Network Applications is necessary nowadays. Network Management and security issues in the organization become more and more important. Modern organization and information systems have been inseparable. Organizations achieve their business process depending on the information systems. As the degree of information and the scale of the organizations increase, we cannot overlook the loss caused by the information security vulnerabilities. Focus on the requirement of application-layer controlling and user certifying, NAC (Network Access Control) begin to be discussed. Microsoft proposed a NAC solution called NAP (Network Access Protection) in Windows Server 2008, and Cisco also proposed a solution named NAC (Network Admission Control). These solutions have different advantages, and shortcomings. Therefore, we develop a system, named DONAC. DONAC could get better user authentication by directory service, and out-of-band block invalid user taking advantage of Ethernet features. It monitors real-time and logs all hosts and users in the network, provides flexible management policy. Once a client (host or user) violate the policy, DONAC prohibit the client from accessing the network immediately. It improves existing NAC solutions in flexibility, scalability, information integrity, and cost. Via actual test, DONAC system implementation can effectively control the network access of the client. Clients do not meet the policy will be blocked all network access immediately. It matches the goal of network access control.