The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Ensure that all the software images, including the current image, configurations, and personal data are backed up before you
begin the factory reset process.
Ensure that there is uninterrupted power supply when the factory reset process is in progress.
Ensure that In-Service Software Upgrade (ISSU) or In-Service Software Downgrade (ISSD) are not in progress before you begin
the factory reset process.
Restrictions for Performing a Factory Reset
Software patches, if installed on the device, will not be restored after the factory reset process.
If the factory-reset command is issued through a VTY session, the session is not restored after completion of the factory reset process.
Information About Performing a Factory Reset
Factory reset erases all the customer-specific data stored in a device and restores the device to its original configuration
at the time of shipping. Data that is erased includes configurations, log files, boot variables, core files, and credentials
such as Federal Information Processing Standard-related (FIPS-related) keys. The erasure is consistent with the clear method,
as described in NIST SP 800-88 Rev. 1.
The factory reset process is used in the following scenarios:
Return Material Authorization (RMA) for a device: If you have to return a device to Cisco for RMA, remove all the customer-specific
data before obtaining an RMA certificate for the device.
Recovering a compromised device: If the key material or credentials that are stored on a device are compromised, reset the
device to the factory configuration, and then reconfigure the device.
During a factory reset, the device reloads and enters ROMMON mode. After the factory reset, the device removes all its environment
variables, including the MAC_ADDRESS and the SERIAL_NUMBER variables, which are required to locate and load the software. Perform a reset in ROMmon mode to automatically set the environment
variables. The BAUD rate environment variable returns to its default value after a factory reset. Make sure that the BAUD
rate and the console speed are the same at all times. Otherwise, the console becomes unresponsive.
After the system reset in ROMmon mode is complete, add the Cisco IOS image either through an USB or TFTP.
The following table provides details about the data that is erased and retained during the factory reset process:
Table 1. Data Erased and Retained During Factory Reset
Data Erased
Data Retained
All Cisco IOS images, including the current boot image
Data from remote field-replaceable units (FRUs)
Crash information and logs
Value of the configuration register.
User data, startup and running configuration, and contents of removable storage devices, such as Serial Advanced Technology
Attachment (SATA), Solid State Drive (SSD), or USB
—
Credentials such as FIPS-related keys
Credentials such as Secure Unique Device Identifier (SUDI) certificates, and public key infrastructure (PKI) keys.
Onboard Failure Logging (OBFL) logs
ROMmon variables added by a user.
—
Secure Data Wipe
The device storage is used to maintain software images, device configuration, software logs and operational history. Customer-specific
data can be contained in any of these areas. The information can include network architecture and design used by customers.
The all secure option in the factory-reset command performs data sanitization and securely resets the device. After data sanitization, the device reloads and boots
with the software image present in flash.
Secure data wipe feature implements guidelines for media sanitization as described in NIST SP 800-88 Rev. 1.
How to Perform a Factory Reset
To perform a factory reset, complete this procedure:
Resets the device to its configuration at the time of its shipping.
No system configuration is required to use the factory reset command.
The following options are available:
all: Erases all the content from the NVRAM, all the Cisco IOS images, including the current boot image, boot variables, startup
and running configuration data, and user data. We recommend that you use this option.
all secure: Performs data sanitization and securely resets the device.
Note
You can use the all secure option only on standalone devices.
This option implements guidelines for media sanitization as described in NIST SP 800-88 Rev. 1.
The factory-reset all secure command initiates data sanitization. The booted image of the device is retained.
When data sanitization is completed, the device reloads, and the device image is retained in flash if it was booted with an
image from the flash.
secure 3-pass: Erases all the content from the device with 3-pass overwrite.
Pass 1: Overwrites all addressable locations with binary zeroes.
Pass 2: Overwrites all addressable locations with binary ones.
Pass 3: Overwrites all addressable locations with a random bit pattern.
Note
This option takes approximately thrice the time taken to perform any other option.
config: Resets the startup configurations.
boot-vars: Resets the user-added boot variables.
After the factory reset process is successfully completed, the device reboots and enters ROMmon mode.
Configuration Examples for Performing a Factory Reset
The following example shows how to perform a factory reset on a standalone switch:
Device> enable
Device# factory-reset all
The factory reset operation is irreversible for all operations. Are you sure? [confirm]
The following will be deleted as a part of factory reset:
1: Crash info and logs
2: User data, startup and running configuration
3: All IOS images, including the current boot image
4: OBFL logs
5: User added rommon variables
6: Data on Field Replaceable Units(USB/SSD/SATA)
The system will reload to perform factory reset.
It will take some time to complete and bring it to rommon.
You will need to load IOS image using USB/TFTP from rommon after
this operation is completed.
DO NOT UNPLUG THE POWER OR INTERRUPT THE OPERATION
Are you sure you want to continue? [confirm]
The following sample output from the show platform software factory-reset secure log command displays the data sanitization report:
Device# show platform software factory-reset secure log
Factory reset log:
#CISCO IE35xx DATA SANITIZATION REPORT#
START : 18-09-2022, 06:18:44
END : 18-09-2022, 06:23:36
-MTD-
PNM : nor
NIST : PURGE
-eMMC-
MID : 'Micron'
PNM : 'Q2J55L'
SN : 0x00000001
NIST : PURGE