Carrier Access 1750 Manual De Usuario
11-20
Broadmore 1750 - Release 4.6
Security Management (FIPS Mode)
Disabling FIPS Mode
Disabling FIPS Mode
Only a Superuser (Crypto Officer) can change the security modes. The security
mode can only be changed after successfully logging into the Broadmore, then
performing the following steps.
mode can only be changed after successfully logging into the Broadmore, then
performing the following steps.
CAUTION!
D
ISABLING
FIPSMODE
WILL
DELETE
EXISTING
USER
ACCESS
ACCOUNTS
AND
CRYPTOGRAPHIC
KEYS
AND
REVERT
THE
B
ROADMORE
TO
THE
FACTORY
DEFAULT
S
UPER
U
SER
ID
AND
PASSWORD
,
WHICH
CAN
DENY
MANAGEMENT
ACCESS
AND
COMPROMISE
SECURITY
. N
O
ONE
CAN
LOG
IN
REMOTELY
TILL
THE
B
ROADMORE
IS
REBOOTED
.
1. Log into the online CPU (Broadmore primary IP address) with a secure SSH
terminal emulator such as SecureCRT (see “Logging In” on page
2. Disable FIPS mode by entering the following shell command at the Broadmore
prompt:
fipsmode off
fipsmode off
↵
3. Reboot the Broadmore for the change to take effect by entering the following
commands at the Broadmore prompt:
cli
cli
↵
maintain
↵
redundancy
↵
cpu
↵
rebootstandby
↵
releasecpu
↵
NOTE:
The above command sequence reboots the standby CPU (if any)
and then the online CPU. In a redundant system, both CPUs must be
rebooted into the non-FIPS mode. Rebooting the online CPU will terminate
the current management session. After reboot, the previous standby CPU
will normally become the online CPU. It may take several minutes for the
ARP tables in the network to refresh before you can log into the online CPU.
rebooted into the non-FIPS mode. Rebooting the online CPU will terminate
the current management session. After reboot, the previous standby CPU
will normally become the online CPU. It may take several minutes for the
ARP tables in the network to refresh before you can log into the online CPU.