01-18-2021 09:51 AM
I have a quick question. Is FIPS automatically set on the ASR 1000 series routers? I don't see any options to enable it or even show that is enabled.
01-18-2021 10:06 AM
what is the version of code running, can you post show version and show license all.
01-18-2021 11:16 AM
Cisco IOS XE Software, Version 16.09.02
Cisco IOS Software [Fuji], ASR1000 Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.9.2, RELEASE SOFTWARE (fc4)
ROM: IOS-XE ROMMON
XXXXXXXXXXX uptime is 5 weeks, 5 days, 10 minutes
Uptime for this control processor is 5 weeks, 5 days, 11 minutes
System returned to ROM by Reload Command
System image file is "bootflash:/asr1001x-universalk9.16.09.02.SPA.bin"
Last reload reason: Reload Command
License Type: Permanent
License Level: advipservices
Next reload license Level: advipservices
The current throughput level is 25 kbps
XXXXXXXXXXXX#sh license all
License Store: Primary License Storage
StoreIndex: 0 Feature: advipservices Version: 1.0
License Type: Permanent
License State: Active, In Use
Lock type: Node locked
Vendor info: <PID>ASR1001-X</PID><SN>XXXXXXXXXXX</SN>
License Addition: Exclusive
License Generation version: 0x8100000
License Count: Non-Counted
License Priority: Medium
StoreIndex: 1 Feature: sw_redundancy Version: 1.0
License Type: Permanent
License State: Active, In Use
Lock type: Node locked
Vendor info: <PID>ASR1001-X</PID><SN>XXXXXXXXXXX</SN>
License Addition: Exclusive
License Generation version: 0x8100000
License Count: Non-Counted
License Priority: Medium
License Store: Built-In License Storage
StoreIndex: 0 Feature: adventerprise Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: Non-Counted
License Priority: None
StoreIndex: 1 Feature: advipservices Version: 1.0
License Type: EvalRightToUse
License State: Inactive
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: Non-Counted
License Priority: None
StoreIndex: 2 Feature: avc Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: Non-Counted
License Priority: None
StoreIndex: 3 Feature: fwnat_red Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: Non-Counted
License Priority: None
StoreIndex: 4 Feature: ipsec Version: 1.0
License Type: EvalRightToUse
License State: Active, In Use
Evaluation total period: 8 weeks 4 days
Evaluation period left: 1 week 5 days
Period used: 6 weeks 5 days
Transition date: Jan 30 2021 17:17:27
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: Non-Counted
License Priority: Low
StoreIndex: 5 Feature: lawful_intr Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: Non-Counted
License Priority: None
StoreIndex: 6 Feature: lisp Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: Non-Counted
License Priority: None
StoreIndex: 7 Feature: otv Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: Non-Counted
License Priority: None
StoreIndex: 8 Feature: sw_redundancy Version: 1.0
License Type: EvalRightToUse
License State: Inactive
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: Non-Counted
License Priority: None
StoreIndex: 9 Feature: throughput_5g Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: Non-Counted
License Priority: None
StoreIndex: 10 Feature: throughput_10g Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: Non-Counted
License Priority: None
StoreIndex: 11 Feature: throughput_20g Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: Non-Counted
License Priority: None
StoreIndex: 12 Feature: vpls Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: Non-Counted
License Priority: None
StoreIndex: 13 Feature: interface_10g Version: 1.0
License Type: RightToUse
License State: Active, In Use
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: 2/0 (In-use/Violation)
License Priority: Low
StoreIndex: 14 Feature: FoundationSuiteK9 Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: Non-Counted
License Priority: None
StoreIndex: 15 Feature: AdvUCSuiteK9 Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: Non-Counted
License Priority: None
StoreIndex: 16 Feature: appxk9 Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: Non-Counted
License Priority: None
StoreIndex: 17 Feature: securityk9 Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: Non-Counted
License Priority: None
StoreIndex: 18 Feature: uck9 Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: Non-Counted
License Priority: None
StoreIndex: 19 Feature: OC12_wan_interface Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: 0/0 (In-use/Violation)
License Priority: None
StoreIndex: 20 Feature: OC3_wan_interface Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Lock type: Non Node locked
Vendor info: <UDI><PID>NOTLOCKED</PID><SN>NOTLOCKED</SN></UDI><T>RTU</T>
License Addition: Additive
License Generation version: 0x8200000
License Count: 0/0 (In-use/Violation)
License Priority: None
12-05-2022 03:18 AM
Hi @netspazz and @balaji.bandi we are also looking for CLI configuration commands for disabling the FIPS on ASR1K devices. Can you help with any configuration guides available for this (specific to ASR1K devices) for FIPs feature
12-09-2022 06:53 PM
To disable FIPS Mode on an ASR 1000 series router, you can use the following steps:
Log in to the router's command-line interface (CLI) using a terminal emulator such as PuTTY.
Enter privileged mode by typing enable
and pressing Enter.
Type the configure terminal
command and press Enter to enter global configuration mode.
Type the following commands to disable FIPS Mode on the router:
crypto fips disable
no crypto fips
Type the exit
command to exit global configuration mode.
Type the write memory
command to save the changes to the router's configuration.
After disabling FIPS Mode on the ASR 1000 series router, you should verify that the changes have taken effect by typing the show crypto fips
command and verifying that the FIPS mode
field is set to Disabled
.
Note that disabling FIPS Mode may have security implications and is not recommended unless it is absolutely necessary. Consult your security policies and the documentation for your specific router model for more information before disabling FIPS Mode.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide