We're a small environment, less than 500 addresses all combined across 5 locations. I've looked into several NAC solutions like ISE, ForeScout, PortKnox, etc.. and they provide some great features but we really can't leverage them enough to justify the cost and management overhead. That said, I'd like some way of keeping unapproved devices off of the network. We're on Meraki Switching and Cisco ASA's with the full FP suite. Should I just look at MAC whitelisting or is there something else you would recommend that's not a full NAC but still helps us keep rouge devices from being connected?
Even if I can't block the device, I would be pretty happy with just a notification that something unknown was connected and I could take it from there.
No comments:
Post a Comment