09-16-2020 06:33 AM
When we enable FIPS on our Nexus 93180LC-EX after reload we are unable to SSH into the box. We have to console into the box and remove the FIPS command in order to get back into the box via SSH.
Has anyone else experienced this issue before? Are we doing something wrong when enabling FIPS?
I will not be able to send outputs from this box since it is on the high side.
Thank you
Jason
09-16-2020 06:52 AM - edited 09-16-2020 06:53 AM
Not sure i re-collect correctly - there is pre-requisites.
Prerequisitesfor FIPSFIPS has the followingprerequisites:• DisableTelnet. Users shouldlog in using SecureShell (SSH) only.• DisableSNMPv1andv2.AnyexistinguseraccountsonthedevicethathavebeenconfiguredforSNMPv3shouldbe configuredonly with SHA for authenticationand AES/3DESfor privacy.• Delete all SSH server RSA1 key-pairs.ConfiguringFIPS3ConfiguringFIPSVirtualizationSupportfor FIPS
. EnableHMAC-SHA1messageintegritychecking(MIC) for use during the Cisco TrustSecSecurityAssociationProtocol(SAP)negotiation.Todoso,enterthesaphash-algorithmHMAC-SHA-1commandfrom the cts-manualor cts-dot1xmode. Note that this commandis not supportedfor F1 Series or F2Series modules
04-06-2021 06:12 AM - edited 04-06-2021 06:12 AM
Did you ever fix this issue? None of our Nexus devices ssh/scp/authentication work after enabling FIPS mode.
03-14-2022 11:33 AM
I ran into the same issue. Was there a fix?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide