Configuring a local user for a group

Local manager user logins and authorized command configuration are mutually exclusive with RADIUS or TACACS authentication and with RADIUS authorization and accounting.

To create a local user enter this command for the group with the appropriate authorizations.

Syntax


aaa authentication local-user <username> group <group-name> password <plaintext|sha1 <password>
no aaa authentication local-user <username> group <group-name> password <plaintext|sha1 <password>
    

Defines a local user for a defined group.

local-user username

The local user being added to the authorization group. The user name can have a maximum of 16 characters. It must not contain spaces and is case-sensitive.

group group-name

The authorization group the local user belongs to. The group must have been created already.

password<plaintext|sha1 password

The plaintext password string can have a maximum of 16 characters. It must not contain spaces and is case-sensitive.

NOTE:

You are not allowed to actually enter the plaintext password in-line as part of the command. You are prompted for it. The password is obscured when you enter it. The password is obscured when you enter it. This is similar to entering the password for the manager or operator.

If include-credentials is enabled, displaying the configuration shows the user passwords as SHA1 hash. If include-credentials is not enabled, then no password information is shown.

If a user is assigned to a command group and the group is subsequently deleted, the user has operator privileges.

Creating a local user for a group