Supported EAP Profiles

Intel AMT can be configured with a supplicant that supports seven types of EAP profiles. The user can select from any of the following profiles and configure 802.1x in conjunction with the profile.

   EAP-TLS

   EAP-TTLS

   EAP-PEAP-MSCHAP

   EAP-GTC

   EAP-FAST-MSCHAP

   EAP-FAST-GTC

   EAP-FAST-TLS

Profile configuration is dependent on the RADIUS server requirements and configuration.

Intel AMT does not check the strings included in AMT_8021XProfile or IPS_IEEE8021xSettings for Username, Password, Domain, and Roaming Identity for more than correct length. These parameters are used to authenticate with external equipment such as a RADIUS server, and must conform to the naming requirements of such devices or services. For example, user names must not have special characters embedded in them (“ / \ [ ] : ; | = , + * ? < >).

The RADIUS server settings may vary according to organizational requirements for 802.1x security. For example, the RADIUS Server may not require a client certificate to authenticate the user. This is the way a supplicant configured to use EAP-PEAP-MSCHAPv2 protocol can work when only a username and password are configured.

Another example is an organization that uses manual PAC provisioning to authenticate the clients. In this case, the supplicant must be configured to use the EAP-FAST protocol (ACS RADIUS is required to support this environment), and the supplicant must be manually provisioned with PAC (Protected Access Credentials that contain all data required for client authentication). The client will authenticate with the provided PAC. Usually for such a setup the RADIUS server is configured not to support automatic PAC provisioning.

See Also:

   AMT_8021XProfile Field Descriptions

   IPS_IEEE8021xSettings Field Descriptions

   Active/Passive Mode

Copyright © 2006-2022, Intel Corporation. All rights reserved.