Tuesday, May 31, 2016

Cisco Firewall: What Is That "passwd" In CLI?

I was tasked to clear up an issue on an ASA running 9.4 code.  The issue?  There was a default password left on the ASA, that should be deleted out.  In CLI, you will see a command "passwd ...". That is the default password for telnet and ssh.  See from Cisco's documentation below:

The login password is used for Telnet and SSH connections. By default, the login password is "cisco." To change the password, enter the following command:
hostname(config)# {passwd | password} password
You can enter passwd or password. The password is a case-sensitive password of up to 16 alphanumeric and special characters. You can use any character in the password except a question mark or a space.
The password is saved in the configuration in encrypted form, so you cannot view the original password after you enter it. Use the no password command to restore the password to the default setting.


  1. I have a general question which is not related to this context. I need your valuable answer.
    My question here is how come router assumed to be Layer-3 device. In that case, router usually will perform actions based on Source/Destination Port numbers if we involve ACL entries in it. How come router termed as Layer-3 device?

    1. Ganesh, all "routers" ARE L3 capable. "Switches" can be EITHER L2 or L3 capable.

  2. Thanks Shane. But my doubt is "Why Routers/switches limited to L3/L2orL3 capable devices even though they work on Source port/Dest port (Layer 4 parameters) if we involve ACLs ?"

    1. Look at it like this. You have a car. It has air conditioning. It has at least two chairs. It has storage. It has cup holders. It had a radio. But you wouldn't call it your home, right? Because it's a car, and that's what it's designed to be. Even though you 'could' live in your car, you wouldn't. Routers are designed to route. Switches are designed to switch.


Your comment will be reviewed for approval. Thank you for submitting your comments.