André,
The 6100 Series Enforcer can serve DHCP clients on two different DHCP servers, one which serves the Production IP addresses and the other serves the Remediation IP addresses. The Enforcer makes it decision on which DHCP server to request the address from depending on the Host Integrity result that the client reports.
Attach the Ethernet cables as outlined in the Implementation Guide, starting on page 283.
Then, you will need to get the Enforcer registered with the SEPM. You do this by using the following command:
config spm ip [IPAddressOfSEPM] http [PortOfSEPMWebserver] group [EnforcerGroup] key [SharedSecretKey]
The group is up to you to name. After the Enforcer registers with the SEPM, the group will automatically be created in the SEPM.
The shared secret/key is either 1) The very first password using when setting up the SEPM or 2) The key that you set when you installed the SEPM using Advanced Setup.
Once you enter that command, enter "show status" to confirm that the Enforcer is connected to the SEPM. It can take a minute or two to connect.
After the DHCP Enforcer is connected, you manage the rest of the product from the SEPM.