Cisco's NAC goes off track, customers taken aback

As the most important supplier of network infrastructure to enterprises, Cisco's NAC products are a natural point of curiosity for network managers. Unfortunately, though, Cisco's approach to NAC has been riddled with in-fighting, false starts, delayed product releases, and a good dose of chaos and confusion.

At the heart of Cisco's NAC problems were two separately developed and separately maintained products, completely incompatible yet solving the same problem for the same customers. During the several years it took Cisco to deal with the internecine warfare between these two product groups, customers have been dazed and confused as to which is best for them

The first NAC products came through the acquisition of Perfigo, a start-up that had developed a wireless access gateway during the days before widespread availability of WPA authentication and encryption. First called Cisco Clean Access, and recently renamed Cisco NAC Appliance, the product line evolved completely separately from Cisco's other network infrastructure products and has only the lightest integration with Cisco switching devices. Originally an in-line device that protected wireless and VPN links best, the Perfigo products were extended to include edge enforcement for wired enterprise networks based on Cisco switches.

While Perfigo's product line was racking up impressive sales, the switching and routing side of Cisco teamed with the Cisco Secure Access Control Server (a RADIUS and TACACS server) group to develop and market the Cisco NAC Framework, a NAC solution that includes modifications to Cisco switches and routers, the Cisco Trust Agent end-point client, and the ACS RADIUS server, which acts as a back end for both authentication and posture checking.

While the NAC Framework doesn't require 802.1X for authentication and posture checking, it does allow for 802.1X and is extremely similar, architecturally, to the NAC frameworks proposed by the Trusted Computing Group, Microsoft, and the IETF. (The Cisco Trust Agent includes some 802.1X technology through the acquisition of MeetingHouse Data Communications.)

Cisco sold the products in competition with each other during 2006 and 2007, until an internal truce between the two product groups was arranged and Cisco announced that the two product lines would somehow be combined into a single super-NAC product.

Because of Cisco's marketing muscle and control of enterprise networks, third-party partners have been strong supporters of both of Cisco's NAC products, offering a variety of end-point security alternatives to Cisco's own Cisco Security Agent end-point security protection client. In 2006, Microsoft and Cisco also linked their NAC products during the development of Windows Server 2008, offering several integration scenarios that allow enterprises to easily mix Cisco and Microsoft clients and servers in both Cisco-centric and Microsoft-centric NAC deployments.

In the meanwhile, Cisco has released new versions of products in both their NAC Framework and NAC Appliance lines, but has reduced the volume and aggressiveness of their marketing efforts in NAC. (Cisco declined to actively participate in our head-to-head test of NAC products, but we tested them anyway.) Customers who approach Cisco for NAC solutions are being directed towards the NAC Appliance, so it is assumed by outside observers that the features of NAC Framework will be added to NAC Appliance.

Cisco hasn't given us a peek at their super-NAC product, or committed to a ship date. While Cisco remains enthusiastic about its ability to wow the world of NAC, smaller and more agile companies are bringing innovative solutions to the market — and cutting into Cisco's NAC business. If you need NAC now, you might not want to wait for Cisco to ship its super-NAC product.

Join the PC World newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags cisconetwork access control (NAC)

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Joel Snyder

Network World
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?