Dell PowerConnect W-600 Controller Series Security Policy
Page 1
Aruba 620, 650 and Dell W620, W-650 Controllers with ArubaOS FIPS Firmware Non-Proprietary Security Policy FIPS 140-2 Level 2 Release Supplement
Aruba 620, 650 and Dell W620, W-650 Controllers with ArubaOS FIPS Firmware Non-Proprietary Security Policy FIPS 140-2 Level 2 Release Supplement
Dell PowerConnect W-600 Controller Series Security Policy
Page 2
...owners. www.arubanetworks.com 1344 Crossman Avenue Sunnyvale, California 94089 Phone: 408.227.4500 Fax 408.227.4550 Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement 0510888-02 | October 2011 Copyright © 2011 Aruba Networks, Inc. All rights reserved. Open Source ... logo, and Aruba Mobility Management System®. The Open Source code used can be taken against it ) voids the warranty. Dell™, the DELL™ logo, andPowerConnect™ are the property of those vendors. switching platforms and software, by that might be found at ...
...owners. www.arubanetworks.com 1344 Crossman Avenue Sunnyvale, California 94089 Phone: 408.227.4500 Fax 408.227.4550 Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement 0510888-02 | October 2011 Copyright © 2011 Aruba Networks, Inc. All rights reserved. Open Source ... logo, and Aruba Mobility Management System®. The Open Source code used can be taken against it ) voids the warranty. Dell™, the DELL™ logo, andPowerConnect™ are the property of those vendors. switching platforms and software, by that might be found at ...
Dell PowerConnect W-600 Controller Series Security Policy
Page 3
... Preface ...5 Purpose of this Document 5 Aruba Dell Relationship 5 Related Documents 6 Product Manuals 6 Additional Product Information 6 Chapter 1 The Aruba 620 and 650 Mobility Controllers 7 Overview ...7 Physical Description 8 Dimensions...8 Cryptographic Module Boundaries 8 Aruba 620 Chassis 8 Aruba 650 Chassis 11 Chapter 2 FIPS 140-2 Level 2 Features 15 Intended Level of Security...Chapter 3 Installing the Controller 29 Pre-Installation Checklist 29 Precautions...29 The Security Kit 30 Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement | 3
... Preface ...5 Purpose of this Document 5 Aruba Dell Relationship 5 Related Documents 6 Product Manuals 6 Additional Product Information 6 Chapter 1 The Aruba 620 and 650 Mobility Controllers 7 Overview ...7 Physical Description 8 Dimensions...8 Cryptographic Module Boundaries 8 Aruba 620 Chassis 8 Aruba 650 Chassis 11 Chapter 2 FIPS 140-2 Level 2 Features 15 Intended Level of Security...Chapter 3 Installing the Controller 29 Pre-Installation Checklist 29 Precautions...29 The Security Kit 30 Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement | 3
Dell PowerConnect W-600 Controller Series Security Policy
Page 4
Chapter 4 Chapter 5 Product Examination 30 Package Contents 30 Tamper-Evident Labels 30 Reading TELs 31 Required TEL Locations 31 Aruba 620 31 Aruba 650 34 Applying TELs 36 Ongoing Management 37 Crypto Officer Management 37 User Guidance...37 Setup and Configuration 39 Setting Up Your Controller 39 Enabling FIPS Mode 39 Enabling FIPS with the Setup Wizard 39 Enabling FIPS with the WebUI 39 Disallowed FIPS Mode Configurations 40 4 | Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement
Chapter 4 Chapter 5 Product Examination 30 Package Contents 30 Tamper-Evident Labels 30 Reading TELs 31 Required TEL Locations 31 Aruba 620 31 Aruba 650 34 Applying TELs 36 Ongoing Management 37 Crypto Officer Management 37 User Guidance...37 Setup and Configuration 39 Setting Up Your Controller 39 Enabling FIPS Mode 39 Enabling FIPS with the Setup Wizard 39 Enabling FIPS with the WebUI 39 Disallowed FIPS Mode Configurations 40 4 | Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement
Dell PowerConnect W-600 Controller Series Security Policy
Page 5
...Dell PowerConnect W line of products. Table 1 Aruba and Dell Part Numbers Aruba Part Number 620-F1 620-USF1 650-F1 650-USF1 Corresponding Dell Part Number W-620-F1 W-620-USF1 W-650-F1 W-650-USF1 References to Aruba, ArubaOS and Aruba 600 series apply to both the Aruba and Dell... versions of this Document This release supplement provides information regarding the Aruba 620 and 650 Mobility Controllers and Dell W-620 and W-650 controllers with FIPS 140-2 Level 2 validation from Aruba Networks. More information about the FIPS 140-2 standard and...
...Dell PowerConnect W line of products. Table 1 Aruba and Dell Part Numbers Aruba Part Number 620-F1 620-USF1 650-F1 650-USF1 Corresponding Dell Part Number W-620-F1 W-620-USF1 W-650-F1 W-650-USF1 References to Aruba, ArubaOS and Aruba 600 series apply to both the Aruba and Dell... versions of this Document This release supplement provides information regarding the Aruba 620 and 650 Mobility Controllers and Dell W-620 and W-650 controllers with FIPS 140-2 Level 2 validation from Aruba Networks. More information about the FIPS 140-2 standard and...
Dell PowerConnect W-600 Controller Series Security Policy
Page 6
... products from Aruba Networks: http://www.arubanetworks.com The Dell Web site contains information on the full line of products from Dell. related questions for answers to technical or sales- http://www.dell.com/ The NIST Validated Modules Web-site contains contact ...information for the product: http://csrc.nist.gov/groups/STM/cmvp/index.html 6 | Preface Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level ...
... products from Aruba Networks: http://www.arubanetworks.com The Dell Web site contains information on the full line of products from Dell. related questions for answers to technical or sales- http://www.dell.com/ The NIST Validated Modules Web-site contains contact ...information for the product: http://csrc.nist.gov/groups/STM/cmvp/index.html 6 | Preface Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level ...
Dell PowerConnect W-600 Controller Series Security Policy
Page 7
.... Aruba's ArubaOS Switch firmware. The switch configurations tested during the cryptographic module testing included: Aruba 620 (620-AOS-STD-FIPS-US) Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement The Aruba 620 and 650 Mobility Controllers | 7 The Aruba Mobility Controller solution provides advanced security and management of the...
.... Aruba's ArubaOS Switch firmware. The switch configurations tested during the cryptographic module testing included: Aruba 620 (620-AOS-STD-FIPS-US) Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement The Aruba 620 and 650 Mobility Controllers | 7 The Aruba Mobility Controller solution provides advanced security and management of the...
Dell PowerConnect W-600 Controller Series Security Policy
Page 8
...650 Mobility Controller is defined as a multi-chip standalone cryptographic module. Cryptographic Module Boundaries For FIPS 140-2 Level 2 validation, the Mobility Controller has been validated as encompassing the top, front, left, right, rear...FIPS Dell_PCW_6xx_6.1.2.3-FIPS Physical Description See "Aruba 620 Chassis" on page 8 or "Aruba 650 Chassis" on page 12for a list of what ships with PoE+ port 1x Gigabit Ethernet (1000BASE-T) port 1x ExpressCard® port 8 | The Aruba 620 and 650 Mobility Controllers Aruba 620, 650 and Dell W-620, W-650 | FIPS 140...
...650 Mobility Controller is defined as a multi-chip standalone cryptographic module. Cryptographic Module Boundaries For FIPS 140-2 Level 2 validation, the Mobility Controller has been validated as encompassing the top, front, left, right, rear...FIPS Dell_PCW_6xx_6.1.2.3-FIPS Physical Description See "Aruba 620 Chassis" on page 8 or "Aruba 650 Chassis" on page 12for a list of what ships with PoE+ port 1x Gigabit Ethernet (1000BASE-T) port 1x ExpressCard® port 8 | The Aruba 620 and 650 Mobility Controllers Aruba 620, 650 and Dell W-620, W-650 | FIPS 140...
Dell PowerConnect W-600 Controller Series Security Policy
Page 9
1x USB 2.0 port 1x AC input voltage 100-240 V, Universal Input Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement The Aruba 620 and 650 Mobility Controllers | 9
1x USB 2.0 port 1x AC input voltage 100-240 V, Universal Input Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement The Aruba 620 and 650 Mobility Controllers | 9
Dell PowerConnect W-600 Controller Series Security Policy
Page 10
Pushing the media eject button changes the state of the media eject button: 10 | The Aruba 620 and 650 Mobility Controllers Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement the table below describes the states and LED behaviors associated with a media eject button, which allows users to eject storage devices...
Pushing the media eject button changes the state of the media eject button: 10 | The Aruba 620 and 650 Mobility Controllers Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement the table below describes the states and LED behaviors associated with a media eject button, which allows users to eject storage devices...
Dell PowerConnect W-600 Controller Series Security Policy
Page 11
... non-rack deployments, the Aruba 620 is transmitting or receiving data No link on port 1000 Mbps 10/100 Mbps Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement The Aruba 620 and 650 Mobility Controllers | 11 Table 2 Media Eject Button LED Behavior Initial State LED State Action Status LED...
... non-rack deployments, the Aruba 620 is transmitting or receiving data No link on port 1000 Mbps 10/100 Mbps Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement The Aruba 620 and 650 Mobility Controllers | 11 Table 2 Media Eject Button LED Behavior Initial State LED State Action Status LED...
Dell PowerConnect W-600 Controller Series Security Policy
Page 12
...; 4x USB 2.0 port 1x AC input voltage 100-240 V, Universal Input 12 | The Aruba 620 and 650 Mobility Controllers Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement Table 3 Aruba 620 LED Status Indicators LED Label Function Indicator Status 10/100Base-T Ports LINK/ACT PoE 100 Link/Activity Status...
...; 4x USB 2.0 port 1x AC input voltage 100-240 V, Universal Input 12 | The Aruba 620 and 650 Mobility Controllers Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement Table 3 Aruba 620 LED Status Indicators LED Label Function Indicator Status 10/100Base-T Ports LINK/ACT PoE 100 Link/Activity Status...
Dell PowerConnect W-600 Controller Series Security Policy
Page 13
Pushing the media eject button changes the state of the Aruba 650 Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement The Aruba 620 and 650 Mobility Controllers | 13 Figure 3 Aruba 650 Mobility Controller Front View 10/100/1000Base-T Gigabit Ethernet Ports USB ... Eject Button 1000Base-X (SFP) Ports Figure 4 Aruba 650 Mobility Controller Rear View Antennae Interfaces (651 Only) Slot ExpressCard Slot AC Power Socket The Aruba 650 Series is equipped with a media eject button, which allows users to eject storage devices safely and place the system in standby.
Pushing the media eject button changes the state of the Aruba 650 Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement The Aruba 620 and 650 Mobility Controllers | 13 Figure 3 Aruba 650 Mobility Controller Front View 10/100/1000Base-T Gigabit Ethernet Ports USB ... Eject Button 1000Base-X (SFP) Ports Figure 4 Aruba 650 Mobility Controller Rear View Antennae Interfaces (651 Only) Slot ExpressCard Slot AC Power Socket The Aruba 650 Series is equipped with a media eject button, which allows users to eject storage devices safely and place the system in standby.
Dell PowerConnect W-600 Controller Series Security Policy
Page 14
the table below : Table 5 Aruba 650 Series LED Status Indicators LED Label Function Indicator Status Power Status POWER STATUS 1000Base-X Ports (SFP) LNK/ACT Input ...Solid Green) On (Flashing Green) Off Power on port 14 | The Aruba 620 and 650 Mobility Controllers Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement Table 4 Media Eject Button LED Behavior Initial State LED State Action Status LED Function LED Action Completed NAS ... in the table below describes the states and LED behaviors associated with use of the media eject button. Series;
the table below : Table 5 Aruba 650 Series LED Status Indicators LED Label Function Indicator Status Power Status POWER STATUS 1000Base-X Ports (SFP) LNK/ACT Input ...Solid Green) On (Flashing Green) Off Power on port 14 | The Aruba 620 and 650 Mobility Controllers Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement Table 4 Media Eject Button LED Behavior Initial State LED State Action Status LED Function LED Action Completed NAS ... in the table below describes the states and LED behaviors associated with use of the media eject button. Series;
Dell PowerConnect W-600 Controller Series Security Policy
Page 15
Table 5 Aruba 650 Series LED Status Indicators LED Label Function Indicator Status 10/100/1000Base-T Ports LNK/ACT 1000 10/100/1000Base-T Ports LINK/ACT with PoE PoE Link/... provided The attached device has requested PoE, but PoE is not being provided by the port PoE is not being provided Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement The Aruba 620 and 650 Mobility Controllers | 15
Table 5 Aruba 650 Series LED Status Indicators LED Label Function Indicator Status 10/100/1000Base-T Ports LNK/ACT 1000 10/100/1000Base-T Ports LINK/ACT with PoE PoE Link/... provided The attached device has requested PoE, but PoE is not being provided by the port PoE is not being provided Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement The Aruba 620 and 650 Mobility Controllers | 15
Dell PowerConnect W-600 Controller Series Security Policy
Page 16
16 | The Aruba 620 and 650 Mobility Controllers Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement
16 | The Aruba 620 and 650 Mobility Controllers Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement
Dell PowerConnect W-600 Controller Series Security Policy
Page 17
...opaque within the visible spectrum. Only Aruba Networks provided interfaces are intended to satisfy FIPS 140-2 Level 2 physical security requirements. The enclosure of the switch has been designed to meet overall FIPS 1402 Level 2 requirements as covered under "Tamper-Evident Labels" on page 30...., multi-processor standalone network device and is enclosed in Table 2-1. The control plane Operating System (OS) is non-modifiable. Chapter 2 FIPS 140-2 Level 2 Features Intended Level of Security The Aruba 620 and 650 Mobility Controllers and associated modules are used, and the CLI is ...
...opaque within the visible spectrum. Only Aruba Networks provided interfaces are intended to satisfy FIPS 140-2 Level 2 physical security requirements. The enclosure of the switch has been designed to meet overall FIPS 1402 Level 2 requirements as covered under "Tamper-Evident Labels" on page 30...., multi-processor standalone network device and is enclosed in Table 2-1. The control plane Operating System (OS) is non-modifiable. Chapter 2 FIPS 140-2 Level 2 Features Intended Level of Security The Aruba 620 and 650 Mobility Controllers and associated modules are used, and the CLI is ...
Dell PowerConnect W-600 Controller Series Security Policy
Page 18
..., VPN, and routing functionality of the modules. Control input consists of manual control inputs for media eject. Table 2 FIPS 140-2 Logical Interfaces FIPS 140-2 Logical Interfaces Module Physical Interface Data Input Interface Data Output Interface Control Input Interface Status Output Interface Power Interface 10/100 Mbps Ethernet... switch while using the management interfaces. Status output consists of self-tests, configuration errors, and monitoring data. 16 | FIPS 140-2 Level 2 Features Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement
..., VPN, and routing functionality of the modules. Control input consists of manual control inputs for media eject. Table 2 FIPS 140-2 Logical Interfaces FIPS 140-2 Logical Interfaces Module Physical Interface Data Input Interface Data Output Interface Control Input Interface Status Output Interface Power Interface 10/100 Mbps Ethernet... switch while using the management interfaces. Status output consists of self-tests, configuration errors, and monitoring data. 16 | FIPS 140-2 Level 2 Features Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement
Dell PowerConnect W-600 Controller Series Security Policy
Page 19
... by analyzing the packets header information and contents. The switch distinguishes between different forms of initialization. There are two roles in FIPS mode. See the table below for this mode by FIPS 140-2 Level 2) that operators may assume: a Crypto Officer role and a User role. Crypto Officer's password (read access) RSA or ...User role. A power supply is provided through the connected Ethernet cable. Session keys for IKEv1/IKEv2 (read /write access) Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement FIPS 140-2 Level 2 Features | 17
... by analyzing the packets header information and contents. The switch distinguishes between different forms of initialization. There are two roles in FIPS mode. See the table below for this mode by FIPS 140-2 Level 2) that operators may assume: a Crypto Officer role and a User role. Crypto Officer's password (read access) RSA or ...User role. A power supply is provided through the connected Ethernet cable. Session keys for IKEv1/IKEv2 (read /write access) Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement FIPS 140-2 Level 2 Features | 17
Dell PowerConnect W-600 Controller Series Security Policy
Page 20
...) Configuring DHCP Configure DHCP on Bypass Operation the module Commands and configuration data Status of commands and configuration data None 18 | FIPS 140-2 Level 2 Features Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement configure the SNMP agent Commands and configuration data Status of commands and configuration data Crypto Officer's password for...
...) Configuring DHCP Configure DHCP on Bypass Operation the module Commands and configuration data Status of commands and configuration data None 18 | FIPS 140-2 Level 2 Features Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement configure the SNMP agent Commands and configuration data Status of commands and configuration data Crypto Officer's password for...