What is the function of a 'Network Access Device' (NAD) in Cisco ISE?

The function of a Network Access Device (NAD) in Cisco Identity Services Engine (ISE) is to enforce security policies and control network access. NADs play a crucial role in the implementation of network security by authenticating users and devices before they gain access to the network. Upon connecting to the network, a NAD checks the identity of the device and user attempting to connect by communicating with the ISE.

Once the NAD receives the authorization decision from ISE, it can apply the appropriate security policies based on user role, device type, and compliance status. This could involve allowing access to specific resources, assigning VLANs, or enforcing restrictions. The ability of the NAD to enforce these policies directly impacts the security posture of the organization by ensuring that only authorized users and compliant devices can access network resources.

In contrast, other options like providing internet access to guest users, managing user accounts and credentials, or monitoring network traffic do not encompass the primary responsibility of a NAD in the context of Cisco ISE. While these functions are important in network management and security, they are not the main role of a NAD, which centers around policy enforcement and access control.