username

Creates and configures a user account.

Syntax

username username password password role role_name [ access-time HHMM to HHMM ] [ desc description ] [ enable { true | false } ] [ encryption-level { 0 | 7 | 10 } ] [ expire { never | YYYY-MM-DD } ] [ role role_name ] [ acct-inactivity-expiry-period 1-180 ] [ acct-inactivity-warning-period 1-120 ]

no username name

Parameters

username

Specifies the account login name. This includes the system default accounts, root, admin , and user. You can also use this command to create user defined accounts.

access-time HHMM to HHMM

Restricts the hours that the user may be logged in. Valid values range from 0000 through 2400 in 24-hour format. By default, users are granted 24 hour access.

For example, to restrict access to the daily work schedule, use access-time 0800 to 1800 . By default, there is no access-time limitation. To change access time, include both the new "from" time and "to" time. To restore default access time, specify access-time 0000 to 2400 .

desc description

This is an optional parameter. Specifies a description of the account (optional). The description can be up to 64 characters long, and can include any printable ASCII character, except for the following characters: single quotation marks (‘), double quotation marks ("), exclamation point (!), colon (:), and semi-colon (;). If the description contains spaces, enclose the complete description text in double quotation marks.

enable

Enables or disables the account.

true: (Default) Enables the account.
false: Disables the account. A user whose account is disabled cannot log in.

expire

Specifies the date on which the user account expires.

never: (Default) Does not specify a user account expiration date.
YYYY-MM-DD: Specifies the date on which the user account expires.

password password

Specifies the account password. To use the exclamation mark (!) character, either precede it with the escape character (\)—. secret\!password —or enclose the password within double quotes—"secret!password".

role role_name

Specifies the role assigned to the account.

encryption-level { 0 | 7 | 10 }

Specifies the password encryption level. The values are 0 (clear text), 7 (encrypted), and 10 (SHA512 hash). SHA512 hash is the default. If service password-encryption is enabled, it overrides a user-level setting.

acct-inactivity-expiry-period 1-180

Specifies the number of days an account is allowed to be inactive before it is disabled.

acct-inactivity-warning-period 1-120

The time duration (in days) after which warning will be generated prior to account getting disabled.

Modes

Global configuration mode

Usage Guidelines

This command can also be used to reset the default password for the system accounts, root, admin, and user.

The username must be of 1-40 characters. It must begin with a letter or underscore and contain only letters, numbers, underscore (_) and period(.) symbols. Username is case sensitive and cannot be the same as that of an existing role.

When creating a username, you must specify a password and a role. When modifying a username, it is sufficient to enter the username username command, followed by the new values.

The maximum number of user accounts on a device is 64.

Note

When configuring the expiry date for a user account, do not configure beyond 19th of January 2038 (2038-01-19). When you configure a date that is beyond this cut off date, the user account will not expire and the account will not get locked.

If a user's password, access time, or role is changed, any existing login sessions for that user are terminated.

To specify access-time, use the system time defined for the Extreme Networks operating system. For the current system time, use the show clock command.

To delete a user account, enter the no username with the name of the account to be deleted.

The system default accounts cannot be deleted. However, passwords for these accounts can expire. Password expiry will depend on the configuration of the password-attributes max-password-age configuration.

Note

This NOTE is applicable when upgrading from SLX-OS v 20.6.2 and below to the current SLX-OS version.

For the root account, to apply password expiry, you must use the no password-attributes max-password-age to remove the existing configuration. Then, use the password-attribute max-password-age command to set the desired password expiry configuration.

Examples

The following example configures a user account.

device# configure terminal 
device(config) # username testUser password ******** role user desc testUser

The following example modifies an existing user account.

device# configure terminal
device(config) # username testUser desc "add op test user"

The following example modifies an existing user account, restricting the hours that an existing user may be logged in from 08:00 AM through 06:00 PM.

device# configure terminal 
device(config) # username testUser access-time 0800 to 1800

The following example sets the expiry period for the account testUser to 120 days. It also configures warning period to 90 days. A warning log entry is generated after the account's inactivity (in number of days) crosses the configured warning period. The user account gets locked after the expiry period.

Ensure that the acct-inactivity-warning-period value is lesser than or equal to the period specified in the acct-inactivity-expiry-period setting.

device # configure terminal
device(config) # username testUser acct-inactivity-expiry-period 120 acct-inactivity-warning-period 90

The following example shows how to set the password and password expiry parameters for the system default account, the admin account.

device # configure terminal
device(config) # username admin password falsepassword desc admin-account expire 2025-12-31 role admin acct-inactivity-warning-period 20
device(config) # password-attributes max-password-age 200