cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

775
Views
0
Helpful
9
Replies

Kill Cisco switch running IOS with interfaces shutdown

Hi all, 

 

I have a variety of cisco switches that i need to kill (wipe clean) these include 3400, 3550, 3750 and 4900. They are all running on IOS. 

 

I want wipe the switch clean such that there is no config left on it AND i want all the interfaces to be shutdown. 

 

From what i see right now, doing a write erase leaves the interfaces up. 

 

What command/process should i use? After writing the command ideally I want to do a write mem/save as well. 

9 REPLIES 9
Hall of Fame Community Legend

Re: Kill Cisco switch running IOS with interfaces shutdown


kanav.batra@team.telstra.com wrote:

From what i see right now, doing a write erase leaves the interfaces up. 


format flash:

Re: Kill Cisco switch running IOS with interfaces shutdown

Thanks, I will try this. Is there a way to load into ROMMON mode and disable console access? So that way flash stays as is but all access is effectively blocked. 

Hall of Fame Master

Re: Kill Cisco switch running IOS with interfaces shutdown

A switch with no configuration on it (out of the box factory fresh) will have layer 2 interfaces (switch ports) automatically come up (on VLAN 1) when a host is plugged into an interface.

 

You cannot disable all console access access short of physically destroying the switch. Given what you seems to be trying to do, why not just do that?

 

 

Re: Kill Cisco switch running IOS with interfaces shutdown

Thanks Marvin. Yes that's what I am trying to do but through a command, so whats that one command that will "self-destruct" the device and leave the interfaces shutdown ?

Hall of Fame Master

Re: Kill Cisco switch running IOS with interfaces shutdown

To the best of my knowledge what you are trying to do is not possible.

 

A configuration is required to override the default behavior of the hardware. Yet you want to delete all configuration.

 

What's the goal of making all of the physical interfaces shutdown?

 

Are you disposing of the hardware to a third party? If so then sanitize it. There are established and approved methods for doing so. They do not require all interfaces be shutdown.

 

https://www.cisco.com/c/en/us/support/docs/switches/catalyst-2900-xl-series-switches/24328-156.html#reset_switch

 

https://supportforums.cisco.com/t5/network-infrastructure-documents/how-to-format-or-erase-files-from-flash-and-nvram-permanently/ta-p/3123439

 

https://supportforums.cisco.com/t5/other-security-subjects/sanitization-procedures-for-catalyst-4510/td-p/2377966

 

If you want to destroy the switch there are better tools for doing so - something like a large hammer.

Hall of Fame Community Legend

Re: Kill Cisco switch running IOS with interfaces shutdown


kanav.batra@team.telstra.com wrote:

Is there a way to load into ROMMON mode and disable console access? So that way flash stays as is but all access is effectively blocked. 


Why so extreme?   What you're asking is to render the appliance totally inoperable, like dunking the appliance in a bucket of water (or a tank filled with Hydrochloric Acid).

Or how about handing the old equipment back to Cisco for proper disposal?  

Highlighted

Re: Kill Cisco switch running IOS with interfaces shutdown

That's exactly what needs to be done. 

 

Or worst, how do i change the start up config in IOS and reload with ports shutdown?

Hall of Fame Master

Re: Kill Cisco switch running IOS with interfaces shutdown

Any change you make to the config to make the switch power up with all ports disabled can easily be undone by anybody with an intermediate level of switch configuration ability (or a working google search window).

 

Either sanitize the switch (per standard procedures that were linked earlier) or destroy it.

Hall of Fame Community Legend

Re: Kill Cisco switch running IOS with interfaces shutdown


kanav.batra@team.telstra.com wrote:

Or worst, how do i change the start up config in IOS and reload with ports shutdown?


I have no idea how long you've been working with network equipment but whenever someone buys used Cisco network equipment from, say, AllBids or e-Bays or Grays (yes, I'm Aussie), y'know what they do?  

The first thing they do is perform a factory erase or format the flash drive.  So any configuration made to shut down the ports is out the window. 


kanav.batra@team.telstra.com wrote:

That's exactly what needs to be done. 


If the objective is to render the appliance completely useless to anyone then, as what Marvin recommends, DESTROY it.  

Cisco will even take away used network gear (even not their own) and destroy it for you.

By the way, this is the first time I've heard this kind of activity is sanctioned by Telstra.