In Novell ZENworks Network Access Control implementations, particularly in trial installations where you are connecting and disconnecting cables to a number of different types of endpoints, you can filter the activity by specifying the following:
Ranges to monitor — This property filters results in the display window, it does not keep Novell ZENworks Network Access Control from testing other systems.
Ranges to ignore — Does not test the ranges listed.
Ranges to enforce — This property is only valid for DHCP mode. It modifies the iptables NFQUEUE rule such that only the networks set to be enforced will ever get quarantine addresses.
In the Endpoint detection area, enter the range of addresses to monitor in the IP addresses to monitor text field. Separate ranges with a hyphen or use CIDR notation.
In the Endpoint detection area, enter the range of addresses to ignore in the IP addresses to ignore text field. Separate ranges with a hyphen or use CIDR notation.
Select the DHCP radio button in the Quarantine method area.
Select the Restrict enforcement of DHCP requests to quarantined or non-quarantined subnets radio button.
Enter IP addresses in the DHCP relay IP addresses to enforce text box. Enter individual DHCP relay agent IP addresses, separated by carriage returns. These addresses are monitored in addition to the quarantined or non-quarantined subnets.
NOTE:When using Extreme switches running ExtremeWare or ExtremeXOS prior to release 11.6, DHCP relay IP addresses to enforce will NOT work when the quarantine subnet is a subset of the production network. This is because Extreme switches forward the packets from the IP address closest to Novell ZENworks Network Access Control and not the IP address of the interface closest to the endpoint, so all the DHCPRelay packets will appear to come from a production network IP address.
For example, the following scenario will not work: