Good Network Access Control solution using dot1x?

[Ryan Sumida <rsumida () csulb edu>]

Hello Security Folk,

Looking for a network solution to mitigate the virus/worm problems in our 
university dorm network.  Has any one company moved ahead of the pack in 
the port based NAC market?  I'm not sure if this is the best way to go but 
in theory it would solve some of our problems.  At the moment our IPS is 
blocking over 90,000 attacks/hour from the dorm area alone!

A solution similar to Perfigo's CleanMachine product is what I have in 
mind but with 802.1x support.  When end-users would like to get on the 
network they start in a temporary restricted VLAN.  The system will then 
be scanned (Nessus scan , etc.)  for vulnerabilities defined by the 
security policy.  If compliant then the mac is granted network access and 
the port is then changing to a non-restricted VLAN.   If non-compliant the 
mac is put on quarantine list and the port is then set to "jailed" VLAN. 

Anyone know of a good product that can do this or something similar? 


Regards,

Ryan