As part of placing the device in FIPS mode, you should copy the specific signature files into the device.
Refer to the Extreme NetIron Software Upgrade Guide for the required signature file information.
Note
The device may not reload if you do not retain the signature files or if you copy invalid signature files.For the MLX Series devices, the signature files in the following table must be loaded to the management module with specific destination file names.
Note
Where the .sig extension appears in the source file name, you can use either .sig or .sha256. Use .sig if the device is running NetIron 5.6.00a or earlier. Use .sha256 if the device is running NetIron 5.6.00aa or later.| Image name on flash | Image type |
Signature source file name |
Signature destination file name |
RSA2048/SHA256 bit signature source file name |
|---|---|---|---|---|
| primary |
Management Application |
xmrXXXXX.sig | primary.sig | xmrXXXXX.sha256 |
| secondary |
Management Application |
xmrXXXXX.sig | secondary.sig | |
| Monitor |
Management Monitor |
xmbXXXXX.sig | monitor.sig | xmbXXXXX.sha256 |
| lp-monitor |
Interface Module Monitor |
xmlbXXXXX.sig | lp-mon.sig | xmlbXXXXX.sha256 |
| p-primary-0 |
Interface Module Application |
xmlpXXXXX.sig | lp-pri.sig | xmlpXXXXX..sha256 |
| lp-secondary-0 |
Interface Module Application |
xmlpXXXXX.sig | lp-sec.sig |
| Image name on flash | Image type |
Signature source file name |
Signature destination file name |
RSA2048/SHA256 bit signature source file name |
|---|---|---|---|---|
| primary |
Management Application |
ceXXXXX.sig | primary.sig | ceXXXXX.sha256 |
| secondary |
Management Application |
ceXXXXX.sig | secondary.sig | ceXXXXX.sha256 |
| Monitor |
Management Monitor |
cebXXXXX.sig | monitor.sig | cebXXXXX.sha256 |
Note
The signature files are specific to the version of the images currently in the flash code of the device.Note
The fips policy allow tftp-access command must be enabled if FIPS is enabled using the TFTP commands.