Don’t compromise.

You deserve better network security.

Easy-to-use, cloud-native network access control & network device administration solutions designed for you – the overworked, under-appreciated IT pro.

pricing-[age-table

RADIUS
as-a-Service

Starting at

$1.50
USD / device / month
(billed annually)

300 device minimum*
  • Get started with our cloud RADIUS & authentication solutions - deployable in just 30 minutes.

RADIUS
as-a-Service

Starting at

€1.75
EUR / device / month
(billed annually)

200 device minimum*
  • Get started with our cloud RADIUS & authentication solutions - deployable in just 30 minutes.

RADIUS
as-a-Service

Starting at

£1.50
GBP / device / month
(billed annually)

200 device minimum*
  • Get started with our cloud RADIUS & authentication solutions - deployable in just 30 minutes.

RADIUS
as-a-Service

Starting at

$2.00
USD / device / month
(billed annually)

200 device minimum*
  • Get started with our cloud RADIUS & authentication solutions - deployable in just 30 minutes.

Cloud RADIUS

RADIUS Proxy

RADIUS Proxy Local Failover

RADIUS Forwarding

RadSec Support

Anti-Flood Protection

Role-Based Authentication

802.1X Authentication

MAC Authentication Bypass

Dynamic VLAN / ACL Assignment

Post-Connect Authorization

Role-Based Access Policies

Account Lifecycle Synchronization

Location-Based Policies

TACACS+ / AAA Services**

Azure AD Integration

Microsoft AD Integration

Standard Level Support

Standard Onboarding Services

*Sold in Packs of 10 Devices
**1 Admin / 100 Devices

NAC
as-a-Service

Business

Starting at

$3.00
USD / device / month
(billed annually)

200 device minimum*
  • Sit back & relax with powerful, automated network & endpoint security essentials.
Business

Starting at

€3.50
EUR / device / month
(billed annually)

200 device minimum*
  • Sit back & relax with powerful, automated network & endpoint security essentials.
Business

Starting at

£3.00
GBP / device / month
(billed annually)

200 device minimum*
  • Sit back & relax with powerful, automated network & endpoint security essentials.
Business

Starting at

$4.00
USD / device / month
(billed annually)

200 device minimum*
  • Sit back & relax with powerful, automated network & endpoint security essentials.
Includes everything in RADIUS-aaS, plus:

Guest Access Management

Device Onboarding Services

Device Provisioning Services

Device Risk Monitoring & Remediation**

Guest & Compliance Reporting

Google Workspace Integration

OpenLDAP

MS Intune Integration

SIEM Integration (On-Prem)

Professional Level Support

Professional Onboarding Services

*Sold in Packs of 10 Devices
**Requires AgentP Add-On or MS Intune Integration
Enterprise

 

Contact
for Pricing

500 device minimum*
  • Take it up a level with next-gen NAC services for expanding enterpise networks.
Includes everything in NAC-aaS Business, plus:

Change of Authorization (CoA)

Multi-Regional RADIUS Redundancy

Certificate Authority (CA) Services

Certificate Enrollment Services

IoT Fingerprinting

SMS-Based Onboarding

MFA Admin Access

OKTA Integration

SIEM Integration (On-Prem & SaaS)

RESTful API

Enterprise Level Support

Enterprise Onboarding Services

*Sold in Packs of 10 Devices

Prices may vary by region

Available Add-Ons

AgentP
AgentP

Self-Enrolled or Unattended

Guests Icon
Extended Guest Package

50 Guests

SMS Icon
Additional SMS Package

1,000 Messages

tacacs-icon
TACACS+ / AAA

Tiered; Admins or Devices

We've made life easier for thousands of IT pros.

Don’t take our word for it.  See for yourself.

The NAC functionality you want is no longer out of reach.

 
 
 
  • Cloud RADIUS Services
  • Wireless, wired & VPN access
  • Anti-flood protection services
  • RadSec support
  • RADIUS forwarding rules (eduroam support)
  • Authentication Services
  • Role-based authentication
  • MAC authentication bypass
  • Account lifecycle synchronization
  • Certificate authority services
  • Account Directories
  • CLEAR Directory
  • Azure Active Directory
  • MS Active Directory
  • Google Workspace
  • OpenLDAP
  • OKTA
  • Security
  • 802.1X authentication
  • Dynamic VLAN / ACL assignment
  • Automated discovery
  • Guest Accounts
  • Guest accounts
  • Self-onboarding for guests
  • Sponsor-based onboarding
  • SMS-based onboarding
  • Control
  • Role-based access policies
  • Location-based policies
  • Change of Authorization (CoA)
  • Visibility
  • Monitoring-only mode
  • Archived devices data retention
  • Dynamic group assignment per device type
  • Onboarding
  • Device self-onboarding & activation services
  • Device provisioning services
  • Certificate enrollment services
  • Onboarding services
  • White Glove Onboarding Services
  • Reporting
  • Device visibility report
  • Security compliance report
  • Guest utilization report
  • Additional Capabilies
  • RADIUS proxy - local failover
  • Multi-regional RADIUS redundancy
  • IoT Fingerprinting
  • TACACS+ / AAA
  • SIEM
  • MS Intune
  • MFA admin access (with SMS)
  • RESTful API
  • Extended device data retention
  • Support level
  • 24x7 support
  • Add-on Packs
  • Extended guest package (50 guests)
  • Addt'l SMS package (1,000 messages)
  • TACACS+ / AAA
 RADIUS
as-a-Service
  
  •  
  • x

  • x

  • x

  • x

  •  
  • x

  • x

  • x

  •  
  •  
  • x

  • x

  • x

  •  
  •  
  •  
  •  
  • x

  • x

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  • x

  • x

  •  
  •  
  •  
  • 14 days

  •  
  •  
  •  
  •  
  •  
  • Basic
  • Available for Purchase
  •  
  • x

  •  
  •  
  •  
  • x

  •  
  •  
  • 1 admin / 100 devices

  •  
  •  
  •  
  •  
  •  
  • Standard

  • 10/5 excluding holidays

  •  
  • Available for purchase

  • Available for purchase

  • Available for purchase

NAC
as-a-Service
Business
  •  
  • x

  • x

  • x

  • x

  •  
  • x

  • x

  • x

  •  
  •  
  • x

  • x

  • x

  • x

  • x

  •  
  •  
  • x

  • x

  •  
  •  
  • Up to 25 guests per day

  • x

  • x

  •  
  •  
  • x

  • x

  •  
  •  
  • x

  • 30 days

  • x

  •  
  • x

  • x

  •  
  • Advanced
  • Available for Purchase
  •  
  • x

  • x

  • x

  •  
  • x

  •  
  •  
  • 2 admins / 200 devices

  • On-premises

  • x

  •  
  •  
  • Available for Purchase

  • Standard

  • 10/5 excluding holidays

  •  
  • Available for purchase

  • Available for purchase

  • Available for purchase

NAC
as-a-Service
Enterprise
  •  
  • x

  • x

  • x

  • x

  •  
  • x

  • x

  • x

  • x

  •  
  • x

  • x

  • x

  • x

  • x

  • x

  •  
  • x

  • x

  • x

  •  
  • Up to 50 guests per day

  • x

  • x

  • x

  •  
  • x

  • x

  • x

  •  
  • x

  • 60 days

  • x

  •  
  • x

  • x

  • x

  • Premium
  • Available for Purchase
  •  
  • x

  • x

  • x

  •  
  • x

  • x

  • x

  • 3 admins / 300 devices

  • On-premises / SaaS

  • x

  • x

  • x

  • Available for Purchase

  • Premium

  • x

  •  
  • Available for purchase

  • Available for purchase

  • Available for purchase

The NAC functionality you want is no longer out of reach.

  RADIUS-as-a-Service
  
  • Cloud RADIUS Services
  • Wireless, wired & VPN access
  • Anti-flood protection services
  • RadSec support
  • RADIUS forwarding rules (eduroam support)
  • Authentication Services
  • Role-based authentication
  • MAC authentication bypass
  • Account lifecycle synchronization
  • Account Directories
  • CLEAR Directory
  • Azure Active Directory
  • MS Active Directory
  • Security
  • 802.1X authentication
  • Dynamic VLAN / ACL assignment
  • Post-connect authorization
  • Control
  • Role-based access policies
  • Location-based policies
  • Visibility
  • Archived devices data retention (14 days)
  • Onboarding
  • Onboarding services: Basic
  • White Glove: $3,500
  • Reporting
  • Device visibility report
  • Additional Capabilies
  • RADIUS proxy - local failover
  • TACACS+ / AAA: 1 admin / 100 devices
  • Support level: Professional
  • 24x7 support: 10/5 excluding holidays
  • Add-on Packs
  • Extended guest package (50 guest)
  • Additional SMS package (1,000 messages)
  • TACACS+ / AAA
NAC-as-a-Service
Business
  • Cloud RADIUS Services
  • Wireless, wired & VPN access
  • Anti-flood protection services
  • RadSec support
  • RADIUS forwarding rules (eduroam support)
  • Authentication Services
  • Role-based authentication
  • MAC authentication bypass
  • Account lifecycle synchronization
  • Account Directories
  • CLEAR Directory
  • Azure Active Directory
  • MS Active Directory
  • Google Workspace
  • OpenLDAP
  • Security
  • 802.1X authentication
  • Dynamic VLAN / ACL assignment
  • Post-connect authorization
  • Guest Accounts
  • Guest accounts: Up to 25 guests per day
  • Self-onboarding for guests
  • Sponsor-based onboarding
  • Control
  • Role-based access policies
  • Location-based policies
  • Visibility
  • Monitoring-only mode
  • Archived devices data retention: 30 days
  • Dynamic group assignment per device type
  • Onboarding
  • Device self-onboarding & activation services
  • Device provisioning services
  • Onboarding services: Advanced
  • White Glove: $3,500
  • Reporting
  • Device visibility report
  • Security compliance report
  • Guest utilization report
  • Additional Capabilies
  • RADIUS proxy - local failover
  • TACACS+ / AAA: 2 admins / 200 devices
  • SIEM: On-premises
  • MS Intune
  • Extended device data retention: Each additional 30 days - $0.99 / device / year
  • Support level: Professional
  • 24x7 support
  • Add-on Packs
  • Extended guest package (50 guest)
  • Additional SMS package (1,000 messages)
  • TACACS+ / AAA
NAC-as-a-Service
Enterprise
  • Cloud RADIUS Services
  • Wireless, wired & VPN access
  • Anti-flood protection services
  • RadSec support
  • RADIUS forwarding rules (eduroam support)
  • Authentication Services
  • Role-based authentication
  • MAC authentication bypass
  • Account lifecycle synchronization
  • Certificate authority services
  • Account Directories
  • CLEAR Directory
  • Azure Active Directory
  • MS Active Directory
  • Google Workspace
  • OpenLDAP
  • OKTA
  • Security
  • 802.1X authentication
  • Dynamic VLAN / ACL assignment
  • Post-connect authorization
  • Automated discovery
  • Guest Accounts
  • Guest accounts: Up to 50 guests per day
  • Self-onboarding for guests
  • Sponsor-based onboarding
  • SMS-based onboarding
  • Portal customization kit
  • Control
  • Role-based access policies
  • Location-based policies
  • Change of Authorization (CoA)
  • Visibility
  • Monitoring-only mode
  • Archived devices data retention: 60 days
  • Dynamic group assignment per device type
  • IoT profiling
  • Traffic monitoring
  • Artificial intelligence / machine learning (AI / ML)
  • Onboarding
  • Device self-onboarding & activation services
  • Device provisioning services
  • Onboarding customization
  • Certificate enrollment services
  • Onboarding services: Premium
  • White Glove: $3,500
  • Reporting
  • Device visibility report
  • Security compliance report
  • Guest utilization report
  • Additional Capabilies
  • RADIUS proxy - local failover
  • Multi-regional RADIUS redundancy
  • TACACS+ / AAA: 3 admins / 300 devices
  • SIEM: On-premises / SaaS
  • MS Intune
  • MFA admin access (with SMS)
  • RESTful API
  • Extended device data retention: Each additional 30 days - $0.99 / device / year
  • Support level: Professional
  • 24x7 support
  • Add-on Packs
  • Extended guest package (50 guest)
  • Additional SMS package (1,000 messages)
  • TACACS+ / AAA

Hard work pays off.

07-global_customers@2x

~1,000

Customers
Globally

08-customer_retention@2x

95%

Customer
Retention

09-gartner_peer_insights@2x

4.6 Stars

Gartner Peer
Insights

10-service_uptime@2x

99.99%

Service
Uptime

AdobeStock_434672550_web

We want our partners to grow their businesses alongside us.

Our partners are an extension of our business. As such, Portnox’s Partner Program offers special pricing and incentives designed to award those partners committed to achieving our shared goal of securing network access for more and more companies around the world.

FAQs

Yes, please contact Sales for information on volume discounts that may be applicable to you and your organization.

Absolutely! Not only is it possible, it is also how most customers deploy Portnox CLEAR in their environments.

Yes. Portnox provides special educational discounts for qualifying K-12 and higher education institutions. Please contact Sales for more information.

Subscription terms are available in 12, 24, and 36 months. Additional discounts are available for terms longer than 12 months.

We strive to ensure that you have the absolute best possible onboarding experience, regardless of which package you may purchase. However, some organizations may need some additional assistance or maybe don’t have time to invest in configuring a NAC solution. If you require additional onboarding assistance, please contact our sales department. They can help you determine what is the best onboarding tier for your needs.

Each TACACS+ as-a-Service license entitles you to one TACACS+ user and 100 TACACS+ devices. To determine which license size you need, simply count the number of TACACS+ users in your organization who will be accessing TACACS+ capable devices, such as switches, routers, etc. Then multiply that number by 100. If that number is less than the total number of TACACS+ capable devices, than take the total number of TACACS+ devices and divide by 100. This will give you the total number of TACACS+ licenses you will need to cover your environment.

 
 

TACACS+
as-a-Service

Free

Starting at

$0.00
That's right, it's free!
 

1 admin / 100 device maximum
  • Get your feet wet & test out the only cloud-native TACACS+ service.
     
Pro

Starting at

$200
USD / admin / month
(billed annually)*


  • Keep security auditors off your back with 24/7 network device administration.
Pro

Starting at

€236
EUR / admin / month
(billed annually)*


  • Keep security auditors off your back with 24/7 network device administration.
Pro

Starting at

£197
GBP / admin / month
(billed annually)*


  • Keep security auditors off your back with 24/7 network device administration.
Pro

Starting at

$260
USD / admin / month
(billed annually)*


  • Keep security auditors off your back with 24/7 network device administration.
Enterprise

NAC
as-a-Service

Contact
for Pricing

500 device minimum***
  • Did you know you get all TACACS+ services with our cloud-native NAC?

Prices may vary by region

We've made life easier for thousands of IT pros.

Don’t take our word for it.  See for yourself.
TACACS+-as-a-Service
 
 
  • Authentication Services
  • Open LDAP

  • Active Directory**

  • Password Encryption

  • Authorization Services
  • Privilege Levels

  • Session Timeouts

  • Command Restrictions

  • Allowed Services

  • Custom Attributes

  • Accounting Services
  • User Identities

  • Start / Stop Times

  • Executed Commands

  • Packet Transfers

  •  
  • *Tiered Pricing; Based on Devices or Admins

  • **Available AD Integrations Include: Azure AD, Google Workspace, Microsoft AD & OKTA

NAC-as-a-Service
ENTERPRISE
 
  • Includes everything in TACACS+ PRO +
  • Extended Cloud RADIUS Services

  • Network Authentication Services

  • Certificate Authority (CA) & Enrollment Services

  • Device Onboarding Services

  • Device Provisioning Services

  • Account Lifecycle Synchronization

  • Access Control Services

  • Post-Connect Authorization

  • Segmentation Services

  • Device Risk Monitoring & Remediation^^

  • Guest & Compliance Reporting

  • Active Directory Integrations

  • SIEM Integrations

  • MS Intune Integration

  • Explore all features»

  •  
  • ***Sold in Packs of 100 Devices

  • ^3 Admins / 300 Devices

  • ^^Requires AgentP Add-On or MS Intune Integration

 
  • Included Onboarding & Support
  • Knowledge Base Access

  • -

  
  •  
  • Advanced Onboarding Services

  • Professional Level Support

  
  •  
  • Enterprise Onboarding Services

  • Enterprise Level Support

Hard work pays off.

07-global_customers@2x

~1,000

Customers
Globally

08-customer_retention@2x

95%

Customer
Retention

09-gartner_peer_insights@2x

4.6 Stars

Gartner Peer
Insights

10-service_uptime@2x

99.99%

Service
Uptime

AdobeStock_434672550_web

We want our partners to grow their businesses alongside us.

Our partners are an extension of our business. As such, Portnox’s Partner Program offers special pricing and incentives designed to award those partners committed to achieving our shared goal of securing network access for more and more companies around the world.

FAQs

Short for ‘Terminal Access Controller Access-Control System’, TACACS+ is standards based protocol utilized for centralized, remote authentication into devices such as switches, routers, firewalls, wireless controllers, load balancers, etc. TACACS+ provides single sign-on and a single point of management for controlling access to your TACACS+ devices. 

In addition to authentication, TACACS+ allows you to define granular access permissions for who is allowed to execute what commands on the TACACS+ device. TACACS+ as-a-Service then provides a complete audit log of each and every command that was executed, by whom, at what time, and on which device.  

TACACS+ as-a-Service is licensed by the number of Network Engineers that will be accessing TACACS+ enabled devices (admins) and the total number of devices you have TACACS+ enabled on. Each TACACS+ as-a-Service license entitles you to use TACACS+ on 100 devices for one network admin. Below outlines two examples. 

Organization ‘A’ has two Network Engineers who wish to enable TACACS+ on 150 devices. They would need two TACACS+ as-a-Service licenses, providing support for both of their Network Engineers for up to 200 TACACS+ enabled Devices.  

Organization ‘B’ has five Network Engineers supporting 1500 network devices they’re looking to enable TACACS+ on. In this scenario, they would require 15 TACACS+ licenses to support all 1500 of their devices, for a maximum of 15 admins.  

Not at all. TACACS+ is supported by a very wide range of vendors and devices, not just Cisco. Just a few of the vendors that support TACACS+ include Dell, Juniper, F5, Extreme Networks, Brocade, HP/Aruba, Alcatel-Lucent, Adtran, Ciena, AVI Networks, Citrix NetScaler, Ribbon Communications, Samsung, Fortinet, Fujitsu, Huawei, Netgear, Palo Alto Networks, CommScope, and Orolia SecureSync, to name only a few. 

While a large number of network equipment vendors support TACACS+, there are a variety of applications, appliances, and operating systems that also support TACACS+. Some examples include Linux, BlueCat Address Manager, InfoBlox, IBM NetCool, Radware APSolute, AppViewX, Oracle Enterprise Session Border Controller, Trendmicro TippingPoint, Avocent Cyclades and many others.  

Portnox TACACS+ as-a-Service is a cloud-based service which is administrated, configured, and managed through our CLEAR SaaS portal. A virtual appliance is downloaded and deployed in one or more locations on your network. This virtual appliance can be deployed on Microsoft Hyper-V, VMware, or any hypervisor which supports the import of OVA or VMDK filetypes, such as Nutanix Acropolis, Citrix XenServer, Oracle VirtualBox, Proxmox, KVM, Parallels, etc. 

The TACACS+ protocol standard does not include the source IP address of the originating device in the TACACS+ packet like RADIUS does. This means when a TACACS+ AAA request traverses a NAT device, such as a router or firewall, the originating source IP address in the header is replaced with the IP of the router or firewall that is performing the NAT. This makes it impossible to associate audit events to the specific device in the environment the change was made to, or to have a policy apply only to a subset of devices behind the NAT. 

TACACS+ devices in your environment must be able to communicate to the IP(s) of the virtual appliance over TCP Port 49. 

The TACACS+ as-a-Service backend is fully geo-redundant, preventing for any major datacenter outage from impacting service delivery. Additionally, customers can deploy multiple TACACS+ virtual appliances for site redundancy, as well as deploy virtual appliances to each site as needed or required for additional levels of redundancy. 

Should the virtual appliance be unable to communicate with our SaaS service running in the cloud, any new TACACS+ authentications to devices would fail, and existing authorization requests would likely also fail. For this reason, it is strongly recommended to always define a backup authentication mechanism, such as a local account with lower priority that can only be used should the TACACS+ server(s) be unreachable or provide no response. It is also recommended to enable TACACS+ caching as part of your device configuration. This cache will allow previously allowed authentications and authorizations to execute as they did prior to the TACACS+ service outage. 

Try Portnox CLEAR for Free Today

Gain access to all of Portnox CLEAR’s powerful NAC capabilities for 30 days!