HP 6125XLG R2306-HP 6125XLG Blade Switch Security Configuration Guide - Page 201
Configuring FIPS mode, Automatic reboot, Manual reboot
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 201 highlights
reboot the device. The new configuration takes effect after the reboot. During this process, do not exit the system or perform other operations. • To make sure the rollback between FIPS mode (entered by using the manual reboot method) and non-FIPS mode succeeds, save the configuration when the device enters FIPS mode before performing other operations. • Do not use FIPS and non-FIPS devices to create an IRF fabric. • To enable FIPS mode for an IRF fabric, you must reboot the whole IRF fabric. Configuring FIPS mode Entering FIPS mode After you enable FIPS mode and reboot the switch, the switch operates in FIPS mode, which has strict security requirements, and performs self-tests on cryptography modules to verify that they operate properly. A FIPS device can meet the requirements defined in Network Device Protection Profile (NDPP) of Common Criteria (CC). The system provides two methods to enter FIPS mode: automatic reboot and manual reboot. Automatic reboot To use automatic reboot to enter FIPS mode, follow these steps: 1. Enable FIPS mode. 2. Select the automatic reboot method. The system automatically creates a default FIPS configuration file named fips-startup.cfg, specifies this file as the startup configuration file, and prompts you to configure the username and password for next login. You can press Ctrl+C to exit the configuration process. Then, the fips mode enable command will not be executed. 3. Configure a username and password used to log in to the device in FIPS mode. The password must include at least 15 characters and must contain uppercase and lowercase letters, digits, and special characters. Then, the system automatically uses the startup configuration file to reboot the device and enters FIPS mode. You can only use the configured username and password to log in to the FIPS device. After login, you are assigned a user role of crypto officer. Manual reboot To use manual reboot to enter FIPS mode, follow these steps: 1. Enable the password control function globally. 2. Set the number of character types a password must contain to 4 and set the minimum number of characters for each type to one character. 3. Set the minimum length of user passwords to 15 characters. 4. Add a local user account for device management, including a user name, a password that must comply with the password control policies, a user role of network-admin, and a service type of terminal. 192