recovery procedures
The first three procedures require Aboot Shell access through the console port. If the console port is inaccessible, use the last procedure in the list to replace the configuration file through the USB Flash Drive.
1 describes the switch booting process and includes descriptions of the Aboot shell, Aboot boot loader, and required configuration files.
Removing the Enable Password from the Startup Configuration
The enable password controls access to Privileged EXEC mode. To prevent unauthorized disclosure, the switch stores the enable password as an encrypted string generated from the clear-text password. When the switch authentication mode is local and configures an enable password, the CLI prompts the user to enter the clear-text password after the user types enable at the EXEC prompt.
The startup-config file stores the encrypted enable password to ensure the switch loads it when rebooting. If the text version of the enable password is lost or forgotten, access to enable mode restores by removing the encrypted enable password from the startup configuration file.
This procedure restores access to enable mode without changing any other configuration settings.
Reverting the Switch to the Factory Default Startup Configuration
The startup-config file contains configuration parameters that the switch uses during a boot. Parameters not appearing in startup-config are set to factory defaults when the switch reloads. The process requires the Aboot password if Aboot is password protected.
This procedure reverts eos configuration settings to default by bypassing the startup-config file during a switch boot.
Restoring the Factory Default eos Image and Startup Configuration
A fullrecover command removes all internal flash contents (including configuration files, eos image files, and user files), then restores the factory default eos image and startup-config. When the default image is outdated, a subsequent installation of the current eos image is required. This process requires Aboot shell access through the console port.
This procedure restores the factory default eos image and startup configuration.
USB Support for ZeroTouch Provisioning
Use Arista’s Zero Touch Provisioning to configure a switch without user intervention. The USB adds another way to provide the bootstrap name and verify the authenticity of the file server.
USB Deployment
- Specify the location of the bootstrap file instead of using DHCP Option 67.
- Provide the x509 root of trust for verifying the bootstrap download location.
- Provide the enrollment token for CloudVision Service customers.
Configuration
A USB containing a yaml configuration file is plugged into the Arista eos switch before powering it on.
"bootstrapUrl"
"serverCaCertificate"
"enrollmentToken"
"version": "1.0"
"bootstrapUrl"
"serverCaCertificate"
"enrollmentToken"
"version": "1.0"
"bootstrapUrl"
"serverCaCertificate"
"enrollmentToken"
"version": "1.0"
- The following is a sample of the configuration. The structure of the USB drive is:
- USB Drive Roo
- ca.crt
- token.tok
"bootstrapUrl"
"serverCaCertificate"
"enrollmentToken"
"version": "1.0"
Advantages
- DHCP Server no longer needs to have Option 67 configured.
- The boot script location can now undergo additional checks, such as validating the endpoint before downloading and running the boot script.
- Customers wishing to enroll their devices in the CloudVision Service have an easy means to do so.
Restoring the Configuration and Image from a USB Flash Drive
The USB flash drive port restores an original configuration when you cannot establish a connection to the console port. This process removes the contents of the internal flash drive, restores the factory default configuration, and installs a new eos image from the USB flash drive.
This procedure restores the factory default configuration and installs an eos image stored on a USB flash drive.