Introduction To Nac; Authentication - Huawei Quidway S2700 Series Configuration Manual
Hide thumbs
Also See for Quidway S2700 Series:
- Configuration manual (354 pages) ,
- Hardware installation and maintenance manual (183 pages) ,
- Quick start manual (62 pages)
Table of Contents
Advertisement
Quidway S2700 Series Ethernet Switches
Configuration Guide - Security
2.1 Introduction to NAC
This section describes the working principle of NAC.
Traditional network security technologies focus on the threat brought by external computers,
rather than the threat brought by internal computers. In addition, the current network devices
cannot prevent the attacks initiated by the internal devices on the network. Network Admission
Control (NAC) is an architecture of secure access, with the end-to-end security concept. NAC
considers the internal network security from the perspective of user terminals, rather than
network devices.
Figure 2-1 Typical networking of NAC
As shown in
the following parts:
l
l
l
2.1.1 802.1x Authentication
The IEEE 802.1x standard (hereinafter referred to as 802.1x), is an interface-based network
access control protocol. Interface-based network access control is used to authenticate and
control access devices on an interface of a LAN access control device. User devices connected
to the interface can access the sources on the LAN only after they pass the authentication.
802.1x focuses on the status of the access interface only. When an authorized user accesses the
network by sending the user name and password, the interface is open. When an unauthorized
Issue 01 (2011-07-15)
User
Figure
2-1, NAC, as a controlling scheme for network security access, includes
User: Access users who need to be authenticated. If 802.1x is adopted for user
authentication, users need to install client software.
NAD: Network access devices, including routers and switches (hereinafter referred to as
the S2700), which are used to authenticate and authorize users. The NAD needs to work
with the AAA server to prevent unauthorized terminals from accessing the network,
minimize the threat brought by insecure terminals, prevent unauthorized access requests
from authorized terminals, and thus protect core resources.
ACS: Access control server that is used to check terminal security and health, manage
policies and user behaviors, audit rule violations, strengthen behavior audit, and prevent
malicious damages from terminals.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
NAD
Switch
2 NAC Configuration
ACS
Remediation
server
AAA server
Directory
server
PVS & Aduit
server
48
Advertisement
Table of Contents
