Juniper has upgraded its network access-control software to block network access via any switch, not just by Juniper firewalls.

Unified Access Control (UAC) 2.0 will be released next month and supports 802.1X port-level authentication, which can restrict what devices gain access to a network before they are assigned IP addresses. This support puts Juniper on a footing with Cisco and other vendors whose NAC schemes call for enforcement of access policies on all access switches. Juniper launched its UAC architecture using its firewalls as enforcement points with the intent of adding 802.1X later.

Machines with profiles that fail security scans can be locked out of the network or quarantined on a designated virtual LAN, says John Oltsik, an analyst with Enterprise Strategy Group. UAC 2.0 still supports its existing enforcement mode of restricting access via Juniper firewalls.

Juniper's architecture for access control, is compliant with an alternate, open-standard scheme called Trusted Network Connect promoted by Trusted Computing Group and works with any 802.1X switch. UAC competes with Cisco's Network Admission Control, which supports enforcement by its own 802.1X switches.

The new features come through the purchase of Funk Software last year. In particular, Juniper is adding client software called an 802.1X supplicant, which can be downloaded to machines as they seek authorization to join the network. The supplicant, sold as Odyssey Access Client by Funk, lets 802.1X switches enforce what switch-level access the supplicant machine will get.

UAC 2.0 is available next month and starts at $15,000 for an Infranet Controller to support 100 concurrent users.