If IT decides to enforce NAP restrictions at the network layer, the organization must choose between two methods: 802.1X and DHCP. Both methods are viable, and each has pros and cons that must be carefully considered. The 802.1X standard can be more complex and expensive, but DHCP provides less security. To use 802.1X as the enforcement method, the switches and wireless access points must support the 802.1X authentication protocol, which means that the devices support Extensible Authentication Protocol (EAP) authentication pass-through to RADIUS, 802.1X authentication, traffic segmentation, and/or dynamic VLAN switching over RADIUS. Many vendors now offer hardware with these capabilities, but ...