username

Creates and configures a user account.

Syntax

username username password password role role_name [ access-time HHMM to HHMM ] [ desc description ] [ enable { true | false } ] [ encryption-level { 0 | 7 | 10 } ] [ expire { never | YYYY-MM-DD } ] [ role role_name ] [ acct-inactivity-expiry-period 1-180 ] [ acct-inactivity-warning-period 1-120 ]

no username name

Parameters

username

Specifies the account login name.

access-time HHMM to HHMM

Restricts the hours that the user may be logged in. Valid values range from 0000 through 2400 in 24-hour format. By default, users are granted 24 hour access.

For example, to restrict access to the daily work schedule, use access-time 0800 to 1800 . By default, there is no access-time limitation. To change access time, include both the new "from" time and "to" time. To restore default access time, specify access-time 0000 to 2400 .

desc description

This is an optional parameter. Specifies a description of the account (optional). The description can be up to 64 characters long, and can include any printable ASCII character, except for the following characters: single quotation marks (‘), double quotation marks ("), exclamation point (!), colon (:), and semi-colon (;). If the description contains spaces, enclose the complete description text in double quotation marks.

enable

Enables or disables the account.

true: (Default) Enables the account.
false: Disables the account. A user whose account is disabled cannot log in.

expire

Specifies the password expiration setting.

never: (Default) Does not specify a password expiration date.
YYYY-MM-DD: Specifies a password expiration date.

password password

Specifies the account password. To use the exclamation mark (!) character, either precede it with the escape character (\)—. secret\!password —or enclose the password within double quotes—"secret!password".

role role_name

Specifies the role assigned to the account.

encryption-level { 0 | 7 | 10 }

Specifies the password encryption level. The values are 0 (clear text), 7 (encrypted), and 10 (SHA512 hash). SHA512 hash is the default. If service password-encryption is enabled, it overrides a user-level setting.

acct-inactivity-expiry-period 1-180

Specifies the number of days an account is allowed to be inactive before it is disabled.

acct-inactivity-warning-period 1-120

The time duration (in days) after which warning will be generated prior to account getting disabled.

Modes

Global configuration mode

Usage Guidelines

The username must be of 1-40 characters. It must begin with a letter or underscore and contain only letters, numbers, underscore (_) and period(.) symbols. Username is case sensitive and cannot be the same as that of an existing role.

When creating a username, you must specify a password and a role. When modifying a username, it is sufficient to enter the username username command, followed by the new values.

The maximum number of user accounts on a device is 64.

Note

When configuring the expiry date for a user account, do not configure beyond 19th of January 2038 (2038-01-19). When you configure a date that is beyond this cut off date, the user account will not expire and the account will not get locked.

If a user's password, access time, or role is changed, any existing login sessions for that user are terminated.

To specify access-time, use the system time defined for the Extreme operating system. For the current system time, use the show clock command.

To delete a user account, enter the no username with the name of the account to be deleted.

The root and admin accounts do not expire.

Examples

The following example configures a user account.

device# configure terminal 
device(config)# username testUser password ******** role user desc

The following example modifies an existing user account.

device# configure terminal
device(config)# username testUser desc "add op test user"

The following example modifies an existing user account, restricting the hours that an existing user may be logged in from 08:00 AM through 06:00 PM.

device# configure terminal 
device(config)# username testUser access-time 0800 to 1800

The following example sets the expiry period for the account testUser to 120 days. It also configures warning period to 90 days. A warning log entry is generated after the account's inactivity (in number of days) crosses the configured warning period. The user account gets locked after the expiry period.

Ensure that the acct-inactivity-warning-period value is lesser than or equal to the period specified in the acct-inactivity-expiry-period setting.

device # configure terminal
device(config)# username testUser acct-inactivity-expiry-period 120 acct-inactivity-warning-period 90