As your organization’s network continues to grow, you might find that you’ve outgrown your routers and switches, and you need to deploy new ones. But what do you do with the old devices?
It’s best practice to wipe data from PCs before donating them to make sure you don’t inadvertently pass on corporate data. But this best practice doesn’t just apply to hard drives. You must also take steps to clear information from all other network devices before donating or selling them to make sure you don’t donate your corporate secrets along with the hardware.
SEE: Mobile device security policy (TechRepublic Premium)
Wiping the configuration of your network devices is the best way to keep a black hat from gaining easy access to your network infrastructure. Let’s look at how you can do this for both Cisco routers and switches.
Clear the configuration of your router
When it comes to clearing your Cisco router, you have two acceptable options. While most network administrators are familiar with both methods, they typically use them for different tasks.
Clearing a router without a password
The first method involves setting the configuration register to 0x2142. Most admins use this method to recover a password, but you can recover a password and wipe the configuration at the same time.
Follow these steps:
- Log onto the router, and enter the privileged EXEC mode by entering
enable
and then entering theenable password
command. - Enter
configure terminal
to go to Global Configuration Mode. - Enter
config-register 0x2142
. (This causes the router to ignore the startup configuration on the next reload.) - Enter
end
, and reload the router by enteringreload at the Router# prompt.
- The system will ask whether you want to save the configuration. Enter
no
, and confirm the reload at the next prompt. - After the router has reloaded, the system will ask whether you want to enter the initial configuration dialog. Enter
no.
- Change the configuration register setting to 0x2102 by entering
enable
andconfigure terminal</code? to go back to Global Configuration Mode and then entering
config-register 0x2102.
- Enter
end
, and then enterwrite memory
to overwrite the existing startup configuration with the current blank running configuration. - Enter
reload
to reload the router and complete the wiping operation.
Clearing a router with a password
However, if you already know the password to the router, you can use the second method. Follow these steps:
- Log on to your router, and enter the privileged EXEC mode by entering
enable
and then entering theenable password
command. - Enter
configure terminal
to go to Global Configuration Mode. - Enter
config-register 0x2102
. - Enter
end
, and then enter thewrite erase
command to delete the current startup configuration on the router. - Enter
reload
to reload the router. When the system asks whether you want to save the configuration, enterno
.
When the router reloads, it will reset back to the original factory defaults.
Clear the configuration of your switch based on the OS
Depending on the OS of your switch, there are a couple of paths to take to clear the configuration of your switch.
Clearing a switch using CatOS
If your Cisco switch runs the CatOS, the procedure to wipe the configuration is relatively quick. Follow these steps:
- Log on to your switch, and enter the privileged EXEC mode by entering
enable
and then entering theenable password
command. - Enter
clear config all
to reset the entire system. You don’t need to reload the switch because processing the command wipes the switch. If you’ve set a boot option, you need to change that option using theset boot
command.
Clearing a switch using Cisco IOS
If your switch runs Cisco IOS, it maintains a running configuration file and a startup configuration file, both of which you need to clear. Follow these steps:
- Log on to your switch, and enter the privileged EXEC mode by entering
enable
and then entering theenable password
command. - Enter
write erase
, which erases the NVRAM file system and removes all files. - At the prompt, confirm that you want to erase all files.
- Enter
reload,
and enterno
when prompted whether to save the configuration. (Otherwise, the switch will reload the current running configuration.) - Confirm that you want to reload the switch, and your switch configuration is almost clean.
Clearing VLAN information
It’s almost clean, but not quite. Most people forget to clear any VLAN information they’ve created for their switches. Depending on the hardware version of your switch and the software version of your OS, the command for this varies. For more information, check out Cisco’s “Resetting Catalyst Switches to Factory Defaults” documentation, which walks you through the commands for clearing VLAN information from your switch.
Final thoughts
PCs aren’t the only hardware you need to worry about wiping before donating—you should apply this best practice to any network device you’re discarding. Don’t donate information about your networks: Clean any network devices before getting rid of them just as you would a hard drive on a computer.
Mike Mullins has served as a database administrator and assistant network administrator for the U.S. Secret Service. He is a network security administrator for the Defense Information Systems Agency.