To Next Page

To Previous Page

624 Fabric OS Administrator’s Guide

53-1002745-02

Preparing a switch for FIPS

• System services: No

• cfgload attributes: Yes

• Enforce secure config Upload/Download: Press Enter to accept the default.

• Enforce firmware signature validation: Yes

Example

switch:admin> configure

Not all options will be available on an enabled switch.

To disable the switch, use the "switchDisable" command.

Configure...

System services (yes, y, no, n): [no]

…

cfgload attributes (yes, y, no, n): [no] yes

Enforce secure config Upload/Download (yes, y, no, n): [no]

Enforce firmware signature validation (yes, y, no, n): [no] yes

10. Enter the userConfig --change root -e no command to block access to the root account.

By disabling the root account, RADIUS and LDAP users with root permissions are also blocked

in FIPS mode.

11. Enter the portCfgEncrypt

--disable command to disable in-flight encryption. You must first

disable the port.

Example

myswitch:root> portdisable 0

myswitch:root> portcfgencrypt --disable 0

myswitch:root> portenable 0

12. Enter the ipSecConfig --disable command to disable Ethernet IPsec.

13. Disable IPsec for FCIP connections. The procedure depends on the type of extension blade

used.

For FX8-24 extension blades, enter the portCfg fciptunnel [slot/]port modify -ipsec 0

command.

14. Enter the portCfg

--mgmtif delete command to disable in-band management.

15. Enter the following command to disable to authspec mode if TACACS + authentication, PAP, or

CHAP are configured:

sw0:FID128:root> aaaconfig --authspec local

16. Enter the fipsCfg --enable selftests command to enable KAT and conditional tests on the

switch.

17. Enter the fipsCfg

--verify fips command to verify the switch is FIPS-ready.

18. Enter the fipsCfg

--enable fips command.

19. Reboot the switch. For a director, reboot both CPs.

Zeroizing for FIPS

1. Log in to the switch using an account with admin or securityadmin permissions, or a user

account with OM permissions for the FIPSCfg RBAC class of commands.

2. Enter the fipsCfg

--zeroize command.

Brand	HP
Model	StoreFabric SN6500B
Category	Software
Language	English

HP StoreFabric SN6500B User Manual

Table of Contents

Other manuals for HP StoreFabric SN6500B

Questions and Answers:

HP StoreFabric SN6500B Specifications

Related product manuals