Carrier Access 1750 user manual Disabling Fips Mode, Fipsmode off

Security Management (FIPS Mode)

Disabling FIPS Mode

Disabling FIPS Mode

Only a Superuser (Crypto Officer) can change the security modes. The security mode can only be changed after successfully logging into the Broadmore, then performing the following steps.

CAUTION! DISABLING FIPSMODE WILL DELETE EXISTING USER ACCESS ACCOUNTS AND CRYPTOGRAPHIC KEYS AND REVERT THE BROADMORE TO THE FACTORY DEFAULT SUPERUSER ID AND PASSWORD, WHICH CAN DENY MANAGEMENT ACCESS AND COMPROMISE SECURITY. NO ONE CAN LOG IN REMOTELY TILL THE BROADMORE IS REBOOTED.

1.Log into the online CPU (Broadmore primary IP address) with a secure SSH terminal emulator such as SecureCRT (see “Logging In” on page 11-9).

2.Disable FIPS mode by entering the following shell command at the Broadmore prompt:

fipsmode off ↵

3.Reboot the Broadmore for the change to take effect by entering the following commands at the Broadmore prompt:

cli ↵ maintain ↵ redundancy ↵ cpu ↵ rebootstandby ↵ releasecpu ↵

NOTE: The above command sequence reboots the standby CPU (if any) and then the online CPU. In a redundant system, both CPUs must be rebooted into the non-FIPS mode. Rebooting the online CPU will terminate the current management session. After reboot, the previous standby CPU will normally become the online CPU. It may take several minutes for the ARP tables in the network to refresh before you can log into the online CPU.