| 摘要 |
<p>Disclosed are a network access control method and device, which are used for reducing the access control difficulty when an existing mobile terminal accesses a network securely. The method comprises: receiving, by a network access device, an access request message which is sent by a mobile terminal and carries an identifier of the mobile terminal; judging a registration state corresponding to the identifier of the mobile terminal; if the registration state is unregistered, after an IP address is allocated to the mobile terminal, setting an access control policy corresponding to the IP address to be permitting the IP address to access an authentication webpage; receiving, by the network access device, a webpage access request message which is sent by the mobile terminal by using the IP address, according to the access control policy, redirecting the webpage access request message to the authentication webpage, and if it is determined that the mobile terminal is authenticated successfully, redirecting same to a registration webpage; and if the network access device determines that the mobile terminal completes the registration, sending to the mobile terminal a configuration file and a digital certificate which are used for accessing a wireless network of an enterprise via EAP-TLS.</p> |
