Skip to main content
Viptela is now part of Cisco.
Support
Product Documentation
Viptela Documentation

user

system aaa user—Configure a login account for each user who can access the local Viptela device, assigning the user a login name and a password and placing them into an authorization group.

Only a user who is logged in as the admin user has permission to create login accounts for users.

If an admin user changes the privileges of a user by changing their group, and if that user is currently logged in to the device, the user is logged out and must log back in again.

vManage Feature Template

For all Viptela devices:

Configuration ► Templates ► AAA

Command Hierarchy

systemaaa
    user username      
      group group-name      
      password password  

Options

Authorization Group
group group-name
Name of an authorization group configured with the usergroup command. You must assign the user to one or more groups.
Username
user-name
Name for the user. In Releases 17.1 and later, username can be 1 to 128 characters long, and it must start with a letter. The name can contain only lowercase letters, the digits 0 through 9, hyphens (-), underscores (_), and periods (.). The name cannot contain any uppercase letters. In Releases 16.3 and earlier, username can be 1 to 32 characters long, and it must start with a letter. The name can contain only lowercase letters, the digits 0 through 9, and the hyphen (-) and underscore (_) characters. The name cannot contain any uppercase letters. The Viptela software provides one standard username, admin, which is a superuser who has read and write permissions to all commands and operations on the device.
The following usernames are reserved, so you cannot configure them: backup, basic, bin, daemon, games, gnats, irc, list, lp, mail, man, news, nobody, proxy, quagga, root, sshd, sync, sys, uucp, and www-data. Also, names that start with viptela-reserved are reserved.
If a remote server validates authentication and that user is not configured locally, the user is logged in to the vshell as the user "basic", with a home directory of /home/basic. If a remote server validates authentication and that user is configured locally, the user is logged in to the vshell under their local username (say, eve) with a home direction of /home/username (so, /home/eve).
User Password
password password
Password for the user. password is an MD5 digest string, and it can contain any Unicode and ISO/IEC 10646 characters, including tabs, carriage returns, and linefeeds. For more information, see Section 9.4 in RFC 7950, The YANG 1.1 Data Modeling Language.
Each username is required to have a password, and each user is allowed to change their own password.
After you type the password during the CLI configuration process, the string is immediately encrypted and a readable version of the password is never displayed. When you type the password in the vManage AAA feature template, a readable version is never displayed.
When a user is logging in to a Viptela device, they have five chances to enter the correct password. After the fifth incorrect attempt, the user is locked out of the device, and they must wait 15 minutes before attempting to log in again.

Operational Commands

show aaa usergroup
show users

Example

Configure a user whose role is to be a system operator:

Viptela# config
Entering configuration mode terminal
Viptela(config)# system aaa
vedge-1(config-aaa)# user eve   
Viptela(config-user-eve)# password 123456
Viptela(config-user-eve)# group operator
Viptela(config-user-eve)# exit
Viptela(config-aaa)# show configuration 
system
 aaa
  user eve
   password encrypted-password
   group    operator
  !
 !
!

Release Information

Command introduced in Viptela Software Release 14.1.
In Release 17.1, increase maximum group name to 128 characters and support periods (.) in group name.

Additional Information

See the Configuring User Access and Authentication and Role-Based Access with AAA articles for your software release.
auth-fallback
auth-order
radius
tacacs
usergroup

  • Was this article helpful?