Carrier Access 1750 user manual Cli maintain redundancy cpu rebootstandby releasecpu, Cammi

Security Management (FIPS Mode)

Enabling FIPS Mode

4.Reboot the Broadmore for the change to take effect by entering the following commands at the Broadmore prompt:

cli ↵ maintain ↵ redundancy ↵ cpu ↵ rebootstandby ↵ releasecpu ↵

NOTE: The above command sequence reboots the standby CPU (if any) and then the online CPU. In a redundant system, both CPUs must be rebooted into the FIPS mode. Rebooting the online CPU will terminate the current management session. After reboot, the previous standby CPU will normally become the online CPU. It may take several minutes for the ARP tables in the network to refresh before you can log into the online CPU.

5.Verify that the Broadmore is in FIPS mode by logging in with an SSH terminal emulator such as SecureCRT (see “Logging In” on page 11-9). If you must use Telnet, the Broadmore is not in FIPS mode.

6.Start up the CAMMI interface by entering the following command at the Broadmore prompt:

cammi ↵

7.After logging in, also verify that the Broadmore is in FIPS mode by observing that the CAMMI Help / About Security screen shows that FIPS mode is active (see “Help About Security” on page 11-17).

8.Select Administration / User ID Rules and set the username and password minimum length values (see “User ID Rules” on page 11-26).

NOTE: The Broadmore will only enforce the minimum length values when creating new user accounts. Old accounts are not affected. The Superuser (Crypto Officer) must ensure that all user accounts meet FIPS 140-2 requirements.