Command Line Reference
Security Configuration
User Management
21 min
user view user view table 1 user view table 1 user view true 291,367#4283c7 unhandled content type #4283c7 unhandled content type unhandled content type unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type unhandled content type unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type show user policy show user policy \[command] show user policy \[purpose] show password strength enhancement policy \[view] privileged user view \[use cases] sonic 232# show user policy state expiration expiration warning history cnt len min reject user passw match lower class upper class digits class special class \ disabled 30 15 10 8 true true true true true show login policy show login policy \[command] show login policy \[purpose] show login security protection policy \[view] privileged user view \[use cases] sonic# show login policy + + + + + \| state | retry count | lock time | session hold time | +=========+===============+=============+=====================+ \| disable | 3 | 300 | 600 | + + + + + show privilege view show privilege view view name \[ command ] \[command] show privilege view view name \[ command ] \[purpose] show the privilege level of configuration views or commands \[parameters] true 116,542#4283c7 unhandled content type #4283c7 unhandled content type unhandled content type unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type \[view] privileged user view \[use cases] sonic# show privilege view enable view show version \ view\ enable view privilege\ show commands in this view privilege show version show show privilege rule show privilege rule \[command] show privilege rule \[purpose] show command privilege level rules \[view] privileged user view \[use cases] sonic# show privilege rule \ view cmd pattern privilege \ enable view show version show \ user config user config table 2 user config table 2 user config true 328,330#4283c7 unhandled content type #4283c7 unhandled content type unhandled content type unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type unhandled content type unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type unhandled content type unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type unhandled content type unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type unhandled content type unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type user user user name password \[command] user user name password \[purpose] add a new user and set the password \[parameters] true 329,329#4283c7 unhandled content type #4283c7 unhandled content type unhandled content type unhandled content type \[view] global configuration view \[notes] create a new user and set the password, using this user to log in will directly enter cisco like cli run command no user user name to delete user configuration \[use cases] sonic# configure terminal sonic(config)# user test1 password new password retype new password passwd password updated successfully log in to the switch under this user public\@asterfusion $ ssh test1\@10 250 0 161 test1\@10 250 0 161's password linux sonic 161 5 10 0 8 2 amd64 #1 smp debian 5 10 46 4 (2021 08 03) x86 64 / \ | | | \ | | / \ / | / \ / || | / \\| ' || \\| || | | |\\ \\ / \ \\ \\| | | /| | | |\ || | | | ) | / / \\ \\| / \\ | \\ || | | | \\ | \\ / | / \ asterfusion network operating system help http //www asterfusion com/ last login mon sep 15 05 59 13 2025 from 10 250 0 240 sonic# user user user name privilege level level \[command] user user name privilege level level \[purpose] configure user privilege level \[parameters] true 112,546#4283c7 unhandled content type #4283c7 unhandled content type unhandled content type unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type \[view] global configuration view \[use cases] sonic# configure terminal sonic(confnig)# user us1 privilege level config user policy security enhance user policy security enhance \[command] user policy security enhance \[purpose] enable password strength enhancement strategy \[view] global configuration view \[notes] run command no user policy security enhance to disable password strength enhancement strategy \[use cases] sonic# configure terminal sonic(config)# user policy security enhance user policy password expiration user policy password expiration time \[command] user policy password expiration time \[purpose] configure password expiration time \[parameters] true 118,540#4283c7 unhandled content type #4283c7 unhandled content type unhandled content type unhandled content type \[view] global configuration view \[notes] when the password strength enhancement policy is enabled, newly created users will be asked to change their password when the configured password expires run command no user policy password expiration to restore the password expiration time to the default value \[use cases] sonic# configure terminal sonic(config)# user policy password expiration 30 user policy password min len user policy password min len length \[command] user policy password min len length \[purpose] configure minimum password length \[parameters] true 154,504#4283c7 unhandled content type #4283c7 unhandled content type unhandled content type unhandled content type \[view] global configuration view \[notes] when the password strength enhancement strategy is enabled, create a new user,and require the password length to meet the minimum password length run command no user policy min len to restore the minimum password length to the default value \[use cases] sonic# configure terminal sonic(config)# user policy password min len 6 user policy login enable user policy login enable \[command] user policy login enable \[purpose] enable login security protection policy \[view] global configuration view \[notes] run command user policy login disable to disable login security protection policy \[use cases] sonic# configure terminal sonic(config)# user policy login enable user policy login lock time user policy login lock time time \[command] user policy login lock time time \[purpose] configure user login retry lock time \[parameters] true 135,523#4283c7 unhandled content type #4283c7 unhandled content type unhandled content type unhandled content type \[view] global configuration view \[notes] run command no user policy login lock time to restore the lock time to its default value \[use cases] sonic# configure terminal sonic(config)# user policy login lock time 100 user policy login retry count user policy login retry count count \[command] user policy login retry count count \[purpose] configure the number of user login retry \[parameters] true 149,509#4283c7 unhandled content type #4283c7 unhandled content type unhandled content type unhandled content type \[view] global configuration view \[notes] under the login security policy, when the number of failed login attempts reaches the retry limit, the account will enter a login retry lockout period during this time, even if the username and password are correct, the user will not be able to log in successfully after the lockout period expires, the user can attempt to login again run command no user policy retry count to restore the retry count to its default value \[use cases] sonic# configure terminal sonic(config)# user policy login retry count 5 user policy login session hold time user policy login session hold time time \[command] user policy login session hold time time \[purpose] configure user session duration \[parameters] true 107,551#4283c7 unhandled content type #4283c7 unhandled content type unhandled content type unhandled content type \[view] global configuration view \[notes] run command no user policy login session hold time to restore the session hold time to its default value \[use cases] sonic# configure terminal sonic(config)# user policy login session hold time 1000 cmd privilege level cmd privilege level level view view name command \[command] cmd privilege level level view view name command \[purpose] configure command privilege level \[parameters] true 123,535#4283c7 unhandled content type #4283c7 unhandled content type unhandled content type unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type unhandled content type unhandled content type \[view] global configuration view \[notes] run command nocmd privilege level privilege view view name command to delete command permissions for configuration \[use cases] sonic# configure terminal sonic(config)# cmd privilege level none view enable view show version
