Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipment4404 - Wireless LAN Controller
11121314151617181920
16
The physical boundary of the APs includes FIPS Kits that cover the physical interfaces of the
APs to make them FIPS compliant. The FIPS Kits are part of the physical boundary of the
AP. The FIPS Kits for the APs are the Cisco product number AIRLAP-FIPSKIT.
The AP TOE components have an RF interface, an Ethernet interface, and a serial console
interface. All three of these interfaces are controlled by the software executing on the AP.
The seven Access Point series included in the TOE physical boundary vary by the antenna
support they offer; however the differences do not affect the security functionality of the
TOE.
The serial or console interface to the AP is not included in the evaluated configuration . This
interface cannot be used for administration or configuration of the AP when the AP is in its
evaluated configuration, fully managed by a Controller. All administration and configuration
of the AP TOE component occurs through the Controller TOE component.
The Ethernet interface of the AP is a wired interface that connects the AP to the Controller.
The Ethernet interface is used as a management interface to the AP and also as the
communication channel for those successfully authenticated wireless users to communicate
with the wired network controlled by the TOE and the other successfully authenticated
wireless users. Wired communications between the APs and Controllers (or WiSM) is carried
out using the Control and Provisioning of Wireless Access Points (CAPWAP). Control and
Provisioning of Wireless Access Points (CAPWAP) is an IETF network protocol draft
supported by the APs and controllers that aids in centralized management and security of the
controllers and APs. Specifically, CAPWAP supports traffic handling, authentication,
encryption and policy enforcement. CAPWAP is the underlying protocol selected by the IETF
Control and Provisioning of Wireless Access Points (CAPWAP) Working Group. CAPWAP
has also been validated by NIST for FIPS 140-2 Level 2 certification. CAPWAP allows the
APs and Controllers to carry out secure control and bridging communications over a FIPS
140-2 validated assured channel using DTLS with AES-CBC encryption. On the 5508
Controller and 1131, 1142, 1242, 1252, 1262, 3502E, and 3502I series access points a
secondary DTLS tunnel is supported for protection of client data as part of CAPWAP . Note
that all TOE devices have a separate tunnel for client data traffic as part of CAPWAP, but
only the devices above support DTLS protection of this tunnel.
Wireless communications between clients and APs is carried out using the IEEE 802.11
protocol standard governing communication transmission for wireless devices. For this
evaluation the APs use one or more of the following: 802.11a, 802.11b, 802.11g and
802.11n for wireless communication. The wireless security protocol that is to be used
with the APs is WPA2, which is the Wi-Fi Alliance interoperable specification based on
IEEE 802.11i security standard (described below).
The following table provides details for each of the Access Points models included in the
TOE.
Table 4 Cisco Access Point Model, Hardware Configuration, and Part Number
TOE Configuration
Hardware Configuration
Part Numbers