484
Step Command
1. Enter system view.
system-view
2. Trigger a self-test.
fips self-test
Configuring FIPS mode
Configuration considerations
To enter the FIPS mode, follow these steps:
1. Enable FIPS mode.
2. Enable the password control function.
3. Configure a username and password used to log in to the device.
The password must include at least 10 characters that must contain uppercase and lowercase
letters, digits, and special characters.
4. Set the user level to 3, and service type to Terminal or Web.
5. Delete all MD5-based digital certificates.
6. Delete the DSA key pairs that have a modulus length of less than 1024 bits and all RSA key
pairs.
7. Save the configuration.
Enabling FIPS mode
Follow these guidelines when you configure FIPS mode:
• If you must enable both FIPS mode and the password control function, enable FIPS mode first.
• If you must disable both FIPS mode and the password control function, disable password
control first.
To enable FIPS mode:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enable FIPS mode.
fips mode enable
By default, the FIPS mode is
disabled.
Configuration changes in FIPS mode
When the system enters FIPS mode, the following changes occur:
• The FTP/TFTP server is disabled.
• The Telnet server is disabled.
• The HTTP server is disabled.
• SNMPv1 and SNMPv2c are disabled. Only SNMPv3 is available.
• The SSL server only supports TLS1.0.
• The SSH server does not support SSHv1 clients.
To Next Page
Loading...
Need help?
General
