SDK Resources > Posture Validation (NAC) > Intel AMT and Posture Validation

Intel AMT and Posture Validation

When the host processor on the platform is in an Sx sleep state, or the host operating system is not functional or fails 802.1x authentication, the Intel AMT device on the platform can send a posture to the AAA directly, depending on its own network connectivity. This is known as “active mode”.

 Note:

Posture Validation (NAC) was deprecated in Intel AMT Release 9.0 and was removed in Intel AMT Release 11.5.

If The ACS is configured to support both NAC and 802.1x and later is reconfigured to support only 802.1x, this may result in a loss of connectivity to an Intel AMT platform that is in active mode. This occurs because Intel AMT does not continually check for network connectivity and dropping NAC support causes the intervening switch to put the port to which the Intel AMT platform is connected on a different VLAN. That VLAN may be assigned to a different IP subnet. To remedy this problem, either restart the LAN port or restart the client platform. This will force the platform to re-acquire an IP address

Intel AMT Releases 4.0 through 8.1 also support EAP over UDP (EAPoUDP). Certain Cisco devices can send an 802.1x request encapsulated in a UDP packet addressed to port 21862. When Intel AMT is in active mode, it listens on this port and responds to these requests with a UDP packet. The Cisco device must be specially configured to generate such requests. Intel AMT configuration for EAPoUDP is the same as configuring for standard 802.1x and EAC.

The AAA can examine the fields in the posture and decide if the platform sending the posture will be granted access to the network. The AAA needs external support to analyze fields in the posture that require more than a simple data comparison. The signature in the postures sent by Intel AMT starting with Release 2.5 through 8.1 is such a field. The Posture Validation Server (PVS) Sample included in the Intel AMT Software Development Kit (SDK) performs signature validation and demonstrates how to design and implement a PVS.

Copyright © 2006-2022, Intel Corporation. All rights reserved.