It is important for networks to be protected from security threats which can disrupt business and cause downtime. Network admission control is used to enforce security policy compliance on devices that attempt to gain access to a network. In a network with conventional network admission control deployed, traffic to an end station and traffic from an end station is sent via a network admission control appliance. The network admission control appliance establishes the state of the end station, inspects the traffic and then determines which network policy should be enforced. In most cases, the network admission control appliance is an engine implemented in software and is centralized. Traffic is typically directed to the appliance using virtual local area networks (VLANs). The appliance inspects the traffic and injects the traffic to appear in the appropriate healthy virtual local area network if appropriate. A conventional profiler appliance used to identify end stations is also located within the network and has visibility to a very small subset of traffic (e.g., DHCP exchanges).
Corresponding reference characters indicate corresponding parts throughout the several views of the drawings.