What is the difference between DNAC and host-based firewall or DHCP NAC?
A. Desktop software approaches assume the user is running the vendor’s security software. If this assumption is invalid, such as on an intruder’s PC, the NAC solution offers no protection at all. The DHCP NAC approach places a DHCP proxy between the DHCP server and the switches. Using DHCP is easily overridden by assigning a static IP to the endpoint. Furthermore, the DHCP approach also requires extra subnets to be configured for each switch under management. introduced solutions that enforce policies on individual endpoints. The DNAC enabled endpoints are different, because enforcers control access for other endpoints on the network besides themselves. This means that each endpoint on the network is independently validated by a 3rd party before it gains access to the network. As a result, DNAC solutions are more effective, and integrate into the network with greater ease than either host-based or infrastructure based approaches.
