I am doing NAC research for my company to see what would be the best solution to implement it. We having serious problems with managed and unmanaged users coming onto the network which spread alot of viruses, thats why we need control who is coming onto the network.To give you some background info this is what the landscape looks like.

There is a total of about 12000 users in our company
We have an Enterasys backbone not all of the switches are 802.1X compliant i would say 70% is.
We running Microsft environment, the hosts are running Vista and XP , servers are 2003 and a few 2008. We will be migrating to 2008 over the next 18 months. We have System Center Config manager doing our patches.We just implemented microsoft PKI.
Symantec SEP11 is our AV software.

What i was task to do is see if we can utilise our existing investment in implementing NAC and the cost associated to that and what a complete new solution other that what we have would cost to implement.

My dilemma is knowing what all the vendors offerings are what would be the best solution for us to go with?. Is it out-of-band or in-line or both ? There is so many many things to consider and just feel overwhelmed at the moment with all the options.

If anyone can assist in this decision i would really be gratefull.



Software/Hardware used:
microsoft, enterasys, symantec endpoint protection