• February 19, 2018, 03:17:10 AM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: Network Access Control for Baystack 470 network?  (Read 676 times)

0 Members and 1 Guest are viewing this topic.

Offline AgentoftheBat

  • Rookie
  • **
  • Posts: 7
Network Access Control for Baystack 470 network?
« on: January 20, 2016, 04:57:52 AM »
Hi,

This is a bit of a shot in the dark, I hope someone can help.

My company has recently been taken over and the new owners have carried out an audit and noted that we have no NAC system in place across our sites.

We are running very old legacy 470-24/48Ts across our estate (mfg: 2003 - 2006,  s/w v3.6.2.05).

We are just about to embark upon deployment of a new Cisco switch infrastructure, though this will take a few years to roll out across our estate. Is there any (reasonably priced) NAC solution available on the market that will interact with Nortel 470s of this vintage, until they are replaced with the new Cisco infrastructure?

The Cisco NAC solution we are planning to deploy requires compatibility with RFC5176 (2008), that our current switches do not.

Any suggestions would be most welcome.

thanks

Dave   


Offline pat2012

  • Sr. Member
  • ****
  • Posts: 140
Re: Network Access Control for Baystack 470 network?
« Reply #1 on: January 20, 2016, 07:59:47 PM »
Hi AgentoftheBat.

That's a very interesting question. We have a similar issue where someone did an audit and recommended we implement a NAC solution.  The problem is implementing a NAC is not a trivial exercise.

The first mistake is that they went with a Cisco solution so you're pretty much locked in.   :D You need to determine your security policy first.  Then choose a NAC solution that fits your needs.

There are NAC solutions that would do endpoint policy enforcement and may only require 802.1x which I believe the 470s support.

Check out this article.

http://www.tomsitpro.com/articles/network-access-control-solutions,2-916.html

This is by no means an exhaustive list but it is a starting point.

This is an older article but still worth a read.

http://www.networkworld.com/article/2209345/security/nac--what-went-wrong-.html

Point to note.  By the time you're finished deploying your Cisco infrastructure you'll probably have to start over and replace everything - they have to find a way to keep their market share, right?   ;D