Open Source

Open Source NAC (Network Access Control): PacketFence

PacketFence is an Open Source & Free to download/use Network Access Control (NAC) application.

Podcast: If you don’t want to/cannot read the entire article (if you are browsing from your smart phone, for example), you can view/listen to the below embedded Youtube podcast for this article. Direct Youtube link:

Highlights: Also, if you don’t have much time, you can just glance through the highlights/important points below (Images in yellow).


What is NAC?

NAC stands for Network Access Control. When you have a network for catering to the members of your organization, you will surely want to be in control of who accesses the network and what services they access, right? At the least, you’d want to be sure that only authorized users and employees can access the network. That’s exactly what a Network Access Control application enables you to do.


Is NAC required?

If you get a visitor to your premises and they are left to wait at the conference room, there is a possibility that they might connect to the network port available there in order to connect to the Internet. They might as well explore what resources and files are available in the network, if possible and if they are bored.

Now consider, you have a wireless network – the wireless signals can easily cross your organization’s gate. In this case, even a casual bystander outside your company premises can try to connect to your LAN! A NAC application is designed to prevent these type of scenarios (among others).


How are Network Users authenticated?

Simplistically speaking, when anyone tries to connect to the network – either by plugging in the network cable or by clicking on the available wireless SSIDs, on their computer, the NAC application sends them a captive portal (a web-based input form). Here, they will be required to enter their username/password, which will be authenticated against stored credentials, and the user will placed in the appropriate sub-network with access privileges that are entitled to them.

The user can also be authenticated by other methods like physical tokens, one time passwords, certificates, etc. as defined by the 802.1x standard. A NAC application is also useful to provide temporary access to the network with limited privileges (For example, guests can be provided with Internet access only).


What is PacketFence?

PacketFence is an open source and free to use NAC software brought to you by Inverse. Among other features, it supports captive portal, wired and wireless integration, 802.1x implementation, health check & remediation, physical layer isolation of devices, etc. PacketFence also supports Multiple Server and High Availability configurations. It’s available for various Linux distributions and even as a LiveCD or virtual device. Refer to their website for further details and download/installation instructions.


Disclaimer: I have not tried PacketFence myself. This article is only for information purpose and is not a testimonial/recommendation. I am, however, taking some efforts to highlight the more popular among open source applications.

You could stay up to date on the various Computer Networking/IT Technologies & news by subscribing to this blog with your email address in the sidebar box that says, ‘Get email updates when new articles are published’

One Comment