Manualshelf

Brocade OS Command Reference Manual Supporting Fabric OS v6.0.0 (53-1000599-01, October 2007)

ManualsBrandsHP ManualsComputer AccessoriesHP DC SAN Director Switch Multiprotocol Extension Blade Option
231232233234235236237238239240
208 Fabric OS Command Reference
53-1000599-01
fipsConfig
2
fipsConfig
Configures FIPS (Federal Information Processing Standards) mode.
Synopsis fipscfg --enable [ fips | selftests]
fipscfg --disable [ fips | selftests]
fipscfg --zeroize
fipscfg --show | --showall
fipscfg --force fips
fipscfg --verify fips
fipscfg --disable | --enable bootprom
Description Use this command to configure FIPS mode in the switch. In this mode, only FIPS compliant
algorithms will be allowed. As part of FIPS 140-2 level 2 compliance, passwords, shared secrets
and the private keys used in SSL/TLS, system login, etc. need to be zeroized. Power-up self tests
will be executed when the switch is powered on to check for the consistency of the algorithms
implemented in the switch.
Notes Certain services and functions, such as FTP, HTTP, remote procedure calls (RPC), root account,
boot prom access, etc., must be blocked For the system to enter FIPS mode.
The system must be rebooted for FIPS mode changes to take effect.
The execution of this command is subject to Admin Domain restrictions that may be in place.
Refer to the Fabric OS Administrator's Guide for information on configuring your system for FIPS
140-2 level 2 compliance.
FIPS is not supported on all platforms. For FIPS compliant hardware, refer to the Fabric OS
Administrator's Guide.
Operands The command takes as input an operand and its associated arguments. Without any specified
operands, the command prints out the usage.
This command has the following operands:
--disable [ fips | selftests ]
Disables FIPS or Selftests mode. Note: Selftests cannot be disabled when
FIPS mode is enabled
--enable [ fips | selftests ]
Enables FIPS or Selftests mode. Note: Selftests must be enabled before FIPS
mode is enabled.
--zeroize Erases all passwords, shared secrets, private keys, etc. in the system.
--show |--showall Displays the current FIPS configuration
--force fips This option will enable FIPS mode even if prerequisites are not met, except
under the following two conditions:.
1. In a dual CP system if HA is not in sync between the two CPs.
2. If selftests is in disabled state.