Change your TACACS password

Cisco - Enterprise


SSH to the device, enter your username, enter a blank password, enter your old password, enter a new password and enter the new password again. Done.

Whats this for?

Change your TACACS password can be used to change the password you are using to log into switches. Most companies would be using your active directory password and it should be easy enough to do Ctrl+Alt+Delete or jump onto Active Directory Users and Computers to update it. If that's the case you probably won't need this guide but, have a read anyway as it's not that long! However, you might be contracting for a company and only have remote access to the switches or you might work in a company that deliberately keeps switch authentication away from active directory for a security related reasons. If that's the case this guide is for you!

This guide will talk you through a quick and easy process you can run through when logging onto a switch to change your password. This cannot be used to reset a forgotten password as you will need to know your old password.

Demo Enviroment

The outputs below come from the following setup...

  • Hardware: Cisco Catalyst 9300
  • OS: IOS-XE
  • Version: 16.6.5
  • TACACS Software: Cisco ISE 2.4
  • Date: 07-08-2019

Note: I have used this on all sorts of IOS and IOS-XE switches I will be supprised if you find one where it doesnt work!


Change your TACACS password

This guide is nice and simple you just need to follow the following steps:

  1. SSH to the switch
  2. Enter your username and press enter
  3. Do not enter your password, just press enter
  4. Enter your old password and press enter
  5. Enter your new password and press enter
  6. Enter your new password and press enter
  7. Take the afternoon off, just becase
login as: tmorgan-admin

Using keyboard-interactive authentication.

password: <BLANK>

Using keyboard-interactive authentication.

Enter old password: <OLD PASSWORD>

Using keyboard-interactive authentication.

Enter new password: <NEW PASSWORD>

Using keyboard-interactive authentication.

Enter new password confirmation: <NEW PASSWORD>