Manual Dell PowerConnect W-AP92

45 pages Not applicable
Download

Go to site of 45

Summary
  • Dell PowerConnect W-AP92 - page 1

    1 FIPS 140-2 Non-Proprietary Security Policy for A ruba A P- 92, AP-93, AP- 105 , AP -1 75 Dell W- A P9 2, W- A P9 3, W- A P105 and W- AP 175 Wireless A cc ess Points Version 1.2 Feb. 20 12 Aruba Networks™ 1322 Crossman Ave. Sunnyvale, C A 94089-1113 ...

  • Dell PowerConnect W-AP92 - page 2

    2 ...

  • Dell PowerConnect W-AP92 - page 3

    3 1 INTRODUCTION .................................................................................................................................. 5 1.1 A RUBA D ELL R ELATIONSHI P ............................................................................................................. 5 1.2 A CRONYMS AND A BBREVIATIO NS ...................... ...

  • Dell PowerConnect W-AP92 - page 4

    4 3.2.5 AP -175 TEL Placemen t ............................................................................................................ 23 3.2.5.1 To detec t access to restricted ports: ................................................................................... 23 3.2.5.2 To detec t opening of the chassis cover: ........................ ...

  • Dell PowerConnect W-AP92 - page 5

    5 1 Introduction This document constitutes t he non-pro prietary Cryptographic Module Security Polic y for the AP -92, AP- 93, AP-105 and AP-175 Wir eless Access Points with FIPS 1 40 -2 Level 2 validation fro m Aruba Networks. This security polic y describes ho w the AP meets the security require ments of FIPS 140 -2 Level 2, and how to place and ...

  • Dell PowerConnect W-AP92 - page 6

    6 GE Gigabit Ethernet GHz Gigahertz HMAC Hashed Mes sage Authenticati on Code Hz Hertz IKE Internet Key Exchange IPSec Internet Protoco l security KAT Known Ans wer Test KEK Key Encryption Key L2TP Layer-2 Tunneling Pro tocol LAN Local Area Network LED Light Emitting Diode SHA Secure Hash Algorithm SNMP Simple Network Management P rotocol SPOE Seri ...

  • Dell PowerConnect W-AP92 - page 7

    7 2 Product O verview This section i ntroduces the va rious Aruba W ireless Access Points, pro viding a brief overv iew and summar y of the physical features of eac h model covered b y this FIPS 140 -2 security policy. 2.1 AP - 92 This section introduces t he Aruba AP-92 Wireless Access P oint (AP) with FIPS 140 -2 Level 2 validation. It describes ...

  • Dell PowerConnect W-AP92 - page 8

    8 The exact firmware versio ns tested were:  ArubaOS_6 xx_6.1.2.3 -FIPS  Dell_P CW_6xx_6.1.2.3 -FIPS 2.1.1.1 Dimensions/Weight The AP has the follo wing physical dimensions:  120 mm x 130 mm x 35 mm (4.7" x 5.1" x 1.4")  255 g (9 oz) 2.1.1.2 Interfaces The module provides the follo wing network inter faces:  1 x 10 /10 ...

  • Dell PowerConnect W-AP92 - page 9

    9 Label Function Action Status On – Green 2.4GHz radio enabled in 802.11 n mode Flashing - Green 2.4GHz Air monitor o r RF protect sensor 11a/n 5GHz Radio Status Off 5GHz radio disabled On - Amber 5GHz radio en abled in WLAN mode On – Green 5GHz radio enabled in 802.11n mode Flashing - Green 5GHz A ir m onitor or RF p rotect sensor 2.2 AP - 93 ...

  • Dell PowerConnect W-AP92 - page 10

    10 The plastic case p hysically encloses the co mplete set of hard ware and software co mponents and repr esents the cryptographic boundar y of the module. The Access Point config uration tested during the cr yptographic module testi ng included: Aruba Part Number Dell Corresponding Part N umber AP - 93 - F1 W-AP93- F1 The exact firmware versio ns ...

  • Dell PowerConnect W-AP92 - page 11

    11 Label Function Act ion Status Flashing Ethernet link activity 11b/g/n 2.4GHz Radio Status Off 2.4GHz rad io disabled On – Amber 2.4GHz radio enabled in WLAN mode On – Green 2.4GHz radio enabled in 802 .11n mode Flashing - Green 2.4GHz Air monitor o r RF protect sensor 11a/n 5GHz Radio Status Off 5GHz radio disabled On - Amber 5GHz radio enab ...

  • Dell PowerConnect W-AP92 - page 12

    12 2.3.1 Physical Description The Aruba AP-1 05 Acces s Point is a multi -chip standalone cryptographic module co nsisting of hard ware and software, all contained i n a hard plas tic case. T he module contains two dual-band 2.4-GHz/5- GHz 802.11 a/b/g/n transcei vers, an d 4 x integrated, o mni-directional anten na elements (supp orting up to 2x2 ...

  • Dell PowerConnect W-AP92 - page 13

    13 ENET Ethernet Net work Link Status / Activity Off Ethernet link unavailable On – Amber 10/100Mbs Ethernet link negotiated On – Green 1000Mbs Ethernet link ne goti ated Flashing Ethernet link activity 11b/g/n 2.4GHz Radio Status Off 2.4GHz rad io disabled On – Amber 2.4GHz rad io enabled in WLAN mode On – Green 2.4GHz rad io enabled in 80 ...

  • Dell PowerConnect W-AP92 - page 14

    14 2.4.1 Physical Description The Aruba AP-17 5 Access Point is a multi-chip standalone cryptograp hic module consisting o f hardware and software, all contained i n a hard case. T he module contains two 802. 11 a/b/g/n transceivers, and 4 x N- type female interfaces (2 x 2.4 GHz, 2 x 5 GHz) for external antenna s upport (suppor ts MIMO) The hard c ...

  • Dell PowerConnect W-AP92 - page 15

    15 2.4.1.3 Indicator LEDs There is an array of LEDs which op erate as follo ws: Table 5- AP - 175 Indicato r LEDs Label LED Position Function Action Status PWR D11 AP power / s ystem status Off No power to AP Red System Alarm Flashing - Green Power did not connect well or equipment failure On - Green Device ready ENET0 D15 Ethernet Network Link Sta ...

  • Dell PowerConnect W-AP92 - page 16

    16 3 Module Objecti ves This section describes the a ssurance le vels for each of the areas d escribed in the FIPS 140 -2 Standar d. In addition, it pro vides information on placing the module in a FIPS 1 40 -2 appro ved configuration. 3.1 Security Levels Section Section Title Level 1 Cryptographic Module Sp ecification 2 2 Cryptographic Module P o ...

  • Dell PowerConnect W-AP92 - page 17

    17 3.2.2 AP - 92 TEL Placeme nt This section displays all the TEL locations of the Aruba AP -92. The AP- 92 req uires a minimum of 3 TELs to be applied as follo ws: 3.2.2.1 To detect access to re stricted ports: 1. Spanning the serial port 3.2.2.2 To detect openin g of the chassis cover: 2. Spanning the bottom and top chassis co vers on the right s ...

  • Dell PowerConnect W-AP92 - page 18

    18 Figure7 - Aruba AP-92 Tel placement right view Figure 8 - Aruba AP-92 Tel place ment top view ...

  • Dell PowerConnect W-AP92 - page 19

    19 Figure 9 - Aruba AP-92 Tel place ment botto m view 3.2.3 AP - 93 TEL Placeme nt This section displays all the TEL locations of the Aruba AP - 93 . T he AP-93 req uires a minimum of 3 T ELs to be applied as follo ws: 3.2.3.1 To detect access to re stricted ports: 1. Spanning the serial port 3.2.3.2 To detect openin g of the chassi s cover: 2. Spa ...

  • Dell PowerConnect W-AP92 - page 20

    20 Figure 11 - Aruba AP- 93 Tel placement left view Figure 12 - Aruba AP- 93 Tel placement right view Figure 13 - Aruba AP- 93 Tel placement botto m view ...

  • Dell PowerConnect W-AP92 - page 21

    21 Figure 14 - Aruba AP- 93 Tel placement top view 3.2.4 AP -105 TE L Placement This section displays all the T EL locations of the Aruba AP -105. T he AP -105 req uires a minimum of 3 TELs to be applied as follows: 3.2.4.1 To detect op ening of the chassis cover : 1. Spanning the bottom and top chassis co vers on the left side 2. Spanning the bott ...

  • Dell PowerConnect W-AP92 - page 22

    22 Figure 16 - Aruba AP- 105 Tel placement left view Figure 17 - Aruba AP- 105 Tel placement right v iew Power Input Inlet Figure 18 - Aruba AP- 105 Tel placement top view ...

  • Dell PowerConnect W-AP92 - page 23

    23 Figure 19 - Aruba AP- 105 Tel placement bottom view 3.2.5 AP -175 TE L Placement This section displays all the T EL locations o f the Aruba AP -175. T he AP -175 req uires a minimum o f 6 TELs to be applied as follows: 3.2.5.1 To detect access to restricted ports : 1. Spanning the USB console po rt 2. Spanning the power connector plug (AP -175P ...

  • Dell PowerConnect W-AP92 - page 24

    24 Figure 20 - Aruba AP- 175 Tel placement back view Figure 21 - Aruba AP -175 Tel placement left view Figure 22 - Aruba AP- 175 Tel placement right view ...

  • Dell PowerConnect W-AP92 - page 25

    25 Figure 23 - Aruba AP- 175 Tel placement top view Figure 24 - Aruba AP- 175 Tel placement bottom view 3.2.6 Inspection/Testing of Physical Security Mechanisms Physical Security M echanism Recommended Te st Frequency Guidance Tamper-evident labels (T ELs) Once per month Examine for an y sign of r emoval, replacement, tearing, etc. See images above ...

  • Dell PowerConnect W-AP92 - page 26

    26 3.3 Modes of Operat ion The module has the following FIP S approved modes of operations: • Remote AP ( RAP) FIPS mode – When the module is configured as a Remote AP, it is i ntended to be deployed in a remote location (relative to the Mobility C o ntroller). The m odule provides cryptographic processing i n the form of I PSec for all traf fi ...

  • Dell PowerConnect W-AP92 - page 27

    27 6. If the s taging co ntroller do es not pro vide Po E, either ensure the presence of a PoE injector for the LAN connection bet ween t he module and the controller, o r ensure the prese nce o f a DC po wer supply appropriate to the particular model of the module. 7. Connect the module via a n Ethernet cable to the sta ging controller ; note that ...

  • Dell PowerConnect W-AP92 - page 28

    28 7. Connect the module via a n Ethernet cable to the sta ging controller ; note that this s hould be a direct connection, with no intervening net work or devices; if PoE is being supplied b y an inj ector, this represents the o nly exception. T hat is, nothing o ther than a P oE injecto r should be prese nt bet ween the module and the sta ging co ...

  • Dell PowerConnect W-AP92 - page 29

    29 the AP a s Re mote Mesh P ortal b y filling in the form appr opriately. Detailed steps are l isted in Section “ Pro visioning an I ndividual AP ” o f Chapter “ The Basic User-Centric Net works ” of t he Aruba OS User Guide. Click “Apply and Reboo t” to complete the pro visioning process. a. During the provisio ning pro cess as Remote ...

  • Dell PowerConnect W-AP92 - page 30

    30 represents the o nly exception. That is, not hing other than a P oE injector should be pr esent bet ween the module and the sta ging controller. 8. Once the module is connected to the controller b y the Ethernet cable, navigate to the Configuration > Wireless > AP Installation page, where you should see an entry for the AP. Select that AP, ...

  • Dell PowerConnect W-AP92 - page 31

    31 3.5 Logical Interfaces The phy sical interfaces are divided in to logical interfaces defined b y FIPS 140 -2 as descr ibed in th e following table. Table 6 - FIPS 140 - 2 Logical Interfaces FIPS 140- 2 Logical Interface Module Physical Interfa ce Data Input Interface 10/100/10 00 Ethernet Ports 802.11a/b/g/n Radio T ransceiver Data Output Interf ...

  • Dell PowerConnect W-AP92 - page 32

    32 4 Roles, Authentication and Ser vices 4.1 Roles The module supp orts the roles of Cr ypto Officer, User, and W ireless Client; no ad ditional roles (e.g., Maintenance) are suppo rted. Administrative operatio ns car ried out by the Aruba Mob ilit y Contr oller map to the Crypto Of ficer ro le. The C r ypto Officer ha s t he ability to configure, ...

  • Dell PowerConnect W-AP92 - page 33

    33 4.1.2 User Authentication Authentication for the User ro le depends on the module confi guratio n. When the module i s co nfigured as a Remote Mesh Por tal FIPS mo de and Re mote Mesh Point FI PS mode, the U ser role is a uthenticated via t he WPA2 p re-shared key. When the module is co nfigured as a Remote AP FIPS mode a nd CP Sec protected AP ...

  • Dell PowerConnect W-AP92 - page 34

    34 Authentication Mechanis m Mechanis m Strength Wireless Client WPA2-PSK (Wireless Client role) For WPA2 -PSK there are at least 95 ^16 (=4.4 x 10 ^31) possible combinations. In order to test a guessed key, the attac ker must co mplete the 4-way handshake with the AP. P rior to completing the 4 -wa y handshake, the attacker must co mplete the 802. ...

  • Dell PowerConnect W-AP92 - page 35

    35 4.2 Services The module provides vario us services dependi ng on role. These are d escribed belo w. 4.2.1 Crypto Officer Services The CO role in each of FIP S modes d efined in section 3.3 has the same ser vices Service Description CSPs Accessed (see section 6 below for co mplete description o f CSPs) FIPS mode enable/di sable The CO selects/de ...

  • Dell PowerConnect W-AP92 - page 36

    36 Service Description CSPs Accessed (see section 6 below for co mplete description o f CSPs) Creation/use of secure management session bet ween module and CO The module supports use of IPSec for securing the management channel.  IKEv1/IKEv2 P reshared Secret  DH Pr ivate Key  DH Public Key  IPSec session encryption keys  IPSec sessi ...

  • Dell PowerConnect W-AP92 - page 37

    37 Service Description CSPs Accessed (see section 6 below for co mplete description o f CSPs)  802 .11i AES-CCM key  802 .11i GMK  802 .11i GTK Use of WPA pre -shared key fo r establishment of IEEE 802.11i keys When the module is i n mesh configuration, the inter -module mesh links are secured with 802.11i. This is authe nticated with a sh ...

  • Dell PowerConnect W-AP92 - page 38

    38  System stat us – SYSLOG and module LEDs  802 .11 a/b/g/n  FTP  T FTP  NTP  GRE tunneli ng of 802.11 wireless user frames (when actin g as a “Local AP”)  Reboot module by removing/rep lacing power  Self-test and i nitialization at po wer- on ...

  • Dell PowerConnect W-AP92 - page 39

    39 5 Cryptographic Algori thms FIPS-approved cryptographic algorithms have b een i mplemented in hard ware and firmwar e. The firmware suppo rts the following cryptographic i mplementations.  ArubaOS Open SSL AP Mod ule implements the following F IPS -app roved algorithms: o AES (Cert. #1851) o HMAC (Cert. #1099) o RNG (Cert. #970) o RSA (Cert. ...

  • Dell PowerConnect W-AP92 - page 40

    40 6 Critical Security Para meters The following Critical Sec urity Parameters (CSP s) are used b y the module: CSP CSP TYPE GENERATION STORAGE And ZEROIZATI ON USE Key E ncryption Key (KEK) Triple-DES 168 -bits key Hard-coded Stored in flash, zeroized b y the ‘ap wipe out flash’ command. Encrypts IKEv1/IKEv2 preshared keys and configuration pa ...

  • Dell PowerConnect W-AP92 - page 41

    41 CSP CSP TYPE GENERATION STORAGE And ZEROIZATI ON USE IKEv1/IKEv2 Diffie - Hellman Private key 1024 -bit Diffie- Hellman private key Generated internall y during IKEv1/IKEv2 negotiation Stored in plaintext in volatile memory; zeroized when session is closed or system is powered off Used in establishing the session key for IPSec IKEv1/IKEv2 Diffie ...

  • Dell PowerConnect W-AP92 - page 42

    42 CSP CSP TYPE GENERATION STORAGE And ZEROIZATI ON USE WPA2 PSK 16 - 64 character shared secret used to authenticate mesh connections and in remote AP advanced configuration CO configured Encrypted in flash using the KEK; zeroized by updating through administrative interface, or by the ‘ap wipe out flash’ command. Used to der ive the PMK for 8 ...

  • Dell PowerConnect W-AP92 - page 43

    43 CSP CSP TYPE GENERATION STORAGE And ZEROIZATI ON USE 802.11i Gro up Master Key (GMK) 256 -bit se cret used to derive GTK Generated from appro ved RNG Stored in plaintext in volatile memory; zeroized o n reboot Used to derive Group Transient Key (GTK) 802.11i Gro up Transient Key (GTK) 256 -bit shared secret used to derive group (multicast) encry ...

  • Dell PowerConnect W-AP92 - page 44

    44 7 Self T est s The module perfor ms the follo wing Self Tests after being config ured into e ither Remote AP mode or Remote Mesh P ortal mode . The module per forms both p ower -up and conditiona l self-test s. In the e vent any self-test fails, the module enters an error state, logs the er ror, and reb oots automatically. The module performs th ...

  • Dell PowerConnect W-AP92 - page 45

    45 Self-test results are written to the serial console. In the event of a K ATs failure, the AP logs different messages, d epending on the error. For an ArubaOS Open SSL AP module and ArubaOS cryptograp hic module KAT failure: AP rebooted [DATE][TIME] : Restarting System, SW FIPS KAT failed For an AES Atheros hard ware POST failure: Starting HW SHA ...

Manufacturer Dell Category Access Point

Documents that we receive from a manufacturer of a Dell PowerConnect W-AP92 can be divided into several groups. They are, among others:
- Dell technical drawings
- PowerConnect W-AP92 manuals
- Dell product data sheets
- information booklets
- or energy labels Dell PowerConnect W-AP92
All of them are important, but the most important information from the point of view of use of the device are in the user manual Dell PowerConnect W-AP92.

A group of documents referred to as user manuals is also divided into more specific types, such as: Installation manuals Dell PowerConnect W-AP92, service manual, brief instructions and user manuals Dell PowerConnect W-AP92. Depending on your needs, you should look for the document you need. In our website you can view the most popular manual of the product Dell PowerConnect W-AP92.

A complete manual for the device Dell PowerConnect W-AP92, how should it look like?
A manual, also referred to as a user manual, or simply "instructions" is a technical document designed to assist in the use Dell PowerConnect W-AP92 by users. Manuals are usually written by a technical writer, but in a language understandable to all users of Dell PowerConnect W-AP92.

A complete Dell manual, should contain several basic components. Some of them are less important, such as: cover / title page or copyright page. However, the remaining part should provide us with information that is important from the point of view of the user.

1. Preface and tips on how to use the manual Dell PowerConnect W-AP92 - At the beginning of each manual we should find clues about how to use the guidelines. It should include information about the location of the Contents of the Dell PowerConnect W-AP92, FAQ or common problems, i.e. places that are most often searched by users in each manual
2. Contents - index of all tips concerning the Dell PowerConnect W-AP92, that we can find in the current document
3. Tips how to use the basic functions of the device Dell PowerConnect W-AP92 - which should help us in our first steps of using Dell PowerConnect W-AP92
4. Troubleshooting - systematic sequence of activities that will help us diagnose and subsequently solve the most important problems with Dell PowerConnect W-AP92
5. FAQ - Frequently Asked Questions
6. Contact detailsInformation about where to look for contact to the manufacturer/service of Dell PowerConnect W-AP92 in a specific country, if it was not possible to solve the problem on our own.

Do you have a question concerning Dell PowerConnect W-AP92?

Use the form below

If you did not solve your problem by using a manual Dell PowerConnect W-AP92, ask a question using the form below. If a user had a similar problem with Dell PowerConnect W-AP92 it is likely that he will want to share the way to solve it.

Copy the text from the picture

Comments (0)