Brocade reset to factory default settings (or just brick it)

A pile of decommissioned Brocade switches. Or now: doorsteps.Last weekend we replaced six old Brocade SAN switches with brand new Cisco MDS 9148 switches. Everything went according to plan with no disruption to the rest of the infrastructure. I was however stuck with a bunch of old Brocade 4900 switches ready to be decommissioned. Performing a Brocade reset to factory default settings proved to be a bit of a challenge though…

If you ask Google how to perform a Brocade reset to factory default settings, you’ll find a lot of commands. One command removes the zoning, another command removes a different part of the config, a third command replaces some config values with the default settings. However, none of these commands reset the IP configuration, user passwords or switch name. Which is kind of awkward since that’s THE part of the switch config you wouldn’t want to become public domain…

If you want to reset your Brocade switch to factory default settings, connect to your switch via a console cable and log in as root or factory user. The admin account will not allow you to run the configremoveall command. Next, run the following commands: I’ve included the switch output.

switchname console login: root
Password:

-----------------------------------------------------------------
Disclaimer for Root and Factory Accounts Usage!

This Fibre Channel switch is equipped with Root and Factory accounts
that are intended for diagnostics and debugging purposes solely by
the Equipment vendor's trained engineers. Improper use of the
functionality made available through the Root or Factory account could
cause significant harm and disruption to the operation of the SAN fabric.

Your use of the functionality made available through the Root or Factory
account is at your sole risk and you assume all liability resulting from
such use. The Equipment vendor shall have no liability for any losses
or damages arising from or relating to the use of the Root or Factory
account (and the functionality enabled thereby) by anyone other than
the Equipment vendor's authorized engineers.

Proceeding with the usage of this switch as the Root or Factory user
explicitly indicates your agreement to the terms of this disclaimer.

switchname:root> switchdisable
2014/08/18-11:23:15, [FW-1439], 1347, FID 128, WARNING, switchname, Switch status change contributing factor Switch offline.
switchname:root> configremoveall

This command will remove ALL configuration data
Removing configuration for Switch!!
You will not be able to use this switch until you either
download a new configuration file, or reboot the switch
to restore the factory defaults. If you do not have a
configuration file or do not know how to reconfigure your
switch, answer no to all of the following questions.

 Remove config database: (yes, y, no, n): [no] y
look up failed snmp.agtParty.0.port
look up failed snmp.agtParty.1.port
look up failed snmp.agtParty.2.port
look up failed snmp.agtParty.3.port
look up failed snmp.agtParty.4.port
look up failed snmp.agtParty.5.port

 Remove zone/AD database (no recovery): (yes, y, no, n): [no] y
Removing zoning/AD data ....
done
 Remove security database(ACL policy) (no recovery): (yes, y, no, n): [no] y
Removing security database ....
done

The system has to be rebooted to allow the changes to take effect
2014/08/18-11:23:22, [CONF-1032], 1349, FID 128, INFO, switchname, configRemove completed successfully for switch.
switchname:root> reboot
Warning: This command would cause the switch to reboot
and result in traffic disruption.
Are you sure you want to reboot the switch [y/n]? y

While the switch boots you can already see the switchname is not reset, IP configuration is unchanged and even worse, your old passwords and usernames will still work. Run a configshow and you’ll see the boot parameters are unchanged…

Resetting the IP address is straightforward. Apart from the very strange habit of first asking me to insert new IP addresses and only THEN prompting me whether or not I want to use DHCP…

switchname:root> ipaddrset
Ethernet IP Address [oldIP]:1.1.1.1
Ethernet Subnetmask [oldSUBNET]:
Gateway IP Address [oldGW]:1.1.1.1
DHCP [Off]:on
IP address is being changed...Done.
switchname:root> 2014/08/18-09:28:14, [IPAD-1000], 1364, CHASSIS, INFO, SilkWorm4900, SW/0 Ether/0 IPv4 manual none/none DHCP On
2014/08/18-09:28:14, [IPAD-1001], 1365, CHASSIS, INFO, SilkWorm4900, CP/0 IPv4 manual none DHCP On

Use the switchname and passwd commands to change the accounts for root, factory and admin. And that should be it; your switch is empty. Finally.

Let’s go one step further…

Around this time a small but persistent rage was building in me. A simple 10 second Cisco job (wr erase, reload and you’ve got a new switch!) turned out to be a pain-in-the-behind on a Brocade switch. I had to have revenge…

Disclaimer: Do not proceed with the following commands if you intend to use this switch in the future! But do read on if you want to see how you can easily transform your switch into an expensive doorstep.

With the console cable attached, power cycle your switch and watch the console output. As soon as you see the System RAM test, hit escape. Choose 3 in the menu

Checking system RAM - press any key to stop test

Checking memory address: 00100000

System RAM test using Default POST RAM Test succeeded.

Press escape within 4 seconds to enter boot interface.

1) Start system.
2) Recover password.
3) Enter command shell.

Option? 3

Boot PROM password has not been set.

Run printenv to list the environment variables. Look for the OSLoader part and copy the first part of it. Use this data with the boot <address> -s command; -s boots into single user mode.
&gt; printenv
AutoLoad=yes
ENET_MAC=00051E055013
InitTest=MEM()
LoadIdentifiers=Fabric Operating System;Fabric Operating System
OSLoadOptions=quiet;quiet
OSLoader=ATA()0x3815f;ATA()0x86018
OSRootPartition=hda1;hda2
SkipWatchdog=yes
gatewayip=
ipaddr=
submask=
&gt; boot ATA()0x3815f -s
Booting "Manually selected OS" image.
Entry point at 0x01000000 ...

loading kernel

At this point your switch will boot the Linux kernel at the memory address specified. It will start in single user mode, hence no passwords required. In effect your Brocade switch is now a Linux server (Linux version 2.6.14.2 to be precise). After the switch has booted, mount the disk volumes:
sh-2.04# mount -o remount,rw,noatime /
EXT3 FS on hda1, internal journal
sh-2.04# mount /dev/hda2 /mnt
kjournald starting. Commit interval 5 seconds
EXT3 FS on hda2, internal journal
EXT3-fs: mounted filesystem with ordered data mode.
sh-2.04# cd /
sh-2.04# ls
bin    core_files etc    import libexec root  standby_sbin  tmp   var
boot   dev        export initrd mnt     sbin  support_files users
config diag       fabos  lib    proc    share tftpboot      usr

You’ll see a Linux filesystem. Now do what everyone will do at least once (and hopefully, never again) in their life…
sh-2.04# rm -rf * /
rm: cannot remove directory `initrd': Device or resource busy
rm: cannot remove directory `mnt': Device or resource busy
rm: cannot remove directory `//initrd': Device or resource busy
rm: cannot remove directory `//mnt': Device or resource busy
rm: cannot remove directory `/': Device or resource busy
sh-2.04# ls
sh: ls: command not found
sh-2.04# mount
sh: mount: command not found
sh-2.04# reboot
sh: reboot: command not found
sh-2.04#

Power cycle the switch (since the reboot command won’t work anymore) . The boot process should end with:
Linux/PPC load:
BootROM command line: quiet
Uncompressing Linux...done.
Now booting the kernel
PCI: Cannot allocate resource region 2 of PCI bridge 1
PCI: Cannot allocate resource region 0 of device 0000:00:00.0
Installing Linux 2.6 Kernel
Attempting to find a root file system on hda1...
Kernel panic - not syncing: No init found. Try passing init= option to kernel.

Sooooo satisfying!

TL;DR: Please Brocade, give us a proper reset to factory defaults command! Add a “yes I’m sure I want to nuke my switch” warning if you’re afraid someone will accidentally kill a production switch. But if Cisco can safely implement wr erase without buildings catching fire…