macmon is the most rapidly and easily implemented Network Access Control (NAC) solution on the market. It takes away complexity, giving you immediate visibility into your LAN and WLAN. Whether it be BYOD or guest devices, all seamlessly integrated using our unique guest service portal. In addition, macmon ensures compliance to important standards like PCI or diverse other ISO standards. macmon’s VLAN-Manager reduces administrative efforts massively, whilst segmenting the network increases your security level enormously. NAC smartly simply.
macmon Network Access Control - 5x simple
Corporate endpoint devices are sorted into logical groups, in which, the configuration for managing the endpoints on the network takes place. This means that group-based specifications for the endpoint properties (operating system, domain, IP ports) and the authorization can be defined.
For the authorization, simple predefined fields can be used to specify the VLAN and further authorisations. Here, a three levels specification can be made depending on the quality of the identification (MAC address only = low, username and password = medium, certificates = high).
Thanks to these specifications, macmon is able to create and maintain the set of rules independently. Custom rules only have to be defined in special cases.
802.1X (with and without certificates) and/or RADIUS-based authentication can basically take place on three levels: MAC address (lowest level), username and password (medium level) or certificate-based (highlevel). In macmon, different authorisations can be defined in the group-based configuration for various levels in order to grant network accesses depending on the level of the identification.
Since very few companies already have a completely rolled out certificate-based infrastructure, selecting the medium identification level combined with Microsoft AD accounts is often the easiest solution to quickly secure networks.
However, the great complexity of 802.1X lies in the administration and maintenance of the RADIUS server since an abundance of rules often has to be created and maintained. Regardless of whether 802.1X should be implemented with or without certificates, macmon‘s product strategy and the associated advantages, such as the dynamic set of rules, significantly reduce costs and complexity.
The macmon guest portal is designed for a high level of flexibility and an extremely wide range of applications. This means that any portal instance can be positioned at a different location in the company and customized. In addition to German and English, which are supplied, any language (including any character set) can be added.
We distinguish between guests and guest devices in order to be able to map any variant for the visitors. This means, for example, that you can register multiple devices, if required, or receive a time-limited voucher while you change your device. The integrated sponsor portal allows you to delegate the creation and management of vouchers to any employee in the company via simple Microsoft AD group memberships. The administrative office can therefore approve guests, for example, without having to call up the IT department.
The BYOD portal, which is also included, also offers the an overview of employees’ devices.
Unmanaged endpoints, e.g. employee smartphones (not the company’s property), can be registered by the employees themselves if they are authorised to do so.
To significantly further simplify the set of rules and to support mapping multiple sites or large infrastructures, macmon offers the unique functionality for calculating the effective VLAN. If an endpoint is viewed on the network (both via SNMP and 802.1X), macmon calculates – if necessary – the target VLAN using various information in order to always configure the right VLAN in each individual instance.
This includes whether a VLAN has been specified for the endpoint in macmon, whether the endpoint is compliant, and/or one or more VLANs have been assigned to the endpoint group and which VLANs are managed by the affected switch. VLAN IDs and VLAN names can be used to map each situation.
In larger environments, this often even leads to significant performance improvement since the number of rules that must be complied with for each authentication is much lower than it is for every other NAC product.
macmon offers the option to authenticate endpoints using their Active Directory accounts (identities) or general LDAP accounts. Either user accounts or device accounts can be used here. Since certificates do not need to be rolled out, the introduction of 802.1X is significantly easier.
Using simple mapping, the AD groups can then be linked to the macmon endpoint groups. The existing set of rules also automatically applies to AD groups. Where endpoints sometimes appear on the network with the MAC address and sometimes with an AD account, no additional rules have to be designed or created.
Thanks to the integration and mapping, the MAC addresses for the endpoints can be learned/added during the authentication process and sorted into the correct group in accordance to the mapping.
This means that it is possible to identify endpoints on a high authentication level easier than only by its MAC address. By selecting the integration, you can select whether the network department decides which endpoint gets access or if this decision is made by the AD administrator.