Manualshelf

R211x-HP Flexfabric 11900 Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products
251252253254255256257258259260
242
{ save.
{ Other commands used for configuration preparation to enter FIPS mode.
If a device enters FIPS or non-FIPS mode through automatic reboot, configuration rollback fails. To
support configuration rollback, you must execute the save command after the device enters FIPS or
non-FIPS mode.
Do not use FIPS and non-FIPS devices to create an IRF fabric.
To enable FIPS mode for an IRF fabric, you must reboot the entire IRF fabric.
The default MDC supports FIPS commands. Other MDCs do not support FIPS commands.
Configuring FIPS mode
Entering FIPS mode
After you enable FIPS mode and reboot the device, the device operates in FIPS mode. The FIPS device
has strict security requirements, and performs self-tests on cryptography modules to verify that they are
operating correctly.
A FIPS device meets the requirements defined in Network Device Protection Profile (NDPP) of Common
Criteria (CC).
The system provides two methods to enter FIPS mode: automatic reboot and manual reboot.
Automatic reboot
To use automatic reboot to enter FIPS mode:
1. Enable FIPS mode.
2. Select the automatic reboot method.
The system automatically performs the following tasks:
a. Create a default FIPS configuration file named fips-startup.cfg.
b. Specify the default file as the startup configuration file.
c. Prompt you to configure the username and password for next login.
You can press Ctrl+C to exit the configuring process. The fips mode enable command will not be
executed.
3. Configure a username and password to log in to the device in FIPS mode.
The password must include at least 15 characters that contain uppercase and lowercase letters,
digits, and special characters.
The system automatically uses the startup configuration file to reboot the device and enter FIPS
mode. You can only use the configured username and password to log in to the FIPS device. After
login, you are assigned the role of security administrator Crypto Officer.
Manual reboot
To use manual reboot to enter FIPS mode:
1. Enable the password control function globally.
2. Set the number of character types a password must contain to 4, and set the minimum number of
characters for each type to one character.
3. Set the minimum length of user passwords to 15 characters.