Home / Notes / Dangerous Commands Checklist
NOTES · MAINTENANCE / RISK OPERATIONS

Dangerous Router and Switch Commands: Operations That Can Take Down Your Network

Pulled directly from Huawei's official AR Router Maintenance Manual and Quick Maintenance Guide — the hardware actions and CLI commands both documents flag as dangerous, why each one is risky, and the safer way to reach the same result without gambling with a live network.

By the AtlasCommTech engineering team — 13 years of carrier & enterprise network deployments · Updated July 2026

Why This List Exists, and Why It's Short

Huawei doesn't flag every command as dangerous — only the ones where a single keystroke can interrupt business or destroy data beyond recovery.

Both the AR Router Maintenance Manual and the separate Quick Maintenance Guide carry a chapter called “Dangerous Operations” — a short, deliberately narrow list of hardware actions and CLI commands that the documentation restricts to qualified, trained maintenance personnel. The two documents were written for different audiences at different times, and cross-checking them against each other is itself informative: the list of what counts as genuinely dangerous barely changes between them.

What follows is that list, cross-checked between both source documents: the hardware-class operations, the command-class operations, the risk mechanism behind each one, a safer alternative where one exists, and the change-window discipline that separates a planned reboot from an unplanned outage.

Risk Tiers: What Actually Happens When It Goes Wrong

Not every dangerous operation fails the same way — grouping them by consequence is what actually helps you decide how much caution a given command deserves.

Risk Tier What Happens Operations in This Tier TIER 1 Immediate Full Outage business drops the instant it runs Every unit of the device or module stops processing traffic at once — no partial-scope option exists. reboot Hot-pulling the main control board Main board RESET / front-panel RST TIER 2 Unrecoverable Data Loss business may keep running, files don't Files or storage content are erased with no recovery path described in the source documentation. format device-name delete /unreserved [filename] TIER 3 Silent Future Failure looks fine today, fails on the next event Nothing breaks immediately — the damage surfaces at the next login, next reboot, or next static discharge. authentication-mode (no password set) startup system-software (wrong file) ESD-unprotected board handling

Diagram labels are kept in English for engineering clarity.

The two source documents agree on all three tiers — the AR Router Maintenance Manual and the Quick Maintenance Guide list the same categories of hardware action and the same five commands, word for word.

Hardware-Class Dangerous Operations

Four categories, straight from the source table — board handling, panel buttons, internal cabling and power switches.

CategorySpecific ActionConsequence of Misoperation
Board-level (单板类操作)Hot-pulling the main control board while the device is runningInterrupts all business processing on the corresponding module immediately, causing partial or full-network service blockage.
Board-level (单板类操作)Pressing the “RESET” button on the main control board's panelForces a hardware reset of the board — reserved for qualified maintenance personnel during severe faults. An accidental press has the same consequence as hot-pulling the main control board.
Board-level (单板类操作)Inserting or removing boards without an anti-static wrist strap or glovesElectrostatic discharge from the human body is highly damaging to the board's electronic components — easily damaging the board or leaving it running unstably.
Button-level (按钮类操作)Pressing the front-panel “RST” buttonRestarts the running device immediately — reserved for qualified maintenance personnel during severe faults. An accidental press restarts the device.
Cable-level (线缆类操作)Randomly unplugging or plugging cables inside the cabinetInternal cabling mainly carries communication between the host and the maintenance terminal — disturbing it can leave the maintenance terminal unable to log in.
Power-level (电源类操作)Operating the power switches on the cabinet's power distribution frame at willThese switches should only be touched during upgrades, capacity expansion, part replacement or a major fault, following the operating procedure — random operation can stop the device and cause a major service-interruption incident.

Cross-checked: both the AR Router Maintenance Manual and the Quick Maintenance Guide list these same four categories.

Command-Class Dangerous Operations

Five commands, all run from the user view — the ones the documentation says should only be executed by qualified, trained maintenance personnel.

Function CategoryCommandCommand FunctionViewConsequence of Misoperation
Restart (重启操作)rebootRestarts the systemUser viewReserved for professional engineers at initial deployment or during an upgrade — otherwise it causes an interruption of the entire device's business.
Format (格式化操作)format device-nameFormats a storage deviceUser viewCauses all files on the specified storage device to be lost, and the loss is unrecoverable.
Delete (删除操作)delete [ /unreserved ] [ /quiet ] { filename | device-name }Deletes a specified file on the storage deviceUser viewDeletes the specified file; if /unreserved is used, the file is deleted permanently and the deleted file cannot be recovered.
User Interface (用户接口)authentication-modeSets the authentication method for a login useruser-interface viewWhen configuring authentication for Console, VTY and other login users, if the mode is password or AAA, a matching password or username must already be configured — otherwise login becomes impossible.
System Maintenance (系统维护)startup system-softwareSets the system file to be used at the next startupUser viewMust ensure the next startup file is correct — otherwise it can cause the wrong system version or configuration to load at next boot.
<Huawei> reboot
Warning: The system is about to reboot. Continue? [Y/N]

<Huawei> delete flash:/old-config.zip
<Huawei> delete /unreserved flash:/old-config.zip

<Huawei> format flash:

[Huawei-ui-vty0] authentication-mode aaa
[Huawei-ui-vty0] quit
<Huawei> display current-configuration configuration user-interface

<Huawei> startup system-software vrpcfg.zip

Cross-checked: reboot, format device-name, delete [ /unreserved ] [ /quiet ] { filename | device-name }, authentication-mode and startup system-software appear, word for word, in both source documents.

5 Gotchas: Risk Mechanism and the Safer Alternative

Same five commands as the table above — here's what actually goes wrong, and what to do instead.

1. reboot From the Wrong Session Takes Down the Whole Device, Not “Just This Test”

RISKreboot is a user-view command with no partial scope — it restarts the entire device. That's exactly why the source documentation restricts it to professional engineers doing initial deployment or an upgrade, not routine troubleshooting.

SAFER PRACTICERun it only inside an approved change window, confirm the device's hostname in the prompt before pressing enter, and never run it on a live box “just to see if that fixes it.”

2. delete Without /unreserved Still Leaves a Way Back — /unreserved Doesn't

RISKA plain delete moves the file into a recoverable state on the device; adding /unreserved skips that safety net entirely, and per the source documentation the deletion becomes unrecoverable.

SAFER PRACTICEDefault to plain delete for routine cleanup. Reserve /unreserved for cases you've already confirmed you will never need the file back — and never use it as a habit.

3. format Erases the Whole Storage Device, Not the One File You Meant to Remove

RISKformat device-name wipes every file on the named storage device, and the source documentation describes the result as unrecoverable — it operates one level up from delete, on the entire device rather than a single file.

SAFER PRACTICEUse delete for single-file cleanup. Treat format as a separate, deliberate action that needs its own sign-off — never a quick fix for “this one file is taking up space.”

4. authentication-mode Changed Without the Matching Password Locks Out the Next Login

RISKOnce a Console or VTY line's authentication-mode is set to password or AAA, a matching password or username must already be configured — otherwise the very next login attempt, including your own current session on a different line, fails.

SAFER PRACTICEConfigure and verify the password or account first, keep your current session open as a fallback, and test a second login before saving the configuration.

5. Pressing a Front-Panel Button “Just to See” Restarts Hardware, Not Software

RISKThe main control board's RESET button and the chassis's RST button both trigger a hardware-level reset or restart — functionally identical to hot-pulling the main board — and are reserved for qualified personnel during severe faults, not routine curiosity.

SAFER PRACTICETreat every physical button on a production device as a guarded control: check the documentation or confirm with a second engineer before pressing anything you haven't pressed before.

Change Window Discipline: What Separates a Reboot From an Outage

None of the operations above are forbidden outright — they're restricted to specific people, specific moments and specific preparation.

The source documentation is consistent on who: “qualified, trained maintenance personnel” for hardware actions, “professional engineers” for reboot at deployment or upgrade. That's not a formality — it's the same distinction between a planned change and an accident that change-window discipline is built around.

  1. Schedule every command in the table above inside an approved maintenance window — not because the command is forbidden, but because the source documentation ties each one to a specific moment (deployment, upgrade, a severe fault) rather than routine hours.
  2. Save and back up the configuration before running reboot, format or startup system-software — the documentation is explicit that getting the next startup file wrong causes the wrong version or configuration to load.
  3. Keep a second engineer, or a documented rollback step, on standby for anything in the command table — the same precaution the source documentation implies by restricting these commands to qualified personnel rather than anyone with CLI access.
  4. Log who ran what, when — the audit trail is what turns “someone rebooted the core switch at 2pm” from a mystery into a five-minute lookup.

Related solution designs

Five Questions That Come Up Constantly

Pulled straight from the field — the ones worth having an answer ready for.

Are these dangerous operations specific to Huawei AR routers, or do they apply elsewhere?

The exact syntax here — reboot, format device-name, delete [/unreserved], authentication-mode, startup system-software — is Huawei VRP syntax, cross-checked here against both the AR Router Maintenance Manual and the Quick Maintenance Guide. Other vendors have equivalent high-risk commands (reload, erase, boot system on Cisco IOS, for instance) carrying the same categories of risk even though the keywords differ.

Does reboot always cause a full outage, or only in certain topologies?

Per the source documentation, reboot restarts the entire device — there is no partial-scope option described. Whether that shows up to users as a full network outage depends on redundancy elsewhere in the design (a second router, a resilient data center topology, dual uplinks), not on the command itself.

What's actually different between delete and delete /unreserved?

delete alone still leaves the file recoverable — the source manual describes it going into a reserved, undelete-style state. Adding /unreserved skips that safety net entirely, and the deletion is described in the source manual as unrecoverable.

Why is authentication-mode on a “dangerous operations” list — it isn't destructive by itself?

It's on the list because of what a half-finished change leaves behind: setting authentication-mode to password or AAA without the matching password or account already configured means the very next login attempt — potentially your own — fails on the Console or VTY line you just touched.

Is format ever a normal, planned operation, or should it never be run?

It's a normal operation in specific contexts — initial deployment, decommissioning a storage device, a documented factory-reset procedure. But per the source guidance it should never be run as a quick fix for one unwanted file, since it clears every file on the named storage device and, per the documentation, the result can't be undone.

Honest Limits of This Note

Honest Limits of This Note

This checklist is built from Huawei's AR Router Maintenance Manual and Quick Maintenance Guide danger-operation tables, cross-checked against each other for consistency. It covers AR-series router hardware actions and VRP command risks specifically. Sx3-series switch operations, other vendors' equivalent commands (reload, erase, boot system on Cisco IOS, for instance) and firewall or security-device-specific dangerous operations are a different list and aren't covered here.

Not sure whether a command is safe to run on your box?

Send us the exact command, the device model and software version, and what you're trying to accomplish — we'll help you find the safer way to get there.

WhatsApp an engineer →

Related Reading