Scribd
Upload
67 views

What Is NAC

Uploaded by

Umar Siddique
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
67 views

What Is NAC

Uploaded by

Umar Siddique
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

What is NAC

Issue 02
Date 2020-11-16

HUAWEI TECHNOLOGIES CO., LTD.


Copyright © Huawei Technologies Co., Ltd. 2020. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior
written consent of Huawei Technologies Co., Ltd.

Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.

Notice
The purchased products, services and features are stipulated by the contract made between Huawei and
the customer. All or part of the products, services and features described in this document may not be
within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements,
information, and recommendations in this document are provided "AS IS" without warranties, guarantees
or representations of any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.


Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China

Website: https://www.huawei.com
Email: [email protected]

Issue 02 (2020-11-16) Copyright © Huawei Technologies Co., Ltd. i


What is NAC Contents

Contents

1 What is NAC..............................................................................................................................1

Issue 02 (2020-11-16) Copyright © Huawei Technologies Co., Ltd. ii


What is NAC 1 What is NAC

1 What is NAC

Definition
Network Admission Control (NAC) is an end-to-end access security framework
and includes 802.1X authentication, MAC address authentication, and Portal
authentication.
With the development of enterprise network, threats increasingly bring risks, such
as viruses, Trojan horses, spyware, and malicious network attacks. On a traditional
enterprise network, the intranet is considered as secure and threats come from
extranet. However, 80% security threats actually come from the intranet. The
intranet threats will cause serious damage in a wide range. Even worse, the
system and network will break down. In addition, when intranet users browse
websites on the external network, the spyware and Trojan horse software may be
automatically installed on users' computers, which cannot be sense by the users.
The malicious software may spread on the internal network.
The traditional security measures cannot meet requirements on border defense
due to increasing security challenges. The security model should be converted into
active mode to solve security problems from the roots (terminals), improving
information security level of the entire enterprise.
The NAC solution integrates terminal security and access control and takes the
check, audit, secure, and isolation measures to improve the proactive protection
capability of terminals. This solution ensures security of each terminal and the
entire enterprise network.
As shown in the following diagram, NAC includes three components: NAC
terminal, network access device, and access server.
1. Typical NAC networking diagram

Issue 02 (2020-11-16) Copyright © Huawei Technologies Co., Ltd. 1


What is NAC 1 What is NAC

● NAC terminal: functions as the NAC client and interacts with network access
devices to authenticate access users. If 802.1X authentication is used, users
must install client software.
● Network access device: function as the network access control point that
enforces enterprise security policies. It allows, rejects, isolates, or restricts
users based on the security policies customized for enterprise networks.
● Access server: includes the access control server, management server, antivirus
server, and patch server. It authenticates users, checks terminal security,
repairs and upgrades the system, and monitors and audits user actions.

Purpose
Traditional network security technologies focus on threats from external
computers, but typically neglect threats from internal computers. In addition,
current network devices cannot prevent attacks initiated by devices on internal
networks.
The NAC security framework was developed to ensure the security of network
communication services. The NAC security framework improves internal network
security by focusing on user terminals, and implement security control over access
users to provide end-to-end security.

Comparison Between Three NAC Authentication Modes


NAC provides 802.1X authentication, MAC address authentication, and Portal
authentication. You can select a proper authentication mode or a combination of
multiple authentication modes based on your application scenarios. The
combination of multiple authentication modes varies according to the device type
and configuration. Table 1 compares the three NAC authentication modes.

Issue 02 (2020-11-16) Copyright © Huawei Technologies Co., Ltd. 2


What is NAC 1 What is NAC

Table 1-1 Comparison between NAC authentication modes


Item 802.1X MAC Address Portal
Authentication Authentication Authentication

Application New network Authentication of Scenario where


scenario with concentrated dumb terminals users are sparsely
users and high such as printers distributed and
requirements for and fax machines move frequently
information
security

Client Required Not required Not required

Advantage High security No client required Flexible


deployment

Disadvantage Inflexible Complex Low security


deployment management and
MAC address
registration
required

NAC and AAA


To configure NAC, you must enable authentication, authorization, and accounting
(AAA). NAC and AAA work together to implement access authentication.
● NAC is used for interaction between users and access devices. It controls the
user access mode (802.1X, MAC address, or Portal), as well as the parameters
and timers used during network access. NAC ensures secure and stable
connections between authorized users and access devices.
● AAA is used for interaction between access devices and authentication servers.
AAA provides authentication, authorization, and accounting for access users
to control their network access rights.

Issue 02 (2020-11-16) Copyright © Huawei Technologies Co., Ltd. 3

You might also like