Dell PowerConnect W-600 Controller Series Security Policy
Page 1
Aruba 620, 650 and Dell W620, W-650 Controllers with ArubaOS FIPS Firmware Non-Proprietary Security Policy FIPS 140-2 Level 2 Release Supplement
Aruba 620, 650 and Dell W620, W-650 Controllers with ArubaOS FIPS Firmware Non-Proprietary Security Policy FIPS 140-2 Level 2 Release Supplement
Dell PowerConnect W-600 Controller Series Security Policy
Page 2
...®. www.arubanetworks.com 1344 Crossman Avenue Sunnyvale, California 94089 Phone: 408.227.4500 Fax 408.227.4550 Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement 0510888-02 | October 2011 The Open Source code used can be taken against it ) voids the warranty.... from any and all individuals or corporations, to infringement of copyright on behalf of Dell Inc. For more information, refer to the GNU General ...
...®. www.arubanetworks.com 1344 Crossman Avenue Sunnyvale, California 94089 Phone: 408.227.4500 Fax 408.227.4550 Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement 0510888-02 | October 2011 The Open Source code used can be taken against it ) voids the warranty.... from any and all individuals or corporations, to infringement of copyright on behalf of Dell Inc. For more information, refer to the GNU General ...
Dell PowerConnect W-600 Controller Series Security Policy
Page 3
... Preface ...5 Purpose of this Document 5 Aruba Dell Relationship 5 Related Documents 6 Product Manuals 6 Additional Product Information 6 Chapter 1 The Aruba 620 and 650 Mobility Controllers 7 Overview ...7 Physical Description 8 Dimensions...8 Cryptographic Module Boundaries 8 Aruba 620 Chassis 8 Aruba 650 Chassis 11 Chapter 2 FIPS 140-2 Level 2 Features 15 Intended Level of Security...Chapter 3 Installing the Controller 29 Pre-Installation Checklist 29 Precautions...29 The Security Kit 30 Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement | 3
... Preface ...5 Purpose of this Document 5 Aruba Dell Relationship 5 Related Documents 6 Product Manuals 6 Additional Product Information 6 Chapter 1 The Aruba 620 and 650 Mobility Controllers 7 Overview ...7 Physical Description 8 Dimensions...8 Cryptographic Module Boundaries 8 Aruba 620 Chassis 8 Aruba 650 Chassis 11 Chapter 2 FIPS 140-2 Level 2 Features 15 Intended Level of Security...Chapter 3 Installing the Controller 29 Pre-Installation Checklist 29 Precautions...29 The Security Kit 30 Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement | 3
Dell PowerConnect W-600 Controller Series Security Policy
Page 4
Chapter 4 Chapter 5 Product Examination 30 Package Contents 30 Tamper-Evident Labels 30 Reading TELs 31 Required TEL Locations 31 Aruba 620 31 Aruba 650 34 Applying TELs 36 Ongoing Management 37 Crypto Officer Management 37 User Guidance...37 Setup and Configuration 39 Setting Up Your Controller 39 Enabling FIPS Mode 39 Enabling FIPS with the Setup Wizard 39 Enabling FIPS with the WebUI 39 Disallowed FIPS Mode Configurations 40 4 | Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement
Chapter 4 Chapter 5 Product Examination 30 Package Contents 30 Tamper-Evident Labels 30 Reading TELs 31 Required TEL Locations 31 Aruba 620 31 Aruba 650 34 Applying TELs 36 Ongoing Management 37 Crypto Officer Management 37 User Guidance...37 Setup and Configuration 39 Setting Up Your Controller 39 Enabling FIPS Mode 39 Enabling FIPS with the Setup Wizard 39 Enabling FIPS with the WebUI 39 Disallowed FIPS Mode Configurations 40 4 | Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement
Dell PowerConnect W-600 Controller Series Security Policy
Page 5
... modules. Government requirements for the Aruba Mobility Controller. FIPS 140-2 (Federal Information Processing Standards Publication 140-2, Security Requirements for the Dell PowerConnect W line of these products and documentation. Preface This...series apply to Aruba software other than branding. The contents of this document will use the Aruba 620 and 650 as part of the FIPS 140-2 Level 2 validation of FIPS 140-2 Level 2 and how to place and maintain the switch in this supplement modifies the general Aruba hardware and firmware documentation included with FIPS 140...
... modules. Government requirements for the Aruba Mobility Controller. FIPS 140-2 (Federal Information Processing Standards Publication 140-2, Security Requirements for the Dell PowerConnect W line of these products and documentation. Preface This...series apply to Aruba software other than branding. The contents of this document will use the Aruba 620 and 650 as part of the FIPS 140-2 Level 2 validation of FIPS 140-2 Level 2 and how to place and maintain the switch in this supplement modifies the general Aruba hardware and firmware documentation included with FIPS 140...
Dell PowerConnect W-600 Controller Series Security Policy
Page 6
related questions for answers to technical or sales- Aruba 620 and 650 Mobility Controllers with ArubaOS FIPS Firmware Non-Proprietary Security Policy (this document) Aruba 620 Mobility Controller Installation Guide Aruba 650 Mobility Controller Installation Guide ...information on the full line of products from Aruba Networks: http://www.arubanetworks.com The Dell Web site contains information on the full line of products from Dell. http://www.dell.com/ The NIST Validated Modules Web-site contains contact information for the product: http://csrc...
related questions for answers to technical or sales- Aruba 620 and 650 Mobility Controllers with ArubaOS FIPS Firmware Non-Proprietary Security Policy (this document) Aruba 620 Mobility Controller Installation Guide Aruba 650 Mobility Controller Installation Guide ...information on the full line of products from Aruba Networks: http://www.arubanetworks.com The Dell Web site contains information on the full line of products from Dell. http://www.dell.com/ The NIST Validated Modules Web-site contains contact information for the product: http://csrc...
Dell PowerConnect W-600 Controller Series Security Policy
Page 7
...address the needs of the corporate RF environment and enforces User security and service policies to both wired and wireless users. The Aruba Wireless FIPS 140-2 Level 2 validated Mobility Controlling platform serves value-add high speed data and QoS assured voice services to provide load balancing, rate limiting, ...-linked onto the wired network. The switch configurations tested during the cryptographic module testing included: Aruba 620 (620-AOS-STD-FIPS-US) Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement The Aruba 620 and 650 Mobility Controllers | 7
...address the needs of the corporate RF environment and enforces User security and service policies to both wired and wireless users. The Aruba Wireless FIPS 140-2 Level 2 validated Mobility Controlling platform serves value-add high speed data and QoS assured voice services to provide load balancing, rate limiting, ...-linked onto the wired network. The switch configurations tested during the cryptographic module testing included: Aruba 620 (620-AOS-STD-FIPS-US) Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement The Aruba 620 and 650 Mobility Controllers | 7
Dell PowerConnect W-600 Controller Series Security Policy
Page 8
...620 controller in a standard 19-inch rack. Dell W-620 Aruba 650 (650-AOS-STD-FIPS-US) Dell W-650 The exact firmware versions tested were: ArubaOS_6xx_6.1.2.3-FIPS Dell_PCW_6xx_6.1.2.3-FIPS Physical Description See "Aruba 620 Chassis" on page 8...1x ExpressCard® port 8 | The Aruba 620 and 650 Mobility Controllers Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement Cryptographic Module Boundaries For FIPS 140-2 Level 2 validation, the Mobility Controller has been validated as encompassing the top, front, left, ...
...620 controller in a standard 19-inch rack. Dell W-620 Aruba 650 (650-AOS-STD-FIPS-US) Dell W-650 The exact firmware versions tested were: ArubaOS_6xx_6.1.2.3-FIPS Dell_PCW_6xx_6.1.2.3-FIPS Physical Description See "Aruba 620 Chassis" on page 8...1x ExpressCard® port 8 | The Aruba 620 and 650 Mobility Controllers Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement Cryptographic Module Boundaries For FIPS 140-2 Level 2 validation, the Mobility Controller has been validated as encompassing the top, front, left, ...
Dell PowerConnect W-600 Controller Series Security Policy
Page 9
1x USB 2.0 port 1x AC input voltage 100-240 V, Universal Input Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement The Aruba 620 and 650 Mobility Controllers | 9
1x USB 2.0 port 1x AC input voltage 100-240 V, Universal Input Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement The Aruba 620 and 650 Mobility Controllers | 9
Dell PowerConnect W-600 Controller Series Security Policy
Page 10
... the media eject button changes the state of the media eject button: 10 | The Aruba 620 and 650 Mobility Controllers Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement the table below describes the states and LED behaviors associated with a media eject button, which allows users to eject storage devices...
... the media eject button changes the state of the media eject button: 10 | The Aruba 620 and 650 Mobility Controllers Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement the table below describes the states and LED behaviors associated with a media eject button, which allows users to eject storage devices...
Dell PowerConnect W-600 Controller Series Security Policy
Page 11
... non-rack deployments, the Aruba 620 is transmitting or receiving data No link on port 1000 Mbps 10/100 Mbps Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement The Aruba 620 and 650 Mobility Controllers | 11 Therefore, a set of these LEDs, see table below. Table 3 Aruba 620 LED Status...
... non-rack deployments, the Aruba 620 is transmitting or receiving data No link on port 1000 Mbps 10/100 Mbps Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement The Aruba 620 and 650 Mobility Controllers | 11 Therefore, a set of these LEDs, see table below. Table 3 Aruba 620 LED Status...
Dell PowerConnect W-600 Controller Series Security Policy
Page 12
...; 4x USB 2.0 port 1x AC input voltage 100-240 V, Universal Input 12 | The Aruba 620 and 650 Mobility Controllers Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement Table 3 Aruba 620 LED Status Indicators LED Label Function Indicator Status 10/100Base-T Ports LINK/ACT PoE 100 Link/Activity Status...
...; 4x USB 2.0 port 1x AC input voltage 100-240 V, Universal Input 12 | The Aruba 620 and 650 Mobility Controllers Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement Table 3 Aruba 620 LED Status Indicators LED Label Function Indicator Status 10/100Base-T Ports LINK/ACT PoE 100 Link/Activity Status...
Dell PowerConnect W-600 Controller Series Security Policy
Page 13
... Eject Button 1000Base-X (SFP) Ports Figure 4 Aruba 650 Mobility Controller Rear View Antennae Interfaces (651 Only) Slot ExpressCard Slot AC Power Socket The Aruba 650 Series is equipped with a media eject button, which allows users to eject storage devices safely and place the system in standby. Pushing the media eject button...
... Eject Button 1000Base-X (SFP) Ports Figure 4 Aruba 650 Mobility Controller Rear View Antennae Interfaces (651 Only) Slot ExpressCard Slot AC Power Socket The Aruba 650 Series is equipped with a media eject button, which allows users to eject storage devices safely and place the system in standby. Pushing the media eject button...
Dell PowerConnect W-600 Controller Series Security Policy
Page 14
... to 5 seconds only Amber-flashing Operational Operating with use of the Power, Status and port LEDs is described in the table below: Table 5 Aruba 650 Series LED Status Indicators LED Label Function Indicator Status Power Status POWER STATUS 1000Base-X Ports (SFP) LNK/ACT Input Power Status Indicator Module Status Indicator Link... has been established Port is transmitting or receiving data No link on port 14 | The Aruba 620 and 650 Mobility Controllers Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement Series;
... to 5 seconds only Amber-flashing Operational Operating with use of the Power, Status and port LEDs is described in the table below: Table 5 Aruba 650 Series LED Status Indicators LED Label Function Indicator Status Power Status POWER STATUS 1000Base-X Ports (SFP) LNK/ACT Input Power Status Indicator Module Status Indicator Link... has been established Port is transmitting or receiving data No link on port 14 | The Aruba 620 and 650 Mobility Controllers Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement Series;
Dell PowerConnect W-600 Controller Series Security Policy
Page 15
Table 5 Aruba 650 Series LED Status Indicators LED Label Function Indicator Status 10/100/1000Base-T Ports LNK/ACT 1000 10/100/1000Base-T Ports LINK/ACT with PoE PoE Link/... provided The attached device has requested PoE, but PoE is not being provided by the port PoE is not being provided Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement The Aruba 620 and 650 Mobility Controllers | 15
Table 5 Aruba 650 Series LED Status Indicators LED Label Function Indicator Status 10/100/1000Base-T Ports LNK/ACT 1000 10/100/1000Base-T Ports LINK/ACT with PoE PoE Link/... provided The attached device has requested PoE, but PoE is not being provided by the port PoE is not being provided Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement The Aruba 620 and 650 Mobility Controllers | 15
Dell PowerConnect W-600 Controller Series Security Policy
Page 16
16 | The Aruba 620 and 650 Mobility Controllers Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement
16 | The Aruba 620 and 650 Mobility Controllers Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement
Dell PowerConnect W-600 Controller Series Security Policy
Page 17
...TELs should be applied by the Crypto Officer as shown in a robust steel housing. Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement FIPS 140-2 Level 2 Features | 15 The switch enclosure is resistant to the underlying Linux implementation is opaque within the visible... 2 Physical Security The Aruba Mobility Controller is a scalable, multi-processor standalone network device and is enclosed in Table 2-1. Chapter 2 FIPS 140-2 Level 2 Features Intended Level of Security The Aruba 620 and 650 Mobility Controllers and associated modules are used, and the CLI is...
...TELs should be applied by the Crypto Officer as shown in a robust steel housing. Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement FIPS 140-2 Level 2 Features | 15 The switch enclosure is resistant to the underlying Linux implementation is opaque within the visible... 2 Physical Security The Aruba Mobility Controller is a scalable, multi-processor standalone network device and is enclosed in Table 2-1. Chapter 2 FIPS 140-2 Level 2 Features Intended Level of Security The Aruba 620 and 650 Mobility Controllers and associated modules are used, and the CLI is...
Dell PowerConnect W-600 Controller Series Security Policy
Page 18
...file. LEDs indicate the physical state of the module, such as described in the following table. Table 2 FIPS 140-2 Logical Interfaces FIPS 140-2 Logical Interfaces Module Physical Interface Data Input Interface Data Output Interface Control Input Interface Status Output Interface Power Interface...fan, ports, and power) and status of self-tests, configuration errors, and monitoring data. 16 | FIPS 140-2 Level 2 Features Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement Logical Interfaces All of these physical interfaces are the packets that use the firewall...
...file. LEDs indicate the physical state of the module, such as described in the following table. Table 2 FIPS 140-2 Logical Interfaces FIPS 140-2 Logical Interfaces Module Physical Interface Data Input Interface Data Output Interface Control Input Interface Status Output Interface Power Interface...fan, ports, and power) and status of self-tests, configuration errors, and monitoring data. 16 | FIPS 140-2 Level 2 Features Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement Logical Interfaces All of these physical interfaces are the packets that use the firewall...
Dell PowerConnect W-600 Controller Series Security Policy
Page 19
...Crypto Officer can be accessed remotely by using the SSHv2 secured management session over the Ethernet ports or locally over the network ports by FIPS 140-2 Level 2) that operators may assume: a Crypto Officer role and a User role. Table 3 Crypto-Officer Services Service Description Input ...Ethernet cable. Session keys for IKEv1/IKEv2 (read /write access) Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement FIPS 140-2 Level 2 Features | 17 There are two roles in FIPS mode. The Administrator maps to the Crypto-Officer role and the client Users map to the...
...Crypto Officer can be accessed remotely by using the SSHv2 secured management session over the Ethernet ports or locally over the network ports by FIPS 140-2 Level 2) that operators may assume: a Crypto Officer role and a User role. Table 3 Crypto-Officer Services Service Description Input ...Ethernet cable. Session keys for IKEv1/IKEv2 (read /write access) Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement FIPS 140-2 Level 2 Features | 17 There are two roles in FIPS mode. The Administrator maps to the Crypto-Officer role and the client Users map to the...
Dell PowerConnect W-600 Controller Series Security Policy
Page 20
... access), Preshared key (read /write access), Session keys for module Commands and of Service (QoS) configuration data Status of commands and configuration data None 18 | FIPS 140-2 Level 2 Features Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement
... access), Preshared key (read /write access), Session keys for module Commands and of Service (QoS) configuration data Status of commands and configuration data None 18 | FIPS 140-2 Level 2 Features Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement