Cisco Catalyst 3560-X Software Configuration Manual page 130

Boot Loader Upgrade and Image Verification for the FIPS Mode of Operation
The following table describes upgrade and downgrade scenarios using different images and using the
FIPS mode or non-FIPS mode:
Table 1-6
Upgrade/ Downgrade Scenario
Upgrade from an image that is in
the FIPS mode to a Cisco IOS
Release 15.0(2)SE1 image in the
FIPS mode.
Upgrade from a switch that is in
the non-FIPS mode to a Cisco IOS
Release 15.0(2)SE1 image in the
FIPS mode.
Upgrade to Cisco IOS Release
15.0(2)SE1 in the non-FIPS mode.
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
1-26
Upgrade and Downgrade Scenarios Relating to FIPS Certified Images
Action
Boot with the Cisco IOS Release
15.0(2)SE1 image.
• Configure the fips authoriza-
tion-key authorization-key global
configuration command.
Reload the switch for the FIPS key
•
to be operational. By default, the
switch automatically boots up;
however, if you have configured it
to boot up manually, you have to
initiate the reboot.
• After the boot loader is upgraded,
boot with the Cisco IOS Release
15.0(2)SE1 image.
Boot with the Cisco IOS Release
15.0(2)SE1 image.
Chapter 1 Assigning the Switch IP Address and Default Gateway
Status or Result
The boot loader is upgraded.
•
• The image signature is verified.
• The following message appears in the boot
sequence: "Image passed digital signature
verification."
If you upload a corrupt or unsigned
Note
image, the following message appears
during boot up: "Image verification
failed."
• The boot loader is upgraded.
The image signature is verified.
•
If you upload a corrupt or unsigned
Note
image, the following message appears
during boot up: "Image verification
failed."
• The boot loader is not updated.
• The image signature is not verified.
• The switch works normally.
OL-25303-03