Karthik Krishnan, senior product line manager of the Sunnyvale, California-based networking and security company, said that it first unveiled the UAC offering last year with L3 functionality, its firewalls becoming the enforcement points as instructed by a server called the Infranet Controller.
Then at the end of last year Juniper acquired Funk Software, which brought it both the Steel-Belted Radius server portfolio but also the Odyssey 802.1x supplicant. While SBR has now been integrated into the Infranet Controller, the Odyssey client has gone into the UAC 2.0 client, enabling companies to do either L2 (port-level) or L3 NAC, with the L2 functionality on any vendor’s switches that are 802.1x-compliant.
Indeed, said Peter Crowcombe, enterprise marketing director for Juniper in EMEA, you can now start with L3 NAC on your firewalls as a quick and easy deployment, then as you start to roll out your 1x, go to L2.
The integration of the Funk software into the UAC infrastructure, which Juniper has been promising since earlier this year, gives it boasting rights over Cisco, which can also do L2 or L3 with its Network Admission Control (Cisco NAC) product portfolio, but, at least on the NAC Framework side of the offering, requires the networking infrastructure to be Cisco switches end-to-end and for them all to have their IOS operating system updates to a version that supports Cisco NAC.
Cisco meanwhile seeks to address this issue with the NAC Appliance product it got by acquiring Perfigo, which can sell into heterogeneous environments.
Other NAC solutions are either switch-specific, endpoint software-restricted, device-constrained, or can’t handle use cases such as guest access, as well as facing the agent issue, said Krishnan. This last question is again a swipe at Cisco, whose CTA agent for NAC is permanent rather than transient, which is the way the UAC agent works, i.e. it downloads on the fly and dissolves at the end of the session.