Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3071
Views
4
Helpful
10
Replies

Factory reset Catalyst 9200L from serial connection

Go to solution
marcus serrao
Level 1
Level 1

‎02-16-2024 09:17 AM

Hi. I'm trying to document a process to factory-reset a 9200L switch in order to prepare it production after being tested on in non-production. This would include also loading the initial factory image from flash. Does anyone have the steps and commands to do this? We've tried the 3 button press from here with no luck:

https://community.cisco.com/t5/switching/how-to-factory-reset-catalyst-c9200l-24t-without-command/td-p/4559948

Considering a factory reset seems to be different on the 9200s vs the older switches we have (2960s and 2950s), we are having a difficult time finding online articles/videos that show the reset on the 9200s.

thanks for any help!

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
marcus serrao
Level 1
Level 1

‎02-16-2024 08:09 PM - edited ‎02-17-2024 04:52 PM

Thanks for all the help. Based on a number of pointers and this article, I wrote the following steps for anyone that needs to reset the 9200L without requiring to delete and replace the image once the switch is reset. In our case, the enable secret was not known, so we reset that too:
 
 
Cisco Catalyst 9200L Switch Password and Configuration Reset
 
Reset Password (if enable password is not known)
=================================================
1) plug PC into console port and connect to switch
2) unplug power then plug in while holding mode button until you get "switch:" prompt
3) at switch prompt type to bypass and reset enable password:
switch: set SWITCH_IGNORE_STARTUP_CFG=1
4) verify "SWITCH_IGNORE_STARTUP_CFG” variable is set: 
switch: set
5) boot to OS: 
switch: boot
 
Wipe configuration and reset enable secret
=================================================
1) After boot, go into privileged mode (there will be no password if you ran reset password):
switch>enable 
2) Wipe configuration
write erase
3) Enter global configuration mode, set enable secret and set the boot mode to boot normally (instead of password recovery mode):
switch#: Conf t
switch(config)#: enable secret <password>
switch(config)#: exit
switch(config)#: no system ignore startupconfig switch all
4) Commit changes and reboot
switch#: write memory
switch#: reload
 
Wipe VLAN data (it does not get wipes with "write erase" command)
=================================================
1) After boot, go into privileged mode (there will be a password):
switch>enable 
2) Check current VLAN config still in place
switch# show vlan
3) Check for the vlan.dat file containing the VLAN data in the flash
switch# dir flash:
4) Delete the vlan.dat file and reboot
switch# delete flash:vlan.dat
switch# reload
2) After boot, enable and check VLAN config is wiped
switch> enable
switch# show vlan

View solution in original post

0 Helpful
10 Replies 10

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎02-16-2024 04:42 PM

Command:  factory-reset all

Go to solution
marcus serrao
Level 1
Level 1
In response to Leo Laohoo

‎02-16-2024 05:34 PM

Thank you. My concern is that what I read about the command, it will also delete all images from the switch too including the one that was installed when we bought the switch. It mentions in the documentation the need to tftp a new image back to the switch after. 

Is there any way to just delete the configuration to get it back to the initial configuration wizard? 

0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to marcus serrao

‎02-16-2024 06:00 PM

Another option is to boot into ROMMON.  

Load the switch firmware into a USB flash drive and do the following command:  

emergency-install usbflash0:filename.bin
0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎02-16-2024 07:26 PM

Cat 9200 if you use factory-reset all  (before doing do you have image in USB .bin file) check USB readable, then issue that command and follow below guide once you have switch:

https://www.cisco.com/c/en/us/support/docs/switches/catalyst-9300-series-switches/216944-troubleshoot-bootloader-rommon-and-pas.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
marcus serrao
Level 1
Level 1

‎02-16-2024 08:09 PM - edited ‎02-17-2024 04:52 PM

Thanks for all the help. Based on a number of pointers and this article, I wrote the following steps for anyone that needs to reset the 9200L without requiring to delete and replace the image once the switch is reset. In our case, the enable secret was not known, so we reset that too:
 
 
Cisco Catalyst 9200L Switch Password and Configuration Reset
 
Reset Password (if enable password is not known)
=================================================
1) plug PC into console port and connect to switch
2) unplug power then plug in while holding mode button until you get "switch:" prompt
3) at switch prompt type to bypass and reset enable password:
switch: set SWITCH_IGNORE_STARTUP_CFG=1
4) verify "SWITCH_IGNORE_STARTUP_CFG” variable is set: 
switch: set
5) boot to OS: 
switch: boot
 
Wipe configuration and reset enable secret
=================================================
1) After boot, go into privileged mode (there will be no password if you ran reset password):
switch>enable 
2) Wipe configuration
write erase
3) Enter global configuration mode, set enable secret and set the boot mode to boot normally (instead of password recovery mode):
switch#: Conf t
switch(config)#: enable secret <password>
switch(config)#: exit
switch(config)#: no system ignore startupconfig switch all
4) Commit changes and reboot
switch#: write memory
switch#: reload
 
Wipe VLAN data (it does not get wipes with "write erase" command)
=================================================
1) After boot, go into privileged mode (there will be a password):
switch>enable 
2) Check current VLAN config still in place
switch# show vlan
3) Check for the vlan.dat file containing the VLAN data in the flash
switch# dir flash:
4) Delete the vlan.dat file and reboot
switch# delete flash:vlan.dat
switch# reload
2) After boot, enable and check VLAN config is wiped
switch> enable
switch# show vlan
0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to marcus serrao

‎02-16-2024 08:55 PM

And the config-register is stills set for password-recovery mode.

0 Helpful

Go to solution
marcus serrao
Level 1
Level 1
In response to Leo Laohoo

‎02-17-2024 11:08 AM

Hi Leo. Just so I understand what you are saying, if I don't unset this variable "set SWITCH_IGNORE_STARTUP_CFG=1" and set it to "0", the switch will always be in password-recovery mode, even after doing a "write erase", setting a new enable secret and writing it to the startup-config "write memory"? 

Is that correct?

0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to marcus serrao

‎02-17-2024 04:19 PM - edited ‎02-17-2024 04:26 PM

In your procedure (HERE), the first thing you did when the switch boots into ROMMON is to configure "set SWITCH_IGNORE_STARTUP_CFG=1" (which is correct). 

However, look further down.  Do you see anything missing?  

The initial instruction to ignore the startup config is, still, "on".  Where is the step to turn it "off"?

Kindly have a look at this thread:  Catalyst 9300 Password Recovery

 

@marcus serrao wrote:
unplug power then plug in while holding mode button until you get "switch:" prompt

This is wrong.  

This is no longer the correct method to force a Catalyst 9k switch into ROMMON.  The correct process is to press the Mode button three times in quick succession.  Process can be found HERE.

Go to solution
marcus serrao
Level 1
Level 1
In response to Leo Laohoo

‎02-17-2024 04:58 PM

Thank you so much! I added the "switch(config)#: no system ignore startupconfig switch all" to reable the startup-config.

As for the mode button, I've read different things on different switches and have tried the "3 x mode button" thing at the right time upon boot, however it has not worked. What I found was on our 9200Ls at least, you have to hold the mode button down after power on until the switch: prompt comes appears. It's so frustrating that there are no consistent instructions on resetting the startup-config and vlan data on the switch (easily without replacing the whole image via USB/TFTP) and the mode button method is variable that I decided to write my own step by step above. 

I appreciate the assistance!

0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to marcus serrao

‎02-17-2024 05:22 PM - edited ‎02-17-2024 05:23 PM

@marcus serrao wrote:
It's so frustrating that there are no consistent instructions

1.  "Consistency" (or the lack of) is the current Cisco modus operandi.  
2.  "Documentation" (or the lack of) is the current Cisco modus operandi.  Cisco has curtailed documentation practices of the past because the process it takes to maintain a single document is extremely excruciating and very punishing.  As one senior technical staff member said, "It is a soul-devouring and gut-wrenching process nobody wants to do" (or ever repeat).

The best place to find correct documentation is outside of Cisco's sphere.  

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card