Dell W-AP105 - Manuals

Dell W-AP105 – Manual in PDF format online.

Manuals:

Manual

Manual Dell W-AP105

Summary

Page 5 - Introduction; Aruba Dell Relationship

5 1 Introduction This document constitutes the non-proprietary Cryptographic Module Security Policy for the AP-92, AP-93, AP-105 and AP-175 Wireless Access Points with FIPS 140-2 Level 2 validation from Aruba Networks. This security policy describes how the AP meets the security requirements of FIPS...

Page 7 - Product Overview; Aruba Part Number

7 2 Product Overview This section introduces the various Aruba Wireless Access Points, providing a brief overview and summary of the physical features of each model covered by this FIPS 140-2 security policy. 2.1 AP-92 This section introduces the Aruba AP-92 Wireless Access Point (AP) with FIPS 140-...

Page 16 - Module Objectives; Security Levels; Section Section Title; Physical Security

16 3 Module Objectives This section describes the assurance levels for each of the areas described in the FIPS 140 -2 Standard. In addition, it provides information on placing the module in a FIPS 140-2 approved configuration. 3.1 Security Levels Section Section Title Level 1 Cryptographic Module Sp...

Page 17 - To detect access to restricted ports:; To detect opening of the chassis cover:; Figure 5 - AP-92 Tel placement front view

17 3.2.2 AP-92 TEL Placement This section displays all the TEL locations of the Aruba AP-92. The AP-92 requires a minimum of 3 TELs to be applied as follows: 3.2.2.1 To detect access to restricted ports: 1. Spanning the serial port 3.2.2.2 To detect opening of the chassis cover: 2. Spanning the bott...

Page 19 - Figure 10 - Aruba AP-93 Tel placement front view

19 Figure 9 - Aruba AP-92 Tel placement bottom view 3.2.3 AP-93 TEL Placement This section displays all the TEL locations of the Aruba AP-93. The AP-93 requires a minimum of 3 TELs to be applied as follows: 3.2.3.1 To detect access to restricted ports: 1. Spanning the serial port 3.2.3.2 To detect o...

Page 21 - Figure 15 - Aruba AP-105 Tel placement front view

21 Figure 14 - Aruba AP-93 Tel placement top view 3.2.4 AP-105 TEL Placement This section displays all the TEL locations of the Aruba AP-105. The AP-105 requires a minimum of 3 TELs to be applied as follows: 3.2.4.1 To detect opening of the chassis cover: 1. Spanning the bottom and top chassis cover...

Page 22 - Figure 18 - Aruba AP-105 Tel placement top view

22 Figure 16 - Aruba AP-105 Tel placement left view Figure 17 - Aruba AP-105 Tel placement right view Power Input Inlet Figure 18 - Aruba AP-105 Tel placement top view

Page 23 - Figure 19 - Aruba AP-175 Tel placement front view

23 Figure 19 - Aruba AP-105 Tel placement bottom view 3.2.5 AP-175 TEL Placement This section displays all the TEL locations of the Aruba AP-175. The AP-175 requires a minimum of 6 TELs to be applied as follows: 3.2.5.1 To detect access to restricted ports: 1. Spanning the USB console port 2. Spanni...

Page 26 - Modes of Operation

26 3.3 Modes of Operation The module has the following FIPS approved modes of operations: • Remote AP (RAP) FIPS mode – When the module is configured as a Remote AP, it is intended to be deployed in a remote location (relative to the Mobility Controller). The module provides cryptographic processing...

Page 27 - Configuration > Controller > Control Plane Security

27 6. If the staging controller does not provide PoE, either ensure the presence of a PoE injector for the LAN connection between the module and the controller, or ensure the presence o f a DC power supply appropriate to the particular model of the module. 7. Connect the module via an Ethernet cable...

Page 28 - Configuring Remote Mesh Portal FIPS Mode

28 7. Connect the module via an Ethernet cable to the staging controller; note that this should be a direct connection, with no intervening network or devices; if PoE is being supplied by an injector, this represents the only exception. That is, nothing other than a PoE injector should be present be...

Page 29 - Configuring Remote Mesh Point FIPS Mode

29 the AP as Remote Mesh Portal by filling in the form appropriately. Detailed steps are listed in Section “Provisioning an Individual AP” of Chapter “The Basic User-Centric Networks” of the Aruba OS User Guide. Click “Apply and Reboot” to complete the provisioning process. a. During the provisionin...

Page 30 - Verify that the module is in FIPS mode; Operational Environment

30 represents the only exception. That is, nothing other than a PoE injector should be present between the module and the staging controller. 8. Once the module is connected to the controller by the Ethernet cable, navigate to the Configuration > Wireless > AP Installation page, where you shou...

Page 31 - Logical Interfaces; FIPS 140-2 Logical Interface

31 3.5 Logical Interfaces The physical interfaces are divided into logical interfaces defined by FIPS 140 -2 as described in the following table. Table 6 - FIPS 140-2 Logical Interfaces FIPS 140-2 Logical Interface Module Physical Interface Data Input Interface 10/100/1000 Ethernet Ports 802.11a/b/g...

Page 32 - Roles, Authentication and Services

32 4 Roles, Authentication and Services 4.1 Roles The module supports the roles of Crypto Officer, User, and Wireless Client; no additional roles (e.g., Maintenance) are supported. Administrative operations carried out by the Aruba Mobilit y Controller map to the Crypto Officer role. The Crypto Offi...

Page 33 - Strength of Authentication Mechanisms; Mechanism Strength

33 4.1.2 User Authentication Authentication for the User role depends on the module configuration. When the module is configured as a Remote Mesh Portal FIPS mode and Remote Mesh Point FIPS mode, the User role is authenticated via the WPA2 pre-shared key. When the module is configured as a Remote AP...

Page 39 - Cryptographic Algorithms; Non-FIPS Approved Algorithms

39 5 Cryptographic Algorithms FIPS-approved cryptographic algorithms have been implemented in hardware and firmware. The firmware supports the following cryptographic implementations.  ArubaOS OpenSSL AP Module implements the following FIPS-approved algorithms: o AES (Cert. #1851) o HMAC (Cert. #10...

Page 40 - Critical Security Parameters

40 6 Critical Security Parameters The following Critical Security Parameters (CSPs) are used by the module: CSP CSP TYPE GENERATION STORAGE And ZEROIZATI ON USE Key Encryption Key (KEK) Triple-DES 168-bits key Hard-coded Stored in flash, zeroized by the ‘ap wipe out flash’ command. Encrypts IKEv1/IK...

Page 44 - Self Tests

44 7 Self Tests The module performs the following Self Tests after being configured into either Remote AP mode or Remote Mesh Portal mode. The module performs both power-up and conditional self-tests. In the event any self-test fails, the module enters an error state, logs the error, and reboots aut...