Network Access Control

Hello all,

I wonder if someone can help me...we have the following LAN environment: 1 central site and 20 remote sites, all sites use the same DHCP server (QIP) from the central site. If a guest connects to one of the remote sites (VLAN) the DHCP server sees where the DHCP petition comes from and replies with an appropriate IP for that site.

What we would like to know is if it is possible to use the DHCP Enforcer in this environment, in front of the existing QIP DCHP server,  and if so, how would it work? Would the DHCP Enforcer be able to tell where the DHCP petition comes from? Would we have to create a Quarantine subnet for each site (subnet)? Is this possible?

Thanks in advance for any thoughts/comments.

Hello,

Let me first state that I am not an expert on the DHCP enforcer.

Here are a few documents that may shed some light on your questions.

How a DHCP Enforcer appliance works

http://www.symantec.com/business/support/index?page=content&id=TECH91220&actp=search&viewlocale=en_US&searchid=1294433889759

How to configure the Microsoft DHCP server for use with the Symantec DHCP Enforcer

http://www.symantec.com/business/support/index?page=content&id=TECH102475&actp=search&viewlocale=en_US&searchid=1294434035221

Hey, thanks Cycletech, I appreciate your help but I have already seen these documents...and they haven't shed any light!

It seems to me that no-one is an expert on the enforcer appliances!

I am in the process of trying to set up the appliances with 3rd party DHCP servers (I'm not using Microsoft) and I'm not having much luck...anybody done this?

Also, in all the documentation I've seen, I've never seen the scenario where the appliance is being used to "control" various IP ranges...I've only seen talk of one unique subnet...has anybody done this with various IP ranges ie. various sites with different IP ranges?

Thanks again!