The invention relates to the technical field of terminal admission control, and particularly discloses a terminal admission control method based on switch port management. The method includes the steps that after a new terminal gets access to a network, the new terminal is collected through a switch, the unique identification of the terminal is extracted, and the terminal is interrelated with a port of the switch; the unique identification is compared with MAC addresses of an admission database and judged; if the unique identification is inquired, the new terminal is a legal terminal, and no action is generated; if the unique identification is not inquired, the new terminal is an illegal terminal or an external terminal, the corresponding port of the switch is closed immediately, and close information is recorded in the admission database; when a new terminal gets access to the network again, the new terminal is joined after window period processing; the previous steps are executed again to start processing; if no new terminal gets access to the network, the closed port of the switch is automatically opened after appointed time. MAC address management is adopted for the terminals, a terminal user is forbidden to change an MAC address without authorization, a virtual machine is managed, HUB access is stopped, and terminal admission control is accurate and strict.