Table of Contents
Advertisement
Quick Links
Download this manual
See also:
Manual
Advertisement
Table of Contents
Related Manuals for Dell PowerConnect W-Series FIPS
Summary of Contents for Dell PowerConnect W-Series FIPS
- Page 1 Aruba 620, 650 and Dell W- 620, W-650 Controllers with ArubaOS FIPS Firmware Non-Proprietary Security Policy FIPS 140-2 Level 2 Release Supplement...
- Page 2 Altering this device (such as painting it) voids the warranty. Copyright © 2011 Aruba Networks, Inc. Aruba Networks trademarks include , Aruba Networks®, Aruba Wireless Networks®,the registered Aruba the Mobile Edge Company logo, and Aruba Mobility Management System®. Dell™, the DELL™ logo, andPowerConnect™ are trademarks of Dell Inc. www.arubanetworks.com...
-
Page 3: Table Of Contents
Using Wireless to Protect your Wired Network..........28 Using Wireless to Protect your Existing Wireless Network......28 Chapter 3 Installing the Controller.................29 Pre-Installation Checklist..................29 Precautions......................29 The Security Kit ....................30 Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement... - Page 4 Setting Up Your Controller ..................39 Enabling FIPS Mode ....................39 Enabling FIPS with the Setup Wizard ............39 Enabling FIPS with the WebUI ..............39 Disallowed FIPS Mode Configurations..............40 Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement...
-
Page 5: Preface
Standards and Technology (NIST) Web-site at: http://csrc.nist.gov/groups/STM/cmvp/index.html Aruba Dell Relationship Aruba Networks is the OEM for the Dell PowerConnect W line of products. Dell products are identical to the Aruba products other than branding and Dell software is identical to Aruba software other than branding. -
Page 6: Additional Product Information
The Aruba Networks Web-site contains information on the full line of products from Aruba Networks: http://www.arubanetworks.com The Dell Web site contains information on the full line of products from Dell. http://www.dell.com/ The NIST Validated Modules Web-site contains contact information for answers to technical or sales- ... -
Page 7: The Aruba 620 And 650 Mobility Controllers
The switch configurations tested during the cryptographic module testing included: Aruba 620 (620-AOS-STD-FIPS-US) Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement The Aruba 620 and 650 Mobility Controllers |... -
Page 8: Physical Description
4x Fast Ethernet (10/100BASE-T) with PoE+ port 1x Gigabit Ethernet (1000BASE-T) port 1x ExpressCard® port | The Aruba 620 and 650 Mobility Controllers Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement... -
Page 9: Chapter 1 The Aruba 620 And 650 Mobility Controllers
1x USB 2.0 port 1x AC input voltage 100-240 V, Universal Input Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement The Aruba 620 and 650 Mobility Controllers |... - Page 10 Pushing the media eject button changes the state of the Aruba 620; the table below describes the states and LED behaviors associated with use of the media eject button: | The Aruba 620 and 650 Mobility Controllers Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement...
- Page 11 Port is transmitting or receiving data No link on port 1000 Interface Speed On (Solid Green) 1000 Mbps 10/100 Mbps Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement The Aruba 620 and 650 Mobility Controllers |...
-
Page 12: Aruba 650 Chassis
1x ExpressCard® port 4x USB 2.0 port 1x AC input voltage 100-240 V, Universal Input | The Aruba 620 and 650 Mobility Controllers Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement... - Page 13 Pushing the media eject button changes the state of the Aruba 650 Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement The Aruba 620 and 650 Mobility Controllers |...
- Page 14 On (Solid Green) Link has been established On (Flashing Green) Port is transmitting or receiving data No link on port | The Aruba 620 and 650 Mobility Controllers Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement...
- Page 15 The attached device has requested PoE, but PoE is not being provided by the port PoE is not being provided Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement The Aruba 620 and 650 Mobility Controllers |...
- Page 16 | The Aruba 620 and 650 Mobility Controllers Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement...
-
Page 17: Fips 140-2 Level 2 Features
Linux implementation is not provided directly. Only Aruba Networks provided interfaces are used, and the CLI is a restricted command set. Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement FIPS 140-2 Level 2 Features |... -
Page 18: Logical Interfaces
(including fan, ports, and power) and status of connected media. The log file records the results of self-tests, configuration errors, and monitoring data. | FIPS 140-2 Level 2 Features Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement... -
Page 19: Roles And Services
Diffie-Hellman key pair and data for IKEv1/IKEv2 (read/write access), pre- shared keys for IKEv1/IKEv2 (read access); Session keys for IPSec (read/write access) Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement FIPS 140-2 Level 2 Features |... - Page 20 Configuring Configure bypass operation on Commands and Status of None Bypass Operation the module configuration data commands and configuration data | FIPS 140-2 Level 2 Features Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement...
-
Page 21: User Role
(read) network traffic EAP-TLS ECDSA private key (read) 802.11i Pair-Wise Master Key (read/ write) 802.11i Session key (read/write) Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement FIPS 140-2 Level 2 Features |... -
Page 22: Authentication Mechanisms
These services do not involve any cryptographic processing. Additional unauthenticated services include performance of the power-on self test and system status indication via LEDs. | FIPS 140-2 Level 2 Features Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement... -
Page 23: Cryptographic Key Management
In addition, withing the FIPS Approved mode of operation, the module supports the following allowed key establishment schemes: Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement FIPS 140-2 Level 2 Features |... -
Page 24: Critical Security Parameters
(Elliptic curve group) negotiations closed. IPSec session Diffie-Hellman private key. Note: Key size 768 bits is not allowed in FIPS mode. | FIPS 140-2 Level 2 Features Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement... - Page 25 P-384 curves module encrypted with KEK. Zeroized TLS/PEAP protocols by the CO command write during the handshake. erase all. Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement FIPS 140-2 Level 2 Features |...
- Page 26 Zeroized on reboot. purpose (x-change FIPS compliant 186-2 RNG (/dev/urandom) Notice); SHA-1 RNG General purpose (x- change Notice); SHA-1 | FIPS 140-2 Level 2 Features Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement...
-
Page 27: Self-Tests
The module stores the first random number for subsequent comparison, and the module compares the value of the new random Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement FIPS 140-2 Level 2 Features |... -
Page 28: Alternating Bypass State
256 with HMAC-SHA1) to secure Layer 2 traffic, as well as the encryption of Layer 2 header information including MAC addresses. xSec was jointly developed by Aruba Networks and Funk Software. | FIPS 140-2 Level 2 Features Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement... -
Page 29: Wireless Intrusion Detection
Aruba access points will drop illegal requests and generate alerts to notify administrators of the attack. Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement FIPS 140-2 Level 2 Features |... -
Page 30: Man-In-The-Middle Protection
WLAN deployment, including Cisco deployments, by providing advanced RF security and control features not found in first-generation wireless products. | FIPS 140-2 Level 2 Features Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement... -
Page 31: Installing The Controller
Dangerous voltage in excess of 240 VAC is always present while the Aruba Power Supply is plugged into an electrical outlet. Remove all rings, jewelry, and other potentially conductive material before working with this product. Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement Installing the Controller |... -
Page 32: The Security Kit
TELs which have met the physical security testing requirements for tamper evident labels under the FIPS 140-2 Standard. TELs are not endorsed by the Cryptographic Module Validation Program (CMVP). | Installing the Controller Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement... -
Page 33: Reading Tels
8. Spanning the front face plate and left and bottom chassis cover To detect access to restricted ports: 3. Spanning the Express Card slot 7. Spanning the seriel port Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement Installing the Controller |... - Page 34 Figure 2 Aruba 620 — Front view Figure 3 Aruba 620 — Back view Figure 4 Aruba 620 — Left-side view | Installing the Controller Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement...
- Page 35 Figure 5 Aruba 620 — Right-side view Figure 6 Aruba 620 — Top view Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement Installing the Controller |...
-
Page 36: Aruba 650
To detect access to restricted ports: 2. Spanning the seriel port 5. Spanning the Express Card slot Figure 8 Aruba 650 — Front view | Installing the Controller Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement... - Page 37 Figure 9 Aruba 650 — Back view Figure 10 Aruba 650 — Left-side view Figure 11 Aruba 650 — Right-side view Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement Installing the Controller |...
-
Page 38: Applying Tels
Once the TELs are applied, the Crypto Officer (CO) should perform initial setup and configuration as described in the next chapter. | Installing the Controller Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement... -
Page 39: Ongoing Management
802.11i functionality as an 802.11 client. Although outside the boundary of the switch, the User should be directed to be careful not to provide authentication information and session keys to others parties. Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement Ongoing Management |... - Page 40 | Ongoing Management Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement...
-
Page 41: Setup And Configuration
3. Go to the Configuration > Network > Controller > System Settings page (the default page when you click the Configuration tab). Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement Setup and Configuration |... -
Page 42: Disallowed Fips Mode Configurations
When you enable FIPS mode, the following configuration options are disallowed: All WEP features TKIP mixed mode Any combination of DES, MD5, and PPTP | Setup and Configuration Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement...