Recovery Procedures

These sections describe the following switch recovery procedures:

The first three procedures require Aboot Shell access through the console port. If the console port becomes inaccessible, use the last procedure in the list to replace the configuration file through the USB Flash Drive.

The Removing the Enable Password from the Startup Configuration section describes the switch booting process and includes descriptions of the Aboot shell, Aboot boot loader, and required configuration files.

Removing the Enable Password from the Startup Configuration

The enable password controls access to Privileged EXEC mode. The switch stores the enable password as an encrypted string generated from the clear-text password to prevent unauthorized disclosure. When using local switch authentication mode and a configured enable password, the CLI prompts to enter the clear-text password after entering the enable command at the EXEC prompt.

The startup-config file stores the encrypted enable password to ensure the switch loads it when rebooting. If the text version of the enable password is lost or forgotten, restore access to enable mode by removing the encrypted enable password from the startup configuration file.

Note: During the recovery process, the secondary supervisor must be physically removed from the system containing more than one supervisor. It ensures that the switch does not recover the previous configuration from the secondary supervisor upon reboot during the recovery process.

This procedure restores access to enable mode without changing any other configuration settings.

  1. Access the Aboot shell:
    1. Power cycle the switch by successively removing and restoring access to its power source.
    2. Enter Ctrl-C when prompted early in the boot process.
    3. Enter the Aboot password if prompted. If you do not know the Aboot password, refer to Restoring the Factory Default EOS Image and Startup Configuration for instructions on reverting all flash directory contents to the factory default, including the startup configuration and EOS image.
  2. Change the active directory to the /mnt/flash directory. 
    Aboot# cd /mnt/flash
  3. Open the startup-config file using VI or emacs. 
    Aboot# vi startup-config
  4. Remove the enable password line. 
    enable password 5 $1$dBXo2KpF$Pd4XYLpI0ap1ZaU7glG1w/
  5. Save the changes and exit vi.
  6. Exit Aboot. The switch reboots. 
    Aboot# exit

Reverting the Switch to the Factory Default Startup Configuration

The startup-config file contains configuration parameters that the switch uses during a boot. Parameters that do not appear in the startup-configset to factory defaults when the switch reloads. The process requires the Aboot password if Aboot is password protected.

This procedure reverts EOS configuration settings to default by bypassing the startup-config file during a switch boot.

  1. Access the Aboot shell through the console port:
    1. Enter reload at the Privileged EXEC prompt.
    2. Enter Ctrl-C when prompted early in the boot process.
    3. Enter the Aboot password if prompted. If you do not know the Aboot password, refer to Restoring the Factory Default EOS Image and Startup Configuration for instructions on reverting all flash directory contents to the factory default, including startup-config and EOS image.
  2. Change the active directory to the /mnt/flash directory. 
    Aboot# cd /mnt/flash
  3. Rename the startup configuration file. 
    Aboot# mv startup-config startup-config.old
  4. Exit Aboot. This boots the switch. 
    Aboot# exit
  5. Cancel Zero Touch Provisioning (ZTP). Refer to Canceling Zero Touch Provisioning for instructions.
    For non-canceled ZTP, the switch performs one of the following actions:
    • Boots using the startup-config file or boot script that it obtains from the network, or
    • Remains in ZTP mode if the switch cannot download a startup-config file or boot script.
  6. Configure the admin and enable passwords. 
    switch> enable
switch# configure terminal
switch(config)# enable password xyz1 
switch(config)# username admin secret abc41
  7. Save the new running-config to the startup configuration file. 
    switch# write
  8. (Optional) Delete the old startup configuration file. 
    switch# delete startup-config.old
    After canceling ZTP, the switch reboots using the factory default settings and to avoid entering ZTP mode on subsequent reboots, create a startup-config file before the next switch reboot.

Restoring the Factory Default EOS Image and Startup Configuration

A fullrecover command removes all internal flash contents including configuration files, EOS image files, and user files, and then restores the factory default EOS image and startup-config. When the default image becomes outdated, the switch requires a subsequent installation of the current EOS image. This process requires Aboot shell access through the console port.

Note: For hardware available after June 2017, the factory default partition does not contain the backup EOS software image. It increases the flash size on smaller flash disks. Other options are available in the fullrecover command functionality to restore the factory default EOS image. It applies to both fixed system and modular system hardware.

This procedure restores the factory default EOS image and startup configuration.

  1. Access the Aboot shell through the console port:
    1. Enter reload at the Privileged EXEC prompt.
    2. Enter Ctrl-C when prompted early in the boot process.
    3. Enter the Aboot password if prompted. If you do not know the Aboot password, enter an empty password three times, after which the CLI displays: 
      Type "fullrecover" and press Enter to revert /mnt/flash to factory default state, or just press Enter to reboot:
    4. Type fullrecover and go to 4.
  2. Enter fullrecover at the Aboot prompt. 
    Aboot#fullrecover
    Aboot displays this warning: 
    All data on /mnt/flash will be erased; type "yes" and press Enter to proceed, or just press Enter to cancel:
  3. Enter yes and press the Enter key.
    The switch performs one of the following actions:
    • Erases the contents of /mnt/flash.
    • Writes new boot-config, startup-config, and EOS.swi files to /mnt/flash.
    • Returns to the Aboot prompt.
  4. Exit Aboot.The switch reboots. 
    Aboot#exit

    The serial console settings restore to their default values (9600/N/8/1/N).

  5. Reconfigure the console port if you require non-default settings.
  6. Cancel Zero Touch Provisioning (ZTP). Refer to Canceling Zero Touch Provisioning for instructions.
    If you do not cancel ZTP, the switch does one of the following:
    • Boots, using the startup-config file or boot script that it obtains from the network or
    • Remains in ZTP mode if the switch cannot download a startup-config file or boot script.

    When you cancel ZTP, the switch reboots using the factory default settings. To avoid entering ZTP mode on subsequent reboots, create a startup-config file before the next switch reboot.

USB Support for ZeroTouch Provisioning

Use Arista’s Zero Touch Provisioning to configure a switch without user intervention. The USB adds another way to provide the bootstrap name and verify the authenticity of the file server.

USB Deployment

When using a USB drive during ZTP, configure the following features:
  1. Specify the location of the bootstrap file instead of using DHCP Option 67.
  2. Provide the x509 root of trust for verifying the bootstrap download location.
  3. Provide the enrollment token for CloudVision Service customers.

Configuration

Plug in a USB flash drive containing a yaml configuration file into the Arista EOS switch before powering it on.

The configuration (<USB-ROOT>/ztp/ztpConfig.yaml) should look like this:
"bootstrapUrl"
"serverCaCertificate"
"enrollmentToken"
"version": "1.0"
bootstrapUrl - The URL for bootstrap file, such as https://cvp/config.py.
 "bootstrapUrl"
serverCaCertificate - The path for the x509 root of trust on the remote file server on the USB, such as “ca.crt”.
"serverCaCertificate"
enrollmentToken - The path for the enrollment token on the USB, such as “token.tok”
"enrollmentToken"
All ZTP related files, serverCaCertificate and enrollmentToken, should be present in (<USB-ROOT>/ztp/* ), and the location specified in the ztpConfiguration yaml w.r.t to this folder.
"version": "1.0"
All the fields are optional. The following example displays a valid configuration. It performs as if no USB in place. 
"bootstrapUrl"
"serverCaCertificate"
"enrollmentToken"
"version": "1.0"
  • The following is a sample of the configuration. Use the following structure for the USB drive:
  • USB Drive Roo
    • ca.crt
    • token.tok
"bootstrapUrl"
"serverCaCertificate"
"enrollmentToken"
"version": "1.0"

Advantages of USB ZTP

  • DHCP Server no longer need to configure Option 67.
  • The boot script location can now undergo additional checks, such as validating the endpoint before downloading and running the boot script.
  • If you want to enroll your devices with the CloudVision Service can do so easily.

Restoring the Configuration and Image from a USB Flash Drive

The USB flash drive port restores an original configuration when you cannot establish a connection to the console port. This process removes the contents of the internal flash drive, restores the factory default configuration, and installs a new EOS image from the USB flash drive.

This procedure restores the factory default configuration and installs an EOS image stored on a USB flash drive.

  1. Prepare the USB flash drive:
    1. Verify the drive has a MS-DOS or FAT file system format. Most USB drives ship with a pre-formatted with a compatible file system.
    2. Create a text file named fullrecover on the USB flash drive. The filename does not have an extension. The file may be empty.
    3. Create a text file named boot-config. The last modified timestamp of the boot-config file on the USB flash must differ from the timestamp of the boot-config file on the switch.
    4. Enter this line in the new boot-config file on the USB flash:
      SWI=flash:EOS.swi
    5. Copy an EOS image file to the flash drive. Rename it EOS.swi if it has a different file name. For best results, the flash drive should contain only these three files because the procedure copies all files and directories on the USB flash drive to the switch.
      • fullrecover
      • boot-config
      • EOS.swi
  2. Insert the USB flash drive into the USB flash port on the switch, as shown in Figure 1.
  3. Connect a terminal to the console port and configure it with the default terminal settings (9600/N/8/1) to monitor progress messages on the console.
  4. Power up or reload the switch.
    The switch erases internal flash contents and copies the files from the USB flash drive to internal flash. The switch then boots automatically.
  5. Cancel Zero Touch Provisioning (ZTP). Refer to Canceling Zero Touch Provisioning for instructions.
    If ZTP is not canceled, the switch either:
    • Boots, using the startup-config file or boot script that it obtains from the network or
    • Remains in ZTP mode if the switch cannot download a startup-config file or boot script.
    After canceling ZTP, the switch reboots using the factory default settings to avoid entering ZTP mode on subsequent reboots and creates a startup-config file before the next switch reboot.