Performing Factory Reset

Prerequisites for Performing a Factory Reset

  • Ensure that all the software images, including the current image, configurations, and personal data are backed up before you begin the factory reset process.

  • Ensure that there is uninterrupted power supply when the factory reset process is in progress.

  • Ensure that In-Service Software Upgrade (ISSU) or In-Service Software Downgrade (ISSD) are not in progress before you begin the factory reset process.

Restrictions for Performing a Factory Reset

  • Software patches, if installed on the device, will not be restored after the factory reset process.

  • If the factory-reset command is issued through a VTY session, the session is not restored after completion of the factory reset process.

  • The config keyword of the factory-reset command is not supported when the switch is in stacking or Stackwise Virtual Link (SVL) mode.

  • For modular chassis devices configured in high-availability (HA) mode, factory reset must be applied on each supervisor module.

Information About Performing a Factory Reset

Factory reset erases all the customer-specific data stored in a device and restores the device to its original configuration at the time of shipping. Data that is erased includes configurations, log files, boot variables, core files, and credentials such as Federal Information Processing Standard-related (FIPS-related) keys. The erasure is consistent with the clear method, as described in NIST SP 800-88 Rev. 1.

The factory reset process is used in the following scenarios:

  • Return Material Authorization (RMA) for a device: If you have to return a device to Cisco for RMA, remove all the customer-specific data before obtaining an RMA certificate for the device.

  • Recovering a compromised device: If the key material or credentials that are stored on a device are compromised, reset the device to the factory configuration, and then reconfigure the device.

During a factory reset, the device reloads and enters ROMMON mode. After the factory reset, the device removes all its environment variables, including the MAC_ADDRESS and the SERIAL_NUMBER variables, which are required to locate and load the software. Perform a reset in ROMmon mode to automatically set the environment variables. The BAUD rate environment variable returns to its default value after a factory reset. Make sure that the BAUD rate and the console speed are the same at all times. Otherwise, the console becomes unresponsive.

After the system reset in ROMmon mode is complete, add the Cisco IOS image either through an USB or TFTP.

The following table provides details about the data that is erased and retained during the factory reset process:

Table 1. Data Erased and Retained During Factory Reset

Data Erased

Data Retained

All Cisco IOS images, including the current boot image

Data from remote field-replaceable units (FRUs)

Crash information and logs

Value of the configuration register.

User data, startup and running configuration, and contents of removable storage devices, such as Serial Advanced Technology Attachment (SATA), Solid State Drive (SSD), or USB

Credentials such as FIPS-related keys

Credentials such as Secure Unique Device Identifier (SUDI) certificates, and public key infrastructure (PKI) keys.

Onboard Failure Logging (OBFL) logs

ROMmon variables added by a user.

Licenses

Secure Data Wipe

The device storage is used to maintain software images, device configuration, software logs and operational history. Customer-specific data can be contained in any of these areas. The information can include network architecture and design used by customers.

The all secure option in the factory-reset command performs data sanitization and securely resets the device. After data sanitization, the device reloads and boots with the software image present in flash.

Secure data wipe feature implements guidelines for media sanitization as described in NIST SP 800-88 Rev. 1.

How to Perform a Factory Reset

To perform a factory reset, complete this procedure:

Procedure

  Command or Action Purpose

Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

Enter your password, if prompted.

Step 2

  • For a standalone device:

    factory-reset {all[ secure] [ 3-pass] | config | boot-vars}

  • For Cisco StackWise Virtual enabled devices:

    factory-reset {all [ secure 3-pass] | config | boot-vars| switch {switch-number | all{ all [ secure 3-pass] | config | boot-vars}}

Example:

Device# factory-reset all

OR

Device# factory-reset switch 1 all config

OR

Device# factory-reset all secure

Resets the device to its configuration at the time of its shipping.

No system configuration is required to use the factory reset command.

The following options are available:

  • all : Erases all the content from the NVRAM, all the Cisco IOS images, including the current boot image, boot variables, startup and running configuration data, and user data. We recommend that you use this option.

  • all secure : Performs data sanitization and securely resets the device.

    Note

     

    • You can use the all secure option only on standalone devices.

    • This option implements guidelines for media sanitization as described in NIST SP 800-88 Rev. 1.

    • The factory-reset all secure command initiates data sanitization. The booted image of the device is retained.

    • When data sanitization is completed, the device reloads, and the device image is retained in flash if it was booted with an image from the flash.

  • secure 3-pass : Erases all the content from the device with 3-pass overwrite.

    • Pass 1: Overwrites all addressable locations with binary zeroes.

    • Pass 2: Overwrites all addressable locations with binary ones.

    • Pass 3: Overwrites all addressable locations with a random bit pattern.

    Note

     

    This option takes approximately thrice the time taken to perform any other option.

  • config : Resets the startup configurations.

  • boot-vars : Resets the user-added boot variables.

  • switch {switch-number | all} :

    • switch-number : Specifies the switch number. The range is from 1 to 16.

    • all : Selects all the switches in the stack.

After the factory reset process is successfully completed, the device reboots and enters ROMmon mode.

Configuration Examples for Performing a Factory Reset

The following example shows how to perform a factory reset on a standalone switch: 

Device> enable
Device# factory-reset all

The factory reset operation is irreversible for all operations. Are you sure? [confirm]
The following will be deleted as a part of factory reset:
1: Crash info and logs
2: User data, startup and running configuration
3: All IOS images, including the current boot image
4: OBFL logs
5: User added rommon variables
6: Data on Field Replaceable Units(USB/SSD/SATA)
The system will reload to perform factory reset.
It will take some time to complete and bring it to rommon.
You will need to load IOS image using USB/TFTP from rommon after
this operation is completed.
DO NOT UNPLUG THE POWER OR INTERRUPT THE OPERATION
Are you sure you want to continue? [confirm]

The following examples show how to perform a factory reset on Cisco StackWise Virtual enabled devices:

Device> enable
Device# factory-reset switch 2 all
The factory reset operation is irreversible for all operations. Are you sure? [confirm]
 The following will be deleted as a part of factory reset:
 1: Crash info and logs
 2: User data, startup and running configuration
 3: All IOS images, including the current boot image
 4: OBFL logs
 5: User added rommon variables
 6: Data on Field Replaceable Units(USB/SSD/SATA)
 The system will reload to perform factory reset.
 It will take some time to complete and bring it to rommon.
 You will need to load IOS image using USB/TFTP from rommon after
 this operation is completed.
 DO NOT UNPLUG THE POWER OR INTERRUPT THE OPERATION
 Are you sure you want to continue? [confirm]
Switch#
*Sep 23 18:10:42.739:  Successfully sent switch reload message for switch num: 2 and reason Factory Reset
*Sep 23 18:10:42.740: %STACKMGR-1-RELOAD: Chassis 2 R0/0: stack_mgr: Reloading due to reason Factory Reset
*Sep 23 18:10:43.158: NGWC_FACTORYRESET: Switch 2, cmd: reset-all success

Original standby Switch 2:
Chassis 2 reloading, reason - Factory Reset
Sep 23 18:11:03.199: %PMAN-5-EXITACTION: R0/0: pvp: Process manager is exiting: process exit with reload fru code


Enabling factory reset for this reload cycle
 Switch booted with tftp://172.19.72.26/tftpboot/thpaliss/trial.bin 
% FACTORYRESET - Started Cleaning Up...
 
% FACTORYRESET - Unmounting flash1
% FACTORYRESET - Cleaning Up flash1
% FACTORYRESET - In progress.. please wait for completion...
 
% FACTORYRESET - write zero...
% FACTORYRESET - finish erase
 
Creating filesystem with 2790400 4k blocks and 697632 inodes
Filesystem UUID: 6a8ec2fb-4602-41b3-9c5c-ed59039d7480
Superblock backups stored on blocks: 
 32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208

Allocating group tables: done                            
Writing inode tables: done                            
Writing superblocks and filesystem accounting information: done 

% FACTORYRESET - Mounting Back flash1
% FACTORYRESET - Handling Mounted flash1
% FACTORYRESET - Factory Reset Done for flash1
 
% FACTORYRESET - Unmounting flash2
% FACTORYRESET - Cleaning Up flash2
% FACTORYRESET - In progress.. please wait for completion...
 
% FACTORYRESET - write zero...
% FACTORYRESET - finish erase
 
Creating filesystem with 409600 4k blocks and 102544 inodes
Filesystem UUID: e2f2280f-245a-4232-b0a8-edbf590a3107
Superblock backups stored on blocks: 
 32768, 98304, 163840, 229376, 294912

Allocating group tables: done                            
Writing inode tables: done                            
Writing superblocks and filesystem accounting information: done 

% FACTORYRESET - Mounting Back flash2
% FACTORYRESET - Handling Mounted flash2
% FACTORYRESET - Factory Reset Done for flash2
 
% FACTORYRESET - Unmounting flash3
% FACTORYRESET - Cleaning Up flash3
% FACTORYRESET - In progress.. please wait for completion...
 
% FACTORYRESET - write zero...
% FACTORYRESET - finish erase
 
Creating filesystem with 131072 1k blocks and 32768 inodes
Filesystem UUID: 3c548955-16f5-4db5-a1c3-9a956248ccac
Superblock backups stored on blocks: 
 8193, 24577, 40961, 57345, 73729

Allocating group tables: done                            
Writing inode tables: done                            
Writing superblocks and filesystem accounting information: done 

% FACTORYRESET - Mounting Back flash3
% FACTORYRESET - Handling Mounted flash3
% FACTORYRESET - Factory Reset Done for flash3
 
% FACTORYRESET - Unmounting flash7
% FACTORYRESET - Cleaning Up flash7
% FACTORYRESET - In progress.. please wait for completion...
 
% FACTORYRESET - write zero...
% FACTORYRESET - finish erase
 
Creating filesystem with 514811 4k blocks and 128768 inodes
Filesystem UUID: 9fe5a9db-263e-4303-825f-78ce815835c2
Superblock backups stored on blocks: 
 32768, 98304, 163840, 229376, 294912

Allocating group tables: done                            
Writing inode tables: done                            
Writing superblocks and filesystem accounting information: done 

% FACTORYRESET - Mounting Back flash7
% FACTORYRESET - Handling Mounted flash7
% FACTORYRESET - Factory Reset Done for flash7
% FACTORYRESET - Lic Clean UP
% FACTORYRESET - Lic Clean Successful...
% FACTORYRESET - Clean Up Successful...
 
 
watchdog: watchdog0: watchdog did not stop!
systemd-shutdown[1]: Failed to parse (null): No such file or directory
systemd-shutdown[1]: Failed to deactivate swaps: No such file or directory

The following examples show how to perform a factory reset on stacked devices:

Device> enable
Device# factory-reset switch all all
The factory reset operation is irreversible for all operations. Are you sure? [confirm]
 The following will be deleted as a part of factory reset:
 1: Crash info and logs
 2: User data, startup and running configuration
 3: All IOS images, including the current boot image
 4: OBFL logs
 5: User added rommon variables
 6: Data on Field Replaceable Units(USB/SSD/SATA)
 The system will reload to perform factory reset.
 It will take some time to complete and bring it to rommon.
 You will need to load IOS image using USB/TFTP from rommon after
 this operation is completed.
 DO NOT UNPLUG THE POWER OR INTERRUPT THE OPERATION
 Are you sure you want to continue? [confirm]
Chassis 1 reloading, reason - Factory Reset

 Protection key not found
9300L#Oct 25 09:53:05.740: %PMAN-5-EXITACTION: F0/0: pvp: Process manager is exiting: reload fp action requested
Oct 25 09:53:07.277: %PMAN-5-EXITACTION:vp: Process manager is exiting: rp processes exit with reload switch code


Enabling factory reset for this reload cycle
 Switch booted with tftp://10.5.40.45/cat9k_iosxe.BLD_POLARIS_DEV_LATEST_20191007_224933_V17_2_0_21_2.SSA.bin 
 Switch booted via //10.5.40.45/cat9k_iosxe.BLD_POLARIS_DEV_LATEST_20191007_224933_V17_2_0_21_2.SSA.bin 
% FACTORYRESET - Started Cleaning Up...
 
% FACTORYRESET - Unmounting sd1
% FACTORYRESET - Cleaning Up sd1 [0]
% FACTORYRESET - erase In progress.. please wait for completion...
% FACTORYRESET - write zero...
% FACTORYRESET - finish erase
 
% FACTORYRESET - Making File System sd1 [0]
Discarding device blocks: done                            
Creating filesystem with 409600 4k blocks and 102544 inodes
Filesystem UUID: fcf01664-7c6f-41ce-99f0-6df1d941701e
Superblock backups stored on blocks: 
	32768, 98304, 163840, 229376, 294912

Allocating group tables: done                            
Writing inode tables: done                            
Writing superblocks and filesystem accounting information: done 

% FACTORYRESET - Mounting Back sd1 [0]
% FACTORYRESET - Handling Mounted sd1
% FACTORYRESET - Factory Reset Done for sd1
 
% FACTORYRESET - Unmounting sd3
% FACTORYRESET - Cleaning Up sd3 [0]
% FACTORYRESET - erase In progress.. please wait for completion...
% FACTORYRESET - write zero...



Chassis 2 reloading, reason - Factory Reset
Dec 12 01:02:12.500: %PMAN-5-EXITACTION: F0/0: pvp: Process manager is exiting: reload fp action requested
De
Enabling factory reset for this reload cycle
 Switch booted with tftp://10.5.40.45/cat9k_iosxe.BLD_POLARIS_DEV_LATEST_20191007_224933_V17_2_0_21_2.SSA.bin
 Switch booted via //10.5.40.45/cat9k_iosxe.BLD_POLARIS_DEV_LATEST_20191007_224933_V17_2_0_21_2.SSA.bin
% FACTORYRESET - Started Cleaning Up...
% FACTORYRESET - Unmounting sd1
% FACTORYRESET - Cleaning Up sd1 [0]
% FACTORYRESET - erase In progress.. please wait for completion...
% FACTORYRESET - write zero...



After this the switch will come to boot prompt. Then the customer has to boot the device from TFTP.

The following sample output from the show platform software factory-reset secure log command displays the data sanitization report: 

Device# show platform software factory-reset secure log
Factory reset log:
#CISCO C9200 DATA SANITIZATION REPORT#
START : 18-09-2022, 06:18:44
  END : 18-09-2022, 06:23:36
-MTD-
PNM : nor
NIST : PURGE
-eMMC-
MID : 'Micron'
PNM : 'Q2J55L'
SN : 0x00000001
NIST : PURGE

Additional References for Performing a Factory Reset

Related Documents

Related Topic Document Title

For complete syntax and usage information for the commands used in this chapter.

Command Reference

Feature History for Performing a Factory Reset

This table provides release and related information for features explained in this module.

These features are available on all releases subsequent to the one they were introduced in, unless noted otherwise.

Release

Feature

Feature Information

Cisco IOS XE Gibraltar 16.11.1

Factory Reset

Factory reset erases all the customer-specific data stored in a device and restores the device to its original configuration at the time of shipping

Cisco IOS XE Gibraltar 16.12.1

Factory Reset for Removable Storage Devices

Performing a factory reset erases the contents of removable storage devices, such as SATA, SSD, or USB.

Cisco IOS XE Amsterdam 17.2.1

Factory Reset with 3-pass Overwrite

A factory reset can be performed to erase all the content from the device securely with 3-pass overwrite. The secure 3-pass keyword was introduced.

Enhanced Factory Reset Option for Stack and Cisco StackWise Virtual

Support for factory reset on stacked devices and for Cisco StackWise Virtual enabled devices is introduced.

Cisco IOS XE Cupertino 17.7.1

Factory Reset

Support for this feature was introduced only on the Cisco Catalyst 9600 Series Supervisor 2 Module.

Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn.