Cisco is adding a NAC blade that fits into its branch-office Integrated Services Router (ISR), a move it says will push NAC to places in networks where it might not have been affordable before.

The ISRs are popular multi-platform routers that also support VoIP, VPN, content caching and a firewall.

The new blade is the equivalent of a Cisco NAC Appliance, so if a business were interested in NAC in a branch office that already had an ISR, it would make sense to buy the blade to keep down the number of devices to worry about in the branch.

So far the NAC Network Module can’t fail over to another one, but Cisco says it is working on that.

The module fits in Cisco 2800 and 3800 ISRs and is available now. The module with a license for 50 users costs $3,500 and for 100 users costs $5,000. Customers can upgrade a 50-user license with a software key.

Cisco is also tapping into a valuable NAC peripheral made by Great Bay Software, whose Endpoint Profiler automatically discovers and profiles all devices attached to the network. Knowing what devices are already on a network is essential to deploying NAC.

The main function is to identify devices that can’t be scanned by NAC agents such as IP phones and printers and assign them a NAC policy. The software also continues to monitor the behavior of these devices after they are admitted to the network and can flag behavior that violates policies.

Cisco is calling the software NAC Profiler and it will become part of its NAC Appliance server.

Tim Greene is senior editor at Network World.