Factory Reset

This chapter describes Factory Reset feature and how it can be used to protect or restore a router to an earlier, fully functional state.

Feature information for factory reset

Table 1. Feature Information for Factory Reset

Feature Name

Releases

Feature Information

Factory Reset

Cisco IOS XE 17.15.4a

From Cisco IOS XE 17.15.4a, Cisco 8500 Series Secure Routers support the following commands:

factory-reset all

factory-reset all secure

factory-reset keep-licensing-info

factory-reset sed

Information about factory reset

Factory Reset is a process of clearing the current running and start-up configuration information on a device, and resetting the device to an earlier, fully-functional state.

The factory reset process uses the factory-reset all command to take backup of existing configuration, and then reset the router to an earlier, fully functional state. The duration of the factory reset process is dependent on the storage size of the router. It can vary between 30 minutes on a consolidated platform, and up to 3 hours on a high availability setup.

You can use the factory-reset all secure command to reset the router and erase the persistent storages of the router as per the NIST PURGE/CLEAR standards. Also, the image with which the router was booted wont be retained and the router will fall back to the rommon prompt. This process takes between 5 minutes to 2 hours.

Table 2. Data Erased or Retained during Factory Reset

Command Name

Data Erased

Data Retained
factory-reset all secure

Non-volatile random-access memory (NVRAM) data

Data from remote field-replaceable units (FRUs).

OBFL (Onboard Failure Logging) logs

Contents of USB

Licenses

Credentials (Secure Unique Device Identifier [SUDI] certificates, public key infrastructure (PKI) keys, and FIPS-related keys)

User data, startup, and running configuration

ROMMON variables

All writeable file systems and personal data.

Note

 

After the completion of factory-reset, the router has to be booted from a image stored in a remote storage or a USB as everything is erased from the non-volatile storage.

Value of configuration register

Important

 

The value of the configuration register can be erased using the factory-reset all secure command on Cisco 8500 Series Secure Routers.

factory-reset all

Non-volatile random-access memory (NVRAM) data

Data from remote field-replaceable units (FRUs).

OBFL (Onboard Failure Logging) logs

Contents of USB

Licenses

Credentials (Secure Unique Device Identifier [SUDI] certificates, public key infrastructure (PKI) keys, and FIPS-related keys)

User data, startup, and running configuration

Value of configuration register

ROMMON variables

All writeable file systems and personal data.
factory-reset keep-licensing-info

License Boot level configuration

Real User Monitoring (RUM) Reports (open/unacknowledged license usage report)

Throughput level configuration

Usage reporting details (last ACK received, next ACK scheduled, last/next report push)

Smart license transport type

Unique Device Identification (UDI) trust codes

Smart license URL data

Customer policy received from CSSM

SLAC, SLR authorization codes return codes

Factory installed purchase information
factory-reset sed

Non-volatile random-access memory (NVRAM) data

Data from remote field-replaceable units (FRUs).

OBFL (Onboard Failure Logging) logs

Contents of USB

Licenses

Credentials (Secure Unique Device Identifier [SUDI] certificates, public key infrastructure (PKI) keys, and FIPS-related keys)

User data, startup, and running configuration

ROMMON variables

All the data on the sed enabled disk.

Value of configuration register

The table below outlines the supported platforms for the factory-reset sed command

Platform

Bootflash

Harddisk

C8550-G2

SED enabled

NA

C8570-G2

SED enabled

NA

The factory-reset all secure command always boots into ROMMON. For other commands it depends on the config-register value. If you have the zero-touch provisioning (ZTP) capability setup, after the router completes the factory reset procedure, the router reboots with ZTP configuration.

Software and hardware support for factory reset

  • Factory Reset process is supported on standalone routers as well as on routers configured for high availability.

Prerequisites for performing factory reset

  • Ensure that all the software images, configurations and personal data is backed up before performing factory reset.

  • Ensure that there is uninterrupted power supply when factory reset is in progress.

  • The factory-reset all command takes a backup of the boot image if the system is booted from an image stored locally (bootflash or hard disk).

  • The factory-reset all secure command erases all files, including the boot image, even if the image is stored locally. You would need to boot the router using an image stored in TFTP or USB in this case.

  • Ensure that ISSU/ISSD (In- Service Software Upgrade or Downgrade) is not in progress before performing factory reset.

Restrictions for performing a factory reset

  • Any software patches that are installed on the router are not restored after the factory reset operation.

  • If the factory reset command is issued through a Virtual Teletype (VTY) session, the session is not restored after the completion of the factory reset process.

  • The factory-reset all secure command is not supported through a Virtual Teletype (VTY) session.

When to perform factory reset

  • Return Material Authorization (RMA): If a router is returned back to Cisco for RMA, it is important that all sensitive information is removed.

  • Router is compromised: If the router data is compromised due to a malicious attack, the router must be reset to factory configuration and then reconfigured once again for further use.

  • Repurposing: The router needs to be moved to a new topology or market from the existing site to a different site.

How to perform a factory reset

Before you begin

Refer Table 2 to determine which information is going to be deleted and retained. Based on the information you require, execute the appropriate command mentioned below.

Procedure

Step 1

Log in to a Cisco 8500 Series Secure Router

Important

 

If the current boot image is a remote image or is stored in a USB, ensure that you take a backup of the image before starting the factory reset process.

Step 2

This step is divided into four parts (a,b,c and d). If you want all the data to be erased as per the NIST standards without retaining the boot image, follow step 2.a. If you want to erase the data with the configuration register value and local boot image retained, follow step 2.b. If you want to just erase the sed drive, follow step 2.c. If you need to retain the licensing information while performing the factory-reset command, follow step 2.d

  1. Execute factory-reset all secure command to erase as per the NIST standards.

    The system displays the following message when you use the factory-reset all secure command: 

    Router# factory-reset all secure 
The factory reset operation is irreversible for securely reset all. Are you sure? [confirm]
 This is a NIST CLEAR/PURGE.
 The following will be deleted as a part of factory reset:
 1: All writable file systems and personal data
 2: OBFL logs
 3: Licenses
 4: Userdata and Startup config
 5: Rommon variables
 6: User Credentials
 The system will reload to perform factory reset.
 This operation can take anywhere between 30 minutes to 3 hours
 DO NOT UNPLUG THE POWER OR INTERRUPT THE OPERATION
 Are you sure you want to continue? [confirm]
 The image saved on the router would be lost. The router will fall to the rommon prompt
 Are you sure you want to continue? [confirm]
Mar 

Enabling factory reset for this reload cycle


Enabling factory reset for this reloa
*Mar 24 08:19:02.634: %IOSXEBOOT-4-FACTORY_RESET: (rp/0): % FACTORYRESET : Starting ACT2/AIKIDO CLEANUP

*Mar 24 08:19:17.289: %IOSXEBOOT-4-FACTORY_RESET: (rp/0): % FACTORYRESET : ACT2/AIKIDO Cleanup done

*Mar 24 08:19:17.413: %IOSXEBOOT-4-FACTORY_RESET: (rp/0): % FACTORYRESET : Erasing Rommon Variables and Config Register

*Mar 24 08:19:18.400: %IOSXEBOOT-4-FACTORY_RESET: (rp/0): % FACTORYRESET : Successfully erased the rommon variables and config register

*Mar 24 08:19:18.568: %IOSXEBOOT-4-FACTORY_RESET: (rp/0): % FACTORYRESET : Starting Datawipe

*Mar 24 08:19:18.685: %IOSXEBOOT-4-FACTORY_RESET: (rp/0): % FACTORYRESET : Erasing the storage devices as per NIST-SP-800-88-r standard:
Executing Data Sanitization...
bootflash
NVMe Data Sanitization started ...
!!! Please, wait - NVMe sanitizing /dev/nvme0n1 !!!
NVME Sanitize Status: Successful
NVMe Data Sanitization completed ...
Data Sanitization Success! Exiting...

*Mar 24 08:19:48.948: %IOSXEBOOT-4-FACTORY_RESET: (rp/0): Purge non-volatile storage done.
========================
#CISCO C8500-G2 DATA SANITIZATION REPORT#
START : 24-03-2025, 08:19:21
  END : 24-03-2025, 08:19:44
-NVMe-
PNM : MSA281400FR
PRV : E2MU200
SN : /dev/ng0n1
Status : SUCCESS
NIST : PURGE
========================

*Mar 24 08:19:49.357: %IOSXEBOOT-4-FACTORY_RESET: (rp/0): % FACTORYRESET : Datawipe Completed

*Mar 24 08:20:02.980: %IOSXEBOOT-4-FACTORY_RESET: (rp/0): % FACTORYRESET : Report save done.

*Mar 24 08:20:03.097: %IOSXEBOOT-4-FACTORY_RESET: (rp/0): Factory reset successfull. Continuing with reboot...

  2. Execute factory-reset all command to erase the data.

    The system displays the following message when you use the factory-reset all command: 

    Router# factory-reset all
The factory reset operation is irreversible for all operations. Are you sure? [confirm]
 The following will be deleted as a part of factory reset:
 1: All writable file systems and personal data
 2: OBFL logs
 3: Licenses
 4: Userdata and Startup config
 5: Rommon variables
 6: User Credentials
 The system will reload to perform factory reset.
 This operation can take anywhere between 30 minutes to 3 hours
 DO NOT UNPLUG THE POWER OR INTERRUPT THE OPERATION
 Are you sure you want to continue? [confirm]
 Factory reset will take a backup of the boot image if the system is currently booted from an image stored locally. If the current boot image is a remote image or stored on a usb/nim-ssd, please take a backup of the image before executing this command.
 Are you sure you want to continue? [confirm]
Mar

Enabling factory reset for this reload cycle


Enabling factory reset for this reload cycle

*Mar 24 10:36:43.858: %IOSXEBOOT-4-FACTORY_RESET: (rp/0): Taking a backup of bootflash:packages.conf. It will be restored to bootflash: after factory reset is complete

*Mar 24 10:36:45.571: %IOSXEBOOT-4-FACTORY_RESET: (rp/0): % FACTORYRESET : Starting ACT2/AIKIDO CLEANUP

*Mar 24 10:37:00.098: %IOSXEBOOT-4-FACTORY_RESET: (rp/0): % FACTORYRESET : ACT2/AIKIDO Cleanup done

*Mar 24 10:37:00.596: %IOSXEBOOT-4-FACTORY_RESET: (rp/0): Erasing file system

*Mar 24 10:37:01.458: %IOSXEBOOT-4-FACTORY_RESET: (rp/0): Erasing file system

*Mar 24 10:37:01.796: %IOSXEBOOT-4-FACTORY_RESET: (rp/0): Erasing file system
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

*Mar 24 11:32:04.869: %IOSXEBOOT-4-FACTORY_RESET: (rp/0): Erasing file system
 .

*Mar 24 11:32:07.004: %IOSXEBOOT-4-FACTORY_RESET: (rp/0): Erasing file system
 .

*Mar 24 11:32:09.133: %IOSXEBOOT-4-FACTORY_RESET: (rp/0): Erasing file system
 .

*Mar 24 11:32:11.262: %IOSXEBOOT-4-FACTORY_RESET: (rp/0): Erasing file system
 .

*Mar 24 11:32:15.568: %IOSXEBOOT-4-FACTORY_RESET: (rp/0): Factory reset successfull. Continuing with reboot...


Initializing Hardware ...

  3. Execute factory-reset sed command to erase the sed drive.

    The system displays the following message when you use the factory-reset sed command: 

    Router# factory-reset sed       
% Warning: factory reset on SED drive reloads router           
Do you want to continue? (yes/[no]): yes                       
SUCCESS                        

Router#                        
Router#                        


***                            
*** --- SHUTDOWN NOW ---       
***                            

*Jan 14 00:48:41.482: %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload due to factory reset on SED.Jan 14 00:48:48.499: %PMAN-5-EXITACTION: R                                


Initializing Hardware ...

  4. Execute factory-reset keep-licensing-info command to retain the licensing data.

    The system displays the following message when you use the factory-reset keep-licensing-info command: 

    Router# factory-reset keep-licensing-info

The factory reset operation is irreversible for Keeping license usage. Are you sure? [confirm]
This operation may take 20 minutes or more. Please do not power cycle.

Dec 1 20:58:38.205: %PMAN-5-EXITACTION: R0/0: pvp: Process manager is exiting: process exit with
reload chassis code
/bootflash failed to mount
Dec 01 20:59:44.264: Factory reset operation completed.
Initializing Hardware ...

Current image running: Boot ROM1

Last reset cause: LocalSoft

ISR4331/K9 platform with 4194304 Kbytes of main memory
rommon 1

Step 3

Enter confirm to proceed with the factory reset.

Note

 

The duration of the factory reset process depends on the storage size of the router. It can extend between 5 minutes and up to 3 hours on a high availability setup. If you want to quit the factory reset process, press the Escape key.

What happens after a factory reset

After the factory reset is successfully completed, the router boots up. However, before the factory reset process started, if the configuration register was set to manually boot from ROMMON, the router stops at ROMMON.

After you configure Smart Licensing, execute the #show license status command, to check whether Smart Licensing is enabled for your instance.


Note

If you had Specific License Reservation enabled before you performed the factory reset, use the same license and enter the same license key that you received from the smart agent.