Command Line Reference
Security Configuration
User Management
21 min
user view user view table 1 user view table 1 user view command purpose show user policy show password strength enhancement policy show login policy show login security protection policy show privilege view view name \[ command ] show the privilege level of configuration views or commands show privilege rule show command privilege level rules show user policy show user policy \[command] show user policy \[purpose] show password strength enhancement policy \[view] privileged user view \[use cases] sonic 232# show user policy state expiration expiration warning history cnt len min reject user passw match lower class upper class digits class special class \ disabled 30 15 10 8 true true true true true show login policy show login policy \[command] show login policy \[purpose] show login security protection policy \[view] privileged user view \[use cases] sonic# show login policy + + + + + \| state | retry count | lock time | session hold time | +=========+===============+=============+=====================+ \| disable | 3 | 300 | 600 | + + + + + show privilege view show privilege view view name \[ command ] \[command] show privilege view view name \[ command ] \[purpose] show the privilege level of configuration views or commands \[parameters] parameter description view name configure view,use to query all view permissions(bfd peer view/bfd profile accelerate view/bfd profile view/bfd view/bgp evpn view/bgp evpn vni view/bgp ipv4 flowspec view/bgp ipv4 labeled unicast view/bgp ipv4 multicast view/bgp ipv4 unicast view/bgp ipv6 flowspec view/bgp ipv6 labeled unicast view/bgp ipv6 multicast view/bgp ipv6 view/bgp view/bgp vrf policy view/cluster cfg view/cluster info view/collector cfg view/config pmap c copp system policy view/configure acl nexthop group view/configure acl user defined view/configure acl view/configure arp to host view/configure buffer profile view/configure cmap view/configure dhcp relay view/configure diffservmap view/configure erspan mirror view/configure if view/configure lagif view/configure loif view/configure mclag view/configure mgmt view/configure mstp view/configure nat binding view/configure pmap c view/configure pmap copp copp system policy/configure pmap view/configure sla view/configure span mirror view/configure track view/configure traffic behavior view/configure view/configure vlan view/configure vlanif view/configure vxlanif view/configure wred view/dialout sub view/dialout dst view/enable view/configure roce view/grpc client view/interface view/isis view/keychain key view/keychain view/ospf view/ospf6 view/pbr map view/rip view/routemap view/vrf view) command commands, using to query all command permission levels in the view \[view] privileged user view \[use cases] sonic# show privilege view enable view show version \ view\ enable view privilege\ show commands in this view privilege show version show show privilege rule show privilege rule \[command] show privilege rule \[purpose] show command privilege level rules \[view] privileged user view \[use cases] sonic# show privilege rule \ view cmd pattern privilege \ enable view show version show \ user config user config table 2 user config table 2 user config command purpose user user name password add new users and configure passwords user user name privilege level level configure user privilege level user policy security enhance enable password strength enhancement strategy user policy password expiration time configure password expiration time user policy password min len length configure minimum password length user policy login enable enable login security protection policy user policy login lock time time configure user login retry lock time user policy login retry count count configure the number of user login retry user policy login session hold time time configure user session duration cmd privilege level level view view name command configure command privilege level user user user name password \[command] user user name password \[purpose] add a new user and set the password \[parameters] parameter description user name username \[view] global configuration view \[notes] create a new user and set the password, using this user to log in will directly enter cisco like cli run command no user user name to delete user configuration \[use cases] sonic# configure terminal sonic(config)# user test1 password new password retype new password passwd password updated successfully log in to the switch under this user public\@asterfusion $ ssh test1\@10 250 0 161 test1\@10 250 0 161's password linux sonic 161 5 10 0 8 2 amd64 #1 smp debian 5 10 46 4 (2021 08 03) x86 64 / \ | | | \ | | / \ / | / \ / || | / \\| ' || \\| || | | |\\ \\ / \ \\ \\| | | /| | | |\ || | | | ) | / / \\ \\| / \\ | \\ || | | | \\ | \\ / | / \ asterfusion network operating system help http //www asterfusion com/ last login mon sep 15 05 59 13 2025 from 10 250 0 240 sonic# user user user name privilege level level \[command] user user name privilege level level \[purpose] configure user privilege level \[parameters] parameter description user name username level privilege level, there are four levels of permissions,none level, show level, config level, and sys admin level users at different levels have different permissions to run commands, with none level having the lowest permissions and sys admin level having the highest permissions \[view] global configuration view \[use cases] sonic# configure terminal sonic(confnig)# user us1 privilege level config user policy security enhance user policy security enhance \[command] user policy security enhance \[purpose] enable password strength enhancement strategy \[view] global configuration view \[notes] run command no user policy security enhance to disable password strength enhancement strategy \[use cases] sonic# configure terminal sonic(config)# user policy security enhance user policy password expiration user policy password expiration time \[command] user policy password expiration time \[purpose] configure password expiration time \[parameters] parameter description time password expiration time, measured in days, with a range of 30 365 days and a default value is 180 days \[view] global configuration view \[notes] when the password strength enhancement policy is enabled, newly created users will be asked to change their password when the configured password expires run command no user policy password expiration to restore the password expiration time to the default value \[use cases] sonic# configure terminal sonic(config)# user policy password expiration 30 user policy password min len user policy password min len length \[command] user policy password min len length \[purpose] configure minimum password length \[parameters] parameter description length the minimum password length ranges from 6 to 32, with a default value of 8 \[view] global configuration view \[notes] when the password strength enhancement strategy is enabled, create a new user,and require the password length to meet the minimum password length run command no user policy min len to restore the minimum password length to the default value \[use cases] sonic# configure terminal sonic(config)# user policy password min len 6 user policy login enable user policy login enable \[command] user policy login enable \[purpose] enable login security protection policy \[view] global configuration view \[notes] run command user policy login disable to disable login security protection policy \[use cases] sonic# configure terminal sonic(config)# user policy login enable user policy login lock time user policy login lock time time \[command] user policy login lock time time \[purpose] configure user login retry lock time \[parameters] parameter description time lock time in seconds, the range is from 60 to9999, the default value is 300 \[view] global configuration view \[notes] run command no user policy login lock time to restore the lock time to its default value \[use cases] sonic# configure terminal sonic(config)# user policy login lock time 100 user policy login retry count user policy login retry count count \[command] user policy login retry count count \[purpose] configure the number of user login retry \[parameters] parameter description count retry count,the range is from 2 to99, the default value is 3 \[view] global configuration view \[notes] under the login security policy, when the number of failed login attempts reaches the retry limit, the account will enter a login retry lockout period during this time, even if the username and password are correct, the user will not be able to log in successfully after the lockout period expires, the user can attempt to login again run command no user policy retry count to restore the retry count to its default value \[use cases] sonic# configure terminal sonic(config)# user policy login retry count 5 user policy login session hold time user policy login session hold time time \[command] user policy login session hold time time \[purpose] configure user session duration \[parameters] parameter description time session hold time, with values ranging from 0 0r 60 to 99999, in seconds, the default value is 600, a value of 0 indicates that the session will remain active and will not automatically exit \[view] global configuration view \[notes] run command no user policy login session hold time to restore the session hold time to its default value \[use cases] sonic# configure terminal sonic(config)# user policy login session hold time 1000 cmd privilege level cmd privilege level level view view name command \[command] cmd privilege level level view view name command \[purpose] configure command privilege level \[parameters] parameter description level privilege level, there are four levels of permissions,none level, show level, config level, and sys admin level users at different levels have different permissions to run commands, with none level having the lowest permissions and sys admin level having the highest permissions view name configure view(bfd peer view/bfd profile accelerate view/bfd profile view/bfd view/bgp evpn view/bgp evpn vni view/bgp ipv4 flowspec view/bgp ipv4 labeled unicast view/bgp ipv4 multicast view/bgp ipv4 unicast view/bgp ipv6 flowspec view/bgp ipv6 labeled unicast view/bgp ipv6 multicast view/bgp ipv6 view/bgp view/bgp vrf policy view/cluster cfg view/cluster info view/collector cfg view/config pmap c copp system policy view/configure acl nexthop group view/configure acl user defined view/configure acl view/configure arp to host view/configure buffer profile view/configure cmap view/configure dhcp relay view/configure diffservmap view/configure erspan mirror view/configure if view/configure lagif view/configure loif view/configure mclag view/configure mgmt view/configure mstp view/configure nat binding view/configure pmap c view/configure pmap copp copp system policy/configure pmap view/configure sla view/configure span mirror view/configure track view/configure traffic behavior view/configure view/configure vlan view/configure vlanif view/configure vxlanif view/configure wred view/dialout sub view/dialout dst view/configure roce view/enable view/grpc client view/interface view/isis view/keychain key view/keychain view/ospf view/ospf6 view/pbr map view/rip view/routemap view/vrf view) command command, match with the longest prefix to take effect \[view] global configuration view \[notes] run command nocmd privilege level privilege view view name command to delete command permissions for configuration \[use cases] sonic# configure terminal sonic(config)# cmd privilege level none view enable view show version
