Configuration procedure
To configure FIPS, complete the following tasks:
Remove the existing key pairs and certificates.
Remove the FIPS-incompliant local user service types Telnet, HTTP, and FTP.
Enable the FIPS mode.
Enable the password control function.
Configure local user attributes (including local username, service type, password, and so on) on the switch.
Save the configuration.
After you finish the above configurations, reboot the switch. The switch works in FIPS mode that complies with the FIPS 140-2 standard after it starts up. For Common Criteria (CC) evaluation in FIPS mode, the switch also works in a operating mode that complies with the CC standard.
The switch does not support an upgrade from a FIPS-incompatible version to a FIPS-compatible version.