user password


user <USERNAME> password [ciphertext <CIPHERTEXT-PASSWORD> | plaintext <PLAINTEXT-PASSWORD>]


Changes a password for an account or enables the password for the admin account. When entered without either optional ciphertext or plaintext parameters, the cleartext password is prompted for twice, with the characters entered masked with "*" symbols.

Command context



Specifies the corresponding user name for the password you want to change.
Specifies a ciphertext password. No password prompts are provided and the ciphertext password is validated before the configuration is applied for the user. The variable <CIPHERTEXT-PASSWORD> is Base64 and is typically copied from another switch using the show running-config command output and then pasted into this command.
NOTE: The administrator cannot construct ciphertext passwords themselves. The ciphertext is only created by an ArubaOS-CX switch. The ciphertext is created by setting a password for a user with the user command. The ciphertext is available for copying from the show running-config output and pasting into the configuration on any other ArubaOS-CX switch. The target switch must have the same export password (default or otherwise) as the source switch.

Specifies the password without prompting. The password is visible as cleartext when entered but is encrypted thereafter. Note that command history does show the password as cleartext.




The admin account is available on the switch without a password by default. The password for the admin account must be enabled before the following can be used: REST, SNMP, SSH, and the web UI. Only users belonging to the administrators group can change the password of a user account.

Cleartext passwords (whether entered with prompting or entered directly) must:

  • Contain only ASCII characters from hexadecimal 21 to hexadecimal 7E [\x21-\x7E] (decimal 33 to 126). Spaces are not allowed. When the password is entered directly without prompting, the "?" symbol (hexadecimal 3F [\x3F] (decimal 63)) is not permitted.

  • Contain at most 32 characters.

  • Contain at least the number of characters configured (optionally) for minimum-password-length.

  • Not be blank. On a factory-default switch, the admin user has a blank password. If the admin user password is changed, it can only be reset to blank by reverting the switch to factory defaults.


    Only an administrator can change the password of a user assigned to the operators role.


Enabling (or changing) a cleartext password for admin:

switch(config)# user admin password
Changing password for user admin
Enter password:************
Confirm password:************

Changing the cleartext password for user chris, using direct entry without prompting:

switch(config)# user chris password plaintext PASSwordZQ#@67

Changing the ciphertext password for user alex (the ciphertext shown is a placeholder that must be replaced with actual ciphertext):

switch(config)# user alex password ciphertext XqYJ36...W83D4Y=