The invention relates to a network access controlling method based on network access device port: according to message address information, configuring the processing mode of message passing through the network access device; obtaining the address information of the massage and processing the message according to the obtained address information and corresponding configuration information. It binds user-source MAC address and source IP address with the corresponding port and binds exchanger-supported VLAN ID and the member corresponding to the VLAN ID, thus effectively preventing the illegal user which uses counterfeit source MAC address, source IP address and VLAN ID from viciously accessing or attacking the network. It also makes access limitations on the message entering in the network through the network access device port in view of the destination address of the message, including the network access control of broadcast message, unicast message, multicast message, the message transmitted to the server and the message with specific destination MAC address, and effectively prevents legal user from viciously attacking the network by counterfeiting some destination MAC addresses.