Reference Guide
24
4 Roles, Authentication and Services
4.1 Roles
The module supports the roles of Crypto Officer, User, and Wireless Client; no additional roles (e.g.,
Maintenance) are supported. Administrative operations carried out by the Aruba Mobility Controller map
to the Crypto Officer role. The Crypto Officer has the ability to configure, manage, and monitor the
module, including the configuration, loading, and zeroization of CSPs.
Defining characteristics of the roles depend on whether the module is configured as a Remote AP mode or
as a Remote Mesh Portal mode.
Remote AP FIPS mode:
o Crypto Officer role: the Crypto Officer is the Aruba Mobility Controller that has the
ability to configure, manage, and monitor the module, including the configuration,
loading, and zeroization of CSPs.
o User role: in the configuration, the User operator shares the same services and
authentication techniques as the Mobility Controller in the Crypto Officer role.
o Wireless Client role: in Remote AP configuration, a wireless client can create a
connection to the module using WPA2 and access wireless network access/bridging
services. In advanced Remote AP configuration, when Remote AP cannot communicate
with the controller, the wireless client role authenticates to the module via WPA2-PSK
only.
CPSec AP FIPS mode:
o Crypto Officer role: the Crypto Officer is the Aruba Mobility Controller that has the
ability to configure, manage, and monitor the module, including the configuration,
loading, and zeroization of CSPs.
o User role: in the configuration, the User operator shares the same services and
authentication techniques as the Mobility Controller in the Crypto Officer
o Wireless Client role: in CPSec AP configuration, a wireless client can create a connection
to the module using WPA2 and access wireless network access services.
Remote Mesh Portal FIPS mode:
o Crypto Officer role: the Crypto Officer is the Aruba Mobility Controller that has the
ability to configure, manage, and monitor the module, including the configuration,
loading, and zeroization of CSPs.
o User role: the adjacent Mesh Point APs in a given mesh cluster. Please notice that
Remote Mesh Portal AP must be physically wired to Mobility Controller.
o Wireless Client role: in Remote Mesh Portal FIPS AP configuration, a wireless client can
create a connection to the module using WPA2 and access wireless network access
services.
Remote Mesh Point FIPS mode:
o Crypto Officer role: the Crypto Officer role is the Aruba Mobility Controller that has the
ability to configure, manage, and monitor the module, including the configuration,
loading, and zeroization of CSPs. The first mesh AP configured is the only AP with the
direct wired connection.
o User role: the adjacent Mesh APs in a given mesh cluster. Please notice that User role can
be a Mesh Point AP or a Mesh Portal AP in the given mesh network.