R3303-HP HSR6800 Routers Security Configuration Guide
62
FIPS configuration example
Network requirements
As shown in Figure 150, Host connects to Router through a console port. Configure Router to operate in
FIPS mode and create a local user for Host so that Host can log in to the router.
Figure 150 Network diagram
Configuration procedure
CAUTION:
A
fter you enable the FIPS mode, be sure to create a local user and its password before you reboot the
device. Otherwise, you cannot log in to the device. If you cannot log in to the device, reboot the device
w
ithout the confi
g
uration file (by i
g
norin
g
or removin
g
the confi
g
uration file) so that the
device operates in
non-FIPS mode, and then make correct configurations.
# Enable the FIPS mode.
<Sysname> system-view
[Sysname] fips mode enable
FIPS mode change requires a device reboot. Continue?[Y/N]:y
Modify the configuration to be fully compliant with FIPS mode, save the configuration to
the next-startup configuration file, and then reboot to enter FIPS mode.
# Enable the password control function.
[Sysname] password-control enable
# Create a local user named test, and set its service type as terminal, privilege level as 3, and password
as AAbbcc1234%. The password is a string of at least 10 characters by default and must contain both
uppercase and lowercase letters, digits, and special characters. (Use an interactive way to configure the
password for the local user. That is, enter password in local user view and follow the prompts to enter the
password.)
[Sysname] local-user test
[Sysname-luser-test] service-type terminal
[Sysname-luser-test] authorization-attribute level 3
[Sysname-luser-test] password
Password:***********
Confirm :***********
Updating user(s) information, please wait...........
[Sysname-luser-test] quit
# Save the configuration.
[Sysname] save
The current configuration will be written to the device. Are you sure? [Y/N]:y
Please input the file name(*.cfg)[cfa0:/startup.cfg]