Versions Compared

Old Version 2

changes.mady.by.user Ribbon Communications

Saved on

compared with

New Version 3

changes.mady.by.user Ribbon Communications

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Warning

You must reconfigure snmpv3 before enabling FIPs mode. Failure to do so could cause the SBC to crash due to excessive trap generation. Perform the following steps to reconfigure snmpv3:

...

.

Reconfiguration Step Before Enabling FIPS-140-2 Mode

All trap targets with authPriv/authNoPriv securityLevel must be disabled. Example:


Code Block
admin@sbc1% show oam snmp trapTarget EMS_-10.54.71.176
ipAddress 10.54.71.176;
port 162;
trapType v3;
targetUsername emstrapuser;
targetSecurityLevel authPriv;
state enabled;
admin@sbc1% set oam snmp trapTarget EMS_-10.54.71.176 state disabled
admin@sbc1% commit


Enable FIPS-140-2 mode.

The

Spacevars
0series4
supports FIPS 140-2 level 1 certification for its cryptographic modules. It implements FIPS 140-2 Level 1 validated cryptographic hardware modules and software tool kits and operates this module in FIPS 140-2 approved mode for all cryptographic operations.

...

ParameterDescription
Mode


Note

Once Fips-140-2 mode has been enabled, it cannot be 'disabled' through configuration. A fresh software install that discards all prior state is required to set the FIPS-140-2 mode to 'disabled'.

The options are:

  • Disabled (default)
  • Enabled


Reconfiguration Steps After Enabling FIPS-140-2 Mode

  1. Keys (authKey/privKey) for all snmp users must be reconfigured. This applies to all snmp users that are used for authPriv/authNoPriv security level trap targets.


Code Block
admin@sbc1% set oam snmp users emstrapuser authKey Xd:aa:1f:09:75:6e:f6:da:NN:NN:NN:NN:NN:0d
admin@sbc1% set oam snmp users emstrapuser privKey Xd:aa:1f:09:75:6e:f6:da:NN:NN:NN:NN:NN:0d
admin@sbc1% commit


2.  Enable authPriv/authNoPriv trap targets:


Code Block
admin@sbc1% set oam snmp trapTarget <trap_target_IP> state enabled