You are here: Home > CLI Commands > Just_CLI_Topics > show aaa profile

show aaa profile

show aaa profile <profile-name>

Description

Show configuration details for an individual AAAAuthentication, Authorization, and Accounting. AAA is a security framework to authenticate users, authorize the type of access based on user credentials, and record authentication events and information about the network access and network resource consumption. profile.

Example

The output of the following command shows roles, servers and server group settings, and wire-to-wireless-roaming statistics for each AAAAuthentication, Authorization, and Accounting. AAA is a security framework to authenticate users, authorize the type of access based on user credentials, and record authentication events and information about the network access and network resource consumption. profile.

(host) #show aaa profile default

 

AAA Profile "default"

---------------------

Parameter Value

--------- -----

Initial role guest

MAC Authentication Profile N/A

MAC Authentication Default Role guest

MAC Authentication Server Group default

802.1X Authentication Profile default

802.1X Authentication Default Role guest

802.1X Authentication Server Group N/A

Download Role from CPPM Disabled

L2 Authentication Fail Through Disabled

Multiple Server Accounting Disabled

User idle timeout N/A

RADIUS Accounting Server Group N/A

RADIUS Roaming Accounting Enabled

RADIUS Interim Accounting Disabled

XML API server N/A

RFC 3576 server N/A

User derivation rules N/A

Wired to Wireless Roaming Enabled

SIP authentication role N/A

Device Type Classification Enabled

Enforce DHCP Disabled

PAN Firewall Integration Disabled

Open SSID radius accounting Disabled

 

The following data columns appear in the output of this command:

Parameter

Description

Name

The name of the AAAAuthentication, Authorization, and Accounting. AAA is a security framework to authenticate users, authorize the type of access based on user credentials, and record authentication events and information about the network access and network resource consumption. profile.

Initial Role

Role for unauthenticated users.

MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. Authentication Profile

Name of the MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication profile.

MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. Authentication Default Role

Configured role assigned to the user after MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication.

MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. Authentication Server Group

Name of the server group used for MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication.

8021.X Authentication Profile

Name of the 802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication profile.

8021.X Authentication Default Role

Configured role assigned to the user after 802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication.

8021.X Authentication Server Group

Name of the server group used for 802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication.

Download Role from CPPM Status of role download from ClearPass Policy ManagerClearPass Policy Manager is a baseline platform for policy management, AAA, profiling, network access control, and reporting. With ClearPass Policy Manager, the network administrators can configure and manage secure network access that accommodates requirements across multiple locations and multivendor networks, regardless of device ownership and connection method.. If enabled, the controller downloads the role from ClearPass Policy ManagerClearPass Policy Manager is a baseline platform for policy management, AAA, profiling, network access control, and reporting. With ClearPass Policy Manager, the network administrators can configure and manage secure network access that accommodates requirements across multiple locations and multivendor networks, regardless of device ownership and connection method. if not defined.

L2 Authentication Fail Through

To select the other authentication method if one fails.

Multiple Server Accounting Status of multiple server accounting. If enabled, the controller sends RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  accounting to all servers in RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  accounting server group.
User idle timeout The user idle timeout for this profile. Specify the idle timeout value for the client in seconds. A value of 0, deletes the user immediately after disassociation from the wireless network. Valid range is 30-15300 in multiples of 30 seconds.

RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  Accounting Server Group

Name of the server group used for RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  authentication.

RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  Roaming Accounting

Displays if Roaming RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  accounting service is enabled / disabled, assists in tracking a client who roams to a different AP.

RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  Interim Accounting

By default, the RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  accounting feature sends only start and stop messages to the RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  accounting server. If RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  Interim Accounting is enabled, the controller to can also end Interim-Update messages with current user statistics to the server at regular intervals.

XMLExtensible Markup Language. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. APIApplication Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software. server

IP address of a configured XMLExtensible Markup Language. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. APIApplication Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software. server.

RFCRequest For Comments. RFC is a commonly used format for the Internet standards documentss. 3576 server

 

IP address of a RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server hat can send user disconnect, session timeout and change-of-authorization messages, as described in RFC 3576.

User derivation rules

User attribute profile from which the user role or VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. is derived.

Wired to Wireless Roaming

Shows whether Wired to Wireless Roaming is Enabled or Disabled.

SIPSession Initiation Protocol. SIP is used for signaling and controlling multimedia communication session such as voice and video calls. authentication role

For controllers with an installed PEFNGPolicy Enforcement Firewall. PEF also known as PEFNG provides context-based controls to enforce application-layer security and prioritization. The customers using Aruba mobility controllers can avail PEF features and services by obtaining a PEF license. PEF for VPN users—Customers with PEF for VPN license can apply firewall policies to the user traffic routed to a controller through a VPN tunnel. license, this parameter displays the configured role assigned to a session initiation protocol (SIPSession Initiation Protocol. SIP is used for signaling and controlling multimedia communication session such as voice and video calls. ) client upon registration.

Device Type Classification

Shows if the device identification feature is enabled or disabled. When devtype-classification parameter is enabled, the output of the show user and show user-table commands shows each client’s device type, if that client device can be identified.

Enforce DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. 

When this option is enabled, clients must complete a DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  exchange to obtain an IP address. Best practices are to enable this option when you use the aaa derivation-rules command to create a rule with the DHCP-Option rule type. This parameter is disabled by default.

PAN firewallFirewall is a network security system used for preventing unauthorized access to or from a private network. Integration

Displays the status of the PAN firewallFirewall is a network security system used for preventing unauthorized access to or from a private network. integration.

Open SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. Radius Accounting

Displays the Open system SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  accounting status.

Related Commands

Command

Description

aaa profile

This command configures the authentication for a WLANWireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection..

Command History

Command

Description

ArubaOS 8.1.0.0

The RADIUS Roaming Accounting parameter was introduced.

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

Licensing

Command Mode

All platforms

Base operating system

Enable or Config mode on Mobility Master.

/*]]>*/