Enforcing Policies

There are various ways to enforce policies.

Windows Group Policy
Network Access Control

This allows a server to perform some tests. The results of these tests may determine whether a network interface port on a switch remains active, or what information DHCP hands out to a client. Therefore, the server has some ability to control what type of access another device will have on a network.


In 2010, NetworkWorld article on NAC gone wrong states, “Agreement on what NAC really means and the right approach to NAC remain as elusive today as in 2005, when the first NAC products burst on the scene.”

(That's an old article, and one article might be quite little to make a sweeping judgement. Still, that doesn't sound like a very positive judgement.)

Specific implementations

Cisco offerings
Network Admission Control

Wikipedia's article for “Network Admissino Control”

Identity Services Engine (“ISE”)

This software might not be specific to just NAC, but it does seem to provide some similar features. For instance, both ISE and MAC can consider whether a client's anti-virus software is up to date.

Network Access Protection

XP SP3 NAP Rude Q and A, Features Removed or Deprecated in Windows Server 2012 R2

There's at least a few articles on Microsoft's site. e.g.: Network Acces Protection Using 802.1x VLANs or Port ACLs