Is your NAC compatible with your switches?

* Customers should make sure the switches and the NAC product they plan to purchase are compatible

Independent NAC vendors make NAC gear that employs network access switches as enforcement points, but before buying, customers should make sure the switches and the particular NAC product are compatible.

NAC appliances can sit out of band, performing endpoint assessment and determining what access rights ought to be granted to the end user based on the machine being used, its status and the method of access being used – wired, wireless or VPN.

Some of this NAC gear can signal the switches to assign the appropriate access based on the assessment. Sometimes this is done via 802.1x and sometimes it is done via signaling tailored to that particular switch’s management.

In either case, the NAC gear and the switches must be compatible, so it is important to determine whether the software load on the switches is supported by the NAC gear. If not, it may become necessary to upgrade the switch software to something that is supported.

Depending on the customer’s clout and the prevalence of that software version among its customer population, the NAC vendor might be persuaded to invest in writing support into its own code.

If a NAC vendor claims that it supports the switch version the customer has, the customer should check it out before buying. If the NAC and switch vendor have certified compatibility, that can go a long way toward removing doubt, but again the customer should check it out anyway as part of the pre-purchase check list.

That is a lot better than finding out later that getting NAC to work means the expense of upgrading switch software.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2009 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)