It's great that some folks in the community tell me about new stuff via comments on relevant blog posts. So let me thank a fellow named Sean for alerting me to an initiative that he is spearheading to produce an OpenSource NAC solution. Here is his comment:
OpenSource NAC [0]
I've released an OpenSource NAC (see http://freenac.net [2]) that currently uses MAC-Address authentication, but we are adding 802.1x and I've like to moved towards a complete TNC Solution. I find your comments above interesting and disheartening, and if no standard is established it will make it more difficult to make an OpenSource solution that will be accepted in corporate environments I think.I'd appreciate your feedback (and your readers) on our product currently and what we've planned for the future.
Regards, Sean.
Let me fix a few misconceptions that Sean has about the role of standards in what he's trying to do. He's worried that without a standard OpenSource NAC will be more difficult to be accepted into corporate environments. WRONG! Was Snort based on a standard? Or Nessus? Not that I know of.
If OpenSource NAC adds value, people will use it. The technical ones anyway and that is the community you want to appeal to anyway. Of course, it's not going to be as functional as a commercially available product at first, but if the community gels - it could be.
Checking out the site quickly, it looks like the first iteration focuses on assigning devices to specific VLANs based on MAC authentication. Obviously that's pretty limited. OK, very limited. But you need to start somewhere. Once 802.1x is supported, you get some more flexibility in how VLAN assignment is enforced and eases switch integration.
I'm sure Shimel will have something to say about this, given open source is now coming to his back yard. Let's see what the other mouth from the South has to say about this.
I wish you well Sean. I think a legitimate open source NAC alternative would be welcome by folks struggling with trying to figure out one vendor's story vs. another. I can't code (not well anyway), but I can provide some visibility to what you are trying to do.