DHCP Quarantine Method
Configuring NAC 800 for DHCP
10-4
Configuring NAC 800 for DHCP
The primary configuration required for using NAC 800 and DHCP is setting up
the quarantine area (see "Setting Up a Quarantine Area" on page 10-4). You
should also review the following topics related to quarantining endpoints:
■
Endpoint quarantine precedence (see "Endpoint Quarantine Prece-
dence" on page 7-2).
Untested endpoints (see "Untestable Endpoints and DHCP Mode" on
■
page 7-18).
■
Unsupported operating systems (see "Defining Non-supported OS
Access Settings" on page 6-15).
Endpoint testing exceptions (see "Always Granting Access to an
■
Endpoint" on page 7-13 and "Always Quarantining an Endpoint" on
page 7-15).
■
Action to take for failed tests (see "Selecting Action Taken" on page
6-15)
■
DHCP quarantine options:
•
Router Access Control List (ACL) settings (see "Configuring the
Router ACLs" on page 10-5).
•
Static routes assigned to the endpoint (see "Adding a DHCP Quaran-
tine Area" on page 3-87)
Setting Up a Quarantine Area
Set up a restricted area of your network that users can access when you do
not want to allow full access to the network. See "Quarantining" on page 3-49
for instructions.
Router Configuration
If you do not elect to enforce using static routes on the endpoint ("Quarantin-
ing" on page 3-49), you will need to configure router ACLs.
This option restricts the network access of non-compliant endpoints by
assigning DHCP settings on a quarantined network. The network, gateway,
and ACLs restricting traffic must be configured on your router, which is
accomplished by multinetting or adding a virtual interface to the router that
acts as the quarantine gateway IP address. The quarantine area DHCP settings
must reflect this configuration on your router.