Post-connection client certificate authentication

What is claimed is: 1. A system comprising: a memory; and a processing device operatively coupled to the memory, the processing device to: detect an initial coupling of an endpoint device at a network switch coupled to a network; in response to detecting the initial coupling of the endpoint device at the network switch, apply an access control list to restrict access of the endpoint device to the network through the network switch to prevent the endpoint device from accessing resources of the network; establish a connection with the endpoint device; validate a client certificate corresponding to the endpoint device to authenticate the endpoint device as a corporate device; and in response to validating the client certificate corresponding to the endpoint device, update the access control list to grant the endpoint device access to the resources of the network. 2. The system of claim 1 , wherein to restrict access of the endpoint device, the processing device to apply at least one of the access control list or a VLAN assignment to the network switch, the access control list to define which resources of the network the endpoint device can access. 3. The system of claim 1 , wherein to establish the connection with the endpoint device, the processing device to receive a communication request from a network access control agent on the endpoint device. 4. The system of claim 1 , wherein to establish the connection with the endpoint device, the processing device to monitor network traffic through the network switch and detect a presence of the endpoint device. 5. The system of claim 4 , wherein to validate the client certificate, the processing device to: receive the client certificate from the endpoint device, the client certificate comprising a subject name, a client public key and a digital signature of the client public key by a certificate authority; retrieve a certificate authority certificate from the certificate authority, the certificate authority certificate comprising a certificate authority public key; verify the digital signature of the client public key using the certificate authority public key; and verify the subject name using the client public key. 6. The system of claim 2 , wherein to grant the endpoint device access to the resources of the network, the processing device to update the access control list for the network switch based on characteristics of the endpoint device and access policy considerations of the network. 7. The system of claim 1 , wherein the processing device further to: not restrict access of the endpoint device to the resources of the network when a network access control device in the network suffers a failure during authentication of the endpoint device. 8. A method comprising: detecting an initial coupling of a client device at a network switch coupled to a network; in response to detecting the initial coupling of the client device to the network, setting access permissions for the client device to provide access to a network access control device through the network switch and to restrict the client device from accessing resources of the network through the network switch; establishing a connection between the network access control device and the client device; authenticating, by a processing device, the client device based on a client security token; and in response to authenticating the client device, updating the access permissions to grant the client device access to the resources of the network in response to the authenticating. 9. The method of claim 8 , wherein setting access permissions for the client device comprises applying at least one of an access control list or a wireless role to an access control device in the network, the access control list to define which resources of the network the client device can access. 10. The method of claim 8 , wherein establishing the connection between the network access control device and the client device comprises receiving a communication request from a network access control agent on the client device. 11. The method of claim 8 , wherein establishing the connection between the network access control device and the client device comprises monitoring network traffic through an access control device in the network and detecting a presence of the client device. 12. The method of claim 8 , wherein the security token comprises a client certificate and a client certificate handshake operation comprises: receiving the client certificate from the client device, the client certificate comprising a subject name, a client public key and a digital signature of the client public key by a certificate authority; retrieving a certificate authority certificate from the certificate authority, the certificate authority certificate comprising a certificate authority public key; verifying the digital signature of the client public key using the certificate authority public key; and verifying the subject name using the client public key. 13. The method of claim 8 , further comprising: not restricting access of the client device to the resources of the network when the network access control device suffers a failure during authentication of the client device. 14. A non-transitory computer readable storage medium storing instructions, which when executed, cause a processing device to: upon an initial coupling of a computing device at a network switch coupled to a network, apply an access control list to prevent the computing device from accessing any resources of the network through the network switch except a network access control device; establish a connection between the network access control device and the computing device; determine, by the processing device, whether the computing device is an authorized computing device using the connection between the network access control device and the computing device; and when the computing device is an authorized computing device, updating the access control list to allow the computing device to access additional resources of the network. 15. The non-transitory computer readable storage medium of claim 14 , wherein to prevent the computing device from accessing any resources of the network except a network access control device, the processing device to apply at least one of the access control list or a virtual firewall to the network switch in the network, the access control list to define which resources of the network the computing device can access. 16. The non-transitory computer readable storage medium of claim 14 , wherein to establish the connection between the network access control device and the computing device, the processing device to receive a communication request from a network access control agent on the computing device. 17. The non-transitory computer readable storage medium of claim 14 , wherein to establish the connection between the network access control device and the computing device, the processing device to monitor network traffic through the network switch in the network and detect a presence of the computing device. 18. The non-transitory computer readable storage medium of claim 14 , wherein to determine whether the computing device is an authorized computing device, the processing device to: receive a client certificate from the computing device, the client certificate comprising a subject name, a client public key and a digital signature of the client public key by a certificate authority; retrieve a certificate authority certificate from the certificate authority, the certificate