Enterasys Networks 9034385 User Manual
Page 18
NAC Solution Components
1-8 Overview
outlines the advantages and disadvantages of the two appliance types as they pertain to
network security, scalability, and configuration/implementation.
Table 1-3 Comparison of Appliance Advantages and Disadvantages
Features
NAC Gateway
NAC Controller
Supported
Connection Types
Disadvantage:
Restricted to wired and wireless
access edge with authentication and
authorization functionality.
Advantage:
Flexible, catering to wired and wireless
access edge as well as remote access
VPN of any type.
Deployment
Advantage:
Less disruptive because no topology
reconfiguration is required.
Disadvantage:
More disruptive because topology
reconfigurations are required to place
the NAC Controller inline with data
traffic on the network.
Configuration
Disadvantage:
More complex because the NAC
Gateway requires that an
authentication method is deployed on
the network, and that the
authenticating access edge switches
are capable of dynamically
authorizing end-systems based on
the RADIUS authentication
interchange.
Advantage:
Less complex because there is no
dependency on authentication and
downstream infrastructure device
functionality.
Security
Advantage:
More secure because the traffic
enforcement point for end-system
authorization is closer to the end-
system's port of network connection
on the access layer switch. Therefore,
an offending end-system poses a
threat to a smaller set of network
resources.
Disadvantage:
The authorization point is farther from
the end-system point of connection. An
offending end-system poses a threat to
all network resources downstream
from the NAC Controller because the
traffic enforcement point is
implemented at the inline NAC
appliance. Malicious traffic will be
discarded only when an end-system
communicates through the appliance.