Reference Guide

ManualsBrandsDell ManualsComputer equipmentForce10 Z9000

331

332

333

334

335

336

337

338

339

340

Enabling FIPS Cryptography | 335

Monitoring FIPS Mode Status

The status of the current FIPS mode (Enabled/Disabled) can be viewed directly using either the show fips status command or

the show system command as shown below.

FTOS#show fips status

FIPS Mode : Enabled

for the system using the show system command.

FTOS#show system

Stack MAC : 00:01:e8:8a:ff:0c

Reload Type : normal-reload [Next boot : normal-reload]

-- Unit 0 --

Unit Type : Management Unit

Status : online

Next Boot : online

Required Type : S4810 - 52-port GE/TE/FG (SE)

Current Type : S4810 - 52-port GE/TE/FG (SE)

Master priority : 0

Hardware Rev : 3.0

Num Ports : 64

Up Time : 7 hr, 3 min

FTOS Version : 4810-8-3-7-1061

Jumbo Capable : yes

POE Capable : no

FIPS Mode : enabled

Burned In MAC : 00:01:e8:8a:ff:0c

No Of MACs : 3

...

Disabling the FIPS Mode

Use the console port to disable FIPS mode.

To disable the FIPS mode:

When the FIPS mode is disabled, the following changes occur:

• The SSH server is disabled.

• All open SSH and Telnet sessions, as well as all SCP and FTP file transfers, are closed.

• Any existing host keys (both RSA and RSA1) are deleted from system memory and NVRAM storage.

• The FIPS mode is disabled.

• The SSH server is re-enabled.

• The telnet server is re-enabled if it is present in the configuration

• New 1024-bit RSA and RSA1 host key-pairs are created.

Task Command Syntax Command Mode

To disable FIPS mode from a console port.

no fips mode enable

CONFIG

The following Warning message displays:

WARNING: Disabling FIPS mode will close all SSH/Telnet connections, restart those servers, and destroy

all configured host keys.

Proceed (y/n) ?