Extreme NetIron FIPS Configuration Guide
> About This Document
Published July 2021
Search this document
Print this page
Email this page
View PDF
Previous
Next
Preface
Text Conventions
Documentation and Training
Getting Help
Providing Feedback
About This Document
Supported hardware and software
FIPS-supported devices
FIPS-supported interface modules
What's new in this document
FIPS Support
FIPS overview
How FIPS works
Cryptographic Authentication of OSPFv2 and OSPFv3
Configuring keychain support
Configuring keychain for OSPFv2 virtual link
Configuring Keychain for OSPFv3 virtual link
Upgrading and Downgrading Software on FIPS-enabled Devices
Upgrading FIPS-enabled devices
Image verification in FIPS mode
FIPS NetIron 06.3.00aa images for Extreme MLXe devices
Performing a basic upgrade
MACsec and software release upgrade
Downgrading from FIPS mode to non-FIPS mode
FIPS Configuration
User roles in FIPS mode
Commands disabled in FIPS mode
Hidden files in FIPS mode
Cryptographic algorithms in FIPS mode
Cryptographic algorithms on the management module
Cryptographic algorithms on the Extreme NetIron CER devices
Cryptographic algorithms on the BR-MLX-10GX4-IPSEC-M module
Cryptographic algorithms on the BR-MLX-10GX20-X2 and BR-MLX-1GX20-U10G-X2 modules
SSH clients
Usernames and SSH public key authentication
Implementation
Restrictions
Protocol changes in FIPS mode
BGP
HTTP
HTTPS
TLS implementation in NetIron devices
IKEv2/IPsec
IS-IS
L2 over IPsec
MACsec
MPLS
NTP
OpenFlow
OSPFv2
OSPFv3
PKI
Proprietary 2-way encryption algorithms
RADIUS
SCP
SNMP
SSHv2
Syslog
TACACS+
Telnet
TFTP
VRRP
VRRP-E
Web Management
DRBG Health Test on IPsec MP
System reset and boot up in FIPS mode
Debugging in FIPS mode
Placing the device in FIPS mode
General steps to place the Extreme NetIron device in FIPS mode
Copying the signature files
Copying signature files for ExtremeCER 2000-4X devices
Copying the signature files for Extreme NetIron MLXe devices
Enabling FIPS mode
Zeroizing shared secrets and host keys
Configuring user authentication
Saving the configuration
Reloading the device
Performing a FIPS self-test
Modifying the FIPS policy
Disabling FIPS mode
Running FIPS self-test
Access to monitor mode
Accessing monitor mode from FIPS mode
Accessing monitor mode in the event of continuous failure
Debugging in monitor mode
Returning to FIPS mode from monitor mode
Appendix: SP800-90A DRBG Implementation
DRBG support information
About This Document
