Person Plugs in RJ45 Internet Connector into LAN Router Switch. Information Communication Network with Data Cable Being Connected to Port with Blinking Lights.
Image: Gorodenkoff/Adobe Stock

As your organization’s network continues to grow, you might find that you’ve outgrown your routers and switches, and you need to deploy new ones. But what do you do with the old devices?

It’s best practice to wipe data from PCs before donating them to make sure you don’t inadvertently pass on corporate data. But this best practice doesn’t just apply to hard drives. You must also take steps to clear information from all other network devices before donating or selling them to make sure you don’t donate your corporate secrets along with the hardware.

SEE: Mobile device security policy (TechRepublic Premium)

Wiping the configuration of your network devices is the best way to keep a black hat from gaining easy access to your network infrastructure. Let’s look at how you can do this for both Cisco routers and switches.

Clear the configuration of your router

When it comes to clearing your Cisco router, you have two acceptable options. While most network administrators are familiar with both methods, they typically use them for  different tasks.

Clearing a router without a password

The first method involves setting the configuration register to 0x2142. Most admins use this method to recover a password, but you can recover a password and wipe the configuration at the same time.

Follow these steps:

  1. Log onto the router, and enter the privileged EXEC mode by entering enable and then entering the enable password command.
  2. Enter configure terminal to go to Global Configuration Mode.
  3. Enter config-register 0x2142. (This causes the router to ignore the startup configuration on the next reload.)
  4. Enter end, and reload the router by entering reload at the Router# prompt.
  5. The system will ask whether you want to save the configuration. Enter no, and confirm the reload at the next prompt.
  6. After the router has reloaded, the system will ask whether you want to enter the initial configuration dialog. Enter no.
  7. Change the configuration register setting to 0x2102 by entering enable and configure terminal</code? to go back to Global Configuration Mode and then entering config-register 0x2102.
  8. Enter end, and then enter write memory to overwrite the existing startup configuration with the current blank running configuration.
  9. Enter reload to reload the router and complete the wiping operation.

Clearing a router with a password

However, if you already know the password to the router, you can use the second method. Follow these steps:

  1. Log on to your router, and enter the privileged EXEC mode by entering enable and then entering the enable password command.
  2. Enter configure terminal to go to Global Configuration Mode.
  3. Enter config-register 0x2102.
  4. Enter end, and then enter the write erase command to delete the current startup configuration on the router.
  5. Enter reload to reload the router. When the system asks whether you want to save the configuration, enter no.

When the router reloads, it will reset back to the original factory defaults.

Clear the configuration of your switch based on the OS

Depending on the OS of your switch, there are a couple of paths to take to clear the configuration of your switch.

Clearing a switch using CatOS

If your Cisco switch runs the CatOS, the procedure to wipe the configuration is relatively quick. Follow these steps:

  1. Log on to your switch, and enter the privileged EXEC mode by entering enable and then entering the enable password command.
  2. Enter clear config all to reset the entire system. You don’t need to reload the switch because processing the command wipes the switch. If you’ve set a boot option, you need to change that option using the set boot command.

Clearing a switch using Cisco IOS

If your switch runs Cisco IOS, it maintains a running configuration file and a startup configuration file, both of which you need to clear. Follow these steps:

  1. Log on to your switch, and enter the privileged EXEC mode by entering enable and then entering the enable password command.
  2. Enter write erase, which erases the NVRAM file system and removes all files.
  3. At the prompt, confirm that you want to erase all files.
  4. Enter reload, and enter no when prompted whether to save the configuration. (Otherwise, the switch will reload the current running configuration.)
  5. Confirm that you want to reload the switch, and your switch configuration is almost clean.

Clearing VLAN information

It’s almost clean, but not quite. Most people forget to clear any VLAN information they’ve created for their switches. Depending on the hardware version of your switch and the software version of your OS, the command for this varies. For more information, check out Cisco’s “Resetting Catalyst Switches to Factory Defaults” documentation, which walks you through the commands for clearing VLAN information from your switch.

Final thoughts

PCs aren’t the only hardware you need to worry about wiping before donating—you should apply this best practice to any network device you’re discarding. Don’t donate  information about your networks: Clean any network devices before getting rid of them just as you would a hard drive on a computer.

Mike Mullins has served as a database administrator and assistant network administrator for the U.S. Secret Service. He is a network security administrator for the Defense Information Systems Agency.

Subscribe to the Developer Insider Newsletter

From the hottest programming languages to commentary on the Linux OS, get the developer and open source news and tips you need to know. Delivered Tuesdays and Thursdays

Subscribe to the Developer Insider Newsletter

From the hottest programming languages to commentary on the Linux OS, get the developer and open source news and tips you need to know. Delivered Tuesdays and Thursdays