Trying to enable FIPs on a nexus 9372. Every time we do it and reboot, it still says FIPs is disabled. When checking the logs, I see that I get a failure when enabling FIPs mode. We have followed these steps....
• Disable Telnet. Users should log in using Secure Shell (SSH) only.
• DisableSNMPv1 and v2. Any existing user accounts on the device that have been configured forSNMPv3 should be configured only with SHA for authentication and AES/3DES for privacy.
• Delete all SSH server RSA1 key-pairs.
But there is one more prerequisite that we cannot figure out how to configure....
• Enable HMAC-SHA1 message integrity checking (MIC) for use during the Cisco TrustSec Security AssociationProtocol (SAP) negotiation. To do so, enter the sap hash-algorithm HMAC-SHA-1 command from the cts-manual or cts-dot1x mode.
I cannot find anything cts on the switch, or anything related to MIC on the switch. I also want to add that we currently do not use any type of AAA server (radius or tacacs) on our network anywhere. Is this an issue when trying to configure FIPs?