Specifications
70
FMT_SMF.1(1)
See FMT_MOF.1(1)
FMT_SMF.1(2)
See FMT_MOF.1(2)
FMT_SMF.1(3)
See FMT_MOF.1(1)
FMT_SMR.1(1)
Once the TOE is operational (after APs have been configured to be managed by a Controller),
there is only one administrative role in the TOE, which is the administrator. The Controller
Administrator is responsible for management and configuration of the Controller and AP TOE
components.
The term “administrator” is used in the WLAN PP, and thus in this ST, to refer all users capable
of authenticating to administrative interfaces of the TOE. A “user” (as defined in CC) is an
“external entity -human or IT entity possibly interacting with the TOE from outside of the TOE
boundary.” Two types of Cisco WLAN Controller administrator accounts are covered by that
definition: the Management User accounts; and the SNMPv3 User accounts. The Management
User accounts are only able to access interactive administrative interfaces: the Controller GUI
via TLS; and the Controller CLI via SSH. The SNMPv3 User accounts are only able to
authenticate to the Controller SNMPv3 programmatic interface.
As a programmatic rather than interactive interface some SFRs do not apply to the SNMPv3
interface, including FTA_TAB.1 (displaying a login banner), and FIA_AFL.1 (authentication
failure handling). Though the SNMPv3 connection is encrypted, it’s configured to only be
accessible from an isolated/protected management network to mitigate the risk of brute-force
password guessing.
Since the SNMPv3 User is an external entity instead of a human user, each SNMPv3 User
account is to be used by only a single external entity, such as a single NCS, or WCS, and when
multiple servers are deployed, they will each use a different SNMPv3 User account. That
method ensures that audit records for login attempts, and administrative changes made through
the SNMPv3 interface are able to uniquely identify the correct ‘subject’ (SNMPv3 User) that
performed an authorized ‘operation’ (GET or SET) on the configuration ‘object’ (MIB object).
Each “SNMPv3 User” account is used to authenticate a remote IT entity such as an instance of a
NCS, or WCS and is not intended to (re)authenticate administrators who have individually
authenticated to a WCS/NCS prior to initiating SNMPv3 GET or SET commands to a
Controller. Thus, audit records generated by the Controller of actions performed on a Controller
by an “SNMPv3 User” are actions performed by the authenticated NCS/WCS.
Administrative TOE
Role
When used
Responsibilities
Controller Administrator
Used in Setup and
Evaluated
Configuration
Perform installation,
configuration and management
activities for Controllers and
APs.
Access Point (AP)
Administrator
Setup Only
Installation and initial of AP
TOE Components, enabling
FIPS mode of operations
The TOE also maintains a non-administrative role for wireless users. Wireless users are not able
to authenticate to any administrative interface of the TOE, and cannot modify any TSF data. All
entities attempting to authenticate from wireless clients are authenticated as wireless users, and
cannot attempt to authenticate as an administrator.
Access Point administrator will be able to log in locally to the AP, only limited capability and
data will be accessible and no access to other TOE component data will be available. Write
access is not accessible via the AP console. The Console port on the APs is not used during