Fabric OS Administrator’s Guide 529
53-1001763-02
Preparing the switch for FIPS D
Example
switch:admin> configure
Not all options will be available on an enabled switch.
To disable the switch, use the "switchDisable" command.
Configure...
System services (yes, y, no, n): [no]
cfgload attributes (yes, y, no, n): [no] yes
Enforce secure config Upload/Download (yes, y, no, n): [no]
Enforce firmware signature validation (yes, y, no, n): [no] yes
8. Type the following command to block access to root:
userconfig --change root -e no
By disabling the root account, RADIUS and LDAP users with root roles are also blocked in FIPS
mode.
9. Verify your switch is FIPS ready:
fipscfg --verify fips
10. Type the command fipsCfg --enable fips.
11. Reboot the switch or if a director, reboot both CPs.

Disabling FIPS mode

1. Log in to the switch using an account assigned the admin or securityAdmin role.
2. Type the command fipsCfg --disable fips.
3. Reboot the switch.
4. Enable the root account by following the bootprom:
userconfig --change root -e yes
5. Enable access to the bootprom:
fipscfg –-enable bootprom
6. Optional: Use the configure command to set switch to use non-signed firmware.
By keeping the switch set to use signed firmware, all firmware downloaded to the switch will
have to be signed with a key. For more information, see Chapter 9, “Installing and Maintaining
Firmware”.
7. Disable selftests by typing the following command:
fipscfg --disable selftests
8. Disable IPFilter policies that were created to enable FIPS.
9. Optional: Configure RADIUS server authentication protocol.
10. Reboot the switch.
Enforce secure config Upload/Download Press enter to accept default.
Enforce firmware signature validation Yes