Cisco Cisco NAC Appliance 4.1.0
6-9
Cisco NAC Appliance - Clean Access Server Installation and Administration Guide
OL-12213-01
Chapter 6 Configuring DHCP
Configuring IP Ranges (IP Address Pools)
If choosing RELAY IP, type the Relay IP in the text field. Clients not associated with the
specified Relay IP cannot receive addresses from this IP pool.
specified Relay IP cannot receive addresses from this IP pool.
Note
For IPs with relay restrictions, all IPs should typically be in static routes, but can be in
managed subnets if integrating the CAS with Aironet devices or other non-RFC 2131/2132
compliant devices. Note that these IP address pools must be in either a static route or a
managed subnet, and IPs with relay restrictions should only be put in a managed subnet for
these non-compliant devices. See
managed subnets if integrating the CAS with Aironet devices or other non-RFC 2131/2132
compliant devices. Note that these IP address pools must be in either a static route or a
managed subnet, and IPs with relay restrictions should only be put in a managed subnet for
these non-compliant devices. See
for details.
4.
From the Subnet/Netmask list, choose how you want the subnet address to be specified, from the
following choices:
following choices:
–
Calculate from existing managed subnets – The admin console determines what to use for the
subnet and netmask values based on the configuration in the Managed Subnet form (in the
Advanced tab). It calculates the network address by applying the netmask to the gateway
address for each managed subnet.
subnet and netmask values based on the configuration in the Managed Subnet form (in the
Advanced tab). It calculates the network address by applying the netmask to the gateway
address for each managed subnet.
–
Calculate smallest subnet for IP range entered – The admin console determines the subnet
and netmask values based on the IP address range you entered.
and netmask values based on the IP address range you entered.
–
Manually enter subnet and netmask – To specify the desired network address and netmask
manually. If selected, the Subnet and NetMask fields appear at the bottom of the form.
manually. If selected, the Subnet and NetMask fields appear at the bottom of the form.
–
Inherit Scoped Global Options — This field is only visible if DHCP options are enabled, and
will be checked by default. If this field is disabled (unchecked), the scoped global options
configured in the Global Options tab are not inherited. See
will be checked by default. If this field is disabled (unchecked), the scoped global options
configured in the Global Options tab are not inherited. See
for details.
5.
Click Update when finished. If there are errors in the configuration, warning messages appear.
Follow the instructions to correct the settings.
Follow the instructions to correct the settings.
Auto-Generating IP Pools and Subnets
By automatically generating subnets, you can quickly divide your network into small segments.
Segmenting your network into small subnets can be an effective security measure in response to a worm
attack, since a network comprised of many small subnets (with one host per subnet possible) limits the
ability of clients to engage in peer-to-peer interaction.
Segmenting your network into small subnets can be an effective security measure in response to a worm
attack, since a network comprised of many small subnets (with one host per subnet possible) limits the
ability of clients to engage in peer-to-peer interaction.
Caution
The recommended maximum number of subnets per Clean Access Server is 1000. If the CAS machine
has sufficient memory (>1G), up to 2500 subnets can be configured. Do not exceed the recommended
limit if this will place an excessive burden on system resources, particularly server memory.
has sufficient memory (>1G), up to 2500 subnets can be configured. Do not exceed the recommended
limit if this will place an excessive burden on system resources, particularly server memory.
Add Managed Subnet
1.
First, make sure that the IP pools you want to add are in the range of a managed subnet. If needed,
add the managed subnet under Device Management > CCA Servers > Manage [CAS_IP] >
Advanced > Managed Subnet (for details, see
add the managed subnet under Device Management > CCA Servers > Manage [CAS_IP] >
Advanced > Managed Subnet (for details, see