Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
233
Views
0
Helpful
3
Replies

I need to enable fips remotely on a Cisco Nexus 9K

charliekay
Level 1
Level 1

‎05-09-2024 01:01 AM

 I need to enable fips remotely the solution is to follow the below steps: Enable fips N9K N9k-Switch# conf t N9k-Switch(config)# no feature ssh N9k-Switch(config)# no ssh key rsa N9k-Switch(config)# ssh key rsa 2048 N9k-Switch(config)# feature ssh New SSH Key has a bitcount of 2048: N9k-Switch(config)# show ssh key (check RSA keys) N9k-Switch(config)# fips mode enable (this required reload the switch) The issue is that I need to do this remotely thru ssh and ssh will disconnect, I was thinking of a tcl script, but not too familiar with tcl scripting. Is there a tcl or eem script that would work for this? Thank you, Dave      

0 Helpful
3 Replies 3

marce1000
VIP
VIP

‎05-09-2024 01:23 AM

 

  - One other option could be , if the remote site can offer terminal services , it to access the console of the nexus through a terminal server equipment , 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Ruben Cocheno
Spotlight
Spotlight

‎05-20-2024 01:49 AM

@charliekay 

 here is an EEM script you

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/
0 Helpful

Ruben Cocheno
Spotlight
Spotlight

‎05-22-2024 01:08 AM

@charliekay 

 here is an EEM script you can run manually from the exec prompt (event manager run SSH_FIPS_ENABLE): event manager applet SSH_FIPS_ENABLE event none action 1.0 cli command "enable" action 2.0 cli command "configure terminal" action 3.0 cli command "no feature ssh" action 4.0 cli command "no ssh key rsa" action 5.0 cli command "ssh key rsa 2048" action 6.0 cli command "feature ssh" action 7.0 cli command "show ssh key" action 8.0 wait 5 action 9.0 cli command "fips mode enable" action 10.0 cli command "end" action 11.0 cli command "write memory"

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card