Configuring Sentriant Ag For Dhcp; Setting Up A Quarantine Area; Router Configuration; Configuring The Router Acls - Extreme Networks AG200 User Manual
Version 5.0
Hide thumbs
Also See for AG200:
- Installation manual (80 pages) ,
- Hardware installation manual (40 pages) ,
- Hardware quick start manual (2 pages)
Table of Contents
Advertisement
DHCP Quarantine Method
Configuring Sentriant AG for DHCP
The primary configuration required for using Sentriant AG and DHCP is setting up the quarantine area
(see "Setting up a Quarantine Area" on page 224). You should also review the following topics related
to quarantining endpoints:
Endpoint quarantine precedence (see "Endpoint Quarantine Precedence" on page 201).
●
Untested endpoints (see "Untestable Endpoints and DHCP Mode" on page 212).
●
Unsupported operating systems (see "Defining Non-supported OS Access Settings" on page 196).
●
Endpoint testing exceptions (see "Always Granting Access to an Endpoint" on page 210 and
●
"Always Quarantining an Endpoint" on page 211).
Action to take for failed tests (see
●
DHCP quarantine options:
●
Router Access Control List (ACL) settings (see "Configuring the Router ACLs" on page 224).
■
Static routes assigned to the endpoint (see "Adding a DHCP Quarantine Area" on page 107)
■
"Deploying Sentriant AG using DHCP" in the Sentriant AG Installation Guide.
●
Setting up a Quarantine Area
Set up a restricted area of your network that users can access when you do not want to allow full access
to the network. See "Quarantining" on page 76 for instructions.
Router Configuration
If you do not elect to enforce using static routes on the endpoint ("Quarantining" on page 76), you will
need to configure router ACLs.
This option restricts the network access of non-compliant endpoints by assigning DHCP settings on a
quarantined network. The network, gateway, and ACLs restricting traffic must be configured on your
router, which is accomplished by multinetting or adding a virtual interface to the router that acts as the
quarantine gateway IP address. The quarantine area DHCP settings must reflect this configuration on
your router.
Configuring the Router ACLs
In order to sufficiently restrict access to and from the quarantine area, you must configure your router
Access Control Lists (ACLs) as follows:
Allow traffic to and from the Sentriant AG server and the quarantined network.
●
If you want to allow access to other endpoints outside of the quarantine area (for example a
●
Software Update Service (SUS) server), allow access to the server and port to and from the
quarantined network.
All other traffic should be denied both to and from the quarantined network.
●
224
"Selecting Action Taken" on page
197)
Sentriant AG Users' Guide, Version 5.0
Advertisement
Table of Contents
