Note
Once FIPS mode is enabled on the system, even if the mode is disabled at a later time, the firmware integrity test will always be carried out on the device at image copy time. The RSA2048-SHA256-based signature firmware integrity test is run during image installation time and during image reload time when the device has been administratively enabled for FIPS. The test is run on MP and LP images at image reload time, when the device is in the FIPS mode. This test is in addition to the CRC-16 test that is run by the device during image reload time. Both the tests should pass for the device to reload successfully.Note
In FIPS mode, do not attempt to downgrade to a release that does not support SHA256 signatures. Generally, releases prior to Extreme NetIron 5.6.00c (excluding 5.6.00aa) do not support SHA256 signatures. In FIPS mode, downgrading to release that does not support SHA256 signatures is not supported.Note
All shared-secret passwords (including any MD5 passwords) are lost when downgrading from a FIPS environment to a non-FIPS environment.To place a device in non-FIPS mode and then use TFTP or SCP to download and initialize an older image, complete the following steps.