Exiting Fips Mode - HP MSR2000 Configuration Manual

Hide thumbs Also See for MSR2000:
Table of Contents

Advertisement

The password control function cannot be disabled globally. The undo password control enable
command does not take effect.
The keys must contain at least 15 characters and 4 compositions of uppercase and lowercase letters,
digits, and special characters. This requirement applies to the following passwords (the last two
passwords are used for password control):
AAA server's shared key.
IKE per-shared key.
SNMPv3 authentication key.
Password for a device management local user.
Password for switching user roles.

Exiting FIPS mode

After you disable FIPS mode and reboot the device, the device operates in non-FIPS mode. The non-FIPS
device does not have the security requirements of FIPS mode, and does not perform self-tests on
cryptography modules.
The system provides two methods to exit FIPS mode: automatic reboot and manual reboot.
Automatic reboot
Select the automatic reboot method. The system automatically creates a default non-FIPS configuration
file named non-fips-startup.cfg, and specifies the file as the startup configuration file. The system reboots
the device by using the default non-FIPS configuration file. After the reboot, you are directly logged into
the device.
Manual reboot
This method requires that you manually complete the configurations for entering non-FIPS mode, and
then reboot the device. To log in to the device after the reboot, you must enter user information according
to the authentication mode. The following default authentication modes are available for different ports
or lines (you can modify the default mode as needed):
The default authentication mode is password for VTY lines.
If the device has both a console port and an AUX port, the default authentication mode is none for
the console port, and is password for the AUX port.
If the device supports either a console port or an AUX port, the default authentication mode is none
for the console or AUX port.
After you disable FIPS mode, follow these restrictions and guidelines before you manually reboot the
device:
If you are logged into the device through Telnet, you must set the authentication mode to scheme
without exiting the current user line, and then configure the username and password. You can also
use the current username and password.
If you are logged into the device through a console/AUX/Async port, configure one of the
following authentication modes as needed:
Configure the password authentication mode and a password.
Configure the scheme authentication mode and configure a new username and password (you
can also use the current username and password).
Configure the none authentication mode.
341

Advertisement

Table of Contents
loading

This manual is also suitable for:

Msr3000Msr4000

Table of Contents