locked
Simple NAP Question RRS feed

  • Question

  • Hi, I have a simple question that I haven't found an answer to (yet).

    Say you have a regular Ethernet network with NAP enabled. Now someone comes to your office and connects his laptop (with no NAP client / no anything) to the network. The TCP stack on the laptop is configured so that it uses a fixed IP address (no DHCP).

     

    Will NAP prevent the laptop from getting in?

     

     

    Thanks

    Thursday, February 1, 2007 11:14 PM

Answers

  • To further Ramasubbu comments, if you are using DHCP NAP only, the client will be allowed on the network. If you were using 802.1x NAP enforcement at the switch level, the client would be quarantined per your policy. Likewise with IPsec NAP, the client would not be able to reach IPsec secured resources on the network unless he was deemed healthy per your policy.

    This is why NAP supports many enforcement technologies. We NAP the way you want to NAP. :->

     

    Jeff Sigman
    NAP Release Manager
    Jeff.Sigman@online.microsoft.com *
    http://blogs.technet.com/nap

    * Remove the "online" to actually email me.
    ** This posting is provided "AS IS" with no warranties, and confers no rights.

     

    Friday, February 2, 2007 3:43 PM

All replies

  • If you have deployed IPSec NAP then your laptop would be restricted. For IPSec it doesn't matter whether the guest machine has Static or Dynamic IPaddress.

    Thanks.

    Friday, February 2, 2007 4:55 AM
  • To further Ramasubbu comments, if you are using DHCP NAP only, the client will be allowed on the network. If you were using 802.1x NAP enforcement at the switch level, the client would be quarantined per your policy. Likewise with IPsec NAP, the client would not be able to reach IPsec secured resources on the network unless he was deemed healthy per your policy.

    This is why NAP supports many enforcement technologies. We NAP the way you want to NAP. :->

     

    Jeff Sigman
    NAP Release Manager
    Jeff.Sigman@online.microsoft.com *
    http://blogs.technet.com/nap

    * Remove the "online" to actually email me.
    ** This posting is provided "AS IS" with no warranties, and confers no rights.

     

    Friday, February 2, 2007 3:43 PM