The ARX supports a single master key that encrypts and decrypts all of its CSPs (such as passwords). You generate the master key as part of the switchs initial boot process; use the show master-key command to get an encrypted copy of the master key.
Enter 12-32 characters. At least one character in this password must be a number (0-9) or a symbol (!, @, #, $, and so on).
This command outputs a base64-encoded string that is the encrypted master key. Save this string and the wrapping password that you set in the command.
You can use these pieces of information to duplicate the master key later on a redundant switch; both switches in a redundant pair must share the same master key. If you set up two redundant pairs in a disaster-recovery configuration, where one pair is an active cluster (see cluster-name) and the other is a backup cluster, all four switches must share the same master key.
For maximum security, the encrypted master key and its wrapping password must be saved separately.
There are occasions where you may need to reset your master key. For example, your chassis may be designated for use in a backup cluster for a disaster-recovery setup, and may need the same master key as the switches in the active cluster. If the master key was not copied during installation, you must reset the switch to its factory defaults to change it.
You must clear your entire configuration to reset your master key. You can restore the running-config (network parameters), but the global-config (storage parameters) should remain clear for a backup switch. Follow these steps to reset a switch back to its factory defaults and reset its master key:
bstnA(cfg)# show master-key
System Password: Sup3r$ecretpw
Wrapping Password: An0ther$ecretpw
Validate Wrapping Password: An0ther$ecretpw