Using the manual reboot method to enter FIPS mode

To ensure login password effectiveness under the password control policies, set the correct system time.

Configure the password control feature.

1. Enable the password control feature globally.

2. Configure password control policies.

   • Set the number of character types a password must contain to 4.

   • Set the minimum number of characters for each type to one character.

   • Set the minimum length for a user password to 15 characters.

For more information about the password control feature, see password control in Security Configuration Guide.

Configure a local user.

• Create a device management local user.

• Specify a password that complies with the password control policies.

• Assign the terminal service to the user.

• Assign the network-admin user role to the user.

Enter system view.

system-view

Enable FIPS mode.

fips mode enable

By default, the FIPS mode is disabled.

After the reboot method choice prompt appears, enter N.

The system enables FIPS mode and waits for you to complete the FIPS mode configuration tasks. Before rebooting the device to enter FIPS mode, do not execute any commands except for save and commands used to prepare for entering FIPS mode. If you execute any other commands, the commands might not take effect.

Save the running configuration and specify the configuration file as the startup configuration file.

Delete the .mdb startup configuration file.

When loading a .mdb configuration file, the device loads all settings in the file. The settings that are not supported in FIPS mode might affect device operation.

Reboot the device.

The device reboots, loads the startup configuration file, and enters FIPS mode. To log in to the device, you must enter the configured username and password. After login, you are identified as the FIPS mode crypto officer.