Worth it if it fully secures the network against illicit access and prevents the introduction of unauthorized devices.
Problem is that both challenges are a) moving targets moving fast, and b) some of the users at those endpoints know just how fast the targets are moving.
Take a look at this look at NAC vulnerabilities to get a sense of the challenges centralized endpoint control has to deal with. (The rest of the Eight Overlooked Security Vulnerabilities is worth a read and re-read as well.)
But the stinger in the tail of the NAC section is the real endpoint issue: "there is no way to verify that the client is telling the truth about its configuration."
Tehcnical issues of client device verification are just that -- technical issues that can be addressed, and once addressed brings us closer to the real endpoint -- and teh real endpoint security issue.
That real endpoint is of course the user of the client device -- the employee (or, please no, the contractor, consultant, vendor or even visitor granted temporary access) who knows enough about your endpoint security procedures, programs, practices and policies to get around them.
No way around that, I fear, other than by taking advantage of one the many advantages that small to midsize companies afford: better knowledge of your employees and colleagues, better opportunities to communicate and enforce strong security policies, better awareness of who's doing what and why they need to (or don't.)
That's no small benefit, and one that, coupled with increasingly affordable NAC and security packages can give you a better than fighting chance of addressing the real endpoint security challenge before it becomes a hardware, software and business problem.