SystemPrivileged EXEC

write erase

Erases the startup configuration and resets the ASA to factory defaults.

Overview

The 'write erase' command on Cisco ASA Firewall is used to delete the startup configuration stored in flash memory. This command is essential for resetting a firewall to its factory default state, which is often necessary when repurposing a device, troubleshooting persistent configuration issues, or preparing for decommissioning. The startup configuration is the configuration that loads when the ASA boots. By erasing it, the ASA will boot with a default configuration on the next reload. It is important to note that 'write erase' does not affect the current running configuration; the device continues to operate with the existing running config until a reload occurs. This command is analogous to 'erase startup-config' on Cisco IOS routers and switches. On ASA platforms, the startup configuration is typically stored in a file named 'startup-config' in flash memory. The command prompts for confirmation to prevent accidental erasure. After erasing, a reload is required to apply the factory defaults. This command is a critical part of configuration management and disaster recovery procedures.

Syntax·Privileged EXEC
write erase

When to Use This Command

  • Resetting a firewall before redeployment in a different network environment.
  • Clearing a misconfigured device to start fresh with a new configuration.
  • Preparing a device for return or RMA by removing sensitive configuration data.
  • Troubleshooting persistent issues by eliminating configuration corruption.

Parameters

ParameterSyntaxDescription
nonewrite eraseThe command has no parameters. It simply erases the startup configuration file from flash memory.

Command Examples

Basic write erase

ciscoasa# write erase
Erase configuration in flash memory? [confirm] y
[OK]
ciscoasa#

Prompts for confirmation; pressing 'y' erases the startup config. The [OK] indicates success.

Write erase with no confirmation

ciscoasa# write erase
Erase configuration in flash memory? [confirm] 
[OK]
ciscoasa#

If you press Enter without typing 'y', it defaults to no and does not erase. To confirm, you must type 'y'.

Understanding the Output

The output begins with a confirmation prompt: 'Erase configuration in flash memory? [confirm]'. You must respond with 'y' (yes) to proceed. If you press Enter without typing 'y', the command aborts. After confirmation, the ASA erases the startup configuration stored in flash memory. A successful erasure displays '[OK]'. The command does not affect the running configuration; the device continues to operate with the current running config until reload. After a reload, the ASA boots with factory defaults. If the startup configuration is corrupted or missing, the ASA will also boot to factory defaults.

Configuration Scenarios

Factory Reset for Redeployment

An ASA is being moved from a production network to a lab environment. All previous configuration must be removed.

Topology

N/A

Steps

  1. 1.Connect to the ASA via console or SSH.
  2. 2.Enter privileged EXEC mode (enable).
  3. 3.Issue 'write erase' and confirm with 'y'.
  4. 4.Issue 'reload' to reboot the ASA with factory defaults.
Configuration
! No configuration needed; the command is executed directly.

Verify: After reload, the ASA will prompt for initial setup (setup mode).

Watch out: If you forget to reload, the old configuration remains active.

Troubleshooting with This Command

The 'write erase' command is rarely used for troubleshooting active issues, but it can be a last resort when the startup configuration becomes corrupted and causes boot failures. If an ASA fails to boot properly, you may need to erase the startup configuration to allow the device to boot with defaults. To do this, interrupt the boot process and access ROMMON mode, then use the 'confreg' command to set the configuration register to ignore startup config, boot the ASA, and then issue 'write erase' from the CLI. Alternatively, if you can access the CLI but the configuration is causing problems, you can use 'write erase' followed by 'reload' to start fresh. Note that this will lose all configuration, so ensure you have a backup. After erasing, the ASA will boot to factory defaults, which may allow you to regain access if the previous configuration had errors like incorrect management access settings.

CCNA Exam Tips

1.

Remember that 'write erase' only deletes the startup config; the running config remains intact until reload.

2.

On ASA, 'write erase' is equivalent to 'erase startup-config' on IOS devices.

3.

After 'write erase', a 'reload' is required to apply factory defaults.

Common Mistakes

Forgetting to reload after 'write erase' – the device continues with the old running config.

Confusing 'write erase' with 'clear configure all' – the latter resets the running config immediately.

Not saving the running config before erasing – any unsaved changes are lost if you reload.

Platform Notes

On Cisco ASA, 'write erase' is the standard command to delete the startup configuration. It is equivalent to 'erase startup-config' on Cisco IOS devices. On ASA with multiple context mode, 'write erase' erases the startup configuration for the current context only; to erase the system configuration, you must be in the system execution space. On ASA versions 9.x and later, the command behavior is consistent. There is no difference between ASA and IOS in terms of the command's effect, but the confirmation prompt wording may vary slightly. On some platforms, you can use 'write erase' without confirmation by adding 'noconfirm' (not supported on ASA). Always back up the configuration before erasing.

Related Commands

Practice for the CCNA 200-301

Test your knowledge with hundreds of CCNA practice questions covering all exam domains.

Practice CCNA Questions