locked
Internet Access to Guest Laptops - DHCP NAP RRS feed

  • Question

  • I am testing NAP in DHCP configuration. I looked around this forums to find answer to my questions since it seemed like a lot of people would have this question. I couldnt find a detailed explanation. It will be great if someone can post some resources or share their experience.

    I want to find out how to allow guest laptops (that are not in domain) to access Internet websites when in restricted network. Is it at all possible with DHCP confguration? I believe only adding gateway to remediation servers list is not enough?

    Thanks.
    Mayur
    Tuesday, June 16, 2009 1:50 PM

Answers

  • Someone just pointed out to me that if you configure the destination and netmask as described above, this will effectively "un-restrict" noncompliant clients giving them full access. The only way this wouldn't happen is if the gateway that you provided only gave extranet (Internet) access and not intranet access.

    -Greg
    Thursday, June 25, 2009 12:19 AM

All replies

  • Hi Mayur,

    Try adding option 121 (classless static route) to the default NAP class. This option allows you to specify netmask. I haven't tested this for your scenario, but it should work. Please let me know if this helps.

    Thanks,
    -Greg
    Tuesday, June 16, 2009 6:34 PM
  • If you are using a proxy server, you may add it to remediation server group
    Wednesday, June 17, 2009 7:24 AM
  • Hi Greg,

    I have the same setup as Mayur mentioned. I'm using 2 scope options:

    • Default user class with Default gateway, DNS IP, DNS Domain name( Unrestricted)
    • Default NAP calss with Default gateway, DNS IP, DNS Domain name (Restricted)

    Under the option you mentioned it asks for Destination, Network Mask and Router; what would be this?
    Also there is a checkbox for "Use clients assigned IP", what to do with this?

    Regards,
    Remdeep

    Wednesday, June 24, 2009 8:04 AM
  • Hi Remdeep,

    I would have to ask the DHCP team about the wording, but I can tell you that when you select Use clients assigned IP it will automatically use no gateway and set the netmask to 255.255.255.255.

    If you don't click this option, you can specify the router and netmask. Based on the netmask, make sure you enter the network address of the destination (the first IP address in the destination subnet). The least specific static route would be Destination = 0.0.0.0, Netmask = 0.0.0.0. Have you tried using this route to solve your issue?

    -Greg
    Wednesday, June 24, 2009 8:04 PM
  • Someone just pointed out to me that if you configure the destination and netmask as described above, this will effectively "un-restrict" noncompliant clients giving them full access. The only way this wouldn't happen is if the gateway that you provided only gave extranet (Internet) access and not intranet access.

    -Greg
    Thursday, June 25, 2009 12:19 AM