The invention relates to a security access control method of wired LAN and a system thereof, and the method comprises the following steps: 1) a requester (REQ) carries out security policy negotiation with an authentication access controller (AAC); 2) the REQ carries out identity authentication with the AAC; 3) the REQ carries out key agreement with the AAC. The invention realizes the direct identity authentication between a user and a network access control device; realizes agreement and dynamic update of a session key used for link layer protection; supports various network architectures, such as enterprise network, telecommunication network and the like; has excellent expandability, and supports a plurality of authentication methods; supports authentication protocols of different security classes, and satisfies various user requirements; has independent and flexible submodules of the protocols, and is convenient to accept or reject.