Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1181
Views
0
Helpful
4
Replies

ASR 1001-X FIPS Enable

netspazz
Level 1
Level 1

‎01-18-2021 09:51 AM

I have a quick question. Is FIPS automatically set on the ASR 1000 series routers? I don't see any options to enable it or even show that is enabled.

 

Labels:
0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎01-18-2021 10:06 AM

what is the version of code running, can you post show version and show license all.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

netspazz
Level 1
Level 1
In response to balaji.bandi

‎01-18-2021 11:16 AM

Cisco IOS XE Software, Version 16.09.02
Cisco IOS Software [Fuji], ASR1000 Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.9.2, RELEASE SOFTWARE (fc4)

ROM: IOS-XE ROMMON

XXXXXXXXXXX uptime is 5 weeks, 5 days, 10 minutes
Uptime for this control processor is 5 weeks, 5 days, 11 minutes
System returned to ROM by Reload Command
System image file is "bootflash:/asr1001x-universalk9.16.09.02.SPA.bin"
Last reload reason: Reload Command

License Type: Permanent
License Level: advipservices
Next reload license Level: advipservices
The current throughput level is 25 kbps

 


XXXXXXXXXXXX#sh license all
License Store: Primary License Storage
StoreIndex: 0 Feature: advipservices Version: 1.0
License Type: Permanent
License State: Active, In Use
Lock type: Node locked
Vendor info: <PID>ASR1001-X</PID><SN>XXXXXXXXXXX</SN>
License Addition: Exclusive
License Generation version: 0x8100000
License Count: Non-Counted
License Priority: Medium
StoreIndex: 1 Feature: sw_redundancy Version: 1.0
License Type: Permanent
License State: Active, In Use
Lock type: Node locked
Vendor info: <PID>ASR1001-X</PID><SN>XXXXXXXXXXX</SN>
License Addition: Exclusive
License Generation version: 0x8100000
License Count: Non-Counted
License Priority: Medium
License Store: Built-In License Storage
StoreIndex: 0 Feature: adventerprise Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: Non-Counted
License Priority: None
StoreIndex: 1 Feature: advipservices Version: 1.0
License Type: EvalRightToUse
License State: Inactive
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: Non-Counted
License Priority: None
StoreIndex: 2 Feature: avc Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: Non-Counted
License Priority: None
StoreIndex: 3 Feature: fwnat_red Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: Non-Counted
License Priority: None
StoreIndex: 4 Feature: ipsec Version: 1.0
License Type: EvalRightToUse
License State: Active, In Use
Evaluation total period: 8 weeks 4 days
Evaluation period left: 1 week 5 days
Period used: 6 weeks 5 days
Transition date: Jan 30 2021 17:17:27
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: Non-Counted
License Priority: Low
StoreIndex: 5 Feature: lawful_intr Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: Non-Counted
License Priority: None
StoreIndex: 6 Feature: lisp Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: Non-Counted
License Priority: None
StoreIndex: 7 Feature: otv Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: Non-Counted
License Priority: None
StoreIndex: 8 Feature: sw_redundancy Version: 1.0
License Type: EvalRightToUse
License State: Inactive
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: Non-Counted
License Priority: None
StoreIndex: 9 Feature: throughput_5g Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: Non-Counted
License Priority: None
StoreIndex: 10 Feature: throughput_10g Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: Non-Counted
License Priority: None
StoreIndex: 11 Feature: throughput_20g Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: Non-Counted
License Priority: None
StoreIndex: 12 Feature: vpls Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: Non-Counted
License Priority: None
StoreIndex: 13 Feature: interface_10g Version: 1.0
License Type: RightToUse
License State: Active, In Use
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: 2/0 (In-use/Violation)
License Priority: Low
StoreIndex: 14 Feature: FoundationSuiteK9 Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: Non-Counted
License Priority: None
StoreIndex: 15 Feature: AdvUCSuiteK9 Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: Non-Counted
License Priority: None
StoreIndex: 16 Feature: appxk9 Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: Non-Counted
License Priority: None
StoreIndex: 17 Feature: securityk9 Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: Non-Counted
License Priority: None
StoreIndex: 18 Feature: uck9 Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: Non-Counted
License Priority: None
StoreIndex: 19 Feature: OC12_wan_interface Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: 0/0 (In-use/Violation)
License Priority: None
StoreIndex: 20 Feature: OC3_wan_interface Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: 0/0 (In-use/Violation)
License Priority: None

0 Helpful

dprabhal
Cisco Employee
Cisco Employee

‎12-05-2022 03:18 AM

Hi @netspazz and @balaji.bandi we are also looking for CLI configuration commands for disabling the FIPS on ASR1K devices. Can you help with any configuration guides available for this (specific to ASR1K devices) for FIPs feature

0 Helpful

MaxShantar
Cisco Employee
Cisco Employee
In response to dprabhal

‎12-09-2022 06:53 PM

To disable FIPS Mode on an ASR 1000 series router, you can use the following steps:

  1. Log in to the router's command-line interface (CLI) using a terminal emulator such as PuTTY.

  2. Enter privileged mode by typing enable and pressing Enter.

  3. Type the configure terminal command and press Enter to enter global configuration mode.

  4. Type the following commands to disable FIPS Mode on the router:

crypto fips disable
no crypto fips

  1. Type the exit command to exit global configuration mode.

  2. Type the write memory command to save the changes to the router's configuration.

After disabling FIPS Mode on the ASR 1000 series router, you should verify that the changes have taken effect by typing the show crypto fips command and verifying that the FIPS mode field is set to Disabled.

Note that disabling FIPS Mode may have security implications and is not recommended unless it is absolutely necessary. Consult your security policies and the documentation for your specific router model for more information before disabling FIPS Mode.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents