10
FIPS 140-2 Security Policy for Cisco 5508 Wireless LAN Controller
OL-9658-09
Roles, Services, and Authentication
Configure Data DTLS with Office Extend Access Points (optional)
The crypto officer may configure the module to use CAPWAP data encryption with Office Extend
Access Points (AP models 1131, 1142, and 3502i). CAPWAP data encryption with Office Extend APs
secures communications from a controller to a remote access points using CAPWAP data encryption.
The following CLI commands enable CAPWAP data encryption with Office Extend APs:
Step 1
To enable hybrid-REAP on the access point, enter this command:
> config ap mode h-reap Cisco_AP
Step 2
To configure one or more controllers for the access point, enter one or all of these commands:
> config ap primary-base controller_name Cisco_AP controller_ip_address
> config ap secondary-base controller_name Cisco_AP controller_ip_address
> config ap tertiary-base controller_name Cisco_AP controller_ip_address
Step 3
To enable the OfficeExtend mode for this access point, enter this command:
> config hreap office-extend {enable | disable} Cisco_AP
Step 4
To save your changes, enter this command:
> save config
Refer to the Cisco Wireless LAN Controller Configuration Guide for additional instructions.
Save and Reboot
After executing the above commands, you must save the configuration and reboot the system:
> save config
> reset system
Roles, Services, and Authentication
This section describes the roles, services, and authentication types in the security policy.
Roles
The module supports these four roles:
·
AP Role--This role is filled by an access point associated with the controller.
·
Client Role--This role is filled by a wireless client associated with the controller.
·
User Role--This role performs general security services including cryptographic operations and
other approved security functions. The product documentation refers to this role as a management
user with read-only privileges.