FreeNAC
FreeNAC is a OpenSource (GPL) solution for LAN access control and dynamic VLAN management.
FreeNAC provides easy-to-use Virtual LAN assignment, LAN access control (for all kinds of network devices such as Servers, Workstations, Printers, IP-Phones, Webcams...), live network end-device inventory, VLAN management and allows documentation of Patch cabling.
Technology
End-devices are identified either by MAC address (in VMPS mode), or by Certificate & MAC-Address (in 802.1x mode").
What is VMPS? VLAN Management Policy Server (VMPS) is a name for a server that implements the VLAN Query Protocol (VQP). FreeNAC includes OpenVMPS for communication with the switches, but also adds a database, automation, reporting and SNMP scanning to allow VMPS to be more easily used in larger environments.
Routers and switches are also scanned via SNMP to identify unmanaged end-device, and link MAC / IP addresses to physical ports.
Enterprise features such as redundancy and monitoring are also included.
FreeNAC aims to be a leading OpenSource product of choice for LAN Access Control.
Evolution and Roadmap
FreeNAC version 1 was based on OpenVMPS, with a MySQL back end that generated a configuration file for OpenVMPS and with a Windows GUI. Version 2 uses the 'external' plug-in interface of OpenVMPS, has some advanced PHP control scripts, scalability, redundancy and alerting. Since making NAC available under the GPL in June 2006, existing code has been reviewed; proprietary sections removed/replaced, documentation significantly improved and the mechanisms put in place to allow a community to grow around FreeNAC (website, forum, mailing lists, RSS feed, Virtual Appliance download, etc.).
Version 3 is in the beta phase, expected for October 2007, the planned improvements are: - Programming of the switch ports configuration from the Gui (i.e. setting of VMPS, 802.1x parameters from the GUI, rather than via ssh/telnet). - Create general (Object Oriented) policy interface, with pre and post connect functions. Existing policy decisions will be broken up into individual objects that can be more easily tested and extended. - Display of the Switch and Port status (up/down, auth mechanism) in the GUI - SNMP querying of 3COM, HP switches to documented un-managed systems.