Exiting FIPS mode
About exiting FIPS mode
After you disable FIPS mode and reboot the device, the device operates in non-FIPS mode.
For the device to exit FIPS mode, you can use one of the following reboot methods:
Automatic reboot—The system automatically creates a default non-FIPS configuration file named non-fips-startup.cfg, specifies the file as the startup configuration file, and reboots to enter non-FIPS mode. You can log in to the device without providing username or password.
Manual reboot—You must manually complete the configuration tasks for entering non-FIPS mode, and then reboot the device. To log in to the device after the reboot, you must enter user information as required by the authentication mode settings.
The following are the default authentication mode settings:
VTY line—Password authentication.
AUX line—Authentication is disabled.
You can modify the authentication settings as needed.
Using the automatic reboot method to exit FIPS mode
Enter system view.
system-view
Disable FIPS mode.
undo fips mode enable
By default, the FIPS mode is disabled.
Select the automatic reboot method.
Using the manual reboot method to exit FIPS mode
Enter system view.
system-view
Disable FIPS mode.
undo fips mode enable
By default, the FIPS mode is disabled.
Select the manual reboot method.
Configure login authentication settings.
If you logged in to the device through SSH, perform the following tasks without disconnecting the current user line:
Set the authentication mode to scheme for VTY lines.
Specify the username and password. If you do not specify the username or password, the device uses the current username and password.
If you logged in to the device through a console port, configure login authentication settings for the current type of user lines as described in the following table:
Current login method
Login authentication requirements
Scheme
Set the authentication to scheme and specify the username and password. If you do not specify the username or password, the device uses the current username and password.
Password
Set the authentication to password and specify the password. If you do not specify the password, the device uses the current password.
None
Set the authentication to none.
Save the running configuration and specify the file as the startup configuration file.
Delete the .mdb startup configuration file.
Reboot the device.