Manualshelf

HP MSR2000/3000/4000 Router Series Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router
461462463464465466467468469470
454
g. Add a local user account for device management, including the following items:
A username.
A password that must comply with the password control policies.
A user role of network-admin.
A service type of terminal.
h. Delete the FIPS-incompliant local user service types Telnet and FTP.
i. Save the configuration file and specify it as the startup configuration file.
j. Delete the original startup configuration file in binary format.
k. Reboot the device.
After the fips mode enable command is executed, the system prompts you to choose a reboot method. If
you do not make a choice within 30 seconds, the system uses the manual reboot method by default.
After the undo fips mode enable command is executed, the system provides the following methods to exit
FIPS mode:
Automatic reboot
Select the automatic reboot method. The system automatically creates a default non-FIPS
configuration file named non-fips-startup.cfg, and specifies the file as the startup configuration file.
The system reboots the device by using the default non-FIPS configuration file. After the reboot, you
are directly logged into the device.
Manual reboot
This method requires that you manually complete the configurations for entering non-FIPS mode,
and then reboot the device. After the device reboots, you must enter user information according to
the authentication mode to log in to the device.
Examples
# Enable FIPS mode, and choose the automatic reboot method to enter FIPS mode.
<Sysname> system-view
[Sysname] fips mode enable
FIPS mode change requires a device reboot. Continue? [Y/N]:y
Reboot the device automatically? [Y/N]:y
The system will create a new startup configuration file for FIPS mode. After you set the
login username and password for FIPS mode, the device will reboot automatically.
Enter username(1-55 characters): root
Enter password(15-63 characters):
Confirm password:
Waiting for reboot... After reboot, the device will enter FIPS mode.
# Enable FIPS mode, and choose the manual reboot method to enter FIPS mode.
<Sysname> system-view
[Sysname] fips mode enable
FIPS mode change requires a device reboot. Continue? [Y/N]:y
Reboot the device automatically? [Y/N]:n
Change the configuration to meet FIPS mode requirements, save the configuration to the
next-startup configuration file, and then reboot to enter FIPS mode.
# Disable FIPS mode, and choose the automatic reboot method to enter non-FIPS mode.
[Sysname] undo fips mode enable
FIPS mode change requires a device reboot. Continue? [Y/N]:y