Fips Self-Tests; Power-Up Self-Tests - HPE FlexFabric 7900 Series Security Configuration Manual
Hide thumbs
Also See for FlexFabric 7900 Series:
- Layer 3 ip routing command reference (414 pages) ,
- Security configuration manual (323 pages) ,
- Security command reference (320 pages)
Table of Contents
Advertisement
The system reboots the device by using the default non-FIPS configuration file. After the reboot, you
are directly logged into the device.
Manual reboot
This method requires that you manually complete the configurations for entering non-FIPS mode,
and then reboot the device. To log in to the device after the reboot, you must enter user information
according to the authentication mode. The following default authentication modes are available for
different ports or lines (you can modify the default mode as needed):
•
The default authentication mode is password for VTY lines.
•
The default authentication mode is none for a console port.
After you disable FIPS mode, follow these restrictions and guidelines before you manually reboot the
device:
•
If you are logged in to the device through Telnet, perform the following tasks without exiting the
current user line:
Set the authentication mode to scheme.
Configure the username and password. (You can also use the username and password that
are being used.)
•
If you are logged into the device through a console port, configure one of the following
authentication modes as needed:
Configure the password authentication mode and a password.
Configure the scheme authentication mode, and configure a new username and password
(you can also use the username and password that are being used).
Configure the none authentication mode.
To disable FIPS mode:
Step
1.
Enter system view.
2.
Disable FIPS mode.
FIPS self-tests
To ensure the correct operation of cryptography modules, FIPS provides self-test mechanisms,
including power-up self-test and conditional self-test. You can also trigger a self-test. If the power-up
self-test fails, the card where the self-test process exists reboots. If the conditional self-test fails, the
system outputs self-test failure information.
NOTE:
If a self-test fails, contact Hewlett Packard Enterprise recommends Support.
Power-up self-tests
The power-up self-test, also called "known-answer test", examines the availability of FIPS-allowed
cryptographic algorithms. A cryptographic algorithm is run on data for which the correct output is
already known. The calculated output is compared with the known answer. If they are not identical,
the known-answer test fails.
The power-up self-test examines the cryptographic algorithms listed in
Command
system-view
undo fips mode enable
209
Remarks
N/A
By default, the FIPS mode is
disabled.
Table
8:
Advertisement
Table of Contents
Troubleshooting
