Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1275
Views
1
Helpful
5
Replies

Data Sanitizing/Purging Older Switches

Go to solution
alarson011
Level 1
Level 1

‎01-04-2023 06:52 PM

Newer switches have the factory-reset all secure command which performs a NIST purge (see System Management Configuration Guide, Cisco IOS Release 15.2(7)E3k (Catalyst Micro Switch Series)

I've just found this command but it doesn't work for older switches, i.e. Catalyst 2960S-24TS-S so I've been resetting most older switches by;

  1. Stopping Bootloader
  2. Deleting all files from Flash except current IOS Firmware
  3. Optionally running the write erase command once logged in

Is there some kind of purge command for older switches or is deleting files from flash secure enough?

I would imagine taking it a step further by deleting all files from flash and reinstalling current or newest firmware might be even more secure? Any help is appreciated!!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to alarson011

‎01-05-2023 01:05 PM

For Cisco IOS (not IOS-XE), I would format the flash.

View solution in original post

5 Replies 5

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎01-04-2023 07:58 PM - edited ‎01-04-2023 07:59 PM

Cisco an pick up and perform a secure-destruction for free.  If I remembered correctly, they can even process non-Cisco branded (competitor's) products as well.

Customer Recycling Solutions

0 Helpful

Go to solution
alarson011
Level 1
Level 1
In response to Leo Laohoo

‎01-05-2023 04:22 AM

That's a good way to take care of switches that I no longer need so I appreciate the answer but I'm searching how to do it myself and if the way I'm currently doing it is secure

0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to alarson011

‎01-05-2023 01:05 PM

For Cisco IOS (not IOS-XE), I would format the flash.

Go to solution
alarson011
Level 1
Level 1
In response to Leo Laohoo

‎11-09-2023 06:09 AM

That could be done with delete /recursive /force flash: and format flash: correct or do you have a better recommendation for formatting the flash? Would it delete the firmware?

0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to alarson011

‎11-09-2023 03:20 PM

Depends on the model of the switch. 

Catalyst 4k stores the VLAN DB in a separate directory (cat4000_flash:).  Formatting the flash does not clear away the VLAN DB.  And do not forget about the information(s) in the crashinfo:  directory. 

Factory resetting a Catalyst 6k is more difficult.  

  • sea_console.dat is persistent.  The file can be deleted but it will return with previously deleted data. 
  • sea_log.dat is persistent.  The file can be deleted but it will return with previously deleted data. 
  • VLAN DB is in the const_nvram: directory & formatting the flash does not clear away the VLAN DB.

For Cisco IOS (not IOS-XE), formatting the flash is my preferred method.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents