Fabric OS 6.2 administrator guide 161
8. Enter the following command to block access to root:
userconfig --change root -e no
By disabling the root account, RADIUS and LDAP users with root roles are also blocked in FIPS mode.
9. Verify that your switch is FIPS ready:
fipscfg --verify fips
10. Enter the command fipsCfg
--enable fips.
11. Reboot the switch.
Disabling FIPS mode
1. Log in to the switch using an account assigned the admin or securityAdmin role.
2. Enter the command fipsCfg
--disable fips.
3. Reboot the switch.
4. Enable the root account by following the bootprom:
userconfig --change root -e yes
5. Enable access to the bootprom:
fipscfg –-enable bootprom
6. Optional: Use the configure command to set switch to use non-signed firmware.
By keeping the switch set to use signed firmware, all firmware downloaded to the switch will have to be
signed with a key. For more information, see Chapter 8, ”Configuring advanced security features” on
page 117.
7. Disable selftests by typing the following command:
fipscfg --disable selftests
8. Disable IPFilter policies that were created to enable FIPS.
9. Optional: Configure RADIUS server authentication protocol.
10. Reboot the switch.
Zeroizing for FIPS
1. Log in to the switch using an account assigned the admin or securityAdmin role.
2. Enter the command fipsCfg
--zeroize.
3. Reboot the switch.
Displaying FIPS configuration
1. Log in to the switch using an account assigned the admin or securityAdmin role.
2. Enter the command fipsCfg
--showall.
To Next Page
Loading...
