User Management
This chapter is a reference for user management commands.
This chapter includes these commands:
clear aaa local user lockout username
Use this command to unlock the locked user due to three times wrong password login attempt.
Command Syntax
clear aaa local user lockout username USERNAME
Parameters
USERNAME
User name; length 2-15 characters
Command Mode
Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#clear aaa local user lockout username testuser
debug user-mgmt
Use this command to display user management debugging information.
Use the no form of this command stop displaying user management debugging information.
Command Syntax
debug user-mgmt
no debug user-mgmt
Parameters
None
Default
By default, disabled.
Command Mode
Exec mode and Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#debug user-mgmt
#config t
(config)#debug user-mgmt
show user-account
Use this command to display information about all users or a given user.
Command Syntax
show user-account (WORD|)
Parameters
WORD
User name
Command Mode
Privileged Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#show user-account
User:user1
roles: network-operator
User:user2
roles: network-operator
User:user3
roles: network-operator
username
Use this command to add a user or to change a user password.
The
role parameter maps to privilege levels in the TACACS+ server as shown in
Table 3-11 Table 3-11: Role/privilege level mapping
Role | Privilege level |
---|
Network administrator | 15 |
Network engineer | 14 |
Network operator | 1 to 13 |
Network user | 0 or greater then 15 |
Use the no form of this command to remove a user.
Command Syntax
username USERNAME
username USERNAME password (encrypted|) PASSWORD
username USERNAME role (network-admin|network-engineer|network-operator|network-user)
username USERNAME role (network-admin|network-engineer|network-operator|network-user) password (encrypted|) PASSWORD
username USERNAME (role (network-admin|network-engineer|network-operator|network-user|ROLE-NAME)|) password (encrypted|) PASSWORD
username disable-default
no username disable-default
no username USERNAME
Parameters
USERNAME
Name of the user (2-15 alphanumeric characters)
encrypted
Encrypted password
PASSWORD
Password; length 5-32 characters
network-admin
Network administrator role with all access permissions that can make permanent changes to the configuration. Changes persist after a reset/reboot of the switch.
network-engineer
Network engineer role with all access permission that can make permanent changes to the configuration. Changes persist after a reset/reboot of the switch.
network-operator
Network operator role with all access permissions that can make temporary changes to the configuration. Changes do not persist after a reset/reboot of the switch.
network-user
Network user role with access permissions to display the configuration, but cannot change the configuration.
ROLE-NAME
Refers to an user-defined RBAC role
disable-default
This option is used to disable the implicit configuration of default user by the system. This command can be executed only by users with “network-admin” privileges. When this option is configured, explicit configuration of default user will be rejected. If default-user is explicitly configured using “username” CLI, it should be removed using “no username USERNAME” before configuring “disable-default”
Default
By default, user name is disabled.
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#configure terminal
(config)#username fred_smith password fred123