1-27
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-25303-03
Chapter 1 Assigning the Switch IP Address and Default Gateway
Boot Loader Upgrade and Image Verification for the FIPS Mode of Operation
Configure an existing FIPS
complaint switch running Cisco
IOS Release 15.0(2)SE1 to work in
a non-FIPS mode.
• Configure the no fips authoriza-
tion-key authorization-key global
configuration command.
• Reload the switch for the configu-
ration to take effect. By default, the
switch automatically boots up;
however, if you have configured it
to boot up manually, you have to
initiate the reboot.
• The boot loader is not updated.
• The switch works normally and the FIPS
commands are no longer available.
• The following message appears in the boot
sequence: “Image passed digital signature
verification”.
Note If you upload a corrupt or unsigned
image, the following message appears
during boot up: “WARNING: Unable
to determine image authentication.
Image is either unsigned or is signed
but corrupted.”
Downgrade from a Cisco IOS
Release 15.0(2)SE1 image in FIPS
mode to an older release.
• Configure the no fips authoriza-
tion-key authorization-key global
configuration command.
• Reload the switch for the configu-
ration to take effect. By default, the
switch automatically boots up;
however, if you have configured it
to boot up manually, you have to
initiate reboot.
• Upload and boot the older image.
• The boot loader is not downgraded.
• The switch work normally and the FIPS
commands are no longer available.
• The following message appears in the boot
sequence: “WARNING: Unable to
determine image authentication. Image is
either unsigned or is signed but corrupted.”
Table 1-6 Upgrade and Downgrade Scenarios Relating to FIPS Certified Images (continued)
Upgrade/ Downgrade Scenario Action Status or Result
To Next Page
Loading...
