This article is also available as a TechRepublic download.
This article was originally published on June 2, 2005.

As your organization’s network continues to grow, you might find
that you’ve outgrown your routers and switches, and you need to deploy new ones.
But what do you do with the old devices?

I recently discussed how to wipe data from PCs
before donating them
to make sure you don’t inadvertently pass on corporate
data. But this best practice doesn’t just apply to hard drives. You must also
take steps to clear information from all other network devices before donating
or selling them to make sure you don’t donate your corporate secrets along with
the hardware.

Wiping the configuration of your network devices is the best
way to keep a black hat from gaining easy access to your network
infrastructure. Let’s look at how you can do this for both Cisco routers and
switches.

Clear the configuration of your router

When it comes to clearing your Cisco router, you have two
acceptable options. While most network administrators are familiar with both
methods, they typically use them for different tasks.

The first method involves setting the configuration register
to 0x2142. Most admins use this method to recover a password, but you can
recover a password and wipe the configuration at the same time.

Follow these steps:

  1. Log on
    to the router, and enter the privileged EXEC mode by entering enable and then entering the enable password command.
  2. Enter configure terminal to go to Global Configuration
    Mode.
  3. Enter config-register 0x2142. (This
    causes the router to ignore the
    startup configuration on the next reload.)
  4. Enter end, and reload the router by entering
    reload at the Router# prompt.
  5. The
    system will ask whether you want to save the configuration. Enter no, and confirm the reload at the
    next prompt.
  6. After
    the router has reloaded, the system will ask whether you want to enter the
    initial configuration dialog. Enter no.
  7. Change
    the configuration register setting to 0x2102 by entering enable and configure terminal to go back to Global Configuration Mode and
    then entering config-register 0x2102.
  8. Enter end, and then enter write memory to overwrite the
    existing startup configuration with the current blank running
    configuration.
  9. Enter reload to reload the router and
    complete the wiping operation.

However, if you already know the password to the router, you
can use the second method. Follow these steps:

  1. Log on
    to your router, and enter the privileged EXEC mode by entering enable and then entering the enable password command.
  2. Enter configure terminal to go to Global
    Configuration Mode.
  3. Enter config-register 0x2102.
  4. Enter end, and then enter the write erase command to delete the
    current startup configuration on the router.
  5. Enter reload to reload the router. When the
    system asks whether you want to save the configuration, enter no.

When the router reloads, it will reset back to the original
factory defaults.

Clear the configuration of your switch

If your Cisco switch runs the CatOS, the procedure to wipe the
configuration is relatively quick. Follow these steps:

  1. Log on
    to your switch, and enter the privileged EXEC mode by entering enable and then entering the enable password command.
  2. Enter clear config all to reset the
    entire system. You don’t need to reload the switch because processing the
    command wipes the switch. If you’ve set a boot option, you need to change
    that option using the set boot command.

If your switch runs Cisco IOS, it maintains a running
configuration file and a startup configuration file, both of which you need to
clear. Follow these steps:

  1. Log on
    to your switch, and enter the privileged EXEC mode by entering enable and then entering the enable password command.
  2. Enter write erase, which erases the NVRAM
    file system and removes all files.
  3. At the
    prompt, confirm that you want to erase all files.
  4. Enter reload, and enter no when prompted whether to save
    the configuration. (Otherwise, the switch will reload the current running
    configuration.)
  5. Confirm
    that you want to reload the switch, and your switch configuration is almost
    clean.

It’s almost clean,
but not quite. Most people forget to clear any VLAN information they’ve created
for their switches. Depending on the hardware version of your switch and the
software version of your OS, the command for this varies. For more information,
check out Cisco’s “Resetting
Catalyst Switches to Factory Defaults”
documentation, which walks you
through the commands for clearing VLAN information from your switch.

Final thoughts

PCs aren’t the only hardware you need to worry about wiping
before donating—you should apply this best practice to any network device
you’re discarding. Don’t donate information about your networks: Clean any network
devices before getting rid of them just as you would a hard drive on a
computer.

Worried about security
issues? Who isn’t? Automatically
sign up for our free Security Solutions newsletter
, delivered each Friday,
and get hands-on advice for locking down your systems.

Mike Mullins has
served as a database administrator and assistant network administrator for the
U.S. Secret Service. He is a network security administrator for the Defense Information
Systems Agency.