We are currently doing a parallel trial of Cisco NAC against another NAC solution. When we embarked on this pilot we envisioned that the Cisco Product would be similar to other cisco appliances.
To be honest with our current experience of the product we find the following which causes some concern.
1) Cisco Nac does not have its own support sub-forum and is bundled in the general catagory which leads one to believe that it is a much removed ancillary product
2) Even the the product was bought from Perfigo much of the previous product is evident
3) The logging setup available on the device is bordering on satisfactory and does not conform to typically appliance logging setups on most other cisco appliances
4) The interface while functional (which is a positive) is a little crude and dated. Ie event logs dont automatically refresh,
5) No admin integration with TACACS
6) I have not got SNMP to work(which should be simple), and reading what mibs are available via SNMP dont give me much hope that I will actually retrieve much valuable information. From our NMS we would like to see stats like number of users and in which role they are.
7) The logging that is available does not log breaches of policy violation. For example if your policy is not to allow users in a role to go to google.co.uk and they do it does not log anywhere.
8) Very little if any management information, graphs , trends, reports are.
All this said the product was extremely easy to setup in comparison to other solutions. Installation manual was enough to set up a basic solution in a day.
What we dont want to do is go forth with a product which does not get the amount of R&D budget to make it and keep it a market leader and find ourselves with something that does not integrate and evolve over time.