Software update: PacketFence 2.1.0

An NAC system can be used to secure a network environment. This allows, based on pre-set policies, network devices to be automatically blocked if an undesirable situation occurs. Think of unknown network devices of visitors, a worm that is trying to spread or an authorized device that is equipped with a different operating system via a boot flop or live CD. PacketFence is one such nac system with support for 802.1x and vlan isolation, which allows a network device to be placed in the correct vlan after analysis. For more information, please refer to this page. The developers have released version 2.1.0 with the following announcement:

PacketFence 2.1.0 released

The Inverse Team is pleased to announce the immediate availability of PacketFence 2.1.0. This is a major release bringing new hardware support, new features, enhancements, bug fixes and new translations.

This release is considered ready for production use.

Here are the noteworthy changes since 2.0.1:

New Hardware Support:

• Added Avaya as rebranded Nortel’s
• Support for Nortel’s ERS5500 with firmware 6.x
• 802.1X support with or without VoIP for Cisco Catalyst 2950

New Features:

• New configuration validation interface in Web Admin and with “pfcmd checkup”
• javascript based network access detection (experimental)
• JSON bindings for node information (experimental)

Enhancements:

• Improvements to our Nortel support
• Developer documentation update
• Friendlier startup error messages
• More configuration validation on startup and in ‘pfcmd checkup’ (#1025, #1193)
• Improved support for Desktop Linux clients (#1188)
• New DHCP fingerprints for Cisco, UniData and Nortel IP Phones, Cisco Small Business switch, Netgear router, Generic Linux, Gentoo, Meego, LaCie NAS, Xyratex NAS, iPod/iPad, Samsung, LG, Sony Ericsson and Sharp smartphones, Samsung, HTC and Pantech Android phones, APC and Tripplite UPS, some Generic Thin Clients, HP, Xerox and Brother printers, Mac OS X and finally last but not least a what-is-believed to be a Palm OS fingerprint!
• Improved test suite
• Miscellaneous code cleanup (#1165)
• Generated configuration files are now in var/… (#1014)
• pid files are now in var/run/
• Module versioning to improve handling of API changes in extension points
• Improvements to Captive Portal library utilities

Bug fixes:

• Fixed an issue where warnings were not sent in Wired MAC Authentication if a device was isolated behind a VoIP phone
• Removed misleading warnings on startup (#767)
• fixed SNMPv3 sample configuration (Thanks to Nate Renbarger)
• Allows apache2 as a valid httpd daemon name (#1185, Thanks to Jesper)
• Violation with action autoreg is only triggered if node is not registered (#1026)
• Fixed errors when editing a node with an unknown connection type (#1177)
• No more warnings in node lookup (#1173)
• Warning avoidance in pf::vlan’s doWeActOnThisTrap (#832)
• pfcmd_vlan regressions (#1190)
• Worked around an upstream packaging problem with SOAP::Lite (#1194)
• Fixed a configurator issue that could cause broken configuration files (#776)

translation:

• New Brazilian Portuguese (pt_BR) translation (Thanks to Brivaldo Junior of Federal University of Mato Grosso do Sul)

…and more. See the ChangeLog file for the complete list of changes and the UPGRADE file for notes about upgrading. Both files are in the PacketFence distribution.

Enjoy the finest PacketFence release so far!