HP StorageWorks 4/8 HP StorageWorks Fabric OS 6.1.x administrator guide (5697- - Page 142

Example switch:admin> configure Not all options will be available on an enabled switch. To disable the switch, use the "switchDisable" command. Configure... System services (yes, y, no, n): [no] ... cfgload attributes (yes, y, no, n): [no] yes Enforce secure config Upload/Download (yes, y, no, n): [no] Enforce firmware signature validation (yes, y, no, n): [no] yes 8. Type the following command to block access to root: userconfig --change root -e no By disabling the root account, RADIUS and LDAP users with root roles are also blocked in FIPS mode. 9. Verify your switch is FIPS ready: fipscfg --verify fips 10. Type the command fipsCfg --enable fips. 11. Reboot the switch. Disabling FIPS mode 1. Log in to the switch using an account assigned the admin or securityAdmin role. 2. Type the command fipsCfg --disable fips. 3. Reboot the switch. 4. Enable the root account by following the bootprom: userconfig --change root -e yes 5. Enable access to the bootprom: fipscfg --enable bootprom 6. Optional: Use the configure command to set switch to use non-signed firmware. By keeping the switch set to use signed firmware, all firmware downloaded to the switch will have to be signed with a key. For more information, see Installing and maintaining firmware, page 165. 7. Disable selftests by typing the following command: fipscfg --disable selftests 8. Disable IPFilter policies that were created to enable FIPS. 9. Optional: Configure RADIUS server authentication protocol. 10. Reboot the switch. Zeroizing for FIPS 1. Log in to the switch using an account assigned the admin or securityAdmin role. 2. Type the command fipsCfg --zeroize. 3. Reboot the switch. Displaying FIPS configuration 1. Log in to the switch using an account assigned the admin or securityAdmin role. 2. Type the command fipsCfg --showall. 142 Configuring advanced security features