Inline accounting bandwidth balance

inverse-inc / packetfence

PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) solution. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, powerful BYOD management options, 802.1X support, layer-2 isolation of problematic devices; PacketFence can be used to effectively secure networks small to very large heterogeneous networks.

https://packetfence.org

GNU General Public License v2.0

1.37k stars 287 forks source link

Inline accounting bandwidth balance #6222

Open fdurand opened 3 years ago

fdurand commented 3 years ago

Since we use netflow module for inline accounting , we lost the way to trigger a security event (ACCOUNTING_POLICY_BANDWIDTH) based on the bandwidth of the device (related to radius accounting).

The idea to have it back is craft a radius accounting packet from the netflow information and send it to the api.

nqb commented 3 years ago

Does it mean that since v10, it's not possible to trigger a security event on nodes on inline networks based on bandwidth usage ?

So it means that inline accounting can just be used to:

display online/offline status of nodes
collect bandwidth usage ?

IMHO and according to #6171, we should at least add a note in Upgrade guide to warn users about this change.