Factory reset erases all the customer-specific data stored in a device and restores the device to its original configuration
at the time of shipping. Data that is erased includes configurations, log files, boot variables, core files, and credentials
such as Federal Information Processing Standard-related (FIPS-related) keys. The erasure is consistent with the clear method,
as described in NIST SP 800-88 Rev. 1.
The factory reset process is used in the following scenarios:
-
Return Material Authorization (RMA) for a device: If you have to return a device to Cisco for RMA, remove all the customer-specific
data before obtaining an RMA certificate for the device.
-
Recovering a compromised device: If the key material or credentials that are stored on a device are compromised, reset the
device to the factory configuration, and then reconfigure the device.
During a factory reset, the device reloads and enters ROMMON mode. After the factory reset, the device removes all its environment
variables, including the MAC_ADDRESS and the SERIAL_NUMBER variables, which are required to locate and load the software. Perform a reset in ROMmon mode to automatically set the environment
variables. The BAUD rate environment variable returns to its default value after a factory reset. Make sure that the BAUD
rate and the console speed are the same at all times. Otherwise, the console becomes unresponsive.
After the system reset in ROMmon mode is complete, add the Cisco IOS image either through an USB or TFTP.
The following table provides details about the data that is erased and retained during the factory reset process:
Table 1. Data Erased and Retained During Factory Reset
Data Erased
|
Data Retained
|
All Cisco IOS images, including the current boot image
|
Data from remote field-replaceable units (FRUs)
|
Crash information and logs
|
Value of the configuration register.
|
User data, startup and running configuration, and contents of removable storage devices, such as Serial Advanced Technology
Attachment (SATA), Solid State Drive (SSD), or USB
|
—
|
Credentials such as FIPS-related keys
|
Credentials such as Secure Unique Device Identifier (SUDI) certificates, and public key infrastructure (PKI) keys.
|
Onboard Failure Logging (OBFL) logs
|
Licenses
|
ROMmon variables added by a user.
|
—
|