NAC 800 tests endpoints that request access to the network and either assigns
a quarantined Internet Protocol (IP) address (failed), or adds the MAC address
of the end-user device as an authorized device (allowed) to the Access Control
List (ACL) on the appropriate DHCP server.
The following connection and communication actions apply:
■
If the connection between the DHCP server and the NAC 800 server
is lost and re-established, the existing ACL on the DHCP server is
discarded and NAC 800 re-transmits the entire ACL.
If the DHCP server cannot communicate with NAC 800 at any time,
■
the DHCP server goes in to an allow all or deny all state, depending
on the failopen parameter setting in the config.xml file (true =
allow all, false = deny all).
■
NAC 800 attempts to connect to known DHCP servers on start-up, and
continuously attempts to connect at regular intervals indefinitely.
DHCP Plug-in
Overview
13-3