PacketFence – Access Control Utility

Packetfence is one of the best open source network access control tools available, and it’s been deployed in numerous large-scale industries. Packetfence supports registration of new network devices, detection of abnormal network activity, isolation of problem network devices, remediation, registration and vulnerability scans, VLAN isolation, 802.1X, FreeRADIUS, and DHCP fingerprinting. It has both Web- and command line-based interfaces. Packetfence can be a simple system to install but a complex system to master.


• Multiple enforcement methods including role-based access control
• Malware detecting and alerting: Packetfence can work with remote sensors like snort.
• Captive portal: Can be used to require users to login before using the network or to present instructions to a user on a web page, blocking all other network traffic, when a problem is detected.

• Isolation of problematic devices: PacketFence support is VLAN
isolation, where problematic clients would be moved to a esignated

• DHCP fingerprinting: Used to automatically allow or disallow specific device types such as VoIP phones or Wi-Fi equipped game systems.

• Bandwidth accounting for all devices.

PacketFence is written in Perl and makes use of common open-source components, such as MySQL, Apache, Snort and Nessus. It does not require a user agent to be installed on computers accessing the network. Its deployment is non-intrusive, and every interaction with users goes through a captive portal that can be accessed by every Web browser. PacketFence currently supports ARP, DHCP/DNS and VLAN isolation techniques.

Leave a Reply