Factory Reset Firepower 2100

In this short guide I wanted to walk through the steps to do a factory reset for the Cisco Firepower 2100 series. When doing these resets all configuration and the administrative password are removed, as well as the FTD (Firepower Threat Defense) app-instance. When the unit starts to boot it will reinstall the FTD app-instance to default configuration.

There are two ways to factory reset these Firepower 2100 units. If you can get into the device you can simply use these commands: connect local-mgmt erase configuration The other method is used for if you are unable to get into the unit because either you don't know the password or something else has happened to make this appliance unstable enough that a factory reset is needed.

Note: You have to be able to view the console port and power off the device in order to do the following:

  • Connect to the console of the device
  • Power off the system and turn it back on
  • When the system is booting you have to go into ROMMON mode, to do that press ESC or CTRL+L to interrupt the boot process.
 2Cisco System ROMMON, Version 1.0.00, RELEASE SOFTWARE
 3Copyright (c) 1994-2017  by Cisco Systems, Inc.
 4Compiled Tue 01/03/2017 23:55:11.41 by builder
 7Current image running: Boot ROM0
 8Last reset cause: PowerCycleRequest
 9DIMM_1/1 : Present
10DIMM_2/1 : Absent
12Platform FPR-2110 with 16384 MBytes of main memory
13BIOS has been successfully locked !!
14MAC Address: 00:27:e3:f6:e6:c8
16Use BREAK or ESC to interrupt boot.
17Use SPACE to begin boot immediately.
18Boot interrupted.

You will now be at the ROMMOM prompt

1rommon 1 >

To preform a recovery type the following

1rommon 1 > password_reset
2WARNING: User configurations will be lost with this operation
3Are you sure ? yes/no [no]: yes
5Enabling password reset..
6Please continue to boot the image

The system will now boot into FXOS and attempt to reinstall the FTD application, the username and passwords are now at default settings and the FTD app-instance would also reinstall. Depending on the version of FTD that is installed by default you may have to reinstall any patches to get your unit up to update.

Static Comments:

Nathan Timberlake -

I am wondering how to recover if you are running ASA code on a 2110. I have accidentally added TACACS commands while playing around, and locked myself out. This would be really bad if I had written mem!

Ryan -

Hey Nathan, I really have not played with ASA code on 2100 hardware, but I would think it is the same process since you are going into ROMmon mode anyway. I'm guessing since you have ASA code instead of FTD it would just reinstall the ASA application just like it does with FTD, total guess... Ryan