A physical local area network (LAN) may include numerous network access devices (e.g., routers, switches, wireless access points, etc.) that communicate with one another (either directly or indirectly) to provide computing device(s) (e.g., laptop, smartphone, etc.) access to a wide area network (WAN). Thus, a network access device (NAD) is a piece of networking equipment, including hardware and software, which communicatively interconnects other equipment on the LAN (e.g., other network elements, computing devices). The WAN can include, for example, the Internet, where communication with the WAN is through an interface such as T1, T3, cable, Digital Subscriber Line (DSL), wireless (e.g., mobile cell tower), or the like.
The one or more of the network access devices within the LAN that are directly coupled to the WAN or directly coupled to an interface device (e.g., a DSL modem) act as a gateway node for the LAN (a gateway to the WAN) for the other network access devices and network computing devices in the LAN. Network access devices that rely on (communicate with) one or more other network access devices to reach the WAN act as intermediate nodes of the LAN.
Generally the access control rules must either be configured manually on each network access device (e.g. individual access points or switches), or if a controller based system is used then the rules are configured on the controller. Configuring access control rules manually on each network access device is cumbersome, time-consuming and error-prone. Using a controller-based system simplifies this somewhat, but controllers are expensive and can only support a limited number of network access devices each, after which additional controllers must be deployed and access control rules synchronized between them. Also, if many network access devices are located in geographically disparate locations, synchronizing the access control rules can be confusing.