Monitoring FIPS Mode Status
The status of the current FIPS mode (Enabled/Disabled) can be viewed directly using either the
the show system command as shown below.
FTOS#show fips status
FIPS Mode
: Enabled
for the system using the show system command.
FTOS#show system
Stack MAC : 00:01:e8:8a:ff:0c
Reload Type : normal-reload [Next boot : normal-reload]
--
Unit 0 --
Unit Type
: Management Unit
Status
: online
Next Boot
: online
Required Type
: S4810 - 52-port GE/TE/FG (SE)
Current Type
: S4810 - 52-port GE/TE/FG (SE)
Master priority : 0
Hardware Rev
: 3.0
Num Ports
: 64
Up Time
: 7 hr, 3 min
FTOS Version
: 4810-8-3-7-1061
Jumbo Capable
: yes
POE Capable
: no
FIPS Mode
: enabled
Burned In MAC
: 00:01:e8:8a:ff:0c
No Of MACs
: 3
...
Disabling the FIPS Mode
Use the console port to disable FIPS mode.
To disable the FIPS mode:
Task
To disable FIPS mode from a console port.
The following Warning message displays:
WARNING: Disabling FIPS mode will close all SSH/Telnet connections, restart those servers, and destroy
all configured host keys.
Proceed (y/n) ?
When the FIPS mode is disabled, the following changes occur:
•
The SSH server is disabled.
•
All open SSH and Telnet sessions, as well as all SCP and FTP file transfers, are closed.
•
Any existing host keys (both RSA and RSA1) are deleted from system memory and NVRAM storage.
•
The FIPS mode is disabled.
•
The SSH server is re-enabled.
•
The telnet server is re-enabled if it is present in the configuration
•
New 1024-bit RSA and RSA1 host key-pairs are created.
Command Syntax
no fips mode enable
show fips status
command or
Command Mode
CONFIG
Enabling FIPS Cryptography | 339