Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1667
Views
0
Helpful
3
Replies

How to get rid of stack and crypto key on a 3750 switch

carine.henrio
Level 1
Level 1

‎08-11-2016 11:57 PM - edited ‎03-08-2019 06:58 AM 

Hi everyone !

I got some old Cisco 3750 switches and Id like to install them on another place, but I'd need to get them back to factory default settings (with the last software version though).

Software installing ran ok, got downloaded on the flash memory and switches boot perfectly on it :-)

 However, the "factory settings recovering procedure" I read there (http://www.cisco.com/c/en/us/support/docs/switches/catalyst-2900-xl-series-switches/24328-156.html#before) looks incomplete...

 I indeed had the surprise to see some vlan still there, even after erasing vlan.dat and copying running into startup-config.
 Had to erase them one by one "manually", which looks strange to me... Could you explain me why maybe ?

 But my main trouble is erasing the rsa crypto key that remains on a trustpoint... Even erasing the key, then the trustpoint, copying running to startup and rebooting... Rsa key comes back again over and over :-(
 More precisely, I entered in config mode "no crypto key zeroize rsa" and "no crypto pki trustpoint TP..." (thanks to the forum)
Didn't work so far.

 On other switches, where no trustpoint nor key were created, there is no problem and they work like fresh out of the factory, except the software was updated.

 Stack problem : On some switches, there are still stacks mentionned :-( Even if the switch is alone and I don't know how to erase is.
 I tried the command "no switch 1 provision" (again thanks to the forum for that help) but got the answer :
 %Switch can not be un-provisioned when it is physically present

Could you please tell me what to do ?
- About getting rid of stacks
- About getting rid of RSA crypto key and trustpoint

Waiting for your answers and getting ready to feel grateful :-)

Carine
Labels:
0 Helpful
3 Replies 3

Mark Malone
VIP Alumni
VIP Alumni

‎08-12-2016 03:29 AM

HI Carine

so the vlan.dat if you delete that from flash and save(wr) the vlan.dat it will re-appear but only with the default vlan , none of your other vlans should still be there in the .dat file , that's whats supposed to happen, saying that I have seen what you are seeing over the years and it usually relates to the current software having some caveat issue , deleting each vlan manually has fixed that or uploading a new ios try delete the vlan.dat file again ---delete flash:vlan.dat -- 2nd option maybe more preferred if you have large amounts of vlans if it keeps coming back with same vlan.dat file

If i understand you right about the stack when you remove it its standalone still works but might have like interface's 2/0/1 or 4/0/1 instead of 1/0/1 even though its standalone

you need to along with provision re-number it first like ----switch 4 renumber 1----then remove provision then save and reboot that should bring it back to normal factory in terms of no stack

The crypto you have the right commands that's exactly what you do , remove the trustpoint then the actual generated keys , show the keys show crypto key mypubkey rsa then remove them then save and then do the show again see if they are gone , if this I failing again I would try another IOS first , if its old it could be buggy , What is the current IOS version on these switches ?

show crypto key mypubkey TP-self-signed-1612132096

no crypto key zeroize rsa TP-self-signed-1612132096

0 Helpful

carine.henrio
Level 1
Level 1
In response to Mark Malone

‎08-12-2016 05:05 AM

Hi Mark and thanks for your answer.

You got to my point saying it should work but it doesn't :-)

I'm currently using the c3750-ipservicesk9-mz.122-50.SE5 version, which looks VERY old :-(

If it can explain the problems I'm facing, then I guess I just have to get over it, since I want to use this version for company reasons.

0 Helpful

Mark Malone
VIP Alumni
VIP Alumni
In response to carine.henrio

‎08-12-2016 05:16 AM

Yes that's very old now 6 years  , a better choice would be the 12.55SE10 which is the safe harbour for that platform , everything that 12.50 can do the 12.55 will have as well in terms of features and probably more along with stability if that's what your concerned about for the company loosing elements of features , check there are no other crypto features running as well if the zerosize is still not working , like that ip https server is disabled , if that's on and certain other features could be the cause of the keys not removing

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card