display authentication-profile configuration

Function

The display authentication-profile configuration command displays the configuration of an authentication profile.

Format

display authentication-profile configuration [ name authentication-profile-name ]

Parameters

Parameter	Description	Value
name authentication-profile-name	Displays the configuration of a specified authentication profile. If name authentication-profile-name is not specified, the device displays all the authentication profiles configured on the device.	The value must be the name of an existing authentication profile.

Parameter

Description

Value

name authentication-profile-name

Displays the configuration of a specified authentication profile.

If name authentication-profile-name is not specified, the device displays all the authentication profiles configured on the device.

The value must be the name of an existing authentication profile.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

After configuring an authentication profile, you can run this command to check whether the configuration is correct.

The built-in authentication profile default_authen_profile is not counted in the configuration specification. The name of the compatibility profile converted after an upgrade begins with the at sign (@) and the profile is also not counted in the configuration specification.

Example

# Display all the authentication profiles configured on the device.

<HUAWEI> display authentication-profile configuration
------------------------------------------------------------------------------- 
    ID        Auth-profile name                                                 
------------------------------------------------------------------------------- 
     0        default_authen_profile                                            
     1        dot1x_authen_profile                                              
     2        mac_authen_profile                                                
     3        portal_authen_profile                                             
     4        dot1xmac_authen_profile                                           
     5        multi_authen_profile  
     6        p1                                                
------------------------------------------------------------------------------- 
    Total 7, printed 7

**Table 1** Description of the **display authentication-profile configuration** command output
Item	Description
ID	Authentication profile ID.
Auth-profile name	Authentication profile name.

# Display the configuration of the authentication profile p1.

<HUAWEI> display authentication-profile configuration name p1
  Profile name                                : p1
  Dot1x access profile name                   : -
  Mac access profile name                     : -
  Portal access profile name                  : testdel
  Free rule template                          : -
  Force domain                                : -
  Dot1x force domain                          : -
  Mac-authen force domain                     : -
  Portal force domain                         : -
  Default domain                              : 110
  Dot1x default domain                        : -
  Mac-authen default domain                   : -
  Portal default domain                       : -
  Permit domain                               : -
  Authentication handshake                    : Enable
  Authentication handshake period             : 300s   
  Auth-fail re-auth period                    : 60s
  Pre-auth Re-auth period                     : 60s
  Auth-fail re-auth period wlan-user          : 0s
  Auth-fail aging time                        : 82800s
  Pre-auth aging time                         : 82800s
  Author-keep aging time                      : 0s
  Dot1x-mac-bypass                            : Disable
  Mac authen before 802.1x authen force       : Enable 
  Mac authen before 802.1x authen             : Enable  
  Single-access                               : Disable
  Device-type authorize service-scheme        : -
  Mac move detect enable                      : Enable    
  Authentication mode                         : multi-authen
  Authen-fail authorize service-scheme        : -
  Authen-server-down authorize service-scheme : -
  Authen-server-down authorize keep           : response-success   
  Authen-server-noreply authorize keep        : response-success   
  Authen-server-down close re-authen          : N
  Pre-authen authorize service-scheme         : -
  Security-name-delimiter                     : -
  Domain-name-delimiter                       : -
  Domain-location                             : -
  Domainname-parse-direction                  : -
  Bound vap profile                           : -
  SVF flag                                    : Disable
  Ip-static-user                              : Disable
  Roam-realtime-accounting                    : Enable                          
  Update-IP-realtime-accounting               : Enable  
  IP-address in-accounting-start              : Enable
  Linkdown offline delay time                 : 10 
  Termination action                          : reauthenticate 
  Control direction                           : Inbound 
  Update-Info-realtime-accounting             : Enable 
  No IP Check Flag                            : N  
  IP Conflict Check Flag                      : Y 
  Authentication roam pre-authen mac-authen   : Enable 
  Authentication single-stack-control enable  : IPv6  
  Authentication no-replace dot1x             : -
  Lldp sensor-ap authentication disable       : Disable

**Table 2** Description of the **display authentication-profile configuration name** command output
Item	Description
Profile name	Authentication profile name.
Dot1x access profile name	802.1X access profile bound to the authentication profile. To bind an 802.1X access profile, run the dot1x-access-profile command in the authentication profile view.
Mac access profile name	MAC access profile bound to the authentication profile. To bind a MAC access profile, run the mac-access-profile command in the authentication profile view.
Portal access profile name	Portal access profile bound to the authentication profile. To bind a Portal access profile, run the portal-access-profile command in the authentication profile view.
Free rule template	Authentication-free rule profile bound to the authentication profile. To bind an authentication-free rule profile, run the free-rule-template command in the authentication profile view.
Force domain	Forcible domain for users. To configure a forcible domain, run the access-domain command.
Dot1x force domain	Forcible domain for 802.1X authentication users. To configure a forcible domain for 802.1X authentication users, run the access-domain command.
Mac-authen force domain	Forcible domain for MAC address authentication users. To configure a forcible domain for MAC address authentication users, run the access-domain command.
Portal force domain	Forcible domain for Portal authentication users. To configure a forcible domain for Portal authentication users, run the access-domain command.
Default domain	Default domain for users. To configure a default domain for users, run the access-domain command.
Dot1x default domain	Default domain for 802.1X authentication users. To configure a default domain for 802.1X authentication users, run the access-domain command.
Mac-authen default domain	Default domain for MAC address authentication users. To configure a default domain for MAC address authentication users, run the access-domain command.
Portal default domain	Default domain for Portal authentication users. To configure a default domain for Portal authentication users, run the access-domain command.
Permit domain	Permitted domain for users. To configure a permitted domain, run the permit-domain command.
Authentication handshake	Whether the handshake function is enabled. Enable Disable To enable the handshake function, run the authentication handshake command.
Authentication handshake period	Handshake interval. To configure a handshake interval, run the authentication timer handshake-period command.
Auth-fail re-auth period	Interval for re-authenticating wired users who fail to be authenticated. To configure the interval, run the authentication timer re-authen command.
Pre-auth re-auth period	Interval for re-authenticating pre-connection users. To configure the interval, run the authentication timer re-authen command.
Auth-fail re-auth period wlan-user	Interval for re-authenticating wireless users who fail to be authenticated. To configure the interval, run the authentication timer re-authen command.
Auth-fail aging Time	Aging time for entries of the users who fail to be authenticated. To configure the aging time, run the authentication timer authen-fail-aging command.
Pre-auth aging Time	Aging time for pre-connection user entries. To configure the aging time, run the authentication timer pre-authen-aging command.
Author-keep aging time	Aging time for entries of online users who are authorized to retain the original network access rights. To configure the aging time, run the authentication timer authorize-keep-aging command.
Dot1x-mac-bypass	Whether MAC address bypass authentication is enabled. Enable Disable To configure the function, run the authentication dot1x-mac-bypass command.
Mac authen before 802.1x authen force	Whether forcible MAC address authentication is enabled before 802.1X authentication. Enable Disable To enable the function, run the authentication mac-authen-first force command.
Mac authen before 802.1x authen	Whether the sequence of authentication modes triggered by EAP-Start packets is configured to be MAC address authentication prior to 802.1X authentication. Enable Disable To configure this function, run the authentication order mac dot1x command.
Single-access	Whether the device allows users to access in only one authentication mode. To configure the function, run the authentication single-access command.
Device-type authorize service-scheme	Name of the service scheme based on which the device assigns network access rights to voice terminals that are not authenticated. To configure the name, run the authentication device-type voice authorize command.
Authentication mode	User access mode. To configure the mode, run the authentication mode command.
Authen-fail authorize service-scheme	Name of the service scheme based on which the device assigns network access rights to users who fail to be authenticated. To configure the name, run the authentication event action authorize command.
Authen-server-down authorize service-scheme	Name of the service scheme based on which the device assigns network access rights to users when the authentication server is Down. To configure the name, run the authentication event action authorize command.
Authen-server-down authorize keep	The device retains the original network access rights of users and responds to users when the authentication server is Down. response-success: The device returns an authentication success packet to users. response-fail: The device returns an authentication failure packet to users. no-response: The device does not respond to users. To configure the function, run the authentication event action authorize.
Authen-server-noreply authorize keep	The device retains the original network access rights of users and responds to users when the authentication server does not respond. response-success: The device returns an authentication success packet to users. response-fail: The device returns an authentication failure packet to users. no-response: The device does not respond to users. To configure the function, run the authentication event action authorize.
Authen-server-down close re-authen	Whether to disable the re-authentication function when the authentication server is Down. Y N To configure the function, run the authentication event authen-server-down action close re-authen.
Pre-authen authorize service-scheme	Name of the service scheme based on which the device assigns network access rights to users who are in the pre-connection state. To configure the name, run the authentication event action authorize command.
Security-name-delimiter	Security string delimiter. To configure the delimiter, run the security-name-delimiter command.
Domain-name-delimiter	Domain name delimiter. To configure the delimiter, run the domain-name-delimiter command.
Domain-location	Domain name location. To configure the location, run the domain-location command.
Domainname-parse-direction	Domain name resolution direction. To configure the direction, run the domainname-parse-direction command.
Bound vap profile	VAP profile to which the authentication profile is bound. To configure a VAP profile, run the authentication-profile command.
SVF flag	Whether SVF is enabled. Enable Disable
Ip-static-user	Whether the function of identifying static users through IP addresses is enabled. Enable Disable To configure the function, run the ip-static-user enable command.
Roam-realtime-accounting	Whether a device is enabled to send accounting packets during roaming. Enable Disable
Update-IP-realtime-accounting	Whether a device is enabled to send accounting packets during address updating. Enable Disable To configure the function, run the *authentication { update-info-accounting \| update-ip-accounting } ^ enable** command.
Linkdown offline delay time	User logout delay when an interface link is faulty. To configure the delay, run the link-down offline delay command.
IP-address in-accounting-start	Whether the function of carrying users' IP addresses in accounting-start packets is enabled. Enable Disable To configure the function, run the authentication ip-address in-accounting-start command.
Termination action	Whether the device is configured to reauthenticate users when the time exceeds the value of Session-Timeout delivered by the RADIUS server. reauthenticate To configure the function, run the authentication termination-action reauthenticate command.
Control direction	Direction of packets controlled by the device. Inbound: Only upstream traffic is controlled. All: Bidirectional traffic is controlled. To configure the function, run the authentication control-direction command.
Update-Info-realtime-accounting	Whether a device is enabled to send accounting packets for terminal information updates. Enable Disable To configure the function, run the authentication command.
No IP Check Flag	Whether the device is enabled not to create any IP hash tables for the client IP address. Y N To configure the function, run the authentication no-ip-check command.
IP Conflict Check Flag	Whether the device is enabled not to check IP address conflicts for client IP addresses. Y N To configure the function, run the authentication ip-conflict-check enable command.
Authentication roam pre-authen mac-authen	Whether MAC address authentication is enabled for roaming STAs. Enable Disable To configure this function, run the authentication roam pre-authen mac-authen enable command.
Authentication single-stack-control enable	Whether the single-stack authentication function is enabled. IPv4 IPv6 Disable To configure the single-stack authentication function, run the authentication single-stack-control enable command.
Authentication no-replace dot1x	Whether the device is enabled not to respond to the EAP-Start packets sent from users who have successfully passed MAC address authentication or Portal authentication. dot1x: enabled -: disabled To configure this function, run the authentication no-replace dot1x command.
Lldp sensor-ap authentication disable	Whether non-authentication is enabled for the APs discovered by LLDP. Enable Disable To enable non-authentication for the APs discovered by LLDP, run the lldp sensor-ap authentication disable command.