DHCP Quarantine MethodConfiguring NAC 800 for DHCP10-4Configuring NAC 800 for DHCPThe primary configuration required for using NAC 800 and DHCP is setting upthe quarantine area (see “Setting up a Quarantine Area” on page 10-4). Youshould also review the following topics related to quarantining endpoints:■ Endpoint quarantine precedence (see “Endpoint Quarantine Prece-dence” on page 7-2).■ Untested endpoints (see “Untestable Endpoints and DHCP Mode” onpage 7-11).■ Unsupported operating systems (see “Defining Non-supported OSAccess Settings” on page 6-16).■ Endpoint testing exceptions (see “Always Granting Access to anEndpoint” on page 7-6 and “Always Quarantining an Endpoint” onpage 7-8).■ Action to take for failed tests (see “Selecting Action Taken” on page6-17)■ DHCP quarantine options:• Router Access Control List (ACL) settings (see “Configuring theRouter ACLs” on page 10-5).• Static routes assigned to the endpoint (see “Adding a DHCP Quaran-tine Area” on page 3-93)Setting up a Quarantine AreaSet up a restricted area of your network that users can access when you donot want to allow full access to the network. See “Quarantining, General” onpage 3-50 for instructions.Router ConfigurationIf you do not elect to enforce using static routes on the endpoint (“Quarantin-ing, General” on page 3-50), you will need to configure router ACLs.This option restricts the network access of non-compliant endpoints byassigning DHCP settings on a quarantined network. The network, gateway,and ACLs restricting traffic must be configured on your router, which isaccomplished by multinetting or adding a virtual interface to the router thatacts as the quarantine gateway IP address. The quarantine area DHCP settingsmust reflect this configuration on your router.
