Developers guide
Chapter 2
Copyright © 2008-2013 Inverse inc.
Introduction 2
Introduction
PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) system.
Boosting an impressive feature set including a captive portal for registration and remediation, centralized
wired and wireless management, 802.1X support, layer-2 isolation of problematic devices, integration
with the Snort/Suricata IDS and the Nessus vulnerability scanner; PacketFence can be used to effectively
secure networks - from small to very large heterogeneous networks.
Features
Out of band (VLAN Enforcement) PacketFence’s operation is completely out of
band when using VLAN enforcement which
allows the solution to scale geographically
and to be more resilient to failures.
In Band (Inline Enforcement) PacketFence can also be configured to be
in-band, especially when you have non-
manageable network switches or access
points. PacketFence can also work with
both VLAN and Inline enforcement activated
for maximum scalability and security while
allowing older hardware to still be secured
using Inline enforcement.
Hybrid support (Inline Enforcement with RADIUS
support)
PacketFence can also be configured as
hybrid, if you have a manageable device
that supports 802.1x and/or mac-auth. This
feature can be enabled using a RADIUS
attribute (MAC address, SSID, port) or using
full inline mode on the equipment.
Voice over IP (VoIP) support Also called IP Telephony (IPT), VoIP is
fully supported (even in heterogeneous
environments) for multiple switch vendors
(Cisco, Edge-Core, HP, LinkSys, Nortel
Networks and many more).
802.1X 802.1X wireless and wired is supported
through a FreeRADIUS module.
Wireless integration PacketFence integrates perfectly with
wireless networks through a FreeRADIUS