Dell W-AP175, W- AP92, W-AP105 Operational Environment, Verify that the module is in Fips mode

Page 30

represents the only exception. That is, nothing other than a PoE injector should be present between the module and the staging controller.

8.Once the module is connected to the controller by the Ethernet cable, navigate to the

Configuration > Wireless > AP Installation page, where you should see an entry for the AP. Select that AP, click the “Provision” button, which will open the provisioning window. Now provision the AP as Remote Mesh Portal by filling in the form appropriately. Detailed steps are listed in Section “Provisioning an Individual AP” of Chapter “The Basic User-Centric Networks” of the Aruba OS User Guide. Click “Apply and Reboot” to complete the provisioning process.

a.During the provisioning process as Remote Mesh Point, if Pre-shared key is selected to be the Remote IP Authentication Method, the IKE pre-shared key (which is at least 8 characters in length) is input to the module during provisioning. Generation of this key is outside the scope of this policy. In the initial provisioning of an AP, this key will be entered in plaintext; subsequently, during provisioning, it will be entered encrypted over the secure IPSec session. If certificate based authentication is chosen, AP’s RSA key pair is used to authenticate AP to controller during IPSec. AP’s RSA private key is contained in the AP’s non volatile memory and is generated at manufacturing time in factory.

b.During the provisioning process as Mesh Point, the WPA2 PSK is input to the module via the corresponding Mesh cluster profile. This key is stored on flash encrypted.

9.Via the logging facility of the staging controller, ensure that the module (the AP) is successfully provisioned with firmware and configuration

10.Terminate the administrative session

11.Disconnect the module from the staging controller, and install it on the deployment network; when power is applied, the module will attempt to discover and connect to an Aruba Mobility Controller on the network.

3.3.5 Verify that the module is in FIPS mode

For all the approved modes of operations in either Remote AP FIPS mode, Control Plane Security AP FIPS Mode, Remote Mesh Portal FIPS mode or Mesh Point FIPS Mode do the following to vefiry the module is in FIPS mode:

1.Log into the administrative console of the Aruba Mobility Controller

2.Verify that the module is connected to the Mobility Controller

3.Verify that the module has FIPS mode enabled by issuing command “show ap ap-name <ap- name> config”

4.Terminate the administrative session

3.4Operational Environment

The operational environment is non-modifiable. The Operating System (OS) is Linux, a real-time multi- threaded operating system that supports memory protection between processes. Access to the underlying Linux implementation is not provided directly. Only Aruba-provided Crypto Officer interfaces are used. There is no user interface provided.

30

Page 29 Page 31
Image 30
Page 29 Page 31
Contents Version Feb Aruba Networks Crossman Ave Sunnyvale, CA Page AP-175 Series Aruba Dell Relationship Acronyms and AbbreviationsAP-105 Series Security Levels Physical SecurityROLES, Authentication and Services Introduction Aruba Dell RelationshipAcronyms and Abbreviations GHz IPSecPhysical Description Product OverviewAP-92 Aruba Part Number Dell Corresponding Part NumberAP-92 Indicator LEDs Label Function Action Status PWREnet AP-93 Label Function Action StatusAP-93 Indicator LEDs Label Function Action Status AP-105 Wireless Access Point AP-105 SeriesAP-105 Indicator LEDs Label Function Action Status AP-175 Wireless Access Point AP-175 SeriesPhysical Description AP-175 Indicator LEDs Label Function Action Status PositionPhysical Security Module ObjectivesSecurity Levels Applying TELs2 AP-92 TEL Placement AP-92 Tel placement front viewAruba AP-92 Tel placement right view 3 AP-93 TEL Placement Aruba AP-92 Tel placement bottom viewAruba AP-93 Tel placement left view 4 AP-105 TEL Placement Aruba AP-93 Tel placement top viewAruba AP-105 Tel placement left view 5 AP-175 TEL Placement Aruba AP-105 Tel placement bottom viewAruba AP-175 Tel placement back view Inspection/Testing of Physical Security Mechanisms Aruba AP-175 Tel placement top viewConfiguring Remote AP Fips Mode Modes of OperationEnable Fips mode on the AP. This accomplished by going to Configuring Remote Mesh Portal Fips Mode Configuring Remote Mesh Point Fips Mode Verify that the module is in Fips mode Operational EnvironmentLogical Interfaces Fips 140-2 Logical Interfaces Module Physical InterfaceRoles, Authentication and Services Crypto Officer AuthenticationRoles Strength of Authentication Mechanisms User AuthenticationWireless Client Authentication Authentication Mechanism StrengthWPA2-PSK WPA2 PSK ServicesCrypto Officer Services KEKPTK User ServicesPMK Eapol MICWireless Client Services Unauthenticated Services∙ FTP ∙ Tftp ∙ NTP Cryptographic Algorithms Non-FIPS Approved AlgorithmsCritical Security Parameters HmacRNG PSK AES-CCMGMK GTKSelf Tests For an AES Atheros hardware Post failure
Top Page Image Contents