Hi,
Our network is configured with 1.x authentication along with MAB (Mac address bypass), but this sort of is a problem, when we want to provision new clients. We have been trying to configure Intel RCS, in order to cope with the problem without having any luck until now. So we figured, it might be the "right time" for a reality check with the community before we keep on banging our heads against the wall and keep on cursing the technologies
Environment description:
- 802.1x authentication enabled network with MAB.
- New client prepared/configured with USB stick to add an 802.1x profile for IntelAMT.
Now to the problem, when we configure the clients, password and other options are sett. But we are unable to see any sort of certificate information or profile information in the AMT boot menu or what is now called, which you get after pressing Crtl + P
But because password and other settings are configured, we figure not showing certificates and policy is by design? Any how, when we now try to PXE boot nothing happens, as the Switch is only allowing EAPOL traffic. So now there are a couple of questions:
1) First off, is the configuration above mentioned ok? Or do we need to configure anything else?
2) In order for Intel SCS to work, does the server needs to be on the same vlan as the clients, even if the clients have been configured using USB pen?
3) Are there any network requirements in order to get PXE to work on an 802.1x enabled interface, i mean do we have to configure anything specifically on the switches or would it be broadcast traffic that is picked up by the Intel SCS server which in turn takes care of the rest?
4) When and 802.1x profile has been defined for Intel AMT, is a new certificated issued for each client that is PXE booted? And if so, which client receives the certificate, is it the Intel SCS server or the PXE booting client?
I cant seem to find any sort of documentation describing the purpose and theory behind 802.1x profiles and how they are used with Intel AMT, is there any documentation that I can get in order to learn more or implement this correctly? The only thing found in intel SCS is the procedure to set it up, without describing how the concept actually works and how it can assist in different scenarios. Hope some one/anyone can help me out here. We have 15K clients that are planned to be rolled out by this solution, if this is not supported, well I guess we have to start looking for new jobs ...