Dell Aruba 650 Supplement Manual - Page 39

Browse online or download pdf Supplement Manual for Switch Dell Aruba 650. Dell Aruba 650 42 pages. Controllers with arubaos fips firmware non-proprietary security policy fips 140-2 level 2 release supplement

Print Page

The Aruba 620 and 650 Mobility Controllers meet FIPS 140-2 Level 2 requirements. The information below

describe how to keep the switch in FIPS-approved mode of operation. The Crypto Officer must ensure that

the switch is kept in a FIPS-approved mode of operation.

Crypto Officer Management

The Crypto Officer must ensure that the switch is always operating in a FIPS-approved mode of operation.

This can be achieved by ensuring the following:

FIPS mode must be enabled on the switch before Users are permitted to use the switch (see



FIPS Mode" on

The admin role must be root.



Passwords must be at least six characters long.



VPN services can only be provided by IPsec or L2TP over IPsec.



Access to the switch Web Interface is permitted only using HTTPS over a TLS tunnel. Basic HTTP and



HTTPS over SSL are not permitted.

Only SNMP read-only may be enabled.



Only FIPS-approved algorithms can be used for cryptographic services (such as HTTPS, L2, AES-CBC,



SSH, and IKEv1/IKEv2-IPSec), which include AES, Triple-DES, SHA-1, HMAC SHA-1, and RSA signature

and verification.

TFTP can only be used to load backup and restore files. These files are: Configuration files (system



setup configuration), the WMS database (radio network configuration), and log files. (FTP and TFTP

over IPsec can be used to transfer configuration files.)

The switch logs must be monitored. If a strange activity is found, the Crypto Officer should take the



switch off line and investigate.

The Tamper-Evident Labels (TELs) must be regularly examined for signs of tampering.



The Crypto Officer shall not configure the Diffie-Hellman algorithm with 768-bits (Group 1) in FIPS



mode for IKEv1/IKEv2-IPSec and SSH.

User Guidance

The User accesses the switch VPN functionality as an IPsec client. The user can also access the switch

802.11i functionality as an 802.11 client. Although outside the boundary of the switch, the User should be

directed to be careful not to provide authentication information and session keys to others parties.

Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement

page 39)

Chapter 4

Ongoing Management

Ongoing Management |

"Enabling