Configuration procedure

To configure FIPS, complete the following tasks:

  • Remove the existing key pairs and certificates.

  • Remove the FIPS-incompliant local user service types Telnet, HTTP, and FTP.

  • Enable the FIPS mode.

  • Enable the password control function.

  • Configure local user attributes (including local username, service type, password, and so on) on the switch.

  • Save the configuration.

  • After you finish the above configurations, reboot the switch. The switch works in FIPS mode that complies with the FIPS 140-2 standard after it starts up. For Common Criteria (CC) evaluation in FIPS mode, the switch also works in a operating mode that complies with the CC standard.

    The switch does not support an upgrade from a FIPS-incompatible version to a FIPS-compatible version.