cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

753
Views
0
Helpful
0
Replies

MDS 9000, enabling FIPS require disabling VRRP

Hello,

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/8_x/config/security/cisco_mds9000_security_config_guide_8x/configuring_fips.html

manual says: 

Configuration Guidelines
Follow these guidelines before enabling FIPS mode:
• Make your passwords a minimum of eight characters in length.
• Disable Telnet. Users should log in using SSH only.
• Disable remote authentication through RADIUS/TACACS+. Only users local to the switch can be
authenticated.
• Disable SNMP v1 and v2. Any existing user accounts on the switch that have been configured for
SNMPv3 should be configured only with SHA for authentication and AES/3DES for privacy.
• Disable VRRP.
• Delete all IKE policies that either have MD5 for authentication or DES for encryption. Modify the
policies so they use SHA for authentication and 3DES/AES for encryption.
• Delete all SSH Server RSA1 keypairs.

 

I am not getting why we have to disable VRRP. Can anyone explain?

 

Thank you in advance.

0 REPLIES 0