Intel vPro® Platform
Intel Manageability Forum (Intel® EMA, AMT, SCS & Manageability Commander)


Community Manager

Running Intel AMT with FW in Enterprise (PKI) mode along with Symantec SNAC on Cisco switches.


We want to utilize the option to wake up powered off machines with AMT, but with our current config the machine is unauthenticated to radius and hence is not assigned a VLAN while powered off. Is there a way to hard-code a username/password in the AMT firmware so the machine is authenticated and assigned a VLAN while powered down?

An option would be to use the IOS port config "authentication event no-response action authorize vlan X" to assign the port to a specific VLAN when the machine is unauthenticated. Then the port would sit in that VLAN (even if gets powered on) until the port is set to re-authenticate, by default after 60 minutes.

This solution will also invalidate the complete SNAC solution as any unauthorized machine will be assigned VLAN X instead of the remediation VLAN.

Any thoughts on this? What's your experience on running AMT along with NAC?



This is our current port config (IOS 12.2(50)SE3)

interface FastEthernet0/1


switchport access vlan XXX


switchport mode access


switchport voice vlan YY


authentication control-direction in


authentication host-mode multi-domain


authentication port-control auto




dot1x pae authenticator


dot1x timeout tx-period 10


spanning-tree portfast


0 Kudos
1 Reply
Community Manager

A recommendation from our testers:

1. Configure Intel AMT to use a power package that is on in S5. In this way, Intel AMT will be on when the host is off.


2. Configure Intel AMT to work with 802.1x and NAC. Then Intel AMT can maintain a connection and send postures when the host is off.


3. Use a hardcoded username and password.