Using the DHCP Trusted Vendors Configuration feature with the Symantec Integrated DHCP Enforcer

Article:TECH92442  |  Created: 2009-01-18  |  Updated: 2009-01-31  |  Article URL http://www.symantec.com/docs/TECH92442
Article Type
Technical Solution


Issue



Using the DHCP Trusted Vendors Configuration feature with the Symantec Integrated DHCP Enforcer


Solution



DHCP Trusted Vendors Configuration is a feature within the Symantec Integrated DHCP Enforcer in Symantec Network Access Control (SNAC) 11.0.

The DHCP Trusted Vendors Configuration allows you to configure a list of machines that can bypass the DHCP Enforcement, based on the vendor part of the MAC address. Typically this feature is used to allow endpoints that cannot run the Symantec NAC client (for example printers and IP telephones) to bypass Host Integrity checking and obtain a normal IP address from the DHCP Enforcer.

To configure DHCP Trusted Vendors Configuration list:
  1. On the Windows taskbar of the Integrated Enforcer computer, click Start > Programs > Symantec Endpoint Protection > Symantec NAC Integrated Enforcer.
  2. In the left-hand panel, click Symantec Integrated Enforcer > Configure > DHCP Trusted Vendors Configuration.
  3. To enable the trusted vendor list, check Turn on Trusted Vendors.
    • When the Turn on Trusted Vendors box is checked, Host Integrity will not be enforced for DHCP traffic from the selected trusted vendors.
  4. Select the vendors you want to establish as trusted vendors.
  5. Click Save.



To more specifically select single MAC addresses that can bypass Enforcement (rather than full vendor classes), use the Enforcer Group Configuration within the Symantec Endpoint Protection Manager (SEPM) console.





Legacy ID



2009021811455848


Article URL http://www.symantec.com/docs/TECH92442


Terms of use for this information are found in Legal Notices