FreeNAC

From Wikipedia, the free encyclopedia

Contents 1 Introduction 2 Technology 3 Evolution and Roadmap 4 External links

[edit] Introduction

FreeNAC is an OpenSource (GPL) solution for LAN access control and dynamic VLAN management.

FreeNAC provides easy-to-use Virtual LAN assignment, LAN access control (for all kinds of network devices such as servers, workstations, printers, IP-phones, webcams, etc), live network end-device inventory, VLAN management and allows documentation of patch cabling.

[edit] Technology

End-devices are identified either by MAC address (in VMPS mode), or by Certificate & MAC-Address (in 802.1x mode).

What is VMPS? VLAN Management Policy Server (VMPS) is a name for a server that implements the VLAN Query Protocol (VQP). FreeNAC includes OpenVMPS for communication with the switches, but also adds a database, automation, reporting and SNMP scanning to allow VMPS to be more easily used in larger environments.

Routers and switches are also scanned via SNMP to identify unmanaged end-device, and link MAC / IP addresses to physical ports.

Enterprise features such as redundancy and monitoring are also included.

FreeNAC aims to be a leading OpenSource product of choice for LAN Access Control.

[edit] Evolution and Roadmap

FreeNAC version 1 was based on OpenVMPS, with a MySQL back end that generated a configuration file for OpenVMPS and with a Windows GUI. Version 2 uses the 'external' plug-in interface of OpenVMPS, has some advanced PHP control scripts, scalability, redundancy and alerting. Since making NAC available under the GPL in June 2006, existing code has been reviewed; proprietary sections removed/replaced, documentation significantly improved and the mechanisms put in place to allow a community to grow around FreeNAC (website, forum, mailing lists, RSS feed, Virtual Appliance download, etc.).

Version 3 is in the beta phase, expected for October 2007, the planned improvements are:

• Programming of the switch ports configuration from the Gui (i.e. setting of VMPS, 802.1x parameters from the GUI, rather than via ssh/telnet).
• Create general (Object Oriented) policy interface, with pre and post connect functions. Existing policy decisions will be broken up into individual objects that can be more easily tested and extended.
• Display of the Switch and Port status (up/down, auth mechanism) in the GUI
• SNMP querying of 3COM, HP switches to documented un-managed systems.

[edit] External links

• FreeNAC on Sourceforge
• FreeNAC website (community editions & optional commercial support )
• Cisco document on VMPS
• OpenVMPS on Sourceforge