. Compliant PC’s act like “Neighborhood Watch”
. The existing normal PC’s become the infrastructure (enforcers) to quarantine rogues
. Enforcers manage ARP to control and limit a Rogue ability to send/receive traffic on the network
. Enforcers watch for new endpoints, using ARP redirection to protect the network and community
DNAC Strengths
. Zero network upgrades or changes (Low TCO)
. Scales cost effectively across multiple subnets
. Authentication agnostic (Windows Domain, 802.1x, other)
. Friendly fail-open design
. Extremely responsive quarantine and remediation mechanisms
Traditional Infrastructure based | Software based | |||
In-line NAC | Cisco NAC V1 V2 802.1x NAC | Host based NAC (CAF) | Dynamic NAC | |
Enforcement Type | Appliance in line | Switch based | Client Self enforcement | Other compliant PC’s |
Supports LAN Enforcement | Yes – but requires multiple appliances | YES | YES | YES |
Supports Remote Access VPN’s | YES | NO | YES | NO |
Network needs Re-architecting | YES | Extensive | None | None |
Detects Rogue Users \ Devices | NO | YES | NO | YES |
DNAC | DNAC + 802.1x authentication | Infrastructure NAC | |
Client Software | DNAC Client | DNAC Client + Supplicant | NAC client + |
Server Software | Policy server | RADIUS server + policy server | RADIUS server + |
Minimum switch requirements | - | 802.1x authentication | 802.1x authentication |
Ongoing port config | - | Config 802.1x ports | Config 802.1x ports |
Ongoing switch config | - | - | New VLAN and subnet, router ACL, DHCP, RADIUS |
One time network Reconfiguration | - | - | New VLANs and subnets, router ACL, DHCP, RADIUS, RADIUS VLAN assignment |