CISCO Secure Routers Factory Reset User Guide

Okuqukethwe fihla

1 CISCO Secure Routers Factory Reset

2 Setha kabusha njengasekuqaleni

3 Information about factory reset

4 Restrictions for performing a factory reset

5 How to perform a factory reset

6 What happens after a factory reset

7 Imibuzo Evame Ukubuzwa

8 Amadokhumenti / Izinsiza

8.1 Izithenjwa

CISCO Secure Routers Factory Reset

Setha kabusha njengasekuqaleni

Lesi sahluko sichaza isici Sokusetha Kabusha Kwasekuqaleni nokuthi singasetshenziswa kanjani ukuvikela noma ukubuyisela umzila esimweni sangaphambili, esisebenza ngokugcwele.

Information about factory reset

Ukusetha kabusha kwasefekthri kuyinqubo yokusula imininingwane yamanje yokuqalisa nokuqalisa ocingweni, nokusetha kabusha idivayisi ibe esimweni sangaphambili, esisebenza ngokugcwele.
The factory reset process uses the factory-reset all command to take backup of existing configuration and resets the router to an earlier fully functional state. The duration of the factory reset process is dependent on the storage size of the router. It varies from 10 to 30 minutes on Cisco 8100 Series Secure Routers .

From Cisco IOS XE 17.18.x release and later, you can use the factory-reset all secure command to reset the router and securely clear the files egcinwe kumemori ye-bootflash.
There are several memory components in the device(s), as listed for the Cisco 8100 Series Secure Routers as an example in the following table.

Device or Component	Uhlobo	Ukuguquguquka	Inhloso	Idatha Ukuhlanzeka
DDR5 Memory On-board	RAM	Iyaguquguquka	Running system software	All data is removed from DRAM when power is turned off.
TPM	I-NVRAM	Ayiguquki	Secure boot key and board info	Bona ngezansi
I-Power Sequencer	I-NVRAM	Ayiguquki	Power sequencer configuration file	N/A

Information about factory reset

Device or Component	Uhlobo	Ukuguquguquka	Inhloso	Idatha Ukuhlanzeka
IO MCU	I-NVRAM	Ayiguquki	IO MCU ukumisa file	N/A
I-SPI NOR FLASH	I-PROM	Ayiguquki	Boot ROM (ROMMON)	Bona ngezansi.
0.85 V VRM	I-NVRAM	Ayiguquki	VRM configuration file	N/A
eMMC module	I-NVRAM	Ayiguquki	Boot OS, OS file system, system ukumisa	Bona ngezansi.
Ijeneretha yewashi	I-NVRAM	Ayiguquki	Clock generator configuration file	N/A
PoE controller (C8161-G2 only)	I-NVRAM	Ayiguquki	PoE configuration file	N/A

	C8130-G2	C8140-G2	C8151-G2	C8161-G2
DDR5 Memory On-board	4GB	4GB	8GB	8GB
TPM	N/A	N/A	N/A	N/A
I-Power Sequencer	256K	256K	256K	256K
IO MCU	256K	256K	256K	256K
I-SPI NOR FLASH	256Mb	256Mb	256Mb	256Mb
0.85 V VRM	N/A	N/A	N/A	N/A
eMMC module	16GB	16GB	16GB	16GB
Ijeneretha yewashi	N/A	N/A	N/A	N/A
PoE controller (C8161-G2 only)	N/A	N/A	N/A	N/A

DDR5 Memory (On-Board)

Inkumbulo eguqukayo
No user data exists on DRAM after power-off.
Sanitization measures not required.

I-SPI NOR Flash

Inkumbulo engaguquki
Holds user data after power-off.

Configuring the factory-reset all command is the most common method used to erase customer data from the router’s memory resources. Factory reset will clear the current running and start-up configuration information.
From Cisco IOS XE 17.18.1a and later, the factory-reset all secure command will also clear the data held in SPI NOR FLASH in the same manner as the factory-reset all command.
From Cisco IOS XE 17.18.1a, the factory-reset all secure command will clear the data held in SPI NOR FLASH including the config-register and ROMMON variables.

factory-reset keep licensing-info: yes
factory-reset all: yes
factory-reset all secure 3-pass: yes
factory-reset all secure 7-pass: yes
factory-reset all secure: yes

eMMC Boot Flash/NVRAM

Inkumbulo engaguquki
Holds user data after power-off.

A factory reset, factory-reset all command, is the most common method used when erasing customer data
from the router’s memory resources. Factory reset will clear the current running and startup configuration information, thereby resetting the router to a fully functional state as it was shipped from factory.
As of Cisco IOS XE 17.18.1a and later, the factory-reset all secure command to reset the router and securely
sula i files stored in the eMMC Boot Flash /NVRAM.

factory-reset keep licensing-info: yes
factory-reset all: yes
factory-reset all secure 3-pass: yes
factory-reset all secure 7-pass: yes
factory-reset all secure: yes

TPM

Inkumbulo engaguquki
Holds user data after power-off.

From Cisco IOS XE 17.18.1a, a factory reset command, factory-reset all secure unlinks customer data in
the TPM and makes it unreadable by host, including the dev keys installed by consent-token. But you can
keep the manufacturing install data like, SUDI, cookies.

factory-reset keep licensing-info: no
factory-reset all: no
factory-reset all secure 3-pass: no
factory-reset all secure 7-pass: no
factory-reset all secure: yes, but keep the manufacturing installed data

Prerequisites for performing factory reset

After the factory reset process is complete, the router reboots to ROMMON mode.

Software and hardware support for factory reset

Factory Reset process is supported on standalone routers as well as on routers configured for high availability.

Prerequisites for performing factory reset

Ensure that all the software images, configurations and personal data are backed up before performing factory reset.
Ensure that there is uninterrupted power supply when factory reset is in progress.

The factory-reset all secure command erases all files, including the boot image.

Restrictions for performing a factory reset

Any software patches that are installed on the router are not restored after the factory reset operation.

The CLI command “factory-reset all secure” is only supported in the console, not in the Virtual Teletype (VTY).

When to perform factory reset

Return Material Authorization (RMA): If a router is returned back to Cisco for RMA, it is important that all sensitive information is removed.

Router is compromised: If the router data is compromised due to a malicious attack, the router must be reset to factory configuration and then reconfigured once again for further use.
Repurposing: The router needs to be moved to a new topology or market from the existing site to a different site.

How to perform a factory reset

Ngaphambi kokuthi uqale

Inqubo

Isinyathelo 1: Log in to a Cisco 8100 Series Secure Routers.
Isinyathelo 2: This step is divided into two parts (a and b). If you need to retain the licensing information while performing the factory-reset command, follow step 2. a. If you do not need to retain licensing information and want all the data to be erased, perform step 2. b.
- Execute factory-reset keep-licensing-info command to retain the licensing data.
  The system displays the following message when you use the factory-reset keep-licensing-info command: Router#factory-reset keep-licensing-info
  The factory reset operation is irreversible for Keeping license usage. Are you sure? [confirm] This operation may take 20 minutes or more. Please do not power cycle.
  * Sep 1 14:40:09.827: %SYS-5-RELOAD: Reload requested by Exec. Reload Reason: Factory Reset.Sep 1 in the keep_lic_info_loop 2 3 6 Sep 01 14:40:39.835: Factory reset operation completed.
  [BootramDDR v7 RELEASE SOFTWARE (P) compiled 2025-07-16T12:06:41-07:00] Isexwayiso: monitor Nvram area is corrupt … using default values Warning: MFG Key Enabled !!!
  System Bootstrap, Version 17.18(1r), RELEASE SOFTWARE Copyright (c) 1994-2025 by cisco Systems, Inc. Current image running: Boot ROM0 Last reset cause: LocalSoft C8161-G2 platform with 8388608 Kbytes of main memory Warning: MFG key enabled, bypassing BIOS protection feature rommon 1 >
- Execute the factory-reset all secure command to securely erase all data.
  Faka ukuqinisekisa ukuze uqhubeke nokusetha kabusha kwasekuqaleni.
  The system displays the following message when you use the factory-reset all secure command:
  Router#factory-reset all secure
  - Sep 1 14:48:45.310: %CMRP-5-CHASSIS_MONITOR_BOOT_TIME_PRINT: R0/0: cmand: Card F0 took 63 secs to boot
  - Sep 1 14:48:45.310: %CMRP-5-CHASSIS_MONITOR_BOOT_TIME_PRINT: R0/0: cmand: Card 0 took 58 secs to boot
    The factory reset operation is irreversible for securely reset all. Are you sure? [confirm]
  - Sep 1 14:48:46.262: %IOXN_APP-6-IOX_START_STOP_REQ: Got IOX DOWN COMPLETE event, invoking registered callback(s)
This operation may take hours. Please do not power cycle.

Sep 1 14:48:49.671: %SYS-5-RELOAD: Reload requested by Exec. Reload Reason: Factory Reset.Sep1 14
Enabling factory reset for this reload cycle
Enabling factory reset for this reload cycle
Sep 01 14:49:04.433: NIST 800 88r1 compliant factory reset starts. Sep 01 14:49:04.511: #CISCO DATA SANITIZATION REPORT:# C8161-G2 Sep 01 14:49:04.593: start to purge non-volatile storage.

Executing Data Sanitization…
eMMC Data Sanitization started …
!!! Please, wait – Reading EXT_CSD !!!
!!! Please, wait – Reading EXT_CSD !!!
!!! Please, wait – Erasing(Secure) /dev/mmcblk0 !!!
!!! Please, wait – Erasing(Secure) /dev/mmcblk0 !!! !!! Please, wait – Erasing(Secure) /dev/mmcblk0 !!! !!! Please, wait – Erasing(Secure) /dev/mmcblk0 !!! !!! Please, wait – Erasing(Secure) /dev/mmcblk0 !!! !!! Please, wait – Sanitizing /dev/mmcblk0 !!!
!!! Please, wait – Validating Erase for /dev/mmcblk0 !!!eMMC Data Sanitization completed …

Data Sanitization Success! Exiting…
Sep 01 14:53:15.065: purge non-volatile storage done. ========================
#CISCO C8100 DATA SANITIZATION REPORT#
START : 01-09-2025, 14:49:07
END : 01-09-2025, 14:53:12
-eMMC-
MID : SanDisk
PNM : ‘DA6064’
SN : 0xa0611433
Status : SUCCESS
NIST : PURGE
=========================
Sep 01 14:53:15.406: start to check bootflash.
Sep 01 14:57:32.838: bootflash check done.
Sep 01 14:57:32.894: start to cleanup ROMMON variables.
Sep 01 14:57:33.805: ROMMON cleanup variables done.
Sep 01 14:57:33.869: start to cleanup ACT2/AIKIDO/TPM chip
Sep 01 14:57:35.747: ACT2/AIKIDO/TPM cleanup done.
Sep 01 14:57:38.152: report save done.
Sep 01 14:57:38.198: Factory reset operation completed.
[BootramDDR v7 RELEASE SOFTWARE (P) compiled 2025-07-16T12:06:41-07:00]
Warning: monitor Nvram area is corrupt … using default values Warning: MFG Key Enabled !!!
System Bootstrap, Version 17.18(1r), RELEASE SOFTWARE
Isithombe samanje esisebenzayo: Qalisa i-ROM0
Imbangela yokusetha kabusha kokugcina: LocalSoft
C8161-G2 platform with 8388608 Kbytes of main memory
Warning: MFG key enabled, bypassing BIOS protection feature rommon 1 >

What happens after a factory reset

After the factory reset is successfully completed, the router boots up. However, before the factory reset process started, if the configuration register was set to manually boot from ROMMON, the router stops at ROMMON.
After you configure Smart Licensing, execute the #show license status command, to check whether Smart Licensing is enabled for your instance.

Qaphela: If you had Specific License Reservation enabled before you performed the factory reset, use the same license and enter the same license key that you received from the smart agent.

Imibuzo Evame Ukubuzwa

What is the purpose of a factory reset?

A factory reset is used to clear the current configuration of the router and restore it to a fully functional state as it was when shipped from the factory.

How long does a factory reset take?

The duration of a factory reset process varies depending on the storage size of the router and can range from 10 to 30 minutes on Cisco 8100 Series Secure Routers.

Is there a secure option for performing a factory reset?

Yes, starting from Cisco IOS XE 17.18.x release and later, you can use the factory-reset all secure command to securely clear files stored in the memory.

Amadokhumenti / Izinsiza

CISCO Secure Routers Factory Reset [pdf] Umhlahlandlela Womsebenzisi
Secure Routers Factory Reset, Routers Factory Reset, Factory Reset

Izithenjwa

Imaniwali yosebenzisayo