create account

create account [admin | user | lawful-intercept] account-name {encrypted encrypted_password | password}


Creates a new user account.

Syntax Description

admin Specifies an access level for admin account type. This user has read and write privileges.
user Specifies an access level for user account type. This user has read-only privileges.
lawful-intercept Specifies an access level for lawful intercept account type.
account-name Specifies a new user account name.
encrypted Specifies the encrypted option.
password Specifies a user password.



User Account Levels

By default, the switch is configured with two accounts with the access levels shown in the table below.

Account Name Access Level
admin You can access and change all manageable parameters. The admin account cannot be deleted.
user You can view (but not change) all manageable parameters, with the following exceptions:
  • You cannot view the user account database.
  • You cannot view the SNMP community strings.
  • You cannot view SSL settings.

This user has access to the ping command.

lawful-intercept This user has special lawful intercept and read-only privileges.
Note: Only a single lawful-intercept account can exist at any one time on the system.

You can use the default names (admin and user), or you can create new names and passwords for the accounts. Default accounts do not have passwords assigned to them. For name creation guidelines and a list of reserved names, see Object Names.

Usage Guidelines

The switch can have a total of 16 user accounts.

The system must have one administrator account.

When you use the encrypted keyword, the following password that you specify in plain text is entered and displayed by the switch in an encrypted format. Administrators should not use the encrypted option and should enter the password in plain text. The encrypted option is used by the switch after encrypting the plain text password. The encrypted option should be used by the switch only to show, store, and load a system-generated encrypted password in configuration; this applies with the following commands: save configuration, show configuration, and use configuration.

The system prompts you to specify a password after you enter this command and to reenter the password. If you do not want a password associated with the specified account, press [Enter] twice.

You must have administrator privileges to change passwords for accounts other than your own. User names are not case-sensitive. Passwords are case-sensitive. User account names must have a minimum of 1 character and can have a maximum of 32 characters. Passwords must have a minimum of 0 characters and can have a maximum of 32 characters.


The DUT will not allow account names that begin with a number.


If the account is configured to require a specific password format, the minimum is eight characters. See configure account password-policy char-validation for more information.


The following example creates a new account named "John2" with administrator privileges:

create account admin John2


This command was first available in ExtremeXOS 10.1.

The encrypted option was added in ExtremeXOS 11.5.

The lawful intercept option was added in ExtremeXOS 15.3.2.

Platform Availability

This command is available on all platforms.