from the internet core, where they dominate, down to the customer edge, firewall, IPS, enterprise core, UAC to access switch where the EX comes into play. Juniper end-to-end. Now that's network nirvana. I see Juniper in a better strategic position attacking the enterprise from above, the internet core where they dominate, than Cisco defending from below. Which reminds me, the local Cisco guys tried to pitch NAC to us and after realizing the enforcement is done by a PC inpath with traffic we nearly fell out of our chairs. That's not an engineered product but a hack job and is akin to building a freeway overpass of standard rebar and concrete but introducing a section made of wood (a disaster waiting to happen). UAC (or NAC in Cisco terms) enforcement is more logical in the access switch using a combination of granular ACL which is lacking on Cisco, QoS for throttling suspicious traffic being examined and VLAN.