Recovery Procedures

These sections describe switch recovery procedures:

The first three procedures require aboot shell access through the console port. If the console port is inaccessible, use the last procedure in the list to replace the configuration file through the USB Flash Drive.

1 describes the switch booting process and includes descriptions of the aboot shell, aboot boot loader, and required configuration files.

Removing the Enable Password from the Startup Configuration

The enable password controls access to Privileged EXEC mode. To prevent unauthorized disclosure, the switch stores the enable password as an encrypted string generated from the clear-text password. When the switch authentication mode is local and configures an enable password, the CLI prompts the user to enter the clear-text password after the user types enable at the EXEC prompt.

The startup-config file stores the encrypted enable password to ensure the switch loads it when rebooting. If the text version of the enable password is lost or forgotten, access to enable mode restores by removing the encrypted enable password from the startup configuration file.

Note: During the recovery process,the secondary supervisor must be physically removed from the system in a system containing more than one supervisor. It ensures the previous configuration is not recovered from the secondary supervisor upon reboot during the recovery process.

This procedure restores access to enable mode without changing any other configuration settings.

  1. Access the aboot shell:
    1. Power cycle the switch by successively removing and restoring access to its power source.
    2. Type Ctrl-C when prompted, early in the boot process.
    3. Enter the aboot password if prompted. If the aboot password is unknown, refer to Restoring the Factory Default eos Image and Startup Configuration for instructions on reverting all flash directory contents to the factory default, including the startup configuration and eos image.
  2. Change the active directory to the /mnt/flash directory. 
    aboot#cd /mnt/flash
  3. Open the startup-config file in vi. 
    aboot#vi startup-config
  4. Remove the enable password line.
    This is an example of an enable password line:
    enable password 5 $1$dBXo2KpF$Pd4XYLpI0ap1ZaU7glG1w/
  5. Save the changes and exit vi.
  6. Exit aboot. It boots the switch. 
    aboot#exit

Reverting the Switch to the Factory Default Startup Configuration

The startup-config file contains configuration parameters that the switch uses during a boot. Parameters not appearing in startup-config are set to factory defaults when the switch reloads. The process requires the aboot password if aboot is password protected.

This procedure reverts eos configuration settings to default by bypassing the startup-config file during a switch boot.

  1. Access the aboot shell through the console port:
    1. Type reload at the Privileged EXEC prompt.
    2. Type Ctrl-C when prompted early in the boot process.
    3. Enter the aboot password if prompted. If the aboot password is unknown, refer to Restoring the Factory Default eos Image and Startup Configuration for instructions on reverting all flash directory contents to the factory default, including startup-config and eos image.
  2. Change the active directory to the /mnt/flash directory. 
    aboot#cd /mnt/flash
  3. Rename the startup configuration file. 
    aboot#mv startup-config startup-config.old
  4. Exit aboot. This boots the switch. 
    aboot#exit
  5. Cancel Zero Touch Provisioning (ZTP). Refer to Canceling Zero Touch Provisioning for instructions.
    For non-canceled ZTP, the switch either:
    • boots, using the startup-config file or boot script that it obtains from the network, or
    • remains in ZTP mode if the switch cannot download a startup-config file or boot script.
  6. Configure the admin and enable passwords. 
    switch>enable
switch#configure terminal
switch(config)#enable password xyz1 
switch(config)#username admin secret abc41
  7. Save the new running-config to the startup configuration file. 
    switch#write
  8. (Optional) Delete the old startup configuration file. 
    switch#delete startup-config.old
    After canceling ZTP, the switch reboots using the factory default settings, to avoid entering ZTP mode on subsequent reboots, create a startup-config file before the next switch reboot.

Restoring the Factory Default eos Image and Startup Configuration

A fullrecover command removes all internal flash contents (including configuration files, eos image files, and user files), then restores the factory default eos image and startup-config. When the default image is outdated, a subsequent installation of the current eos image is required. This process requires aboot shell access through the console port.

Note: For hardware available after June 2017, the factory default partition will not have the backup eos software image. It increases the flash size on smaller flash disks. Other options are available in the fullrecover command functionality to restore the factory default eos image. It applies to both fixed system and modular system hardware.

This procedure restores the factory default eos image and startup configuration.

  1. Access the aboot shell through the console port:
    1. Type reload at the Privileged EXEC prompt.
    2. Type Ctrl-C when prompted early in the boot process.
    3. Enter the aboot password if prompted. If the aboot password is not known, enter an empty password three times, after which the CLI displays: 
      Type "fullrecover" and press Enter to revert /mnt/flash to factory default state, or just press Enter to reboot:
    4. Type fullrecover and go to 4.
  2. Type fullrecover at the aboot prompt. 
    aboot#fullrecover
    aboot displays this warning: 
    All data on /mnt/flash will be erased; type "yes" and press Enter to proceed, or just press Enter to cancel:
  3. Type yes and select Enter key.
    The switch performs these actions:
    • erases the contents of /mnt/flash
    • writes new boot-config, startup-config, and eos.swi files to /mnt/flash
    • returns to the aboot prompt
  4. Exit aboot. It boots the switch. 
    aboot#exit
    The serial console settings restore to their default values (9600/N/8/1/N).
  5. Reconfigure the console port if non-default settings are required.
  6. Cancel Zero Touch Provisioning (ZTP). Refer to Canceling Zero Touch Provisioning for instructions.
    For non-canceled ZTP, the switch either:
    • Boots, using the startup-config file or boot script that it obtains from the network or
    • Remains in ZTP mode if the switch cannot download a startup-config file or boot script.
    For canceled ZTP, the switch reboots using the factory default settings. To avoid entering ZTP mode on subsequent reboots, create a startup-config file before the next switch reboot.

USB Support for ZeroTouch Provisioning

Use Arista’s Zero Touch Provisioning to configure a switch without user intervention. The USB adds another way to provide the bootstrap name and verify the authenticity of the file server.

USB Deployment

By using a USB drive during ZTP, the following features are possible:
  1. Specify the location of the bootstrap file instead of using DHCP Option 67.
  2. Provide the x509 root of trust for verifying the bootstrap download location.
  3. Provide the enrollment token for CloudVision Service customers.

Configuration

A USB containing a yaml configuration file is plugged into the Arista eos switch before powering it on.

The configuration (<USB-ROOT>/ztp/ztpConfig.yaml) should look like this:
 "bootstrapUrl"
 "serverCaCertificate"
 "enrollmentToken"
"version": "1.0"
bootstrapUrl: URL for bootstrap file, such as https://cvp/config.py.
 "bootstrapUrl"
serverCaCertificate: path for x509 root of trust for the remote file server on the USB, such as “ca.crt”.
 "serverCaCertificate"
enrollmentToken: path for enrollment token on the USB, such as “token.tok”
 "enrollmentToken"
All ZTP related files, serverCaCertificate and enrollmentToken, should be present in (<USB-ROOT>/ztp/* ), and the location is to be specified in the ztpConfiguration yaml w.r.t to this folder.
 "version": "1.0"
All the fields are optional. For example, this is a valid configuration. It will act as though there is no USB in place. 
 "bootstrapUrl"
 "serverCaCertificate"
 "enrollmentToken"
"version": "1.0"
  • The following is a sample of the configuration. The structure of the USB drive is:
  • USB Drive Roo
    • ca.crt
    • token.tok
 "bootstrapUrl"
 "serverCaCertificate"
 "enrollmentToken"
"version": "1.0"

Advantages

  • DHCP Server no longer needs to have Option 67 configured.
  • The boot script location can now undergo additional checks, such as validating the endpoint before downloading and running the boot script.
  • Customers wishing to enroll their devices in the CloudVision Service have an easy means to do so.

Restoring the Configuration and Image from a USB Flash Drive

The USB flash drive port restores an original configuration when you cannot establish a connection to the console port. This process removes the contents of the internal flash drive, restores the factory default configuration, and installs a new eos image from the USB flash drive.

This procedure restores the factory default configuration and installs an eos image stored on a USB flash drive.

  1. Prepare the USB flash drive:
    1. Verify the drive is formatted with MS-DOS or FAT file system. Most USB drives are pre-formatted with a compatible file system.
    2. Create a text file named fullrecover on the USB flash drive. The filename does not have an extension. The file may be empty.
    3. Create a text file named boot-config. The last modified timestamp of the boot-config file on the USB flash must differ from the timestamp of the boot-config file on the switch.
    4. Enter this line in the new boot-config file on the USB flash:
      SWI=flash:eos.swi
    5. Copy an eos image file to the flash drive. Rename it eos.swi if it has a different file name. For best results, the flash drive should contain only these three files because the procedure copies all files and directories on the USB flash drive to the switch.
      • fullrecover
      • boot-config
      • eos.swi
  2. Insert the USB flash drive into the USB flash port on the switch, as shown in Figure 1.
  3. Connect a terminal to the console port and configure it with the default terminal settings (9600/N/8/1) to monitor progress messages on the console.
  4. Power up or reload the switch.
    The switch erases internal flash contents and copies the files from the USB flash drive to internal flash. The switch then boots automatically.
  5. Cancel Zero Touch Provisioning (ZTP). Refer to Canceling Zero Touch Provisioning for instructions.
    If ZTP is not canceled, the switch either:
    • Boots, using the startup-config file or boot script that it obtains from the network or
    • Remains in ZTP mode if the switch cannot download a startup-config file or boot script.
    After canceling ZTP, the switch reboots using the factory default settings to avoid entering ZTP mode on subsequent reboots and creates a startup-config file before the next switch reboot.