User Manual Part 2
Wi-Fi Array
458
Additional information regarding implementation of PCI DSS on the Wi-Fi Array
is described in the Xirrus White Paper, PCI Data Security Standard, available on
the Xirrus web site.
The pci-audit Command
The Array provides a CLI command, pci-audit (part of the management
command), that checks whether the Array’s configuration satisfies PCI DSS
wireless requirements. This command does not change any parameters, but will
inform you of any violations that exist. Furthermore, the command pci-audit
enable will put the Array in PCI Mode and monitor changes that you make to the
Array’s configuration in CLI or the WMI. PCI Mode will warn you (and issue a
Syslog message) if the change violates PCI DSS requirements. A warning is issued
when a non-compliant change is first applied to the Array, and also if you attempt
to save a configuration that is non-compliant. Use this command in conjunction
( )
( )
Check that external RADIUS servers have been
configured for use with 802.1x and WPA/WPA2
wireless security.
Ensure that Array Administration Accounts are
being validated by External RADIUS servers.
SSIDs, p. 243 and
Global Settings, p. 231
Admin RADIUS,
p. 218
( ) Ensure that each Xirrus Array is physically
inaccessible such that console ports and
management ports are not accessible.
Dismounting the Array,
p. 99
See Indoor Enclosure
( )
( )
Enable syslog messaging and define a syslog
server on the wired network to receive syslog
messages.
Enable NTP and define an NTP server (optional).
System Log, p. 196
Time Settings (NTP),
p. 192
( ) Enable the RF Monitor radio in the Xirrus Array.
Categorize known or approved devices as such.
Respond to any alert of unknown or unapproved
wireless devices discovered by the RF Monitor.
IAP Settings, p. 271
Rogue Control List,
p. 241
Intrusion Detection,
p. 145
Xirrus Wi-Fi Array Configuration for PCI DSS See...