I am looking for a solution where a user machine is authenticated before being allowed on the system, we have many users that move about the network and patch in wherever they can. i need to restrict access onto the network but obviously standard port-security cannot be used due to the dynamic nature of our users. I have looked at 802.1x with our ACS and using the Cisco Trust Agent as the supplicant, would this work?
Another thought I had would be if the switchport could check a database of known mac addresses before allowing access onto the network.
Has anybody any ideas how to implement this, I don't think we would need all the features of NAC but maybe this is the only solution.