No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Fit AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
display security-profile

display security-profile


The display security-profile command displays configuration and reference information about a security profile.


Only branch APs support this command.


display security-profile { all | name profile-name }






Displays information about all security profiles.


name profile-name

Displays information about a specified security profile.

The security profile must exist.


All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the command to view configuration and reference information about a specified security profile or all security profiles.


# Display configurations of all security profiles.

<Huawei> display security-profile all
Profile name                   Reference
default                        1
default-wds                    1
default-mesh                   1
security-profile1              0
Total: 3
Table 11-2  Description of the display security-profile all command output



Profile name

Name of the security profile.


Number of times a security profile is referenced.

# Display information about the security profile default.

<Huawei> display security-profile name default
Security policy               : Open system
Encryption                    : -
WEP's configuration
Key 0                         : *****
Key 1                         : *****
Key 2                         : *****
Key 3                         : *****
Default key ID                : 0
WPA/WPA2's configuration
PTK update                    : disable
PTK update interval(s)        : 43200
WAPI's configuration
CA certificate filename       : -
ASU certificate filename      : -
AC certificate filename       : -
AC private key filename       : -
Authentication server IP      : -
WAI timeout(s)                : 60
BK update interval(s)         : 43200
BK lifetime threshold(%)      : 70
USK update method             : Time-based
USK update interval(s)        : 86400
MSK update method             : Time-based
MSK update interval(s)        : 86400
Cert auth retrans count       : 3
USK negotiate retrans count   : 3
MSK negotiate retrans count   : 3
Table 11-3  Description of the display security-profile name command output



Security policy
Security policy. The following security policies are supported:
  • Open system: open system authentication
  • Share key: WEP Shared Key
  • WPA 802.1X
  • WPA2 802.1X
  • WPA-WPA2 802.1X
  • WPA PSK: WPA Pre-Shared Key
  • WPA2 PSK: WPA2 Pre-Shared Key
  • WPA-WPA2 PSK: WPA-WPA2 Pre-Shared Key
  • WAPI PSK: WAPI Pre-Shared Key
  • WAPI certificate

Encryption mode. The following encryption modes are supported: TKIP, AES, AES-TKIP, WEP-40, WEP-104, WEP-128, and SMS4. WAPI encryption uses SMS4.


Whether the Protected Management Frame (PMF) function of a VAP is enabled.

  • disable: This function is disabled.
  • optional: This function is enabled in optional mode.
  • mandatory: This function is forcibly enabled.

This line is displayed in the command output only when the authentication and encryption mode is WPA2-AES.

Key key-id

Key ID.

Default key ID

Default key ID.

PTK update

Whether to enable periodic PTK update in WPA, WPA2 or WPA-WPA2 authentication and encryption.

  • enable: Enables periodic PTK update.
  • disable: Disables periodic PTK update.
PTK update interval(s)

The interval for updating PTKs in WPA, WPA2 or WPA-WPA2 authentication and encryption. The value is an integer in seconds.

CA certificate filename

CA certificate file name.

ASU certificate filename

File name of the authentication server unit (ASU) certificate.

AC certificate filename

AC certificate file name.

AC private key filename

AC private key file name.

Authentication server IP

IP address of the ASU certificate server.

WAI timeout(s)

Timeout period of an association.

BK update interval(s)

Interval for updating the base key (BK).

BK lifetime threshold(%)

Threshold for triggering BK update.

USK update method

Whether the USK is updated based on a time interval or a packet count.

USK update interval(s)

Time-based interval for updating the unicast session key (USK).

MSK update method

Whether the MSK is updated based on a time interval or a packet count.

MSK update interval(s)

Time-based interval for updating the MBMS service key (MSK).

Cert auth retrans count

Number of retransmissions of certificate authentication packets.

USK negotiate retrans count

Number of retransmissions of USK negotiation packets.

MSK negotiate retrans count

Number of retransmissions of MSK negotiation packets.

Updated: 2019-07-18

Document ID: EDOC1100064353

Views: 153212

Downloads: 125

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next