Disabling Fips Mode - Brocade Communications Systems 1606 Administrator's Manual

8. Type the following command to block access to root:
9. Verify your switch is FIPS ready:
10. Type the command fipsCfg
11. Reboot the switch or if a director, reboot both CPs.

Disabling FIPS mode

1. Log in to the switch using an account assigned the admin or securityAdmin role.
2. Type the command fipsCfg
3. Reboot the switch.
4. Enable the root account by following the bootprom:
5. Enable access to the bootprom:
6. Optional: Use the configure command to set switch to use non-signed firmware.
7.
8. Disable IPFilter policies that were created to enable FIPS.
9. Optional: Configure RADIUS server authentication protocol.
10. Reboot the switch.
Fabric OS Administrator's Guide
53-1001763-01
Enforce secure config Upload/Download
Enforce firmware signature validation
Example
switch:admin> configure
Not all options will be available on an enabled switch.
To disable the switch, use the "switchDisable" command.
Configure...
System services (yes, y, no, n): [no]
...
cfgload attributes (yes, y, no, n): [no] yes
Enforce secure config Upload/Download (yes, y, no, n): [no]
Enforce firmware signature validation (yes, y, no, n): [no] yes
userconfig --change root -e no
By disabling the root account, RADIUS and LDAP users with root roles are also blocked in FIPS
mode.
fipscfg --verify fips
userconfig --change root -e yes
fipscfg –-enable bootprom
By keeping the switch set to use signed firmware, all firmware downloaded to the switch will
have to be signed with a key. For more information, see
Firmware".
Disable selftests by typing the following command:
fipscfg --disable selftests
Press enter to accept default.
Yes
enable fips.
--
disable fips.
--
Preparing the switch for FIPS
Chapter 9, "Installing and Maintaining
D
529