display dot1x-access-profile configuration

Function

The display dot1x-access-profile configuration command displays the configuration of an 802.1X access profile.

Format

display dot1x-access-profile configuration [ name access-profile-name ]

Parameters

Parameter	Description	Value
name access-profile-name	Displays the configuration of an 802.1X access profile with a specified name. If name access-profile-name is not specified, the device displays all the 802.1X access profiles configured on the device. If name access-profile-name is specified, the device displays the configuration of a specified 802.1X access profile.	The value must be the name of an existing 802.1X access profile.

Parameter

Description

Value

name access-profile-name

Displays the configuration of an 802.1X access profile with a specified name.

If name access-profile-name is not specified, the device displays all the 802.1X access profiles configured on the device. If name access-profile-name is specified, the device displays the configuration of a specified 802.1X access profile.

The value must be the name of an existing 802.1X access profile.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

After configuring an 802.1X access profile, you can run this command to check whether the configuration is correct.

The name of the compatibility profile converted after an upgrade begins with the at sign (@) and the profile is not counted in the configuration specification.

Example

# Display all the 802.1X access profiles configured on the device.

<HUAWEI> display dot1x-access-profile configuration
-------------------------------------------------------------------------------                                                     
 ID             Dot1x-Access-Profile Name                                                                                           
-------------------------------------------------------------------------------                                                     
 0              dot1x_access_profile                                                                                                
 1              d1                                                                                                                  
 2              d2                                                                                                                   
 3              d3                                                                                                                   
 4              d4                                                                                                        
-------------------------------------------------------------------------------                                                     
 Total: 5 printed: 5.

**Table 1** Description of the **display dot1x-access-profile configuration** command output
Item	Description
ID	802.1X access profile ID.
Dot1x-Access-Profile Name	802.1X access profile name.

# Display the configuration of the 802.1X access profile d1.

<HUAWEI> display dot1x-access-profile configuration name d1
  Profile Name                 : d1
  Authentication method        : EAP
  Port control                 : authorized-force
  Re-authen                    : Enable
  Client-no-response authorize : -
  Trigger condition            : arp
  Unicast trigger              : Enable
  Trigger dhcp-bind            : Enable
  Handshake                    : Disable
  Handshake packet-type        : request-identity
  Max retry value              : 2
  Reauthen Period              : 3600s
  Client Timeout               : 5s
  Handshake Period             : 60s
  Eth-trunk handshake period   : 120s
  Dot1x no-response authorize  : Disable
  Bound authentication profile : -

**Table 2** Description of the **display dot1x-access-profile configuration name** command output
Item	Description
Profile Name	802.1X access profile name.
Authentication method	Authentication mode of 802.1X users: CHAP PAP EAP To configure the authentication mode, run the dot1x authentication-method command.
Port control	802.1X authentication interface's authorization status: auto authorized-force unauthorized-force To set an authorization state for an interface, run the dot1x port-control command.
Re-authen	Whether re-authentication for online 802.1X users is enabled: Enable Disable To configure the re-authentication function, run the dot1x reauthenticate command.
Client-no-response authorize	Network access rights granted to users when the 802.1X client does not respond. service-scheme: The name of a service scheme based on which network access rights are assigned. ucl-group: The name of a UCL group based on which network access rights are assigned. vlan: The VLAN based on which network access rights are assigned. To configure the network access rights, run the authentication event client-no-response action authorize command.
Trigger condition	Packet type that can trigger 802.1X authentication: dhcp arp dhcpv6 nd any-l2-packet To configure the packet type, run the authentication trigger-condition command.
Unicast trigger	Whether 802.1X authentication triggered by unicast packets is enabled: Enable Disable To configure the function, run the dot1x unicast-trigger command.
Trigger dhcp-bind	Whether the device is enabled to automatically generate DHCP snooping binding entries for users with static IP addresses: Enable Disable To configure the function, run the dot1x trigger dhcp-binding command.
Handshake	Whether handshake with online 802.1X authentication users is enabled: Enable Disable
Handshake packet-type	Type of 802.1X authentication handshake packets: request-identity srp-sha1-part2
Max retry value	Maximum number of attempts to send authentication requests to 802.1X users. To configure the maximum value, run the dot1x retry command.
Reauthen Period	Re-authentication interval for online 802.1X users. To configure the re-authentication interval, run the dot1x timer command.
Client Timeout	Authentication timeout period for 802.1X clients. To configure the authentication timeout period, run the dot1x timer command.
Handshake Period	Interval at which the device handshakes with an 802.1X client on a non-Eth-Trunk interface. To configure the interval, run the dot1x timer command.
Eth-trunk handshake period	Interval at which the device handshakes with an 802.1X client on an Eth-Trunk. To configure the interval, run the dot1x timer command.
Dot1x no-response authorize	Whether the function of not responding to the EAPoL-Start packets sent by clients when the AAA server is Down is enabled: Enable Disable To configure the function, run the dot1x no-response authorize authen-server-down command.
Bound authentication profile	Authentication profile to which the 802.1X access profile is bound. To configure the authentication profile, run the dot1x-access-profile command.