Cisco Catalyst 6506, 6506-E, 6509, 6509-E Switches with Wireless Services Module-2 (WiSM2) FIPS 140-2 Non Proprietary Security Policy Level 2 Validation Version 0.4 December 8, 2015 © Copyright 2015 Cisco Systems, Inc. 1 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Table of Contents 1 INTRODUCTION .................................................................................................................. 3 1.1 PURPOSE ............................................................................................................................. 3 1.2 MODELS ............................................................................................................................. 3 1.3 MODULE VALIDATION LEVEL ............................................................................................ 3 1.4 REFERENCES ....................................................................................................................... 4 1.5 TERMINOLOGY ................................................................................................................... 4 1.6 DOCUMENT ORGANIZATION ............................................................................................... 4 2 CISCO CATALYST 6506, 6506-E, 6509, 6509-E SWITCHES WITH WIRELESS SERVICES MODULE-2 (WISM2) ............................................................................................. 5 2.1 CRYPTOGRAPHIC MODULE PHYSICAL CHARACTERISTICS .................................................. 7 2.2 MODULE INTERFACES ......................................................................................................... 7 2.3 ROLES, SERVICES AND AUTHENTICATION .......................................................................... 9 2.4 SERVICES AVAILABLE IN A NON-FIPS MODE OF OPERATION .......................................... 12 2.5 UNAUTHENTICATED SERVICES ......................................................................................... 12 2.6 PHYSICAL SECURITY ........................................................................................................ 12 2.7 CRYPTOGRAPHIC ALGORITHMS ........................................................................................ 19 2.8 CRYPTOGRAPHIC KEY MANAGEMENT .............................................................................. 21 2.9 SELF-TESTS ...................................................................................................................... 27 3 SECURE OPERATION ...................................................................................................... 28 © Copyright 2015 Cisco Systems, Inc. 2 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. 1 Introduction 1.1 Purpose This is a non-proprietary Cryptographic Module Security Policy for the Cisco Catalyst 6506, 6506-E, 6509, 6509-E Switches with Wireless Services Module-2 (WiSM2), Firmware 8.0 with SNMP Stack v15.3, OPENSSL-0.9.8g-8.0.0, QUICKSEC-2.0-8.0 and FP-CRYPTO-7.0.0; referred to in this document as controllers or the module. This security policy describes how the modules meet the security requirements of FIPS 140-2 Level 2 and how to run the modules in a FIPS 140-2 mode of operation and may be freely distributed. 1.2 Models Cisco Catalyst 6506 (HW: 6506) with Wireless Services Module-2 (WiSM2) (HW: WiSM2) Cisco Catalyst 6506-E (HW: 6506-E) with Wireless Services Module-2 (WiSM2) (HW: WiSM2) Cisco Catalyst 6509 (HW: 6509) with Wireless Services Module-2 (WiSM2) (HW: WiSM2) Cisco Catalyst 6509-E (HW: 6509-E) with Wireless Services Module-2 (WiSM2) (HW: WiSM2) In addition, to ensure each module function properly, one of the following Supervisor blades is required in FIPS mode: o VS-S2T-10G (HW: VS-S2T-10G) o VS-S2T-10G-XL (HW: VS-S2T-10G-XL) o VS-S720-10G-3C (HW: VS- S720-10G-3C) o VS-S720-10G-3CXL (HW: VS- S720-10G-3CXL) Please notice that if any substitutions or modifications to the particular hardware versions listed above in any way would void the validation of the subject module. FIPS 140-2 (Federal Information Processing Standards Publication 140-2 -- Security Requirements for Cryptographic Modules) details the U.S. Government requirements for cryptographic modules. More information about the FIPS 140-2 standard and validation program is available on the NIST website at http://csrc.nist.gov/groups/STM/index.html. 1.3 Module Validation Level The following table lists the level of validation for each area in the FIPS PUB 140-2. No. Area Title Level 1 Cryptographic Module Specification 2 2 Cryptographic Module Ports and Interfaces 2 © Copyright 2015 Cisco Systems, Inc. 3 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. 3 Roles, Services, and Authentication 2 4 Finite State Model 2 5 Physical Security 2 6 Operational Environment N/A 7 Cryptographic Key management 2 8 Electromagnetic Interface/Electromagnetic Compatibility 2 9 Self-Tests 2 10 Design Assurance 2 11 Mitigation of Other Attacks N/A Overall module validation level 2 Table 1 Module Validation Level 1.4 References This document deals only with operations and capabilities of the Cisco Catalyst 6506, 6506-E, 6509, 6509-E Switches with Wireless Services Module-2 (WiSM2), in the technical terms of a FIPS 140-2 cryptographic module security policy. Specifically, only the security services and cryptographic implementations on the WiSM2 module are covered here. Services specific to the Catalyst switches that are not relevant to the WiSM2 module will be excluded. More information is available on the routers from the following sources: The Cisco Systems website contains information on the full line of Cisco Systems Security. Please refer to the following website: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_data_sheet 0900aecd802930c5.html http://www.cisco.com/en/US/products/ps6120/index.html For answers to technical or sales related questions please refer to the contacts listed on the Cisco Systems website at www.cisco.com. The NIST Validated Modules website (http://csrc.nist.gov/groups/STM/cmvp/validation.html) contains contact information for answers to technical or sales-related questions for the module. 1.5 Terminology In this document, the Cisco Catalyst 6506, 6506-E, 6509, 6509-E Switches with Wireless Services Module-2 (WiSM2) are referred to as controllers, WLC, or the modules. 1.6 Document Organization The Security Policy document is part of the FIPS 140-2 Submission Package. In addition to this document, the Submission Package contains: Vendor Evidence document © Copyright 2015 Cisco Systems, Inc. 4 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Finite State Machine Other supporting documentation as additional references This document provides an overview of the Cisco Catalyst 6506, 6506-E, 6509, 6509-E Switches with Wireless Services Module-2 (WiSM2), and explains the secure configuration and operation of the module. This introduction section is followed by Section 2, which details the general features and functionality of the appliances. Section 3 specifically addresses the required configuration for the FIPS-mode of operation. With the exception of this Non-Proprietary Security Policy, the FIPS 140-2 Validation Submission Documentation is Cisco-proprietary and is releasable only under appropriate non- disclosure agreements. For access to these documents, please contact Cisco Systems. 2 Cisco Catalyst 6506, 6506-E, 6509, 6509-E Switches with Wireless Services Module-2 (WiSM2) The cryptographic boundary is defined as encompassing the following: The entire outer enclosure of the chassis One WiSM2 Module One Supervisor Blade (either of the below) o VS-S2T-10G o VS-S2T-10G-XL o VS-S720-10G-3C o VS-S720-10G-3CXL Opacity shield (HW: WS-SVCWISM2FIPKIT=) Tamper Evidence Label (HW: CVPN6500FIPS/KIT=, version D0) Slot Cover (HW: WS-X6K-SLOT-CVR-E) The chassis requires that a special opacity shield be installed over the intake-side air vents to operate in FIPS-approved mode. The shield decreases the surface area of the vent holes, reducing visibility within the cryptographic boundary to FIPS-approved specifications. The tamper- evident seals and opacity shield included in the FIPS Kit shall be installed for the module to operate in a FIPS Approved mode of operation. Detailed installation instructions for the opacity shield and the application of the tamper evident seals are provided in this publication. The Cisco Catalyst 6506, 6506-E, 6509, 6509-E Switches with Wireless Services Module-2 (WiSM2) (herein referred to as the module) is designed for maximum 802.11n performance and offers scalability for medium to large-scale enterprise and Government wireless deployments. The module supports Control and Provisioning of Wireless Access Points (CAPWAP) and Wi-Fi Protected Access 2 (WPA2) security. CAPWAP uses DTLS to provide a secure link over which CAPWAP control messages are sent and supports data DTLS to provide a secure link for CAPWAP data traffic. DTLS is essentially TLS, but over datagram (UDP) transport. WPA2 is the approved Wi-Fi Alliance interoperable implementation of the IEEE 802.11i standard. © Copyright 2015 Cisco Systems, Inc. 5 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. The module automatically detects, authorizes and configures access points, setting them up to comply with the centralized security policies of the wireless LAN. In a wireless network operating in this mode, WPA2 protects all wireless communications between the wireless client and other trusted networked devices on the wired network with AES-CCMP encryption. CAPWAP protects all control and bridging traffic between trusted network access points and the module with DTLS encryption. Note that with regards to the WiSM2, the Supervisor blades do not provide additional cryptographic processing on the WiSM2 data passed through the Supervisor blades. The Supervisor blades are required for the Cisco Catalyst switches to power-on and provide backplane switching operations required for the WiSM2 operation. The focus is on the services that are supported by the WiSM2 only. Supervisor blades are necessary for WiSM2 support. Optional CAPWAP data DTLS is also supported by the module. The module supports HTTPS using TLS, CAPWAP, WPA2 (802.11i), MFP, RADIUS KeyWrap (using AES key wrapping), IPSec, Local-EAP, EAP-FAST, TACACS+, and SNMP. HTTPS using TLS uses 2048 bit modulus RSA keys to wrap 128/256 bit AES symmetric keys, and RADIUS KeyWrap uses 128 bit AES symmetric keys. Figure 1 - Cryptographic Boundary on Cisco Catalyst 6506 and Catalyst 6506-E Switches with WiSM2 © Copyright 2015 Cisco Systems, Inc. 6 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Figure 2 - Cryptographic Boundary on Cisco Catalyst 6509 and Catalyst 6509-E Switches with WiSM2 2.1 Cryptographic Module Physical Characteristics Each module is a multi-chip standalone security appliance, and the cryptographic boundary is defined as encompassing the "top," "front," "back", "left," "right," and "bottom" surfaces of the case. 2.2 Module Interfaces The module provides a number of physical and logical interfaces to the device, and the physical interfaces provided by the module are mapped to the following FIPS 140-2 defined logical interfaces: data input, data output, control input, status output, and power. The logical interfaces and their mapping are described in the following tables: © Copyright 2015 Cisco Systems, Inc. 7 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Router Physical Interface FIPS 140-2 Logical Interface One 10/100/1000 Data Input Interface Ethernet port (Supervisor blade) Two Gigabit Ethernet ports ( Supervisor blade) Console ports (on the Supervisor blade and WiSM2) One 10/100/1000 Data Output Interface Ethernet port (Supervisor blade) Two Gigabit Ethernet ports ( Supervisor blade) Console ports (on the Supervisor blade and WiSM2) One 10/100/1000 Control Input Interface Ethernet port (Supervisor blade) Two Gigabit Ethernet ports ( Supervisor blade) Console ports (on the Supervisor blade and WiSM2) One 10/100/1000 Status Output Interface Ethernet port (Supervisor blade) Two Gigabit Ethernet ports ( Supervisor blade) Console ports (on the Supervisor blade and WiSM2) LEDs Power Port Power Interface Table 2 ­ Module Physical Interface/Logical Interface Mapping © Copyright 2015 Cisco Systems, Inc. 8 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. 2.3 Roles, Services and Authentication The module supports role-based authentication. There are four roles in the module that the operators may assume in the FIPS mode: AP Role - This role is filled by an access point associated with the controller. Client Role - This role is filled by a wireless client associated with the controller. User Role - This role performs general security services including cryptographic operations and other approved security functions. The product documentation refers to this role as a management user with the limited key access privileges. Please refer to table 3 for details. Crypto Officer (CO) Role - This role performs the cryptographic initialization and management operations. In particular, it performs the loading of optional certificates and key-pairs and the zeroization of the module. The product documentation refers to this role as a management user with read-write privileges. The module does not support a maintenance role. User Services The services available to the User role consist of the following: Services & Description Keys & CSPs Access System Status The LEDs show the network activity and overall operational status and the command line status commands output system status. N/A (No keys are accessible) TACACS+ User authentication to the module using N/A (No keys are accessible) TACACS+. IPSec Secure communications between controller and skeyid, skeyid_d, IKE session RADIUS server. encryption key, IKE session authentication key, IPSec session encryption key, IPSec session authentication key ­ w, d RADIUS Key Wrap Establishment and subsequent receive 802.11i RADIUS AES KeyWrap KEK, PMK from the RADIUS server. RADIUS KeyWrap MACK ­ w, d Table 3 - User Services (r = read, w = write, d = delete) Crypto Officer Services The Crypto Officer services consist of the following: Services & Access Description Keys & CSPs Self Test and Initialization Cryptographic algorithm tests, firmware N/A (No keys are accessible) integrity tests, module initialization. System Status The LEDs show the network activity and overall N/A (No keys are accessible) operational status and the command line status © Copyright 2015 Cisco Systems, Inc. 9 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. commands output system status. TACACS+ CO configuration of TACACS+ server and CO TACACS+ authentication secret, authentication to the module using TACACS+. TACACS+ authorization secret, TACACS+ accounting secret ­ r, w, d IPSec Secure communications between controller and skeyid, skeyid_d, IKE session RADIUS server. encryption key, IKE session authentication key, IPSec session encryption key, IPSec session authentication key ­ w, d ISAKMP preshared ­ r, w, d Zeroization Zeroize CSPs and cryptographic keys by calling All Keys and CSPs will be destroyed `switchconfig key-zeroize controller' command or cycling power to zeroize all cryptographic keys stored in SDRAM. The CSPs (password, secret, cscoCCDefaultMfgCaCert, engineID) stored in Flash can be zeroized by overwriting with a new value. The CO shall remain in direct control of the module during the zeroization process to ensure it completes successfully. Module Configuration Selection of non-cryptographic configuration N/A (No keys are accessible) settings SNMPv3 Non-security related monitoring by the CO snmpEngineID, SNMPv3 Password ­ using SNMPv3 r, w, d, SNMP session key ­ w, d HTTPS/TLS Establishment and subsequent data TLS pre-master secret, encryption transfer of a TLS session for use key, integrity key ­ w, d between the module and the CO. Protection of syslog messages DTLS Data Encrypt Enabling optional DTLS data path encryption DTLS Master Secret, encryption for Office Extended AP's keys, DTLS Session Integrity Keys ­ w, d RADIUS Key Wrap Establishment and subsequent receipt of 802.11i RADIUS Server Shared Secret, PMK from the RADIUS server. RADIUS AES KeyWrap KEK, RADIUS KeyWrap MACK ­ w, d Table 4 - Crypto Officer Services (r = read, w = write, d = delete) AP and Client Services The AP and Client services consist of the following: Services & Access Description Keys & CSPs MFP (AP Role) Generation and subsequent distribution of MFP Infrastructure MFP MIC Key -d key to the AP over a CAPWAP session. Local EAP Authenticator Establishment of EAP-TLS or EAP-FAST based N/A (No keys are accessible) (Client Role) authentication between the client and the Controller. 802.11i (AP Role) Establishment and subsequent data transfer of an 802.11i Pairwise Master Key (PMK), 802.11i session for use between the client and 802.11i Key Confirmation Key the access point (KCK), 802.11i Key Encryption Key (KEK), 802.11i Pairwise Transient Key (PTK), 802.11i Group Temporal Key (GTK) ­ w, d RADIUS Key Wrap (AP Establishment and subsequent receipt of 802.11i RADIUS AES KeyWrap KEK, and Client Role) PMK from the RADIUS server. RADIUS KeyWrap MACK ­ w, d © Copyright 2015 Cisco Systems, Inc. 10 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Table 5 ­ AP and Client Services (r = read, w = write, d = delete CO Authentication The module prompts the operator for CO role authentication via CLI. If the password is validated against the CO role's password in memory, the CO role is authenticated and allowed entry to execute services that were designed for CO role. CO passwords must be at least eight (8) characters long, including at least one letter and at least one number character, in length (enforced procedurally). If six (6) integers, one (1) special character and one (1) alphabet are used without repetition for an eight (8) digit character password, the probability of randomly guessing the correct sequence is one (1) in 251,596,800 (this calculation is based on the assumption that the typical standard American QWERTY computer keyboard has 10 Integer digits, 52 alphabetic characters, and 32 special characters providing 94 characters to choose from in total. The calculation should be 10 x 9 x 8 x 7 x 6 x 5 x 32 x 52 = 251, 596, 800). Therefore, the associated probability of a successful random attempt is approximately 1 in 251,596,800, which is less than 1 in 1,000,000 required by FIPS 140-2. User Authentication The module prompts the operator for User role authentication via CLI. If the password is validated against the User role's password in memory, the User role is authenticated and allowed entry to execute services that were designed for User role. User role passwords must be at least eight (8) characters long, including at least one letter and at least one number character, in length (enforced procedurally). If six (6) integers, one (1) special character and one (1) alphabet are used without repetition for an eight (8) digit character password, the probability of randomly guessing the correct sequence is one (1) in 251,596,800 (this calculation is based on the assumption that the typical standard American QWERTY computer keyboard has 10 Integer digits, 52 alphabetic characters, and 32 special characters providing 94 characters to choose from in total. The calculation should be 10 x 9 x 8 x 7 x 6 x 5 x 32 x 52 = 251, 596, 800). Therefore, the associated probability of a successful random attempt is approximately 1 in 251,596,800, which is less than 1 in 1,000,000 required by FIPS 140-2. AP Authentication The module performs mutual authentication with an access point through the CAPWAP protocol, using an RSA key pair with 1024 bits or 2048 bits modulus, which has an equivalent symmetric key strength of 80 bits or 112 bits. Assuming the low end of that range, an attacker would have a 1 in 2^80 chance of randomly obtaining the key, which is much stronger than the one in a million chance required by FIPS 140-2. To exceed a one in 100,000 probability of a successful random key guess in one minute, an attacker would have to be capable of approximately 1.8 x 10^21 attempts per minute, which far exceeds the operational capabilities of the modules to support. © Copyright 2015 Cisco Systems, Inc. 11 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Client Authentication The module performs mutual authentication with a wireless client through EAP-TLS or EAP- FAST protocols. EAP-FAST is based on EAP-TLS and uses EAP-TLS key pair and certificates. The RSA key pair for the EAP-TLS credentials has modulus size of 1024 bits or 2048 bits, thus providing between 80 bits or 112 bits of strength. Assuming the low end of that range, an attacker would have a 1 in 2^80 chance of randomly obtaining the key, which is much stronger than the one in a million chance required by FIPS 140-2. To exceed a one in 100,000 probability of a successful random key guess in one minute, an attacker would have to be capable of approximately 1.8 x 10^21 attempts per minute, which far exceeds the operational capabilities of the modules to support. Please notice that the RSA used in either AP role or Client role (RSA 1024 bits or 2048 bits) authentication above only performs RSA signature verification. More information can be obtained in section 2.7 in this document. 2.4 Services Available in a Non-FIPS Mode of Operation The following non-FIPS mode services are only available to the Crypto Officer. However Crypto Officer is not allowed to operate these services while in FIPS mode of operation. SSHv1 with RC4 and HMAC-MD5 SNMP v1 and v2 IPSec/IKE with Diffie-Hellman 768-bit/1024-bit modulus and Triple-DES 2.5 Unauthenticated Services An unauthenticated operator may observe the System Status by viewing the LEDs on the module, which show network activity and overall operational status. A solid green LED indicates normal operation and the successful completion of self-tests. The module does not support a bypass capability in the approved mode of operations. 2.6 Physical Security This section describes placement of tamper-evident labels (HW: CVPN6500FIPS/KIT=, version D0) and opacity shields (HW: WS-SVCWISM2FIPKIT=) on the module. Labels must be placed on the device and maintained by the Crypto Officer in order to operate in the FIPS approved mode of operation. The opacity shield is designed to be installed while the system is operating without creating an electrical hazard or damage to the system. The Tamper Evident Labels shall be installed for the module to operate in a FIPS Approved mode of operation. You will need some clearance © Copyright 2015 Cisco Systems, Inc. 12 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. between adjacent racks in order to perform this procedure. This procedure is applicable to the following modules: Cisco Catalyst 6506 switch with WiSM2 Cisco Catalyst 6506-E switch with WiSM2 Cisco Catalyst 6509 switch with WiSM2 Cisco Catalyst 6509-E switch with WiSM2 Follow these steps to install the opacity shield: 1. The opacity shield is designed to be installed on a Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switch chassis that is already rack-mounted. If your Catalyst 6500 series switch chassis is not rack-mounted, install the chassis in the rack using the procedures contained in the Catalyst 6500 Series Switches Installation Guide. If your Catalyst 6500 series switch chassis is already rack-mounted, proceed to Step 2. 2. Open the FIPS kit packaging. The kit contains the following items: A packaged opacity shield assembly with installation hardware for the Catalyst 6506 and Catalyst 6506-E switch chassis A packaged opacity shield assembly with installation hardware for the Catalyst 6509 and Catalyst 6509-E switch chassis. An envelope with 60 FIPS tamper-evidence labels. An envelope containing a disposable ESD wrist strap. 3. Select the appropriate opacity shield kit for your system. 4. Open the protective packaging and remove the opacity shield and the two bags of installation hardware. Select the bag of installation hardware appropriate for your installation. Set the second bag of fasteners aside; you will not need them for this installation. 5. Open the bag of installation hardware and remove the following items: Two M3 thumbscrews, four M3 snap rivet fasteners. The snap rivet fasteners come assembled; you need to separate the two pieces of the snap rivet fastener by removing the snap rivet pin from the snap rivet sleeve before you install them in the opacity shield. Two M4 thumbscrews, four M4 snap rivet fastener sleeves, and four M4 snap rivet pins. 6. Start the two thumbscrews in the corresponding threaded holes in the opacity shield; two or three turns is sufficient. Do not thread the screws too far into the opacity shield. The opacity shield for the Catalyst 6509 or Catalyst 6509-E chassis is identified by a 6509-E that is silk-screened adjacent to several of the threaded holes; the opacity shield for the Catalyst 6506 or Catalyst 6506-E chassis is identified by a 6506-E that is silk-screened adjacent to several of the threaded holes. © Copyright 2015 Cisco Systems, Inc. 13 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. 7. Open the envelope containing the disposable ESD wrist strap. Attach the disposable ESD wrist strap to your wrist. Attach the other end of the wrist strap to exposed metal on the chassis. 8. Position the opacity shield over the air intake side of the chassis so that the two thumbscrews on the opacity shield are aligned with the unused L-bracket screw holes on the chassis. 9. Press the opacity shield firmly against the air intake side of the chassis and hand tighten the two thumbscrews to secure the opacity shield to the chassis. 10. Position the rivet sleeve over either one of the square cutouts on the opacity shield (non-E chassis) or over the one of the round cutouts on the opacity shield (-E chassis). Press the rivet sleeve through the cutout, through the opacity shield material, and through one of the chassis air vent perforations. 11. Take the rivet pin and push it through the rivet sleeve until you hear a click. 12. Repeat step 10 and step 11 for the remaining three snap rivet fasteners. © Copyright 2015 Cisco Systems, Inc. 14 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Figure 3 - Installing the opacity shield on the Catalyst 6506 or Catalyst 6506-E Switch © Copyright 2015 Cisco Systems, Inc. 15 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Figure 4 - Installing the opacity shield on the Catalyst 6509 or Catalyst 6509-E The Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches are entirely encased by a thick steel chassis. Nine module slots are provided on the Catalyst 6509 switch and Catalyst 6509-E switches and six module slots are provided on the Catalyst 6506 switch and Catalyst 6506-E switch. On-board LAN connectors and console connectors are provided on the supervisor blades, and console connectors are provided on the WiSM2. The power cable connection and a power switch are provided on the power supply of all the models. © Copyright 2015 Cisco Systems, Inc. 16 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. The Crypto Officer is responsible for the application and maintenance of the physical security policy. Verify that the Supervisor blade is installed in chassis slot 5 and the WiSM2 is installed in chassis slot 4. Install slot covers (HW: WS-X6K-SLOT-CVR-E) over the remaining chassis slots. The slot covers are included with each chassis, and additional slot covers may be ordered from Cisco. After the switch has been configured to meet FIPS 140-2 Level 2 requirements, the switch cannot be accessed without indicating signs of tampering. To seal the system with tamper- evidence labels, follow these steps: 1. Remove any grease, dirt, or oil from the cover by using alcohol-based cleaning pads before applying the tamper-evidence labels. The chassis temperature should be above 10° C (50° F). 2. Place labels on the chassis as shown in Figure 5 and Figure 6. a. Fan tray--The tamper evidence label should be placed so that one half of the label adheres to the front of the fan tray and the other half adheres to the left side of the chassis. Any attempt to remove the fan tray will damage the tamper seal, which indicates tampering has occurred. b. Chassis--For each Supervisor Blade, WiSM2 Module or blank module cover installed in the chassis, place a tamper-evidence label so that one half of the label adheres to the module and the other half adheres to the right side of the chassis. Place another tamper-evidence label so that one half of the label adheres to the module and the other half adheres to the fan tray on the left side. Any attempt to remove a supervisor blade, WiSM2 Module, or blank module cover will damage a tamper seal, which indicates tampering has occurred. c. Power supply--For each power supply or power supply blank cover installed in the chassis, place a tamper-evidence label so that one half of the label adheres to the front of the power supply or power supply blank cover and the other half adheres to the chassis. Any attempt to remove a power supply will damage the tamper seal, which indicates tampering has occurred. d. Opacity shield--Four labels should be applied to the opacity shield (mounted on the right side of the chassis) as follows: Place one label so that one half of the label adheres to the top of the opacity shield and the other half adheres to the chassis. Place one label so that one half of the label adheres to the left side of the opacity shield and the other half adheres to the chassis. Place one label so that one half of the label adheres to the right side of the opacity shield and the other half adheres to the chassis. For the Catalyst 6509 and 6509-E switch chassis only, place one label so that one half of the label adheres to the bottom of the opacity shield and the other half adheres to the right side of the chassis. © Copyright 2015 Cisco Systems, Inc. 17 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. 3. Place labels on the supervisor blade installed in the chassis as shown in the figures below. a. Place a tamper-evidence label so that one half of the label adheres to slot and the other half adheres to the supervisor blade faceplate. Any attempt to install or remove a blade will damage the tamper seal, which indicates tampering has occurred. b. Place a tamper-evidence label so that one half of the label adheres to the transceiver installed in the supervisor blade network interface uplink port and the other half adheres to the supervisor blade faceplate. Any attempt to remove the transceiver will damage the tamper seal, which indicates tampering has occurred. c. Place a tamper-evidence label so that it completely covers an unpopulated network interface uplink port. Any attempt to install a transceiver in the network interface uplink port will damage the tamper seal, which indicates tampering has occurred. 4. Place labels on the WiSM2 installed in the chassis as shown in the figures below. Figure 5 - Catalyst 6506 and 6506-E switch chassis tamper evidence labels placement © Copyright 2015 Cisco Systems, Inc. 18 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Figure 6 - Catalyst 6509 and 6509-E switch chassis tamper evidence labels placement The tamper-evidence labels are made from a special thin-gauge vinyl with self-adhesive backing. Any attempt to open the chassis, remove the modules or power supplies, or remove the opacity shield will damage the tamper-evidence seals or the painted surface and metal of the chassis. The tamper-evidence seals must be inspected for damage to verify that the module has not been tampered with. Tamper-evidence seals can also be inspected for signs of tampering, which include the following: curled corners, bubbling, crinkling, rips, tears, and slices. The word OPEN may appear if the label was peeled back. The Crypto-Officer should inspect the seals for evidence of tamper as determined by their deployment policies (every 30 days is recommended). If the seals show evidence of tamper, the Crypto-Officer should assume that the modules have been compromised and contact Cisco accordingly. NOTE: Any unused TELs must be securely stored, accounted for, and maintained by the CO in a protected location. 2.7 Cryptographic Algorithms The module implements a variety of approved and non-approved algorithms. © Copyright 2015 Cisco Systems, Inc. 19 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Approved Cryptographic Algorithms The module supports the following FIPS 140-2 approved algorithm implementations, whose names are SNMP (FW: SNMP Stack v15.3), OSSL (FW: OPENSSL-0.9.8g-8.0.0), QuickSec (FW: QUICKSEC-2.0-8.0) and 5508 CN56xx Datapath (HW: CN56XX; FW: FP-CRYPTO- 7.0.0). SNMP OSSL QuickSec 5508 CN56xx Datapath P/N or Version FW: FW: FW: HW: P/N SNMP Stack OPENSSL- QUICKSEC-2.0- CN56XX v15.3 0.9.8g-8.0.0 8.0 FW: FP- CRYPTO-7.0.0 AES-CBC N/A #2894 #2895 #1348 AES-CFB #2906 N/A N/A N/A AES-ECB N/A #2894 N/A N/A SHA-1 N/A #2437 #2438 #1230 SHA-256 N/A #2437 N/A N/A HMAC SHA-1 #1840 #1830 #1831 #787 DRBG N/A #526 N/A N/A RSA N/A #1524 N/A N/A CVL (SP800- N/A #322 N/A N/A 135) KBKDF (SP800- N/A #31 N/A N/A 108) Table 6 - Approved Cryptographic Algorithms Note: RSA Cert. #1524 only supports RSA Signature Verification in this module. CVL Cert. #322 supports the KDF (key derivation function) used in each of IKEv1, TLS and SNMPv3 protocols. IKEv1, TLS and SNMPv3 protocols have not been reviewed or tested by the CAVP and CMVP. Please refer IG D.11, bullet 2 for more information. Non-Approved Cryptographic Algorithms but Allowed in FIPS mode The module supports the following non-approved, but allowed cryptographic algorithms: AES (Cert. #2894, key wrapping; key establishment methodology provides 128 bits of encryption strength) Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength) MD5 (MD5 is allowed in DTLS v1.0) NDRNG © Copyright 2015 Cisco Systems, Inc. 20 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Non-Approved Cryptographic Algorithms Diffie-Hellman (less than 112 bits of encryption strength) HMAC-MD5 RC4 Triple-DES (non-compliant) 2.8 Cryptographic Key Management Cryptographic keys are stored in plaintext form, in flash for long-term storage and in SDRAM for active keys. The AES key wrap KEK, AES key wrap MACK keys, and the Pre shared key (PSK) are input by the CO in plaintext over a local console connection. The PMK is input from the RADIUS server encrypted with the AES key wrap protocol or via IPSec. RSA public keys are output in plaintext in the form of X.509 certificates. The CAPWAP session key is output wrapped with the AP's RSA key, and the MFP MIC key and 802.11i PTK, 802.11i GTK are output encrypted with the CAPWAP session key. Asymmetric key establishment (RSA key transport) is used in the creation of session keys during EAP-TLS and EAP-FAST. Any keys not explicitly mentioned are not input or output. Tables 3-5 list the access to the keys by service. Table 7 lists the secret and private cryptographic keys and CSPs used by the module. Please note that the CSPs below are stored in plaintext in both SDRAM and Flash. Key/CSP Name Generation/ Description Key Storage Zeroization Algorithm Size General Keys/CSPs DRBG entropy input SP 800-90A HW based entropy source 256-bits SDRAM `switchconfig CTR_DRBG output used to construct key-zeroize seed controller' command or Power cycle DRBG seed SP 800-90A Input to the DRBG that 384 bits SDRAM `switchconfig CTR_DRBG determines the internal key-zeroize state of the DRBG. controller' Generated using DRBG command or derivation function that Power cycle includes the entropy input from hardware-based entropy source. DRBG V SP 800-90A Internal V value used as 128 bits SDRAM `switchconfig CTR_DRBG part of SP 800-90A key-zeroize CTR_DRBG. controller' command or Power cycle © Copyright 2015 Cisco Systems, Inc. 21 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Key/CSP Name Generation/ Description Key Storage Zeroization Algorithm Size DRBG Key SP 800-90A This is the 256-bit DRBG 256 bits SDRAM `switchconfig CTR_DRBG key used for SP 800-90A key-zeroize CTR_DRBG. controller' command or Power cycle cscoCCDefaultMfgCaCert rsa-pkcs1-sha2 Verification certificate, 2048 Flash Overwrite with used with CAPWAP to new certificate validate the certificate that authenticates the access point generated/installed at manufacturing. Diffie-Hellman public key Diffie-Hellman The public key used in 2048 bits SDRAM `switchconfig (Group 14) Diffie-Hellman (DH) key-zeroize Exchange. controller' command or Power cycle Diffie-Hellman private key Diffie-Hellman The private key used in 224 bits SDRAM `switchconfig (Group 14) Diffie-Hellman (DH) key-zeroize Exchange. controller' command or Power cycle Diffie-Hellman shared secret Diffie-Hellman The shared secret used in 2048 bits SDRAM `switchconfig (Group 14) Diffie-Hellman (DH) key-zeroize exchange. Created per the controller' Diffie-Hellman command or Exchange. Power cycle RADIUS Server Shared Secret Shared secret This is the shared secret 22 bytes Flash Overwrite with between the RADIUS new secret server and Controller. Entered by the Crypto Officer in plaintext form and stored in plaintext form. RADIUSOverIPSecEncryptionK AES-128/256 AES-128/AES-256 128-256 SDRAM `switchconfig ey encryption/decryption key, bits key-zeroize used in IPSec tunnel controller' between module and command or RADIUS to Power cycle encrypt/decrypt EAP keys. RADIUSOverIPSecIntegrityKey HMAC-SHA-1 Integrity/authentication 160 bits SDRAM `switchconfig key, used in IPSec tunnel key-zeroize between module and controller' RADIUS. command or Power cycle User password Password Identity based Variable Flash Overwrite with authentication data for (8+ new password user. character s) Enable secret Password Identity based Variable Flash Overwrite with authentication data for (8+ new secret CO. character s) © Copyright 2015 Cisco Systems, Inc. 22 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Key/CSP Name Generation/ Description Key Storage Zeroization Algorithm Size TACACS+ authentication secret Shared secret This is the authentication 64 bytes Flash Overwrite with shared secret between the new secret TACACS+ server and Controller. Entered by the Crypto Officer in plaintext form and stored in plaintext form. TACACS+ authorization secret Shared secret This is the authorization 64 bytes Flash Overwrite with shared secret between the new secret TACACS+ server and Controller. Entered by the Crypto Officer in plaintext form and stored in plaintext form. TACACS+ accounting secret Shared secret This is the accounting 64 bytes Flash Overwrite with shared secret used for new secret authentication between the TACACS+ server and Controller. Entered by the Crypto Officer in plaintext form and stored in plaintext form. IKE/IPSEC skeyid HMAC-SHA-1 It was derived by using 160-bits SDRAM `switchconfig `ISAKMP pre-shared' and key-zeroize other non-secret values controller' through the key command or derivation function Power cycle defined in SP800-135 KDF (IKEv1). Used for deriving other keys in IKE v1. skeyid_d HMAC-SHA-1 It was derived by using 160-bits SDRAM `switchconfig skeyid, Diffie-Hellman key-zeroize shared secret and other controller' non-secret values through command or key derivation function Power cycle defined in SP800-135 KDF (IKEv1). Used for deriving other keys in IKE v1. IKE session encryption key AES The IKE session (IKE 256-bit SDRAM `switchconfig Phase I) encrypt key is AES key-zeroize derived by using skeyid_d, controller' Diffie-Hellman shared command or secret and other non-secret Power cycle values through the key derivation functions defined in SP800-135 KDF (IKEv1). Used for IKE payload protection. © Copyright 2015 Cisco Systems, Inc. 23 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Key/CSP Name Generation/ Description Key Storage Zeroization Algorithm Size IKE session authentication key HMAC-SHA-1 The IKE session (IKE 160 bits SDRAM `switchconfig Phase I) authentication key-zeroize key is derived by using controller' skeyid_d, Diffie-Hellman command or shared secret and other Power cycle non-secret values through the key derivation functions defined in SP800-135 KDF (IKEv1). Used for IKEv1/IKEv2 payload integrity verification. ISAKMP pre-shared Shared secret This shared secret was 8 chars Flash Overwrite with manually entered by CO new secret for IKE pre-shared key based authentication mechanism. IPSec authentication key HMAC-SHA1 The IPsec (IKE Phase II) 160 bits SDRAM `switchconfig authentication key is key-zeroize derived via using the KDF controller' defined in SP800-135 command or KDF (IKEv1). Used to Power cycle authenticate the IPSec peer. IPSec encryption key AES The IPsec (IKE phase II) 256-bit SDRAM `switchconfig encryption key is derived AES key-zeroize via a key derivation controller' function defined in command or SP800-135 KDF Power cycle (IKEv1).Used to Secure IPSec traffics. DTLS DTLS Pre-Master Secret Shared Secret Generated by approved 48 bytes SDRAM `switchconfig DRBG for Used to derive key-zeroize the DTLS controller' Encryption/Decryption command or Key and DTLS Integrity Power cycle Key. DTLS Master Secret Shared Secret Derived from DTLS Pre- 48 bytes SDRAM `switchconfig Master Secret. Used to key-zeroize derive the DTLS controller' Encryption/Decryption command or Key and DTLS Integrity Power cycle Key. DTLS Encryption/Decryption AES-CBC Session Keys used to 128-256 SDRAM `switchconfig Key (CAPWAP session keys) encrypt/decrypt CAPWAP bits key-zeroize control messages. controller' command or Power cycle DTLS Integrity Key HMAC-SHA1 This key is used for 160 bits SDRAM `switchconfig integrity checks on key-zeroize CAPWAP control controller' messages. command or Power cycle SNMPv3 © Copyright 2015 Cisco Systems, Inc. 24 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Key/CSP Name Generation/ Description Key Storage Zeroization Algorithm Size snmpEngineID Shared secret Unique string to identify 32-bits Flash Overwrite with the SNMP engine. new engine ID Shared Secret This secret is used to 32 bytes Flash Overwrite with SNMPv3 Password derive HMAC-SHA1 key new password for SNMPv3 Authentication. SNMPv3 session key AES-CFB Encrypts SNMPv3 128-bit SDRAM `switchconfig traffics. key-zeroize controller' command or Power cycle HTTPS/TLS HTTPS TLS Pre-Master secret Shared secret Shared secret created 48 bytes SDRAM `switchconfig using asymmetric key-zeroize cryptography from which controller' new HTTPS session keys command or can be created. Power cycle HTTPS TLS Encryption Key AES-CBC AES key used to encrypt 128 bits SDRAM `switchconfig TLS data. key-zeroize controller' command or Power cycle HTTPS TLS Integrity Key HMAC-SHA1 HMAC-SHA-1 key used 160 bits SDRAM `switchconfig for HTTPS integrity key-zeroize protection. controller' command or Power cycle TLS Pre-Master Secret Shared secret Shared secret used to 48 byte SDRAM `switchconfig generate new TLS session key-zeroize keys for syslog. controller' command or Power cycle TLS Encryption Key AES-CBC Symmetric AES key for 128 bits SDRAM `switchconfig encrypting syslog key-zeroize messages over TLS. controller' command or Power cycle TLS Integrity Key HMAC-SHA1 Used for TLS integrity 160 bits SDRAM `switchconfig protection of syslog key-zeroize messages. controller' command or Power cycle Infrastructure MFP MIC Key AES-CMAC This key is generated in 128 bits SDRAM `switchconfig the module by calling key-zeroize FIPS approved DRBG and controller' then is transported to the command or Access Point (AP) Power cycle protected by DTLS Encryption/Decryption Key. The Access Point (AP) uses this key with AES-CMAC function to sign management frames © Copyright 2015 Cisco Systems, Inc. 25 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Key/CSP Name Generation/ Description Key Storage Zeroization Algorithm Size when infrastructure MFP is enabled. 802.11i 802.11i Pre-Shared Key (PSK) Shared secret This is the shared secret 63 bytes Flash Overwrite with used for 802.11i client new secret. authentication. 802.11i Pairwise Master Key HMAC-SHA-1 The PMK is transferred to 32 bytes SDRAM `switchconfig (PMK) the module, protected by key-zeroize RADIUS AES KeyWrap controller' key. Used to derive the command or Pairwise Transient Key Power cycle (PTK) for 802.11i communications. 802.11i Key Confirmation Key HMAC-SHA1 The KCK is used by IEEE 16 bytes SDRAM `switchconfig (KCK) 802.11i to provide data key-zeroize origin authenticity in the controller' 4-Way Handshake and command or Group Key Handshake Power cycle messages. 802.11i Key Encryption Key AES Key Wrap The KEK is used by the 16 bytes SDRAM `switchconfig (KEK) EAPOL-Key frames to key-zeroize provide confidentiality in controller' the 4-Way Handshake and command or Group Key Handshake Power cycle messages. 802.11i Pairwise Transient Key AES-CCM The PTK is the 802.11i 16/32 SDRAM `switchconfig (PTK) session key for unicast bytes key-zeroize communications. This key controller' is generated in the module command or by calling FIPS approved Power cycle DRBG and then is transported into the Access Point (AP) protected by DTLS Encryption/Decryption Key. The Access Point (AP) uses this key with AES-CCM function to implement 802.11i unicast communications service. 802.11i Group Temporal Key AES-CCM The GTK is the 802.11i 16/32 SDRAM `switchconfig (GTK) session key for broadcast bytes key-zeroize communications. This key controller' is generated in the module command or by calling FIPS approved Power cycle DRBG and then is transported into the Access Point (AP) protected by DTLS Encryption/Decryption Key. The Access Point (AP) uses this key with © Copyright 2015 Cisco Systems, Inc. 26 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Key/CSP Name Generation/ Description Key Storage Zeroization Algorithm Size AES-CCM function to implement 802.11i broadcast communications service. RADIUS AES KeyWrap KEK AES-ECB This key is used by the 16 bytes SDRAM `switchconfig RADIUS Keywrap service key-zeroize to protect the PMK for the controller' 802.11i protocol. command or Power cycle RADIUS KeyWrap MACK HMAC-SHA1 The MAC key used by the 16 bytes SDRAM `switchconfig RADIUS Keywrap service key-zeroize to authenticate RADIUS controller' traffics. command or Power cycle Table 7 - Cryptographic Keys and CSPs Note: The KDF infrastructure used in DTLS v1.0 is identical to the one used in TLS v1.0/1.1, which was certified by CVL Cert. #322. 2.9 Self-Tests The modules include an array of self-tests that are run during startup and periodically during operations to prevent any secure data from being released and to insure all components are functioning correctly. Power On Self-Tests Performed: SNMP algorithm implementation o AES encryption KAT o AES decryption KAT o HMAC SHA-1 KAT OSSL algorithm implementation o AES encryption KAT o AES decryption KAT o SHA-1 KAT o SHA-256 KAT o HMAC SHA-1 KAT o SP 800-90A DRBG KAT (Note: DRBG Health Tests as specified in SP 800-90A Section 11.3 are performed properly) o RSA (verify) KAT o Firmware Integrity Test RSA 2048 with SHA-256 QuickSec algorithm implementation o AES encryption KAT © Copyright 2015 Cisco Systems, Inc. 27 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. o AES decryption KAT o SHA-1 KAT o HMAC SHA-1 KAT 5508 CN56xx Datapath algorithm implementation o AES encryption KAT o AES decryption KAT o SHA-1 KAT o HMAC SHA-1 KAT The module performs all power-on self-tests automatically at boot. All power-on self-tests must be passed before a role can perform services. The power-on self-tests are performed after the cryptographic systems are initialized but prior to the initialization of the LAN's interfaces; this prevents the module from passing any data during a power-on self-test failure. Conditional Tests Performed: o Continuous Random Number Generator Test for the FIPS-approved SP 800-90A DRBG o Continuous Random Number Generator Test for the non-approved NDRNG 3 Secure Operation The module was validated with firmware version 8.0 with SNMP Stack v15.3, OPENSSL- 0.9.8g-8.0.0, QUICKSEC-2.0-8.0 and FP-CRYPTO-7.0.0 (This is the only allowable image version for FIPS-approved mode of operation). Follow the instructions provided below to place the module in FIPS-approved mode. Operating the module without maintaining the following settings will remove the module from the FIPS approved mode of operation. The Crypto Officer must configure and enforce the following initialization steps: 1. Enable FIPS Mode of Operations The following CLI command places the module in FIPS mode of operations, enabling all necessary self -tests and algorithm restrictions: > config switchconfig fips-prerequisite enable 2. Configure HTTPS Certificate © Copyright 2015 Cisco Systems, Inc. 28 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. The following command configures the module to use the manufacture-installed Cisco device certificate for the HTTPS server. It must be executed after enabling FIPS mode of operations: > config certificate use-device-certificate webadmin 3. Configure WiSM2 Authentication Data All users shall have a password containing 8 or more characters, including numbers and letters. A crypto officer can use the following CLI command to set user passwords: >config mgmtuser password username password Note that this and all subsequent configuration steps may also be performed through HTTPS. However, only the CLI commands are included in this document. It is the Crypto Officer's responsibility to securely deliver the password over to User. 4. Configure Communications with RADIUS Communications between the module and RADIUS may be configured for RADIUS KeyWrap or IPSec. 5. RADIUS KeyWrap and MACK Keys The following CLI commands configure the RADIUS secret and AES-key wrap KEK and MACK: > config radius auth add index ip-address port hex secret > config radius auth keywrap add hex kek mack index > config radius auth keywrap enable 6. IPSec/IKE Optionally, the controller may be configured to communicate with RADIUS via IPSec. Refer to the document at the following link for additional instructions: http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080a829b8.shtml In addition, please be aware that AES is the only allowed symmetric algorithm used in IPSec/IKE encryption/decryption operations in FIPS mode. 7. Configure Pre-shared Keys for 802.11i 802.11i Pre-shared key (PSK) is an optional mode permitted by this security policy. Generation of pre-shared keys is outside the scope of this security policy, but they should © Copyright 2015 Cisco Systems, Inc. 29 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. be as 64 hexadecimal values (256 bits) and manually entered into the module by the following command syntax > config wlan security wpa akm psk set-key hex key index > config wlan security wpa akm psk enable index Refer to Cisco Wireless LAN Controller Configuration Guide for additional instructions. 8. Configure Ciphersuites for 802.11i The following CLI commands create a wireless LAN, configure it to use WPA2, associate it with a RADIUS server, and enable it: > config wlan create index profile_name ssid > config wlan radius_server auth add index radius-server-index > config wlan enable index 9. Configure SNMPv3 Only SNMPv3 with HMAC-SHA-1 is permitted by this security policy. The user passwords shall be selected to be 8 or more characters, including numbers and letters. This has been tested and is FIPS compliant. The following CLI commands enable SNMPv3 with HMAC-SHA1: > config snmp version v1 disable > config snmp version v2c disable > config snmp version v3 enable > config snmp v3user create username hmacsha authkey encryptkey 10. Configure TACACS+ secret The crypto officer may configure the module to use TACACS+ for authentication, authorization and accounting. Configuring the module to use TACACS+ is optional. If the module is configured to use TACACS+, the Crypto-Officer must define TACACS+ shared secret keys that are at least 8 characters long. The following CLI command configures TACACS+ for authentication (auth), authorization (athr) and accounting (acct): >config tacacs [auth | athr | acct] add index ip port [ ascii | hex ] secret © Copyright 2015 Cisco Systems, Inc. 30 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Refer to the Cisco Wireless LAN Controller Configuration Guide for additional instructions. 11. Configure MFP ­ Management Frame Protection (Optional) Infrastructure MFP (Management Frame Protection) enables one access point to validate a neighboring Access Point's management frames. The following CLI command is used to enable infrastructure MFP: >config wps mfp infrastructure enable 802.11w also called PMF (Protected Management Frames) is a standards based form of MFP used to encrypt and sign management frames between the AP and the client. The following CLI command is used to enable client 802.11w: >config wlan security pmf required Refer to the Cisco Wireless LAN Controller Configuration Guide for additional instructions. 12. Configure Data DTLS (optional) The crypto officer may configure the module to use CAPWAP data encryption. CAPWAP data packets encapsulate forwarded wireless frames. Configuring the module to use CAPWAP data encryption is optional. The following CLI commands enable DTLS data encryption for access points on the module: To enable or disable data encryption for all access points or a specific access point, enter this command: a. >config ap link-encryption {enable | disable} {all | Cisco_AP} When prompted to confirm that you want to disconnect the access point(s) and attached client(s), enter b. >Y To save your changes, enter this command: c. >save config Refer to the Cisco Wireless LAN Controller Configuration Guide for additional instructions. 13. Configure Data DTLS with Office Extend Access Points (optional) © Copyright 2015 Cisco Systems, Inc. 31 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. The crypto officer may configure the module to use CAPWAP data encryption with Office Extend Access Points (AP models 1131, 1142, and 3502i). CAPWAP data encryption with Office Extend APs secures communications from a module to a remote access points using CAPWAP data encryption. The following CLI commands enable CAPWAP data encryption with Office Extend APs: To enable hybrid-REAP on the access point, enter this command: a. >config ap mode h-reap Cisco_AP To configure one or more modules for the access point, enter one or all of these commands: b. >config ap primary-base controller_name Cisco_AP controller_ip_address c. >config ap secondary-base controller_name Cisco_AP controller_ip_address d. >config ap tertiary-base controller_name Cisco_AP controller_ip_address To enable the OfficeExtend mode for this access point, enter this command: e. >config hreap office-extend {enable | disable} Cisco_AP To save your changes, enter this command: f. >save config Refer to the Cisco Wireless LAN Controller Configuration Guide for additional instructions. 14. Save and Reboot After executing the above commands, you must save the configuration and reboot the system: a. >save config b. >reset system © Copyright 2015 Cisco Systems, Inc. 32 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.