Minimun Requirements¶
IP configuration
- openNAC CORE and ANALYTICS server – provided by CUSTOMER
- Customer corporate IP network range - provided by CUSTOMER
- Quarantine network - provided by CUSTOMER
- Registry network - provided by CUSTOMER
- Service network - provided by CUSTOMER
- DHCP pool for quarantine network - provided by CUSTOMER
- DHCP pool for registry network - provided by CUSTOMER
- DHCP pool for service network - provided by CUSTOMER
DHCP service configuration
- ip-helpers to be configured in Layer 3/2 devices to send DHCP requests to openNAC CORE VM
- Configure DHCP pools for Registry & Quarantine in corporate DHCP (or delegate them to openNAC)
L2 network device configuration
- SNMP community for RO / RW or CoA password to access from openNAC
- SSH access to device (only necessary if NetConf/NetBackup/NetCompliance will be used)
Active Directory Access Configuration
- User to join openNAC Core into the domain (AD)
- User AD/LDAP to query the directory (read only)
- AD access data: (AD/LDAP IP and port, Base DN, Domain Name, uid & mail attrs, SSL use?)
User device configuration
- Corporate computer with 802.1x supplicant configured (used to test openNAC installation)
- Corporate user / passwd to validate against 802.1x
Additional Requirements (Only if used)¶
WiFi access point configuration (To test WiFi authentication with corporate user)
- Set SSID & WPA2 / Enterprise to be check against openNAC radius
- CoA password to access from openNAC
External firewall configuration (To use FW plugins)
- Palo Alto config
- Fortigate config
User device configuration (To test openNAC Agent)
- Computer with openNAC agent installed
Configuration for integration with corporate CA (To use 802.1X Certificate based auth)
- Public Key for corporate CA (or key chain)
- Corporate CA data: (countryName, stateOrProvinceName, localityName, organizationName, Certificate commonName)
Port SPAN (To deploy an openNAC sensor)
- When all site traffic is aggregated it is needed a port SPAN to redirect traffic to openNAC sensor