OpenNac is an open source network access control that provides secure access for LAN/WAN. It allows the application of flexible access policies based on rules. It works with a wide range of clients (Windows, Mac, Linux, others...) and network devices (Extreme Networks, Cisco, Alcatel and 3Com). It is based on well proven opensource components like FreeRadius, iTop, Icinga and our own development. Extensible and very flexible, it is easy to add new functionalities. It is open to be integrated with current platforms like accounting, asset management, authentication, Network Intrusion Detection Systems,...
Apart from core Network Access Control, OpenNac has value added services like network configuration and discovery, network device configuration backup and network monitoring.

Main components are:

openNAC general architecture
openNAC general architecture


OnNac is a core Network Access control service. It allows enforcing authentication and authorization policies over corporate networks. From the Management Console administrator it can find and manage a user based on username, IP, MAC, network switch, or physical location (if a physical asset management system is integrated). Audit and reporting is available in order to review network activity.


The Network Configuration module allows to configure network devices from a comfortable web GUI, based on templates that can do bulk config of hundreds or thousands of devices or Based on statefull queu that allows programming when and how to push configs. An API is available to extend functionality.


Automatically backup and archive network device configurations.


Network Discovery module that allows to provision network devices automatically and maintain inventory.


Network CMDB module that is the backend for all information about inventory, allowing to share information with other platforms in an easy way.


Network Monitor module: it allows monitoring network health and is the alarm administrator if some part of the network is not working properly. From CMDB, monitoring is auto provisioned.