Network Access Control (NAC) is a technology that has brought up an important innovation in the field of Networking like LAN. Network Access Control began as an “admission control technology”. This technology actually authenticates the user and scans their machines before allowing them an access on to the LAN for security reasons. To add to its importance NAC is an integral tool for industries today. Likewise, every new technology has pros and cons attached to them on the basis of different approaches made.

Dynamic Host Configuration Protocol (DHCP)

An important approach, in which the device tries to access the “Network” .For an IP assignment, NAC sends out a DHCP. It is important for identification of the endpoints and restricting the network access through DHCP with integration.

Pros & Cons:

This approach is very fruitful for services on the network and preventing access to the network servers.

If a device is not managed, they can’t begin the authentication server identification. This stands for the fact that no checks will be performed on those devices- Hence, becoming an integral flaw in the sub-topic.

Software approach: Endpoint detection

An 802.1x is amongst the common approaches for controlling and identifying the Network access for a user.

Pros & Cons:

The flaw that can be caused by the Network is prevented by 802.1x . Before the endpoints have an IP address, it detects the entry to the Network by the device.

While the demerit has its hands joined with managing issues. To bring 802.1x in to lime light it requires integration with a 3rd party and every endpoint management. Therefore, all devices must be configured with 802.1x and integrated with server authentication.


The Authentication approach is necessary for identifying and controlling the network entry. This can be done with user authentication and Microsoft initiated this process with their NAP.

Pros & Cons:

For restricting services on the Network and an access to Network servers, this approach is very fruitful.

However, unmanaged devices can’t begin their authentication server identification which says that no checks will be performed on the device desiring an access.

Appliance approach: Endpoint detection

In-Line appliances

It actually replicates the edge switch. Behind the access layer switch sits In line directly. This guard by looking at the traffic entering, initiate checks of policies and detect devices.

Pros & Cons:

The In-Line NAC holds the merit that it will see all the endpoints coming on the Network and controls the traffic effectively because through the appliance, all the traffic flows.

The con it holds is its high cost and unnecessary time consumption in terms of up gradation of network and re-architecture. This approach actually replaces the distribution layer switches or an access to it.

Out-of-band appliances

The important side of this approach is that the device can be isolated from the network without the ability to go through NAC checks. Use of NAC, is completely your choice with the pros and cons of different approaches to it brought in lime light above.