beautypg.com

Exiting fips mode – H3C Technologies H3C S12500-X Series Switches User Manual

Page 256

background image

244

{

Password for switching user roles.

328B

Exiting FIPS mode

After you disable FIPS mode and reboot the device, the device operates in non-FIPS mode. The non-FIPS

device does not have the security requirements of FIPS mode, and does not perform self-tests on
cryptography modules.
The system provides two methods to exit FIPS mode: automatic reboot and manual reboot.

549B

Automatic reboot

Select the automatic reboot method. The system automatically creates a default non-FIPS configuration

file named non-fips-startup.cfg, and specifies the file as the startup configuration file. The system reboots
the device by using the default non-FIPS configuration file. After the reboot, you are directly logged into

the device.

550B

Manual reboot

This method requires that you manually complete the configurations for entering non-FIPS mode, and

then reboot the device. To log in to the device after the reboot, you must enter user information according
to the authentication mode. The following default authentication modes are available for different ports

or lines (you can modify the default mode as needed):

The default authentication mode is password for VTY lines.

The default authentication mode is none for a console port.

After you disable FIPS mode, follow these restrictions and guidelines before you manually reboot the

device:

If you are logged in to the device through Telnet, perform the following tasks without exiting the
current user line:

{

Set the authentication mode to scheme.

{

Configure the username and password. (You can also use the current username and password.)

If you are logged into the device through a console port, configure one of the following
authentication modes as needed:

{

Configure the password authentication mode and a password.

{

Configure the scheme authentication mode, and configure a new username and password (you
can also use the current username and password).

{

Configure the none authentication mode.

To disable FIPS mode:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Disable FIPS mode.

undo fips mode enable

By default, the FIPS mode is
disabled.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: