Exiting Fips Mode - HP 5920 Series Configuration Manual
Hide thumbs
Also See for 5920 Series:
- Command reference manual (607 pages) ,
- Configuration manual (322 pages) ,
- Fc and fcoe configuration manual (257 pages)
Table of Contents
Advertisement
When the device acts as a server to authenticate a client through public keys, the key pairs for the
client must also have a modulus length of 2048 bits.
SSH, SNMPv3, IPsec, and SSL do not support DES, 3DES, RC4, and MD5.
•
The password control function cannot be disabled globally. The undo password-control enable
•
command does not take effect.
The keys must contain at least 15 characters and 4 compositions of uppercase and lowercase letters,
•
digits, and special characters. This requirement applies to the following passwords (the last two
passwords are used for password control):
AAA server's shared key.
IKE per-shared key.
SNMPv3 authentication key.
Password for a device management local user.
Password for switching user roles.
Exiting FIPS mode
After you disable FIPS mode and reboot the device, the device operates in non-FIPS mode.
The system provides two methods to exit FIPS mode: automatic reboot and manual reboot.
Automatic reboot
Select the automatic reboot method. The system automatically creates a default non-FIPS configuration
file named non-fips-startup.cfg, and specifies the file as the startup configuration file. The system reboots
the device by using the default non-FIPS configuration file. After the reboot, you are directly logged into
the device.
Manual reboot
This method requires that you manually complete the configurations for entering non-FIPS mode, and
then reboot the device. To log in to the device after the reboot, you must enter user information according
to the authentication mode. The following default authentication modes are available for different ports
or lines (you can modify the default mode as needed):
The default authentication mode is password for VTY lines.
•
The default authentication mode is none for a console port.
•
After you disable FIPS mode, follow these restrictions and guidelines before you manually reboot the
device:
If you are logged into the device through Telnet, perform the following tasks without exiting the
•
current user line:
Set the authentication mode to scheme.
Configure the username and password. (You can also use the current username and password.)
•
If you are logged into the device through a console port, configure one of the following
authentication modes as needed:
Configure the password authentication mode and a password.
Configure the scheme authentication mode and configure a new username and password (you
can also use the current username and password).
Configure the none authentication mode.
362
- Quick Links:
- Configuration Guide
- Configuring Local Users
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
