Cisco NAC out, ConSentry switch-based NAC in

Fayetteville State University drops Cisco's NAC gear in favor of ConSentry equipment

Cloud Security Alert By Tim Greene, Network World
October 11, 2007 08:54 AM ET

Clarifying issues surrounding this emerging security architecture

A recent story in Network World outlines how a college dropped Cisco’s NAC gear for equipment made by ConSentry.

The interesting thing about the swap is that Fayetteville State University in North Carolina went for an entirely different NAC architecture.

It already had Cisco’s NAC appliance, but reported having trouble getting the NAC agent to download to student laptops, and the box kept going down.

The school could have gone with another appliance from a different vendor including ConSentry, but decided instead to buy ConSentry access switches that have NAC integrated.

Related Content

The upside of the switch-based NAC is that it can enforce NAC policies directly from each device. The downside is that it requires buying as many devices as the network has access switches.

The school had money budgeted for a network upgrade and decided to spend $500,000 of it on the ConSentry gear.

The school gives up whatever management benefits it reaped from having an all Cisco network in exchange for better NAC. But the school’s IT director thinks that is a good tradeoff.

“When you get down to it, a switch is pretty much a switch. So you’re shopping for bells and whistles at that point.” Joseph Vittorelli, director of systems and infrastructure at Fayetteville State.

That says a lot about the state of switching when access switches are considered a commodity. But Vittorelli’s comment says more about NAC. If it can be considered a bell or a whistle that is added to a no-worries access switch, it becomes a less scary prospect.

Read more about security in Network World's Security section.

Tim Greene is senior editor at Network World.