Using the DHCP Trusted Vendors Configuration feature with the Symantec Integrated DHCP Enforcer
DHCP Trusted Vendors Configuration is a feature within the Symantec Integrated DHCP Enforcer in Symantec Network Access Control (SNAC) 11.0 and 12.1.
The DHCP Trusted Vendors Configuration allows you to configure a list of machines that can bypass the DHCP Enforcement, based on the vendor part of the MAC address. Typically this feature is used to allow endpoints that cannot run the Symantec NAC client (for example printers and IP telephones) to bypass Host Integrity checking and obtain a normal IP address from the DHCP Enforcer.
To configure DHCP Trusted Vendors Configuration list:
- On the Windows taskbar of the Integrated Enforcer computer, click Start > Programs > Symantec Endpoint Protection > Symantec NAC Integrated Enforcer.
- In the left-hand panel, click Symantec Integrated Enforcer > Configure > DHCP Trusted Vendors Configuration.
- To enable the trusted vendor list, check Turn on Trusted Vendors.
- When the Turn on Trusted Vendors box is checked, Host Integrity will not be enforced for DHCP traffic from the selected trusted vendors.
- Select the vendors you want to establish as trusted vendors.
- Click Save.
To more specifically select single MAC addresses that can bypass Enforcement (rather than full vendor classes), use the Enforcer Group Configuration within the Symantec Endpoint Protection Manager (SEPM) console.