How to List All User Accounts and Reset Passwords on Cisco Catalyst Switches and ASAs


2 views

When administering Cisco Catalyst switches (like 3750/3560) and ASA firewalls (5500/5500-X series), you'll often need to manage local user accounts. The show users command only displays currently active sessions, not the complete user database.

For Cisco IOS switches, use:

Switch# show running-config | include username
username admin privilege 15 secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
username jsmith privilege 1 password 7 094F471A1A0A

For ASA firewalls:

ASA# show running-config | include username
username admin password xxxxxxxxxxx encrypted privilege 15
username operator password yyyyyyyyyy encrypted privilege 3

To change a specific user's password on IOS:

Switch# configure terminal
Switch(config)# username jsmith secret newP@ssw0rd2023
Switch(config)# end

For ASA devices:

ASA# configure terminal
ASA(config)# username operator password NewSecurePass123
ASA(config)# exit

For bulk operations, consider these techniques:

! Create multiple users in one batch
Switch(config)#
username netadmin privilege 15 secret Admin@123
username monitor privilege 5 secret ViewOnly@456
username backup privilege 10 secret Backup#789

To verify password changes:

Switch# test aaa group tacacs+ jsmith NewSecurePass123 legacy

If you encounter locked accounts:

! Clear failed login attempts
Switch# clear aaa local user lockout username jsmith

For forgotten usernames when you only have enable access:

! Search for any TACACS/RADIUS fallback configurations
Switch# show running-config | include fallback

When administering Cisco Catalyst switches (3750/3560 series) or ASA firewalls (55xx models), you'll often need to view and manage user accounts. Unlike Linux/Windows systems where user lists are straightforward, Cisco's IOS and ASA OS handle this differently.

The show users command only displays currently active sessions. To see all configured accounts:

# For Catalyst switches:
Switch# show running-config | include username
username admin privilege 15 secret 5 $1$2FqT$Z8uL7VQxK9mYHjK1lNnXb/
username guest privilege 1 secret 5 $1$MGqT$P4sW3RXyJ9oL6kM2nVbC/

# For ASA firewalls:
ASA# show running-config username
username admin password 2KFQnbNIdI.2KYOU encrypted privilege 15
username auditor password 8YHqTnbNIdI.8YOU encrypted privilege 5

To modify a specific user's credentials:

# On Catalyst switches:
Switch(config)# username admin secret NewSecurePass123!
Switch(config)# end
Switch# write memory

# On ASA firewalls:
ASA(config)# username admin password NewSecurePass456! privilege 15
ASA(config)# exit
ASA# write memory

For more detailed user information:

# Check privilege levels (Catalyst):
Switch# show privilege
Current privilege level is 15

# View AAA configuration (both platforms):
Switch# show running-config | section aaa

If you encounter problems:

  • Ensure you're in enable mode (privilege level 15)
  • Verify your terminal length isn't truncating output (terminal length 0)
  • For ASAs, check if you're in multiple context mode

When managing users:

  • Always use secret instead of password on IOS devices
  • Implement role-based access control (privilege levels)
  • Regularly audit user accounts with the above commands
  • Consider using TACACS+/RADIUS for centralized authentication