* Autmating an audit of what is attached to every switch port and access point on the network
One of the great hidden chores of deploying NAC is finding all the devices that are attached to the network, even those that can’t authenticate.
Rather than leave them outside the reach of NAC, they can be subjected to MAC authentication in which individual machines are verified as acceptable on the network. They don’t get tested for NAC compliance like a PC does, but at least they are accounted for and can be held to behavioral standards.
The numbers of these machines can be staggering, with some businesses reporting that nearly two thirds of network-connected devices fall outside the categories of PCs and servers.
In order for this to work, though, it is essential that no devices are left out, which requires an audit of what is attached to every switch port and access point on the network. Done manually, this can take months, depending on the size of the network and the number of staff assigned to handle the chore. Some businesses that try to keep these audits up to date find that it becomes a permanent task.
There’s no need to do this manually. Some NAC vendors recognize this and have incorporated this discovery capability in their product lines. Others are working on it. Third-party vendors – notably Great Bay Software – make this type of platform that serves NAC deployments well. (Cisco and Juniper both have alliances with Great Bay on NAC.)
So if you are looking into NAC, realize this type of audit is something you will have to perform. Consider automating it. Try a manual count first on a small segment of your network, and the value of automation will become apparent. Then check whether your NAC candidates can supply an automated tool.




