Overview of NAC

Definition

Network Admission Control (NAC) is an end-to-end security control technology that authenticates users who attempt to access the network to ensure network security.

Comparison Between Three NAC Authentication Modes

NAC provides 802.1X authentication, MAC address authentication, and Portal authentication. You can select a proper authentication mode or a combination of multiple authentication modes based on your application scenarios. The combination of multiple authentication modes varies according to the device type and configuration. Table 1 compares the three NAC authentication modes.

**Table 1** Comparison between NAC authentication modes
Item	802.1X Authentication	MAC Address Authentication	Portal Authentication
Application scenario	New network with concentrated users and high requirements for information security	Authentication of dumb terminals such as printers and fax machines	Scenario where users are sparsely distributed and move frequently
Client	Required	Not required	Not required
Advantage	High security	No client required	Flexible deployment
Disadvantage	Inflexible deployment	Complex management and MAC address registration required	Low security

NAC and AAA

To configure NAC, you must enable authentication, authorization, and accounting (AAA). NAC and AAA work together to implement access authentication.

NAC is used for interaction between users and access devices. It controls the user access mode (802.1X, MAC address, or Portal), as well as the parameters and timers used during network access. NAC ensures secure and stable connections between authorized users and access devices.
AAA is used for interaction between access devices and authentication servers. AAA provides authentication, authorization, and accounting for access users to control their network access rights.