create netlogin local-user

create netlogin local-user user-name {encrypted} encrypted_password | password } {vlan-vsa [[{tagged | untagged} [vlan_name] | vlan_tag]]} {security-profile security_profile}

Description

Creates a local network login user name and password.

Syntax Description

user-name Specifies a new local network login user name. User names must have a minimum of 1 character and a maximum of 32 characters.
encrypted The encrypted option is used by the switch to encrypt the password. Do not use this option through the command line interface (CLI).
password Specifies a local network login user password. Passwords must have a minimum of 0 characters and a maximum of 32 characters.
tagged Specifies that the client be added as tagged.
untagged Specifies that the client be added as untagged.
vlan_name Specifies the name of the destination VLAN (Virtual LAN).
vlan_tag Specifies the VLAN ID, tag, of the destination VLAN.
security_profile Specifies a security profile string during account creation.

Default

N/A.

Usage Guidelines

Use this command to create a local network login account and to configure the switch to use its local database for network login authentication. This method of authentication is useful in the following situations:

  • If both the primary and secondary (if configured) RADIUS (Remote Authentication Dial In User Service) servers timeout or are unable to respond to authentication requests.
  • If no RADIUS servers are configured.
  • If the RADIUS server used for network login authentication is disabled.

If any of the above conditions are met, the switch checks for a local user account and attempts to authenticate against that local account.

Extreme Networks recommends creating a maximum of 64 local accounts. If you need more than 64 local accounts, we recommend using RADIUS for authentication. For more information about RADIUS authentication, see the ExtremeXOS 22.2 User Guide.

You can also specify the destination VLAN to enter upon a successful authentication.

Note

Note

If you do not specify a password or the keyword encrypted, you are prompted for one.

Additional Requirements

This command applies only to the web-based and MAC-based modes of network login. 802.1X network login does not support local database authentication.

You must have administrator privileges to use this command. If you do not have administrator privileges, the switch displays a message similar to the following:

This user does not have permissions for this command. 

User names are not case-sensitive. Passwords are case-sensitive. User names must have a minimum of 1 character and a maximum of 32 characters. Passwords must have a minimum of 0 characters and a maximum of 32 characters. If you use RADIUS for authentication, we recommend that you use the same user name and password for both local authentication and RADIUS authentication.

If you attempt to create a user name with more than 32 characters, the switch displays the following messages:

%% Invalid name detected at '^' marker. %% Name cannot exceed 32 characters. 

If you attempt to create a password with more than 32 characters, the switch displays the following message after you re-enter the password:

Password cannot exceed 32 characters 

Modifying an Existing Account

To modify an existing local network login account, use the following command:

configure netlogin local-user user-name {vlan-vsa [[{tagged | untagged} [vlan_name | vlan_tagw]] | none]}

Displaying Local Network Login Accounts

To display a list of local network login accounts on the switch, including VLAN information, use the following command:

show netlogin local-users

Example

The following command creates a local network login user name and password:

create netlogin local-user megtest

After you enter the local network login user name, press [Enter]. The switch prompts you to enter a password (the switch does not display the password):

password:

After you enter the password, press [Enter]. The switch then prompts you to re-enter the password:

Reenter password:

The following command creates a local network login user name, password, and associates a destination VLAN with this account:

create netlogin local-user accounting vlan-vsa blue

As previously described, the switch prompts you to enter and confirm the password.

History

This command was first available in ExtremeXOS 11.2.

The vlan-vsa parameter and associated options were added in ExtremeXOS 11.3.

The security-profile parameter was added in ExtremeXOS 12.1.

Platform Availability

This command is available on the Summit X450-G2, X460-G2, X670-G2, X770, and ExtremeSwitching X440-G2, X620, X690, X870 series switches.