Cisco Switch Default Password & Recovery Guide

Most Cisco routers and switches ship with well-known default usernames like “admin” or “cisco” and management IPs such as 192.168.1.1 or 192.168.1.254. However, many enterprise models—including the latest Catalyst and Nexus switches—have no default login credentials and require setup via console on first boot for security. Only a few series (like Catalyst 1200/1300) still use “cisco/cisco” with 192.168.1.254, and even these force a password change at initial login.

Below is a comprehensive table of Cisco default usernames, passwords, and management IPs for popular models—plus practical advice on recovery, configuration, and best practices for network security.

Cisco Switch Default Password, and Management IP Address List

Note: Many Cisco enterprise switches (especially Catalyst 9000 series) now ship with no default password and require creating a user during the initial setup wizard. The following defaults are for legacy and SMB models that still use factory credentials.

Cisco Catalyst & Nexus Switches Default Password

List of Default Cisco Passwords & Other Info

Important Note

• For Catalyst 9000 series and modern IOS XE devices: no default credentials. You must create a local admin account during first boot.
• Always change factory defaults immediately to prevent unauthorized access.

How to Change Cisco Switch Default Password

1. Enter Global Configuration Mode:

Switch> enable
Switch# configure terminal

2. Create a Local Admin User:

Switch(config)# username admin privilege 15 secret StrongP@ssw0rd!

3. Set Enable Secret Password:

Switch(config)# enable secret NewEnablePass123

4. Verify Configuration:

Switch# show run | include username
Switch# show run | include enable secret

How to Reset the Password on a Cisco Switch (Step-by-Step)

Preparation

• Console cable and terminal software (9600 baud, no flow control)
• Physical access to the switch

Step-by-Step Password Recovery Process

1. Power cycle the switch.
   • Unplug and replug the power cable.
2. Interrupt the boot sequence.
   • As soon as the switch begins to boot, press and hold the Mode button (for Catalyst 2960/3850/9300, etc.) OR
   • For CLI: Send a break signal (Ctrl+Break) in your terminal window right after power-on.
3. Enter ROMMON or Switch: prompt.
   • On many models, you will see a switch: prompt (or rommon> for routers/Nexus).
4. Initialize flash file system.
   switch: flash_init
5. Load the startup configuration into memory (if needed).
   switch: load_helper switch: dir flash:
6. Rename or delete the configuration files.
   switch: rename flash:config.text flash:config.old
switch: delete flash:config.text
switch: delete flash:vlan.dat # (optional, resets VLAN info)
7. Reboot the switch.
   switch: boot
8. Enter privileged EXEC mode (no password required).
   Switch> enable
9. Copy the old config back (to recover interfaces and settings).
   Switch# copy flash:config.old running-config
10. Reset the enable/console password.
    Switch# configure terminal
Switch(config)# enable secret NEWPASSWORD
Switch(config)# username admin privilege 15 secret NEWADMINPASS
Switch(config)# exit
11. Restore startup config and normal boot.
    Switch# write memory
Switch# reload(or)Switch# copy running-config startup-config
12. (If you changed the config register for routers, restore default register)
    Switch(config)# config-register 0x2102

Quick Reference Flow

1. Power cycle → Interrupt boot → Enter ROMMON/switch: prompt
2. flash_init → rename/delete config.text
3. boot → enable → copy config.old running-config
4. Set new passwords
5. Save & reload

Security Best Practices for Cisco Switch Password

• Use Strong Passwords: At least 12 characters, mix of upper/lowercase, numbers, and symbols.
• Enable SSH Instead of Telnet:

Switch(config)# line vty 0 4
Switch(config-line)# transport input ssh

• Implement AAA (Authentication, Authorization, Accounting):

Switch(config)# aaa new-model
Switch(config)# aaa authentication login default local

• Regularly Audit Configurations: Use scripts or Ansible to verify password policies.
• Set Login Banners for Legal Notice:

Switch(config)# banner motd #Unauthorized access prohibited!#

Automating Password Management

For enterprises managing dozens of Cisco switches, automation is critical, use Ansible or Python management Cisco Password:

• Ansible Example Playbook:

- hosts: cisco_switches
  gather_facts: no
  tasks:
    - name: Update admin password
      ios_user:
        name: admin
        configured_password: StrongP@ss2025!
        privilege: 15

• Python Netmiko Script:

from netmiko import ConnectHandler

device = {
    'device_type': 'cisco_ios',
    'host': '192.168.1.1',
    'username': 'admin',
    'password': 'oldpass'
}

net_connect = ConnectHandler(**device)
net_connect.send_config_set([
    'username admin privilege 15 secret NewP@ssw0rd!'
])
net_connect.save_config()

FAQ

resources

Cisco Supports

Cisco Catalyst 9300 Series Switches