10.3. Inline Appliances

Inline appliances can add NAC functionality to your network. You can transparently layer these appliances on top of the existing network infrastructure, so you can very easily roll out NAC. When you add inline appliances you don't have to re-architect your network just to add NAC.

Inline appliances allow you to differentiate between different users and devices on the network, and enforce different policies for each user and device.

This example explains

All users are connected to the corporate network and receive an IP address in the same Layer 3 network. They all get addresses from DHCP and can see the datacenter. You need a way to differentiate between the different users in the same network — which is what an inline appliance enables you to do.

Inline appliances allow you to enforce different policies for different users who are in the same network. But the appliance needs to sit inline in the traffic flow between the user and the appliance (or resource) to which you want to control access. You typically place an inline appliance in front of a datacenter or server location.

You can use two main types of inline devices: A firewall or hardware-based enforcement device, and a NAC appliance.

10.3.1. Firewalls

A firewall is a hardware appliance that's designed to enforce network policies at high speed. This appliance sounds like a perfect device to use for ...

Get Network Access Control For Dummies® now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.