display authentication-scheme

Function

The display authentication-scheme command displays the configuration of authentication schemes.

Format

display authentication-scheme [ authentication-scheme-name ]

Parameters

Parameter	Description	Value
authentication-scheme-name	Specifies the name of an authentication scheme.	The authentication scheme must exist.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

To check whether an authentication scheme is configured correctly, run the display authentication-scheme command.

Precautions

If the display authentication-scheme command is executed in the authentication scheme view or the name of an authentication scheme is specified in the command, this command displays detailed authentication scheme configuration. Otherwise, this command displays only summary information of authentication schemes.

Example

# Display summary information of all authentication schemes.

<sysname> display authentication-scheme
  -------------------------------------------------------------------
  Authentication-scheme-name          Authentication-method
  -------------------------------------------------------------------
  default                             Local                                     
  admin_local                         Local                                     
  admin_radius_local                  RADIUS Local                              
  admin_hwtacacs_local                HWTACACS Local                            
  admin_ad_local                      AD Local                                  
  admin_ldap_local                    LDAP Local                                
  admin_radius                        RADIUS                                    
  admin_hwtacacs                      HWTACACS                                  
  admin_ad                            AD                                        
  admin_ldap                          LDAP             
  local-1                             Local
  radius-1                            RADIUS
  -------------------------------------------------------------------
  Total of authentication scheme: 12

# Display detailed configuration of the authentication scheme named default.

<sysname> display authentication-scheme default
                                                                                
  Authentication-scheme-name          : default                                 
  Authentication-method               : Local  
  Radius authentication-type of admin : PAP(all) 
  server no-response accounting       : NO
  Location after radius reject        : None

**Table 1** Description of the **display authentication-scheme** command output
Item	Description
Authentication-scheme-name	Name of an authentication scheme. To create an authentication scheme, run the authentication-scheme (AAA view) command.
Authentication-method	Authentication mode in an authentication scheme. To configure an authentication mode in an authentication scheme, run the authentication-mode (authentication scheme view) command.
Radius authentication-type of admin	Access type of administrators on whom CHAP authentication is performed during RADIUS authentication. The value can be: PAP(all): PAP authentication is performed on administrators of all access types when they are authenticated using RADIUS. CHAP(ftp) PAP (other): CHAP authentication is performed on FTP users whose access types are displayed in brackets () when they are authenticated using RADIUS, and PAP authentication is performed on the administrators of other access types. To configure the access type, run the authentication-type radius chap access-type admin command.
server no-response accounting	Whether the device continues to send accounting packets after local authentication is performed for a user who does not receive any response from the server. The value can be: YES: The device continues to send accounting packets. NO: The device does not send accounting packets. To configure this function, run the server no-response accounting command.
Location after radius reject	Whether a user is authenticated using another authentication mode after the user's RADIUS authentication request is rejected. The value can be: None: The user is not authenticated using another authentication mode after the user's RADIUS authentication request is rejected and the authentication process ends. Local: The user is authenticated using the local authentication mode after the user's RADIUS authentication request is rejected. To configure this parameter, run the radius-reject local command.