Last weekend we replaced six old Brocade SAN switches with brand new Cisco MDS 9148 switches. Everything went according to plan with no disruption to the rest of the infrastructure. I was however stuck with a bunch of old Brocade 4900 switches ready to be decommissioned. Performing a Brocade reset to factory default settings proved to be a bit of a challenge though…
If you ask Google how to perform a Brocade reset to factory default settings, you’ll find a lot of commands. One command removes the zoning, another command removes a different part of the config, a third command replaces some config values with the default settings. However, none of these commands reset the IP configuration, user passwords or switch name. Which is kind of awkward since that’s THE part of the switch config you wouldn’t want to become public domain…
If you want to reset your Brocade switch to factory default settings, connect to your switch via a console cable and log in as root or factory user. The admin account will not allow you to run the configremoveall command. Next, run the following commands: I’ve included the switch output.
switchname console login: root Password: ----------------------------------------------------------------- Disclaimer for Root and Factory Accounts Usage! This Fibre Channel switch is equipped with Root and Factory accounts that are intended for diagnostics and debugging purposes solely by the Equipment vendor's trained engineers. Improper use of the functionality made available through the Root or Factory account could cause significant harm and disruption to the operation of the SAN fabric. Your use of the functionality made available through the Root or Factory account is at your sole risk and you assume all liability resulting from such use. The Equipment vendor shall have no liability for any losses or damages arising from or relating to the use of the Root or Factory account (and the functionality enabled thereby) by anyone other than the Equipment vendor's authorized engineers. Proceeding with the usage of this switch as the Root or Factory user explicitly indicates your agreement to the terms of this disclaimer. switchname:root> switchdisable 2014/08/18-11:23:15, [FW-1439], 1347, FID 128, WARNING, switchname, Switch status change contributing factor Switch offline. switchname:root> configremoveall This command will remove ALL configuration data Removing configuration for Switch!! You will not be able to use this switch until you either download a new configuration file, or reboot the switch to restore the factory defaults. If you do not have a configuration file or do not know how to reconfigure your switch, answer no to all of the following questions. Remove config database: (yes, y, no, n): [no] y look up failed snmp.agtParty.0.port look up failed snmp.agtParty.1.port look up failed snmp.agtParty.2.port look up failed snmp.agtParty.3.port look up failed snmp.agtParty.4.port look up failed snmp.agtParty.5.port Remove zone/AD database (no recovery): (yes, y, no, n): [no] y Removing zoning/AD data .... done Remove security database(ACL policy) (no recovery): (yes, y, no, n): [no] y Removing security database .... done The system has to be rebooted to allow the changes to take effect 2014/08/18-11:23:22, [CONF-1032], 1349, FID 128, INFO, switchname, configRemove completed successfully for switch. switchname:root> reboot Warning: This command would cause the switch to reboot and result in traffic disruption. Are you sure you want to reboot the switch [y/n]? y
While the switch boots you can already see the switchname is not reset, IP configuration is unchanged and even worse, your old passwords and usernames will still work. Run a configshow and you’ll see the boot parameters are unchanged…
Resetting the IP address is straightforward. Apart from the very strange habit of first asking me to insert new IP addresses and only THEN prompting me whether or not I want to use DHCP…
switchname:root> ipaddrset Ethernet IP Address [oldIP]:1.1.1.1 Ethernet Subnetmask [oldSUBNET]: Gateway IP Address [oldGW]:1.1.1.1 DHCP [Off]:on IP address is being changed...Done. switchname:root> 2014/08/18-09:28:14, [IPAD-1000], 1364, CHASSIS, INFO, SilkWorm4900, SW/0 Ether/0 IPv4 manual none/none DHCP On 2014/08/18-09:28:14, [IPAD-1001], 1365, CHASSIS, INFO, SilkWorm4900, CP/0 IPv4 manual none DHCP On
Use the switchname and passwd commands to change the accounts for root, factory and admin. And that should be it; your switch is empty. Finally.
Let’s go one step further…
Around this time a small but persistent rage was building in me. A simple 10 second Cisco job (wr erase, reload and you’ve got a new switch!) turned out to be a pain-in-the-behind on a Brocade switch. I had to have revenge…
Disclaimer: Do not proceed with the following commands if you intend to use this switch in the future! But do read on if you want to see how you can easily transform your switch into an expensive doorstep.
With the console cable attached, power cycle your switch and watch the console output. As soon as you see the System RAM test, hit escape. Choose 3 in the menu
Checking system RAM - press any key to stop test Checking memory address: 00100000 System RAM test using Default POST RAM Test succeeded. Press escape within 4 seconds to enter boot interface. 1) Start system. 2) Recover password. 3) Enter command shell. Option? 3 Boot PROM password has not been set.
Run printenv to list the environment variables. Look for the OSLoader part and copy the first part of it. Use this data with the boot <address> -s command; -s boots into single user mode.
> printenv AutoLoad=yes ENET_MAC=00051E055013 InitTest=MEM() LoadIdentifiers=Fabric Operating System;Fabric Operating System OSLoadOptions=quiet;quiet OSLoader=ATA()0x3815f;ATA()0x86018 OSRootPartition=hda1;hda2 SkipWatchdog=yes gatewayip= ipaddr= submask= > boot ATA()0x3815f -s Booting "Manually selected OS" image. Entry point at 0x01000000 ... loading kernel
At this point your switch will boot the Linux kernel at the memory address specified. It will start in single user mode, hence no passwords required. In effect your Brocade switch is now a Linux server (Linux version 2.6.14.2 to be precise). After the switch has booted, mount the disk volumes:
sh-2.04# mount -o remount,rw,noatime / EXT3 FS on hda1, internal journal sh-2.04# mount /dev/hda2 /mnt kjournald starting. Commit interval 5 seconds EXT3 FS on hda2, internal journal EXT3-fs: mounted filesystem with ordered data mode. sh-2.04# cd / sh-2.04# ls bin core_files etc import libexec root standby_sbin tmp var boot dev export initrd mnt sbin support_files users config diag fabos lib proc share tftpboot usr
You’ll see a Linux filesystem. Now do what everyone will do at least once (and hopefully, never again) in their life…
sh-2.04# rm -rf * / rm: cannot remove directory `initrd': Device or resource busy rm: cannot remove directory `mnt': Device or resource busy rm: cannot remove directory `//initrd': Device or resource busy rm: cannot remove directory `//mnt': Device or resource busy rm: cannot remove directory `/': Device or resource busy sh-2.04# ls sh: ls: command not found sh-2.04# mount sh: mount: command not found sh-2.04# reboot sh: reboot: command not found sh-2.04#
Power cycle the switch (since the reboot command won’t work anymore) . The boot process should end with:
Linux/PPC load: BootROM command line: quiet Uncompressing Linux...done. Now booting the kernel PCI: Cannot allocate resource region 2 of PCI bridge 1 PCI: Cannot allocate resource region 0 of device 0000:00:00.0 Installing Linux 2.6 Kernel Attempting to find a root file system on hda1... Kernel panic - not syncing: No init found. Try passing init= option to kernel.
Sooooo satisfying!
TL;DR: Please Brocade, give us a proper reset to factory defaults command! Add a “yes I’m sure I want to nuke my switch” warning if you’re afraid someone will accidentally kill a production switch. But if Cisco can safely implement wr erase without buildings catching fire…
