PacketFence is an open-source package that provides network access control (NAC). Deployed in academic networks around the world, PacketFence is reliable, extremely configurable, and built upon unmodified open-source code (Fedora, LAMP, Perl, and Snort).

Vendor Agnostic

PacketFence is designed to operate in heterogeneous environments and uses vendor-agnostic isolation techniques including DHCP scope changes and ARP cache manipulation (“passive” mode). No Cisco, no problem.

Easily Installed

Distributed as an RPM, PacketFence installs quickly and easily on RHEL and Fedora. When deployed in passive mode, PacketFence plugs into a switch like any other host – it’s not even necessary to change your network configuration!

Feature Packed

PacketFence was doing NAC before NAC was cool. With over three years of active development, PacketFence is stable and provides many of the features of insanely expensive commercial offerings. Some of the more nifty features are listed below.

• Authenticate users using any authentication Apache supports (even more than one!)
• Registration-based and scheduled vulnerability scans.
• Captive portal-based user registration and remediation.
• Passive operating system fingerprinting using DHCP
• Ban unsupported operating systems (Windows 95/98/ME) or NAT-based routers.
• Automatically register game consoles or VoIP phones.
• Log location-based information using DHCP option-82.
• Protect multiple networks and 802.1q trunks.
• Scrumtrilescent web-based GUI.

Free

Best of all, PacketFence is licensed under the GPL and is totally free!