User Management
This chapter is a reference for user management commands.
This chapter includes these commands:
clear aaa local user lockout username
Use this command to unlock the locked user due to three times wrong password login attempt.
Command Syntax
clear aaa local user lockout username USERNAME
Parameters
USERNAME
User name; length 2-15 characters
Command Mode
Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#clear aaa local user lockout username testuser
clear line
Use this command to clear or close the already opened vty line sessions.
Command Syntax
clear line WORD
Parameters
WORD Enter the Location name (Max Size 64)
Command Mode
Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#show users
Current user : (*). Lock acquired by user : (#).
CLI user : [C]. Netconf users : [N].
Location : Applicable to CLI users.
Session : Applicable to NETCONF users.
Line User Idle Location/Session PID TYPE Role
(*) 130 vty 0 [C]ocnos 0d00h00m pts/0 16725 Local network-admin
#clear line pts/0
Connection closed by foreign host.
-bash-4.1#
clear user
Use this command to clear or close the already opened sessions based on the username.
Note: This command will close active telnet sessions if the account being cleared is already active, however the SSH sessions will continue to persist until disconnect.
Command Syntax
clear user WORD
Parameters
WORD Enter the username (Max Size 28)
Command Mode
Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#show users
Current user : (*). Lock acquired by user : (#).
CLI user : [C]. Netconf users : [N].
Location : Applicable to CLI users.
Session : Applicable to NETCONF users.
Line User Idle Location/Session PID TYPE Role
(*) 130 vty 0 [C]ocnos 0d00h00m pts/0 16725 Local network-admin
#clear user ocnos
Connection closed by foreign host.
-bash-4.1#
debug user-mgmt
Use this command to display user management debugging information.
Use the no form of this command stop displaying user management debugging information.
Command Syntax
debug user-mgmt
no debug user-mgmt
Parameters
None
Default
By default, disabled.
Command Mode
Exec mode and Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#debug user-mgmt
#config t
(config)#debug user-mgmt
show user-account
Use this command to display information about all users or a given user.
Command Syntax
show user-account (WORD|)
Parameters
WORD
User name
Command Mode
Privileged Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#show user-account
User:user1
roles: network-operator
User:user2
roles: network-operator
User:user3
roles: network-operator
username
Use this command to add a user or to change a user password.
The
role parameter maps to privilege levels in the TACACS+ server as shown in
Table 32-87 Table 32-87: Role/privilege level mapping
Role | Privilege level |
|---|
Network administrator | 15 |
Network engineer | 14 |
Network operator | 1 to 13 |
Network user | 0 or greater then 15 |
Use the no form of this command to remove a user.
Command Syntax
username USERNAME
username USERNAME password (encrypted|) PASSWORD
username USERNAME role (network-admin|network-engineer|network-operator|network-user)
username USERNAME role (network-admin|network-engineer|network-operator|network-user) password (encrypted|) PASSWORD
username USERNAME (role (network-admin|network-engineer|network-operator|network-user|ROLE-NAME)|) password (encrypted|) PASSWORD
username disable-default
no username disable-default
no username USERNAME
Parameters
USERNAME
Name of the user (2-15 alphanumeric characters)
encrypted
Encrypted password
PASSWORD
Password; length: 8-32 characters.
Password must contain at least:
- One uppercase letter
- One lowercase letter
- One digit
- One special character (acceptable special characters: ~`!@#$%^&*(){}'[],.\"</\+-_:; ) ,
Note: The following characters are not acceptable in passwords: '=?|>
network-admin
Network administrator role with all access permissions that can make permanent changes to the configuration. Changes persist after a reset/reboot of the switch.
network-engineer
Network engineer role with all access permission that can make permanent changes to the configuration. Changes persist after a reset/reboot of the switch.
network-operator
Network operator role with all access permissions that can make temporary changes to the configuration. Changes do not persist after a reset/reboot of the switch.
network-user
Network user role with access permissions to display the configuration, but cannot change the configuration.
ROLE-NAME
Refers to an user-defined RBAC role
disable-default
This option is used to disable the implicit configuration of default user by the system. This command can be executed only by users with “network-admin” privileges. When this option is configured, explicit configuration of default user will be rejected. If default-user is explicitly configured using “username” CLI, it should be removed using “no username USERNAME” before configuring “disable-default”.
Default
By default, user name is disabled.
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#configure terminal
(config)#username fred_smith password Fred123$