Dell W-AP93, W- AP92, W-AP105, AP-92, AP-175, AP-93, W-AP175 Configuring Remote Mesh Point Fips Mode

Page 29

the AP as Remote Mesh Portal by filling in the form appropriately. Detailed steps are listed in Section “Provisioning an Individual AP” of Chapter “The Basic User-Centric Networks” of the Aruba OS User Guide. Click “Apply and Reboot” to complete the provisioning process.

a.During the provisioning process as Remote Mesh Portal, if Pre-shared key is selected to be the Remote IP Authentication Method, the IKE pre-shared key (which is at least 8 characters in length) is input to the module during provisioning. Generation of this key is outside the scope of this policy. In the initial provisioning of an AP, this key will be entered in plaintext; subsequently, during provisioning, it will be entered encrypted over the secure IPSec session. If certificate based authentication is chosen, AP’s RSA key pair is used to authenticate AP to controller during IPSec. AP’s RSA private key is contained in the AP’s non volatile memory and is generated at manufacturing time in factory.

b.During the provisioning process as Remote Mesh Portal, the WPA2 PSK is input to the module via the corresponding Mesh cluster profile. This key is stored on flash encrypted.

9.Via the logging facility of the staging controller, ensure that the module (the AP) is successfully provisioned with firmware and configuration

10.Terminate the administrative session

11.Disconnect the module from the staging controller, and install it on the deployment network; when power is applied, the module will attempt to discover and connect to an Aruba Mobility Controller on the network.

To verify that the module is in FIPS mode, do the following:

1.Log into the administrative console of the Aruba Mobility Controller

2.Verify that the module is connected to the Mobility Controller

3.Verify that the module has FIPS mode enabled by issuing command “show ap ap-name <ap- name> config”

4.Terminate the administrative session

3.3.4 Configuring Remote Mesh Point FIPS Mode

1.Apply TELs according to the directions in section 3.2

2.Log into the administrative console of the staging controller

3.Deploying the AP in Remote Mesh Point mode, create the corresponding Mesh Profiles on the controller as described in detail in Section “Mesh Points” of Chapter “Secure Enterprise Mesh” of the Aruba OS User Manual.

a.For mesh configurations, configure a WPA2 PSK which is 16 ASCII characters or 64 hexadecimal digits in length; generation of such keys is outside the scope of this policy.

4.Enable FIPS mode on the controller. This is accomplished by going to the Configuration > Network

>Controller > System Settings page (this is the default page when you click the Configuration tab), and clicking the FIPS Mode for Mobility Controller Enable checkbox.

5.Enable FIPS mode on the AP. This accomplished by going to the Configuration > Wireless > AP Configuration > AP Group page. There, you click the Edit button for the appropriate AP group, and then select AP > AP System Profile. Then, check the “Fips Enable” box, check “Apply”, and save the configuration.

6.If the staging controller does not provide PoE, either ensure the presence of a PoE injector for the LAN connection between the module and the controller, or ensure the presence of a DC power supply appropriate to the particular model of the module.

7.Connect the module via an Ethernet cable to the staging controller; note that this should be a direct connection, with no intervening network or devices; if PoE is being supplied by an injector, this

29

Page 28 Page 30
Image 29
Page 28 Page 30
Contents Version Feb Aruba Networks Crossman Ave Sunnyvale, CA Page AP-105 Series Aruba Dell Relationship Acronyms and AbbreviationsAP-175 Series Security Levels Physical SecurityROLES, Authentication and Services Acronyms and Abbreviations IntroductionAruba Dell Relationship IPSec GHzAP-92 Product OverviewPhysical Description Aruba Part Number Dell Corresponding Part NumberEnet AP-92 Indicator LEDs Label Function Action StatusPWR Label Function Action Status AP-93AP-93 Indicator LEDs Label Function Action Status AP-105 Series AP-105 Wireless Access PointAP-105 Indicator LEDs Label Function Action Status AP-175 Series AP-175 Wireless Access PointPhysical Description Function Action Status Position AP-175 Indicator LEDs LabelSecurity Levels Module ObjectivesPhysical Security Applying TELsAP-92 Tel placement front view 2 AP-92 TEL PlacementAruba AP-92 Tel placement right view Aruba AP-92 Tel placement bottom view 3 AP-93 TEL PlacementAruba AP-93 Tel placement left view Aruba AP-93 Tel placement top view 4 AP-105 TEL PlacementAruba AP-105 Tel placement left view Aruba AP-105 Tel placement bottom view 5 AP-175 TEL PlacementAruba AP-175 Tel placement back view Aruba AP-175 Tel placement top view Inspection/Testing of Physical Security MechanismsModes of Operation Configuring Remote AP Fips ModeEnable Fips mode on the AP. This accomplished by going to Configuring Remote Mesh Portal Fips Mode Configuring Remote Mesh Point Fips Mode Operational Environment Verify that the module is in Fips modeFips 140-2 Logical Interfaces Module Physical Interface Logical InterfacesRoles Roles, Authentication and ServicesCrypto Officer Authentication Wireless Client Authentication User AuthenticationStrength of Authentication Mechanisms Authentication Mechanism StrengthWPA2-PSK Crypto Officer Services ServicesWPA2 PSK KEKPMK User ServicesPTK Eapol MICUnauthenticated Services Wireless Client Services∙ FTP ∙ Tftp ∙ NTP Non-FIPS Approved Algorithms Cryptographic AlgorithmsHmac Critical Security ParametersRNG AES-CCM PSKGTK GMKSelf Tests For an AES Atheros hardware Post failure
Top Page Image Contents