Installation guide

Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target

Page 9 of 85

Figure 3. Typical TOE deployment diagram

The TOE is a device used to control operation of multiple wireless access points and to provide

secure Wireless Local Area Network (WLAN) connectivity to a set of wireless client devices. The

TOE is installed at a wired network location, and is logically connected to a set of wireless access

point devices over a wired Ethernet network. Wireless access point devices are hardware radio

devices, which do not provide security functionalities and are used to tunnel wireless network traffic

between the TOE and wireless client devices.

The TOE protects data exchanged with wireless client devices using IEEE 802.11i wireless security

protocol, which provides data authentication and encryption using the AES-CCM cryptographic

algorithm. The TOE uses FIPS 140-2 compliant cryptographic implementations for all cryptographic

purposes and is operated in the FIPS 140-2 approved mode of operation.

Wireless users are required to authenticate before access to the wired network is granted by the

TOE. The authentication is based on IEEE 802.1X EAP-TLS, EAP-TTLS and PEAP authentication

protocols. The TOE acts as the 802.1X authenticator and utilizes services of an external RADIUS

authentication server to provide wireless user authentication. During the authentication phase the

TOE serves as an intermediary passing authentication messages between the wireless client

device and the external authentication server. If the authentication is successful, the authentication

server passes to the TOE 802.11i session keys used to establish a 802.11i secure connection

Audit

server

Auth

Server

Time

Server

IPSec/VPN tunnel

Switch

TOE

Local

Admin