System AdministrationWorking with Ranges15-23Working with RangesIn NAC 800 implementations, particularly in trial installations where you areconnecting and disconnecting cables to a number of different types of end-points, you can filter the activity by specifying the following:■ Ranges to monitor – This property filters results in the displaywindow, it does not keep NAC 800 from testing other systems.■ Ranges to ignore – Does not test the ranges listed.■ Ranges to enforce – This property is only valid for DHCP mode. Itmodifies the iptables NFQUEUE rule such that only the networks setto be enforced will ever get quarantine addresses.To specify ranges to monitor:� Home window>>System configuration>>Select an EnforcementCluster>>Advanced menu optionIn the Endpoint detection area, enter the range of addresses to monitor in theIP addresses to monitor text field. Separate ranges with a hyphen or use CIDRnotation.To specify ranges to ignore:� Home window>>System configuration>>Enforcement clusters &servers>>Select an Enforcement Cluster>>Advanced menu optionIn the Endpoint detection area, enter the range of addresses to ignore in the IPaddresses to ignore text field. Separate ranges with a hyphen or use CIDRnotation.To specify ranges to enforce:� Home window>>System configuration>>Quarantining menu option1. Select the DHCP radio button in the Quarantine method area.2. Select the Restrict enforcement of DHCP requests to these relay agent IPaddresses radio button.3. Enter IP addresses in the DHCP relay IP addresses to enforce text box. Enterindividual DHCP relay agent IP addresses, separated by carriage returns.These addresses must be a subset of either the quarantined or non-quarantined subnets.
