Recovery Procedures

The first three procedures require Aboot Shell access through the console port. If the console port is not accessible, use the last procedure in the list to replace the configuration file through the USB Flash Drive.

1 describes the switch booting process and includes descriptions of the Aboot shell, Aboot boot loader, and required configuration files.

Removing the Enable Password from the Startup Configuration

The enable password controls access to Privileged EXEC mode. To prevent unauthorized disclosure, the switch stores the enable password as an encrypted string that it generates from the clear-text password. When the switch authentication mode is local and an enable password is configured, the CLI prompts the user to enter the clear-text password after the user types enable at the EXEC prompt.

The startup-config file stores the encrypted enable password to ensure that the switch loads it when rebooting. If the text version of the enable password is lost or forgotten, access to enable mode is restored by removing the encrypted enable password from the startup configuration file.

Note: During the recovery process, in a system containing more than one supervisor, the secondary supervisor must be physically removed from the system. This ensures the previous configuration is not recovered from the secondary supervisor upon reboot during the recovery process.

This procedure restores access to enable mode without changing any other configuration settings.

  1. Access the Aboot shell:
    1. Power cycle the switch by successively removing and restoring access to its power source.
    2. Type Ctrl-C when prompted, early in the boot process.
    3. Enter the Aboot password, if prompted. If the Aboot password is unknown, refer to Restoring the Factory Default eos Image and Startup Configuration for instructions on reverting all flash directory contents to the factory default, including the startup configuration and eos image.
  2. Change the active directory to /mnt/flash directory.
    Aboot#cd /mnt/flash 
  3. Open the startup-config file in vi.
    Aboot#vi startup-config
  4. Remove the enable password line.
    This is an example of an enable password line:
    enable password 5 $1$dBXo2KpF$Pd4XYLpI0ap1ZaU7glG1w/ 
  5. Save the changes and exit vi.
  6. Exit Aboot. This boots the switch.
    Aboot#exit 

Reverting the Switch to the Factory Default Startup Configuration

The startup-config file contains configuration parameters that the switch uses during a boot. Parameters that do not appear in startup-config are set to their factory defaults when the switch reloads. The process requires the Aboot password if Aboot is password protected.

This procedure reverts eos configuration settings to the default state through bypassing the startup-config file during a switch boot.

  1. Access the Aboot shell through the console port:
    1. Type reload at the Privileged EXEC prompt.
    2. Type Ctrl-C when prompted, early in the boot process.
    3. Enter the Aboot password, if prompted. If the Aboot password is unknown, refer to Restoring the Factory Default eos Image and Startup Configuration for instructions on reverting all flash directory contents to the factory default, including startup-config and eos image.
  2. Change the active directory to /mnt/flash directory.
    Aboot#cd /mnt/flash 
  3. Rename the startup configuration file.
    Aboot#mv startup-config startup-config.old 
  4. Exit Aboot. This boots the switch.
    Aboot#exit 
  5. Cancel Zero Touch Provisioning (ZTP). Refer to Canceling Zero Touch Provisioning for instructions.
    If ZTP is not canceled, the switch either:
    • boots, using the startup-config file or boot script that it obtains from the network, or
    • remains in ZTP mode if the switch is unable to download a startup-config file or boot script.
  6. Configure the admin and enable passwords.
    switch>enable
    switch#configure terminal
    switch(config)#enable password xyz1 
    switch(config)#username admin secret abc41 
  7. Save the new running-config to the startup configuration file.
    switch#write
  8. (Optional) Delete the old startup configuration file.
    switch#delete startup-config.old
    After ZTP is canceled, the switch reboots, using the factory default settings. To avoid entering ZTP mode on subsequent reboots, create a startup-config file before the next switch reboot.

Restoring the Factory Default eos Image and Startup Configuration

A fullrecover command removes all internal flash contents (including configuration files, eos image files, and user files), then restores the factory default eos image and startup-config. A subsequent installation of the current eos image may be required if the default image is outdated. This process requires Aboot shell access through the console port.

Note: For hardware that is purchased after June 2017, the factory default partition will not have the backup eos software image. This is done to increase the flash size on smaller flash disks and also since other options are available in the fullrecover command functionality to restore factory default eos image. This is applicable to both fixed system and modular system hardware.

This procedure restores the factory default eos image and startup configuration.

  1. Access the Aboot shell through the console port:
    1. Type reload at the Privileged EXEC prompt.
    2. Type Ctrl-C when prompted, early in the boot process.
    3. Enter the Aboot password, if prompted. If the Aboot password is not known, enter an empty password three times, after which the CLI displays:
      Type "fullrecover" and press Enter to revert /mnt/flash to factory default state, or just press Enter to reboot:
    4. Type fullrecover and go to 4 .
  2. Type fullrecover at the Aboot prompt.
    Aboot#fullrecover 
    Aboot displays this warning:
    All data on /mnt/flash will be erased; type "yes" and press Enter to proceed, or just press Enter to cancel: 
  3. Type yes and press Enter.
    The switch performs these actions:
    • erases the contents of /mnt/flash
    • writes new boot-config, startup-config, and eos.swi files to /mnt/flash
    • returns to the Aboot prompt
  4. Exit Aboot. This boots the switch.
    Aboot#exit 
    The serial console settings are restored to their default values (9600/N/8/1/N).
  5. Reconfigure the console port if non-default settings are required.
  6. Cancel Zero Touch Provisioning (ZTP). Refer to Canceling Zero Touch Provisioning for instructions.
    If ZTP is not canceled, the switch either:
    • boots, using the startup-config file or boot script that it obtains from the network, or
    • remains in ZTP mode if the switch is unable to download a startup-config file or boot script.
    After ZTP is canceled, the switch reboots, using the factory default settings. To avoid entering ZTP mode on subsequent reboots, create a startup-config file before the next switch reboot.

USB Support for ZeroTouch Provisioning

Use Arista’s Zero Touch Provisioning to configure a switch without user intervention. The USB adds another way to provide the bootstrap-name and to verify the authenticity of the file-server.

USB Deployment

By using a USB drive during ZTP, the following features are possible:
  1. Specify the location of the bootstrap file instead of using DHCP Option 67.
  2. Provide the x509 root of trust for verifying the bootstrap download location.
  3. Provide the enrollment token for CloudVision Service customers.

Configuration

A USB containing a yaml configuration file is plugged into the Arista eos switch before powering on the switch.

The configuration (<USB-ROOT>/ztp/ztpConfig.yaml) should look like this:
 "bootstrapUrl"
 "serverCaCertificate"
 "enrollmentToken"
"version": "1.0"
bootstrapUrl: URL for bootstrap file, such as https://cvp/config.py.
 "bootstrapUrl"
serverCaCertificate: path for x509 root of trust for the remote file server on the USB, such as “ca.crt”.
 "serverCaCertificate"
enrollmentToken: path for enrollment token on the USB, such as “token.tok”
 "enrollmentToken"
All ZTP related files, serverCaCertificate and enrollmentToken, should be present in (<USB-ROOT>/ztp/* ), and the location is to be specified in the ztpConfiguration yaml w.r.t to this folder.
 "version": "1.0"
All the fields are optional. For example, this is a valid configuration. It will act as though there is no USB in place.
 "bootstrapUrl"
 "serverCaCertificate"
 "enrollmentToken"
"version": "1.0"
  • The following is a sample of configuration which is fully filled out. The structure of the USB drive is:
  • USB Drive Roo
    • ca.crt
    • token.tok
 "bootstrapUrl"
 "serverCaCertificate"
 "enrollmentToken"
"version": "1.0"

Advantages

  • DHCP Server no longer needs to have Option 67 configured.
  • The boot script location can now undergo additional checks such as validating the endpoint prior to downloading and running the boot script.
  • Customers wishing to enroll their devices in the CloudVision Service have an easy means to do so.

Restoring the Configuration and Image from a USB Flash Drive

The USB flash drive port can be used to restore an original configuration when you cannot establish a connection to the console port. This process removes the contents of the internal flash drive, restores the factory default configuration, and installs a new eos image from the USB flash drive.

This procedure restores the factory default configuration and installs an eos image stored on a USB flash drive.

  1. Prepare the USB flash drive:
    1. Verify the drive is formatted with MS-DOS or FAT file system. Most USB drives are pre-formatted with a compatible file system.
    2. Create a text file named fullrecover on the USB flash drive. The filename does not have an extension. The file may be empty.
    3. Create a text file named boot-config. The last modified timestamp of the boot-config file on the USB flash must differ from the timestamp of the boot-config file on the switch.
    4. Enter this line in the new boot-config file on the USB flash:
      SWI=flash:eos.swi
    5. Copy an eos image file to the flash drive. Rename it eos.swi if it has a different file name. For best results, the flash drive should contain only these three files, because the procedure copies all files and directories on the USB flash drive to the switch.
      • fullrecover
      • boot-config
      • eos.swi
  2. Insert the USB flash drive into the USB flash port on the switch, as shown in Figure 1.
  3. Connect a terminal to the console port and configure it with the default terminal settings (9600/N/8/1) to monitor progress messages on the console.
  4. Power up or reload the switch.
    The switch erases internal flash contents and copies the files from the USB flash drive to internal flash. The switch then boots automatically.
  5. Cancel Zero Touch Provisioning (ZTP). Refer to Canceling Zero Touch Provisioning for instructions.
    If ZTP is not canceled, the switch either:
    • boots, using the startup-config file or boot script that it obtains from the network, or
    • remains in ZTP mode if the switch is unable to download a startup-config file or boot script.
    After ZTP is canceled, the switch reboots using the factory default settings. To avoid entering ZTP mode on subsequent reboots, create a startup-config file before the next switch reboot.