R21xx-HP FlexFabric 11900 Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products

151

152

153

154

155

156

157

158

159

160

149

return

FIPS configuration example (manual reboot)

Network requirements

Use the manual reboot method to enter FIPS mode, and log in to the device through a Console port.

Configuration procedure

# Enable password control globally.

<Sysname> system-view

[Sysname] password-control enable

# Set the number of character types in a password for password control to 4 and configure at least one

character for each type.

[Sysname] password-control composition type-number 4 type-length 1

# Configure the password managed by password control to contain at least 15 characters.

[Sysname] password-control length 15

# Add a local user of the manage level with the username test, password 12345zxcvb!@#$%ZXCVB,

user role network-admin, and service type Terminal.

[Sysname] local-user test class manage

[Sysname-luser-manage-test] password simple 12345zxcvb!@#$%ZXCVB

[Sysname-luser-manage-test] authorization-attribute user-role network-admin

[Sysname-luser-manage-test] service-type terminal

[Sysname-luser-manage-test] quit

# Enable FIPS mode, and choose the manual reboot method to enter FIPS mode.

This command enables FIPS mode and requires a device reboot, are you sure? [Y/N]:y

Reboot the device automatically to enter FIPS mode? [Y/N]:n

Prepare and save all configurations for FIPS mode in the startup configuration file, and

then reboot the device.

# Save the current configuration to mainboard device, and specify it as the next startup configuration file.

[Sysname] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

flash:/startup.cfg exists, overwrite? [Y/N]:y

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

[Sysname] quit

# Delete the next startup configuration file in binary notation.

<Sysname> delete flash:/startup.mdb

Delete flash:/startup.mdb?[Y/N]:y

Deleting file flash:/startup.mdb...Done.

# Reboot the device.

<Sysname> reboot