cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1816
Views
1
Helpful
5
Replies

Data Sanitizing/Purging Older Switches

alarson011
Level 1
Level 1

Newer switches have the factory-reset all secure command which performs a NIST purge (see System Management Configuration Guide, Cisco IOS Release 15.2(7)E3k (Catalyst Micro Switch Series)

I've just found this command but it doesn't work for older switches, i.e. Catalyst 2960S-24TS-S so I've been resetting most older switches by;

  1. Stopping Bootloader
  2. Deleting all files from Flash except current IOS Firmware
  3. Optionally running the write erase command once logged in

Is there some kind of purge command for older switches or is deleting files from flash secure enough?

I would imagine taking it a step further by deleting all files from flash and reinstalling current or newest firmware might be even more secure? Any help is appreciated!!

1 Accepted Solution

Accepted Solutions

For Cisco IOS (not IOS-XE), I would format the flash.

View solution in original post

5 Replies 5

Leo Laohoo
Hall of Fame
Hall of Fame

Cisco an pick up and perform a secure-destruction for free.  If I remembered correctly, they can even process non-Cisco branded (competitor's) products as well.

Customer Recycling Solutions

That's a good way to take care of switches that I no longer need so I appreciate the answer but I'm searching how to do it myself and if the way I'm currently doing it is secure

For Cisco IOS (not IOS-XE), I would format the flash.

That could be done with delete /recursive /force flash: and format flash: correct or do you have a better recommendation for formatting the flash? Would it delete the firmware?

Depends on the model of the switch. 

Catalyst 4k stores the VLAN DB in a separate directory (cat4000_flash:).  Formatting the flash does not clear away the VLAN DB.  And do not forget about the information(s) in the crashinfo:  directory. 

Factory resetting a Catalyst 6k is more difficult.  

  • sea_console.dat is persistent.  The file can be deleted but it will return with previously deleted data. 
  • sea_log.dat is persistent.  The file can be deleted but it will return with previously deleted data. 
  • VLAN DB is in the const_nvram: directory & formatting the flash does not clear away the VLAN DB.

For Cisco IOS (not IOS-XE), formatting the flash is my preferred method.