System Logging Guide, Cisco IOS XE 17 (Cisco ASR 920 Series)
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This feature removes all the user-configured data that are stored on
the device from the time of its shipping. Data erased includes
configurations, log files, boot variables, core files, and
credentials like FIPS-related keys. Cisco Secure Development
Lifecycle (CSDL) is a repeatable and measurable process designed to
increase Cisco product resiliency and trustworthiness.
The following new commands are introduced:
factory-reset all
factory-reset keep-licensing-info
factory-reset all secure 3-pass
Starting with Cisco IOS XE Release 17.6.1, the Cisco Secure Development Lifecycle (CSDL) — Factory Reset feature removes the
following customer-specific data that are stored on the device since the time of its shipping:
Configurations
Log files
Boot variables
Core files
Credentials like FIPS-related keys
The following table provides details about the data that is erased and retained during
the Factory Reset process:
Table 2. Data Erased and Retained During Factory Reset
Data Erased
Data Retained
All Cisco IOS images
Note
The factory reset process takes a backup of the boot image if the
system is booted from an image stored locally (bootflash).
Data from Remote field-replaceable units (FRUs)
Crash information and logs
Value of the configuration register
User data, and startup and running configuration
Contents of USB
Credentials like FIPS-related keys
Credentials like Secure Unique Device Identifier (SUDI) certificates,
Public key infrastructure (PKI) keys
On board Failure Logging (OBFL) logs
—
ROMMON variables added by the user
—
Licenses
—
Note
After a factory reset, the device returns to its default license.
Factory reset securely purge all physical storage to enter a clean state and protect sensitive data. The following data are
deleted as a part of factory reset:
All writable file systems and personal data
OBFL logs
User data and startup configuration
ROMMON variables
User credentials
License information
The Factory Reset process is used in the following two scenarios:
Return Material Authorization (RMA) for a device—If you have to return a device to Cisco for RMA, remove all the customer-specific
data before obtaining an RMA certificate for the device.
Recovering the compromised device—If the key material or credentials that are stored on a device is compromised, reset the
device to factory configuration, and then reconfigure the device.
The device reloads to perform the factory reset that results in the router entering the
ROMMON mode. After a factory reset, the device clears all its environment variables
including the MAC_ADDRESS and the IP_ADDRESS, which are required to locate and load the
software. Perform a reset in ROMMON mode to automatically set the environment
variables.
After the system reset in ROMMON mode is complete, you can add the Cisco IOS image either
through a USB or TFTP.
Prerequisites for Performing Factory Reset
Ensure that all the software images, configurations, and personal data are backed
up before performing the factory reset operation.
Ensure that the device is not in the stacking mode as factory reset is supported
only in the standalone mode. For Modular-chassis in high availability mode,
factory reset is applied per supervisor.
Ensure that there is uninterrupted power supply when the process is in
progress.
Ensure that you take a backup of the current image before you begin the factory
reset process.
Ensure that neither In-Service Software Upgrade (ISSU) nor In-Service Software
Downgrade (ISSD) is in progress before starting the factory reset process.
Caution
Removing OBFL logs may hamper failure analysis after RMA. Take precaution before
deleting the log files.
Limitations for Performing Factory Reset
Software patches, if installed on the device, will not be restored after the
factory reset operation.
If the factory-reset command is issued through a vty
session, the session is not restored after completion of the factory reset
process.
Factory Reset Command Options
Erase All Data:
To erase all data:
Router>enableRouter#factory-reset all
The factory-reset all command erases the following data:
The factory-reset keep-licensing-info command erases
the following data:
All writable file systems and personal data
OBFL logs
User data and startup configuration
ROMMON variables
User credentials
Erase All Data Using DoD 5220.22-M Wiping Standard:
To erase all data using the the National Industrial Security Program Operating Manual (DoD 5220.22-M) Wiping Standard:
Router>enableRouter#factory-reset all secure 3-pass
DoD 5220.22-M
Use the following options for HA and standalone routers:
Any factory reset option with image.bin is present on the subfolder of bootflash.
For any factory reset option with packages.conf based boot, if packages.conf is present in any sub folder path under bootflash,
the packages.conf and packages are copied back to bootflash root path after the factory reset.
Check for prompt abort cases as "Monitor for confirmation prompt." The factory-reset command should not proceed when aborted before final confirmation.When the standby router is not reachable, a message must
appear stating factory reset will be performed only on the active router.
Note
If you boot the image from local storage, the image (.bin or packages.conf/packages) is retained after factory reset.
If you boot the image from TFTP server, the booted image is not copied to bootflash.
Only the config register value is retained. All other ROMMON variables are cleared.
Clear User Files from Bootflash on Factory Reset
Table 3. Feature History
Feature Name
Release Information
Description
Clear User Files from Bootflash on Factory Reset with "No Service Password Recovery" Configuration Enabled
Cisco IOS XE Cupertino 17.9.1
This feature provides additional security by removing all user files from bootflash during factory reset. It prevents the
malicious users from accessing configuration files that are stored in bootflash on the ASR 920 series routers .
This feature is only supported on Cisco ASR 920-10SZ-PD, Cisco ASR-920-12CZ-A/D, Cisco ASR-920-4SZ-A/D, Cisco ASR-920-12SZ-IM,
ASR-920U-12SZ-IM, Cisco ASR-920-24SZ-IM, Cisco ASR-920-24SZ-M, and Cisco ASR-920-24TZ-M routers.
Starting with Cisco IOS XE Cupertino 17.9.1, this feature removes all the user files from bootflash during factory reset associated
with "no service password recovery" on the ASR 920 series routers. This feature is supported in ROMMON version 15.6(53r)S onwards. Ensure that you upgrade to the Cisco IOS XE 17.9.1 Cupertino
release version to get autoupgraded to this specific ROMMON version.
During recovery mechanism from no-service password recovery configuration, when you attempt to boot with default configurations
(Press CTRL+C and "yes"), this feature helps in removing the user files from bootflash along with the startup-configuration.
It prevents the malicious users from accessing configuration files that are stored in the bootflash. All the required system
files and software images are retained in the bootflash during the erase operation.