LAS VEGAS - Network companies at Interop last week pushed a clear message about how network security should work: Hardware devices identify users at the network port level, provide virus scanning and authentication services, then allow or deny network access based on strict role-based policies. Whether this actually works or when it will be widely available is less clear.

Network access control (NAC) demonstrations and product offerings were in the booths of established network vendors such as Cisco, Nortel, Enterasys and Extreme Networks; start-ups such as ConSentry, Lockdown Networks and Nevis; and security companies such as Internet Security Systems and BlueCoat Systems. But observers at the show said the industry is a long way from agreeing on how best to handle and build NAC systems.

Attendance for Interop's 20th-anniversary spring show was up around 2,000 from last year to an estimated 18,000, with some previously missing big names - Microsoft among them - returning to the Mandalay Bay Convention Center this year.

Video: The skinny on NAC
Senior Editor Denise Dubie talks with Steve Hultquist of Infinite Summit and the iLabs NAC lead about the current state of Network Access Control technologies.

Despite the business-like tone, there were livelier activities such as free beer in the booths on Tuesday afternoon and interactive exhibits such as flight simulator and hockey slap shot kept the mood on the exhibit floor lively. Abundant technical content balanced off the suds and fluff, with a lineup of live product demos of security, VoIP and wireless gear.

Security and the trend toward access control-based products were core to the show.

Within 18 months to two years, Microsoft's Network Access Protection, Cisco's Network Admission Control and the Trusted Computing Group's (TCG) Trusted Network Connect will establish themselves; and SSL VPN vendors will defer to whichever ones prove viable and popular, said Joel Snyder, senior partner at technology consulting firm Opus One and a member of the Network World Lab Alliance, who ran the Interop SSL VPN Day. Meanwhile, SSL VPN vendors offer a broad range of endpoint-checking software that varies widely in its capabilities. He said most vendors won't spend a lot more effort on these protections in anticipation of the separate network access initiatives.