Installation guide
System Requirements
Sentriant AG Software Installation Guide, Version 5.2
11
■ Odyssey (Funk Software/Juniper® Networks) Supplicant
Enforcement Methods Requirements
The following enforcement methods have the following associated requirements:
● Sentriant AG cannot test multiple endpoints behind a Network Address Translation (NAT) server.
● DHCP (all modes)
■ Sentriant AG must be inline with the DHCP server.
■ Sentriant AG supports Microsoft's DHCP server and ISC.
■ Sentriant AG does not support PXE boot with DHCP.
■ Multiple DHCP servers on the same segments must be configured as primary / secondary.
■ Sentriant AG does not enforce Static IPs in DHCP mode.
● DHCP network mode
■ Multinet must be possible.
■ ACLs must be added to the router to create a quarantine area with enough IP address space
equivalent to the production LANs.
● DHCP endpoint mode
■ Browsers must be enabled to detect proxy server or static proxy server by host name.
■ If a user has administrative credentials, enforcement can be circumvented.
● Inline mode
■ Only works with VPNs inline with Sentriant AG.
■ The Sentriant AG server must have two NICs integrated onto the motherboard.
● 802.1x
■ All switches must have 802.1x support.
■ Clients must have Windows or Funk supplicants.
■ Specific Windows supplicants tested are EAP, PEAP, MD5 challenge.
■ Switches must send Calling_Station_ID and NAS_Port Radius attributes.
● 802.1x RADIUS server support
■ Proxy method
● FreeRADIUS on Linux
● Microsoft IAS on Windows
● Cisco ACS on Windows 2003 Server
■ Plug-in method
● FreeRADIUS on Linux
● Microsoft IAS on Windows