15.0 DHCP Plug-in

The Dynamic Host Configuration Protocol (DHCP) plug-in is an optional feature that allows you to use one or more DHCP servers (without an installation of Novell ZENworks Network Access Control in front of each DHCP server) as shown in the following figure:

Figure 15-1 DHCP Plug-in

The DHCP plug-in is a Microsoft DHCP plug-in that utilizes the Microsoft DHCP Server Callout Application Programming Interface (API). Installed on each DHCP server in your network, the plug-in processes or ignores DHCP packets based on the end-user device Media Access Control (MAC) address.

Novell ZENworks Network Access Control tests endpoints that request access to the network and either assigns a quarantined Internet Protocol (IP) address (failed), or adds the MAC address of the end-user device as an authorized device (allowed) to the Access Control List (ACL) on the appropriate DHCP server.

The following connection and communication actions apply:

If the connection between the DHCP server and the Novell ZENworks Network Access Control server is lost and re-established, the existing ACL on the DHCP server is discarded and Novell ZENworks Network Access Control re-transmits the entire ACL.
If the DHCP server cannot communicate with Novell ZENworks Network Access Control at any time, the DHCP server goes in to an allow all or deny all state, depending on the failopen parameter setting in the config.xml file (true = allow all, false = deny all).
Novell ZENworks Network Access Control attempts to connect to known DHCP servers on start-up, and continuously attempts to connect at regular intervals indefinitely.

The following sections contain more information: