Disabling fips mode – Dell POWEREDGE M1000E User Manual

Fabric OS Administrator’s Guide

529

53-1001763-02

Preparing the switch for FIPS

D

Example

switch:admin> configure
Not all options will be available on an enabled switch.
To disable the switch, use the "switchDisable" command.
Configure...
System services (yes, y, no, n): [no]
…
cfgload attributes (yes, y, no, n): [no] yes
Enforce secure config Upload/Download (yes, y, no, n): [no]
Enforce firmware signature validation (yes, y, no, n): [no] yes

8. Type the following command to block access to root:

userconfig --change root -e no

By disabling the root account, RADIUS and LDAP users with root roles are also blocked in FIPS
mode.

9. Verify your switch is FIPS ready:

fipscfg --verify fips

10. Type the command fipsCfg

--

enable fips.

11. Reboot the switch or if a director, reboot both CPs.

Disabling FIPS mode

1. Log in to the switch using an account assigned the admin or securityAdmin role.

2. Type the command fipsCfg

--

disable fips.

3. Reboot the switch.

4. Enable the root account by following the bootprom:

userconfig --change root -e yes

5. Enable access to the bootprom:

fipscfg –-enable bootprom

6. Optional: Use the configure command to set switch to use non-signed firmware.

By keeping the switch set to use signed firmware, all firmware downloaded to the switch will
have to be signed with a key. For more information, see

Chapter 9, “Installing and Maintaining

Firmware”

.

7. Disable selftests by typing the following command:

fipscfg --disable selftests

8. Disable IPFilter policies that were created to enable FIPS.

9. Optional: Configure RADIUS server authentication protocol.

10. Reboot the switch.

Enforce secure config Upload/Download

Press enter to accept default.

Enforce firmware signature validation

Yes