4.3 DHCP NAP

Figure 4: DHCP NAP example
In this example, a DHCP Server is configured as a RADIUS client to use RADIUS as the authentication, authorization, and accounting protocol to a RADIUS server. Based on data collected from the endpoint, the DHCP Server formulates an Access-Request packet as follows:
Attribute 0: MS-Network-Access-Server-Type = 3 (DHCP)
Attribute 1: Acct-Session-Id = Transaction-id
Attribute 2: Service-Type = Authorize-only
Attribute 3: MS-Identity-Type = Machine health check
Attribute 4: NAS-Port-Type = Ethernet
Attribute 5: MS-Attribute-Machine-Name = The client's FQDN in ANSI
Attribute 6: MS-SoH-Payload-Type = SoH blob
Attribute 7: NAS-Identifier-Type = HCS server FQDN in ANSI
Attribute 8: NAS-Ip-Address = Server address
Attribute 9: MS-Service-Class = DHCP service class
This is forwarded to the RADIUS server where the RADIUS server authenticates and authorizes the request. Based on the RADIUS server configuration, it responds with an Access-Accept packet with the following attributes:
Attribute 0: MS-Quarantine-State = Full access
Attribute 1: MS-IPv4-Remediation-Servers = List of IPv4 addresses
Attribute 2: MS-Quarantine-User-Class = User class