Cerveza
Páginas: 5 (1249 palabras)
Publicado: 13 de octubre de 2011
Intel® Active Management Technology
Cisco* ACS Configuration Guide for Intel® AMT Posture Data
March 2006
Intel® AMT / Cisco* ACS Configuration Guide
Legal Notice INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL® PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED ININTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER, AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. Intel products are not intendedfor use in medical, life saving, life sustaining, critical control or safety systems, or in nuclear facility applications. Intel may make changes to specifications and product descriptions at any time, without notice. The Intel products discussed in this document may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Currentcharacterized errata are available on request. Contact your local Intel sales office or your distributor to obtain the latest specifications and before placing your product order. Copies of documents which have an order number and are referenced in this document, or other Intel literature, may be obtained by calling 1-800-548-4725, or by visiting www.intel.com. Intel® is a trademark or registeredtrademark of Intel Corporation or its subsidiaries in the United States and other countries. The following are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries: Intel® Active Management Technology Intel® AMT Intel® PRO Network Connection *Other names and brands may be claimed as the property of others. Copyright © 2006, IntelCorporation.
2
Intel® AMT / Cisco* ACS Configuration Guide
Cisco* ACS Configuration Guide for Intel® AMT Posture Data
(Reference Guide for Network/IT Administrators)
This document only describes the Intel AMT Posture Plug-in specific attributes required for configuring the server side (for example, in a Cisco* ACS 4.0 product). It does not describe the configuration for Cisco ACS 4.0 posturevalidation, including Intel AMT posture validation. For this information, please refer to the Cisco ACS Configuration Guide. Step 1: Install and configure Cisco ACS 4.0 server. Step 2: Add Intel AMT posture specific AVPs to Cisco ACS 4.0. To accomplish this, the following items must be performed by the administrator: a. Go to the directory where the Csutil tool for Cisco ACS 4.0 is installed. Thetypical directory command for this is:
cd %program files%\ciscosecure acs v4.0\bin\ b. Use Csutil to add Intel AMT posture AVPs by using the following command: csutil -addAVP bar.txt [bar.txt file is shown below.] c.
Restart ACS using following commands:
net stop CSAdmin net stop CSAuth net stop CSLog net start CSLog net start CSAuth net start CSAdmin
The Cisco NAC Posture Plug-in for Intel®AMT shall provide the following data about Advanced Management Technology:
Attribute Number 5 9 32768 32769 32770 32771
Attribute Type Version Unsigned32 Unsigned32 Unsigned32 Unsigned32 Unsigned32
Name AMTVersion AMTOperationalState AMTAvailable AMTSBEEnable AMTTLSEnable AMTCryptoEnable
Details AMT version 0 – AMT not operational (pre-provisioning state) 1 – AMT operational 1 – AMTis available 0 – AMT not available (no flash, no driver etc.) 1 – Enterprise mode 0 – SMB mode 1 – TLS enabled 0 – TLS disabled 1 – Crypto HW fuse enabled 0 – Crypto HW fuse disabled
3
Intel® AMT / Cisco* ACS Configuration Guide
Attribute Number 32772
0 – PRE_PROVISIONING state 1 – IN_PROVISIONING state 2 – POST_PROVISIONING state 32773 Unsigned32 AMTNetIFEnable 1 – network interface...
Cisco* ACS Configuration Guide for Intel® AMT Posture Data
March 2006
Intel® AMT / Cisco* ACS Configuration Guide
Legal Notice INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL® PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED ININTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER, AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. Intel products are not intendedfor use in medical, life saving, life sustaining, critical control or safety systems, or in nuclear facility applications. Intel may make changes to specifications and product descriptions at any time, without notice. The Intel products discussed in this document may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Currentcharacterized errata are available on request. Contact your local Intel sales office or your distributor to obtain the latest specifications and before placing your product order. Copies of documents which have an order number and are referenced in this document, or other Intel literature, may be obtained by calling 1-800-548-4725, or by visiting www.intel.com. Intel® is a trademark or registeredtrademark of Intel Corporation or its subsidiaries in the United States and other countries. The following are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries: Intel® Active Management Technology Intel® AMT Intel® PRO Network Connection *Other names and brands may be claimed as the property of others. Copyright © 2006, IntelCorporation.
2
Intel® AMT / Cisco* ACS Configuration Guide
Cisco* ACS Configuration Guide for Intel® AMT Posture Data
(Reference Guide for Network/IT Administrators)
This document only describes the Intel AMT Posture Plug-in specific attributes required for configuring the server side (for example, in a Cisco* ACS 4.0 product). It does not describe the configuration for Cisco ACS 4.0 posturevalidation, including Intel AMT posture validation. For this information, please refer to the Cisco ACS Configuration Guide. Step 1: Install and configure Cisco ACS 4.0 server. Step 2: Add Intel AMT posture specific AVPs to Cisco ACS 4.0. To accomplish this, the following items must be performed by the administrator: a. Go to the directory where the Csutil tool for Cisco ACS 4.0 is installed. Thetypical directory command for this is:
cd %program files%\ciscosecure acs v4.0\bin\ b. Use Csutil to add Intel AMT posture AVPs by using the following command: csutil -addAVP bar.txt [bar.txt file is shown below.] c.
Restart ACS using following commands:
net stop CSAdmin net stop CSAuth net stop CSLog net start CSLog net start CSAuth net start CSAdmin
The Cisco NAC Posture Plug-in for Intel®AMT shall provide the following data about Advanced Management Technology:
Attribute Number 5 9 32768 32769 32770 32771
Attribute Type Version Unsigned32 Unsigned32 Unsigned32 Unsigned32 Unsigned32
Name AMTVersion AMTOperationalState AMTAvailable AMTSBEEnable AMTTLSEnable AMTCryptoEnable
Details AMT version 0 – AMT not operational (pre-provisioning state) 1 – AMT operational 1 – AMTis available 0 – AMT not available (no flash, no driver etc.) 1 – Enterprise mode 0 – SMB mode 1 – TLS enabled 0 – TLS disabled 1 – Crypto HW fuse enabled 0 – Crypto HW fuse disabled
3
Intel® AMT / Cisco* ACS Configuration Guide
Attribute Number 32772
0 – PRE_PROVISIONING state 1 – IN_PROVISIONING state 2 – POST_PROVISIONING state 32773 Unsigned32 AMTNetIFEnable 1 – network interface...
Leer documento completo
Regístrate para leer el documento completo.