You are here: Home > CLI Commands > Just_CLI_Topics > show aaa main-profile

show aaa main-profile

show aaa main-profile summary

Description

Show a summary of all AAAAuthentication, Authorization, and Accounting. AAA is a security framework to authenticate users, authorize the type of access based on user credentials, and record authentication events and information about the network access and network resource consumption. profiles.

Example

The output of the show aaa main-profile summary command shows roles, server group settings, and wire-to-wireless-roaming statistics for each AAAAuthentication, Authorization, and Accounting. AAA is a security framework to authenticate users, authorize the type of access based on user credentials, and record authentication events and information about the network access and network resource consumption. profile.

(host) #show aaa main-profile summary

 

AAA Profile summary

-------------------

dot1x- rad- UDR- ww- enforce

Name role mac-auth auth acct XML-api RFC3576 group roam devtype -dhcp

---- ---- -------- ------ ---- ------- ------- ----- ---- ------- -------

aaa_dot1x logon macprof2 dot1x RADIUS 10.3.1.15 10.3.15.2 Usr1 Disable enabled disabled

default logon macprof2 dot1x RADIUS 10.3.1.15 10.3.15.2 Usr1 Disable enabled disabled

default guest macprof1 default RADIUS 10.3.1.15 10.3.15.2 Usr2 Disable enabled disabled

guest

The following data columns appear in the output of this command:

Parameter

Description

Name

Name of the AAAAuthentication, Authorization, and Accounting. AAA is a security framework to authenticate users, authorize the type of access based on user credentials, and record authentication events and information about the network access and network resource consumption. profile.

role

Role for unauthenticated users.

mac-auth

Name of the server group used for MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication.

dot1x-auth

Name of the server group used for dot1x authentication.

rad-act

Name of the server group used for RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  authentication.

XMLExtensible Markup Language. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable.-apiApplication Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software.

IP address of a configured XMLExtensible Markup Language. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. APIApplication Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software. server.

RFC3576

IP address of a RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server that can send user disconnect, session timeout and change-of-authorization messages, as described in RFCRequest For Comments. RFC is a commonly used format for the Internet standards documentss. 3576.

UDRUser Derivation Rule. UDR is a role assignment model used by the controllers running ArubaOS to assign roles and VLANs to the WLAN users based on MAC address, BSSID, DHCP-Option, encryption type, SSID, and the location of a user. For example, for an SSID with captive portal in the initial role, a UDR can be configured for scanners to provide a role based on their MAC OUI.-group

Name of the user derivation rule profile.

ww-roam

Shows if wired-to-wireless roaming is enabled or disabled.

devtype

Shows if the device identification feature is enabled or disabled. When devtype-classification parameter is enabled, the output of the show user and show user-table commands shows each client’s device type, if that client device can be identified.

enforce-dhcp

When this option is enabled, clients must complete a DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  exchange to obtain an IP address. Best practices are to enable this option when you use the aaa derivation-rules command to create a rule with the DHCP-Option rule type. This parameter is disabled by default.

Related Commands

Command

Description

aaa profile

This command configures the authentication for a WLANWireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection..

Command History

Command

Description

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

Licensing

Command Mode

All platforms

Base operating system

Enable or Config mode on Mobility Master

/*]]>*/