SiperOne
TR
Back to Resources
AnchorNAC

AnchorNAC Datasheet

Zero-trust network access control for wired, wireless and VPN infrastructure.

Overview

AnchorNAC is a RADIUS/TACACS+ platform that enforces identity-based access policies across enterprise networks. It supports 802.1X with EAP-TLS and EAP-TEAP, MAC Authentication Bypass (MAB) for headless devices, and a declarative YAML policy engine for dynamic VLAN assignment, downloadable ACLs and posture-based segmentation. AnchorNAC can run cloud-managed, on the Edge appliance or fully on-premises.

Key Capabilities

AnchorNAC provides end-to-end network access control from authentication through to continuous posture enforcement.

  • 802.1X EAP-TLS and EAP-TEAP with built-in PKI and SCEP enrolment
  • MAC Authentication Bypass for printers, IoT sensors and IP phones
  • YAML-based policy engine with role, time, location and posture conditions
  • Dynamic VLAN assignment and downloadable ACL push
  • Posture checks for disk encryption, OS patch level and endpoint agent presence
  • BYOD onboarding with SCEP certificate provisioning
  • TACACS+ for network-device administration and command authorisation
  • High-availability with active/passive clustering and database replication

Packages

Enterprise includes cloud-managed RADIUS, 802.1X, MAB, policy engine and posture. Sovereign adds full on-premises deployment, TACACS+, air-gapped operation and custom CA integration. Both tiers support unlimited endpoints and include API access.

Multi-Vendor Support

AnchorNAC is tested and certified with Cisco Catalyst and Meraki, Aruba CX and Mobility, FortiGate and FortiSwitch, MikroTik RouterOS, Huawei VRP and Juniper EX/QFX. Vendor-specific RADIUS attributes (VSAs) are pre-configured and additional dictionaries can be imported. CoA and disconnect messages are supported for real-time policy enforcement.

Compliance & Certification

All authentication and authorisation events are logged with RFC 2866 accounting records. The audit trail supports ISO 27001 A.8.5 (secure authentication) and A.8.22 (network segmentation) controls. AnchorNAC logs can be forwarded to AnchorLog for tamper-evident archival or exported to any SIEM via syslog (RFC 5424).

Ready to get started?

Deploy AnchorSpot, AnchorNAC or AnchorLog in minutes with a free trial — no credit card required.

Start free trial