Configuring a local user for a group
Local manager user logins and authorized command configuration are mutually exclusive with RADIUS or TACACS authentication and with RADIUS authorization and accounting.
To create a local user enter this command for the group with the appropriate authorizations.
Syntax:
aaa authorization local-user <username> group <group-name> password <plaintext|sha1> <password>
no aaa authorization local-user <username> group <group-name> password <plaintext|sha1> <password>
Defines a local user for a defined group.
local-user <password>
The local user being added to the authorization group. The username can have a maximum of 16 characters. It must not contain spaces and is case-sensitive.
group <group-name>
The authorization group the local user belongs to. The group must have been created already.
password <plaintext|sha1 <password>
The plaintext password string can have a maximum of 16 characters. It must not contain spaces and is case-sensitive.
You are not allowed to actually enter the plaintext password in-line as part of the command; you will be prompted for it. The password is obscured when you enter it. The password is obscured when you enter it. This is similar to entering the password for the manager or operator.
If
include-credentials is enabled, displaying the configuration shows the user passwords as SHA1 hash. If
include-credentials is not enabled, then no password information is shown.
If a user is assigned to a command group and the group is subsequently deleted, the user will have operator privileges.
Creating a local user for a group
switch(config)# aaa authentication local-user User1 group Redgroup password plaintext New password for User1: *******