How we tested NAC appliances

Here's what was included in our all-in-one NAC product test bed.

Our all-in-one test bed for network-access-control products comprised:

· Windows 2003 Active Directory and Juniper Funk Radius servers for authentication purposes;

· Cisco Catalyst 3750 and Extreme Summit switches for LAN access;

· Cisco 3000 series VPN Concentrator and Juniper IVE for remote-access connections;

· A Proxim AP-2000 wireless access point for wireless links;

· Fortinet FortiGate UTM device and a Juniper SSG firewall acting as perimeter firewalls.

Here is a diagram of the test bed (.pdf. file).

We also had in place an Asterisk PBX server for VoIP connections, a Windows Server Update Services to supply automated patches to our machines and a Kiwi syslog server used for alerting testing purposes.

Client systems accessing the network were HP Compaq laptops running Windows XP SP2 with varying patch levels. We also had Sophos AV and ISS Proventia Desktop firewall software running on the clients.

The network was split into multiple virtual LANs for servers, guests, remediation activity, users and VoIP/Printer devices (see network diagram). The 2003 Active Directory server maintained a default schema configuration for user and group structure. Groups and users were defined to replicate a functional organization structure with employees, contractors and developers, for example.

We installed each product in the lab environment after consulting with the vendor on the best approach based on the lab setup. We then proceeded to test each product in that areas of authentication, endpoint assessment, enforcement and management, as outlined above.


< Previous story: A general guide for testing NAC products | Return to main: NAC alternatives hit the mark >

Learn more about this topic

Buyer's Guide: Network Access Control

Tim Greene's Network Access Control Newsletter

Review: NAC players prove Interop on experimental show net

05/16/07

NAC all-in-one test on the horizon

04/19/07

Related:

Copyright © 2007 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022