Learning mode

Passive Device Detection

If router_mac_ip_discoverall=true in the config table, the router_mac_ip module will document all MAC/IP pairs it finds on the network, not just those actively managed with the vmps protocol (see below). End-devices found in this way are marked with the status "unmanaged" (see for example the overview page in the windows GUI).

See also Installation Guide -> Router Integration .

In this mode FreeNAC can be connected "passively" to the network and an automated list of all end devices on your network is collected for you!

If the nmap scanning module is enabled, even more information will be automatically collected on each end-device.

Active device detection

Starting with a test switch on specific ports, NAC is enabled by configuring ports to use dynamic vlan assignment (“switchport access vlan dynamic” in IOS).

The switch performs a VLAN assignment requests for each new connection and will regularly re-confirm existing connections.

1. If the MAC Address of the connecting system is in the database, the switch will assign the attributed VLAN.
2. If the MAC Address of the connecting system is not in the database, meaning that this is an unknown system (new, unmanaged or something else), the switch will assign the default vlan.
   The MAC Address will also be inserted into the NAC database so that it can be later edited and activated.

During this learning mode, all ports are open to all hosts. This is meant to avoid disrupting the network during the initialisation of the NAC service.

As noted above, new MAC addresses will be inserted into the database as unknown hosts. The NAC system will auto-discover the IP & DNS names of these systems (via the router_mac_ip program called from cron).

The NAC administrator(s) or the super-users, will need to edit those hosts in the NAC and designate their VLAN and optionally document the end-device details and assign it to a user.