Configuring FIPS Mode

Enabling FIPS Mode

Enabling FIPS Mode 

POST http://<mgmt0_IP>/api/mo/sys.json

{
  "topSystem": {
    "children": [
      {
        "securitySecurity": {
          "attributes": {
            "enFipsMode": "yes"
}}}]}}

{
    imdata:[]
}

<System>
  <security-items>
    <enFipsMode>yes</enFipsMode>
  </security-items>
</System>

Note: This example was added in Release 9.3(1).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

fips mode enable


Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
securitySecuritysys/security


securitySecurity Properties

The following table contains information about the securitySecurity properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
enFipsModeaaa:Boolean
(scalar:Enum8)		 Enable/Disable FIPS ModeSELECTION:
0 - no
1 - yes
DEFAULT: no


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

For detailed information about classes and attributes in the payload, see the NX-API DME Model Reference: https://developer.cisco.com/media/dme/index.html

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Disabling FIPS Mode

Disabling FIPS Mode 

POST http://<mgmt0_IP>/api/mo/sys.json

{
  "topSystem": {
    "children": [
      {
        "securitySecurity": {
          "attributes": {
            "enFipsMode": "no"
}}}]}}

{
    imdata:[]
}

<System>
  <security-items>
    <enFipsMode>no</enFipsMode>
  </security-items>
</System>

Note: This example was added in Release 9.3(1).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

no fips mode enable


Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
securitySecuritysys/security


securitySecurity Properties

The following table contains information about the securitySecurity properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
enFipsModeaaa:Boolean
(scalar:Enum8)		 Enable/Disable FIPS ModeSELECTION:
0 - no
1 - yes
DEFAULT: no


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

For detailed information about classes and attributes in the payload, see the NX-API DME Model Reference: https://developer.cisco.com/media/dme/index.html

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html