request system zeroize

 

Syntax

Syntax

Release Information

Command introduced before Junos OS Release 9.0.

Command introduced in Junos OS Release 11.2 for EX Series switches.

Option media added in Junos OS Release 11.4 for EX Series switches.

Command introduced in Junos OS Release 12.2 for MX Series routers.

Command introduced in Junos OS Release 12.3 for the QFX Series.

Option local added in Junos OS Release 14.1.

Command introduced in Junos OS Release 14.1X53-D20 for the OCX Series.

Description

Remove all configuration information on the Routing Engines and reset all key values on the device where you run the command.

  • If the device has dual Routing Engines, the command is broadcast to all Routing Engines on the device.

  • In a Virtual Chassis or Virtual Chassis Fabric (VCF) composed of EX Series switches (except EX8200 Virtual Chassis) or QFX Series switches, this command operates only on the member switch where you run the command, even if that switch is in the master Routing Engine role. The command is not forwarded to the backup Routing Engine member or to member switches in the line-card role. To apply this command to more than one member of an EX Series or QFX Series Virtual Chassis or VCF, we recommend you remove and disconnect each of those members from the Virtual Chassis or VCF, and then run the command on each isolated switch individually.

The command removes all data files, including customized configuration and log files, by unlinking the files from their directories. The command removes all user-created files from the system, including all plain-text passwords, secrets, and private keys for SSH, local encryption, local authentication, IPsec, RADIUS, TACACS+, and SNMP.

This command reboots the device and sets it to the factory default configuration. After the reboot, you cannot access the device through the management Ethernet interface. Log in through the console as root and start the Junos OS CLI by typing cli at the prompt.

Note

If the configuration contains the commit synchronize statement at the [edit system] hierarchy level, and you issue a commit in the master Routing Engine, the master configuration is automatically synchronized with the backup. If the backup Routing Engine is down when you issue the commit, the Junos OS displays a warning and commits the candidate configuration in the master Routing Engine. When the backup Routing Engine comes up, its configuration will automatically be synchronized with the master. A newly inserted backup Routing Engine or a Routing Engine that comes up after running the request system zeroize command also automatically synchronizes its configuration with the master Routing Engine configuration.

Note

Starting with Junos OS Release 15.1F3, the request system zeroize command removes all configuration information on the guest OS for the PTX5000 router with RE-DUO-C2600-16G, and MX240, MX480, and MX960 with RE-S-1800X4-32G-S.

Starting with Junos OS Release 15.1F5, the request system zeroize command removes all configuration information on the guest OS for the MX2010 and MX2020 with REMX2K-1800-32G-S.

On these routers, in order to remove all configuration information on both guest OS and host OS, use the request vmhost zeroize command.

To completely erase user-created data so that it is unrecoverable, use the media option.

Options

media(Optional) In addition to removing all configuration and log files, causes memory and the media to be scrubbed, removing all traces of any user-created files. Every storage device attached to the system is scrubbed, including disks, flash drives, removable USBs, and so on. The duration of the scrubbing process is dependent on the size of the media being erased. As a result, the request system zeroize media operation can take considerably more time than the request system zeroize operation. However, the critical security parameters are all removed at the beginning of the process.
Note

On QFX Series platforms running Junos OS Release 14.1X53 or earlier, the media option is not available. On QFX Series platforms running releases later than Junos OS Release 14.1X53 that do not have the upgraded FreeBSD kernel (10+), the media option is available, but if you use it, the system will issue a warning that the media option is not supported and will continue with the zeroize operation. On platforms that are not QFX Series platforms, the media option is not available in Junos OS Release 17.2 or later with Junos with upgraded FreeBSD.

local(Optional) Remove all the configuration information and restore all the key values on the active Routing Engine.
Note

Specifying this option has no effect on switches in a Virtual Chassis or VCF composed of EX Series switches (except EX8200 Virtual Chassis) or QFX switches, because in these configurations, the request system zeroize command only operates locally by default.

Required Privilege Level

maintenance

List of Sample Output

request system zeroize

Sample Output

request system zeroize

user@host> request system zeroize