locked
NAP+DHCP how to assign different ip address for non-compliant client RRS feed

  • Question

  •  

    On a NAP+DHCP,

    Is there a way to configure so that non-compliant client get different ip address? let's say that on DHCP server i configured scope corporate 192.168.0.x and restricted 192.168.1.x, i then created superscope with both corporate and restricted scope.

     

    In my scenario, if a client is compliant it will get ip address from corporate(192.16.0.x) address, if it is not it will get restricted ip address (192.16.1.x), where all the remediation servers will be located.

     

    Any pointers will be appreciated

     

    papadevon

    Thursday, October 11, 2007 6:08 AM

Answers

  • I think this is not possible in DHCP enforcement.

    there is something available as VLAN concept in 802.1x enforcement.

    Regards

    Brijesh Shukla

    Thursday, October 11, 2007 7:53 AM

All replies

  • I think this is not possible in DHCP enforcement.

    there is something available as VLAN concept in 802.1x enforcement.

    Regards

    Brijesh Shukla

    Thursday, October 11, 2007 7:53 AM
  • Brijesh is correct - NAP DHCP enforcement does not work in this fashion.  It keeps the client on the same IP address within the same subnet, minimizing network disruptions.  However, it does lock down the connection, allowing communications only with IPs given in the fixup list.

     

    However, if you wish to move clients from subnet to subnet (or vlan to vlan), Brijesh is again correct - this is a functionality provided by 802.1x switch (or AP) based enforcement.

     

    -Chris

    Chris.Edson@online.microsoft.com *

    SDET, Network Access Protection

    * Remove the "online" make the address valid.

    ** This posting is provided "AS IS" with no warranties, and confers no rights.

    Monday, October 22, 2007 9:54 PM