User guide
Aruba Networks Security Target
Page 10 of 67
wireless access point between the controller and the AP. A simple TOE
deployment is depicted in Figure 1.
Figure 1: TOE usage scenario
17 There are many combinations of deployment scenarios, ranging from branch office
environments in which the mobility controller and access point are combined (Aruba
600 Series) to campus deployments with multiple redundant mobility controllers.
18 The non-security functionality provided by a mobility controller goes beyond
managing dependants APs, and includes:
a) Performing Layer 2 switching and Layer 3 routing
b) Terminating Internet-based remote access points
c) Providing advanced Radio Frequency (RF) services with Adaptive Radio
Management (ARM) and spectrum analysis
d) Providing location services and RF coverage “heat maps” of the deployment
e) Providing self-contained management by way of a master/local hierarchy with
one controller
f) Pushing configuration to other mobility controllers to reduce administrative
overhead
g) Delivering AP software updates automatically when the mobility controller is
upgraded
2.4 Security Functions
19 The TOE provides the following security functions:
a) Protected communications. The TOE protects the following communication
flows:
i) WebUI. Communication with the administrative web user interface
(WebUI) is protected using TLS/HTTPS.
ii) CLI. Remote administration via the Command Line Interface (CLI) is
protected using SSHv2.
iii) Syslog. Syslog messages are protected using IPSec.
iv) Radius. Radius authentication messages are protected using IPSec.