R0106-HP MSR Router Series Security Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR4060 Router Chassis

451

452

453

454

455

456

457

458

459

460

443

Entering FIPS mode through manual reboot

Network requirements

Use the manual reboot method to enter FIPS mode, and use a console/AUX/Async port to log in to the

device in FIPS mode.

Configuration procedure

# Enable the password control function globally.

<Sysname> system-view

[Sysname] password-control enable

# Set the number of character types a password must contain to 4, and set the minimum number of

characters for each type to one character.

[Sysname] password-control composition type-number 4 type-length 1

# Set the minimum length of user passwords to 15 characters.

[Sysname] password-control length 15

# Add a local user account for device management, including a username of test, a password of

12345 zxcv b! @# $% ZX CVB , a user role of network-admin, and a service type of terminal.

[Sysname] local-user test class manage

[Sysname-luser-manage-test] password simple 12345zxcvb!@#$%ZXCVB

[Sysname-luser-manage-test] authorization-attribute user-role network-admin

[Sysname-luser-manage-test] service-type terminal

[Sysname-luser-manage-test] quit

# Enable FIPS mode, and choose the manual reboot method to enter FIPS mode.

[Sysname] fips mode enable

FIPS mode change requires a device reboot. Continue? [Y/N]:y

Reboot the device automatically? [Y/N]:n

Change the configuration to meet FIPS mode requirements, save the configuration to the

next-startup configuration file, and then reboot to enter FIPS mode.

# Save the current configuration to the root directory of the storage medium, and specify it as the startup

configuration file.

[Sysname] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

flash:/startup.cfg exists, overwrite? [Y/N]:y

Validating file. Please wait...

Saved the current configuration to device successfully.

[Sysname] quit

# Delete the startup configuration file in binary format.

<Sysname> delete flash:/startup.mdb

Delete flash:/startup.mdb?[Y/N]:y

Deleting file flash:/startup.mdb...Done.

# Reboot the device.

<Sysname> reboot