Recovery Procedures
The first three procedures require Aboot Shell access through the console port. If the console port becomes inaccessible, use the last procedure in the list to replace the configuration file through the USB Flash Drive.
The Removing the Enable Password from the Startup Configuration section describes the switch booting process and includes descriptions of the Aboot shell, Aboot boot loader, and required configuration files.
Removing the Enable Password from the Startup Configuration
The enable password controls access to Privileged EXEC mode. The switch stores the enable password as an encrypted string generated from the clear-text password to prevent unauthorized disclosure. When using local switch authentication mode and a configured enable password, the CLI prompts to enter the clear-text password after entering the enable command at the EXEC prompt.
The startup-config file stores the encrypted enable password to ensure the switch loads it when rebooting. If the text version of the enable password is lost or forgotten, restore access to enable mode by removing the encrypted enable password from the startup configuration file.
This procedure restores access to enable mode without changing any other configuration settings.
Reverting the Switch to the Factory Default Startup Configuration
The startup-config file contains configuration parameters that the switch uses during a boot. Parameters that do not appear in the startup-configset to factory defaults when the switch reloads. The process requires the Aboot password if Aboot is password protected.
This procedure reverts EOS configuration settings to default by bypassing the startup-config file during a switch boot.
Restoring the Factory Default EOS Image and Startup Configuration
A fullrecover command removes all internal flash contents including configuration files, EOS image files, and user files, and then restores the factory default EOS image and startup-config. When the default image becomes outdated, the switch requires a subsequent installation of the current EOS image. This process requires Aboot shell access through the console port.
This procedure restores the factory default EOS image and startup configuration.
USB Support for ZeroTouch Provisioning
Use Arista’s Zero Touch Provisioning to configure a switch without user intervention. The USB adds another way to provide the bootstrap name and verify the authenticity of the file server.
USB Deployment
- Specify the location of the bootstrap file instead of using DHCP Option 67.
- Provide the x509 root of trust for verifying the bootstrap download location.
- Provide the enrollment token for CloudVision Service customers.
Configuration
Plug in a USB flash drive containing a yaml configuration file into the Arista EOS switch before powering it on.
"bootstrapUrl"
"serverCaCertificate"
"enrollmentToken"
"version": "1.0"
"bootstrapUrl"
"serverCaCertificate"
"enrollmentToken"
"version": "1.0"
"bootstrapUrl"
"serverCaCertificate"
"enrollmentToken"
"version": "1.0"
- The following is a sample of the configuration. Use the following structure for the USB drive:
- USB Drive Roo
- ca.crt
- token.tok
"bootstrapUrl"
"serverCaCertificate"
"enrollmentToken"
"version": "1.0"
Advantages of USB ZTP
- DHCP Server no longer need to configure Option 67.
- The boot script location can now undergo additional checks, such as validating the endpoint before downloading and running the boot script.
- If you want to enroll your devices with the CloudVision Service can do so easily.
Restoring the Configuration and Image from a USB Flash Drive
The USB flash drive port restores an original configuration when you cannot establish a connection to the console port. This process removes the contents of the internal flash drive, restores the factory default configuration, and installs a new EOS image from the USB flash drive.
This procedure restores the factory default configuration and installs an EOS image stored on a USB flash drive.