Module Name
Huawei S5720-SI & S5720-LI Series Switches
Validation Dates
07/27/2017
Caveat
When operated in FIPS mode and with the tamper evident seals and external baffles installed as indicated in the Security Policy. The protocol SNMP shall not be used when operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy (applies to S5720-52X-LI-AC, S5720-28X-PWR-LI-AC, S5720-12TP-LI-AC and S5720-12TP-PWR-LI-AC).
Security Level Exceptions
- Roles, Services, and Authentication: Level 3
- Design Assurance: Level 3
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The S5720 series Ethernet switches are next-generation energy-saving switches developed by Huawei to meet the demand for high-bandwidth access and Ethernet multi-service aggregation. Based on cutting-edge hardware and Huawei Versatile Routing Platform (VRP) software, the S5720 provides a large switching capacity, high reliability (double power slots and hardware Ethernet OAM), and high-density GE ports to accommodate 10 Gbit/s upstream transmissions. The S5720 is available in a lite (LI) series, a standard (SI) series, an enhanced (EI) series, and a hyper (HI) series.
FIPS Algorithms
| AES |
Cert. #4400 |
| CKG |
vendor affirmed |
| CVL |
Cert. #1107 |
| DRBG |
Cert. #1418 |
| DSA |
Cert. #1175 |
| ECDSA |
Cert. #1057 |
| HMAC |
Cert. #2924 |
| KTS |
AES Cert. #4400 and HMAC Cert. #2924; key establishment methodology provides 128 or 256 bits of encryption strength |
| KTS |
Triple-DES Cert. #2372 and HMAC Cert. #2924; key establishment methodology provides 112 bits of encryption strength |
| RSA |
Cert. #2380 |
| SHS |
Cert. #3627 |
| Triple-DES |
Cert. #2372 |
Allowed Algorithms
Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Hardware Versions
S5720-12TP-LI-AC P/N 98010567 Version E.3 with [1 and 2], S5720-12TP-PWR-LI-AC P/N 98010570 Version D.2 with [1 and 2], S5720-28X-LI-24S-AC P/N 98010629 Version D.2 with [1 and 2], S5720-28X-LI-AC P/N 98010581 Version C.2 with [1 and 2], S5720-28X-PWR-LI-AC P/N 98010593 Version C.2 with [1 and 2], S5720-28X-PWR-SI-AC P/N 02350DLW Version E.3 with [1 and 2], S5720-28X-SI-24S-AC P/N 98010625 Version C.22 with [1 and 2], S5720-28X-SI-AC P/N 02350DLT Version E.3 with [1 and 2], S5720-52P-LI-AC P/N 98010600 Version C.2 with [1 and 2], S5720-52P-PWR-LI-AC P/N 98010612 Version C.2 with [1], S5720-52P-SI-AC P/N 02350DLU Version E.3 with [1 and 2], S5720-52X-LI-AC P/N 98010606 Version D.2 with [1 and 2], S5720-52X-PWR-LI-AC P/N 98010619 Version C.2 with [1], S5720-52X-PWR-SI-AC P/N 02350DLX Version E.3 with [1 and 2], S5720-52X-SI-AC P/N 02350DLV Version E.3 with [1 and 2]; Tamper Seals P/N 4057-113016 [1] and External Baffle P/N 99089JEB [2]
Firmware Versions
V200R010C00SPC900B900
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
