fips mode enable
To enable Federal Information Processing Standards (FIPS) mode, use the fips mode enable command. To
disable FIPS mode, use the no form of this command.
fips mode enable
no fips mode enable
Syntax Description
This command has no arguments or keywords.
Command Default
Disabled
Command Modes
Global configuration (config)
Command History
ModificationRelease
This command was introduced.5.1(1)
Usage Guidelines
Before enabling FIPS mode, ensure that you are in the default virtual device context (VDC).
FIPS has the following prerequisites:
•
Disable Telnet. Users should log in using Secure Shell (SSH) only.
•
Disable SNMPv1 and v2. Any existing user accounts on the device that have been configured for SNMPv3
should be configured only with SHA for authentication and AES/3DES for privacy.
•
Delete all SSH server RSA1 key-pairs.
•
Enable HMAC-SHA1 message integrity checking (MIC) for use during the Cisco TrustSec Security
Association Protocol (SAP) negotiation. To do so, enter the sap hash-algorithm HMAC-SHA-1 command
from the cts-manual or cts-dot1x mode.
This command does not require a license.
Examples
This example shows how to enable FIPS mode:
switch# configure terminal
switch(config)# fips mode enable
FIPS mode is enabled
This example shows how to disable FIPS mode:
switch# configure terminal
switch(config)# no fips mode enable
Cisco Nexus 7000 Series Security Command Reference
339
F Commands
fips mode enable
To Next Page
Loading...
