Chapter 38 Configuring Fip; Configuration Guidelines; Enabling Fips Mode - HP Cisco MDS 9216 - Fabric Switch Configuration Manual

Configuration Guidelines

S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Configuration Guidelines
Follow these guidelines before enabling FIPS mode.
•
•
•
•
•
•
•

Enabling FIPS Mode

To enable FIPS mode using Fabric Manager, follow these steps:
Step 1 Expand Switches from the Physical Attributes pane. Expand Security and then select FIPS.
You see the FIPS activation details in the Information pane as shown in
Figure 38-1
Check the ModeActivation check box next to the switch for which you want to enable FIPS mode.
Step 2
Click Apply Changes to commit and distribute these changes.
Step 3
Click Undo Changes to discard any unsaved changes.
Step 4
To enable FIPS mode using Device Manager, follow these steps:
Choose Physical > System or right-click and select Configure.
Step 1
You see the System dialog box as shown in
Cisco MDS 9000 Family CLI Configuration Guide
38-2
Make your passwords a minimum of eight characters in length.
Disable Telnet. Users should log in using SSH only.
Disable remote authentication through RADIUS/TACACS+. Only users local to the switch can be
authenticated.
Disable SNMP v1 and v2. Any existing user accounts on the switch that have been configured for
SNMPv3 should be configured only with SHA for authentication and AES/3DES for privacy.
Disable VRRP.
Delete all IKE policies that either have MD5 for authentication or DES for encryption. Modify the
policies so they use SHA for authentication and 3DES/AES for encryption.
Delete all SSH Server RSA1 key-pairs.
FIPS Activation in Fabric Manager
Figure 38-2.
OL-16184-01, Cisco MDS SAN-OS Release 3.x
Chapter 38 Configuring FIPS
Figure 38-1.