Reference Guide
Enabling FIPS Cryptography | 335
Monitoring FIPS Mode Status
The status of the current FIPS mode (Enabled/Disabled) can be viewed directly using either the show fips status command or
the show system command as shown below.
FTOS#show fips status
FIPS Mode : Enabled
for the system using the show system command.
FTOS#show system
Stack MAC : 00:01:e8:8a:ff:0c
Reload Type : normal-reload [Next boot : normal-reload]
-- Unit 0 --
Unit Type : Management Unit
Status : online
Next Boot : online
Required Type : S4810 - 52-port GE/TE/FG (SE)
Current Type : S4810 - 52-port GE/TE/FG (SE)
Master priority : 0
Hardware Rev : 3.0
Num Ports : 64
Up Time : 7 hr, 3 min
FTOS Version : 4810-8-3-7-1061
Jumbo Capable : yes
POE Capable : no
FIPS Mode : enabled
Burned In MAC : 00:01:e8:8a:ff:0c
No Of MACs : 3
...
Disabling the FIPS Mode
Use the console port to disable FIPS mode.
To disable the FIPS mode:
When the FIPS mode is disabled, the following changes occur:
• The SSH server is disabled.
• All open SSH and Telnet sessions, as well as all SCP and FTP file transfers, are closed.
• Any existing host keys (both RSA and RSA1) are deleted from system memory and NVRAM storage.
• The FIPS mode is disabled.
• The SSH server is re-enabled.
• The telnet server is re-enabled if it is present in the configuration
• New 1024-bit RSA and RSA1 host key-pairs are created.
Task Command Syntax Command Mode
To disable FIPS mode from a console port.
no fips mode enable
CONFIG
The following Warning message displays:
WARNING: Disabling FIPS mode will close all SSH/Telnet connections, restart those servers, and destroy
all configured host keys.
Proceed (y/n) ?