Overview

ELAN Agent is platform to ease LAN management by integrating closely into the network, using existing services and equipments.

The goal is to have an easy to deploy solution that adapts to the switch capabilities (802.1X, MAC Authentication, SNMP trap notification, …) to be able to master your LAN in terms of visibility (know exactly what is on your network) and security (access control verification/enforcement with flexible rules).

To achieve this, ELAN Agent provides the following services:

  • NAC: 802.1X/Mac-Auth via RADIUS.
  • SNMP polling and trap/notification monitoring.
  • Access Control of devices on VLANs.
  • Detection of unauthorized devices.
  • Authentication using LDAP, AD or external source.
  • Inventory of all devices (MAC addresses) on the network.
  • Captive portal:
    • User Authentication & Guest Access.
    • Automatic captive portal when trying to access an http(s) unauthorized services.
  • IDS (Suricata).
  • Log of Networks events (New Device, New device on VLAN, New Device IP, disconnected Device, New connection, IDS alert for device…).
  • Log of outgoing IP connections.
  • full IPv6 compatibility

All configuration of these services are done via MQTT by publishing retained messages to topics. Events are also sent via MQTT.

ELAN Agent implements NAC by assigning devices a VLAN, then allowing them to access other VLANs (bridging) based on their authorizations. Access is done on a per device (MAC address) to all devices on the allowed VLANs. Hence you need only 1 IP address range for all your services and take advantages of local network facility like zero-conf while still separating services.