Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
822
Views
0
Helpful
0
Replies

Nexus 9372 FIPs mode enabling issues

hhhax7
Level 1
Level 1

‎02-24-2021 07:21 AM - edited ‎02-24-2021 07:34 AM

Trying to enable FIPs on a nexus 9372. Every time we do it and reboot, it still says FIPs is disabled. When checking the logs, I see that I get a failure when enabling FIPs mode. We have followed these steps....

• Disable Telnet. Users should log in using Secure Shell (SSH) only.

• DisableSNMPv1 and v2. Any existing user accounts on the device that have been configured forSNMPv3 should be configured only with SHA for authentication and AES/3DES for privacy.

• Delete all SSH server RSA1 key-pairs.

 

 

But there is one more prerequisite that we cannot figure out how to configure....

 

• Enable HMAC-SHA1 message integrity checking (MIC) for use during the Cisco TrustSec Security AssociationProtocol (SAP) negotiation. To do so, enter the sap hash-algorithm HMAC-SHA-1 command from the cts-manual or cts-dot1x mode.

 

I cannot find anything cts on the switch, or anything related to MIC on the switch. I also want to add that we currently do not use any type of AAA server (radius or tacacs) on our network anywhere. Is this an issue when trying to configure FIPs?

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents