The display security-profile command displays configuration and reference information about a security profile.
Parameter |
Description |
Value |
|---|---|---|
all |
Displays information about all security profiles. |
- |
name profile-name |
Displays information about a specified security profile. |
The security profile must exist. |
You can run the command to view configuration and reference information about a specified security profile or all security profiles.
# Display configurations of all security profiles.
<HUAWEI> display security-profile all ---------------------------------------------------------- Profile name Reference ---------------------------------------------------------- default 1 default-wds 1 default-mesh 1 security-profile1 0 ---------------------------------------------------------- Total: 3
Item |
Description |
|---|---|
Profile name |
Name of the security profile. |
Reference |
Number of times a security profile is referenced. |
# Display information about the security profile default.
<HUAWEI> display security-profile name default
------------------------------------------------------------
Security policy : Open system
Encryption : -
------------------------------------------------------------
WEP's configuration
Key 0 : *****
Key 1 : *****
Key 2 : *****
Key 3 : *****
Default key ID : 0
------------------------------------------------------------
WPA/WPA2's configuration
PTK update : disable
PTK update interval(s) : 43200
------------------------------------------------------------
WAPI's configuration
CA certificate filename : -
ASU certificate filename : -
AC certificate filename : -
AC private key filename : -
WAPI source interface : -
Authentication server IP : -
WAI timeout(s) : 60
BK update interval(s) : 43200
BK lifetime threshold(%) : 70
USK update method : Time-based
USK update interval(s) : 86400
MSK update method : Time-based
MSK update interval(s) : 86400
Cert auth retrans count : 3
USK negotiate retrans count : 3
MSK negotiate retrans count : 3
------------------------------------------------------------
Item |
Description |
|---|---|
Security policy |
Security policy. The following security policies are supported:
To configure the parameter, run the security wep, security dot1x, security psk, or security wapi command. |
Encryption |
Encryption mode. The following encryption modes are supported: GCMP-256, TKIP, AES, AES-TKIP, WEP-40, WEP-104, WEP-128, and SMS4. The WAPI encryption mode is fixed to SMS4. To configure the parameter, run the wep key, security dot1x, or security psk command. |
PMF |
Whether the Protected Management Frame (PMF) function of a VAP is enabled.
This line is displayed in the command output only when the authentication and encryption mode is WPA2-AES. You can run the pmf command to set this parameter. |
Key key-id |
Key ID. To configure the parameter, run the wep key command. |
Default key ID |
Default key ID. To configure the parameter, run the wep default-key command. |
PTK update |
Whether to enable periodic PTK update in WPA, WPA2 or WPA-WPA2 authentication and encryption.
To configure the parameter, run the wpa ptk-update enable command. |
PTK update interval(s) |
The interval for updating PTKs in WPA, WPA2 or WPA-WPA2 authentication and encryption. The value is an integer in seconds. To configure the parameter, run the wpa ptk-update ptk-update-interval command. |
CA certificate filename |
CA certificate file name. To configure the parameter, run the wapi import certificate command. |
ASU certificate filename |
File name of the authentication server unit (ASU) certificate. To configure the parameter, run the wapi import certificate command. |
AC certificate filename |
AC certificate file name. To configure the parameter, run the wapi import certificate command. |
AC private key filename |
AC private key file name. To configure the parameter, run the wapi import private-key command. |
WAPI source interface |
WAPI source interface. To configure the parameter, run the wapi source interface command. |
Authentication server IP |
IP address of the ASU certificate server. To configure the parameter, run the wapi asu command. |
WAI timeout(s) |
Timeout period of an association. To configure the parameter, run the wapi sa-timeout command. |
BK update interval(s) |
Interval for updating the base key (BK). To configure the parameter, run the wapi bk command. |
BK lifetime threshold(%) |
Threshold for triggering BK update. To configure the parameter, run the wapi bk command. |
USK update method |
Whether the USK is updated based on a time interval or a packet count. To configure the parameter, run the wapi key-update command. |
USK update interval(s) |
Interval for updating the unicast session key (USK). To configure the parameter, run the wapi usk command. |
MSK update method |
Whether the MSK is updated based on a time interval or a packet count. To configure the parameter, run the wapi key-update command. |
MSK update interval(s) |
Interval for updating the MBMS service key (MSK). To configure the parameter, run the wapi msk command. |
Cert auth retrans count |
Number of retransmissions of certificate authentication packets. To configure the parameter, run the wapi cert-retrans-count command. |
USK negotiate retrans count |
Number of retransmissions of USK negotiation packets. To configure the parameter, run the wapi usk command. |
MSK negotiate retrans count |
Number of retransmissions of MSK negotiation packets. To configure the parameter, run the wapi msk command. |