802.1X does perform either a computer or a user authentication to allow the network access.
NAC is a generic term designing any form of Network Access Control.
Then 802.1X is one kind of NAC. I consider 802.1X to be the standard of NAC.
Beware here of the abbreviation collision around NAC which stands for Network Access Control and Network Admission Control.
Network Admission Control (origin Cisco) and Network Access Protection (origin Microsoft) are also two commercial NAC (Network Access Control)
going further than the standard 802.1X. They verify that the connecting
operating system is in a correct state (through the checksum of some
components), and that the endpoint anti-virus is on and up to date.
NAC (Network Admission Control), the Cisco version is more network aware and less Windows addict. Unfortunatly this software solution stopped being supported by Cisco in 2011.
NAP (Network Access Protection), the Microsoft solution is more Windows aware and less network adapted.
From my own short experience, these 2 software solutions might be easily deceived as long as you get the control of the endpoint PC (Windows, MacOS X, Linux…). You can easily install an endpoint yes-agent replacing
the editor one.
Then I advise to stick to the 802... standards, which have their limitations and defaults, but with no hidden features which advantage the
attackers.
Best Answer
"Open authentication", is fundamentally a NULL authentication where the client says "authenticate me", and the AP responds with "yes". Open authentication is the only method used in enterprise WLAN deployments, it is fundamentally a NULL authentication, Therefore, "real authentication" is achieved by using 802.1X/EAP authentication mechanisms. A typical secure enterprise WLAN AP blocks WLAN client traffic at the AP until a successful 802.1X authentication.
That means that there is no verification of the user or machine. Open Authentication allows any device that places an authentication request to the access point (AP). Open Authentication uses clear-text transmission to allow a client to associate to an AP and therefore 802.1x could be used.