Calculate Total Costs of Ownership: Proprietary vs. Open-Source Based Networks

Download PDF

Why PNAC is a Crucial Feature for PLVision’s SONiC Lite

February 7, 2025
Why PNAC is a Crucial Feature for PLVision’s SONiC Lite

PLVision developed SONiC Lite as a customized version of Community SONiC designed specifically for edge and campus deployments. As Community SONiC was created directly for the DC networking infrastructure, this open NOS features set is focused on sustaining a reliable, sustainable, and cost-effective performance of the Data Center. With SONiC Lite as a SONiC-based NOS for access switches, we needed to add features necessary for its performance in the corresponding deployments, with PNAC being the primary objective for our product.

Though PNAC is not a sole universal answer to the potential security challenges in the edge networks, it is one of the security measures SONiC needs to have to operate on the access and management switches alongside other features. Learn more here about SONiC Lite features highlights.

PNAC step-by-step configuration for SONiC Lite

Port-based network access control allows a network administrator to restrict the use of IEEE 802 LAN service access points (ports) to secure communication between authenticated and authorized devices. The hostapd (https://w1.fi/hostapd/) is used under hood in SONiC Lite.

The authentication and authorization rules can be configured according to hostapd documentation in /etc/hostapd/hostapd.eap_user file located inside nac Docker container for local auth.

PNAC Configuration example:

Step Explanation Example Command signature
Step 1 Enable NAC feature in the system sudo config feature state nac enabled config feature state <feature-name> <state>
Step 2 Configure NAC admin state sudo config nac enable sudo config nac enable
Step 3 Configure NAC admin state on interface sudo config nac interface enable Ethernet0 sudo config nac interface enable <interface_name>
Step 4 Display NAC configuration show nac show nac interface all show nac show nac interface <interface_name|all>

Feature can be configured in 3 simple steps: 

Step 1: Enable feature

                    
                        
                            sonic-cli 
configure terminal 
nac enable                        

Step 2: Enable NAC on interface

                    
                        
                            nac port Ethernet 0 enable 
end                         

Step 3: Check status

                    
                        
                            show nac 
show nac session Ethernet 0                        

For more details, please follow PNAC HLD here.

Cut your OpEx with SONiC-based version for the edge deployments

Want to find out more about SONiC Lite functionality and the hardware compatibility list for this product? Fill in the application to get the product brief.

This field is required
This field is required
This field is required
Please enter a valid email address
Your message has been sent, thank you! We will contact you as soon as possible.
Taras Chornyi