Brocade Fabric OS Command Reference (Supporting Fabric OS v7.3.0) User Manual

Page 420

Advertising
background image

390

Fabric OS Command Reference

53-1003131-01

fipsCfg

2

--zeroize [-nowarn]

Erases all passwords, shared secrets, private keys, etc. in the system.

--show | --showall

Displays the current FIPS configuration.

--force fips

This option enables FIPS mode even if prerequisites are not met, except under
the following two conditions:

In a dual-CP system if HA is not in sync between the two CPs.

If selftests is in a disabled state.

--verify fips

Scans the prerequisites for enabling FIPS and print the failure/success cases.

--disable | --enable bootprom [-nowarn]

Disables or enables the Boot Programmable Read-Only Memory (Boot PROM) on
the switch. Boot PROM access is blocked in FIPS mode. Disabling Boot PROM
requires root permission. Enabling Boot PROM does not require root permission.

--disable | --enable dh [-nowarn]

Removes or configures all the Diffie hellman specific SSH configurations on both
the SSH server and client configuration, and restarts the SSH server. This
command is supported only in FIPS mode

--disable | --enable sha256 [-nowarn]

Configures the hash as SHA1 (for disable command) or SHA256 for signature
generation and verification in both the SSH server and client configuration, and
restarts the SSH server. This command is supported only in FIPS mode

EXAMPLES

To display the current FIPS configuration:

switch:admin> fipscfg --show

FIPS mode is : Disabled

FIPS Selftests mode/status is : Disabled/None

To enable selftests:

switch admin> fipscfg --enable selftests

You are enabling selftests.

Do you want to continue? (yes, y, no, n) [no] : yes

FIPS Selftests mode/status has been set to : Enabled/None

To verify FIPS prerequisites:

switch:admin> fipscfg --verify fips

Standby firmware supports FIPS - PASS

SELF tests check has passed - PASS

Root account is enabled - FAIL

Radius check has passed - PASS

Authentication check has passed - PASS

Inflight Encryption check has passed - PASS

IPSec check has passed - PASS

Telnet port number <23> for the policy <default_ipv4> is in permit state.

HTTP port number <80> for the policy <default_ipv4> is in permit state.

RPC port number <897> for the policy <default_ipv4> is in permit state.

IPv4 policies not FIPS compliant - FAIL NEWLY Added message

Telnet port number <23> for the policy <default_ipv6> is in permit state.

HTTP port number <80> for the policy <default_ipv6> is in permit state.

RPC port number <897> for the policy <default_ipv6> is in permit state.

IPv6 policies not FIPS compliant - FAIL

SNMP is not in read only mode - FAIL

Advertising
Popular Brands
Popular manuals