Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring the Console Port for FIPS Mode

 

You initially connect to your router through an RJ-45 serial cable plugged into the console port. From the console port, you can use the CLI to configure the router. By default, the console port is enabled.

For FIPS compliance, your user account must be automatically logged out when you unplug the serial console cable from a router running Junos OS in FIPS mode. Junos OS in FIPS mode automatically logs out of your user account when you disconnect because the log-out-on-disconnect configuration statement is enabled by default. Also, Junos OS in FIPS mode does not automatically disable root password recovery, so you must explicitly configure that by specifying the insecure configuration statement.

Caution

If you disable root password recovery by setting the insecure statement, the root password can be recovered only if the Crypto Officer logs in to the system and modifies the configuration by removing that setting.

To configure automatic logout on disconnection:

  1. Log in to the router with your Crypto Officer password if you have not already done so, and enter configuration mode:
  2. Configure the router to automatically log out of a user session when the console port cable is unplugged:
  3. Configure the router to disable root password recovery:
  4. Optionally, display the configuration:
  5. If you are finished configuring the router, commit the configuration and exit:

    Otherwise, go on to Configuring Event Logging for Junos OS in FIPS Mode.

Related Documentation