An NAC system can be used to secure a network environment. This allows, based on pre-set policies, network devices to be automatically blocked if an undesirable situation occurs. Think of unknown network devices of visitors, a worm that is trying to spread or an authorized device that is equipped with a different operating system via a boot flop or live CD. PacketFence is one such nac system with support for 802.1x and vlan isolation, which allows a network device to be placed in the correct vlan after analysis. For more information, please refer to this page. The developers have released version 1.9.0 with the following announcement:
PacketFence 1.9.0 released!
The Inverse Team is pleased to announce the immediate availability of PacketFence 1.9.0. This is a major release bringing new features, new hardware support, several enhancements, improvements to documentation and a load of small fixes. This release has been thoroughly tested in several environments and we consider it ready for production use. Here are the noteworthy changes since 1.8.7.
New:
- Official Linux 64 bit support
New Hardware Support:
- Cisco Wireless Services Module (WiSM)
- Cisco Integrated Services Routers (ISR) 1800 Series
- Cisco Catalyst 3750 Series
- Cisco Catalyst 4500 Series
- Foundry FastIron 4802 Port security and Voice over IP support (feature sponsored by an entity who preferred to remain anonymous)
- HP Procurve 3400cl (tested by roelof)
- SMC SMC8824M and SMC8848M in Port Security (feature sponsored by Seattle Pacific University developed with the help of SMC)
New Features:
- Node category support, you can assign different VLANs or whitelist violations based on a node’s category (#968)
- Added support for Floating Network Devices (See Admin Guide for details)
Enhancements:
- Improved error reporting in the web administration panel and cli (#847, #898, #899, #964, #993)
- More information available in Node Lookup (IP, DHCP lease)
- Improved database layer (more robust and logs errors)
- pfsetvlan is more resistant to configuration mistakes and reports them (#766)
- Net-SNMP 5.4 support (#940 Thanks to Maikel)
- Freeradius 2.x support (#1007)
- @ character now allowed in person id (pid). This is very common in Active Directory environment.
- New admin authentication mechanism added (disabled by default)
- New debugging features (disabled by default)
- New DHCP fingerprints
- Optional backup script in addons/ now archives old records
- New helper synchronization scripts in addons/high-availability
- Little improvements (#866, #886, #911, #916, #952, #975)
Documentation improvements:
- Install guide more accurate
- Added directions to configure PacketFence in a routed environment to the admin guide
- Updated the High-Availability section with details about DRBD and HeartBeat v1
- More MySQL tips (#951)
- Fixed Procurve 2600 switch configuration (Thanks to Andrew Niemantsverdriet!)
Bug fixes:
- Performance fixes (#908, #910)
- Captive portal stability fixes (#892, #961)
- Mitigated Net::Telnet problems with perl threads (#903, #907)
- Proper violation description shown in violation edit (#922)
- Fixed RPM spec to create package packetfence-remote-snort-sensor again (#888)
- Fixed PacketFence RPM upgrade bug if your version is lower than 1.8.5 (#931)
- Fixed rare port-security problems with stacked switches or switches with large ifIndex (#921)
- Fixed problems with DHCP Fingerprint submission
- Fixed call to non-existing script lookup_node.pl in pfdhcplistener (#858)
- Correct VLAN information shown in Node Lookup (#893)
- Minor corrections to the Admin Web UI
- Clarified some error messages
- misc. stability and general fixes (#833, #885, #868, #869, #896, #923, #927, #946, #950)
…and more. See the ChangeLog file for the complete list of changes and the UPGRADE file for notes about upgrading. Both files are in the PacketFence distribution.
Version number | 1.9.0 |
Release status | Final |
Operating systems | Linux |
Website | Inverse |
Download | |
License type | GPL |