In order to protect the root user of the Netsight and NAC it is possible to allow such login only over the console i.e. physical or virtual in the cases of the virtual environment, for that purpose we could forbid the root ssh login over ssh.
locate the file /etc/ssh/sshd_config on any of those system
using the vi or "vim" change the "PermitRootLogin" argument to "no"
save and reboot the machine or restart the ssh process only with the command "/etc/init.d/ssh restart"