Specifications

EAP-MD5

Not supported

Supported

EAP-TLS

Supported

Not supported

EAP-MSCHAPv2

Supported

Not supported

EAP-GCT

Supported

Not supported

EAP-FAST

Supported

Not supported

WPA2-PSK

Supported

Not supported

HTTPS

Not supported

Supported

2.6.1.1 Controller Functionality Excluded from the Logical Boundary

Controller TACACS+ authentication and authorization are not included in the Logical

Boundary of the TOE. Controller TACACS+ accounting is allowed in the evaluated

configuration but would be redundant to syslog messages generated by the Controller.

2.7 TOE Evaluated Configuration

The TOE’s evaluated configuration requires one or more Controller s plus one or more of APs.

Additionally, the following list itemizes the evaluated configuration requirements:

1) The ACS or ISE is installed and configured to support authentication for all installed

Controllers.

2) The Syslog server supporting syslog over TLS is operational on a Syslog Host.

3) The Controllers are configured with SNMPv3 enabled and SNMPv1 and SNMPv2

disabled.

4) AES RADIUS key wrap is enabled between the Controllers and ACS or ISE.

5) Telnet is disabled on the Controllers.

6) RADIUS is used for authentication of wireless clients.

7) RADIUS is used for authentication and authorization of the Controller administrator.

8) TACACS+ is used for accounting of Controller administrator actions on the Controller.

9) All APs are CAPWAP APs.

10) A TFTP client is included locally on the Controller for downloading image bundle

updates. FTP shall not be used.

11) A separate NTP server is included in the IT environment for use with the ACS, MSE,

WCS or NCS, and the syslog components.

12) Wireless administration is disabled on the TOE.