Figure 3-42. Add a Quarantine Area
NOTE:
1.
Click add a quarantine area. The Add quarantine area window appears.
2.
In the Add quarantine area window, enter the following information:
Quarantined subnet – The CIDR network that represents the IP space
•
and netmask.
DHCP IP Range – The start and end DHCP IP addresses to be assigned
•
to quarantined endpoints.
•
Gateway – The gateway temporarily assigned to endpoints.
Domain suffix – The domain name assigned to DHCP clients.
•
Non-quarantined subnets – All subnetworks on your LAN except those
•
specified in the quarantined subnet field, separated by a carriage
return.
The quarantine area subnets and non-quarantined subnets should be entered
using Classless Inter-domain Routing address (CIDR) notation (see "Entering
Networks Using CIDR Format" on page 15-14).
3.
Choose a DHCP quarantine option:
•
Router access control lists (ACLs) – This option restricts the network
access of non-compliant endpoints by assigning DHCP settings on a
quarantined network. The network, gateway, and ACLs restricting
traffic must be configured on your router, which is accomplished by
multinetting or adding a virtual interface to the router that acts as the
quarantine gateway IP address. The quarantine area DHCP settings
System Configuration
Quarantining, DHCP
3-95