Fipscfg - Brocade Communications Systems Brocade 8/12c Command Reference Manual

fipsCfg

Configures FIPS (Federal Information Processing Standards) mode.
SYNOPSIS
fipscfg --enable fips | selftests | bootprom]
fipscfg --disable selftests | bootprom]
fipscfg --zeroize [-nowarn]
fipscfg --show | --showall
fipscfg --force fips
fipscfg --verify fips
DESCRIPTION
Use this command to configure FIPS mode on the switch. In this mode, only FIPS-compliant algorithms
are allowed. As part of FIPS 140-2 level-2 compliance, passwords, shared secrets and the private keys
used in SSL/TLS, system login, etc., need to be zeroized. Power-up self tests are executed when the
switch is powered on to check for the consistency of the algorithms implemented on the switch.
This command prompts for confirmation before FIPS configuration changes take effect. Specifying no
cancels the operation. The -nowarnoption overrides the prompting.
NOTES
Certain services and functions, such as FTP, HTTP, remote procedure calls (RPC), root account, boot
prom access, etc., must be blocked before the system can enter FIPS mode.
LDAP should not be configured while FIPS is enabled.
The system must be rebooted for FIPS mode changes to take effect.
Refer to the Fabric OS Administrator's Guide for information on configuring your system for FIPS 140-2
level-2 compliance.
FIPS mode cannot be modified through configDownload.
FIPS is not supported on all platforms. For FIPS-compliant hardware, refer to the Fabric OS
Administrator's Guide.
In a Virtual Fabric environment, FIPS is treated as chassis-wide configuration and applies to all logical
switches in the chassis. Chassis permissions are required to configure FIPS.
The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in
place. Refer to Chapter 1, "Using Fabric OS Commands" and Appendix A, "Command Availability" for
details.
OPERANDS
This command has the following operands:
--help
--disable selftests [-nowarn]
--enable [fips | selftests] [-nowarn]
Fabric OS Command Reference
53-1001764-01
[-nowarn]
[-nowarn]
Prints command usage.
Disables selftests mode.
Enables FIPS or selftests mode. Selftests must be enabled before FIPS mode is
enabled.
22
fipsCfg
351