Exiting Fips Mode - HP MSR Series Configuration Manual
Hpe flexnetwork msr router series
Hide thumbs
Also See for MSR Series:
- Configuration manual (889 pages) ,
- Command reference manual (684 pages) ,
- Wan access configuration manual (293 pages)
Table of Contents
Advertisement
When the device acts as a server to authenticate a client through the public key, the key pair for
the client must also have a modulus length of 2048 bits.
•
SSH, SNMPv3, IPsec, and SSL do not support DES, 3DES, RC4, or MD5.
•
The password control feature cannot be disabled globally. The undo password control
enable command does not take effect.
•
The keys must contain at least 15 characters and 4 character types of uppercase and
lowercase letters, digits, and special characters. This requirement applies to the following
passwords:
AAA server's shared key.
IKE pre-shared key.
SNMPv3 authentication key.
The password for a device management local user and password for switching user roles
depend on password control policies. By default, the passwords must contain at least 15
characters and 4 character types of uppercase and lowercase letters, digits, and special
characters.
Exiting FIPS mode
After you disable FIPS mode and reboot the device, the device operates in non-FIPS mode.
The system provides two methods to exit FIPS mode: automatic reboot and manual reboot.
Automatic reboot
Select the automatic reboot method. The system automatically creates a default non-FIPS
configuration file named non-fips-startup.cfg, and specifies the file as the startup configuration file.
The system reboots the device by using the default non-FIPS configuration file. After the reboot, you
are directly logged into the device.
Manual reboot
This method requires that you manually complete the configurations for entering non-FIPS mode,
and then reboot the device. To log in to the device after the reboot, you must enter user information
according to the authentication mode. The following default authentication modes are available for
different ports or lines (you can modify the default mode as needed):
•
The default authentication mode is password for VTY lines.
•
If the device has both a console port and an AUX port, the default authentication mode is none
for the console port, and is password for the AUX port.
•
If the device supports either a console port or an AUX port, the default authentication mode is
none for the console or AUX port.
After you disable FIPS mode, follow these restrictions and guidelines before you manually reboot the
device:
•
If you are logged into the device through Telnet, perform the following tasks without exiting the
current user line:
Set the authentication mode to scheme.
Configure the username and password. (You can also use the current username and
password.)
•
If you are logged into the device through a console/AUX/Async port, configure one of the
following authentication modes as needed:
Configure the password authentication mode and a password.
Configure the scheme authentication mode and configure a new username and password
(you can also use the current username and password).
Configure the none authentication mode.
560
- Quick Links:
- Configuring Local Users
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
