Establishing a connection to an stelnet server, Configuring fips mode, Entering fips mode – H3C Technologies H3C S12500-X Series Switches User Manual

242

{

save.

{

Other commands used for configuration preparation to enter FIPS mode.

•

If a device enters FIPS or non-FIPS mode through automatic reboot, the startup configuration file
does not support configuration rollback. To support configuration rollback, you must execute the

save command before making other configurations.

•

Do not use FIPS and non-FIPS devices to create an IRF fabric.

•

To enable FIPS mode for an IRF fabric, you must reboot the entire IRF fabric.

•

The default MDC supports FIPS commands. Other MDCs do not support FIPS commands.

151B

Configuring FIPS mode

326B

Entering FIPS mode

After you enable FIPS mode and reboot the device, the device operates in FIPS mode. The FIPS device
has strict security requirements, and performs self-tests on cryptography modules to verify that they are

operating correctly.
A FIPS device meets the requirements defined in Network Device Protection Profile (NDPP) of Common

Criteria (CC).
The system provides two methods to enter FIPS mode: automatic reboot and manual reboot.

547B

Automatic reboot

To use automatic reboot to enter FIPS mode:

1.

Enable FIPS mode.

2.

Select the automatic reboot method.
The system automatically performs the following tasks:

a.

Create a default FIPS configuration file named fips-startup.cfg.

b.

Specify the default file as the startup configuration file.

c.

Prompt you to configure the username and password for next login.

You can press Ctrl+C to exit the configuring process. The fips mode enable command will not be

executed.

3.

Configure a username and password to log in to the device in FIPS mode.
The password must include at least 15 characters that contain uppercase and lowercase letters,

digits, and special characters.
The system automatically uses the startup configuration file to reboot the device and enter FIPS
mode. You can only use the configured username and password to log in to the FIPS device. After

login, you are assigned a user role of crypto officer.

548B

Manual reboot

To use manual reboot to enter FIPS mode:

1.

Enable the password control function globally.

2.

Set the number of character types a password must contain to 4, and set the minimum number of
characters for each type to one character.

3.

Set the minimum length of user passwords to 15 characters.