Note: |
Beginning in Intel AMT Release 9.0 NAC is no longer supported. |
To ready the ACS to handle Intel AMT posture messages, connect to the ACS management screens and perform the following steps using the ACS web-based GUI:
• Define users and configure
certificates.
Configure ACS with same certificates used on host
computer. Select System Configuration/ACS Certificate Setup/ACS Certification
Authority Setup. In the CA Certificate file box enter the full path
to the requested certificate. Then click Submit.
• Configure the Switch Address at Network Configuration.
• Configure Radius Authorized Components at Shared Profile Components/Radius Authorization Components.
• Configure attributes requested for authentication at Posture Validation/Internal Posture Validation.
• Create a new Policy.
• Add and alter Rules by entering the newly created policy and selecting Add Rule then Add Condition Set. Select the appropriate Attribute, Operator and Value then click Submit.
• Configure the PVS address at Posture Validation/External Posture Validation. Click Add Server and fill in Name, Description and Primary Server Configuration’s URL for the PVS server.
• Configure the columns
to be displayed at Failed/Passed Authentication. Configure columns at System
configuration/Logging. Select CSV Passed Authentications file configuration for
the Passed Authentication report or CSV Failed Attempts for the Failed
Authentication report.
Under Select Columns to Log select desired values to
be displayed from the Attributes column.
To configure the ACS to use the posture attributes directly,
1. Go to the directory where the Csutil tool for Cisco
ACS 4.0 is installed. The typical directory command for this is:
cd %program
files%\ciscosecure acs v4.0\bin\
2. Use Csutil to add Intel AMT posture AVPs by using the following command:
csutil -addAVP attr.txt
Note: |
The attr.txt file is listed in the attr.txt File Example. |
Copyright © 2006-2022, Intel Corporation. All rights reserved. |