Carrier Access Broadmore 1750 User Manual

Broadmore 1750 - Release 4.6

11-19

Security Management (FIPS Mode)

Enabling FIPS Mode

4. Reboot the Broadmore for the change to take effect by entering the following

commands at the Broadmore prompt:
cli

↵

maintain

↵

redundancy

↵

cpu

↵

rebootstandby

↵

releasecpu

↵

NOTE:

The above command sequence reboots the standby CPU (if any)

and then the online CPU. In a redundant system, both CPUs must be
rebooted into the FIPS mode. Rebooting the online CPU will terminate the
current management session. After reboot, the previous standby CPU will
normally become the online CPU. It may take several minutes for the ARP
tables in the network to refresh before you can log into the online CPU.

5. Verify that the Broadmore is in FIPS mode by logging in with an SSH terminal

emulator such as SecureCRT (see “Logging In” on page

11-9

). If you must use

Telnet, the Broadmore is not in FIPS mode.

6. Start up the CAMMI interface by entering the following command at the

Broadmore prompt:
cammi

↵

7. After logging in, also verify that the Broadmore is in FIPS mode by observing

that the CAMMI Help / About Security screen shows that FIPS mode is active
(see “Help About Security” on page

11-17

).

8. Select Administration / User ID Rules and set the username and password

minimum length values (see “User ID Rules” on page

11-26

).

NOTE:

The Broadmore will only enforce the minimum length values

when creating new user accounts. Old accounts are not affected. The
Superuser (Crypto Officer) must ensure that all user accounts meet FIPS
140-2 requirements.