4.3 DHCP NAP

DHCP NAP example

Figure 4: DHCP NAP example

In this example, a DHCP Server is configured as a RADIUS client to use RADIUS as the authentication, authorization, and accounting protocol to a RADIUS server. Based on data collected from the endpoint, the DHCP Server formulates an Access-Request packet as follows:

  • Attribute 0: MS-Network-Access-Server-Type = 3 (DHCP)

  • Attribute 1: Acct-Session-Id = Transaction-id

  • Attribute 2: Service-Type = Authorize-only

  • Attribute 3: MS-Identity-Type = Machine health check

  • Attribute 4: NAS-Port-Type = Ethernet

  • Attribute 5: MS-Attribute-Machine-Name = The client's FQDN in ANSI

  • Attribute 6: MS-SoH-Payload-Type = SoH blob

  • Attribute 7: NAS-Identifier-Type = HCS server FQDN in ANSI

  • Attribute 8: NAS-Ip-Address = Server address

  • Attribute 9: MS-Service-Class = DHCP service class

This is forwarded to the RADIUS server where the RADIUS server authenticates and authorizes the request. Based on the RADIUS server configuration, it responds with an Access-Accept packet with the following attributes:

  • Attribute 0: MS-Quarantine-State = Full access

  • Attribute 1: MS-IPv4-Remediation-Servers = List of IPv4 addresses

  • Attribute 2: MS-Quarantine-User-Class = User class