Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
336
Views
1
Helpful
4
Replies

Enable FIPS Mode on Catalyst 9300 Stack

Go to solution
cls10378
Level 1
Level 1

‎11-15-2024 10:50 AM - edited ‎11-15-2024 10:51 AM

I have a Catalyst 9300 stack running IOSXE 17.9.4 and I am confused on how I can perform this, as stated in the FIPS guide here: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9200/software/release/17-9/configuration_guide/sec/b_179_sec_9200_cg/secure_operation_in_fips_mode.html

Enable secure stacking by configuring the same authorization key on each member of the stack.

In the past, you could do a session command to do that on a different stack member, but that has been depreciated.  Will I need to console into each switch and do this?  The stack is already established with 4 switches in the stack.

Been searching all over the web for the correct way to do this on a stack, but I am unable to really find anything.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Flavio Miranda
VIP
VIP
In response to cls10378

‎11-15-2024 11:57 AM

Considering stack switch, unfortunately console is the only way as there will be no direct access to stack member through the network. 

As we can see on the output for the command show romvar, FIPS will gather information from hardware and that´s why this need to be done per box. 

 

 

Device#show romvar

ROMMON variables:
PS1="switch: "
BOARDID="24666"
SWITCH_NUMBER="1"
TERMLINES="0"
MOTHERBOARD_ASSEMBLY_NUM="73-18506-02"
MOTHERBOARD_REVISION_NUM="04"
MODEL_REVISION_NUM="P2A"
POE1_ASSEMBLY_NUM="73-16123-03"

 

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Flavio Miranda
VIP
VIP

‎11-15-2024 11:15 AM

@cls10378 

On the document we can read

"

Note

 

Enable secure stacking by configuring the same authorization key on each member of the stack.

So, yes, you need to connect to every member and configure the same authorization key.

0 Helpful

Go to solution
cls10378
Level 1
Level 1
In response to Flavio Miranda

‎11-15-2024 11:47 AM

Flavio, yes, but I wanted to know if the only way to do this now was via serial connection.  Sorry, if I wasn't 100% clear.  This location is 3 hours away in a different datacenter and I just wanted to accommodate that.

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to cls10378

‎11-15-2024 11:57 AM

Considering stack switch, unfortunately console is the only way as there will be no direct access to stack member through the network. 

As we can see on the output for the command show romvar, FIPS will gather information from hardware and that´s why this need to be done per box. 

 

 

Device#show romvar

ROMMON variables:
PS1="switch: "
BOARDID="24666"
SWITCH_NUMBER="1"
TERMLINES="0"
MOTHERBOARD_ASSEMBLY_NUM="73-18506-02"
MOTHERBOARD_REVISION_NUM="04"
MODEL_REVISION_NUM="P2A"
POE1_ASSEMBLY_NUM="73-16123-03"

 

0 Helpful

Go to solution
cls10378
Level 1
Level 1

‎11-15-2024 12:19 PM

Thanks for the quick response!  That gives me the direction we need to go in.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card