Factory Reset
This chapter describes the Factory Reset feature and how it can be used to protect or restore a router to an earlier, clean state.
Feature Name |
Release Information |
Feature Description |
---|---|---|
Enhancements to Factory Reset |
Cisco IOS XE Dublin 17.12.1 |
You can use the factory-reset all secure command to reset the router and securely clear the files that are stored in both bootflash and SSD. This command performs sanitization and clears all the user data from eUSB, SSD, ROMVAR, and ACT2. With this release, the factory-reset all secure command is more secure and performs better sanitization. |
Secure Factory Reset |
Cisco IOS XE Cupertino 17.9.1w |
Use the factory-reset all secure command to reset the router and securely clear the files that are stored in both bootflash and SSD. This command performs sanitization and clears all the user data from eUSB, SSD, and ROMVAR and ACT2. |
Fast Factory Reset |
Cisco IOS XE Everest 16.6.1 |
In this release we introduce the factory-reset all command. The following steps are performed while executing the factory-reset all command:
|
Information About Factory Reset
Factory Reset is a process of clearing the current running and start-up configuration information and other private user information on a device, and resetting the device to an earlier clean state.
To perform a fast factory reset, use the factory-reset all command to erase existing configuration, and other user data and reset the router to a clean state. This command reformats the eUSB Flash, SSD, and clears ROMVAR. The duration of the factory reset process depends on the storage size of the router. It varies from 10–30 minutes.
Starting with Cisco IOS XE Cupertino 17.9.1w, you can use the factory-reset all secure command to reset the router and securely clear the files that are stored in both bootflash and SSD. This command performs sanitization and clears all the user data from eUSB, SSD, and ROMVAR and ACT2. Secure reset can take around 1.5 hours for SUP160 and around 2 hours for SUP250.
The Cisco CBR-8 has two Supervisor Modules, 8 Line Cards, 8 Line Card PIC slots, and two Supervisor PIC slots. There are two types of Supervisor Modules, with different SSD locations:
-
Cisco cBR-8 Converged Cable Access Router Supervisor 160G (SUP-160)—SSD is present on the Supervisor Module’s PIC Card.
-
Cisco cBR-8 Converged Cable Access Router Supervisor 250G (SUP-250)—SSD is present on the Supervisor Module.
Only Supervisor Modules store sensitive user information. Factory reset can't be performed when booting with subpackages. To perform factory reset, you must boot with a single consolidated image.
There are several storage components in Cisco cBR-8 Supervisor Modules as listed below:
Memory Component |
Type |
Memory Size(GB) |
Volatility |
Purpose |
Data Sanitization |
||
---|---|---|---|---|---|---|---|
RP memory | DRAM | 48GB | Volatile | DRAM for CPU | All data is lost when power is turned off. Sanitization measure is not required. | ||
FP memory | DRAM | 10GB | Volatile | DRAM for data engine (data-plane configuration and packet buffer) | All data is lost when power is turned off. Sanitization measure is not required. | ||
ROM |
SPI ROM Flash |
56MB |
Non-volatile |
|
Both fast and secure factory reset commands erase ROMMON variables. |
||
TAM |
ACT2 |
10-15KB |
Non-volatile |
|
Both fast and secure factory reset commands erase ACT2 user content. |
||
Bootdisk |
eUSB Flash |
8GB |
Non-volatile |
Four types of partitions store:
|
|
||
SSD Drive |
SATA SSD |
|
Non-volatile |
One partition mount at /harddisk/ for
|
|
||
Front panel USB Ports |
Type-A USB Flash drives |
Non-volatile |
Used for file transfer |
Not covered by data sanitization. You can unplug them. |
Factory Reset Commands
Note |
Before performing a factory reset:
|
factory-reset all
Starting with Cisco IOS XE Cupertino 17.9.1w, the following steps are performed while executing the factory-reset all command. See factory-reset all.
-
Backing up of the image.
-
Deleting ROMMON variables and deleting user info in ACT2.
-
Formatting eUSB Flash device partitions.
-
Formatting SSD device partitions.
-
Copying the image and debugging log to bootflash.
factory-reset all secure
Starting with Cisco IOS XE Cupertino 17.9.1w, the following steps are performed while executing the factory-reset all secure command. See factory-reset all secure.
-
Backing up of the image.
-
Deleting ROMMON variables.
-
Sanitizing eUSB Flash.
-
Overwriting the device with random data multiple times and finally fill the device with zeros.
-
Verifying that the device has all 0’s.
-
Recreating partitions.
-
Formatting the partitions.
-
-
Sanitizing SSD
-
Sending secure erase command to SSD.
-
Verifying that the SSD has all 0’s.
-
Recreating partitions.
-
Formatting a harddisk partition.
-
-
Copying the image and debugging log to bootflash.
Starting with Cisco IOS XE Cupertino 17.12.1, factory reset is enhanced and is more secure.
Prerequisites for Performing Factory Reset
-
Ensure that all the software images, configurations, and personal data are backed up before performing a factory reset.
-
Ensure that there is an uninterruptible power supply when the factory reset is in progress.
Restrictions for Performing a Factory Reset
-
Any software patches that are installed on the router are not restored after the factory reset operation.
-
If the factory reset command is issued through a Virtual Teletype (VTY) session, the session is not restored after the completion of the factory reset process.
When to Perform Factory Reset
-
Return Material Authorization (RMA): If a router is returned back to Cisco for RMA, it is important that all sensitive information is removed.
-
Router is compromised: If the router data is compromised due to a malicious attack, the router must be reset to factory configuration and then reconfigured once again for further use.
-
Repurposing: The router must be moved to a new topology or market from the existing site to a different site.