摘要 |
The present invention relates to the field of communication security, and discloses a terminal authentication apparatus and method. The method includes: sending, by an authenticator, a MAC address of a terminal to an authentication server, and authenticating, by the authentication server, the MAC address according to a preset MAC address list; when an authentication result indicates that the terminal does not belong to the preset MAC address list, detecting, by a security gateway according to a data stream of the terminal, whether the terminal is a trusted terminal, and instructing, according to a detection result, the authentication server to update the MAC address list; and after the MAC address list is updated, triggering the authenticator to re-authenticate the terminal. The present invention resolves a problem that normal monitoring is seriously affected due to the fact that a terminal that is not in a whitelist is directly not allowed to access a monitoring network; whether the terminal is a trusted terminal is detected according to the data stream of the terminal, the terminal accessing the network is allowed or rejected according to a detection result, and the MAC address of the terminal does not need to be manually added to the authentication server, thereby reducing a workload. |