Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

request system zeroize (Junos OS)

Syntax

Description

Use this command to remove all configuration information on the Routing Engines and reset all key values on the device where you run the command.

  • If the device has dual Routing Engines, the command is broadcast to all Routing Engines on the device. As a result, both Routing Engines are zeroized.

  • In a Virtual Chassis or Virtual Chassis Fabric (VCF) composed of EX Series switches (except EX8200 Virtual Chassis) or QFX Series switches, this command operates only on the member switch where you run the command, even if that switch is in the primary Routing Engine role. The command is not forwarded to the backup Routing Engine member or to member switches in the line-card role. To apply this command to more than one member of an EX Series or QFX Series Virtual Chassis or VCF, we recommend you remove and disconnect each of those members from the Virtual Chassis or VCF, and then run the command on each isolated switch individually.

This command removes all data files, including customized configuration and log files, by unlinking the files from their directories. The command removes all user-created files from the system, including all plain-text passwords, secrets, and private keys for SSH, local encryption, local authentication, IPsec, RADIUS, TACACS+, and SNMP.

This command reboots the device and sets it to the factory default configuration. After the reboot, you cannot access the device through the management Ethernet interface. Log in through the console as root and start the Junos OS CLI by typing cli at the prompt.

If the configuration contains the commit synchronize statement at the [edit system] hierarchy level, and you issue a commit in the primary Routing Engine, the primary configuration is automatically synchronized with the backup. If the backup Routing Engine is down when you issue the commit, the Junos OS displays a warning and commits the candidate configuration in the primary Routing Engine. When the backup Routing Engine comes up, its configuration will automatically be synchronized with the primary. A newly inserted backup Routing Engine or a Routing Engine that comes up after running the request system zeroize command also automatically synchronizes its configuration with the primary Routing Engine configuration.

Starting with Junos OS Release 15.1F3, the request system zeroize command removes all configuration information on the guest OS for the PTX5000 router with RE-DUO-C2600-16G, and MX240, MX480, and MX960 with RE-S-1800X4-32G-S.

Starting with Junos OS Release 15.1F5, the request system zeroize command removes all configuration information on the guest OS for the MX2010 and MX2020 with REMX2K-1800-32G-S.

On these routers, in order to remove all configuration information on both guest OS and host OS, use the request vmhost zeroize command.

To completely erase user-created data so that it is unrecoverable, use the media option.

Options

media

(Optional) In addition to removing all configuration and log files, causes memory and the media to be scrubbed, removing all traces of any user-created files. Every storage device attached to the system is scrubbed, including disks, flash drives, removable USBs, and so on. The duration of the scrubbing process is dependent on the size of the media being erased. As a result, the request system zeroize media operation can take considerably more time than the request system zeroize operation. However, the critical security parameters are all removed at the beginning of the process.

On QFX Series platforms running Junos OS Release 14.1X53 or earlier, the media option is not available. On QFX Series platforms running releases later than Junos OS Release 14.1X53 that do not have the upgraded FreeBSD kernel (10+), the media option is available, but if you use it, the system will issue a warning that the media option is not supported and will continue with the zeroize operation. On platforms that are not QFX Series platforms, the media option is not available in Junos OS Release 17.2 or later with Junos with upgraded FreeBSD.

local

(Optional) Remove all the configuration information and restore all the key values on the active Routing Engine.

CAUTION:

The local option is not available on devices that run Junos OS Evolved, so if you execute request system zeroize on those devices and they have dual Routing Engines, all Routing Engines on the local chassis are rebooted. See the Junos® OS Evolved Software Installation and Upgrade Guide.

Specifying this option has no effect on switches in a Virtual Chassis or VCF composed of EX Series switches (except EX8200 Virtual Chassis) or QFX switches, because in these configurations, the request system zeroize command only operates locally by default.

Required Privilege Level

maintenance

Sample Output

request system zeroize

Release Information

Command introduced before Junos OS Release 9.0.

Option media added in Junos OS Release 11.4 for EX Series switches.

Option local added in Junos OS Release 14.1.