HP 6125XLG R2306-HP 6125XLG Blade Switch Fundamentals Configuration Guide - Page 91
FIPS compliance, Enabling configuration encryption, Saving the running configuration
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 91 highlights
irf mac-address persistent timer irf auto-update enable irf link-delay 0 irf member 2 priority 1 FIPS compliance The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide. Enabling configuration encryption Configuration encryption enables the device to automatically encrypt a startup configuration file when it saves the running configuration. This function provides the following methods: • Private key method-Only the encrypting device can decrypt the encrypted configuration file. • Public key method-Any device running the same software version as the encrypting device can decrypt the encrypted configuration file. IMPORTANT: Do not move or copy a private-key-encrypted configuration file between IRF member devices. These actions can cause a decryption failure because the member devices use different private keys. To enable configuration encryption: Step 1. Enter system view. 2. Enable configuration encryption. Command system-view configuration encrypt { private-key | public-key } Remarks N/A By default, configuration encryption is disabled. Configuration is saved unencrypted. Saving the running configuration When saving the running configuration to a configuration file, you can specify the file as a next-startup configuration file. If you are specifying the file as a next-startup configuration file, use one of the following methods to save the configuration: • Fast mode-Use the save command without the safely keyword. In this mode, the device directly overwrites the target next-startup configuration file. If a reboot or power failure occurs during this process, the next-startup configuration file is lost. You must specify a new startup configuration file after the device reboots (see "Specifying a next-startup configuration file"). • Safe mode-Use the save command with the safely keyword. Safe mode is slower than fast mode, but more secure. In safe mode, the system saves configuration in a temporary file and starts 84