ComputerWorld.in

Cisco's NAC goes off track, customers taken aback

As the most important supplier of network infrastructure to enterprises, Cisco's NAC products are a natural point of curiosity for network managers. Unfortunately, though, Cisco's approach to NAC has been riddled with in-fighting, false starts, delayed product releases, and a good dose of chaos and confusion.

At the heart of Cisco's NAC problems were two separately developed and separately maintained products, completely incompatible yet solving the same problem for the same customers. During the several years it took Cisco to deal with the internecine warfare between these two product groups, customers have been dazed and confused as to which is best for them

The first NAC products came through the acquisition of Perfigo, a start-up that had developed a wireless access gateway during the days before widespread availability of WPA authentication and encryption. First called Cisco Clean Access, and recently renamed Cisco NAC Appliance, the product line evolved completely separately from Cisco's other network infrastructure products and has only the lightest integration with Cisco switching devices. Originally an in-line device that protected wireless and VPN links best, the Perfigo products were extended to include edge enforcement for wired enterprise networks based on Cisco switches.

While Perfigo's product line was racking up impressive sales, the switching and routing side of Cisco teamed with the Cisco Secure Access Control Server (a RADIUS and TACACS server) group to develop and market the Cisco NAC Framework, a NAC solution that includes modifications to Cisco switches and routers, the Cisco Trust Agent end-point client, and the ACS RADIUS server, which acts as a back end for both authentication and posture checking.