Manualshelf

Reference Guide

ManualsBrandsDell ManualsAccess PlatformsW-Series FIPS
21222324252627282930
25
o Wireless Client role: in Mesh Remote Mesh Point FIPS AP configuration, a wireless
client can create a connection to the module using WPA2 and access wireless network
access services.
4.1.1 Crypto Officer Authentication
In each of FIPS approved modes, the Aruba Mobility Controller implements the Crypto Officer role.
Connections between the module and the mobility controller are protected using IPSec. Crypto Officer
authentication is accomplished via either proof of possession of the IKEv1/IKEv2 pre-shared key or
RSA/ECDSA certificate, which occurs during the IKEv1/IKEv2 key exchange.
4.1.2 User Authentication
Authentication for the User role depends on the module configuration. When the module is configured as a
Remote Mesh Portal FIPS mode and Remote Mesh Point FIPS mode, the User role is authenticated via the
WPA2 pre-shared key. When the module is configured as a Remote AP FIPS mode and CPSec protected
AP FIPS mode, the User role is authenticated via the same IKEv1/IKEv2 pre-shared key or RSA/ECDSA
certificate that is used by the Crypto Officer
4.1.3 Wireless Client Authentication
The wireless client role defined in each of FIPS approved modes authenticates to the module via WPA2.
Please notice that WEP and TKIP configurations are not permitted in FIPS mode. In advanced Remote AP
configuration, when Remote AP cannot communicate with the controller, the wireless client role
authenticates to the module via WPA2-PSK only.
4.1.4 Strength of Authentication Mechanisms
The following table describes the relative strength of each supported authentication mechanism.
Table 9 - Strength of Authentication Mechanisms
Authentication
Mechanism
Mechanism Strength
IKEv1/IKEv2
shared secret (CO
role)
Passwords are required to be a minimum of eight characters and a maximum
of 32 with a minimum of one letter and one number. If six (6) integers, one
(1) special character and one (1) alphabet are used without repetition for an
eight (8) digit PIN, the probability of randomly guessing the correct sequence
is one (1) in 251,596,800 (this calculation is based on the assumption that the
typical standard American QWERTY computer keyboard has 10 Integer
digits, 52 alphabetic characters, and 32 special characters providing 94
characters to choose from in total. The calculation should be 10 x 9 x 8 x 7 x
6 x 5 x 32 x 52 = 251, 596, 800). Therefore, the associated probability of a
successful random attempt is approximately 1 in 251,596,800, which is less
than 1 in 1,000,000 required by FIPS 140-2.
Wireless Client
WPA2-PSK
(Wireless Client
role)
Same mechanism strength as IKEv1/IKEv2 shared secret above.
Mesh AP WPA2
PSK (User role)
Same mechanism strength as IKEv1/IKEv2 shared secret above.