What limitation occurs if authentication servers are not specified in NAC Options?

When authentication servers are not specified in the NAC Options for a Network Access Control (NAC) setup, the expected behavior is that the policy effectiveness for external authentication will diminish. This happens because the NAC system relies on designated authentication servers to validate user credentials and ensure proper access controls. Without these servers specified, the NAC cannot properly communicate with any external authentication mechanisms, which can lead to an inability to enforce access policies that require validation against those external sources.

Policies dependent on external authentication, such as those requiring user credentials from a directory service or a centralized authentication database, will suffer in their effectiveness. This diminishes the level of security and control that the NAC can implement because it will not be able to fully verify whether an endpoint is authorized based on the current authentication policies. In turn, this could allow unauthorized users or devices to gain access to the network, undermining the purpose of the NAC.