cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
642
Views
0
Helpful
5
Replies
newbieftd
Beginner

2504 WLC FIPS compliance

How can I easily check/verify FIPS-2 compliance of each SID my WLC?

Model: 2504

VER: 8.5.151.0

 

Thanks-

5 REPLIES 5
balaji.bandi
VIP Master

Try below command :

 

show switchconfig

 

BB

***** Rate All Helpful Responses *****

How to Ask The Community for Help

(Cisco Controller) >show switchconfig

802.3x Flow Control Mode......................... Disable
FIPS prerequisite features....................... Disabled
WLANCC prerequisite features..................... Disabled
UCAPL prerequisite features...................... Disabled
Last login information display................... Disabled
DTLS WLC MIC .................................... SHA2
secret obfuscation............................... Enabled
Strong Password Check Features
case-check.................................... Enabled
consecutive-check............................. Enabled
default-check................................. Enabled
username-check................................ Enabled
position-check................................ Disabled
case-digit-check.............................. Disabled
Min. Password length.......................... 3
Min. Upper case chars......................... 0
Min. Lower case chars......................... 0
Min. Digits chars............................. 0
Min. Special chars............................ 0
Mgmt User
Password Lifetime [days]...................... 0

--More-- or (q)uit
Password Lockout.............................. Disabled
Lockout Attempts.............................. 3
Lockout Timeout [mins]........................ 5
SNMPv3 User
Password Lifetime [days]...................... 0
Password Lockout.............................. Disabled
Lockout Attempts.............................. 3
Lockout Timeout [mins]........................ 5

(Cisco Controller) >

This line means it's disabled: 

FIPS prerequisite features....................... Disabled

FIPS prerequisite features....................... Disabled

You like to enable here is the proceedure

 

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/cisco_wlc_security.html

BB

***** Rate All Helpful Responses *****

How to Ask The Community for Help

patoberli
VIP Advisor

Never used FIPS, but here is the (very short) manual for it: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/cisco_wlc_security.html

It doesn't mention anything about SSID configuration though. 

 

Another manual (although for the successor platforms): https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2065.pdf

This one should still be valid for your platform though, the commands should not have changed.

 

I don't think there is a command to quickly check the SSIDs though. 

Create
Recognize Your Peers
Content for Community-Ad