Alcatel-Lucent submitted their OmniSwitch switches, OmniAccess wireless controllers and OmniVista management tool, plus InfoExpress' CyberGatekeeper endpoint security system.

Together, the two vendors offer a complete framework and a wide set of hardware options. The result is interoperable parts that network managers can combine to give different types of NAC enforcement in different network topologies. The most important characteristic of the Alcatel-Lucent NAC strategy is a heavy focus on endpoint security checks, which are only loosely coupled to optional authentication and group information.

However, because Alcatel-Lucent and CyberGatekeeper are each standalone NAC products, the options for enforcement and policy creation are dizzying and confusing.

CyberGatekeeper can be installed on Windows or Mac clients, and returns a "pass" or "fail" verdict that can be used as part of an access control decision.

Alcatel-Lucent's Access Guardian management software is used to define NAC policies, which are then pushed out to Alcatel-Lucent switches that enforce access controls. Although Access Guardian supports access control lists for enforcement, the definition mechanism is so clumsy that most enterprises will probably use virtual LAN-based enforcement mechanisms instead.

Acknowledging that it doesn’t have a significant percentage of the network switch market, the team that visited our lab demonstrated both edge enforcement with Alcatel-Lucent gear, as well as an Alcatel-Lucent switch sitting behind our existing Cisco, HP and Juniper switches, providing Layer 2 in-line NAC enforcement at the network core.

OUR VERDICT

The components offered by Alcatel-Lucent and InfoExpress do check most of the boxes required for a NAC deployment. However, these pieces form more of a do-it-yourself kit than an integrated NAC product.