Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipment4404 - Wireless LAN Controller
41424344454647484950
48
6.1.17 FIA_AFL.1(1) Administrator Authentication Failure Handling
FIA_AFL.1.1(1) The TSF shall defer authentication of remote administrators to a RADIUS server for the
IT Environment to detect when an administrator configurable positive integer within the
range [1 to 10] of unsuccessful authentication attempts occur related to remote administrators
logging on to the WLAN access system.
FIA_AFL.1.2(1) When the defined number of unsuccessful authentication attempts has been met or surpassed,
the TSF shall prevent remote login by administrators by continuing to defer authentication
of remote administrators to a RADIUS server until an action is taken by a local
Administrator or a RADIUS administrator.
Application note: Authentication of Management Users is deferred to a RADIUS server for authentication
failure handling. This requirement is not applicable to administrative authentication at the
SNMPv3 interface of the Controller.
6.1.18 FIA_ATD.1(1) Administrator Attribute Definition
FIA_ATD.1.1(1) The TSF shall maintain the following minimum list of security attributes belonging to
individual administrators: password, [username, access mode].
Application note: An access mode of ReadOnly, or ReadWrite is assigned to each SNMPv3 User account.
SNMPv3 User accounts are the only administrative accounts stored and used locally in
the Controller, attributes for Management Users are stored in the RADIUS server.
6.1.19 FIA_ATD.1(2) User Attribute Definition
FIA_ATD.1.1(2) The TSF shall maintain the following minimum list of security attributes belonging to
individual remotely authenticated users: [
Using EAP-TLS: client’s device certificate
Using EAP-FAST without client certificate: username and password
Using EAP-FAST with client certificate: client’s device certificate
Using EAP-FAST with EAP-GTC: username and PAC (Protected Access Credentials)
Using EAP-MSCHAPv2 without client certificate: username and password
Using EAP-MSCHAPv2 with client certificate: client’s device certificate
Using WPA2-PSK: Passphrase ( ASCII or Hex)]
6.1.20 FIA_UAU.1 Timing of Local Authentication
FIA_UAU.1.1 The TSF shall allow [login attempts] on behalf of users to be performed before the user is
authenticated.
FIA_UAU.1.2 The TSF shall require each user to be successfully authenticated before allowing any other
TSF-mediated actions on behalf of that user.
6.1.21 FIA_UAU_(EXT).5(1) Extended: Multiple Authentication Mechanisms
FIA_UAU_(EXT).5.1(1) The TSF shall provide local authentication, and a remote authentication mechanism to
perform user authentication.
FIA_UAU_(EXT).5.2(1) The TSF shall, at the option of the administrator, invoke the remote authentication