Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Applying Tamper-Evident Seals to Switch Management Ports for FIPS Mode

 

Adhesive seals applied to management ports and Virtual Chassis ports (VCPs) help secure an EX Series switch. Any damage to a seal provides evidence of physical tampering with the FIPS cryptographic module. Tamper-evident seals are shipped with your switch.

A Crypto Officer is responsible for applying the seals to secure the cryptographic module, controlling any unused seals, and directly controlling and observing any changes such as, repairs or booting from an external USB drive to the cryptographic module that require removing or replacing the seals to maintain the security of the module.

General Tamper-Evident Seal Instructions

All FIPS-certified switches require tamper-evident seals on USB ports. In addition, ports that are pre-configured as VCP ports also require tamper-evident seals. (For details, see the specific instructions for your switch.) While applying seals, follow these general instructions:

  • Handle the seals with care. Do not touch the adhesive side. Do not cut or otherwise resize a seal to make it fit.

  • Make sure all surfaces to which the seals are applied are clean and dry and clear of any residue.

  • Apply the seals with firm pressure across the seal to ensure adhesion. Allow at least 1 hour for the adhesive to cure.

EX2300 C Switch Tamper-Evident Seal Application

On the front panel of the EX2300 C switch:

  1. Apply one tamper-evident seal to cover the Mini-USB console port (number 7), as shown in Figure 1.

  2. Apply another tamper-evident seal to the RJ-45 port console port (number 8) to secure the EX2300 C cryptographic module, as shown in Figure 1.

Figure 1: EX2300 C Front Panel
EX2300 C Front Panel
  1
RJ-45 network ports
  6
Factory Reset/Mode button
  2
USB ports
  7
Mini-USB console port
  3
Management Ethernet port
  8
RJ-45 console port
  4
Chassis status LEDs
  9
10-Gigabit Ethernet uplink ports
  5
Port status mode LEDs. The LED labeled PoE is present only on models with PoE capability
10
ESD point

EX2300 Switch Tamper-Evident Seal Application

  1. Apply one tamper-evident seal on the front panel to cover the USB port (number 1), as shown in Figure 2.

  2. Apply two tamper-evident seals on the rear panel to RJ-45 network ports (number 3) and USB port (number 1) to secure the EX 2300 cryptographic module, as shown in Figure 3.

Figure 2: EX2300 Front Panel
EX2300 Front Panel
  1
RJ-45 network ports
  4
Factory Reset/Mode button
  2
Chassis status LEDs
  5
Mini-USB console port
  3
Port status mode LEDs
  6
10-Gigabit Ethernet uplink ports
Figure 3: EX2300 Rear Panel
EX2300 Rear Panel
  1
USB ports
  5
ESD points
  2
Management Ethernet port
  6
Air exhaust openings
  3
RJ-45 network ports
  7
Serial number ID label
  4
Protective earthing terminal
  8
AC power cord inlet

EX3400 Switch Tamper-Evident Seal Application

  1. Apply two tamper-evident seals on the front panel. One tamper-evident seal is applied to cover the Mini-USB console port (number 5) and another seal is applied to the RJ-45 Console port (number 3) to secure the EX 3400 cryptographic module, as shown in Figure 4.

  2. Apply two tamper-evident seals on the rear panel. One tamper-evident seals is applied to cover the USB port (number 1) and another seal is applied to the RJ-45 Console port (number 3) to secure the EX 3400 cryptographic module, as shown in Figure 5.

Figure 4: EX3400 Front Panel
EX3400 Front Panel
  1
RJ-45 ports
  4
Factory Reset/Mode button
  2
Chassis status LEDs
  5
Mini-USB console port
  3
Port status mode LEDs
  6
SFP+ Uplink port
Figure 5: EX3400 Rear Panel
EX3400 Rear Panel
  1
USB port
  6
ESD point
  2
Management Ethernet port
  7
Fan modules
  3
RJ-45 console port
  8
AC power supply
  4
Protective earthing terminal
  9
Empty slot for power supply covered by a blank panel
  5
QSFP+ uplink ports