Factory Reset

This chapter describes Factory Reset feature and how it can be used to protect or restore a router to an earlier, fully functional state.

Feature Information for Factory Reset

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to https://cfnng.cisco.com/. An account on Cisco.com is not required.
Table 1. Feature Information for VxLAN Static Routing

Feature Name

Releases

Feature Information

Factory Reset

Cisco IOS XE Everest 16.6.1

This feature was introduced.

factory-reset all secure

Cisco IOS XE Amsterdam 17.2.1

Added the factory-reset all secure command.

Information About Factory Reset

The factory reset is a process of clearing the current running and startup configuration information on a router, and resetting the router to an earlier, fully functional state. From Cisco IOS XE Amsterdam XE 17.2 and later, you can use the factory-reset all secure command to reset the router and securely clear the files stored in the bootflash memory.

Table 2. Table 1 covers details of data erased or retained during the factory reset process:

Data Erased

Data Retained

Non-volatile random-access memory (NVRAM) data

Data from remote field-replaceable units (FRUs).

OBFL (Onboard Failure Logging) logs

Value of configuration register

Licenses

Contents of USB

User data, startup, and running configuration

Credentials (Secure Unique Device Identifier [SUDI] certificates, public key infrastructure (PKI) keys, and FIPS-related keys)

ROMMON variables

All writable file systems and personal data.

Note

 

If the current boot image is a remote image or stored on a USB, NIM-SSD, or such, ensure that you take a backup of the image before starting the factory reset process.

After the factory reset process is complete, the router reboots to ROMMON mode. If you have the zero-touch provisioning (ZTP) capability setup, after the router completes the factory reset procedure, the router reboots with ZTP configuration.

Prerequisites for Performing Factory Reset

  • Ensure that all the software images, configurations and personal data is backed up before performing the factory reset operation.

  • Ensure that there’s uninterrupted power supply when the feature reset process is in progress.

  • When you execute the factory reset operation with the secure option, it does not save the boot image, even if the image is stored locally. The factory-reset all secure command erases all the files. If the current boot image is a remote image or stored on a USB, NIM-SSD, or such, ensure that you take a backup of the image before starting the factory reset process.

  • Ensure that ISSU/ISSD (In- Service Software Upgrade or Downgrade) is not in progress before starting the factory reset process.

Restrictions for Performing a Factory Reset

  • Any software patches that are installed on the router are not restored after the factory reset operation.

  • If the factory reset command is issued through a Virtual Teletype (VTY) session, the session is not restored after the completion of the factory reset process.

When to Perform Factory Reset

  • Return Material Authorization (RMA): If a router is returned back to Cisco for RMA, it is important that all sensitive information is removed.

  • Router is Compromised: If the router data is compromised due to a malicious attack, the router must be reset to factory configuration and then reconfigured once again for further use.

  • Repurposing: The router needs to be moved to a new topology or market from the existing site to a different site.

How to Perform a Factory Reset

Procedure

Step 1

Log in to a Cisco 1100 Terminal Server Gateway.

Important

 

If the current boot image is a remote image or is stored in a USB or a NIM-SSD, ensure that you take a backup of the image before starting the factory reset process.

Step 2

Execute either the factory-reset all secure 3-pass or factory-reset all secure 7-pass command.

The system displays the following message when you use the factory-reset all secure 3-pass command: 

Router# factory-reset all secure 3-pass

The factory reset operation is irreversible for securely reset all. Are you sure? [confirm]
This operation may take hours. Please do not power cycle.

*Jun 19 00:53:33.385: %SYS-5-RELOAD: Reload requested by Exec. Reload Reason: Factory Reset.Jun 19 00:53:42.856: %PMAN-5-EXITACTION:

Enabling factory reset for this reload cycle
  Jun 19 00:54:06.914: Factory reset secure operation. Write 0s. Please do not power cycle.
  Jun 19 01:18:36.040: Factory reset secure operation. Write 1s. Please do not power cycle.
  Jun 19 01:43:49.263: Factory reset secure operation. Write random. Please do not power cycle.
  Jun 19 02:40:29.770: Factory reset secure operation completed.
Initializing Hardware ....

The system displays the following message when you use the factory-reset all secure 7-pass command: 

Router# factory-reset all secure 7-pass

The factory reset operation is irreversible for securely reset all. Are you sure? [confirm]
This operation may take hours. Please do not power cycle.

*Apr 25 12:36:29.281: %SYS-5-RELOAD: Reload requested by Exec. Reload Reason: Factory Reset.Apr 25 12:36:59.275: Factory reset secure operation. Write 0s.   Apr 25 12:40:48.143: Factory reset secure operation. Write 1s.
  Apr 25 12:44:54.977: Factory reset secure operation. Write random. Please do not power cycle.
  Apr 25 13:02:00.424: Factory reset secure operation. Write random. Please do not power cycle.
  Apr 25 13:19:02.930: Factory reset secure operation. Write 0s. Please do not power cycle.
  Apr 25 13:22:56.965: Factory reset secure operation. Write 1s. Please do not power cycle.
  Apr 25 13:27:05.775: Factory reset secure operation. Write random. Please do not power cycle.
  Apr 25 13:44:11.174: Factory reset secure operation completed.
Both copies of Nvram are corrupted.

Step 3

Enter confirm to proceed with the factory reset.

Note

 

The duration of the factory reset process depends on the storage size of the router. It can extend between 30 minutes and up to 3 hours on a high availability setup. If you want to quit the factory reset process, press the Escape key.

What Happens after a Factory Reset

After the factory reset is successfully completed, the router boots up. However, before the factory reset process started, if the configuration register was set to manually boot from ROMMON, the router stops at ROMMON.

After you configure Smart Licensing, execute the #show license status command, to check whether Smart Licensing is enabled for your instance.


Note

If you had Specific License Reservation enabled before you performed the factory reset, use the same license and enter the same license key that you received from the smart agent.