irf mac-address persistent timer
irf auto-update enable
irf link-delay 0
irf member 2 priority 1
FIPS compliance
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features,
commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about
FIPS mode, see Security Configuration Guide.
Enabling configuration encryption
Configuration encryption enables the device to automatically encrypt a startup configuration file when it
saves the running configuration. This function provides the following methods:
•
Private key method—Only the encrypting device can decrypt the encrypted configuration file.
Public key method—Any device running the same software version as the encrypting device can
•
decrypt the encrypted configuration file.
IMPORTANT:
Do not move or copy a private-key-encrypted configuration file between IRF member devices. These
actions can cause a decryption failure because the member devices use different private keys.
To enable configuration encryption:
Step
1.
Enter system view.
2.
Enable configuration
encryption.
Saving the running configuration
When saving the running configuration to a configuration file, you can specify the file as a next-startup
configuration file.
If you are specifying the file as a next-startup configuration file, use one of the following methods to save
the configuration:
•
Fast mode—Use the save command without the safely keyword. In this mode, the device directly
overwrites the target next-startup configuration file. If a reboot or power failure occurs during this
process, the next-startup configuration file is lost. You must specify a new startup configuration file
after the device reboots (see
Safe mode—Use the save command with the safely keyword. Safe mode is slower than fast mode,
•
but more secure. In safe mode, the system saves configuration in a temporary file and starts
Command
system-view
configuration encrypt { private-key |
public-key }
"Specifying a next-startup configuration
84
Remarks
N/A
By default, configuration
encryption is disabled.
Configuration is saved
unencrypted.
file").