configure security fips-mode

configure security fips-mode [on | off]

Description

This command enables you to toggle between the default OpenSSL library (FIPS compatible) and FIPS capable library.

Syntax Description

on Enables FIPS mode.
off Disable FIPS mode.

Default

Off.

Usage Guidelines

After enabling/disabling FIPS, EPM will be notified to change the bit dedicated to FIPS Mode. As per requirement, currently SSH and SNMP will use this bit to toggle between normal and FIPS mode.

Example

# sh security fips-mode
FIPS Mode (current)    : Off
FIPS Mode (configured) : Off

# configure security fips-mode on
FIPS mode will be enabled only after rebooting the switch.
SNMPv3 users configured with either md5 authentication or DES encryption will be discarded after reboot.
SSH existing configuration of ciphers/MACs will be lost after reboot.
Python scripting configuration is ignored when FIPS mode is 'on'.

# show security fips-mode
FIPS Mode (current)    : On
FIPS Mode (configured) : On

History

This command was first available in ExtremeXOS 21.1.

Current and configured information added in ExtremeXOS 32.2.

Platform Availability

This command is available on ExtremeSwitching 5320, 5420, 5520, and 5720 series switches.