Wireless Access

This community is currently in a read-only state due to a maintenance window. For more info click here
Reply
Highlighted
Occasional Contributor I

AirWave cannot enable FIPS

Just recently did a massive upgrade of our AirWave from 8.2.0 to 8.2.8.1. So I'm new to the updated CLI. I went into Security, and am trying to enable FIPS mode. But when I do, I get an error, with a listing of what appears to be all of my controllers and APs (output truncated):

The following ap items are set with ciphers that are not FIPS compliant:
Table: ap ID: 2, PrivProtocol: des, AuthProtocol: md5 Name: **Controller_name**
Table: ap ID: 33, PrivProtocol: des, AuthProtocol: md5 Name: **AP_name**
...
The following default_credentials items are set with ciphers that are not FIPS compliant:
Table: default_credentials ID: 67, PrivProtocol: , AuthProtocol: md5

Please fix the above devices before turning on FIPS mode.

We're running a master/local setup with two 7210s running ArubaOS 6.5.4.7-FIPS_64553.

 

FIPS mode is on on both of the controllers, and I cannot seem to locate any accounts or SNMPv3 users anywhere that do not use SHA/AES; so I'm not sure where AirWave is seeing these MD5/DES accounts, or how to proceed enabling FIPS mode on AirWave.

Highlighted
MVP Expert

Re: AirWave cannot enable FIPS

In message you see it is listing three ap_ids, try naviage to those device manage page and change the settings.

 

Click on any device in Airwave, it will take you to Devices>Monitor page,

Replace xx with ap_id  below montior page ,we have manage page, change setting under communcation section.

 

sample URL

 

https://<airwave ip>/ap_monitoring?id=xx

 

Note: Once you enable FIPS, we can not revert.


Pavan Arshewar | ACCP

If my post address your queries, give kudos and accept as solution!
NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Highlighted
Occasional Contributor I

Re: AirWave cannot enable FIPS

Thank you,

 

I went to an AP's management screen in AirWave, but I'm afraid I can find no 'communication' section. The sections I show are General, Settings, 802.11bgn Radio, 802.11an Radio, Authentication Method, Master Discovery, Link Priority Settings, Network Settings, Maintenance Windows, and Dynamic Variables.

None of these sections contain any setting to change from md5/des. The Authentication section has PPPoE Authentication (disabled) and Remote AP (No).

Highlighted

Re: AirWave cannot enable FIPS

What are the IDs with 2 and 33 on Airwave ? Are these Controllers or APs?

 

Regards,
Vishnu
If my post helped you, don't forget to give kudos ;)
Highlighted
Occasional Contributor I

Re: AirWave cannot enable FIPS

 ID 2 is a controller, but ID 33 is an AP. Note that the controllers do have FIPS mode enabled.

 

Thank you

Highlighted
MVP Expert

Re: AirWave cannot enable FIPS

Go to controller  Devices>manage page and edit the communication settings and try enable FIPSs.


Pavan Arshewar | ACCP

If my post address your queries, give kudos and accept as solution!
NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Highlighted
Occasional Contributor I

Re: AirWave cannot enable FIPS

I don't see any option for enabling FIPS.

 

I'm in AirWave > Devices > (controllor) Manage.
In the Device Communication section, I see:

  • IP Address
  • SNMP Port (1-65535)
  • SSH Port (1-65535)
  • Community String (and confirm)
  • SNMPv3 Username
  • Auth/Priv passwords/protocol
  • Telnet/SSH Usernam/Password
  • Enable password

Nowhere on this page is there an option for FIPS.

 

Thank you,

Highlighted
MVP Expert

Re: AirWave cannot enable FIPS

in manage page you need to change protocols/password and try enable FIPS from AMPCLI.

 

When you are trying to enable FIPS from AMPCLI it is failing with below errors for each ap_id?

 

Table: ap ID: 2, PrivProtocol: des, AuthProtocol: md5 Name: **Controller_name**
Table: ap ID: 33, PrivProtocol: des, AuthProtocol: md5 Name: **AP_name**
...
The following default_credentials items are set with ciphers that are not FIPS compliant:
Table: default_credentials ID: 67, PrivProtocol: , AuthProtocol: md5

 


Pavan Arshewar | ACCP

If my post address your queries, give kudos and accept as solution!
NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: