Download PacketFence 1.8.5

An NAC system can be used to secure a network environment. This allows network devices to be automatically blocked, based on pre-set policies, when an undesirable situation occurs. Think of unknown network devices of visitors, a worm that is trying to spread or an authorized device that is equipped with a different operating system via a boot flop or live CD. PacketFence is one such nac system with support for 802.1x and vlan isolation, with which a network device can be placed in the correct vlan after analysis. The developers have released version 1.8.5 with the following announcement:

PacketFence 1.8.5 Released

The Inverse Team is pleased to announce the immediate availability of PacketFence 1.8.5. This is a maintenance release of PacketFence which focuses on stability and includes many bug fixes and several small enhancements.

New Hardware Support

• Amer SS2R24i switch in linkUp/linkDown mode
• 3Com Switch 4200G and SuperStack 4500 in port-security mode
• Enterasys D2, Matrix N3 and SecureStack C3 in linkUp/linkDown and maclock (port-security)
• Extreme Networks Summit X250e in linkUp/linkDown mode

New Features

• Nessus integration with captive portal for scanning on registration
• PacketFence is now distributed as a yum repository (avoids having the installer pull a lot of cpan modules and jpgraph)
• normal/correct VLAN default behavior changed (see UPGRADE for details)
• PacketFence is now able to automatically create static routes for routed registration and isolation VLANs
• significant performance improvement in 802.1X mode (wired and wireless) or in MAC authentication on wireless networks
• massive documentation update (how to configure hardware, new install method, new support packages and more…)
• blocking misbehaving user-agents on captive portal (avoid unnecessary load)
• logging priority (INFO, WARN, ERROR) shown in log files
• added a few utilities in addons/

bug fix

• SECURITY: fixed sensitive information leak in admin login: When password were considered invalid they were displayed
• removed Hub violation that caused too many false positives (#793)
• whitelisting MAC addresses more consistent across violation types (#801)
• init script more robust (#805)
• using temporary redirects instead of permanent ones (#757)
• fixed crashes in corner cases (violations without triggers, config not upgraded, etc.)
• fixed SNMPv3 trap handling for HP ProCurve
• fixed maclock (port-security) support on Enterasys
• added missing dependencies
• stability and error reporting fixes