Aruba Networks FIPS 140-2 Benutzerhandbuch
21
select AP > AP System Profile. Then, check the “Fips Enable” box, check “Apply”, and save the
configuration.
configuration.
6. If the staging controller does not provide PoE, either ensure the presence of a PoE injector for the
LAN connection between the module and the controller, or ensure the presence of a DC power
supply appropriate to the particular model of the module.
supply appropriate to the particular model of the module.
7. Connect the module via an Ethernet cable to the staging controller; note that this should be a direct
connection, with no intervening network or devices; if PoE is being supplied by an injector, this
represents the only exception. That is, nothing other than a PoE injector should be present between
the module and the staging controller.
represents the only exception. That is, nothing other than a PoE injector should be present between
the module and the staging controller.
8. Once the module is connected to the controller by the Ethernet cable, navigate to the
Configuration > Wireless > AP Installation page,
where you should see an entry for the AP. Select
that AP, click the “Provision” button, which will open the provisioning window. Now provision
the AP as Remote Mesh Portal by filling in the form appropriately. Detailed steps are listed in
Section “Provisioning an Individual AP” of Chapter “The Basic User-Centric Networks” of the
Aruba OS User Guide. Click “Apply and Reboot” to complete the provisioning process.
the AP as Remote Mesh Portal by filling in the form appropriately. Detailed steps are listed in
Section “Provisioning an Individual AP” of Chapter “The Basic User-Centric Networks” of the
Aruba OS User Guide. Click “Apply and Reboot” to complete the provisioning process.
a. During the provisioning process as Remote Mesh Point, if Pre-shared key is selected to
be the Remote IP Authentication Method, the IKE pre-shared key (which is at least 8
characters in length) is input to the module during provisioning. Generation of this key is
outside the scope of this policy. In the initial provisioning of an AP, this key will be
entered in plaintext; subsequently, during provisioning, it will be entered encrypted over
the secure IPSec session. If certificate based authentication is chosen, AP’s RSA key pair
is used to authenticate AP to controller during IPSec. AP’s RSA private key is contained
in the AP’s non volatile memory and is generated at manufacturing time in factory.
characters in length) is input to the module during provisioning. Generation of this key is
outside the scope of this policy. In the initial provisioning of an AP, this key will be
entered in plaintext; subsequently, during provisioning, it will be entered encrypted over
the secure IPSec session. If certificate based authentication is chosen, AP’s RSA key pair
is used to authenticate AP to controller during IPSec. AP’s RSA private key is contained
in the AP’s non volatile memory and is generated at manufacturing time in factory.
b. During the provisioning process as Mesh Point, the WPA2 PSK is input to the module via
the corresponding Mesh cluster profile. This key is stored on flash encrypted.
9. Via the logging facility of the staging controller, ensure that the module (the AP) is successfully
provisioned with firmware and configuration
10. Terminate the administrative session
11. Disconnect the module from the staging controller, and install it on the deployment network; when
power is applied, the module will attempt to discover and connect to an Aruba Mobility Controller
on the network.
on the network.
3.3.5 Verify that the module is in FIPS mode
For all the approved modes of operations in either Remote AP FIPS mode, Control Plane Security AP FIPS
Mode, Remote Mesh Portal FIPS mode or Mesh Point FIPS Mode do the following to verify the module is
in FIPS mode:
Mode, Remote Mesh Portal FIPS mode or Mesh Point FIPS Mode do the following to verify the module is
in FIPS mode:
1. Log into the administrative console of the Aruba Mobility Controller
2. Verify that the module is connected to the Mobility Controller
3. Verify that the module has FIPS mode enabled by issuing command “show ap ap-name <ap-
name> config”
4. Terminate the administrative session
3.4 Operational Environment
The operational environment is non-modifiable. The Operating System (OS) is Linux, a real-time multi-
threaded operating system that supports memory protection between processes. Access to the underlying
threaded operating system that supports memory protection between processes. Access to the underlying