Cisco NAC - other solutions

ciscors · ‎02-15-2008

Guys, has anybody worked with the Juniper or other competitor's NAC solutions? I'm working for a client and encouraging them to buy Cisco but they are looking for competitive information against other vendors to justify going Cisco. I know cisco's solution is most flexible but juniper states they use open protocols like 802.1x and can do posture assessment even before assigning an ip address to the client

Does anybody have any pointers I can use?

jheary · ‎02-27-2008

802.1x requires that your switches support it, this could get expense. Even if your switches support it, it requires you to be at a recent code version to get the features you will need, like AAA fallback and dot1x guest support. The free OS supplicants have many issues when you start to move VLANs around, so your XP boxes will need up to date service packs and several hotfixes installed. Even then most companies choose to go with a paid supplicant because of its stability and feature set. This increases the cost and support of dot1x. These are some of the issues with rolling out dot1x.

BRYAN ROE · ‎02-28-2008

What about the Cisco NAC hack that was presented at the Black Hat expo where they showed that they were able to workaround the agent on the desktop? Has Cisco addressed this issue? Does anyone know if Juniper may have the same problem?