233{ save.{ Other commands used for configuration preparation to enter FIPS mode.• To switch to non-FIPS mode, execute the undo fips mode enable command in system view, save theconfiguration, and reboot the device.• Configuration rollback is supported in FIPS mode and also during a switch between FIPS mode andnon-FIPS mode. After a configuration rollback between FIPS mode and non-FIPS mode, perform thefollowing tasks:d. Delete the local user and configure a new local user. Local user attributes include password,user role, and service type.e. Save the current configuration file.f. Specify the current configuration file as the startup configuration file.g. Reboot the device. The new configuration takes effect after the reboot. During this process, donot exit the system or perform other operations.• If a device enters FIPS mode through manual reboot, the startup configuration file does not supportconfiguration rollback. To support configuration rollback, you must execute the save commandbefore making other configurations.• Do not use FIPS and non-FIPS devices to create an IRF fabric.• To enable FIPS mode for an IRF fabric, you must reboot the entire IRF fabric.Configuring FIPS modeEntering FIPS modeAfter you enable FIPS mode and reboot the switch, the switch operates in FIPS mode. The FIPS switch hasstrict security requirements, and performs self-tests on cryptography modules to verify that they areoperating correctly.A FIPS device meets the requirements defined in Network Device Protection Profile (NDPP) of CommonCriteria (CC).The system provides two methods to enter FIPS mode: automatic reboot and manual reboot.Automatic rebootTo use automatic reboot to enter FIPS mode:1. Enable FIPS mode.2. Select the automatic reboot method.The system automatically performs the following tasks:a. Create a default FIPS configuration file named fips-startup.cfg.b. Specify this file as the startup configuration file.c. Prompt you to configure the username and password for next login.You can press Ctrl+C to exit the configuration process. The fips mode enable command will not beexecuted.3. Configure a username and password to log in to the device in FIPS mode.The password must include at least 15 characters that contain uppercase and lowercase letters,digits, and special characters.