Factory Reset

This chapter describes Factory Reset feature and how it can be used to protect or restore a router to an earlier, fully functional state.

Feature Information for Factory Reset

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 1. Feature Information for Factory Reset

Feature Name

Releases

Feature Information

Factory Reset

Cisco IOS XE Fuji 16.7.1

This feature was introduced.

Option to retain RUM reports, SLR, and HSEC key using the factory-reset keep-licensing-info command

Cisco IOS XE Bengaluru 17.5.1

This feature was introduced.

Secure Factory Reset

Cisco IOS XE Bengaluru 17.6.1

Added the factory-reset all secure command.

Information About Factory Reset

Factory Reset is a process of clearing the current running and start-up configuration information on a device, and resetting the device to an earlier, fully-functional state.

Thefactory reset process uses the factory-reset all command to take backup of existing configuration and then reset the router to an earlier fully functional state. In a high availability setup, the factory reset process is executed on the active Route Processor (RP) and is then synchronized to the standby RP. The duration of the factory reset process is dependent on the storage size of the router. It can extend between 30 minutes on an ASR1000 consolidated platform and up to 3 hours on a high availability setup.

From Cisco IOS XE Bengaluru 17.6 release and later, you can use the factory-reset all secure command to reset the router and securely clear the files stored in the bootflash memory.

Table 2. Data Erased or Retained during Factory Reset

Command Name

Data Erased

Data Retained
factory-reset all secure

Non-volatile random-access memory (NVRAM) data

Data from remote field-replaceable units (FRUs).

OBFL (Onboard Failure Logging) logs

Value of configuration register

Licenses

Contents of USB

User data, startup, and running configuration

Credentials (Secure Unique Device Identifier [SUDI] certificates, public key infrastructure (PKI) keys, and FIPS-related keys)

ROMMON variables

All writable file systems and personal data.

Note 

If the current boot image is a remote image or stored on a USB, NIM-SSD, or such, ensure that you take a backup of the image before starting the factory reset process.

factory-reset keep-licensing-info

  • License Boot level configuration

  • Throughput level configuration

  • Smart license transport type

  • Smart license URL data

  • Real User Monitoring (RUM) Reports (open/unacknowledged license usage report)

  • Usage reporting details (last ACK received, next ACK scheduled, last/next report push)

  • Unique Device Identification (UDI) trust codes

  • Customer policy received from CSSM

  • SLAC, SLR authorization codes return codes

  • Factory installed purchase information

After the factory reset process is complete, the router reboots to ROMMON mode. If you have the zero-touch provisioning (ZTP) capability setup, after the router completes the factory reset procedure, the router reboots with ZTP configuration.

Software and Hardware Support for Factory Reset

  • This feature is supported on all Cisco ASR 1000 platforms, Cisco ASR 1000 Series Route Processor 2 (RP2), and Cisco ASR 1000 Series Route Processor 3 (RP3).

  • Factory Reset process is supported on standalone routers as well as on routers configured for high availability.

Prerequisites for Performing Factory Reset

  • Ensure that all the software images, configurations and personal data is backed up before performing factory reset.

  • Ensure that there is uninterrupted power supply when factory reset is in progress.

  • The factory reset process takes a backup of the boot image if the system is booted from an image stored locally (bootflash or hard disk). If the current boot image is a remote image or stored on an USB, NIM-SSD or such, ensure that you take a backup of the image before performing factory reset.

  • The factory-reset all secure command erases all files, including the boot image, even if the image is stored locally. If the current boot image is a remote image or stored on a USB, NIM-SSD, or such, ensure that you take a backup of the image before performing secure factory reset.

  • Ensure that ISSU/ISSD (In- Service Software Upgrade or Downgrade) is not in progress before performing factory reset.

Restrictions for Performing a Factory Reset

  • Any software patches that are installed on the router are not restored after the factory reset operation.

  • If the factory reset command is issued through a Virtual Teletype (VTY) session, the session is not restored after the completion of the factory reset process.

When to Perform Factory Reset

  • Return Material Authorization (RMA): If a router is returned back to Cisco for RMA, it is important that all sensitive information is removed.

  • Router is compromised: If the router data is compromised due to a malicious attack, the router must be reset to factory configuration and then reconfigured once again for further use.

  • Repurposing: The router needs to be moved to a new topology or market from the existing site to a different site.

How to Perform a Factory Reset

Before you begin

Refer Table 2 to determine which information is going to be deleted and retained. Based on the information you require, execute the appropriate command mentioned below.

Procedure

Step 1

Log in to a Cisco 1000 ASR device.

Important 

If the current boot image is a remote image or is stored in a USB or a NIM-SSD, ensure that you take a backup of the image before starting the factory reset process.

Step 2

This step is divided into two parts (a and b). If you need to retain the licensing information while performing the factory-reset command, follow step 2. a. If you do not need to retain the licensing information and want all the data to be erased, perform step 2. b.

  1. Execute factory-reset keep-licensing-info command to retain the licensing data.

    The system displays the following message when you use the factory-reset keep-licensing-info command: 

    Router# factory-reset keep-licensing-info

The factory reset operation is irreversible for Keeping license usage. Are you sure? [confirm]
This operation may take 20 minutes or more. Please do not power cycle.

Dec 1 20:58:38.205: %PMAN-5-EXITACTION: R0/0: pvp: Process manager is exiting: process exit with
reload chassis code
/bootflash failed to mount
Dec 01 20:59:44.264: Factory reset operation completed.
Initializing Hardware ...

Current image running: Boot ROM1

Last reset cause: LocalSoft

ISR4331/K9 platform with 4194304 Kbytes of main memory
rommon 1

  2. Execute the factory-reset all secure 3-pass command to securely erase all data.

    The system displays the following message when you use the factory-reset all secure 3-pass command: 

    Router# factory-reset all secure 3-pass

The factory reset operation is irreversible for securely reset all. Are you sure? [confirm]
This operation may take hours. Please do not power cycle.

*Jun 19 00:53:33.385: %SYS-5-RELOAD: Reload requested by Exec. Reload Reason: Factory Reset.Jun 19 00:53:42.856: %PMAN-5-EXITACTION:

Enabling factory reset for this reload cycle
  Jun 19 00:54:06.914: Factory reset secure operation. Write 0s. Please do not power cycle.
  Jun 19 01:18:36.040: Factory reset secure operation. Write 1s. Please do not power cycle.
  Jun 19 01:43:49.263: Factory reset secure operation. Write random. Please do not power cycle.
  Jun 19 02:40:29.770: Factory reset secure operation completed.
Initializing Hardware ....
Step 3

Enter confirm to proceed with the factory reset.

Note 

The duration of the factory reset process depends on the storage size of the router. It can extend between 30 minutes and up to 3 hours on a high availability setup. If you want to quit the factory reset process, press the Escape key.

What Happens after a Factory Reset

After the factory reset is successfully completed, the router boots up. However, before the factory reset process started, if the configuration register was set to manually boot from ROMMON, the router stops at ROMMON.

After you configure Smart Licensing, execute the #show license status command, to check whether Smart Licensing is enabled for your instance.


Note

If you had Specific License Reservation enabled before you performed the factory reset, use the same license and enter the same license key that you received from the smart agent.