The invention discloses a system and a method for authenticating terminal trusted access. According to the invention, a public key and identification information of a user are bound and stored in an electronic certificate through a CA, and identity authentication of the user is realized; and the confidentiality, the integrity and the non-repudiation of user information are ensured by being combined with data encryption and digital signature technologies. The system disclosed by the invention is low in requirement for the overall performance of equipment, can effectively reduce the networking cost, supports multicast services, is compatible with a PPP (point-to-point protocol), good in expansibility and adaptability, designed with a controllable port and an uncontrollable port, and realizes separation of services and authentication. The system does not need to carry out packaging processing on a data packet after passing authentication, is high in efficiency, can map different user levels to different VLANs (virtual local area networks), realizes management for user domains with different authorities, and has the advantages of simple implementation mode, high authentication efficiency, safety, reliability and easy operation.