Solved: Change local admin password without resetting or rebooting deivce

fraley.b12 · ‎04-08-2022

I am attempting to reset the local admin account passwords via CLI on a number of our Cisco devices. For a little context, we had a network outage which kicked down our RADIUS server and thus some devices were not able to authenticate. We do have local account to fall back on in the event this happens again, but during this outage we realized no one knew what the local admin passwords were. Thus I am attempting to reset them to something secure and then securely store the passwords.

I have seen a number of guides and suggesting to reboot the device and enter recovery mode. Which is something I would like to avoid if possible. I do have level 15 privilege on all of the devices and just would like a little guidance on how to do so.

The devices -

Cisco ISRs 4400

Cisco 3850-48P in a stack

Cisco 3925's

Cisco 5596's

Cisco 9148's

Finally Cisco ASA's.

I am assuming the process is consistent across all of the devices minus the ASAs. Any advice or guidance provided would be appreciated. Of course, if this is not possible, that is also fine, I just haven't found anything indicating that.

Kasun Bandara · ‎04-08-2022

yes, when you resetting enable,console passwords, you need to restart devices. because recovery method idea is to load default config and do the changes. to load default settings, we need to restart devices

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

View solution in original post

Kasun Bandara · ‎04-08-2022

yes, when you resetting enable,console passwords, you need to restart devices. because recovery method idea is to load default config and do the changes. to load default settings, we need to restart devices

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

Charlie Moreton · ‎04-08-2022

Recovery mode is the only way. Otherwise it is a security risk.

fraley.b12 · ‎04-08-2022

Makes sense.

Thank you both for you input.