Brocade Fabric OS Administrator's Guide - Supporting Fabric OS v7.0.1 (53-1002446-01, March 2012)
530 Fabric OS Administrator’s Guide
53-1002446-01
Preparing the switch for FIPS
C
11. Enter the portCfgEncrypt --disable command to disable in-flight encryption. You must first
disable the port.
Example
myswitch:root> portdisable 0
myswitch:root> portcfgencrypt --disable 0
myswitch:root> portenable 0
12. Enter the ipSecConfig --disable command to disable Ethernet IPsec.
13. Disable IPsec for FCIP connections. The procedure depends on the type of extension blade
used.
For FX8-24 extension blades, enter the portCfg fciptunnel [slot/]port modify -ipsec 0
command.
For FR4-18i router blades, follow these steps:
a. Enter the portCfg fciptunnel [slot/]port delete tunnel_id command to delete the FCIP
tunnel.
b. Enter the policy
--delete ipsec command to delete the associated IPsec policy.
c. Enter the policy
--delete ike command to delete the associated IKE policy.
14. Enter the portCfg
--mgmtif delete command to disable in band management.
15. Enter the fipsCfg
--enable selftests command to enable KAT and conditional tests on the
switch.
16. Enter the fipsCfg
--verify fips command to verify the switch is FIPS-ready.
17. Enter the fipsCfg
--enable fips command.
18. Reboot the switch. If a Backbone, reboot both CPs.
Zeroizing for FIPS
1. Log in to the switch using an account with admin or securityadmin permissions, or a user
account with OM permissions for the FIPSCfg RBAC class of commands.
2. Enter the fipsCfg
--zeroize command.
3. Reboot the switch.
Displaying FIPS configuration
1. Log in to the switch using an account with admin or securityadmin permissions, or a user
account with the O permission for the FCIPCfg RBAC class of commands.
2. Enter the fipsCfg
--showall command.