https://community.ruckuswireless.com/t5/ICX-Switches/ICX-6450-Can-t-Login-after-enabling-FIPS-mode/m-p/12762#M203 it's not "FIPS hardware", it's your regular hardware with a FIPS flag set in the config. You guys have your own supported command in the bootloader to wipe FIPS mode and any related configs, just run "factory set-default" in the bootloader. If this is supposed to be some huge secret, maybe don't publicly publish the sources that include said commands?<BR alt="" name="" rel="" target="" title="" type="" value="" /><BR alt="" name="" rel="" target="" title="" type="" value="" />You've added even more ways, looking at your init script that starts under linux, however I will keep those secret as they are not published like factory reset is<BR alt="" name="" rel="" target="" title="" type="" value="" /><BR alt="" name="" rel="" target="" title="" type="" value="" /><BR alt="" name="" rel="" target="" title="" type="" value="" /> Mon, 18 Nov 2019 23:40:21 GMT jon_sands_jjbhk 2019-11-18T23:40:21Z https://community.ruckuswireless.com/t5/ICX-Switches/ICX-6450-Can-t-Login-after-enabling-FIPS-mode/m-p/12754#M195 After enabling FIPS mode on a ICX 6450-24, I am unable to login through the console following reload.&nbsp; Console history review showed that the user account was deleted from the config after issuing the fips enable command in global config.&nbsp; There was no mention of this possibility in the FIPS mode configuration guide.I have been unable to reset or recover from this.&nbsp; Any guidance would be greatly appreciated... Thu, 20 Jun 2019 18:32:59 GMT https://community.ruckuswireless.com/t5/ICX-Switches/ICX-6450-Can-t-Login-after-enabling-FIPS-mode/m-p/12754#M195 michael_schmitt 2019-06-20T18:32:59Z https://community.ruckuswireless.com/t5/ICX-Switches/ICX-6450-Can-t-Login-after-enabling-FIPS-mode/m-p/12755#M196 You can interrupt the boot on the vast majority of ICX devices by pressing b to enter the bootrom.<BR alt="" name="" rel="" target="" title="" type="" value="" /><BR alt="" name="" rel="" target="" title="" type="" value="" />Once there, you can most likely issue the "no password" command<BR alt="" name="" rel="" target="" title="" type="" value="" /><BR alt="" name="" rel="" target="" title="" type="" value="" />Then you can follow up with "boot"<BR alt="" name="" rel="" target="" title="" type="" value="" /><BR alt="" name="" rel="" target="" title="" type="" value="" />Then when it boots you can "enable"<BR alt="" name="" rel="" target="" title="" type="" value="" /><BR alt="" name="" rel="" target="" title="" type="" value="" />While these commands may not be exact there should be some contextual help by typing the ? mark to show what is available exactly on that platform.<BR alt="" name="" rel="" target="" title="" type="" value="" /><BR alt="" name="" rel="" target="" title="" type="" value="" /><BR alt="" name="" rel="" target="" title="" type="" value="" />Good Luck Thu, 20 Jun 2019 19:30:17 GMT https://community.ruckuswireless.com/t5/ICX-Switches/ICX-6450-Can-t-Login-after-enabling-FIPS-mode/m-p/12755#M196 netwizz 2019-06-20T19:30:17Z https://community.ruckuswireless.com/t5/ICX-Switches/ICX-6450-Can-t-Login-after-enabling-FIPS-mode/m-p/12756#M197 Thanks NETWizz.&nbsp; Unfortunately, with FIPS mode enabled, half of the boot monitor commands are not available (anything to do with flash read/write, TFTP, passwords, etc.). You can work with environment variables, boot pri/sec images, ping...) Below is the list of the available commands in the FIPS restricted boot monitor taken from the switch I'm having issues with:<BR alt="" name="" rel="" target="" title="" type="" value="" /><BR alt="" name="" rel="" target="" title="" type="" value="" />ICX64XX-boot&gt;&gt; ?<BR alt="" name="" rel="" target="" title="" type="" value="" />?&nbsp; &nbsp; &nbsp; &nbsp;- alias for 'help'<BR alt="" name="" rel="" target="" title="" type="" value="" />boot&nbsp; &nbsp; - boot default, i.e., run 'bootcmd'<BR alt="" name="" rel="" target="" title="" type="" value="" />boot_primary&nbsp; &nbsp;- primary boot; boot from primary partition<BR alt="" name="" rel="" target="" title="" type="" value="" />boot_secondary&nbsp; &nbsp;- secondary boot; boot from secondary partition<BR alt="" name="" rel="" target="" title="" type="" value="" />cp&nbsp; &nbsp; &nbsp; - memory copy<BR alt="" name="" rel="" target="" title="" type="" value="" />help&nbsp; &nbsp; - print online help<BR alt="" name="" rel="" target="" title="" type="" value="" />i2cprobe - Get special i2c device id<BR alt="" name="" rel="" target="" title="" type="" value="" />pci&nbsp; &nbsp; &nbsp;- list and access PCI Configuration Space<BR alt="" name="" rel="" target="" title="" type="" value="" />ping&nbsp; &nbsp; - send ICMP ECHO_REQUEST to network host<BR alt="" name="" rel="" target="" title="" type="" value="" />printenv- print environment variables<BR alt="" name="" rel="" target="" title="" type="" value="" />reset&nbsp; &nbsp;- Perform RESET of the CPU<BR alt="" name="" rel="" target="" title="" type="" value="" />saveenv - save environment variables to persistent storage<BR alt="" name="" rel="" target="" title="" type="" value="" />setenv&nbsp; - set environment variables<BR alt="" name="" rel="" target="" title="" type="" value="" />version - print monitor version<BR alt="" name="" rel="" target="" title="" type="" value="" />ICX64XX-boot&gt;&gt;<BR alt="" name="" rel="" target="" title="" type="" value="" /><BR alt="" name="" rel="" target="" title="" type="" value="" />We have done a fairly extensive search and have seen posts about recovering from this without a RMA, but no details. Fri, 21 Jun 2019 11:36:57 GMT https://community.ruckuswireless.com/t5/ICX-Switches/ICX-6450-Can-t-Login-after-enabling-FIPS-mode/m-p/12756#M197 michael_schmitt 2019-06-21T11:36:57Z https://community.ruckuswireless.com/t5/ICX-Switches/ICX-6450-Can-t-Login-after-enabling-FIPS-mode/m-p/12757#M198 You will need to open a support case for the procedure according to the documentation.<BR alt="" name="" rel="" target="" title="" type="" value="" /><BR alt="" name="" rel="" target="" title="" type="" value="" />It indicates, "After enabling FIPS mode on your device, you cannot disable it without losing the device configuration. To disable FIPS mode, it is recommended that you contact Brocade Technical Support and perform the procedure under qualified guidance."<BR alt="" name="" rel="" target="" title="" type="" value="" /><BR alt="" name="" rel="" target="" title="" type="" value="" /><BR alt="" name="" rel="" target="" title="" type="" value="" /><BR alt="" name="" rel="" target="" title="" type="" value="" /> Fri, 21 Jun 2019 13:09:36 GMT https://community.ruckuswireless.com/t5/ICX-Switches/ICX-6450-Can-t-Login-after-enabling-FIPS-mode/m-p/12757#M198 netwizz 2019-06-21T13:09:36Z https://community.ruckuswireless.com/t5/ICX-Switches/ICX-6450-Can-t-Login-after-enabling-FIPS-mode/m-p/12758#M199 That is correct, product security, and only TAC can assist you further.<BR />Don't mess with FIPS if you are not a FIPS customer, and if you have FIPS software, you should have an Admin (or team).<BR />Did your company work with a System Engineer to get FIPS hardware/firmware? Mon, 24 Jun 2019 21:10:12 GMT https://community.ruckuswireless.com/t5/ICX-Switches/ICX-6450-Can-t-Login-after-enabling-FIPS-mode/m-p/12758#M199 michael_brado 2019-06-24T21:10:12Z https://community.ruckuswireless.com/t5/ICX-Switches/ICX-6450-Can-t-Login-after-enabling-FIPS-mode/m-p/12759#M200 I know this is 5 months old, but if you still need it (eg you don't have a support account), I can remove FIPS for you Sun, 17 Nov 2019 06:48:55 GMT https://community.ruckuswireless.com/t5/ICX-Switches/ICX-6450-Can-t-Login-after-enabling-FIPS-mode/m-p/12759#M200 jon_sands_jjbhk 2019-11-17T06:48:55Z https://community.ruckuswireless.com/t5/ICX-Switches/ICX-6450-Can-t-Login-after-enabling-FIPS-mode/m-p/12760#M201 Ruckus does not advise any customer to try and change/convert any FIPS hardware to run on any but FIPS software.&nbsp; <BR /><BR /><BR />We do not advise anyone to contact Jon Sands on his offer. Mon, 18 Nov 2019 23:19:44 GMT https://community.ruckuswireless.com/t5/ICX-Switches/ICX-6450-Can-t-Login-after-enabling-FIPS-mode/m-p/12760#M201 michael_brado 2019-11-18T23:19:44Z https://community.ruckuswireless.com/t5/ICX-Switches/ICX-6450-Can-t-Login-after-enabling-FIPS-mode/m-p/12761#M202 test Mon, 18 Nov 2019 23:38:21 GMT https://community.ruckuswireless.com/t5/ICX-Switches/ICX-6450-Can-t-Login-after-enabling-FIPS-mode/m-p/12761#M202 jon_sands_jjbhk 2019-11-18T23:38:21Z https://community.ruckuswireless.com/t5/ICX-Switches/ICX-6450-Can-t-Login-after-enabling-FIPS-mode/m-p/12762#M203 it's not "FIPS hardware", it's your regular hardware with a FIPS flag set in the config. You guys have your own supported command in the bootloader to wipe FIPS mode and any related configs, just run "factory set-default" in the bootloader. If this is supposed to be some huge secret, maybe don't publicly publish the sources that include said commands?<BR alt="" name="" rel="" target="" title="" type="" value="" /><BR alt="" name="" rel="" target="" title="" type="" value="" />You've added even more ways, looking at your init script that starts under linux, however I will keep those secret as they are not published like factory reset is<BR alt="" name="" rel="" target="" title="" type="" value="" /><BR alt="" name="" rel="" target="" title="" type="" value="" /><BR alt="" name="" rel="" target="" title="" type="" value="" /> Mon, 18 Nov 2019 23:40:21 GMT https://community.ruckuswireless.com/t5/ICX-Switches/ICX-6450-Can-t-Login-after-enabling-FIPS-mode/m-p/12762#M203 jon_sands_jjbhk 2019-11-18T23:40:21Z