name |
Hostname, server name, user ID, or command name. The name argument can be only one word. Blank spaces and quotation marks are not allowed. |
aaa attribute list aaa-list-name |
Uses the specified authentication, authorization, and accounting (AAA) method list. |
access-class access-list-number |
(Optional) Specifies an outgoing access list that overrides the access list specified in the access-class command available in line configuration mode. It is used for the duration of the user’s session. |
autocommand command |
(Optional) Causes the specified command to be issued automatically after the user logs in. When the command is complete, the session is terminated. Because the command can be any length and can contain embedded spaces, commands using the autocommand keyword must be the last option on the line. |
callback-dialstring telephone-number |
(Optional) For asynchronous callback only: permits you to specify a telephone number to pass to the DCE device. |
callback-line line-number |
(Optional) For asynchronous callback only: relative number of the terminal line (or the first line in a contiguous group) on which you enable a specific username for callback. Numbering begins with zero. |
ending-line-number |
(Optional) Relative number of the last line in a contiguous group on which you want to enable a specific username for callback. If you omit the keyword (such as tty), then line-number and ending-line-number are absolute rather than relative line numbers. |
tty |
(Optional) For asynchronous callback only: standard asynchronous line. |
callback-rotary rotary-group-number |
(Optional) For asynchronous callback only: permits you to specify a rotary group number on which you want to enable a specific username for callback. The next available line in the rotary group is selected. Range: 1 to 100. |
dnis |
Does not require a password when obtained via Dialed Number Identification Service (DNIS). |
mac |
Allows a MAC address to be used as the username for MAC filtering done locally. |
nocallback-verify |
(Optional) Specifies that the authentication is not required for EXEC callback on the specified line. |
noescape |
(Optional) Prevents a user from using an escape character on the host to which that user is connected. |
nohangup |
(Optional) Prevents Cisco IOS software from disconnecting the user after an automatic command (set up with the autocommand keyword) has completed. Instead, the user gets another EXEC prompt. |
nopassword |
No password is required for this user to log in. This is usually the most useful keyword to use in combination with the autocommand keyword. |
password |
Specifies the password to access the name argument. A password must be from 1 to 25 characters, can contain embedded spaces, and must be the last option specified in the username command. |
password |
Password that a user enters. |
encryption-type |
Single-digit number that defines whether the text immediately following is encrypted and if so, what type of encryption is used. Defined encryption types are 0, which means that the text immediately following is not encrypted, and 7, which means that the text is encrypted using a Cisco-defined encryption algorithm. |
encrypted-password |
Encrypted password that a user enters. |
one-time |
Specifies that the username and password is valid for only one time. This configuration is used to prevent default credentials from remaining in user configurations. |
0 |
Specifies that an unencrypted password or secret (depending on the configuration) follows. |
7 |
Specifies that a hidden password follows. |
5 |
Specifies that a hidden secret follows. |
secret |
Specifies a secret for the user. |
secret |
For Challenge Handshake Authentication Protocol (CHAP) authentication: specifies the secret for the local router or the remote device. The secret is encrypted when it is stored on the local router. The secret can consist of any string of up to 11 ASCII characters. There is no limit to the number of username and password combinations that can be specified, allowing any number of remote devices to be authenticated. |
privilege privilege-level |
(Optional) Sets the privilege level for the user. Range: 1 to 15. |
user-maxlinks number |
Maximum number of inbound links allowed for a user. |
lawful-intercept |
(Optional) Configures lawful intercept users on a Cisco device. |
name |
Hostname, server name, user ID, or command name. The name argument can be only one word. Blank spaces and quotation marks are not allowed. |
view view-name |
(Optional) For CLI view only: associates a CLI view name, which is specified with the parser view command, with the local AAA database. |
password password |
Password to access the CLI view. |