Don’t compromise.
You deserve better network security.
Easy-to-use, cloud-native network access control & network device administration solutions designed for you – the overworked, under-appreciated IT pro.
RADIUS
as-a-Service
Starting at
USD / device / month
(billed annually)
300 device minimum*
- Get started with our cloud RADIUS & authentication solutions - deployable in just 30 minutes.
RADIUS
as-a-Service
Starting at
EUR / device / month
(billed annually)
200 device minimum*
- Get started with our cloud RADIUS & authentication solutions - deployable in just 30 minutes.
RADIUS
as-a-Service
Starting at
GBP / device / month
(billed annually)
200 device minimum*
- Get started with our cloud RADIUS & authentication solutions - deployable in just 30 minutes.
RADIUS
as-a-Service
Starting at
USD / device / month
(billed annually)
200 device minimum*
- Get started with our cloud RADIUS & authentication solutions - deployable in just 30 minutes.
Cloud RADIUS
RADIUS Proxy
RADIUS Proxy Local Failover
RADIUS Forwarding
RadSec Support
Anti-Flood Protection
Role-Based Authentication
802.1X Authentication
MAC Authentication Bypass
Dynamic VLAN / ACL Assignment
Post-Connect Authorization
Role-Based Access Policies
Account Lifecycle Synchronization
Location-Based Policies
TACACS+ / AAA Services**
Azure AD Integration
Microsoft AD Integration
Standard Level Support
Standard Onboarding Services
NAC
as-a-Service
Starting at
USD / device / month
(billed annually)
200 device minimum*
- Sit back & relax with powerful, automated network & endpoint security essentials.
Starting at
EUR / device / month
(billed annually)
200 device minimum*
- Sit back & relax with powerful, automated network & endpoint security essentials.
Starting at
GBP / device / month
(billed annually)
200 device minimum*
- Sit back & relax with powerful, automated network & endpoint security essentials.
Starting at
USD / device / month
(billed annually)
200 device minimum*
- Sit back & relax with powerful, automated network & endpoint security essentials.
Guest Access Management
Device Onboarding Services
Device Provisioning Services
Device Risk Monitoring & Remediation**
Guest & Compliance Reporting
Google Workspace Integration
OpenLDAP
MS Intune Integration
SIEM Integration (On-Prem)
Professional Level Support
Professional Onboarding Services
for Pricing
500 device minimum*
- Take it up a level with next-gen NAC services for expanding enterpise networks.
Change of Authorization (CoA)
Multi-Regional RADIUS Redundancy
Certificate Authority (CA) Services
Certificate Enrollment Services
SMS-Based Onboarding
MFA Admin Access
OKTA Integration
SIEM Integration (On-Prem & SaaS)
RESTful API
Enterprise Level Support
Enterprise Onboarding Services
Prices may vary by region
Available Add-Ons
AgentP
Self-Enrolled or Unattended
Extended Guest Package
50 Guests
Additional SMS Package
1,000 Messages
TACACS+ / AAA
Tiered; Admins or Devices
We've made life easier for thousands of IT pros.
Don’t take our word for it. See for yourself.
The NAC functionality you want is no longer out of reach.
- Cloud RADIUS Services
- Wireless, wired & VPN access
- Anti-flood protection services
- RadSec support
- RADIUS forwarding rules (eduroam support)
- Authentication Services
- Role-based authentication
- MAC authentication bypass
- Account lifecycle synchronization
- Certificate authority services
- Account Directories
- CLEAR Directory
- Azure Active Directory
- MS Active Directory
- Google Workspace
- OpenLDAP
- OKTA
- Security
- 802.1X authentication
- Dynamic VLAN / ACL assignment
- Automated discovery
- Guest Accounts
- Guest accounts
- Self-onboarding for guests
- Sponsor-based onboarding
- SMS-based onboarding
- Control
- Role-based access policies
- Location-based policies
- Change of Authorization (CoA)
- Visibility
- Monitoring-only mode
- Archived devices data retention
- Dynamic group assignment per device type
- Onboarding
- Device self-onboarding & activation services
- Device provisioning services
- Certificate enrollment services
- Onboarding services
- White Glove Onboarding Services
- Reporting
- Device visibility report
- Security compliance report
- Guest utilization report
- Additional Capabilies
- RADIUS proxy - local failover
- Multi-regional RADIUS redundancy
- TACACS+ / AAA
- SIEM
- MS Intune
- MFA admin access (with SMS)
- RESTful API
- Extended device data retention
- Support level
- 24x7 support
- Add-on Packs
- Extended guest package (50 guests)
- Addt'l SMS package (1,000 messages)
- TACACS+ / AAA
x
x
x
x
x
x
x
x
x
x
x
x
x
x
14 days
- Basic
- Available for Purchase
x
x
1 admin / 100 devices
Standard
10/5 excluding holidays
Available for purchase
Available for purchase
Available for purchase
x
x
x
x
x
x
x
x
x
x
x
x
x
x
Up to 25 guests per day
x
x
x
x
x
30 days
x
x
x
- Advanced
- Available for Purchase
x
x
x
x
2 admins / 200 devices
On-premises
x
Available for Purchase
Standard
10/5 excluding holidays
Available for purchase
Available for purchase
Available for purchase
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
Up to 50 guests per day
x
x
x
x
x
x
x
60 days
x
x
x
x
- Premium
- Available for Purchase
x
x
x
x
x
3 admins / 300 devices
On-premises / SaaS
x
x
x
Available for Purchase
Premium
x
Available for purchase
Available for purchase
Available for purchase
The NAC functionality you want is no longer out of reach.
- Cloud RADIUS Services
- Wireless, wired & VPN access
- Anti-flood protection services
- RadSec support
- RADIUS forwarding rules (eduroam support)
- Authentication Services
- Role-based authentication
- MAC authentication bypass
- Account lifecycle synchronization
- Account Directories
- CLEAR Directory
- Azure Active Directory
- MS Active Directory
- Security
- 802.1X authentication
- Dynamic VLAN / ACL assignment
- Post-connect authorization
- Control
- Role-based access policies
- Location-based policies
- Visibility
- Archived devices data retention (14 days)
- Onboarding
- Onboarding services: Basic
- White Glove: $3,500
- Reporting
- Device visibility report
- Additional Capabilies
- RADIUS proxy - local failover
- TACACS+ / AAA: 1 admin / 100 devices
- Support level: Professional
- 24x7 support: 10/5 excluding holidays
- Add-on Packs
- Extended guest package (50 guest)
- Additional SMS package (1,000 messages)
- TACACS+ / AAA
- Cloud RADIUS Services
- Wireless, wired & VPN access
- Anti-flood protection services
- RadSec support
- RADIUS forwarding rules (eduroam support)
- Authentication Services
- Role-based authentication
- MAC authentication bypass
- Account lifecycle synchronization
- Account Directories
- CLEAR Directory
- Azure Active Directory
- MS Active Directory
- Google Workspace
- OpenLDAP
- Security
- 802.1X authentication
- Dynamic VLAN / ACL assignment
- Post-connect authorization
- Guest Accounts
- Guest accounts: Up to 25 guests per day
- Self-onboarding for guests
- Sponsor-based onboarding
- Control
- Role-based access policies
- Location-based policies
- Visibility
- Monitoring-only mode
- Archived devices data retention: 30 days
- Dynamic group assignment per device type
- Onboarding
- Device self-onboarding & activation services
- Device provisioning services
- Onboarding services: Advanced
- White Glove: $3,500
- Reporting
- Device visibility report
- Security compliance report
- Guest utilization report
- Additional Capabilies
- RADIUS proxy - local failover
- TACACS+ / AAA: 2 admins / 200 devices
- SIEM: On-premises
- MS Intune
- Extended device data retention: Each additional 30 days - $0.99 / device / year
- Support level: Professional
- 24x7 support
- Add-on Packs
- Extended guest package (50 guest)
- Additional SMS package (1,000 messages)
- TACACS+ / AAA
- Cloud RADIUS Services
- Wireless, wired & VPN access
- Anti-flood protection services
- RadSec support
- RADIUS forwarding rules (eduroam support)
- Authentication Services
- Role-based authentication
- MAC authentication bypass
- Account lifecycle synchronization
- Certificate authority services
- Account Directories
- CLEAR Directory
- Azure Active Directory
- MS Active Directory
- Google Workspace
- OpenLDAP
- OKTA
- Security
- 802.1X authentication
- Dynamic VLAN / ACL assignment
- Post-connect authorization
- Automated discovery
- Guest Accounts
- Guest accounts: Up to 50 guests per day
- Self-onboarding for guests
- Sponsor-based onboarding
- SMS-based onboarding
- Portal customization kit
- Control
- Role-based access policies
- Location-based policies
- Change of Authorization (CoA)
- Visibility
- Monitoring-only mode
- Archived devices data retention: 60 days
- Dynamic group assignment per device type
- IoT profiling
- Traffic monitoring
- Artificial intelligence / machine learning (AI / ML)
- Onboarding
- Device self-onboarding & activation services
- Device provisioning services
- Onboarding customization
- Certificate enrollment services
- Onboarding services: Premium
- White Glove: $3,500
- Reporting
- Device visibility report
- Security compliance report
- Guest utilization report
- Additional Capabilies
- RADIUS proxy - local failover
- Multi-regional RADIUS redundancy
- TACACS+ / AAA: 3 admins / 300 devices
- SIEM: On-premises / SaaS
- MS Intune
- MFA admin access (with SMS)
- RESTful API
- Extended device data retention: Each additional 30 days - $0.99 / device / year
- Support level: Professional
- 24x7 support
- Add-on Packs
- Extended guest package (50 guest)
- Additional SMS package (1,000 messages)
- TACACS+ / AAA
Hard work pays off.
~1,000
Customers
Globally
95%
Customer
Retention
4.6 Stars
Gartner Peer
Insights
99.99%
Service
Uptime
We want our partners to grow their businesses alongside us.
Our partners are an extension of our business. As such, Portnox’s Partner Program offers special pricing and incentives designed to award those partners committed to achieving our shared goal of securing network access for more and more companies around the world.
FAQs
Yes, please contact Sales for information on volume discounts that may be applicable to you and your organization.
Absolutely! Not only is it possible, it is also how most customers deploy Portnox CLEAR in their environments.
Yes. Portnox provides special educational discounts for qualifying K-12 and higher education institutions. Please contact Sales for more information.
Subscription terms are available in 12, 24, and 36 months. Additional discounts are available for terms longer than 12 months.
We strive to ensure that you have the absolute best possible onboarding experience, regardless of which package you may purchase. However, some organizations may need some additional assistance or maybe don’t have time to invest in configuring a NAC solution. If you require additional onboarding assistance, please contact our sales department. They can help you determine what is the best onboarding tier for your needs.
Each TACACS+ as-a-Service license entitles you to one TACACS+ user and 100 TACACS+ devices. To determine which license size you need, simply count the number of TACACS+ users in your organization who will be accessing TACACS+ capable devices, such as switches, routers, etc. Then multiply that number by 100. If that number is less than the total number of TACACS+ capable devices, than take the total number of TACACS+ devices and divide by 100. This will give you the total number of TACACS+ licenses you will need to cover your environment.
TACACS+
as-a-Service
Starting at
That's right, it's free!
1 admin / 100 device maximum
- Get your feet wet & test out the only cloud-native TACACS+ service.
Starting at
USD / admin / month
(billed annually)*
- Keep security auditors off your back with 24/7 network device administration.
Starting at
EUR / admin / month
(billed annually)*
- Keep security auditors off your back with 24/7 network device administration.
Starting at
GBP / admin / month
(billed annually)*
- Keep security auditors off your back with 24/7 network device administration.
Starting at
USD / admin / month
(billed annually)*
- Keep security auditors off your back with 24/7 network device administration.
NAC
as-a-Service
for Pricing
500 device minimum***
- Did you know you get all TACACS+ services with our cloud-native NAC?
Prices may vary by region
We've made life easier for thousands of IT pros.
Don’t take our word for it. See for yourself.
- Authentication Services
Open LDAP
Active Directory**
Password Encryption
- Authorization Services
Privilege Levels
Session Timeouts
Command Restrictions
Allowed Services
Custom Attributes
- Accounting Services
User Identities
Start / Stop Times
Executed Commands
Packet Transfers
*Tiered Pricing; Based on Devices or Admins
**Available AD Integrations Include: Azure AD, Google Workspace, Microsoft AD & OKTA
- Includes everything in TACACS+ PRO +
Extended Cloud RADIUS Services
Network Authentication Services
Certificate Authority (CA) & Enrollment Services
Device Onboarding Services
Device Provisioning Services
Account Lifecycle Synchronization
Access Control Services
Post-Connect Authorization
Segmentation Services
Device Risk Monitoring & Remediation^^
Guest & Compliance Reporting
Active Directory Integrations
SIEM Integrations
MS Intune Integration
Explore all features»
***Sold in Packs of 100 Devices
^3 Admins / 300 Devices
^^Requires AgentP Add-On or MS Intune Integration
- Included Onboarding & Support
Knowledge Base Access
-
Advanced Onboarding Services
Professional Level Support
Enterprise Onboarding Services
Enterprise Level Support
Hard work pays off.
~1,000
Customers
Globally
95%
Customer
Retention
4.6 Stars
Gartner Peer
Insights
99.99%
Service
Uptime
We want our partners to grow their businesses alongside us.
Our partners are an extension of our business. As such, Portnox’s Partner Program offers special pricing and incentives designed to award those partners committed to achieving our shared goal of securing network access for more and more companies around the world.
FAQs
Short for ‘Terminal Access Controller Access-Control System’, TACACS+ is standards based protocol utilized for centralized, remote authentication into devices such as switches, routers, firewalls, wireless controllers, load balancers, etc. TACACS+ provides single sign-on and a single point of management for controlling access to your TACACS+ devices.
In addition to authentication, TACACS+ allows you to define granular access permissions for who is allowed to execute what commands on the TACACS+ device. TACACS+ as-a-Service then provides a complete audit log of each and every command that was executed, by whom, at what time, and on which device.
TACACS+ as-a-Service is licensed by the number of Network Engineers that will be accessing TACACS+ enabled devices (admins) and the total number of devices you have TACACS+ enabled on. Each TACACS+ as-a-Service license entitles you to use TACACS+ on 100 devices for one network admin. Below outlines two examples.
Organization ‘A’ has two Network Engineers who wish to enable TACACS+ on 150 devices. They would need two TACACS+ as-a-Service licenses, providing support for both of their Network Engineers for up to 200 TACACS+ enabled Devices.
Organization ‘B’ has five Network Engineers supporting 1500 network devices they’re looking to enable TACACS+ on. In this scenario, they would require 15 TACACS+ licenses to support all 1500 of their devices, for a maximum of 15 admins.
Not at all. TACACS+ is supported by a very wide range of vendors and devices, not just Cisco. Just a few of the vendors that support TACACS+ include Dell, Juniper, F5, Extreme Networks, Brocade, HP/Aruba, Alcatel-Lucent, Adtran, Ciena, AVI Networks, Citrix NetScaler, Ribbon Communications, Samsung, Fortinet, Fujitsu, Huawei, Netgear, Palo Alto Networks, CommScope, and Orolia SecureSync, to name only a few.
While a large number of network equipment vendors support TACACS+, there are a variety of applications, appliances, and operating systems that also support TACACS+. Some examples include Linux, BlueCat Address Manager, InfoBlox, IBM NetCool, Radware APSolute, AppViewX, Oracle Enterprise Session Border Controller, Trendmicro TippingPoint, Avocent Cyclades and many others.
Portnox TACACS+ as-a-Service is a cloud-based service which is administrated, configured, and managed through our CLEAR SaaS portal. A virtual appliance is downloaded and deployed in one or more locations on your network. This virtual appliance can be deployed on Microsoft Hyper-V, VMware, or any hypervisor which supports the import of OVA or VMDK filetypes, such as Nutanix Acropolis, Citrix XenServer, Oracle VirtualBox, Proxmox, KVM, Parallels, etc.
The TACACS+ protocol standard does not include the source IP address of the originating device in the TACACS+ packet like RADIUS does. This means when a TACACS+ AAA request traverses a NAT device, such as a router or firewall, the originating source IP address in the header is replaced with the IP of the router or firewall that is performing the NAT. This makes it impossible to associate audit events to the specific device in the environment the change was made to, or to have a policy apply only to a subset of devices behind the NAT.
TACACS+ devices in your environment must be able to communicate to the IP(s) of the virtual appliance over TCP Port 49.
The TACACS+ as-a-Service backend is fully geo-redundant, preventing for any major datacenter outage from impacting service delivery. Additionally, customers can deploy multiple TACACS+ virtual appliances for site redundancy, as well as deploy virtual appliances to each site as needed or required for additional levels of redundancy.
Should the virtual appliance be unable to communicate with our SaaS service running in the cloud, any new TACACS+ authentications to devices would fail, and existing authorization requests would likely also fail. For this reason, it is strongly recommended to always define a backup authentication mechanism, such as a local account with lower priority that can only be used should the TACACS+ server(s) be unreachable or provide no response. It is also recommended to enable TACACS+ caching as part of your device configuration. This cache will allow previously allowed authentications and authorizations to execute as they did prior to the TACACS+ service outage.
Try Portnox CLEAR for Free Today
Gain access to all of Portnox CLEAR’s powerful NAC capabilities for 30 days!
