User accounts are used to access the system. You can configure up to 48 local user accounts. Each user account must have a unique username and password.
The admin account is a default user account and cannot be modified or deleted. This account is the system administrator or superuser account and has full privileges. There is no default password assigned to the admin account; you must choose the password during the initial system setup.
The admin account is always active and does not expire. You cannot configure the admin account as inactive.
Locally Authenticated User Accounts
A locally authenticated user account is authenticated directly through the chassis and can be enabled or disabled by anyone with admin or AAA privileges. Once a local user account is disabled, the user cannot log in. Configuration details for disabled local user accounts are not deleted by the database. If you reenable a disabled local user account, the account becomes active again with the existing configuration; however, the account password must be reset.
Remotely Authenticated User Accounts
A remotely authenticated user account is any user account that is authenticated through LDAP, RADIUS, or TACACS+.
If a user maintains a local user account and a remote user account simultaneously, the roles defined in the local user account override those maintained in the remote user account.
See the following topics for more information on guidelines for remote authentication, and how to configure and delete remote authentication providers:
Expiration of User Accounts
You can configure user accounts to expire at a predefined time. When the expiration time is reached, the user account is disabled.
By default, user accounts do not expire.
After you configure a user account with an expiration date, you cannot reconfigure the account to not expire. You can, however, configure the account with the latest expiration date available.