It'd be better to base security on Radius Server and 802.1X access authentication.
802.1X access authentication system is widely used in Ethernet environment as a solution to provide authentication access for clients. 802.1X access authentication is based on “port”,which means the access control and AAA authentications for clients is based on the “port” of NAS (Network Access Server).If the client connects to the port of NAS passes the authentication of Radius Server, then the client can get access to the resources belonging to the NAS, but not the other way around.