Information Technology Reference
In-Depth Information
EXAM TIP
Nap enforcement by using DhCp is not a secure enforcement method. the knowledgeable
user can bypass it by assigning a fixed Ip address from the Ip address range of the network.
this makes the use of the DhCp for Nap enforcement an obvious exam question scenario.
To configure NAP enforcement, use the following process:
If DHCP is already running on the network, install the Network Policy Server role on
the remote computer running DHCP. Configure as a RADIUS proxy, as described in
Objective 4.1. Configure the Remote RADIUS Server Group to include the NAP enforce-
ment server as the server to which RADIUS messages are forwarded. If installing DCHP
on the NAP enforcement server, this step isn't necessary.
Create a connection request policy using NAS Port as the condition and set it to the
specific types of DHCP clients on which you want NAP enforcement. Configure the
connection request policy to forward both authentication and accounting messages to
the NAP enforcement computer.
On the DHCP server, select the properties for the DHCP scope on which you want to
enforce NAP and enable Network Access Protection settings for the scope, as shown in
Figure 4-42.
FIGURE 4-42 The Network Access Protection tab of the Properties dialog box for a DHCP scope
Enable the DHCP server as a RADIUS client, as covered in Objective 4.1.
To enable authorization by group, create a security group in AD DS and add the users
who are authorized to obtain IP addresses via DHCP to that group.
 
 
Search WWH ::




Custom Search