Fipscfg – Dell POWEREDGE M1000E User Manual

Page 359

Advertising
background image

Fabric OS Command Reference

327

53-1001764-02

fipsCfg

2

fipsCfg

Configures FIPS (Federal Information Processing Standards) mode.

Synopsis

fipscfg --enable [fips | selftests | bootprom]

fipscfg --disable [fips | selftests | bootprom]

fipscfg --zeroize

fipscfg --show | --showall

fipscfg --force fips

fipscfg --verify fips

Description

Use this command to configure FIPS mode on the switch. In this mode, only FIPS-compliant
algorithms are allowed. As part of FIPS 140-2 level-2 compliance, passwords, shared secrets and
the private keys used in SSL/TLS, system login, etc., need to be zeroized. Power-up self tests are
executed when the switch is powered on to check for the consistency of the algorithms
implemented on the switch.

This command prompts for confirmation before FIPS configuration changes take effect. Specifying
no cancels the operation.

Notes

Certain services and functions, such as FTP, HTTP, remote procedure calls (RPC), root account,
boot prom access, etc., must be blocked before the system can enter FIPS mode.

LDAP should not be configured while FIPS is enabled.

The system must be rebooted for FIPS mode changes to take effect.

Refer to the Fabric OS Administrator's Guide for information on configuring your system for FIPS
140-2 level-2 compliance.

FIPS mode cannot be modified through configDownload.

FIPS is not supported on all platforms. For FIPS-compliant hardware, refer to the Fabric OS
Administrator's Guide.

In a Virtual Fabric environment, FIPS is treated as chassis-wide configuration and applies to all
logical switches in the chassis. Chassis permissions are required to configure FIPS.

The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may
be in place. Refer to chapter 1, "Using Fabric OS commands" and Appendix A, "Command
Availability" for details.

Operands

This command has the following operands:

--

disable [fips | selftests]

Disables FIPS or selftests mode. Selftests cannot be disabled when FIPS
mode is enabled.

--

enable [fips | selftests]

Enables FIPS or selftests mode. Selftests must be enabled before FIPS mode
is enabled.

--

zeroize

Erases all passwords, shared secrets, private keys, etc. in the system.

Advertising
Popular Brands
Popular manuals