← Back to HPE Aruba Networking AOS Wireless Security Technical Implementation Guide

V-266627

CAT II (Medium)

AOS must require devices to reauthenticate when organization-defined circumstances or situations requiring reauthentication.

Rule ID

SV-266627r1173879_rule

STIG

HPE Aruba Networking AOS Wireless Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-002039

Discussion

Without authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity on the network. In addition to the reauthentication requirements associated with session locks, organizations may require reauthentication of devices, including (but not limited to), the following other situations: (i) When authenticators change; (ii) When roles change; (iii) When security categories of information systems change; (iv) After a fixed period of time; or (v) Periodically. This requirement only applies to components where this is specific to the function of the device or has the concept of device authentication.

Check Content

Verify the AOS configuration with the following command:
show crypto-local ipsec-map

If the configured IPSec maps are not configured to support a security association lifetime of 28,800 seconds (8 hours), this is a finding.

Fix Text

Configure AOS with the following commands:
configure terminal
crypto-local ipsec-map <name> <priority>
set security-association lifetime seconds 28800
exit
write memory