Users Guide
Monitoring FIPS Mode Status
To view the status of the current FIPS mode (enabled/disabled), use the following commands.
• Use either command to view the status of the current FIPS mode.
show fips status
show system
Example of the show fips status and show system Commands
Dell#show fips status
FIPS Mode : Enabled
for the system using the show system command.
Dell#show system
System MAC : 00:01:e8:8a:ff:0c
Reload Type : normal-reload [Next boot : normal-reload]
-- Unit 0 --
Unit Type : Management Unit
Status : online
Next Boot : online
Required Type : C9010 - 48-port GE/TE/FG (SE)
Current Type : C9010 - 48-port GE/TE/FG (SE)
Master priority : 0
Hardware Rev : 3.0
Num Ports : 64
Up Time : 7 hr, 3 min
Dell Version : C9010-8-3-7-1061
Jumbo Capable : yes
POE Capable : no
FIPS Mode : enabled
Burned In MAC : 00:01:e8:8a:ff:0c
No Of MACs : 3
...
Disabling FIPS Mode
The following describes disabling FIPS mode.
When you disable FIPS mode, the following changes occur:
• The SSH server disables.
• All open SSH and Telnet sessions, as well as all SCP and FTP file transfers, close.
• Any existing host keys (both RSA and RSA1) are deleted from system memory and NVRAM storage.
• FIPS mode disables.
• The SSH server re-enables.
• The Telnet server re-enables (if it is present in the configuration).
• New 1024–bit RSA and RSA1 host key-pairs are created.
To disable FIPS mode, use the following command.
• To disable FIPS mode from a console port.
412
FIPS Cryptography