1 reason: Security Compliance (company mandate or even industry regulations – PCI/HIPAA etc) * Visibility (what’s connecting to my network at any one time) * Enabler for dynamic authorization – e.g. Show Links: 802.1X Authentication Services Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) – Cisco Cisco ISE Secure Wired Access Prescriptive Deployment Guide – Cisco Show Outline: Why NAC? * BTW: NAC can also mean Device Administration (TACACS+/RADIUS) but we are discussing end-client NAC today – in particular wired and wireless endpoints * No. Sponsor: NS1 NS1 delivers DNS, DHCP, IPAM, and traffic steering as a service for your applications on premises and in the cloud. Hit our contact form at, or email We’d love to hear from you and consider your topic. By the way, maybe you’re an independent engineer with something you’d like to discuss on a future Heavy Networking podcast.
We also discuss reasons why NAC is worth deploying despite the effort.
We hit a bunch of topics including MAC authentication bypass, client certificates, EAP methods, and more. Arne’s a Senior Consulting Engineer and CCIE who emailed us asking to have this NAC conversation.
And if you do allow them, what will they be able to access? If you’ve worked with 802.1X, Cisco ISE, Aruba ClearPass, RADIUS, etc., you’re in the world of NAC.
Roughly stated, NAC is about whether to allow a wired or wireless “thing” (a user, a device) onto your network. Network Admission Control (also called Network Access Control), or NAC, is our topic today.