DHCP Quarantine Method
Configuring NAC 800 for DHCP
10-4
Configuring NAC 800 for DHCP
The primary configuration required for using NAC 800 and DHCP is setting up
the quarantine area (see "Setting up a Quarantine Area" on page 10-4). You
should also review the following topics related to quarantining endpoints:
■
Endpoint quarantine precedence (see "Endpoint Quarantine Prece-
dence" on page 7-2).
Untested endpoints (see "Untestable Endpoints and DHCP Mode" on
■
page 7-11).
■
Unsupported operating systems (see "Defining Non-supported OS
Access Settings" on page 6-16).
Endpoint testing exceptions (see "Always Granting Access to an
■
Endpoint" on page 7-6 and "Always Quarantining an Endpoint" on
page 7-8).
■
Action to take for failed tests (see "Selecting Action Taken" on page
6-17)
■
DHCP quarantine options:
•
Router Access Control List (ACL) settings (see "Configuring the
Router ACLs" on page 10-5).
•
Static routes assigned to the endpoint (see "Adding a DHCP Quaran-
tine Area" on page 3-93)
Setting up a Quarantine Area
Set up a restricted area of your network that users can access when you do
not want to allow full access to the network. See "Quarantining, General" on
page 3-50 for instructions.
Router Configuration
If you do not elect to enforce using static routes on the endpoint ("Quarantin-
ing, General" on page 3-50), you will need to configure router ACLs.
This option restricts the network access of non-compliant endpoints by
assigning DHCP settings on a quarantined network. The network, gateway,
and ACLs restricting traffic must be configured on your router, which is
accomplished by multinetting or adding a virtual interface to the router that
acts as the quarantine gateway IP address. The quarantine area DHCP settings
must reflect this configuration on your router.