Reference Guide
39
6. Select Remote APs managed by a Mobility Controller from the drop down menu.
7. Enter the IP address of the mobility controller.
8. Click Convert Now to complete the conversion
9. The RAP will reboot and begin operating in unprovisioned RAP mode.
Note: the pre-configuration steps convert each RAP into an unprovisioned RAP mode (non-
approved mode). After that, the CO shall follow the steps in the next section to enable FIPS
mode.
8.2 Configuring Remote AP FIPS Mode
1. Apply TELs according to the directions in section 3.2
2. Log into the administrative console of the staging controller
3. Deploying the AP in Remote FIPS mode configure the controller for supporting Remote APs, For
detailed instructions and steps, see Section “Configuring the Secure Remote Access Point Service”
in Chapter “Remote Access Points” of the Aruba OS User Manual.
4. Enable FIPS mode on the controller. This is accomplished by going to the Configuration >
Network > Controller > System Settings page (this is the default page when you click the
Configuration tab), and clicking the FIPS Mode for Mobility Controller Enable checkbox.
5. Enable FIPS mode on the AP. This accomplished by going to the Configuration > Wireless > AP
Configuration > AP Group page. There, you click the Edit button for the appropriate AP group,
and then select AP > AP System Profile. Then, check the “Fips Enable” box, check “Apply”, and
save the configuration.
6. If the staging controller does not provide PoE, either ensure the presence of a PoE injector for the
LAN connection between the module and the controller, or ensure the presence of a DC power
supply appropriate to the particular model of the module.
7. Connect the module via an Ethernet cable to the staging controller; note that this should be a direct
connection, with no intervening network or devices; if PoE is being supplied by an injector, this
represents the only exception. That is, nothing other than a PoE injector should be present between
the module and the staging controller.
8. Once the module is connected to the controller by the Ethernet cable, navigate to the
Configuration > Wireless > AP Installation page, where you should see an entry for the AP.
Select that AP, click the “Provision” button, which will open the provisioning window. Now
provision the AP as Remote AP by filling in the form appropriately. Detailed steps are listed in
section entitled “Provisioning an Individual AP” in the ArubaOS User Guide. Click “Apply and
Reboot” to complete the provisioning process.
a. During the provisioning process as Remote AP if Pre-shared key is selected to be the
Remote AP Authentication Method, the IKE pre-shared key (which is at least 8
characters in length) is input to the module during provisioning. Generation of this key is
outside the scope of this policy. In the initial provisioning of an AP, this key will be
entered in plaintext; subsequently, during provisioning, it will be entered encrypted over
the secure IPSec session. If certificate based authentication is chosen, the AP’s RSA or
ECDSA key pair is used to authenticate AP to controller during IPSec.
9. Via the logging facility of the staging controller, ensure that the module (the AP) is successfully
provisioned with firmware and configuration
10. Terminate the administrative session
11. Disconnect the module from the staging controller, and install it on the deployment network; when
power is applied, the module will attempt to discover and connect to an Aruba Mobility Controller
on the network.