NOPE LinkedIn

Catégories:
Security
Network

How to sanitize a cisco nexus switch.

This is needed when you want to put your equipment back in original configuration and don’t want to let any information on it.

To sanitize the switch the following steps need to be done:

1. Erase all configurations
2. reload without saving
3. Update the firmware

1) Erase all old configurations

To erase both configuration files (and start over), enter the write erase commands: You cane have the different options with the ? mark.

write erase ?
  <CR>
  boot   Destroys boot configuration on persistent media
  debug  Destroys debug configuration on persistent media
  poap   Removes System-wide POAP disable configuration on persistent media

we will use all the options to get rid of all the old informations. The boot option erases the boot variable definitions and the IPv4 configuration on the mgmt0 interface.

switch# write erase boot
This command will erase the boot variables and the ip configuration of interface mgmt 0
Do you wish to proceed anyway? (y/n)  [n] y

The debug option erases the debugging configuration.

switch# write erase debug
This command will erase the system only if it is set.
Do you wish to proceed anyway? (y/n)  [n] y

switch# write erase poap
This command will erase the system wide POAP disable flag only if it is set.
Do you wish to proceed anyway? (y/n)  [n] y

Erases configurations in persistent memory. The default action erases the startup configuration.

switch# write erase
Warning: This command will erase the startup-configuration.
Do you wish to proceed anyway? (y/n)  [n] y

2) Restart the switch without saving.

switch# reload
This command will reboot the system. (y/n)?  [n] y

3) Upgrade the firmware

switch# install all nxos bootflash:nxos.9.3.2.bin
Installer will perform compatibility check first. Please wait.
Installer is forced disruptive

Verifying image bootflash:/nxos.9.3.2.bin for boot variable "nxos".
[####################] 100% -- SUCCESS

Verifying image type.
[####################] 100% -- SUCCESS

Preparing "nxos" version info using image bootflash:/nxos.9.3.2.bin.
[####################] 100% -- SUCCESS

Preparing "bios" version info using image bootflash:/nxos.9.3.2.bin.
[####################] 100% -- SUCCESS

Performing module support checks.
[####################] 100% -- SUCCESS

Notifying services about system upgrade.
[####################] 100% -- SUCCESS


Compatibility check is done:
Module  bootable          Impact  Install-type  Reason
------  --------  --------------  ------------  ------
     1       yes  non-disruptive          none



Images will be upgraded according to following table:
Module       Image                  Running-Version(pri:alt)           New-Version  Upg-Required
------  ----------  ----------------------------------------  --------------------  ------------
     1        nxos                                    9.3(2)                9.3(2)            no
     1        bios     v07.66(06/11/2019):v07.66(06/11/2019)    v07.66(06/11/2019)            no


Do you want to continue with the installation (y/n)?  [n] y

At this time you should answer y

Install is in progress, please wait.

Performing runtime checks.
[####################] 100% -- SUCCESS

Setting boot variables.
[####################] 100% -- SUCCESS

Performing configuration copy.
[####################] 100% -- SUCCESS

Module 1: Refreshing compact flash and upgrading bios/loader/bootrom.
Warning: please do not remove or power off the module at this time.
[####################] 100% -- SUCCESS

Install has been successful.

The switch must be reloaded another time

switch# reload
This command will reboot the system. (y/n)?  [n] y

Abort Power On Auto Provisioning [yes - continue with normal setup, skip - bypass password and basic configuration, no - continue with Power On Auto Provisioning] (yes/skip/no)[no]: yes
!!! NOTE: You have selected yes option. POAP will be aborted and password configuration will be skipped !!!
Disabling POAP.......Disabling POAP

Some files need to be manually deleted, like olg logs, old firmwares.

switch# dir
       4096    Nov 03 00:46:25 2021  .rpmstore/
       4096    Jun 26 03:04:14 2020  .swtam/
      92685    Aug 03 07:12:34 2020  20200803_070341_poap_3487_init.log
     190442    Aug 04 06:19:52 2020  20200804_061119_poap_3482_init.log
      28508    Nov 17 01:35:43 2021  20211117_013451_poap_3619_init.log
 1777998029    Jun 26 03:01:40 2020  aci-n9000-dk9.14.1.2g.bin
          0    Oct 29 02:55:59 2020  bootflash_sync_list
       4096    Jun 26 02:57:34 2020  home/
       4096    Nov 03 00:42:09 2021  lost+found/
 1414403072    Jun 26 02:57:33 2020  nxos.9.3.2.bin
          0    Aug 04 06:20:12 2020  platform-sdk.cmd
       7802    Aug 04 06:19:25 2020  poap_retry_debugs.log
       4096    Jun 26 03:04:44 2020  scripts/
       4096    Nov 03 00:50:19 2021  virt_strg_pool_bf_vdc_1/
       4096    Nov 03 00:49:54 2021  virtual-instance/
         59    Nov 03 00:49:44 2021  virtual-instance.conf

Usage for bootflash://
 3427209216 bytes used
50159116288 bytes free
53586325504 bytes total
by Patrice Le Guyader
tags: cisco nexus firmware