No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
display authentication-profile configuration

display authentication-profile configuration

Function

The display authentication-profile configuration command displays the configuration of an authentication profile.

Format

display authentication-profile configuration [ name authentication-profile-name ]

Parameters

Parameter

Description

Value

name authentication-profile-name

Displays the configuration of a specified authentication profile.

If name authentication-profile-name is not specified, the device displays all the authentication profiles configured on the device.

The value must be the name of an existing authentication profile.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

After configuring an authentication profile, you can run this command to check whether the configuration is correct.

The built-in authentication profile default_authen_profile is not counted in the configuration specification.

Example

# Display all the authentication profiles configured on the device.

<Huawei> display authentication-profile configuration
------------------------------------------------------------------------------- 
    ID        Auth-profile name                                                 
------------------------------------------------------------------------------- 
     0        default_authen_profile                                            
     1        dot1x_authen_profile                                              
     2        mac_authen_profile                                                
     3        portal_authen_profile                                             
     4        macportal_authen_profile                                          
------------------------------------------------------------------------------- 
    Total 5, printed 5   
Table 26-41  Description of the display authentication-profile configuration command output

Item

Description

ID

Authentication profile ID.

Auth-profile name

Authentication profile name.

# Display the configuration of the authentication profile p1.

<Huawei> display authentication-profile configuration name p1
  Profile name                                : p1                         
  Dot1x access profile name                   : -                               
  Mac access profile name                     : -                               
  Portal access profile name                  : -                               
  Free rule template                          : -                               
  Force domain                                : -                               
  Dot1x force domain                          : -                               
  Mac-authen force domain                     : -                               
  Portal force domain                         : -                               
  Default domain                              : -                               
  Dot1x default domain                        : -                               
  Mac-authen default domain                   : -                               
  Portal default domain                       : -                               
  Permit domain                               : -                               
  Authentication-scheme name                  : -                                                
  Accounting-scheme name                      : -                                                
  Authorization-scheme name                   : -                                                
  Service-scheme name                         : -                                                
  RADIUS-server template                      : -                                                
  HWTACACS-server template                    : -                                                
  User-group                                  : -                                                
  Flow-statistic                              : Disable                                          
  Force-push Url-address                      : www.huawei.com                  
  Force-push Url-template                     : -                               
  Auth-fail re-auth period                    : 0s                              
  Pre-auth re-auth period                     : 0s                              
  Dot1x-mac-bypass                            : Disable                         
  Single-access                               : Enable                          
  Device-type authorize service-scheme        : -                               
  Authentication mode                         : multi-authen                    
  Authen-fail authorize service-scheme        : -                               
  Authen-server-down authorize service-scheme : -                               
  Pre-authen authorize service-scheme         : -                               
  Security-name-delimiter                     : -                               
  Domain-name-delimiter                       : -                               
  Domain-location                             : -                               
  Domainname-parse-direction                  : -                               
  Bound vap profile                           : -                               
  SVF flag                                    : Disable                         
  Ip-static-user                              : Disable                         
  Roam-realtime-accounting                    : Enable                          
  Update-IP-realtime-accounting               : Enable  
  IP-address in-accounting-start              : Enable
  IP-address arp-delay                        : Enable 
  Portal-IP-trigger                           : Disable 
  Update-session-mode                         : Disable 
  Termination action                          : reauthenticate 
  Update-Info-realtime-accounting             : Enable 
  IP Conflict Check Flag                      : Y 
  Authentication roam pre-authen mac-authen   : Enable 
Table 26-42  Description of the display authentication-profile configuration name command output

Item

Description

Profile name

Authentication profile name.

Dot1x access profile name

802.1X access profile bound to the authentication profile.

To configure an 802.1X access profile, run the dot1x-access-profile (authentication profile view) command.

Mac access profile name

MAC access profile bound to the authentication profile.

To configure a MAC access profile, run the mac-access-profile (authentication profile view) command.

Portal access profile name

Portal access profile bound to the authentication profile.

To configure a Portal access profile, run the portal-access-profile (authentication profile view) command.

Free rule template

Authentication-free rule profile bound to the authentication profile.

To configure an authentication-free rule profile, run the free-rule-template (authentication profile view) command.

Force domain

Forcible domain for users.

To configure a forcible domain, run the access-domain command.

Dot1x force domain

Forcible domain for 802.1X authentication users.

To configure a forcible domain for 802.1X authentication users, run the access-domain command.

Mac-authen force domain

Forcible domain for MAC address authentication users.

To configure a forcible domain for MAC address authentication users, run the access-domain command.

Portal force domain

Forcible domain for Portal authentication users.

To configure a forcible domain for Portal authentication users, run the access-domain command.

Default domain

Default domain for users.

To configure a default domain for users, run the access-domain command.

Dot1x default domain

Default domain for 802.1X authentication users.

To configure a default domain for 802.1X authentication users, run the access-domain command.

Mac-authen default domain

Default domain for MAC address authentication users.

To configure a default domain for MAC address authentication users, run the access-domain command.

Portal default domain

Default domain for Portal authentication users.

To configure a default domain for Portal authentication users, run the access-domain command.

Permit domain

Permitted domain for users.

To configure a permitted domain, run the permit-domain command.

Authentication-scheme name

Authentication scheme bound to the authentication profile.

To configure an authentication scheme, run the authentication-scheme (authentication profile view) command.

Accounting-scheme name

Accounting scheme bound to the authentication profile.

To configure an accounting scheme, run the accounting-scheme (authentication profile view) command.

Authorization-scheme name

Authorization scheme bound to the authentication profile.

To configure an authorization scheme, run the authorization-scheme (authentication profile view) command.

Service-scheme name

Service scheme bound to the authentication profile.

To configure a service scheme, run the authorize command.

RADIUS-server template

RADIUS server template bound to the authentication profile.

To configure a RADIUS server template, run the radius-server (authentication profile view) command.

HWTACACS-server template

HWTACACS server template bound to the authentication profile.

To configure an HWTACACS server template, run the hwtacacs-server (authentication profile view) command.

User-group

User group bound to the authentication profile.

To configure a user group, run the authorize command.

Flow-statistic

Whether traffic statistics collection is enabled.

  • Enable
  • Disable
Force-push Url-address

Pushed URL bound to the authentication profile.

To configure a pushed URL, run the force-push command.

Force-push Url-template

Pushed URL profile bound to the authentication profile.

To configure a pushed URL profile, run the force-push command.

Auth-fail re-auth period

Interval for re-authenticating users who fail to be authenticated.

Pre-auth re-auth period

Interval for re-authenticating pre-connection users.

Dot1x-mac-bypass

Whether MAC address bypass authentication is enabled.

  • Enable
  • Disable

Single-access

Whether the device allows users to access in only one authentication mode.

To configure the function, run the authentication single-access command.

Device-type authorize service-scheme

Name of the service scheme based on which the device assigns network access rights to voice terminals that are not authenticated.

Authentication mode

User access mode.

Authen-fail authorize service-scheme

Name of the service scheme based on which the device assigns network access rights to users who fail to be authenticated.

Authen-server-down authorize service-scheme

Name of the service scheme based on which the device assigns network access rights to users when the authentication server is Down.

Pre-authen authorize service-scheme

Name of the service scheme based on which the device assigns network access rights to users who are in the pre-connection state.

Security-name-delimiter

Security string delimiter.

To configure the delimiter, run the security-name-delimiter command.

Domain-name-delimiter

Domain name delimiter.

To configure the delimiter, run the domain-name-delimiter command.

Domain-location

Domain name location.

To configure the location, run the domain-location command.

Domainname-parse-direction

Domain name resolution direction.

To configure the direction, run the domainname-parse-direction command.

Bound vap profile

VAP profile to which the authentication profile is bound.

To configure the VAP profile, run the authentication-profile (VAP profile view) command.

SVF flag

The flag of SVF status.

  • Enable
  • Disable

Ip-static-user

Whether the function of identifying static users through IP addresses is enabled.

  • Enable
  • Disable

Roam-realtime-accounting

Whether a device is enabled to send accounting packets for roaming.

  • Enable
  • Disable

To configure the function, run the authentication { roam-accounting | update-info-accounting | update-ip-accounting } * enable command.

Update-IP-realtime-accounting

Whether a device is enabled to send accounting packets for address updating.

  • Enable
  • Disable

To configure the function, run the authentication { roam-accounting | update-info-accounting | update-ip-accounting } * enable command.

IP-address in-accounting-start

Whether the function of carrying users' IP addresses in Accounting-Start packets is enabled.

  • Enable
  • Disable

To configure the function, run the authentication ip-address in-accounting-start command.

IP-address arp-delay

Whether to enable the device to permit ARP packets after receiving accounting-start response packets.

  • Enable
  • Disable

To configure the function, run the authentication ip-address in-accounting-start command.

Update-session-mode

Whether to use the accounting session update mode during roaming accounting.

  • Enable
  • Disable

To configure the function, run the authentication roam-accounting update-session-mode.

Portal-IP-trigger

Whether the fast Portal authentication function is enabled.

  • Enable
  • Disable

To configure the function, run the authentication portal-ip-trigger command.

LDAP-server template LDAP server template bound to the authentication profile.
AD-server template AD server template bound to the authentication profile.
Termination action Action that the device takes when the timeout period specified by the Session-Timeout attribute delivered by the RADIUS server expires.
  • reauthenticate

To configure the function, run the authentication termination-action reauthenticate command.

Update-Info-realtime-accounting

Whether a device is enabled to send accounting packets for terminal information updates.

  • Enable
  • Disable

To configure the function, run the authentication { roam-accounting | update-info-accounting | update-ip-accounting } * enable command.

IP Conflict Check Flag

Whether or not the device is enabled the client IP address detection function.

  • Y
  • N

To configure the function, run the authentication ip-conflict-check enable command.

Authentication roam pre-authen mac-authen

Whether to enable MAC address authentication for roaming STAs.

  • Enable
  • Disable

To configure this function, run the authentication roam pre-authen mac-authen enable command.

Translation
Download
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 203020

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next