Board meeting setting with people around a table, fadinging into a solid aqua color

Network Access Control (NAC)

Advanced edge security for Enterprise networks

The security issues facing Enterprise networks have evolved over the years, with the focus moving from mitigating outward attacks, to reducing internal breaches and the infiltration of malicious software. This internal defense requires significant involvement with individual devices on a network, which creates greater overhead on network administrators. Allied Telesis lowers this overhead and provides an effective solution to internal network security, by integrating advanced switching technology as a part of Network Access Control (NAC).

The evolution of network defense

For many years, the focus in Enterprise network security was on defending against external threats. Firewalls were installed to protect the LAN from the hackers, worms, spammers and other security dangers of the Internet.

However, with the growth in mobile computing and the proliferation of Ethernet-capable devices, LAN-based attacks now outnumber external threats as the main security issues facing network administrators. Thus, attention has turned towards the ‘enemy within’—the security dangers lurking within the local LAN.

Malicious software, known as malware, makes its way onto a network via employees, contractors and visitors. Personal laptops, wireless gadgets, and ever-popular USB flash drives all provide excellent vectors through which malware can enter the workplace. Even careful employees can unwittingly bring in malware, by using their equipment outside of the network. Visitors and contractors may be careless carriers of malware or, even worse, may be planning a malicious attack to steal data or cause disruption.

Defense against the enemy within

To effectively defend the network against internal threats, network administrators need secure LAN switches that provide protection against common attacks. They also need to implement policies that ensure that each device connecting to a network is as secure as possible. This combination of secure LAN switches and anti-malware policy can be very effective.

Allied Telesis switches have always provided a comprehensive range of defenses to combat internal attacks. These attacks range from data stealing attacks, such as Address Resolution Protocol (ARP) spoofing, to Denial of Service (DoS) attacks such as Tear Drop or Ping of Death. Correct deployment of these defenses can create a network that is impermeable to most of the harm these attacks cause.

Additionally, network administrators can institute a policy whereby network users are required to install and maintain anti-malware scanners, and to install security patches as they are released by Operating System vendors. However, this has required network administrators to spend time ensuring that users are adhering to policies, and has even generated counter-productive tension between network administrators and users.

The Solution is NAC

This is where Network Access Control (NAC) provides a solution. NAC allows network administrators to automate policy enforcement. Rather than requesting that users ensure their devices conform to anti-malware policies, administrators can simply let the network do the job instead.

NAC has very quickly become an industry requirement, and is clearly much more than a new buzzword for network professionals. NAC offers an excellent way to control network access with automated policy enforcement, and to manage network security without vast administration overhead.

Put simply, NAC lets you define a comprehensive security policy for your network, implement that policy on a centralized server, and have the network automatically enforce that policy on all network users. NAC is much more than just user authentication—it is also designed to protect the network from users and devices that may be authorized, but still pose threats.

The most sensible place for this to occur is at the edge of the network, removing security threats before they gain any form of access. A NAC solution, which includes switches that act as enforcement points, ensures a proactive approach to network security.

How NAC secures your network

To provide this advance in network security, the significant elements included in Allied Telesis switch functionality are tri-authentication, roaming authentication, two-step authentication, and integration with NAC infrastructure.


Tri-authentication allows the network to identify all devices connecting to it. It can be used as part of a comprehensive NAC solution, or on its own where it provides a low overhead method of implementing network access security.

Roaming authentication

Mobile users move from one attachment point to another. Once a user has been given acccess, Allied Telesis roaming authentication ensures they are not inconvenienced by the need to re-authenticate as they roam.

Two-step authentication

Devices and users can be separately authenticated, to prevent sophisticated attempts to circumvent security.

Integration with NAC infrastructure

Allied Telesis equipment can integrate as a key component in network-wide NAC solutions.

Roaming authentication in wireless and wired environments

NAC Solution Guides