What is Default Username and Password for Cisco Switches?

TL;DR – Quick Answer

Most Cisco enterprise switches - including the Catalyst 2960, 9200, 9300, and higher — have no default username or password. You must create login credentials during the first console-based setup.

Only the Cisco Catalyst C1200 and C1300 Series (SMB switches) have factory default credentials:

Default Username: cisco
Default Password: cisco
Default IP Address: 192.168.1.254 (/24)

These credentials must be changed immediately upon first login.

NS engineers strongly recommend: Enforcing strong password policies, using SSH/HTTPS for management, and integrating centralized authentication (RADIUS/TACACS+).

Why Default Credentials Matter?

When deploying a new Cisco switch, one of the first questions network engineers ask is:

“What’s the default username and password?”

Default credentials can make initial setup faster, but they also introduce a serious security risk. Attackers often scan for devices using factory defaults to gain unauthorized access.

Cisco’s design approach eliminates this risk - most switches require credentials to be set manually during the first boot. This ensures that no device is deployed with known login details.

At Network-Switch.com (NS), our engineers emphasize that understanding Cisco’s credential policy is essential to secure Day-0 configurations and prevent unauthorized access.

Cisco uses different approaches to initial login across its product families. Below is a breakdown by series and management type.

SMB and Branch Switches (Catalyst C1200 / C1300 / Business Series)

These switches are designed for small businesses and branch offices.
They come preconfigured for Web GUI access.

Default Username: cisco
Default Password: cisco
Default IP Address: 192.168.1.254 (/24 subnet)

You are required to change the password at first login — the system will not proceed until you do.

Enterprise Switches (Catalyst 2960, 3650, 3850, 9200, 9300, 9400, 9500)

Enterprise models have no default credentials. You must connect through the console port to set up the username, password, and enable SSH.

Example: Creating Login Credentials via CLI

Switch> enable

Switch# configure terminal

Switch(config)# username admin privilege 15 secret StrongP@ssw0rd

Switch(config)# line vty 0 4

Switch(config-line)# login local

Switch(config-line)# transport input ssh

Switch(config-line)# end

Switch# write memory

This configuration defines a secure local user, restricts remote access to SSH only, and saves the configuration.

Cloud-Managed Switches (Meraki MS Series)

These use the Meraki Dashboard for management.

Default Username: admin
Default Password: device serial number
Default IP Address: Assigned by DHCP or manually configured.

Cisco Switch Series	Default Username	Default Password	Default IP Address	Notes
Catalyst C1200	cisco	cisco	192.168.1.254	Must change on first login
Catalyst C1300	cisco	cisco	192.168.1.254	Must change on first login
Catalyst 2960 / 2960-X	None	None	None	Requires console setup
Catalyst 3650 / 3850	None	None	None	Requires console setup
Catalyst 9200 / 9300	None	None	None	Requires console setup
Catalyst 9400 / 9500	None	None	None	Requires console setup
Meraki MS Series	admin	Serial Number	DHCP or Static	Managed via Dashboard

Cisco intentionally designs enterprise-grade switches with no default credentials to eliminate attack vectors based on known logins.

Why Most Cisco Switches Have No Default Username or Password?

Cisco follows a “secure-by-default” philosophy. This means that no Cisco enterprise switch ships with pre-set login credentials, minimizing the possibility of unauthorized access during initial setup.

Security Benefits:

Prevents credential reuse across different deployments.
Eliminates exposure to password brute-force attacks.
Enforces administrator awareness and control from Day-0.

Password Complexity Requirements:
Cisco IOS and IOS XE platforms enforce these best practices:

Minimum of 8 characters.
Combination of uppercase, lowercase, numbers, and symbols.
Avoid manufacturer-related terms like “cisco” or “catalyst.”
Prevent consecutive or repeating characters.

Optional Configuration (enforce password strength):

Switch(config)# security passwords min-length 8

Switch(config)# password strength-check

NS engineers note: Cisco’s default credential-free approach protects the network even before any configuration is applied.

How to Reset or Recover a Cisco Switch Password

If you forget the login credentials, physical console access is required.

Standard Recovery Steps:

Connect to the console port using a terminal emulator.
Power-cycle the switch.
Interrupt boot sequence to enter ROMMON or switch:boot mode.
Follow password recovery instructions specific to your model.
Save and reload configuration.

Example (Cisco 9300 Recovery Workflow):

Enter boot mode during startup.
Use the confreg 0x2142 command to bypass startup config.
Create a new password and re-enable saved configuration.

⚠️ Note:
If Secure Sensitive Data (SSD) protection is enabled, password recovery may be restricted to protect encrypted credentials.

To maintain a secure and compliant Cisco network, NS engineers recommend a three-pillar approach to credential and access control.

Credential Management

Change any factory default credentials immediately.
Rotate passwords regularly (every 90 days or per security policy).
Use AAA for centralized user management:scss复制编辑Switch(config)# aaa new-model Switch(config)# aaa authentication login default group tacacs+ local Switch(config)# tacacs-server host 10.10.10.5 key MySharedKey

Secure Access Protocols

Enable SSH, disable Telnet.
Enable HTTPS, disable HTTP.
Restrict management access to trusted subnets with ACLs.arduino复制编辑Switch(config)# ip access-list standard MGMT_ACCESS Switch(config-std-nacl)# permit 10.10.1.0 0.0.0.255 Switch(config)# line vty 0 4 Switch(config-line)# access-class MGMT_ACCESS in

Monitoring and Recovery Preparedness

Enable login lockout and logging for failed attempts.
Store configuration backups securely and exclude sensitive data:arduino复制编辑Switch(config)# archive Switch(config-archive)# path tftp://10.10.10.20/backup Switch(config-archive)# write-memory
Maintain an internal password recovery playbook for administrators.

In NS field audits, 80% of security incidents originate from weak or unchanged default credentials. Strengthening authentication is the first layer of defense.

Q1: What is the default IP address for Cisco C1300 switches?
A: 192.168.1.254 with a /24 subnet — used for initial Web GUI setup.

Q2: What is the default username and password for Cisco switches?
A: Only the C1200 and C1300 series use cisco/cisco. All others require manual configuration.

Q3: How do I log in to a new Cisco switch for the first time?
A: Connect via the console port, enter privileged EXEC mode, and create local credentials before enabling SSH or Web management.

Q4: How do I recover a forgotten password?
A: Use console access and follow the password recovery process for your switch model. For Cisco 9300, refer to Cisco’s official Password Recovery Guide.

Q5: Does Cisco have a universal “admin” login?
A: No. Cisco does not use global credentials. Each device must be configured individually to maintain security compliance.

Summary – NS Engineers’ Evaluation

Understanding default credentials is critical to securing your Cisco network.

Only SMB models (C1200/C1300) have a default username and password (cisco/cisco).
All enterprise-grade switches require credential setup during initial configuration.
Cisco’s secure-by-default design philosophy eliminates risk from factory logins.

To maintain long-term security:

Enforce AAA, SSH/HTTPS, and password complexity policies.
Disable unused access protocols (Telnet/HTTP).
Regularly audit device configurations.

NS engineers recommend integrating Cisco switches into centralized authentication frameworks (RADIUS/TACACS+) and applying zero-trust principles to management access from Day-0.

Did this article help you or not? Tell us on Facebook and LinkedIn . We’d love to hear from you!