Thanks for responding. It's great to hear what everyone else is doing. I guess we are just looking for a more flexible solution. For one, our network was redesigned before we even looked at NAC, so everything is Layer 3, single or multiple user VLANs per switch (depending on switch size). Consequently, we are going to do L3 OOB for the academic side, and we don't want to manually configure switch ports to be managed and unmanaged based upon whether it's a university computer or not, because our environment is pretty dynamic (computers moving around all of the time).
It would just be easiest to manage all computer ports, and have a verbose NAC system that can decipher whether it's a university managed computer or not, and modify the role/policy accordingly. Is there anyone else who would be interested in a feature like this or am I just out of touch? As we talk internally, it just seems that a role isn't solely defined by a user account, but by a machine as well -- and it would be a lot nicer if we could use an already existing information store (Active Directory) to help define that role instead of manually assigning VLANs, mac filters, DHCP reservations, etc. for everything. Just my .02 Thanks again for responding Cal and Michael!
