I would challenge the "AD is NAC in and of itself" statement also :-) AD is system access control, not network.
Philippe - we are not nearly your size but are currently evaluating products to get to campuswide NAC. Currently CCA for students only. 2800 on campus, 5K total - we NAC students in the reshalls and all student wireless. Day one will just replace the current situation, but I hope to extend that somewhat next year. My intention is to head toward NACing every network access method for every "port" - wired ports, wireless, remote access. The policy and control is still to be discussed but for example, just because you use NAC doesn't mean you can't have guests, it just means that anonymous guests get X access, but the NAC can determine and enforce that at connect time for the given connection. Anyway someone at this past EDUCAUSE gave a great presentation on their methodology as they went through the project. Here is a link to the presentation materials. We used this info extensively in our evaluation thus far of the plethora of NAC products out there. http://connect.educause.edu/Library/Abstract/NetworkAdmissionControlAS/4 7521 _________________________ Thank you, Gregory R. Scholz Director of Telecommunications Information Technology Group Keene State College (603)358-2070 --If you don't have time to do it right, when will you have time to do it over? --Do not let what you cannot do interfere with what you can do. - John Wooden -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Lee H Badman Sent: Friday, March 06, 2009 11:34 AM To: [email protected] Subject: Re: [WIRELESS-LAN] NAC polling: Wired AND Wireless We are using Impulse on our entire primary wireless network, and wired in the dorms- and we're well into the thousands. For the admin side, we're sort of running with the notion that AD is NAC in and of itself, but that sometimes gets challenged... No wired 802.1x for us- I think personally I'd rather be poked in the eye with a stick, but it does get tossed around on occasion. Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Philippe Hanset Sent: Friday, March 06, 2009 11:26 AM To: [email protected] Subject: [WIRELESS-LAN] NAC polling: Wired AND Wireless All, UTK is in the midst of a network redesign. A big part of it involves Network Access Control. Is anyone out there with a comparable size campus, or bigger, (26,000 student, 5000 Fac/Staff), implementing a commercial NAC system for ALL users and all networks (Wired and Wireless). We are evaluating products. They work somewhat fine during the pilot (with major security holes ), but we have this really strong hunch that those products will not size well! Any input is welcome, (except sales pitch ;-) Thank you, Philippe Hanset Univ. of TN p.s.: Are you doing 802.1x on Wired? ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
