Using Wireless to Protect your Wired Network..........28 Using Wireless to Protect your Existing Wireless Network......28 Chapter 3 Installing the Controller.................29 Pre-Installation Checklist..................29 Precautions......................29 The Security Kit ....................30 Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement...
Page 4
Setting Up Your Controller ..................39 Enabling FIPS Mode ....................39 Enabling FIPS with the Setup Wizard ............39 Enabling FIPS with the WebUI ..............39 Disallowed FIPS Mode Configurations..............40 Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement...
Standards and Technology (NIST) Web-site at: http://csrc.nist.gov/groups/STM/cmvp/index.html Aruba Dell Relationship Aruba Networks is the OEM for the Dell PowerConnect W line of products. Dell products are identical to the Aruba products other than branding and Dell software is identical to Aruba software other than branding.
The Aruba Networks Web-site contains information on the full line of products from Aruba Networks: http://www.arubanetworks.com The Dell Web site contains information on the full line of products from Dell. http://www.dell.com/ The NIST Validated Modules Web-site contains contact information for answers to technical or sales- ...
4x Fast Ethernet (10/100BASE-T) with PoE+ port 1x Gigabit Ethernet (1000BASE-T) port 1x ExpressCard® port | The Aruba 620 and 650 Mobility Controllers Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement...
1x USB 2.0 port 1x AC input voltage 100-240 V, Universal Input Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement The Aruba 620 and 650 Mobility Controllers |...
Page 10
Pushing the media eject button changes the state of the Aruba 620; the table below describes the states and LED behaviors associated with use of the media eject button: | The Aruba 620 and 650 Mobility Controllers Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement...
Page 11
Port is transmitting or receiving data No link on port 1000 Interface Speed On (Solid Green) 1000 Mbps 10/100 Mbps Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement The Aruba 620 and 650 Mobility Controllers |...
1x ExpressCard® port 4x USB 2.0 port 1x AC input voltage 100-240 V, Universal Input | The Aruba 620 and 650 Mobility Controllers Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement...
Page 13
Pushing the media eject button changes the state of the Aruba 650 Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement The Aruba 620 and 650 Mobility Controllers |...
Page 14
On (Solid Green) Link has been established On (Flashing Green) Port is transmitting or receiving data No link on port | The Aruba 620 and 650 Mobility Controllers Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement...
Page 15
The attached device has requested PoE, but PoE is not being provided by the port PoE is not being provided Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement The Aruba 620 and 650 Mobility Controllers |...
Page 16
| The Aruba 620 and 650 Mobility Controllers Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement...
Linux implementation is not provided directly. Only Aruba Networks provided interfaces are used, and the CLI is a restricted command set. Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement FIPS 140-2 Level 2 Features |...
(including fan, ports, and power) and status of connected media. The log file records the results of self-tests, configuration errors, and monitoring data. | FIPS 140-2 Level 2 Features Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement...
Diffie-Hellman key pair and data for IKEv1/IKEv2 (read/write access), pre- shared keys for IKEv1/IKEv2 (read access); Session keys for IPSec (read/write access) Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement FIPS 140-2 Level 2 Features |...
Page 20
Configuring Configure bypass operation on Commands and Status of None Bypass Operation the module configuration data commands and configuration data | FIPS 140-2 Level 2 Features Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement...
These services do not involve any cryptographic processing. Additional unauthenticated services include performance of the power-on self test and system status indication via LEDs. | FIPS 140-2 Level 2 Features Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement...
In addition, withing the FIPS Approved mode of operation, the module supports the following allowed key establishment schemes: Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement FIPS 140-2 Level 2 Features |...
(Elliptic curve group) negotiations closed. IPSec session Diffie-Hellman private key. Note: Key size 768 bits is not allowed in FIPS mode. | FIPS 140-2 Level 2 Features Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement...
Page 25
P-384 curves module encrypted with KEK. Zeroized TLS/PEAP protocols by the CO command write during the handshake. erase all. Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement FIPS 140-2 Level 2 Features |...
Page 26
Zeroized on reboot. purpose (x-change FIPS compliant 186-2 RNG (/dev/urandom) Notice); SHA-1 RNG General purpose (x- change Notice); SHA-1 | FIPS 140-2 Level 2 Features Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement...
The module stores the first random number for subsequent comparison, and the module compares the value of the new random Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement FIPS 140-2 Level 2 Features |...
256 with HMAC-SHA1) to secure Layer 2 traffic, as well as the encryption of Layer 2 header information including MAC addresses. xSec was jointly developed by Aruba Networks and Funk Software. | FIPS 140-2 Level 2 Features Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement...
Aruba access points will drop illegal requests and generate alerts to notify administrators of the attack. Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement FIPS 140-2 Level 2 Features |...
WLAN deployment, including Cisco deployments, by providing advanced RF security and control features not found in first-generation wireless products. | FIPS 140-2 Level 2 Features Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement...
Dangerous voltage in excess of 240 VAC is always present while the Aruba Power Supply is plugged into an electrical outlet. Remove all rings, jewelry, and other potentially conductive material before working with this product. Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement Installing the Controller |...
TELs which have met the physical security testing requirements for tamper evident labels under the FIPS 140-2 Standard. TELs are not endorsed by the Cryptographic Module Validation Program (CMVP). | Installing the Controller Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement...
8. Spanning the front face plate and left and bottom chassis cover To detect access to restricted ports: 3. Spanning the Express Card slot 7. Spanning the seriel port Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement Installing the Controller |...
Page 34
Figure 2 Aruba 620 — Front view Figure 3 Aruba 620 — Back view Figure 4 Aruba 620 — Left-side view | Installing the Controller Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement...
Page 35
Figure 5 Aruba 620 — Right-side view Figure 6 Aruba 620 — Top view Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement Installing the Controller |...
To detect access to restricted ports: 2. Spanning the seriel port 5. Spanning the Express Card slot Figure 8 Aruba 650 — Front view | Installing the Controller Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement...
Once the TELs are applied, the Crypto Officer (CO) should perform initial setup and configuration as described in the next chapter. | Installing the Controller Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement...
802.11i functionality as an 802.11 client. Although outside the boundary of the switch, the User should be directed to be careful not to provide authentication information and session keys to others parties. Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement Ongoing Management |...
Page 40
| Ongoing Management Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement...
3. Go to the Configuration > Network > Controller > System Settings page (the default page when you click the Configuration tab). Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement Setup and Configuration |...
When you enable FIPS mode, the following configuration options are disallowed: All WEP features TKIP mixed mode Any combination of DES, MD5, and PPTP | Setup and Configuration Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement...