< Home

Configuration Procedure for NAC

Pre-configuration Tasks

NAC only provides multiple network access control protocols for users. To completely authenticate user identity and control users' network access rights, complete the following AAA configuration tasks before configuring NAC:

  • Configure the domain and AAA scheme.
  • Configure the user name and password on the RADIUS or HWTACACS server if RADIUS or HWTACACS authentication is used.
  • Configure the user name and password on the network access device if local authentication is used.

For details about how to configure the AAA client, see AAA Configuration.

Configuration Procedure

Figure 1 NAC Configuration Procedure

NAC Configuration Tasks

Authentication Mode

Scenario

Task

802.1X authentication

Users are densely distributed and high information security is required.
Perform the following configurations in sequence:
  1. Configuring an 802.1X Access Profile
  2. Configuring an Authentication Profile
  3. NAC Application

MAC Address authentication

Dumb terminals such as printers and fax machines need to connect to the network.
Perform the following configurations in sequence:
  1. Configuring a MAC Access Profile
  2. Configuring an Authentication Profile
  3. NAC Application

Portal authentication

Users are sparsely distributed and move frequently.

Portal servers are classified into built-in and external Portal servers. A built-in Portal server is integrated in an access device, whereas an external Portal server has independent hardware. Compared with the external Portal server, the built-in Portal server supports more flexible deployment, but provides only basic functions of the external Portal server.
When using an external Portal server for authentication, perform the following configurations in sequence:
  1. Configuring a Portal Access Profile (for an External Portal Server-Portal Protocol) or Configuring a Portal Access Profile (for an External Portal Server-HTTP/HTTPS Protocol)
  2. Configuring an Authentication Profile
  3. NAC Application
When using a built-in Portal server for authentication, perform the following configurations in sequence:
  1. Configuring a Portal Access Profile (for a Built-in Portal Server)
  2. Configuring an Authentication Profile
  3. NAC Application

Multi-mode authentication

The device allows multiple authentication modes to be deployed simultaneously to meet various authentication requirements on the network.

To configure multi-mode authentication of several authentication modes, you only need to bind corresponding access profiles to an authentication profile. The device triggers the corresponding authentication based on received authentication packets.
Perform the following configurations in sequence:
  1. Configuring an Access Profile
  2. Configuring an Authentication Profile
  3. NAC Application
Parent Topic: NAC Configuration (Unified Mode)
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >