Manualshelf

Reference Guide

ManualsBrandsDell ManualsAccess PlatformsW-Series FIPS
11121314151617181920
14|
Aruba 600 Series Controllers FIPS 140-2 Level 2 Security Policy
Table4 FIPS 140-2 Logical Interfaces
Status Output Interface
10/100MbpsEthernetPort
10/100/1000MbpsEthernetPort
LEDs
SerialConsoleport(disabled)
Power Interface
Power Supply
PoweroverEthernet(PoE)
Data input and output, control input, status output, and power interfaces are defined as follows:
Data input and output are the packets that use the firewall, VPN, and routing functionality of the modules.
Control input consists of manual control inputs for power and reset through the power and reset
switch. It also consists of all of the data that is entered into the controller while using the management
interfaces.
Status output consists of the status indicators displayed through the LEDs, the status data that is
output from the controller while using the management interfaces, and the log file.
LEDs indicate the physical state of the module, such as power-up (or rebooting), utilization level,
activation state (including fan, ports, and power). The log file records the results of self-tests,
configuration errors, and monitoring data.
A power supply is used to connect the electric power cable.
The controller distinguishes between different forms of data, control, and status traffic over the network
ports by analyzing the packets header information and contents.
Roles and Services
The Aruba Controller supports role-based authentication. There are two roles in the module (as required
by FIPS 140-2 Level 2) that operators may assume: a Crypto Officer role and a User role. The
Administrator maps to the Crypto-Officer role and the client Users map to the User role.
Crypto Officer Role
The Crypto Officer role has the ability to configure, manage, and monitor the controller. Three
management interfaces can be used for this purpose:
SSHv2 CLI
The Crypto Officer can use the CLI to perform non-security-sensitive and security-sensitive
monitoring and configuration. The CLI can be accessed remotely by using the SSHv2 secured
management session over the Ethernet ports or locally over the serial port. In FIPS mode, the serial
port is disabled.
Web Interface
The Crypto Officer can use the Web Interface as an alternative to the CLI. The Web Interface
provides a highly intuitive, graphical interface for a comprehensive set of controller management