Cisco Devices

PAM provides Privileged Account and Session Management for your Cisco device including Password Rotation.


This article covers how to create an PAM record to manage your SSH enabled Cisco device, optionally with Enable mode, including secure, password-less connections with recording and automated polices for password reset and rotation.



Do you also have Juniper or Palo Alto Network devices that you need to manage?

Manage your Cisco device

Creating an PAM record to Manage your Cisco device:

  1. Login to PAM as a System Administrator.
  2. Navigate to Administration > Records Types.
  3. Locate the Cisco record type in the list and click the Edit button to its right.
  4. On the Cisco type edit page, locate the Hidden parameter and disable/remove the checked option. Click the Save button.
  5. Navigate to Records > All Records.
  6. From the Add Record dropdown menu, select Cisco.
  7. Enter a Name (required) and a Description (optional)
  8. Populate your Cisco device values into the Host, Port, User and Password fields.
  9. (Optional) If you want to automatically switch to Cisco’s Enable mode when a secure connection is established, enter a value for Enable Password and Enable Level.
  10. To disable Enable Mode authentication, enter -1 into the Enable Level field.

  11. Click Save and Return to continue.

Your Cisco device is now under management in PAM. You may use the Connect button to test connectivity and if you wish to implement a Password Reset policy, continue to the next section of this article.

Password for Cisco device

Creating a policy to reset or rotate the Password for your Cisco device:

  1. Open your Cisco record in PAM with a System Administrator or an account that has the Manage permission for Task Control.
  2. Within this record, open the Manage menu and select the Tasks option.
  3. By default, both the Check Status and Password Reset scripts will applied.
  4. Next to the Password Reset script, click the Actions menu and select Edit Policy.
  5. Choose your required Policy by selecting from the list of available events.
  6. Click the Save button when finished.

If you are managing several different Cisco devices and wish to apply the same policy for all records, perform the same steps above to the Cisco Record Type rather than each individual record.

Your password reset policy is now applied to the PAM record managing your Cisco device. The password being reset will be the User password, not the Enable password.