Manualshelf

Reference Guide

ManualsBrandsDell ManualsAccess PlatformsW-Series FIPS
11121314151617181920
Aruba 3000, 6000/M3 Mobility Controller FIPS 140-2 Level 2 Security Policy|11
Physical Security
The Aruba Controller is a scalable, multi-processor standalone network device and is enclosed in a robust
steel housing. The switch enclosure is resistant to probing and is opaque within the visible spectrum. The
enclosure of the switch has been designed to satisfy FIPS 140-2 Level 2 physical security requirements.
For the Aruba 6000-400 the left, top, right, and bottom surfaces are irremovable. The rear panel can be
removed by unscrewing fifteen screws. The switch has a number of components at front side, including
four slots for supervisor and line cards, one fan tray, and three power supplies. Each of the components
is attached with two screws.
For the Aruba 3000-series the left, right, front, rear, and bottom surfaces are irremovable. The top panel
can be removed by unscrewing two screws. A metallic opaque shield is installed at the factory during
manufacturing and cannot be removed by the User.
For physical security, the Aruba 6000-400 chassis requires Tamper-Evident Labels (TELs) to allow the
detection of the opening of the chassis covers; the removal or replacement of any module or cover plate,
and to block the Serial console port.
The Aruba 3000-series Controllers require Tamper-Evident Labels (TELs) to allow the detection of the
opening of the chassis cover and to block the Serial console port.
To protect the Aruba 3000 and 6000/M3 Controllers from any tampering with the product, TELs should be
applied by the Crypto Officer as covered under “Tamper-Evident Labels” in this document.
Operational Environment
The operational environment is non-modifiable. The control plane Operating System (OS) is Linux, a real-
time, multi-threaded operating system that supports memory protection between processes. Access to the
underlying Linux implementation is not provided directly. Only Aruba Networks provided interfaces are
used, and the CLI is a restricted command set.
Logical Interfaces
All of these physical interfaces are separated into logical interfaces defined by FIPS 140-2, as described
in the following table.
Table3‐FIPS1402LogicalInterfaces
FIPS 140-2 Logical Interface Module Physical Interface
Data Input Interface
10/100 Mbps Ethernet port
10/100/1000 Mbps Ethernet ports
Data Output Interface
10/100 Mbps Ethernet port
10/100/1000 Mbps Ethernet ports