No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R013C00 Command Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
display security-profile

display security-profile

Function

The display security-profile command displays configuration and reference information about a security profile.

Format

display security-profile { all | name profile-name }

Parameters

Parameter

Description

Value

all

Displays information about all security profiles.

-

name profile-name

Displays information about a specified security profile.

The security profile must exist.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the command to view configuration and reference information about a specified security profile or all security profiles.

Example

# Display configurations of all security profiles.

<HUAWEI> display security-profile all
----------------------------------------------------------
Profile name                   Reference
----------------------------------------------------------
default                        1
default-wds                    1
default-mesh                   1
security-profile1              0
----------------------------------------------------------
Total: 3
Table 11-182  Description of the display security-profile all command output

Item

Description

Profile name

Name of the security profile.

Reference

Number of times a security profile is referenced.

# Display information about the security profile default.

<HUAWEI> display security-profile name default
------------------------------------------------------------
Security policy               : Open system
Encryption                    : -
------------------------------------------------------------
WEP's configuration
Key 0                         : *****
Key 1                         : *****
Key 2                         : *****
Key 3                         : *****
Default key ID                : 0
------------------------------------------------------------
WPA/WPA2's configuration
PTK update                    : disable
PTK update interval(s)        : 43200
------------------------------------------------------------
WAPI's configuration
CA certificate filename       : -
ASU certificate filename      : -
AC certificate filename       : -
AC private key filename       : -
WAPI source interface         : - 
Authentication server IP      : -
WAI timeout(s)                : 60
BK update interval(s)         : 43200
BK lifetime threshold(%)      : 70
USK update method             : Time-based
USK update interval(s)        : 86400
MSK update method             : Time-based
MSK update interval(s)        : 86400
Cert auth retrans count       : 3
USK negotiate retrans count   : 3
MSK negotiate retrans count   : 3
------------------------------------------------------------
Table 11-183  Description of the display security-profile name command output

Item

Description

Security policy
Security policy. The following security policies are supported:
  • Open system: open system authentication
  • Share key: WEP Shared Key
  • WEP 802.1x: Dynamic WEP
  • WPA 802.1X
  • WPA2 802.1X
  • WPA-WPA2 802.1X
  • WPA PSK: WPA Pre-Shared Key
  • WPA2 PSK: WPA2 Pre-Shared Key
  • WPA-WPA2 PSK: WPA-WPA2 Pre-Shared Key
  • WAPI PSK: WAPI Pre-Shared Key
  • WAPI certificate

To configure the parameter, run the security wep, security dot1x, security psk and security wapi commands.

Encryption

Encryption mode. The following encryption modes are supported: TKIP, AES, AES-TKIP, WEP-40, WEP-104, WEP-128, and SMS4. WAPI encryption uses SMS4.

To configure the parameter, run the wep key, security dot1x and security psk commands.

PMF

Whether the Protected Management Frame (PMF) function of a VAP is enabled.

  • disable: This function is disabled.
  • optional: This function is enabled in optional mode.
  • mandatory: This function is forcibly enabled.

This line is displayed in the command output only when the authentication and encryption mode is WPA2-AES.

To configure this function, run the pmf command.

Key key-id

Key ID.

To configure the parameter, run the wep key command.

Default key ID

Default key ID.

To configure the parameter, run the wep default-key command.

PTK update

Whether to enable periodic PTK update in WPA, WPA2 or WPA-WPA2 authentication and encryption.

  • enable: Enables periodic PTK update.
  • disable: Disables periodic PTK update.

To configure the parameter, run the wpa ptk-update enable command.

PTK update interval(s)

The interval for updating PTKs in WPA, WPA2 or WPA-WPA2 authentication and encryption. The value is an integer in seconds.

To configure the parameter, run the wpa ptk-update ptk-update-interval command.

CA certificate filename

CA certificate file name.

To configure the parameter, run the wapi import certificate command.

ASU certificate filename

File name of the authentication server unit (ASU) certificate.

To configure the parameter, run the wapi import certificate command.

AC certificate filename

AC certificate file name.

To configure the parameter, run the wapi import certificate command.

AC private key filename

AC private key file name.

To configure the parameter, run the wapi import private-key command.

WAPI source interface

WAPI source interface.

To configure the parameter, run the wapi source interface command.

Authentication server IP

IP address of the ASU certificate server.

To configure the parameter, run the wapi asu command.

WAI timeout(s)

Timeout period of an association.

To configure the parameter, run the wapi sa-timeout command.

BK update interval(s)

Interval for updating the base key (BK).

To configure the parameter, run the wapi bk command.

BK lifetime threshold(%)

Threshold for triggering BK update.

To configure the parameter, run the wapi bk command.

USK update method

Whether the USK is updated based on a time interval or a packet count.

To configure the parameter, run the wapi key-update command.

USK update interval(s)

Time-based interval for updating the unicast session key (USK).

To configure the parameter, run the wapi usk command.

MSK update method

Whether the MSK is updated based on a time interval or a packet count.

To configure the parameter, run the wapi key-update command.

MSK update interval(s)

Time-based interval for updating the MBMS service key (MSK).

To configure the parameter, run the wapi msk command.

Cert auth retrans count

Number of retransmissions of certificate authentication packets.

To configure the parameter, run the wapi cert-retrans-count command.

USK negotiate retrans count

Number of retransmissions of USK negotiation packets.

To configure the parameter, run the wapi usk command.

MSK negotiate retrans count

Number of retransmissions of MSK negotiation packets.

To configure the parameter, run the wapi msk command.

Translation
Download
Updated: 2019-04-09

Document ID: EDOC1100065659

Views: 122971

Downloads: 88

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next