cbt video question

Hi Don,

I just finished watching your cbt videos on the 413 exam, they were very informative but I did have one question, in the vpn video you said that you can’t use the dhcp nap enforcement method for vpn users, but in the last video you said that you could, is there certain cases where you could and certain cases where you couldn’t?

Thanks in advance

Sorry if that seemed confusing. You can use both methods on the same network. But, when someone comes in via VPN (we’re talking Windows RRAS here, not third-party VPN), the VPN server is the sole enforcement point, so you can’t also use DHCP enforcement on those connections. If you’re using non-Windows VPN… well, “it depends.”

thank you for the clarification, so you wouln’t use both vpn and dhcp enforcement for clients connecting over rras vpn, but could you use dhcp enforcement for rras users instead of vpn enforcement?

It depends. You have to understand the flow, and there are version interdependencies.

The client health report is generated by the CLIENT. That gets sent along to the NAP server. For an RRAS client, their NAP service point is the RRAS server - so no, you wouldn’t normally use DHCP enforcement, because the RRAS server wouldn’t necessarily pass along the client’s health report to DHCP. But it’s very version-specific, how all this works - you really should read up on it, and definitely use this stuff (at least in a lab) before you jump into, say, taking an exam. The exams are really geared for folks who’ve used the product - my training video is meant to give you a huge jump start on all that but there’s no substitute for experience. When you start playing with all the various RRAS permutations, it gets complicated. Are you using RRAS to hand out IP addresses, or is it proxying DHCP requests, for example? So… it depends. NAP’s a pretty complex topic.

(you’re welcome to e-mail me - this is a PowerShell forum, and I don’t want to go too far off-topic. I realize you were just trying to contact me, and this is a good spot, but I’d rather not continue the conversation here. There’s a contact form on the Site Info page here, and while I don’t have time to do a lot of detailed back-and-forth, I’m happy to try and do what I can.)