Implementing Network Access Control

When to Use

• Enforcing identity-based network access where only authenticated and compliant devices connect to the network
• Implementing zero-trust networking at the access layer with dynamic VLAN assignment based on user role
• Quarantining non-compliant devices that fail endpoint posture checks (missing patches, disabled AV)
• Meeting compliance requirements (PCI-DSS, HIPAA, SOC 2) for network access controls
• Onboarding BYOD devices with automated provisioning and limited network access

Do not use as a standalone security solution without complementary controls, for networks with devices that do not support 802.1X supplicants, or without proper fallback mechanisms for critical infrastructure.

Prerequisites

• RADIUS server (FreeRADIUS, Microsoft NPS, or Cisco ISE) configured with user/device authentication
• Managed switches supporting 802.1X port-based authentication
• Certificate Authority for EAP-TLS certificate distribution (optional but recommended)
• PacketFence or similar NAC platform for posture assessment and remediation
• Active Directory or LDAP directory for centralized user authentication
• DHCP server integration for dynamic IP assignment per VLAN