Manualshelf

Reference Guide

ManualsBrandsDell ManualsAccess PlatformsW-Series FIPS
11121314151617181920
12|
Aruba 3000, 6000/M3 Mobility Controller FIPS 140-2 Level 2 Security Policy
Table3‐FIPS1402LogicalInterfaces
Control Input Interface
Power switch (Aruba 6000 only)
Reset button (Aruba 6000 only)
10/100 Mbps Ethernet port
10/100/1000 Mbps Ethernet ports
Serial console port (disabled)
Status Output Interface
10/100 Mbps Ethernet port
10/100/1000 Mbps Ethernet ports
LEDs
Serial console port (disabled)
Power Interface
Power Supply
POE (Aruba 6000 only)
Data input and output, control input, status output, and power interfaces are defined as follows:
Data input and output are the packets that use the firewall, VPN, and routing functionality of the modules.
Control input consists of manual control inputs for power and reset through the power and reset
switch. It also consists of all of the data that is entered into the controller while using the management
interfaces.
Status output consists of the status indicators displayed through the LEDs, the status data that is
output from the controller while using the management interfaces, and the log file.
LEDs indicate the physical state of the module, such as power-up (or rebooting), utilization level,
activation state (including fan, ports, and power). The log file records the results of self-tests,
configuration errors, and monitoring data.
A power supply is used to connect the electric power cable. Operating power is also provided (Aruba
6000 only) to a compatible Power Over Ethernet (POE) device when connected. The power is
provided through the connected Ethernet cable.
The controller distinguishes between different forms of data, control, and status traffic over the network
ports by analyzing the packets header information and contents.
Roles and Services
The Aruba Controller supports role-based authentication. There are two roles in the module (as required
by FIPS 140-2 Level 2) that operators may assume: a Crypto Officer role and a User role. The
Administrator maps to the Crypto-Officer role and the client Users map to the User role.
Crypto Officer Role
The Crypto Officer role has the ability to configure, manage, and monitor the controller. Three
management interfaces can be used for this purpose:
SSHv2 CLI
The Crypto Officer can use the CLI to perform non-security-sensitive and security-sensitive
monitoring and configuration. The CLI can be accessed remotely by using the SSHv2 secured