Wireless Access

Just recently did a massive upgrade of our AirWave from 8.2.0 to 8.2.8.1. So I'm new to the updated CLI. I went into Security, and am trying to enable FIPS mode. But when I do, I get an error, with a listing of what appears to be all of my controllers and APs (output truncated):

The following ap items are set with ciphers that are not FIPS compliant:
Table: ap ID: 2, PrivProtocol: des, AuthProtocol: md5 Name: **Controller_name**
Table: ap ID: 33, PrivProtocol: des, AuthProtocol: md5 Name: **AP_name**
...
The following default_credentials items are set with ciphers that are not FIPS compliant:
Table: default_credentials ID: 67, PrivProtocol: , AuthProtocol: md5

Please fix the above devices before turning on FIPS mode.

We're running a master/local setup with two 7210s running ArubaOS 6.5.4.7-FIPS_64553.

FIPS mode is on on both of the controllers, and I cannot seem to locate any accounts or SNMPv3 users anywhere that do not use SHA/AES; so I'm not sure where AirWave is seeing these MD5/DES accounts, or how to proceed enabling FIPS mode on AirWave.

In message you see it is listing three ap_ids, try naviage to those device manage page and change the settings.

Click on any device in Airwave, it will take you to Devices>Monitor page,

Replace xx with ap_id  below montior page ,we have manage page, change setting under communcation section.

sample URL

https://<airwave ip>/ap_monitoring?id=xx

Note: Once you enable FIPS, we can not revert.

Thank you,

I went to an AP's management screen in AirWave, but I'm afraid I can find no 'communication' section. The sections I show are General, Settings, 802.11bgn Radio, 802.11an Radio, Authentication Method, Master Discovery, Link Priority Settings, Network Settings, Maintenance Windows, and Dynamic Variables.

None of these sections contain any setting to change from md5/des. The Authentication section has PPPoE Authentication (disabled) and Remote AP (No).

What are the IDs with 2 and 33 on Airwave ? Are these Controllers or APs?

 ID 2 is a controller, but ID 33 is an AP. Note that the controllers do have FIPS mode enabled.

Thank you

Go to controller  Devices>manage page and edit the communication settings and try enable FIPSs.

I don't see any option for enabling FIPS.

I'm in AirWave > Devices > (controllor) Manage.
In the Device Communication section, I see:

• IP Address
• SNMP Port (1-65535)
• SSH Port (1-65535)
• Community String (and confirm)
• SNMPv3 Username
• Auth/Priv passwords/protocol
• Telnet/SSH Usernam/Password
• Enable password

Nowhere on this page is there an option for FIPS.

Thank you,

in manage page you need to change protocols/password and try enable FIPS from AMPCLI.

When you are trying to enable FIPS from AMPCLI it is failing with below errors for each ap_id?

Table: ap ID: 2, PrivProtocol: des, AuthProtocol: md5 Name: **Controller_name**
Table: ap ID: 33, PrivProtocol: des, AuthProtocol: md5 Name: **AP_name**
...
The following default_credentials items are set with ciphers that are not FIPS compliant:
Table: default_credentials ID: 67, PrivProtocol: , AuthProtocol: md5