Factory Reset

This chapter describes Factory Reset feature and how it can be used to protect or restore a router to an earlier, fully functional state.

Feature Information for Factory Reset

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

UseCisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Table 1. Feature Information for Factory Reset

Feature Name

Releases

Feature Information

Factory Reset

Cisco IOS XE Everest 16.6.1

This feature was introduced.

Secure Factory Reset

Cisco IOS XE Dublin 17.11.1a

Added the factory-reset all secure command for C111x.

Information About Factory Reset

Factory Reset is a process of clearing the current running and start-up configuration information on a device, and resetting the device to an earlier, fully-functional state.

The factory reset process uses the factory-reset all command to take backup of existing configuration and resets the router to an earlier fully functional state. The duration of the factory reset process is dependent on the storage size of the router. It varies from 10 to 30 minutes on a Cisco 1000 Series consolidated platform.

From Cisco IOS XE Dublin 17.11.x release and later, you can use the factory-reset all secure command to reset the router and securely clear the files stored in the bootflash memory.

There are several memory components in the device(s), as listed for the C111x device as an example in the following table.

Device or Component

Memory Size

Type

Volatility

Purpose

Data Sanitization

DDR4 SDRAM

4GB

RAM

Volatile

Running system software

All data is removed from DRAM when power is turned off

ROMmon

256Mbit (32MB)

NOR

Non-volatile

System boot

Bootflash

8GB raw (4GB pSLC mode)

NAND

Non-volatile

IOS boot images, Log files

TAM Flash

32Mbit (4MB)

NOR

Non-volatile

Trust Module

DDR4 SDRAM

  • Volatile memory

  • No user data exists on DRAM after power-off.

  • Sanitization measures not required.

ROMmon

  • Non-volatile memory

  • Holds user data after power-off.

A factory reset, factory-reset all command, is the most common method used when erasing customer data from the router’s memory resources. Factory reset clears the current running and startup configuration information, thereby resetting the router to a fully functional state as it was shipped from the factory.

As of Cisco IOS XE 17.11.1a and later, the factory-reset all secure command will also clear the data held in ROMmon in the same manner as factory-reset all .

Bootflash/NVRAM

  • Non-volatile memory

  • Holds user data after power-off.

A factory reset, factory-reset all command, is the most common method used when erasing customer data from the router’s memory resources. Factory reset clears the current running and startup configuration information, thereby resetting the router to a fully functional state as it was shipped from the factory.

As of Cisco IOS XE 17.11.1a and later, the factory-reset all secure command to reset the router and securely clear the files stored in the bootflash/NVRAM.

TAM Flash

  • Non-volatile memory

  • Holds user data after power-off.

A factory reset command, factory-reset all secure in Cisco IOS XE 17.11.1a and later, unlinks customer data in the TAM Flash and makes it non-readable by the host.

Afterthe factory reset process is complete, the router reboots to ROMMON mode.

Software and Hardware Support for Factory Reset

  • Factory Reset process is supported on standalone routers as well as on routers configured for high availability.

Prerequisites for Performing Factory Reset

  • Ensure that all the software images, configurations and personal data are backed up before performing factory reset.

  • Ensure that there is uninterrupted power supply when factory reset is in progress.

  • The factory-reset all secure command erases all files, including the boot image.

Restrictions for Performing a Factory Reset

  • Any software patches that are installed on the router are not restored after the factory reset operation.

  • The CLI command "factory-reset all secure" is only supported in the console, not in the Virtual Teletype (VTY).

When to Perform Factory Reset

  • Return Material Authorization (RMA): If a router is returned back to Cisco for RMA, it is important that all sensitive information is removed.

  • Router is compromised: If the router data is compromised due to a malicious attack, the router must be reset to factory configuration and then reconfigured once again for further use.

  • Repurposing: The router needs to be moved to a new topology or market from the existing site to a different site.

How to Perform a Factory Reset

Before you begin

Procedure

Step 1

Log in to a Cisco 1000 ISR device.

Step 2

This step is divided into two parts (a and b). If you need to retain the licensing information while performing the factory-reset command, follow step 2. a. If you do not need to retain licensing information and want all the data to be erased, perform step 2. b.

  1. Execute factory-reset keep-licensing-info command to retain the licensing data.

    The system displays the following message when you use the factory-reset keep-licensing-info command: 

    Router# factory-reset keep-licensing-info

The factory reset operation is irreversible for Keeping license usage. Are you sure? [confirm]
This operation may take 20 minutes or more. Please do not power cycle.

*Apr 11 08:23:06.576: %SYS-5-RELOAD: Reload requested by Exec. Reload Reason: Factory Reset.
in the keep_lic_info_loop 2 3 6
Apr 11 08:23:35.273: Factory reset operation completed.
rommon 1 >

  2. Execute the factory-reset all secure command to securely erase all data.

    Enter confirm to proceed with the factory reset.

    The system displays the following message when you use the factory-reset all secure command: 

    Router# factory-reset all secure

The factory reset operation is irreversible for securely reset all. Are you sure? [confirm]
This operation may take hours. Please do not power cycle.

*Apr 11 10:04:55.299: %SYS-5-RELOAD: Reload requested by Exec. Reload Reason: Factory Reset.
Apr 11 10:05:14.401: NIST 800 88r1 compliant factory reset starts.
Apr 11 10:05:14.481: #CISCO DATA SANITIZATION REPORT:# C1131-8PLTEPWB
Apr 11 10:05:14.564: start to purge non-volatile storage.
Apr 11 10:06:33.600: purge non-volatile storage done.
========================
#CISCO ISR1K DATA SANITIZATION REPORT#
START : 11-04-2023, 10:05:17
  END : 11-04-2023, 10:06:30
-eMMC-
MID : 'Toshiba'
PNM : '008GB0'
SN : 0x17b4c682
Status : SUCCESS
NIST : PURGE
========================
Apr 11 10:06:33.928: start to check bootflash.
Apr 11 10:07:30.352: bootflash check done.
Apr 11 10:07:30.412: start to cleanup ROMMON variables.
Apr 11 10:07:34.097: ROMMON cleanup variables done.
Apr 11 10:07:34.164: start to cleanup ACT2/AIKIDO chip
Apr 11 10:07:36.074: ACT2/AIKIDO cleanup done.
Apr 11 10:07:37.098: report save done.
Apr 11 10:07:37.156: Factory reset operation completed.

What Happens after a Factory Reset

After the factory reset is successfully completed, the router boots up. However, before the factory reset process started, if the configuration register was set to manually boot from ROMMON, the router stops at ROMMON.

After you configure Smart Licensing, execute the #show license status command, to check whether Smart Licensing is enabled for your instance.


Note

If you had Specific License Reservation enabled before you performed the factory reset, use the same license and enter the same license key that you received from the smart agent.