Cisco Plugs NAC Into Branch Office Routers

The San Jose, Calif.-based company plans to integrate its Network Admission Control (NAC) technology into its routers via a plug-in module. The new module is compatible with Cisco's 2800- and 3800-Series Integrated Services Routers (ISRs), which are aimed at branch offices and SMB customers.

"Through our partners, we'll be providing the power of NAC in more places without increasing the complexity of the management structure," said Susan Don, director of channel business development for Cisco. "The price point makes deployment possible even for companies with small offices," she said.

Take A Look At Cisco Latest NAC Products

Sponsored post

The new NAC Network Module offers all of the functionality of the Cisco NAC Appliance for a list price of $4,995 to support 100 users. That pricing represents roughly a 50-percent reduction compared to the cost of the stand-alone appliance, meaning customers that already deploy ISRs can now roll out NAC for much less, Don said. The modules will also be covered under the router's SmartNet contract, so customers won't have to shell out additional funds for maintenance.

The new module will save customers money and reduce the complexity of NAC solutions, said Ladi Adefala, security practice manager at World Wide Technology, a Cisco partner based in St. Louis.

"From a complexity and management standpoint, this definitely provides a lot more flexibility. It makes it easier," Adefala said, adding that customers have been clamoring for an ISR NAC module for some time.

Adefala said the module will serve as a good entry point for branch offices and smaller customers that want to buy NAC solutions, a market he describes as "red-hot."

In addition to the new module, Cisco is also launching NAC Profiler, an endpoint-recognition product line aimed at bigger customers who want to include a large number of non-PC devices in their NAC solutions.

Devices such as printers, IP phones and medical equipment have to be put on exception lists in order to interact with NAC solutions, a manual process that can be tedious and time-consuming, said Brendan O'Connell, product marketing manager for Cisco NAC.

With Cisco NAC Profiler, these "non-NACable" devices can be automatically identified and assessed.

"You tell it, 'Here's what my printers are supposed to look like.' Then it goes through a posture assessment to determine if a device really is a printer. If it says it's a printer but is opening Web pages, then it's not a printer," O'Connell said.

Adefala said Profiler will make it easier to deploy NAC solutions for enterprises and vertical market customers such as hospitals.

"You could incorporate those devices into a NAC solution before, but you would have to gather credentials like MAC addresses and end-point information and filter that out so NAC doesn't keep challenging it. Profiler basically does all of that for you," Adefala said.

Customers already using Cisco's NAC Server will need to add a NAC Collector License. Customers will also need to deploy a NAC Profiler Server. The license carries a list price of $5,000 or $7,000 depending on the NAC Server model, while the Profiler Server starts at $60,000.

All of the new products are scheduled to begin shipping within a few weeks.