Exiting FIPS mode

After you disable FIPS mode and reboot the device, the device operates in non-FIPS mode.

The system provides two methods to exit FIPS mode: automatic reboot and manual reboot.

Automatic reboot

Select the automatic reboot method. The system automatically creates a default non-FIPS configuration file named non-fips-startup.cfg, and specifies the file as the startup configuration file. The system reboots the device by using the default non-FIPS configuration file. After the reboot, you are directly logged into the device.

Manual reboot

This method requires that you manually complete the configurations for entering non-FIPS mode, and then reboot the device. To log in to the device after the reboot, you must enter user information according to the authentication mode. The following default authentication modes are available for different ports or lines (you can modify the default mode as needed):

After you disable FIPS mode, follow these restrictions and guidelines before you manually reboot the device:

To disable FIPS mode:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Disable FIPS mode.

undo fips mode enable

By default, the FIPS mode is disabled.