University Nixes Cisco NAC for ConSentry's

Failed NAC installation led Fayetteville State University to go with a Cisco competitor for NAC and switching

Dark Reading Staff, Dark Reading

January 25, 2008

4 Min Read

After Fayetteville State University's (FSU) Cisco Network Admission Control Appliance installation failed to live up to its billing, FSU dumped the Cisco NAC boxes in favor of a competitor’s network access control product -- and then did the same with its switches.

All told, Cisco lost $250,000 in revenue from FSU, which switched over to ConSentry's LANShield NAC and switch products last year, according to the university.

It was the university's computing philosophy that led to its initial Cisco NAC adoption in 2006. “The university is proud to have an open computing” environment, says Joseph Vittorelli, director of systems and infrastructure at the North Carolina university. “We do not block or lock anything down.”

The second oldest public university in the state, FSU has 6,500 full-time students (3,000 live on campus), and 1,000 staff and faculty members, who use its network. The university needed a checkpoint to ensure that users were only allowed to go where they were authorized to go on the network. Also, students tend to freely -- and sometimes carelessly -- roam the Internet, so the university did not want them infecting the campus network with things such as spyware.

So in the spring of 2006, FSU purchased a couple of Cisco NAC appliances to address those problems. “The system would run OK during the day when there was not a lot of traffic on the network,” Vittorelli recalls. “At night, when students would do what students do -- download music and movies -- the traffic rose, and the system constantly locked up. It became so bad that we wrote a script to reboot the NAC appliances whenever they stopped working rather than have a network technician constantly restarting them.”

The university thought there were design problems with the NAC appliances, and discussed its concerns with Cisco. “We did not receive as much help as we expected,” said Vittorelli. “They just told us our configuration was undersized, and the solution was to buy a few more appliances.”

So the university decided to look at alternatives. It examined a handful of products, and one design stood out: “Most of the NAC solutions sit out-of-band and act as the default gateway for user machines, making them vulnerable to denial-of-service (DoS) attacks,” Vittorelli stated. “We were intrigued with the ConSentry product [LANShield] because it operates in-band and was not susceptible to such problems.”

Four ConSentry LANShield Controller NAC appliances now sit at various entry points on the Fayetteville campus network, helping the network group manage the network and guard against unwelcome visitors. With the new access control appliances, the university also gained better visibility into what students were doing and where they were going on the network.

FSU's experience with the new NAC products prompted another change: The university’s Cisco 3750 switches, which were used in the student dorms, were scheduled to be upgraded during the summer of 2008. Rather than wait until then, FSU decided to move its switch upgrade plans up one year -- and to go with ConSentry's switching gear rather than upgrade its Cisco switches. “ConSentry has switches that include integrated NAC software that would simplify the managing of our network,” Vittorelli says. So the university installed 50 LANShield Switches in its dorms.

Vittorelli says installation of the ConSentry NAC appliances and switches went smoothly, although initially there was one missing feature: the ability to limit certain types of traffic, such as streaming video, so it wouldn't overrun the network. ConSentry added that capability last fall, however.

Interestingly, FSU's NAC and switch changeup has actually improved the university’s relationship with Cisco. “Cisco is more visible on campus and more willing to help us now than they were before,” Vittorelli says. “As a matter of fact, they have been holding ‘Lunch and Learn’ sessions, where they provide our network team with an overview of the directions they are moving in with their products, such as their wireless routers, and talk about any concerns that we have.”

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights