portal), as well as the parameters and timers used during network access. NAC ensures secure and stable connections between authorized users and access devices.
  • AAA is used for interaction between access devices and authentication servers. AAA provides authentication, authorization, and accounting for access users to control their network access rights.
Updated: 2019-04-20

Document ID: EDOC1100066170

Views: 20667

Downloads: 6

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next