Cisco shipped us a rack full of NAC-enabled gear that included Cisco Catalyst 2950, 3560, 3750, 4948 and 6503 switches; the MARS SIM appliance; a dozen VMware server images; a Qualys QualysGuard vulnerability scanning appliance; and the Cisco Clean Access product suite. It was important to look at a wide range of products--there are a lot of pieces, and many of them address different needs. For example, Layer 2 NAC-enabled switches can help keep rogue nodes from getting any type of foothold on the network, while Layer 3 NAC-enabled routers might be used to validate the identity of individual users operating through remote locations.
When our Cisco contact told us that "NAC is more of an initiative than a product," our cliché alarms went off--we typically group initiative with solution, resonation and traction. But after looking at its devices and wrapping our heads around a hefty number of new protocols, we're somewhat convinced: NAC is comprehensive, and with that breadth comes much complexity.
For starters, Cisco has developed a gallon of alphabet soup's worth of new protocols to allow communication among devices: GAME (Generic Authorized Message Exchange) for tasks like triggering network scanning events; HCAP for passing contextual information; EAP over UDP and 802.1x for allowing the Cisco Trust Agent (the agent component) to communicate posture to devices; and the list goes on. These foundations must be in place if there's any hope of this admission-control dream taking hold in cross-platform, cross-vendor environments.
At the same time, protocols that haven't gone through IETF or IEEE standards processes tend to make IT people nervous, and Cisco's competition was quick to point out the lack of standards. We pressed the vendor on the use of "proprietary protocols," and got an earful.
"We have stated since the introduction of NAC that we would work in the open forum to standardize all the protocols relating to NAC," said Russell Rice, director of marketing at Cisco. "We are working with other vendors to begin this process in the IETF in 2006." Time will tell if Cisco holds true to its word. We'll keep an eye on it.
The new HPE Aruba 730 series Wi-Fi 7 access points tout high performance, enhanced security, location tracking capabilities, and more.
Verizon is demoing crowd analytics technology that uses 5G along with AI and mobile edge computing to give stadium operators insights into the flow of fans throughout a venue.
As we move closer to fully realizing the potential of Wi-Fi 7, it becomes evident that the RF, signaling, and throughput tests are not merely procedural checkpoints but the pillars of excellence in wireless communication.
