Thoughts on packetfence?

[LynK]

Hey guys,

have any of you tried the open source NAC called packet-fence? I looks pretty good and I am curious as to your thoughts.


https://packetfence.org/about.html

[deanwebb]

It's pretty popular in academia as a per-campus solution. As with any LAN 802.1X solution, though, I would STRONGLY recommend a third-party 802.1X supplicant for Windows. The one Microsoft ships is NOT production-ready. I don't care how often a vendor may say that it'll work fine without adding a client, you take it from me and get that client installed and running and then the amount of hell you'll endure doing NAC will be correspondingly reduced.

[Ctrl Z]

I would STRONGLY recommend a third-party 802.1X supplicant for Windows. The one Microsoft ships is NOT production-ready.

I'm just curious, what are some of the biggest issues you've run into using the Windows supplicant?

[deanwebb]

I would STRONGLY recommend a third-party 802.1X supplicant for Windows. The one Microsoft ships is NOT production-ready.

I'm just curious, what are some of the biggest issues you've run into using the Windows supplicant?

1. Slowness responding - leads to timeout and device can't get on the network.
2. Unusual responses - leads to error conditions and device can't get on the network.
3. Failure with re-auth - device was on, now is off.
4. Sleep/hibernate - when it wakes up, Windows says it's ready to go, but it's really not. Massive timeout, device gets barred from the network.

Wireless, no problem. But wired... get another supplicant on there. Windows be broken.