Vendor: Enterasys NAC v3.2 $30,000 Ease of use, well thought out, strong feature set Minor management flaws
Review: The Enterasys NAC solution is a combination of hardware and software that provides NAC services in both Enterasys and non-Enterasys networks. Enterasys NAC starts with a NAC Manager, a management system built on-top of the Enterasys NetSight Manager platform. NAC Manager is used to control NAC Appliances, which themselves come in two types: NAC Controller appliances, which are in-line NAC enforcement devices, and NAC Gateway appliances, which are essentially RADIUS servers with very NAC-specific feature sets.
We tested Enterasys NAC in its edge-enforcement mode, using a single NAC Manager and single NAC Gateway to control our Cisco, HP and Juniper switches. Enterasys also sent us one of its switches, which we threw into the mix. Our testing focused on 802.1X-type NAC deployments, and the Enterasys NAC was both easy to deploy and performed well on our heterogeneous network.
As we expected with any mature NAC product, we found our fair share of ambiguities and design flaws in the management system. Still, the NAC Manager ended up being fairly easy to use.
Enterasys has a broad product line, including captive portal functionality, guest registration, and the ability to accept external security inputs (such as from its Dragon IDS product) into the NAC decision-making process.
We also found some particularly elegant thinking in the Enterasys NAC product. For example, Enterasys NAC uses DiffServ packet tagging and policy-based routing to force unauthenticated users to their captive portal, a very clever solution that avoids the problems associated with changing user VLANs on the fly.
Obviously, Enterasys NAC works best with their own switches, which have a fairly sophisticated access control list feature built-in, but we were able to push both VLAN and access control lists to all of the non-Enterasys switches in our network very easily.As a very strong product, Enterasys NAC also includes the usual endpoint security checking features. Both an on-network scan using Saint Corporation’s network scanner, and an on-device scan using the Enterasys agent, are supported.
Enterasys has done a good job making sure that its NAC product works very well in non-Enterasys networks. Because Enterasys NAC has both in-line and edge-enforcement technologies in a single product line, we think that this is a definite short-list for any 802.1X-based NAC deployment.
Google’s ready to kick Control+C and Control+V to the curb – the company on Thursday announced new APIs...
If you are more concerned with getting and sharing a photo of a sunset than experiencing it, you might...
The Internet of Things is predicted to grow to a $1.4 trillion market by 2020, which means there are...
It's a big breakthrough in wireless connectivity, but don't let MU-MIMO's limitations catch you...
The Wi-Fi Alliance recently announced a new IEEE specification, 802.11ah, developed explicitly for the...
Examining the perceived disadvantages and the significant truths about automation’s role in cyber...
Are you getting a little sloppy with your security? Time to shape up. Practice these five habits to...