What is the difference between products from networking infrastructure vendors like Cisco and DNAC?
A. Infrastructure equipment approaches to NAC typically use port based control access through (i) 802.1x RADIUS EAP on a switch with agents and RADIUS server, or (ii) SNMP to manage VLANs for certain ports. Port based access control lacks granularity beyond the port. With 801.x EAP, the local port’s VLAN is assigned from the RADIUS server. Today’s networks often have multiple endpoints on the same port or machine (Virtual Machine, printer, VoIP phone, etc). DNAC enforces individual hosts, whether real or virtual, by turning ordinary PCs into enforcers that police the network. This approach does not require new subnets or other network changes to control access. As DNAC software proliferates, networks containing the endpoints become capable of performing NAC. Feedback from customers who have installed DNAC have indicated installation effort is reduced by 5 to 20 times than competing NAC solutions, without the use of specialized network engineers.
