Cutting off an unmanaged host may not be desirable--say it belongs to a vendor assisting with production installation. You can certainly enforce such a policy, but then you'll have to make other network connectivity available. If you do provide limited guest access, you'll have to decide exactly what's allowed--say, access to the Internet only. But then, what about exceptions? Some guests will need access to internal resources.
Before you even begin to deploy NAC, address these issues so that you can assess whether a particular product will fit your needs.
Finally, decide what enforcement models fit your current and future network plans. This is a tough one. While 802.1X port control is one of the best enforcement methods available, it may not be practical because the supporting infrastructure (802.1X supplicants on hosts, authentication servers and access switches that support 802.1X) may not be enterprise-ready. The reality is, 802.1X is often not an option--yet. Alternate enforcement techniques, such as in-line blocking using a bump-in-the-wire appliance, may introduce a point of failure and a potential network bottleneck. Layer 2/3 methods, such as ARP poisoning and DHCP control, are easier to deploy but less effective at combating determined attackers.
To address enforcement, tie your NAC deployment to your network architecture. Port-level access control offers a good balance between fine-grained and broad enforcement; if the enforcement is in your access switch, there's no need for an additional appliance. Consider requiring 802.1X in all access switches going forward. You don't need 802.1X in the distribution layer or core of the network; you can replace as you go. If you're deploying a NAC product now, ensure that it supports all enforcement methods you need today and in the future by offering concurrent enforcement options.
Consolidation Is King
Verizon is demoing crowd analytics technology that uses 5G along with AI and mobile edge computing to give stadium operators insights into the flow of fans throughout a venue.
As we move closer to fully realizing the potential of Wi-Fi 7, it becomes evident that the RF, signaling, and throughput tests are not merely procedural checkpoints but the pillars of excellence in wireless communication.
With low earth orbit (LEO) satellites fast becoming the norm and 3GPP unifying telecom standards around the globe, the satellite IoT and machine-to-machine (M2M) sector ought to be looking at a bright horizon. But is this the case?
