Cisco System Model: Fault fltAaaCtrlrFipsStateCtrlr_fips_mode_changed Cisco System Model: Class ifc:ae:fltAaaCtrlrFipsStateCtrlr_fips_mode

Fault fltAaaCtrlrFipsStateCtrlr_fips_mode_changed

Rule ID:2560

Explanation:
This fault occurs when FIPS 140-2 is enabled or disabled on the node

Recommended Action:
If you see this fault, a node reboot is required

Check if a similar fault is generated on other nodes on fabric
Reboot all such nodes where this fault is seen

Raised on MO: aaa:CtrlrFipsState

Fault Name: fltAaaCtrlrFipsStateCtrlr_fips_mode_changed

Unqualified API Name: ctrlr_fips_mode_changed
Code: F2560
Applied Mo DN Format:
topology/pod-[id]/node-[id]/sys/ctrlrfipsstate
sys/ctrlrfipsstate

Type: operational
Cause: change-in-fips-state
Severity: minor
Weight: 100
Tags:
Message: Fips mode changed. Reboot needed. Follow these guidelines before rebooting the system: 1. Disable Telnet. Users should login using SSH only 2. Disable remote authentication through Radius/Tacacs+ 3. Disable SNMP v1 and v2. Snmp v3 should be configured only with SHA for authentication and AES for privacy 4. Delete all policies that have MD5 for authentication or DES for encryption 5. Do not use RSA1 Keypairs for SSH.

Help:

Triggered By:
ctrlrReboot equals yes