Configuration Changes In Fips Mode - HP 6125XLG Configuration Manual

5. Delete the FIPS-incompatible local user service types Telnet and FTP.
6. Enable FIPS mode.
7. Select the manual reboot method.
8. Save the configuration file and specify it as the startup configuration file.
9. Delete the startup configuration file in binary format (an .mdb file).
10. Reboot the device.
The system enters in FIPS mode. You can use the configured username and password to log in to
the device in FIPS mode.
To enable FIPS mode, complete the following tasks:
If you choose the manual reboot method, accomplish the required configurations, including
•
configuring password control and a local user. For more information, see
If you choose the automatic reboot method and saving the current configuration is required, execute
•
the save command before you enable FIPS mode.
To enable FIPS mode:
Step
1. Enter system view.
2. Enable FIPS mode.

Configuration changes in FIPS mode

When the system enters in FIPS mode, the following changes occur:
The user login authentication mode can only be scheme.
•
• The FTP/TFTP server and client are disabled.
The Telnet server and client are disabled.
•
SNMPv1 and SNMPv2c are disabled. Only SNMPv3 is available.
•
• The SSH server does not support SSHv1 clients.
The generated RSA and DSA key pairs must have a modulus length of 2048 bits.
•
SSH, SNMPv3, and IPsec do not support DES, 3DES, RC4, and MD5.
•
The keys must contain at least 15 characters and 4 compositions of uppercase and lowercase letters,
•
digits, and special characters. This requirement applies to the following passwords (the last two
passwords are for password control):
AAA server's shared key
IKE per-shared key
SNMPv3 authentication key
Password for a device management local user
Password for switching user roles
Command
system-view
fips mode enable
193
"Manual reboot."
Remarks
N/A
By default, the FIPS mode is
disabled.