Enterasys NAC v3.3 provides standards-based, inline or out-of-band pre-authorization and post-authorization control for wired, wireless LAN and VPN. We reviewed the out-of-band appliance option for this Group Test. There is also a virtual appliance available for deployment on your own hardware platform.

Setup is through a command line-style interface and requires editing multiple default files to initially configure the appliance to connect to the network. This process will take some time and skill to set up. The product is managed via Enterasys NMS NAC Manager.

Enterasys NAC delivers centralized, policy-based control with guest access included. Policies permit, deny, prioritize, rate-limit, tag, redirect and audit traffic based on user identity, time, location, device type and other variables. The tool supports homogeneous policy configuration across multiple switch and wireless access point vendors, plus RFC 3580 port and VLAN-based quarantine, with additional isolation policies on Enterasys switches and inline appliances. NAC integrates with identity sources, such as LDAP and Active Directory, to manage users centrally. User management can be automated with the solution's LDAP and RADIUS integration. Multiple agent-based options are available and include dissolvable, persistent or persistent as a service.

Assessment is agent-based and/or agent-less. Detailed configuration capabilities control access based on risk level presented. Enterasys NAC provides multiple notification methods and web-based data views for reporting. The notification engine (alerting) was strong and provided numerous options.

Basic support is available during the one-year warranty period and various upgraded support options are available ranging from 20 to 25 percent of the list price.