Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
478
Views
0
Helpful
2
Replies

I need to enable fips remotely on a Cisco Nexus 9K

Go to solution
DSterling
Level 1
Level 1

‎01-30-2024 08:35 AM

I need to enable fips remotely the solution is to follow the below steps: 

Enable fips N9K
N9k-Switch# conf t
N9k-Switch(config)# no feature ssh
N9k-Switch(config)# no ssh key rsa
N9k-Switch(config)# ssh key rsa 2048
N9k-Switch(config)# feature ssh
New SSH Key has a bitcount of 2048:
N9k-Switch(config)# show ssh key (check RSA keys)
N9k-Switch(config)# fips mode enable (this required reload the switch)

The issue is that I need to do this remotely thru ssh and ssh will disconnect, I was thinking of a tcl script, but not too familiar with tcl scripting.

Is there a tcl or eem script that would work for this?

Thank you, Dave

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP

‎01-30-2024 01:26 PM

Hello,

here is an EEM script you can run manually from the exec prompt (event manager run SSH_FIPS_ENABLE):

event manager applet SSH_FIPS_ENABLE
event none
action 1.0 cli command "enable"
action 2.0 cli command "configure terminal"
action 3.0 cli command "no feature ssh"
action 4.0 cli command "no ssh key rsa"
action 5.0 cli command "ssh key rsa 2048"
action 6.0 cli command "feature ssh"
action 7.0 cli command "show ssh key"
action 8.0 wait 5
action 9.0 cli command "fips mode enable"
action 10.0 cli command "end"
action 11.0 cli command "write memory"

View solution in original post

0 Helpful
2 Replies 2

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎01-30-2024 10:56 AM

What model of Nexus 9K, if you have chasis while booting with FIPS mode any failure cause it stops.

what the challange to get  the user available with console ?

yes you can use TCL/ EEM scripts where possible - but boot fail cause big cost.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎01-30-2024 01:26 PM

Hello,

here is an EEM script you can run manually from the exec prompt (event manager run SSH_FIPS_ENABLE):

event manager applet SSH_FIPS_ENABLE
event none
action 1.0 cli command "enable"
action 2.0 cli command "configure terminal"
action 3.0 cli command "no feature ssh"
action 4.0 cli command "no ssh key rsa"
action 5.0 cli command "ssh key rsa 2048"
action 6.0 cli command "feature ssh"
action 7.0 cli command "show ssh key"
action 8.0 wait 5
action 9.0 cli command "fips mode enable"
action 10.0 cli command "end"
action 11.0 cli command "write memory"

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card