This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

NAP+DHCP how to assign different ip address for non-compliant client

Question
0

Sign in to vote

On a NAP+DHCP,

Is there a way to configure so that non-compliant client get different ip address? let's say that on DHCP server i configured scope corporate 192.168.0.x and restricted 192.168.1.x, i then created superscope with both corporate and restricted scope.

In my scenario, if a client is compliant it will get ip address from corporate(192.16.0.x) address, if it is not it will get restricted ip address (192.16.1.x), where all the remediation servers will be located.

Any pointers will be appreciated

papadevon

Thursday, October 11, 2007 6:08 AM

Answers

0

Sign in to vote

I think this is not possible in DHCP enforcement.

there is something available as VLAN concept in 802.1x enforcement.

Regards

Brijesh Shukla

Thursday, October 11, 2007 7:53 AM

All replies

0

Sign in to vote

I think this is not possible in DHCP enforcement.

there is something available as VLAN concept in 802.1x enforcement.

Regards

Brijesh Shukla

Thursday, October 11, 2007 7:53 AM
0

Sign in to vote

Brijesh is correct - NAP DHCP enforcement does not work in this fashion. It keeps the client on the same IP address within the same subnet, minimizing network disruptions. However, it does lock down the connection, allowing communications only with IPs given in the fixup list.

However, if you wish to move clients from subnet to subnet (or vlan to vlan), Brijesh is again correct - this is a functionality provided by 802.1x switch (or AP) based enforcement.

-Chris

Chris.Edson@online.microsoft.com *

SDET, Network Access Protection

* Remove the "online" make the address valid.

** This posting is provided "AS IS" with no warranties, and confers no rights.

Monday, October 22, 2007 9:54 PM