Deploying Access Controls without Re-architecting your LAN
The Impact of VLAN-based Architectures
By ConSentry
In addition to admission control features of user authentication and host posture check, some NAC offerings also support post-admission controls such as role-based access. Some NAC solutions rely on virtual LANs (VLANs) to provide this user-based control. However, implementing this capability via VLANs requires organizations to re-architect their LANs, making substantial changes to their VLANs and Access Control Lists (ACLs). This daunting task requires extensive implementation and ongoing work, negates some key operational uses that VLANs provide, and leaves IT with very limited post-admission control. This paper will explore these VLAN challenges and contrast them with the simplicity of ConSentry Networks´ system for deploying flexible role-based access controls independent of VLANs.
