Configuring User Accounts and RBAC
SUMMARY STEPS
1. configure terminal
2. (Optional) show role
3. username user-id [password [0 | 5] password] [expire date] [role role-name]
4. username user-id ssh-cert-dn dn-name {dsa | rsa}
5. exit
6. (Optional) show user-account
7. (Optional) copy running-config startup-config
DETAILED STEPS
Command or Action
Step 1
configure terminal
Example:
switch# configure terminal
switch(config)#
Step 2
(Optional) show role
Example:
switch(config)# show role
Step 3
username user-id [password [0 | 5] password] [expire
date] [role role-name]
Example:
switch(config)# username NewUser password 4Ty18Rnt
Step 4
username user-id ssh-cert-dn dn-name {dsa | rsa}
Example:
Purpose
Enters global configuration mode.
Displays the user roles available. You can configure other
user roles, if necessary.
Configures a user account. The user-id argument is a
case-sensitive, alphanumeric character string with a
maximum length of 28 characters. Valid characters are
uppercase letters A through Z, lowercase letters a through
z, numbers 0 through 9, hyphen (-), period (.), underscore
(_), plus sign (+), and equal sign (=). The at symbol (@) is
supported in remote usernames but not in local usernames.
Usernames must begin with an alphanumeric character.
The default password is undefined. The 0 option indicates
that the password is clear text, and the 5 option indicates
that the password is encrypted. The default is 0 (clear text).
Note
If you do not specify a password, the user might
not be able to log in to the Cisco NX-OS device.
If you create a user account with the encrypted
Note
password option, the corresponding SNMP user
will not be created.
The expire date option format is YYYY-MM-DD. The
default is no expiry date.
User accounts can have a maximum of 64 user roles.
Specifies an SSH X.509 certificate distinguished name and
DSA or RSA algorithm to use for authentication for an
existing user account. The distinguished name can be up to
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
Configuring User Accounts
161