Developers guide

Chapter 7

Optional components 54

Caution

Right now PacketFence only supports floating network devices on Cisco and Nortel

switches configured with port-security.

For a regular device, PacketFence put it in the VLAN corresponding to its status (Registration, Quarantine

or Regular Vlan) and authorizes it on the port (port-security).

A floating network device is a device that PacketFence does not manage as a regular device.

When a floating network device is plugged, PacketFence will let/allow all the MAC addresses that will be

connected to this device (or appear on the port) and if necessary, configure the port as multi-vlan (trunk)

and set PVID and tagged VLANs on the port.

When an floating network device is unplugged, PacketFence will reconfigure the port like before it was

plugged.

Here is how it works:

Configuration

∏ floating network devices have to be identified using their MAC address.

∏ linkup/linkdown traps are not enabled on the switches, only port-security traps are.

When PacketFence receives a port-security trap for a floating network device, it changes the port

configuration so that:

∏ it disables port-security

∏ it sets the PVID

∏ it eventually sets the port as multi-vlan (trunk) and sets the tagged Vlans

∏ it enables linkdown traps

When PF receives a linkdown trap on a port in which a floating network device was plugged, it changes

the port configuration so that:

∏ it enables port-security

∏ it disables linkdown traps

Identification

As we mentioned earlier, each floating network device has to be identified. There are two ways to do it:

∏

by editing conf/floating_network_device.conf

∏ through the Web GUI, in Configuration � Network � Floating devices

Here are the settings that are available:

MAC Address MAC address of the floating device

IP Address IP address of the floating device (not required, for information only)