Showing results for 
Search instead for 
Did you mean: 

Configuring Wireless Controllers for FIPS 140-2 Mode






In order for a 4400 or WiSM wireless controller to operate in a FIPS compliance mode, the following configuration must be performed on the 4400 CLI via a console connection.




Enable FIPS Mode of Operation


The following CLI command places the controller in FIPS mode of operation, enabling all necessary self tests and algorithm restrictions:


config switchconfig fips-prerequisite enable



Disable Boot Break


The following CLI command prevents breaking out of the boot process. It must be executed after enabling FIPS mode of operations:


config switchconfig boot-break disable



Configure HTTPS Key


The following command configures the controller to use device key for the HTTPS server. It must be executed after enabling FIPS mode of operation:


config certificate use-device-certificate webadmin



The following security configuration can be entered via the 4400 GUI or the CLI



Configure SNMP


Non-security related remote monitoring and management of the controller can be done via SNMP. Only SNMPv3 with HMAC-SHA1 is permitted by this security policy. The user passwords shall be selected to be 8 or more characters, including numbers and letters.


The following CLI commands enable SNMPv3 with HMAC-SHA1:


config snmp version v1 disable


config snmp version v2c disable


config snmp version v3 enable


config snmo v3user create username hmacsha authkey encryptkey



Configure Management Frame Protection (MFP)


Infrastructure MFP enables one access point to validate a neighboring Access Point?s management frames. Configuring the controller to user MFP is optional. The following CLI command is used to enable infrastructure MFP:


config wps mfp infrastructure enable



Reference information on FIPS security configuration


Content for Community-Ad