Network Access Control (NAC)

Network Access Control or NAC can be used when you want to take control over who or what is connecting to your network by dynamically putting every device in the correct VLAN (subnetwork) without any sysadmin intervention. The smaller your segments are, the higher your security is. 

Ask for a demo
Person in the crowd
On this page Kappa Data informs you how Network Access Control (NAC) can help you to control over who has access to what kind of information on your network

What is Network Access Control? (NAC)

Before we start with Network Access Control, let us imagine that we arrive arriving at the office. You plugin your computer or connect via the wifi, without any further ado. More or less the same thing happens when you visit a customer or supplier in their office, you type in the wifi-code and done.

Have you ever wondered if this is secure? And how do you handle other devices? What if a visiter comes in, doesn't find the wifi password and uses the cable of a printer? Think further. Lots of companies have multiple networks (VLAN's), different for each department. If not, they should consider this, since segmentation is required for NIS2.

Anyway, by having multiple networks, a new challenge comes to mind. How can we handle hot desks? Okay, everybody could work over the wifi, but we all know that the stability and bandwidth of a cable is always better than wifi.

A Network Access Control (NAC) solution will automatically put a device into the required network depending on the user or other factors
Extreme Network Access Engine with Control Engine

Why Use a Network Access Control Solution?

Use a Network Access Control solution when you want to take control over who or what is connecting to your network by dynamically putting every device in the correct VLAN (subnetwork) without any sysadmin intervention. The smaller your segments are, the higher your security is.

 

Network Access Control solution provides:

  1. Automated device authentication and network assignment.
  2. Enhanced security through network segmentation.
  3. Compliance with regulations such as NIS2, which requires network segmentation.
  4. Flexibility in managing geographically spread networks.

Which NAC Solutions are there?

This article wouldn’t exist if there wasn’t a solution. Actually, there are several ways to handle this.
 
The most grown-up one would be the traditional Network Access Control. A (virtual) appliance is installed, in the network, and all switches communicate with the controller mostly via RADIUS.
 
Devices authenticate via a certificate or a username/password combination and depending on their group membership, the VLAN (network number) is returned within the RADIUS reply. This is a very good and comprehensive solution but could bring some challenges to geographically spread companies.
 
Kappa Data can offer you two solutions, Extreme Control and Juniper Mist Assurance. Extreme Control, it is configured via the Site Engine portal (this is a vendor independent network management platform also by Extreme Networks). Juniper Mist Assurance is 100% native NAC solutions with a user-friendly interface. 
 
If you like, you can use Microsoft Intune to verify if a host meets the compliancy rules before entering the network. This is the traditional way of working with a NAC solution: depending on who or what device, but independent of the location (e.g. desk) every device will be put in the correct network.

Extreme Control Engine (NAC) 

 

Kappa Data offers a comprehensive Network Access Control solution from Extreme Networks called Extreme Control. Configured via the Site Engine portal, this vendor-independent network management platform supports seamless integration with various switches through RADIUS VLANs. The solution can verify host compliance using Microsoft Intune before allowing network access, ensuring that devices meet security requirements.

 

  • Key Features:
    • Vendor-independent, compatible with any RADIUS-supporting switch.
    • On-premise installation.
    • Automatic VLAN assignment based on user or device.
    • Integration with Microsoft Intune for compliance verification.

 

Extreme Networks Fabric Solution

 

Extreme Networks extends traditional NAC capabilities with its Fabric solution, which eliminates the need for individual switch management. New switches automatically recognize and join the existing fabric, inheriting necessary configurations. This simplifies network expansion and enhances security by ensuring all switches are consistently configured.

 

  • Key Features:
    • Automated switch configuration and integration.
    • Loop-free architecture with shortest path Layer 2 routing.
    • Client-server communication isolation within the same VLAN.

More information regarding Extreme Fabric can be found on our page : Fabric Network

 

Upcoming Extreme Networks UZTNA 

 

Expected soon is the Extreme Networks UZTNA solution, which combines Zero Trust Network Access (ZTNA) with cloud Network Access Control functionalities. This innovative solution ensures users receive the correct network access regardless of their location, whether in the office, on the road, or working from home. This approach offers a unified solution for modern, distributed workforces.

 

  • Key Features:
    • Combines ZTNA and NAC functionalities.
    • Cloud-based management.
    • Seamless network access across different locations.
    • Not yet globally available but can be previewed through Kappa Data or Extreme Networks.

 

Overview of Juniper Networks Network Access Control Solution

 

Mist Access Assurance 

 

Juniper Networks offers the Mist Access Assurance solution, which utilizes the Mist cloud for NAC functionality. This solution supports dynamic port configurations and VLAN assignments based on user group, MAC address, or LLDP attributes. For more advanced needs, authentication policies provide additional flexibility, making it suitable for various business environments.

 

  • Key Features:
    • Cloud-based NAC solution.
    • Dynamic VLAN assignment.
    • Authentication policies for enhanced flexibility.
    • Requires Juniper switches for full feature utilization.

 

 

Comparing Extreme Networks and Juniper Networks NAC Solutions 

 

When comparing Extreme Networks and Juniper Networks NAC solutions, several factors come into play:

 

  • Deployment Models:

    • Extreme Networks offers both traditional on-premise (Extreme Control) and innovative fabric-based solutions, while Juniper focuses on cloud-based NAC (Mist Access Assurance).

  • Flexibility and Compatibility:

    • Extreme Networks provides vendor-independent solutions compatible with various switches, whereas Juniper’s solution is optimized for Juniper hardware.

  • Advanced Features:

    • Extreme Networks Fabric Solution offers advanced capabilities such as automated switch configuration and loop-free architecture, whereas Juniper’s Mist Access Assurance emphasizes cloud management and dynamic VLAN assignment.

  • Future-Proofing:

    • Extreme Networks’ upcoming UZTNA solution integrates ZTNA and cloud NAC, positioning it as a forward-thinking option for secure, flexible network access.
The good thing about the Network Access Control solution of Extreme, is that it is vendor independent. You can combine it with any switch that supports RADIUS VLAN’s. This product needs to be installed on-premise, which makes it a good solution when you need a NAC solution on premises. 
 
Extreme Networks can go beyond this tradition.
 
To accomplish the setup above, every switch needs to have the correct configuration, so a plan for replacement or to extend the network. By the use of Extreme Networks Fabric solution, no individual management is needed.
 
You can plug in a new switch; it will automatically see that a fabric is in place and participate. All needed configurations will automatically be shared with the new switch, so a few minutes later, users can dynamically connect with this newly added switch.
 
How you link the new switch with the existing network is very flexible. Normally you would think about LACP (taking care of continuity, bandwidth and failover connections) but you would keep in mind not to have loops. Fabric has no loop problems. You can create as many connections as you like, fabric will always take the shortest path on layer 
 
In addition to the segmentation requirement of NIS2, you have the ability to isolate communication between clients and servers, in that way that clients cannot communicate with each other, although they are in the same network (same VLAN).
 
Imagine that at some point in time, a hacker enters your network and takes over an unpatched computer or device. A netscan will be limited to only the servers that station was allowed to use

Frequently asked questions

Check our FAQ section where you can find the first questions that have been asked to us during the last months.

Contact us

  • What role does NAC play in regulatory compliance for a company?

    NAC plays a crucial role in regulatory compliance by enforcing access policies, maintaining detailed logs of network activity, and ensuring that only compliant devices can connect to the network. This helps the company meet requirements for standards such as NIS2, GDPR, HIPAA, and PCI DSS.

  • What is Network Access Control (NAC)?

    Network Access Control (NAC) is a security solution that manages and controls access to a network based on predefined policies. It ensures that only authorized and compliant devices can connect to the network, enhancing overall security.

  • What are the key features of Juniper’s NAC solutions?

    Key features of Juniper’s NAC solutions include:

    • Unified policy enforcement: Consistent access policies across wired, wireless, and VPN connections.
    • Endpoint posture assessment: Evaluates the security status of devices before granting access.
    • Granular access control: Fine-tuned control over who can access what on the network.
    • Scalability: Easily scales to accommodate growing network demands.
    • Comprehensive threat detection: Identifies and mitigates threats in real-time.

  • What are the key features of Extreme’s NAC solutions?

    Key features of Extreme’s NAC solutions include:

    • Identity-based access control: Grants access based on user identity and role.
    • Guest and BYOD management: Securely manages guest and bring-your-own-device access.
    • Automated threat response: Detects and responds to security threats automatically.
    • Integration with other security tools: Works seamlessly with firewalls, SIEM, and other security systems.
    • Detailed visibility and reporting: Provides comprehensive insights into network activities and compliance status.

  • What are the cost considerations for implementing NAC?

    Cost considerations for implementing NAC in a mid-size company include:

    • Initial investment: Costs for NAC hardware, software, and licenses.
    • Ongoing maintenance: Expenses for regular updates, support, and management.
    • Training: Costs for training IT staff and end-users.
    • Scalability: Potential future costs as the network expands.
    • Return on investment: Long-term savings from improved security, reduced incidents, and compliance with regulatory standards.

  • How does NAC improve network security for a company?

    NAC improves network security by ensuring that only authorized devices and users can access the network. It enforces security policies, performs continuous monitoring, and responds to suspicious activities, thereby reducing the risk of data breaches and other security incidents.

  • How does NAC handle guest and BYOD access?

    NAC handles guest and BYOD access by providing secure onboarding processes. Guests can be granted temporary access with limited privileges, while BYOD devices are assessed for compliance with security policies before being allowed on the network. Both scenarios are managed to ensure network integrity and security.

  • How can NAC benefit a small to mid-size company?

    NAC benefits companies by providing centralized control over network access, improving security across various market segments. It ensures compliance with security policies, reduces the risk of unauthorized access, and helps in protecting sensitive data across all business units.

  • How can a company implement NAC with minimal disruption?

    A company can implement NAC with minimal disruption by:

    • Conducting a network assessment: Understanding the current network environment and identifying potential issues.
    • Planning a phased deployment: Gradually rolling out NAC in stages, starting with less critical segments.
    • Training staff: Educating employees on new policies and procedures.
    • Using a pilot program: Testing NAC in a controlled environment before full deployment.

  • Can NAC solutions from Extreme or Juniper integrate with existing security infrastructure?

    Yes, NAC solutions from both Extreme and Juniper can integrate with existing security infrastructure. They offer compatibility with various security tools such as firewalls, SIEM systems, and endpoint protection platforms, ensuring a cohesive and comprehensive security strategy.

Contact us for a demo

Are you curious to learn how Kappa Data can help you to protect your network with our Network Access Control solutions? Contact us for a demo via the below button. 

Ask for a demo