To Next Page

To Previous Page

1137

Default

FIPS mode is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

After you enable FIPS mode and reboot the device, the device operates in FIPS mode. The FIPS

device has strict security requirements, and performs self-tests on cryptography modules to verify

that they are operating correctly.

After you execute the fips mode enable command, the system provides the following methods to

enter FIPS mode:

• Automatic reboot

Select the automatic reboot method. The system automatically performs the following tasks:

a. Create a default FIPS configuration file named fips-startup.cfg.

b. Specify the default file as the startup configuration file.

c. Require you to configure the username and password for next login.

You can press Ctrl+C to exit the configuring process so the fips mode enable command will

not be executed.

The system automatically uses the specified startup configuration file to reboot the device after

you configure the administrator's username and password.

• Manual reboot

This method requires that you manually complete the configurations for entering FIPS mode,

and then reboot the device.

To use manual reboot to enter FIPS mode:

d. Enable the password control feature globally.

e. Set the number of character types a password must contain to 4, and set the minimum

number of characters for each type to one character.

f. Set the minimum length of user passwords to 15 characters.

g. Add a local user account for device management, including the following items:

− A username.

− A password that must comply with the password control policies.

− A user role of network-admin.

− A service type of terminal.

h. Delete the FIPS-incompliant local user service types Telnet, HTTP, and FTP.

i. Save the configuration file and specify it as the startup configuration file.

j. Delete the original startup configuration file in binary format.

k. Reboot the device.

After the fips mode enable command is executed, the system prompts you to choose a reboot

method. If you do not make a choice within 30 seconds, the system uses the manual reboot method

by default.

After the undo fips mode enable command is executed, the system provides the following methods

to exit FIPS mode:

• Automatic reboot

Other manuals for H3C MSR Series

Manual33 pages

Probe Command Reference28 pages

Configuration Guide80 pages

Troubleshooting Guide28 pages

User Guide26 pages

Questions and Answers:

Need help?

Do you have a question about the H3C MSR Series and is the answer not in the manual?

H3C MSR Series Specifications

General

Category	Network Router
IPv6 Support	Yes
Dimensions	Varies by model
Weight	Varies by model
Product Type	Modular Router
Ports	Varies by model
WAN Interfaces	Varies by model
Firewall	Yes
QoS	Yes
Wireless Support	Varies by model
USB Ports	Varies by model
Console Port	Yes
Power Supply	Varies by model
Redundancy	Varies by model
Operating Temperature	0°C to 45°C
Storage Temperature	-40°C to 70°C
Humidity	5% to 95% non-condensing
Series	MSR
Certifications	CE, FCC, RoHS