Hewlett-Packard ProCurve NAC 800 Users Manual
Download Operation & user’s manual of HP ProCurve NAC 800 Gateway for Free or View it Online on All-Guides.com.
Brand: HP
Category: Gateway
Type: Operation & user’s manual for HP ProCurve NAC 800
Pages: 591 (8.37 Mb)
DHCP Quarantine Method
Configuring NAC 800 for DHCP
10-4
Configuring NAC 800 for DHCP
The primary configuration required for using NAC 800 and DHCP is setting up
the quarantine area (see “Setting up a Quarantine Area” on page 10-4). You
should also review the following topics related to quarantining endpoints:
■ Endpoint quarantine precedence (see “Endpoint Quarantine Prece-
dence” on page 7-2).
■ Untested endpoints (see “Untestable Endpoints and DHCP Mode” on
page 7-11).
■ Unsupported operating systems (see “Defining Non-supported OS
Access Settings” on page 6-16).
■ Endpoint testing exceptions (see “Always Granting Access to an
Endpoint” on page 7-6 and “Always Quarantining an Endpoint” on
page 7-8).
■ Action to take for failed tests (see “Selecting Action Taken” on page
6-17)
■ DHCP quarantine options:
• Router Access Control List (ACL) settings (see “Configuring the
Router ACLs” on page 10-5).
• Static routes assigned to the endpoint (see “Adding a DHCP Quaran-
tine Area” on page 3-94)
Setting up a Quarantine Area
Set up a restricted area of your network that users can access when you do
not want to allow full access to the network. See “Quarantining, General” on
page 3-51 for instructions.
Router Configuration
If you do not elect to enforce using static routes on the endpoint (“Quarantin-
ing, General” on page 3-51), you will need to configure router ACLs.
This option restricts the network access of non-compliant endpoints by
assigning DHCP settings on a quarantined network. The network, gateway,
and ACLs restricting traffic must be configured on your router, which is
accomplished by multinetting or adding a virtual interface to the router that
acts as the quarantine gateway IP address. The quarantine area DHCP settings
must reflect this configuration on your router.