Disclosed are apparatus and methods for authenticating a device to access a network through an access control port. In one embodiment, one or more first authentication packets for authenticating a first device or user to access a first network domain via a particular access port of a network device are received, for example, by an access control port. The particular access port is configured to control access for packets attempting to ingress into one or more network domains. When the first device or user is authorized to access the first domain, a first binding between the first device and the first domain is formed. The first binding specifies that the first device is allowed to access the first domain and the first binding is associated with the particular access port of the network device. When a packet is received that is attempting to ingress into the first domain and the ingressing packet matches the first binding, the ingressing packet is allowed to access the first domain. In contrast, when a packet is received that is attempting to ingress into the first domain and the ingressing packet does not match the first binding, the ingressing packet is blocked from accessing the first domain.