R3102-R3103-HP 6600/HSR6600 Routers Security Configuration Guide
537
Figure 261 Network diagram
Configuration procedure
# Enable the FIPS mode.
<Sysname> system-view
[Sysname] fips mode enable
FIPS mode change requires a device reboot. Continue?[Y/N]:y
Modify the configuration to be fully compliant with FIPS mode, save the configuration to
the next-startup configuration file, and then reboot to enter FIPS mode.
# Enable the password control function.
[Sysname] password-control enable
# Create a local user named test, and set its service type as terminal, privilege level as 3, and password
as AAbbcc1234%. The password is a string of at least 10 characters by default and must contain both
uppercase and lowercase letters, digits, and special characters. (Use an interactive way to configure the
password for the local user. That is, enter password in local user view and follow the prompts to enter the
password.)
[Sysname] local-user test
[Sysname-luser-test] service-type terminal
[Sysname-luser-test] authorization-attribute level 3
[Sysname-luser-test] password
Password:***********
Confirm :***********
Updating user(s) information, please wait...........
[Sysname-luser-test] quit
CAUTION:
A
fter you enable the FIPS mode, be sure to create a local user and its password before you
reboot the device. Otherwise, you cannot log in to the device. If you cannot lo
g
in to the
device, reboot the device without the configuration file (by i
g
norin
g
or removin
g
the
configuration file) so that the device operates in non-FIPS mode, and then make correct
configurations.
# Save the configuration.
[Sysname] save
The current configuration will be written to the device. Are you sure? [Y/N]:y
Please input the file name(*.cfg)[cfa0:/startup.cfg]
(To leave the existing filename unchanged, press the enter key):
cfa0:/startup.cfg exists, overwrite? [Y/N]:y
Validating file. Please wait....
The current configuration is saved to the active main board successfully.
Configuration is saved to device successfully.
[Sysname] quit