Disabling fips mode, Disabling fips mode -20, Caution – Carrier Access Broadmore 1750 User Manual

11-20

Broadmore 1750 - Release 4.6

Security Management (FIPS Mode)

Disabling FIPS Mode

Disabling FIPS Mode

Only a Superuser (Crypto Officer) can change the security modes. The security
mode can only be changed after successfully logging into the Broadmore, then
performing the following steps.

CAUTION!

D

ISABLING

FIPSMODE

WILL

DELETE

EXISTING

USER

ACCESS

ACCOUNTS

AND

CRYPTOGRAPHIC

KEYS

AND

REVERT

THE

B

ROADMORE

TO

THE

FACTORY

DEFAULT

S

UPER

U

SER

ID

AND

PASSWORD

,

WHICH

CAN

DENY

MANAGEMENT

ACCESS

AND

COMPROMISE

SECURITY

. N

O

ONE

CAN

LOG

IN

REMOTELY

TILL

THE

B

ROADMORE

IS

REBOOTED

.

1. Log into the online CPU (Broadmore primary IP address) with a secure SSH

terminal emulator such as SecureCRT (see “Logging In” on page

11-9

).

2. Disable FIPS mode by entering the following shell command at the Broadmore

prompt:
fipsmode off

↵

3. Reboot the Broadmore for the change to take effect by entering the following

commands at the Broadmore prompt:
cli

↵

maintain

↵

redundancy

↵

cpu

↵

rebootstandby

↵

releasecpu

↵

NOTE:

The above command sequence reboots the standby CPU (if any)

and then the online CPU. In a redundant system, both CPUs must be
rebooted into the non-FIPS mode. Rebooting the online CPU will terminate
the current management session. After reboot, the previous standby CPU
will normally become the online CPU. It may take several minutes for the
ARP tables in the network to refresh before you can log into the online CPU.