display authentication-profile configuration
Function
The display authentication-profile configuration command displays the configuration of an authentication profile.
Parameters
Parameter |
Description |
Value |
|---|---|---|
| name authentication-profile-name | Displays the configuration of a specified authentication profile. If name authentication-profile-name is not specified, the device displays all the authentication profiles configured on the device. |
The value must be the name of an existing authentication profile. |
Usage Guidelines
After configuring an authentication profile, you can run this command to check whether the configuration is correct.
The built-in authentication profile default_authen_profile is not counted in the configuration specification.
Example
# Display all the authentication profiles configured on the device.
<AC6605> display authentication-profile configuration
-------------------------------------------------------------------------------
ID Auth-profile name
-------------------------------------------------------------------------------
0 default_authen_profile
1 dot1x_authen_profile
2 mac_authen_profile
3 portal_authen_profile
4 macportal_authen_profile
-------------------------------------------------------------------------------
Total 5, printed 5
Item |
Description |
|---|---|
ID |
Authentication profile ID. |
Auth-profile name |
Authentication profile name. |
# Display the configuration of the authentication profile p1.
<AC6605> display authentication-profile configuration name p1 Profile name : p1 Dot1x access profile name : - Mac access profile name : - Portal access profile name : - Free rule template : - Force domain : - Dot1x force domain : - Mac-authen force domain : - Portal force domain : - Default domain : - Dot1x default domain : - Mac-authen default domain : - Portal default domain : - Permit domain : - Authentication-scheme name : - Accounting-scheme name : - Authorization-scheme name : - Service-scheme name : - RADIUS-server template : - HWTACACS-server template : - User-group : - Flow-statistic : Disable Force-push Url-address : www.huawei.com Force-push Url-template : - Auth-fail re-auth period : 0s Pre-auth re-auth period : 0s Dot1x-mac-bypass : Disable Single-access : Enable Device-type authorize service-scheme : - Authentication mode : multi-authen Authen-fail authorize service-scheme : - Authen-server-down authorize service-scheme : - Pre-authen authorize service-scheme : - Security-name-delimiter : - Domain-name-delimiter : - Domain-location : - Domainname-parse-direction : - WLAN max user number : 512 Bound vap profile : - SVF flag : Disable Ip-static-user : Disable Roam-realtime-accounting : Enable Update-IP-realtime-accounting : Enable IP-address in-accounting-start : Enable IP-address arp-delay : Enable Portal-IP-trigger : Disable Update-session-mode : Disable Termination action : reauthenticate Update-Info-realtime-accounting : Enable No IP Check Flag : N IP Conflict Check Flag : Y Authentication roam pre-authen mac-authen : Enable
Item |
Description |
|---|---|
Profile name |
Authentication profile name. |
Dot1x access profile name |
802.1X access profile bound to the authentication profile. To configure an 802.1X access profile, run the dot1x-access-profile (authentication profile view) command. |
Mac access profile name |
MAC access profile bound to the authentication profile. To configure a MAC access profile, run the mac-access-profile (authentication profile view) command. |
Portal access profile name |
Portal access profile bound to the authentication profile. To configure a Portal access profile, run the portal-access-profile (authentication profile view) command. |
Free rule template |
Authentication-free rule profile bound to the authentication profile. To configure an authentication-free rule profile, run the free-rule-template (authentication profile view) command. |
Force domain |
Forcible domain for users. To configure a forcible domain, run the access-domain command. |
Dot1x force domain |
Forcible domain for 802.1X authentication users. To configure a forcible domain for 802.1X authentication users, run the access-domain command. |
Mac-authen force domain |
Forcible domain for MAC address authentication users. To configure a forcible domain for MAC address authentication users, run the access-domain command. |
Portal force domain |
Forcible domain for Portal authentication users. To configure a forcible domain for Portal authentication users, run the access-domain command. |
Default domain |
Default domain for users. To configure a default domain for users, run the access-domain command. |
Dot1x default domain |
Default domain for 802.1X authentication users. To configure a default domain for 802.1X authentication users, run the access-domain command. |
Mac-authen default domain |
Default domain for MAC address authentication users. To configure a default domain for MAC address authentication users, run the access-domain command. |
Portal default domain |
Default domain for Portal authentication users. To configure a default domain for Portal authentication users, run the access-domain command. |
Permit domain |
Permitted domain for users. To configure a permitted domain, run the permit-domain command. |
Authentication-scheme name |
Authentication scheme bound to the authentication profile. To configure an authentication scheme, run the authentication-scheme (authentication profile view) command. |
Accounting-scheme name |
Accounting scheme bound to the authentication profile. To configure an accounting scheme, run the accounting-scheme (authentication profile view) command. |
Authorization-scheme name |
Authorization scheme bound to the authentication profile. To configure an authorization scheme, run the authorization-scheme (authentication profile view) command. |
Service-scheme name |
Service scheme bound to the authentication profile. To configure a service scheme, run the authorize command. |
RADIUS-server template |
RADIUS server template bound to the authentication profile. To configure a RADIUS server template, run the radius-server (authentication profile view) command. |
HWTACACS-server template |
HWTACACS server template bound to the authentication profile. To configure an HWTACACS server template, run the hwtacacs-server (authentication profile view) command. |
User-group |
User group bound to the authentication profile. To configure a user group, run the authorize command. |
Flow-statistic |
Whether traffic statistics collection is enabled.
|
| Force-push Url-address | Pushed URL bound to the authentication profile. To configure a pushed URL, run the force-push command. |
| Force-push Url-template | Pushed URL profile bound to the authentication profile. To configure a pushed URL profile, run the force-push command. |
Auth-fail re-auth period |
Interval for re-authenticating users who fail to be authenticated. |
Pre-auth re-auth period |
Interval for re-authenticating pre-connection users. |
Dot1x-mac-bypass |
Whether MAC address bypass authentication is enabled.
|
Single-access |
Whether the device allows users to access in only one authentication mode. To configure the function, run the authentication single-access command. |
Device-type authorize service-scheme |
Name of the service scheme based on which the device assigns network access rights to voice terminals that are not authenticated. |
Authentication mode |
User access mode. |
Authen-fail authorize service-scheme |
Name of the service scheme based on which the device assigns network access rights to users who fail to be authenticated. |
Authen-server-down authorize service-scheme |
Name of the service scheme based on which the device assigns network access rights to users when the authentication server is Down. |
Pre-authen authorize service-scheme |
Name of the service scheme based on which the device assigns network access rights to users who are in the pre-connection state. |
Security-name-delimiter |
Security string delimiter. To configure the delimiter, run the security-name-delimiter command. |
Domain-name-delimiter |
Domain name delimiter. To configure the delimiter, run the domain-name-delimiter command. |
Domain-location |
Domain name location. To configure the location, run the domain-location command. |
Domainname-parse-direction |
Domain name resolution direction. To configure the direction, run the domainname-parse-direction command. |
WLAN max user number |
Maximum number of authenticated users allowed in a VAP profile. |
Bound vap profile |
VAP profile to which the authentication profile is bound. To configure the VAP profile, run the authentication-profile (VAP profile view) command. |
SVF flag |
The flag of SVF status.
|
Ip-static-user |
Whether the function of identifying static users through IP addresses is enabled.
|
Roam-realtime-accounting |
Whether a device is enabled to send accounting packets for roaming.
To configure the function, run the authentication { roam-accounting | update-info-accounting | update-ip-accounting } * enable command. |
Update-IP-realtime-accounting |
Whether a device is enabled to send accounting packets for address updating.
To configure the function, run the authentication { roam-accounting | update-info-accounting | update-ip-accounting } * enable command. |
IP-address in-accounting-start |
Whether the function of carrying users' IP addresses in Accounting-Start packets is enabled.
To configure the function, run the authentication ip-address in-accounting-start command. |
| IP-address arp-delay | Whether to enable the device to permit ARP packets after receiving accounting-start response packets.
To configure the function, run the authentication ip-address in-accounting-start command. |
| Update-session-mode | Whether to use the accounting session update mode during roaming accounting.
To configure the function, run the authentication roam-accounting update-session-mode. |
| Portal-IP-trigger | Whether the fast Portal authentication function is enabled.
To configure the function, run the authentication portal-ip-trigger command. |
| LDAP-server template | LDAP server template bound to the authentication profile. |
| AD-server template | AD server template bound to the authentication profile. |
| Termination action | Action that the device takes when the timeout period specified
by the Session-Timeout attribute delivered by the RADIUS server expires.
To configure the function, run the authentication termination-action reauthenticate command. |
| Update-Info-realtime-accounting | Whether a device is enabled to send accounting packets for terminal information updates.
To configure the function, run the authentication { roam-accounting | update-info-accounting | update-ip-accounting } * enable command. |
| No IP Check Flag | Whether or not the device is enabled does not create any IP hash tables for the client IP address.
To configure the function, run the authentication no-ip-check command. |
| IP Conflict Check Flag | Whether or not the device is enabled the client IP address detection function.
To configure the function, run the authentication ip-conflict-check enable command. |
| Authentication roam pre-authen mac-authen | Whether to enable MAC address authentication for roaming STAs.
To configure this function, run the authentication roam pre-authen mac-authen enable command. |
