create account

create account [admin | user | lawful-intercept] account-name {encrypted encrypted_password | password}

Description

Creates a new user account.

Syntax Description

admin Specifies an access level for admin account type. This user has read and write privileges.
user Specifies an access level for user account type. This user has read-only privileges.
lawful-intercept Specifies an access level for lawful intercept account type.
account-name Specifies a new user account name.
encrypted
Note: Using this option incorrectly can result in you being locked out of your switch account.

This option specifies that the entered password is in encrypted hash format, not that the resulting password will be stored in encrypted form. Generally, this option should not be used. Using this option with a plain text password, as opposed to a hashed version of a password, can result in the user being locked out of the account.

password Specifies a user password.

Default

N/A.

User Account Levels

By default, the switch is configured with two accounts with the access levels shown in the table below.

Account Name Access Level
admin You can access and change all manageable parameters. The admin account cannot be deleted.
user You can view (but not change) all manageable parameters, with the following exceptions:

This user has access to the ping command.

lawful-intercept This user has special lawful intercept and read-only privileges.
Note: Only a single lawful-intercept account can exist at any one time on the system.

You can use the default names (admin and user), or you can create new names and passwords for the accounts. Default accounts do not have passwords assigned to them. For name creation guidelines and a list of reserved names, see Object Names.

Usage Guidelines

The switch can have a total of 16 user accounts.

The system must have one administrator account.

When you use the encrypted keyword, the following password that you specify should be in encrypted hash format. Administrators should not use the encrypted option and should enter the password in plain text. Using this option with a plain text password, as opposed to a hashed version of a password, can result in the user being locked out of the account. Generally, this option should not be used. A valid use of this option would be when transferring account information between switches using the output of the show configuration command, where the displayed password is in hashed form. You can copy this hashed password and enter it as the password with the encrypted option. The switch will de-crypt the hashed password into the plain text password that as specified for the original account.

The system prompts you to specify a password after you enter this command and to reenter the password. If you do not want a password associated with the specified account, press [Enter] twice.

You must have administrator privileges to change passwords for accounts other than your own. User names are not case-sensitive. Passwords are case-sensitive. User account names must have a minimum of 1 character and can have a maximum of 32 characters. Passwords must have a minimum of 0 characters and can have a maximum of 32 characters. For user names, only alphanumeric, dash (-), and underscore (_) characters may be used. If you use a hashtag (#), everything after it is ignored.
Note

Note

User names cannot begin with a number.
Note

Note

If the account is configured to require a specific password format, the minimum is eight characters. See configure account password-policy char-validation for more information.

Example

The following example creates a new account named "John2" with administrator privileges:

create account admin John2

History

This command was first available in ExtremeXOS 10.1.

The encrypted option was added in ExtremeXOS 11.5.

The lawful intercept option was added in ExtremeXOS 15.3.2.

Platform Availability

This command is available on the Summit X450-G2, X460-G2, X670-G2, X770, and ExtremeSwitching X440-G2, X620, X690, X870 series switches.