Fabric OS Administrator's Guide v7.0.0 (53-1002148-02, June 2011)
524 Fabric OS Administrator’s Guide
53-1002148-02
Preparing the switch for FIPS
C
13. Disable IPsec for FCIP connections. The procedure depends on the type of extension blade
used.
For FX8-24 extension blades, enter the portCfg fciptunnel <[slot/]port> modify -ipsec 0
command.
For FR4-18i router blades, follow these steps:
a. Enter the portCfg fciptunnel <[slot/port> delete <tunnel_id> command to delete the FCIP
tunnel.
b. Enter the policy --delete ipsec command to delete the associated IPsec policy.
c. Enter the policy --delete ike command to delete the associated IKE policy.
14. Enter the portCfg --mgmtif delete command to disable in band management.
15. Enter the fipsCfg --enable selftests command to enable KAT and conditional tests on the
switch.
16. Enter the fipsCfg --verify fips command to verify the switch is FIPS-ready.
17. Enter the fipsCfg
--enable fips command.
18. Reboot the switch. If a director, reboot both CPs.
Zeroizing for FIPS
1. Log in to the switch using an account with admin or securityadmin permissions, or a user
account with OM permissions for the FIPSCfg RBAC class of commands.
2. Enter the fipsCfg
--zeroize command.
3. Reboot the switch.
Displaying FIPS configuration
1. Log in to the switch using an account with admin or securityadmin permissions, or a user
account with the O permission for the FCIPCfg RBAC class of commands.
2. Enter the fipsCfg
--showall command.