Specifications

ManualsBrandsCisco ManualsComputer equipment4404 - Wireless LAN Controller

Catalyst 6500 Wireless

Integrated Service Module

(WiSM) and WiSM2

The WiSM and WiSM2 functionally is the same as the

4400 or 5500 series Controllers. The WiSM and WiSM2

are hardware modules that plug into a Catalyst 6500

switch chassis. Each WiSM blade supports up to 300

Access Points. The Supervisor 720 provides routing and

switching to support network connectivity to the

management interface of the WiSM and WiSM2.

The WiSM and WiSM2 controllers support the following

5 chassis configurations: 6503, 6504, 6506, 6509 and

6513. The chassis vary in the number of slots they

provide, but this difference does not affect the security

functionality claimed by the TOE. Up to four WiSM or

WiSM2 blades with support for 1200 APs can be managed

by a single 6509 or 6513 Catalyst chassis with a

Supervisor 720. A fifth WiSM or WiSM2 blade can be

installed in the Catalyst 6509 or 6513 chassis for

redundant failover of another WiSM or WiSM2 within the

same chassis. The chassis is not included in the TOE

physical boundary, nor is the Sup720.

Though the 6500 chassis is not part of the physical TOE

boundary, the evaluated configuration requires that the

Catalyst 6500 be installed with its FIPS Kit, Cisco product

number CVPN6500FIPS/KIT.

WS-SVC-WISM-1-K9

WS-SVC-WISM2-1-K9

WS-SVC-WISM2-3-K9

WS-SVC-WISM2-5-K9

2.4 TOE Logical Boundary

This section identifies the security functions provided by the TSF.

 Administration (FMT)

 Audit (FAU)

 Encryption (FCS)

 Identification and Authentication (FIA)

 Information Flow Control (FDP)

 Self Protection (FPT)

 Wireless Intrusion Prevention System (IPS)

2.4.1 Administration (FMT)

The TOE’s Administration security functions provides security capabilities that guarantees

Controller administrators are required to identify and authenticate to the TOE or to a

RADIUS server configured for use by the TOE before any administrative actions can be

performed. Syslog administrators identify and authenticate to the Syslog Host OS prior to

managing syslog settings or reviewing audit data stored there. RADIUS server administrators

authenticate to ISE or ACS prior to administrating the RADIUS server. NCS/WCS and MSE

administrators authenticate to NCS/WCS and MSE respectively before configuring

NCS/WCS and MSE. The Syslog Host OS, RADIUS server, NCS/WCS and MSE are outside

the TOE scope of control, so authentication of their administrators is also outside the scope of

control. The TOE only allows administration of TOE components to occur from the wired

network. The TOE’s management security capability provides administrator support