Cisco – persistent-data file in nvram root on Cisco switches

cisco

Does anyone know what this is? Can't read it or delete it, both del and erase nvram do not appear to work on it. I am erasing switches and need to confirm that it does not contain sensitive information.

The name of the file is "persistent-data". It is located at "nvram: persistent-data". It appears when running the latest IOS release for the Cisco 2821 as well as IOS XE.

Will edit post to show output and the additional models of switch I have spotted it on soon.

Best Answer

The router’s NVRAM used to contain the startup configuration file only, but this is no longer strictly the case. Recent IOS releases also use the same NVRAM space to store information such as private keys for SSH or IPSec (private-config), and interface numbers for SNMP (ifIndex-table).

Router1#dir nvram: 
Directory of nvram:/

   20  -rw-        5068              <no date>  startup-config
   21  ----        2302              <no date>  private-config
    1  ----           0              <no date>  persistent-data
    2  -rw-         133              <no date>  ifIndex-table

You cannot delete nor read these two files as they strictly belong to the IOS system on your switch or router. Those files do not contain anything sensitive. It is strictly system information that has no relation to any configuration.

Update: OK so i've been searching all over for this and i found this thread:

https://supportforums.cisco.com/t5/borderless-networks/what-is-quot-persistent-media-ifs-general-error-quot/td-p/2402199

There's an error generating the following message:

%PRST_IFS-3-GENERAL: persistent media IFS general error: Open Read - can't open  nvram:persistent-data errno is 16

Searching for this lead me to believe that the Cisco IOS File System (IFS) saves some persistent date (variables) about the Cisco image in the NVRAM. This data is used upon booting the switch or router.

Related Solutions

Cisco – Why does a Cisco AP keep its static IP when erasing NVRAM

You are correct, they leave the IP information so that you don't accidentally lose connectivity when working on an AP remotely. As you noted, the button (which requires you to be local) will default the configuration including the IP.

You can also do this by entering the following command:

write default-config

Cisco – Time synchronization on cisco switches

The following is an example of how to configure your devices to point to your 4500 for NTP.

There are a few things that you have to ensure you have on hand:

Know what time-zone the devices are operating in.
Know the local time (or whatever time your equipment is set to according to policy).
A refreshing beverage (in a non-spillable container of course.)

Configs:

4500# config t
4500(config)#ntp master
4500(config)#ntp authenticate 4500(config)#ntp authentication-keys 1 md5 password 4500(config)#int lo0
4500(config-int)#ip address 10.0.0.1 255.255.255.255
4500(config-int)#no shut
4500(config-int)#description Loopback_for_NTP
4500(config-int)#end
4500#clock set hh:mm:ss day name of month year
4500#clock timezone number of hours you are offset from UTC
4500# copy run start

Client#clock set hh:mm:ss day name of month year
Client#clock timezone number of hours you are offset from UTC
Client#config t
Client(config)#ntp authenticate
Client(config)#ntp authentication-key 1 md5 password
Client(config)#ntp server 10.0.0.1 key 1
Client(config)#end Client#copy run start

If I missed anything or someone sees and issue with my configuration, please let me know.

Best Answer

Related Solutions

Cisco – Why does a Cisco AP keep its static IP when erasing NVRAM

Cisco – Time synchronization on cisco switches

Related Topic