User Manual
– DuraNET 3300
Operational Description
Page 62 of 84
MNL-0676-01 Rev A4
ECO- N/A
Effective: 26 Feb 21
Zeroization or Declassification
Caution! The Zeroization function can delete all IOS and configuration files on the system!
Zeroization should only be enabled if it is intended to be used.
Zeroization consists of erasing any and all potentially sensitive configuration information in the switch.
This function is also referred to as Declassification. This includes erasure of main memory, cache
memories, and other memories containing packet data, NVRAM, and flash memory. The process of
zeroization is launched upon the initiation of a software user command and a physical subsequent trigger.
On the DuraNET 3300, the Zeroize Discrete is used exclusively for triggering the Zeroization /
Declassification process, which zeroes and erases the switch configuration files or the entire flash file
system, depending on the option provided under "service declassify".
The zeroization process starts as soon as the physical trigger Zeroize Discrete is asserted for at least one
second. The CLI command, "service declassify", is used to set the desired action in response to the
Zeroize Discrete assertion. To prevent accidental erasure of the system configuration/image, the default
setting is set to "no service declassify".
Command Line Interface
There are two levels of zeroization actions: erase-nvram and erase-all. The following CLI commands
show the options:
switch>enable
switch# show declassify /* Lists status of parameters */
|
Erase Flash = no
Erase nvram = no
|
switch#conf t
switch(config)# service declassify erase-nvram
switch(config)# exit
switch# sho declassify
|
Erase Flash = no
Erase nvram = yes
|
switch# conf t
switch(config)# service declassify ?
erase-nvram
Enable erasure of switch configuration as declassification action. Default is no erasure.
erase-all
Enable erasure of both flash and nvram file systems as part of declassification.
Default is no erasure
The “erase-nvram” level of declassification process searches for the following files, and erases the ones
found.
flash:/nvram_config
flash:/vlan.dat