HP MSR2000/3000/4000 Router Series Fundamentals Configuration Guide
99
authorization-attribute user-role network-admin
#
interface Ethernet1/1
port link-mode route
ip address 1.1.1.1 255.255.255.0
#
FIPS compliance
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features,
commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about
FIPS mode, see Security Configuration Guide.
Enabling configuration encryption
Configuration encryption enables the device to automatically encrypt a startup configuration file when
saving the running configuration. This function provides the following methods:
• Private key method—Any HP device running Comware V7 software can decrypt the encrypted
configuration file.
• Public key method—Any HP device running the same software version as the encrypting device can
decrypt the encrypted configuration file.
To enable configuration encryption:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable configuration
encryption.
configuration encrypt { private-key |
public-key }
By default, configuration
encryption is disabled.
Configuration is saved
unencrypted.
Saving the running configuration
When saving the running configuration to a configuration file, you can specify the file as the next-startup
configuration file.
If you are specifying the file as the next-startup configuration file, use one of the following methods to
save the configuration:
• Fast mode—Use the save command without the safely keyword. In this mode, the device directly
overwrites the target next-startup configuration file. If a reboot or power failure occurs during this
process, the next-startup configuration file is lost. You must specify a new startup configuration file
after the device reboots (see "Specifying a next-startup configuration file")
.
• Safe mode—Use the save command with the safely keyword. Safe mode is slower than fast mode,
but more secure. In safe mode, the system saves configuration in a temporary file and starts
overwriting the target next-startup configuration file after the save operation is complete. If a reboot
or power failure occurs during the save operation, the next-startup configuration file is still retained.