4000 Router Series Security Command Reference

453

FIPS commands

fips mode enable

Use fips mode enable to enable FIPS mode.

Use undo fips mode enable to disable FIPS mode.

Syntax

fips mode enable

undo fips mode enable

Default

The FIPS mode is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

After you enable FIPS mode and reboot the device, the device operates in FIPS mode. The FIPS device

has strict security requirements, and performs self-tests on cryptography modules to verify that they are

operating correctly.

After you execute the fips mode enable command, the system provides the following methods to enter

FIPS mode:

• Automatic reboot

Select the automatic reboot method. The system automatically performs the following tasks:

a. Create a default FIPS configuration file named fips-startup.cfg.

b. Specify this file as the startup configuration file.

c. Require you to configure the username and password for next login.

You can press Ctrl+C to exit the configuring process so the fips mode enable command will not be

executed.

The system automatically uses the specified startup configuration file to reboot the device after you

configure the administrator's username and password.

• Manual reboot

This method requires that you manually complete the configurations for entering FIPS mode, and

then reboot the device.

To use manual reboot to enter FIPS mode:

d. Enable the password control function globally.

e. Set the number of character types a password must contain to 4, and set the minimum number

of characters for each type to one character.

f. Set the minimum length of user passwords to 15 characters.