Software Update: PacketFence 1.9.0

An NAC system can be used to secure a network environment. This allows, based on pre-set policies, network devices to be automatically blocked if an undesirable situation occurs. Think of unknown network devices of visitors, a worm that is trying to spread or an authorized device that is equipped with a different operating system via a boot flop or live CD. PacketFence is one such nac system with support for 802.1x and vlan isolation, which allows a network device to be placed in the correct vlan after analysis. For more information, please refer to this page. The developers have released version 1.9.0 with the following announcement:

PacketFence 1.9.0 released!

The Inverse Team is pleased to announce the immediate availability of PacketFence 1.9.0. This is a major release bringing new features, new hardware support, several enhancements, improvements to documentation and a load of small fixes. This release has been thoroughly tested in several environments and we consider it ready for production use. Here are the noteworthy changes since 1.8.7.

New:

• Official Linux 64 bit support

New Hardware Support:

• Cisco Wireless Services Module (WiSM)
• Cisco Integrated Services Routers (ISR) 1800 Series
• Cisco Catalyst 3750 Series
• Cisco Catalyst 4500 Series
• Foundry FastIron 4802 Port security and Voice over IP support (feature sponsored by an entity who preferred to remain anonymous)
• HP Procurve 3400cl (tested by roelof)
• SMC SMC8824M and SMC8848M in Port Security (feature sponsored by Seattle Pacific University developed with the help of SMC)

New Features:

• Node category support, you can assign different VLANs or whitelist violations based on a node’s category (#968)
• Added support for Floating Network Devices (See Admin Guide for details)

Enhancements:

• Improved error reporting in the web administration panel and cli (#847, #898, #899, #964, #993)
• More information available in Node Lookup (IP, DHCP lease)
• Improved database layer (more robust and logs errors)
• pfsetvlan is more resistant to configuration mistakes and reports them (#766)
• Net-SNMP 5.4 support (#940 Thanks to Maikel)
• Freeradius 2.x support (#1007)
• @ character now allowed in person id (pid). This is very common in Active Directory environment.
• New admin authentication mechanism added (disabled by default)
• New debugging features (disabled by default)
• New DHCP fingerprints
• Optional backup script in addons/ now archives old records
• New helper synchronization scripts in addons/high-availability
• Little improvements (#866, #886, #911, #916, #952, #975)

Documentation improvements:

• Install guide more accurate
• Added directions to configure PacketFence in a routed environment to the admin guide
• Updated the High-Availability section with details about DRBD and HeartBeat v1
• More MySQL tips (#951)
• Fixed Procurve 2600 switch configuration (Thanks to Andrew Niemantsverdriet!)

Bug fixes:

• Performance fixes (#908, #910)
• Captive portal stability fixes (#892, #961)
• Mitigated Net::Telnet problems with perl threads (#903, #907)
• Proper violation description shown in violation edit (#922)
• Fixed RPM spec to create package packetfence-remote-snort-sensor again (#888)
• Fixed PacketFence RPM upgrade bug if your version is lower than 1.8.5 (#931)
• Fixed rare port-security problems with stacked switches or switches with large ifIndex (#921)
• Fixed problems with DHCP Fingerprint submission
• Fixed call to non-existing script lookup_node.pl in pfdhcplistener (#858)
• Correct VLAN information shown in Node Lookup (#893)
• Minor corrections to the Admin Web UI
• Clarified some error messages
• misc. stability and general fixes (#833, #885, #868, #869, #896, #923, #927, #946, #950)

…and more. See the ChangeLog file for the complete list of changes and the UPGRADE file for notes about upgrading. Both files are in the PacketFence distribution.