display security-profile
Function
The display security-profile command displays configuration and reference information about a security profile.
Usage Guidelines
You can run the command to view configuration and reference information about a specified security profile or all security profiles.
Example
# Display configurations of all security profiles.
<HUAWEI> display security-profile all ---------------------------------------------------------- Profile name Reference ---------------------------------------------------------- default 1 default-wds 1 default-mesh 1 security-profile1 0 ---------------------------------------------------------- Total: 3
Item |
Description |
---|---|
Profile name |
Name of the security profile. |
Reference |
Number of times a security profile is referenced. |
# Display information about the security profile default.
<HUAWEI> display security-profile name default
------------------------------------------------------------
Security policy : Open system
Encryption : -
------------------------------------------------------------
WEP's configuration
Key 0 : *****
Key 1 : *****
Key 2 : *****
Key 3 : *****
Default key ID : 0
------------------------------------------------------------
WPA/WPA2's configuration
PTK update : disable
PTK update interval(s) : 43200
------------------------------------------------------------
WAPI's configuration
CA certificate filename : -
ASU certificate filename : -
AC certificate filename : -
AC private key filename : -
WAPI source interface : -
Authentication server IP : -
WAI timeout(s) : 60
BK update interval(s) : 43200
BK lifetime threshold(%) : 70
USK update method : Time-based
USK update interval(s) : 86400
MSK update method : Time-based
MSK update interval(s) : 86400
Cert auth retrans count : 3
USK negotiate retrans count : 3
MSK negotiate retrans count : 3
------------------------------------------------------------
Item |
Description |
---|---|
Security policy | Security policy. The following security policies are supported:
To configure the parameter, run the security wep, security dot1x, security psk and security wapi commands. |
Encryption | Encryption mode. The following encryption modes are supported: TKIP, AES, AES-TKIP, WEP-40, WEP-104, WEP-128, and SMS4. WAPI encryption uses SMS4. To configure the parameter, run the wep key, security dot1x and security psk commands. |
PMF | Whether the Protected Management Frame (PMF) function of a VAP is enabled.
This line is displayed in the command output only when the authentication and encryption mode is WPA2-AES. To configure this function, run the pmf command. |
Key key-id | Key ID. To configure the parameter, run the wep key command. |
Default key ID | Default key ID. To configure the parameter, run the wep default-key command. |
PTK update | Whether to enable periodic PTK update in WPA, WPA2 or WPA-WPA2 authentication and encryption.
To configure the parameter, run the wpa ptk-update enable command. |
PTK update interval(s) | The interval for updating PTKs in WPA, WPA2 or WPA-WPA2 authentication and encryption. The value is an integer in seconds. To configure the parameter, run the wpa ptk-update ptk-update-interval command. |
CA certificate filename | CA certificate file name. To configure the parameter, run the wapi import certificate command. |
ASU certificate filename | File name of the authentication server unit (ASU) certificate. To configure the parameter, run the wapi import certificate command. |
AC certificate filename | AC certificate file name. To configure the parameter, run the wapi import certificate command. |
AC private key filename | AC private key file name. To configure the parameter, run the wapi import private-key command. |
WAPI source interface | WAPI source interface. To configure the parameter, run the wapi source interface command. |
Authentication server IP | IP address of the ASU certificate server. To configure the parameter, run the wapi asu command. |
WAI timeout(s) | Timeout period of an association. To configure the parameter, run the wapi sa-timeout command. |
BK update interval(s) | Interval for updating the base key (BK). To configure the parameter, run the wapi bk command. |
BK lifetime threshold(%) | Threshold for triggering BK update. To configure the parameter, run the wapi bk command. |
USK update method | Whether the USK is updated based on a time interval or a packet count. To configure the parameter, run the wapi key-update command. |
USK update interval(s) | Time-based interval for updating the unicast session key (USK). To configure the parameter, run the wapi usk command. |
MSK update method | Whether the MSK is updated based on a time interval or a packet count. To configure the parameter, run the wapi key-update command. |
MSK update interval(s) | Time-based interval for updating the MBMS service key (MSK). To configure the parameter, run the wapi msk command. |
Cert auth retrans count | Number of retransmissions of certificate authentication packets. To configure the parameter, run the wapi cert-retrans-count command. |
USK negotiate retrans count | Number of retransmissions of USK negotiation packets. To configure the parameter, run the wapi usk command. |
MSK negotiate retrans count | Number of retransmissions of MSK negotiation packets. To configure the parameter, run the wapi msk command. |