mirror of
https://github.com/hsnodgrass/snmp_mib_archive.git
synced 2025-04-17 16:03:04 +00:00
1698 lines
67 KiB
Plaintext
1698 lines
67 KiB
Plaintext
-- *****************************************************************
|
|
-- CISCO-DOT11-SSID-SECURITY-MIB.my:
|
|
-- CISCO IEEE 802.11 SSID Security MIB
|
|
--
|
|
-- October 2003, Francis Pang
|
|
--
|
|
-- Copyright (c) 2003-2007 by Cisco Systems, Inc.
|
|
-- All rights reserved.
|
|
-- *****************************************************************
|
|
--
|
|
CISCO-DOT11-SSID-SECURITY-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY,
|
|
OBJECT-TYPE,
|
|
Integer32,
|
|
Unsigned32
|
|
FROM SNMPv2-SMI
|
|
MODULE-COMPLIANCE,
|
|
OBJECT-GROUP
|
|
FROM SNMPv2-CONF
|
|
TEXTUAL-CONVENTION,
|
|
MacAddress,
|
|
RowStatus,
|
|
TruthValue
|
|
FROM SNMPv2-TC
|
|
SnmpAdminString
|
|
FROM SNMP-FRAMEWORK-MIB
|
|
ifIndex
|
|
FROM IF-MIB
|
|
InetAddressType,
|
|
InetAddress
|
|
FROM INET-ADDRESS-MIB
|
|
dot11AuthenticationAlgorithmsIndex
|
|
FROM IEEE802dot11-MIB
|
|
CDot11IfVlanIdOrZero
|
|
FROM CISCO-DOT11-IF-MIB
|
|
ciscoMgmt
|
|
FROM CISCO-SMI;
|
|
|
|
|
|
-- ********************************************************************
|
|
-- * MODULE IDENTITY
|
|
-- ********************************************************************
|
|
|
|
ciscoDot11SsidSecMIB MODULE-IDENTITY
|
|
LAST-UPDATED "200704120000Z"
|
|
ORGANIZATION "Cisco System Inc."
|
|
CONTACT-INFO
|
|
" Cisco Systems
|
|
Customer Service
|
|
|
|
Postal: 170 West Tasman Drive,
|
|
San Jose CA 95134-1706.
|
|
USA
|
|
|
|
Tel: +1 800 553-NETS
|
|
|
|
E-mail: cs-dot11@cisco.com"
|
|
DESCRIPTION
|
|
"This MIB module provides network management
|
|
support for Cisco IEEE 802.11 Wireless LAN
|
|
devices association and authentication.
|
|
|
|
ACRONYMS
|
|
AES
|
|
Advanced Encryption Standard.
|
|
|
|
AP
|
|
Access point.
|
|
|
|
AID
|
|
Association IDentifier for wireless stations.
|
|
|
|
BSS
|
|
IEEE 802.11 Basic Service Set.
|
|
|
|
BSSID
|
|
Basic SSID, a MAC address.
|
|
|
|
CCKM
|
|
Cisco Central Key Management.
|
|
|
|
CCMP
|
|
Code Mode/CBC Mac Protocol.
|
|
|
|
CKIP
|
|
Cisco per packet key hashing.
|
|
|
|
CMIC
|
|
Cisco MMH MIC.
|
|
|
|
CRC
|
|
Cyclic Redundancy Check.
|
|
|
|
DTIM
|
|
Data Traffic Indication Map
|
|
|
|
EAP
|
|
Extensible Authentication Protocol.
|
|
|
|
GRE
|
|
Generic Routing Encapsulation
|
|
|
|
IAPP
|
|
Inter-Access-Point Protocol.
|
|
|
|
ICV
|
|
Integrity Check Value.
|
|
|
|
MBSSID
|
|
Multiple Basic SSID.
|
|
|
|
MIC
|
|
Message Integrity Check.
|
|
|
|
MMH
|
|
Multi-Modal Hashing.
|
|
|
|
MMIC
|
|
Michael MIC.
|
|
|
|
RF
|
|
Radio Frequency.
|
|
|
|
SSID
|
|
Radio Service Set Id.
|
|
|
|
SSIDL IE
|
|
SSID List Information Element
|
|
|
|
STA
|
|
IEEE 802.11 wireless station.
|
|
|
|
TKIP
|
|
WPA Temporal Key encryption.
|
|
|
|
VLAN
|
|
Virtual LAN.
|
|
|
|
WEP
|
|
Wired Equivalent Privacy.
|
|
|
|
WPA
|
|
Wi-Fi Protected Access.
|
|
|
|
WPS
|
|
Wireless Provisioning System.
|
|
|
|
|
|
GLOSSARY
|
|
|
|
Access point
|
|
Transmitter/receiver (transceiver) device
|
|
that commonly connects and transports data
|
|
between a wireless network and a wired network.
|
|
|
|
Association
|
|
The service used to establish access point
|
|
or station mapping and enable STA invocation
|
|
of the distribution system services.
|
|
(Wireless clients attempt to connect to
|
|
access points.)
|
|
|
|
Basic Service Set
|
|
The IEEE 802.11 BSS of an AP comprises of the
|
|
stations directly associating with the AP.
|
|
|
|
Backup VLAN
|
|
Wireless clients found to be running outdated/
|
|
unsupported virus software and not compliant to
|
|
network admission control guidelines need to be
|
|
placed on different VLANs than the intended normal
|
|
VLAN. These VLANs on which the non-compliant
|
|
clients are placed are termed as Backup VLANs.
|
|
Backup VLANs are used to quarantine the
|
|
non-compliant clients running incorrect software
|
|
till they upgrade their software to the correct
|
|
version.
|
|
|
|
Bridge
|
|
Device that connects two or more segments
|
|
and reduces traffic by analyzing the
|
|
destination address, filtering the frame,
|
|
and forwarding the frame to all connected
|
|
segments.
|
|
|
|
Bridge AP
|
|
It is an AP that functions as a transparent
|
|
bridge between 2 wired LAN segments.
|
|
|
|
Broadcast SSID
|
|
Clients can send out Broadcast SSID Probe
|
|
Requests to a nearby AP, and the AP will
|
|
broadcast its own SSID within its beacons
|
|
to response to clients. Clients can use this
|
|
Broadcast SSID to associate and communicate
|
|
with the AP.
|
|
|
|
Extensible Authentication Protocol
|
|
EAP acts as the interface between a wireless
|
|
client and an authentication server, such as a
|
|
RADIUS server, to which the access point
|
|
communicates over the wired network.
|
|
|
|
IEEE 802.11
|
|
Standard to encourage interoperability among
|
|
wireless networking equipment.
|
|
|
|
IEEE 802.11b
|
|
High-rate wireless LAN standard for wireless
|
|
data transfer at up to 11 Mbps.
|
|
|
|
IEEE P802.11g
|
|
Higher Speed Physical Layer (PHY) Extension to
|
|
IEEE 802.11b, will boost wireless LAN speed to 54
|
|
Mbps by using OFDM (orthogonal frequency division
|
|
multiplexing). The IEEE 802.11g specification is
|
|
backward compatible with the widely deployed IEEE
|
|
802.11b standard.
|
|
|
|
Inter-Access-Point Protocol
|
|
The IEEE 802.11 standard does not define how
|
|
access points track moving users or how to
|
|
negotiate a handoff from one access point to the
|
|
next, a process referred to as roaming. IAPP is
|
|
a Cisco proprietary protocol to support roaming.
|
|
However, IAPP does not address how the wireless
|
|
system tracks users moving from one subnet to
|
|
another.
|
|
|
|
Independent network
|
|
Network that provides peer-to-peer connectivity
|
|
without relying on a complete network
|
|
infrastructure.
|
|
|
|
Information Element
|
|
Optional wireless network management data element
|
|
in the beacons and probe responses generated by
|
|
wireless stations. These elements identify the
|
|
extended capabilities supported by the stations.
|
|
|
|
Integrity Check Value
|
|
The WEP ICV shall be a 32-bit value containing
|
|
the 32-bit cyclic redundancy code designed for
|
|
verifying wireless data frame integrity.
|
|
|
|
Message Integrity Check
|
|
A MIC can, optionally, be added to WEP-encrypted
|
|
802.11 frames. MIC prevents attacks on encrypted
|
|
packets. MIC, implemented on both the access point
|
|
and all associated client devices, adds a few bytes
|
|
to each packet to make the packets tamper-proof.
|
|
|
|
Multiple BSS-ID
|
|
An access point radio broadcasts and advertises
|
|
multiple SSIDs in the beacons. For clients'
|
|
prospective, it is like there are multiple access
|
|
points existing in the wireless network.
|
|
|
|
Native VLAN ID
|
|
A switch port and/or AP can be configured with a
|
|
'native VLAN ID'. Untagged or priority-tagged
|
|
frames are implicitly associated with the native
|
|
VLAN ID. The default native VLAN ID is '1' if
|
|
VLAN tagging is enabled. The native VLAN ID is '0'
|
|
or 'no VLAN ID' if VLAN tagging is not enabled.
|
|
|
|
Non-Root Bridge
|
|
This wireless bridge does not connect to the main
|
|
wired LAN segment. It connects to a remote wired
|
|
LAN segment and can associate with root bridges and
|
|
other non-root bridges that accept client
|
|
associations. It also can accept associations from
|
|
other non-root bridges, repeater access points,
|
|
and client devices.
|
|
|
|
Primary LAN
|
|
In an AP, if the destinations of inbound unicast
|
|
frames are unknown, the frames are sent toward
|
|
the primary LAN defined on the device.
|
|
|
|
Repeater
|
|
Device that connects multiple segments,
|
|
listening to each and regenerating the signal
|
|
on one to every other connected one; so that
|
|
the signal can travel further.
|
|
|
|
Repeater or Non-root Access Point
|
|
The repeater access point is not connected
|
|
to the wired LAN. The Repeater is a wireless
|
|
LAN transceiver that transfers data between
|
|
a client and another access point, another
|
|
repeater, or between two bridges. The repeater
|
|
is placed within radio range of an access point
|
|
connected to the wired LAN, another repeater, or
|
|
an non-root bridge to extend the range of the
|
|
infrastructure.
|
|
|
|
Radio Frequency
|
|
Radio wave and modulation process or operation.
|
|
|
|
Root Access Point
|
|
This access point connects clients to the main
|
|
wired LAN.
|
|
|
|
Root (Wireless) Bridge
|
|
This wireless bridge connects to the main wired
|
|
LAN. It can communicate with non-root wireless
|
|
bridges, repeater access points, and client
|
|
devices but not with another wireless root
|
|
bridge. Only one wireless bridge in a wireless
|
|
LAN can be set as the wireless root bridge.
|
|
|
|
Service Set ID
|
|
SSID is a unique identifier that APs and clients
|
|
use to identify with each other. SSID is a simple
|
|
means of access control and is not for security.
|
|
The SSID can be any alphanumeric entry up to 32
|
|
characters.
|
|
|
|
Virtual LAN
|
|
VLAN defined in the IEEE 802.1Q VLAN standard
|
|
supports logically segmenting of LAN
|
|
infrastructure into different subnets or
|
|
workgroups so that packets are switched only
|
|
between ports within the same VLAN.
|
|
|
|
VLAN ID
|
|
Each VLAN is identified by a 12-bit 'VLAN ID'.
|
|
A VLAN ID of '0' is used to indicate
|
|
'no VLAN ID'. Valid VLAN IDs range from '1' to
|
|
'4095'. VLAN of ID '4095' is the default VLAN
|
|
for Cisco VoIP Phones.
|
|
|
|
Wired Equivalent Privacy
|
|
WEP is generally used to refer to 802.11
|
|
encryption."
|
|
|
|
REVISION "200704120000Z"
|
|
DESCRIPTION
|
|
"The following changes have been made
|
|
- Added the following enumerations to
|
|
CDot11SecAuthKeyMgmtType.
|
|
|
|
- 'wpa1'
|
|
- 'wpa2'
|
|
|
|
- Added more explanations for the object
|
|
cdot11SecAuxSsidAuthKeyMgmt to describe
|
|
about the new key management 'wpa1' and 'wpa2'."
|
|
REVISION "200605160000Z"
|
|
DESCRIPTION
|
|
"Add cdot11SecSsidMaxBackupVlans, and
|
|
cdot11SecSsidBackupVlanTable, and
|
|
cdot11SecSsidvlanManagementGroup to manage the backup
|
|
VLAN configuration."
|
|
REVISION "200409140000Z"
|
|
DESCRIPTION
|
|
"Added cdot11MbssidMacAddrSupportTable and
|
|
cdot11MbssidInterfaceTable to support MBSSID
|
|
feature."
|
|
REVISION "200405150000Z"
|
|
DESCRIPTION
|
|
"This is the initial version of this MIB module."
|
|
::= { ciscoMgmt 413 }
|
|
|
|
|
|
ciscoDot11SsidSecMIBObjects OBJECT IDENTIFIER
|
|
::= { ciscoDot11SsidSecMIB 1 }
|
|
|
|
cdot11SecSsidManagement OBJECT IDENTIFIER
|
|
::= { ciscoDot11SsidSecMIBObjects 1 }
|
|
|
|
cdot11SecAuthManagement OBJECT IDENTIFIER
|
|
::= { ciscoDot11SsidSecMIBObjects 2 }
|
|
|
|
cdot11SecStatistics OBJECT IDENTIFIER
|
|
::= { ciscoDot11SsidSecMIBObjects 3 }
|
|
|
|
cdot11SecVlanManagement OBJECT IDENTIFIER
|
|
::= { ciscoDot11SsidSecMIBObjects 4 }
|
|
|
|
-- Textual Conventions
|
|
|
|
CDot11SecAuthKeyMgmtType ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the encryption key management type
|
|
applied to different encryption key algorithms,
|
|
like TKIP, WEP, and CKIP.
|
|
cckm - Cisco Central Key Management
|
|
wpa - Key management WPA version 1 for TKIP Cipher and
|
|
Key management WPA version 2 for AES-CCMP Cipher
|
|
wpa1 - Key management WPA version 1
|
|
wpa2 - Key management WPA version 2"
|
|
SYNTAX BITS {
|
|
cckm(0),
|
|
wpa(1),
|
|
wpa1(2),
|
|
wpa2(3)
|
|
}
|
|
|
|
CDot11WiFiPaPreSharedKey ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is a 64-hexadecimal digit Wi-Fi Protected
|
|
Access Pre-shared Key. This key is used for
|
|
association authentication and dynamic encryption
|
|
key generation. The key can also be in the form
|
|
of a character string."
|
|
SYNTAX OCTET STRING (SIZE (0..128))
|
|
|
|
CDot11SsidString ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the SSID string defined for IEEE 802.11
|
|
wireless LAN devices."
|
|
SYNTAX OCTET STRING (SIZE(1..32))
|
|
|
|
CDot11VlanName ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is a VLAN name string configured on RADIUS
|
|
servers. This should be an alpha-numeric string
|
|
with at least one alpha."
|
|
SYNTAX OCTET STRING (SIZE(1..32))
|
|
|
|
CDot11InformationElementType ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the set of Information Elements embedded
|
|
in the wireless device beacons and probe response
|
|
and the extended capabilities configurable on the
|
|
IEs:
|
|
ssidl - send SSIDL IE and may advertise extended
|
|
capabilities, i.e., 802.1x and WPS;
|
|
advertisement - send SSID name and capabilities
|
|
in the SSIDL IE;
|
|
wps - set WPS flag in the extended capabilities."
|
|
SYNTAX BITS {
|
|
ssidl(0),
|
|
advertisement(1),
|
|
wps(2)
|
|
}
|
|
|
|
|
|
-- ********************************************************************
|
|
-- * Cisco IEEE 802.11 Interface Ssid Management
|
|
-- ********************************************************************
|
|
|
|
cdot11SecAuxSsidTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Cdot11SecAuxSsidEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains the list of SSIDs that all
|
|
radio interfaces of this device should install
|
|
and use for client associations."
|
|
::= { cdot11SecSsidManagement 1 }
|
|
|
|
cdot11SecAuxSsidEntry OBJECT-TYPE
|
|
SYNTAX Cdot11SecAuxSsidEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of attributes defining an auxiliary
|
|
service set ID which client stations can use for
|
|
association for the device. Entries can be
|
|
installed on multiple radio interfaces."
|
|
INDEX {
|
|
cdot11SecAuxSsid
|
|
}
|
|
::= { cdot11SecAuxSsidTable 1 }
|
|
|
|
Cdot11SecAuxSsidEntry ::=
|
|
SEQUENCE {
|
|
cdot11SecAuxSsid
|
|
CDot11SsidString,
|
|
cdot11SecAuxSsidBroadcast
|
|
TruthValue,
|
|
cdot11SecAuxSsidInfraStruct
|
|
INTEGER,
|
|
cdot11SecAuxSsidProxyMobileIp
|
|
TruthValue,
|
|
cdot11SecAuxSsidMaxStations
|
|
Unsigned32,
|
|
cdot11SecAuxSsidVlan
|
|
CDot11IfVlanIdOrZero,
|
|
cdot11SecAuxSsidWpaPsk
|
|
CDot11WiFiPaPreSharedKey,
|
|
cdot11SecAuxRadiusAccounting
|
|
SnmpAdminString,
|
|
cdot11SecAuxSsidLoginUsername
|
|
SnmpAdminString,
|
|
cdot11SecAuxSsidLoginPassword
|
|
SnmpAdminString,
|
|
cdot11SecAuxSsidAuthKeyMgmt
|
|
CDot11SecAuthKeyMgmtType,
|
|
cdot11SecAuxSsidAuthKeyMgmtOpt
|
|
TruthValue,
|
|
cdot11SecAuxSsidRowStatus
|
|
RowStatus,
|
|
cdot11SecAuxSsidWirelessNetId
|
|
Integer32,
|
|
cdot11SecSsidRedirectAddrType
|
|
InetAddressType,
|
|
cdot11SecSsidRedirectDestAddr
|
|
InetAddress,
|
|
cdot11SecSsidRedirectFilter
|
|
SnmpAdminString,
|
|
cdot11SecSsidInformationElement
|
|
CDot11InformationElementType,
|
|
cdot11SecAuxSsidVlanName
|
|
CDot11VlanName,
|
|
cdot11SecAuxSsidMbssidBroadcast
|
|
TruthValue,
|
|
cdot11SecAuxSsidMbssidDtimPeriod
|
|
Integer32
|
|
}
|
|
|
|
cdot11SecAuxSsid OBJECT-TYPE
|
|
SYNTAX CDot11SsidString
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies a SSID defined on this
|
|
IEEE 802.11 wireless LAN device. The SSID will
|
|
be installed on the radio interfaces for client
|
|
associations. The radio interface shall respond
|
|
to probe requests using this SSID, but it does
|
|
not advertise this SSID in its beacons unless
|
|
the cdot11SecAuxSsidBroadcast is 'true'."
|
|
::= { cdot11SecAuxSsidEntry 1 }
|
|
|
|
cdot11SecAuxSsidBroadcast OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates if an auxiliary SSID
|
|
is a Broadcast SSID. There should only be one
|
|
Broadcast SSID installed on any IEEE 802.11
|
|
radio interface if Multiple BSSID feature is
|
|
not enabled. To enable this SSID for MBSSID
|
|
broadcast, use cdot11SecAuxSsidMbssidBroadcast."
|
|
REFERENCE
|
|
"IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium
|
|
Access Control and Physical Layer Specifications,
|
|
LAN MAN Standards Committee of the IEEE Computer
|
|
Society, section 7.3.2.1."
|
|
DEFVAL { false }
|
|
::= { cdot11SecAuxSsidEntry 2 }
|
|
|
|
cdot11SecAuxSsidInfraStruct OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
infraStructure(1),
|
|
nonInfraStructure(2),
|
|
optional(3)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates if an auxiliary SSID
|
|
is an infra-structure SSID. There should only be
|
|
one infra-structure SSID installed on any IEEE
|
|
802.11 radio interface. The infra-structure
|
|
SSID is used for uplink association while the
|
|
radio interface cd11IfStationRole is roleWgb(1),
|
|
roleRepeater(5), roleNrBridge(9), or
|
|
roleApNrBridge(10).
|
|
infraStructure(1) - infra-structure SSID,
|
|
nonInfraStructure(2) - Non infra-structure SSID,
|
|
optional(3) - use of this infra-structure SSID
|
|
is optional for uplink connection."
|
|
REFERENCE
|
|
"cd11IfStationRole, cd11IfStationConfigTable,
|
|
CISCO-DOT11-IF-MIB."
|
|
DEFVAL { nonInfraStructure }
|
|
::= { cdot11SecAuxSsidEntry 3 }
|
|
|
|
cdot11SecAuxSsidProxyMobileIp OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates if an auxiliary SSID
|
|
is enabled for Proxy Mobile-IP support. If
|
|
Proxy Mobile-IP is not supported in VLAN
|
|
network environment, cdot11SecAuxSsidVlan should
|
|
be '0' when Proxy Mobile-IP is enabled via this
|
|
object."
|
|
DEFVAL { false }
|
|
::= { cdot11SecAuxSsidEntry 4 }
|
|
|
|
cdot11SecAuxSsidMaxStations OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..2007)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object defines the maximum number of IEEE
|
|
802.11 stations which may associate to a radio
|
|
interface through this SSID. If the value
|
|
is '0', the maximum number is limited only by the
|
|
IEEE 802.11 standard and any hardware or radio
|
|
firmware limitations of the access point."
|
|
REFERENCE
|
|
"IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium
|
|
Access Control and Physical Layer Specifications,
|
|
LAN MAN Standards Committee of the IEEE Computer
|
|
Society, section 5.7."
|
|
DEFVAL { 255 }
|
|
::= { cdot11SecAuxSsidEntry 5 }
|
|
|
|
cdot11SecAuxSsidVlan OBJECT-TYPE
|
|
SYNTAX CDot11IfVlanIdOrZero
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object defines the VLAN trunk at which the
|
|
traffic will be used when a client is associating
|
|
with this SSID. The default value is '0', no
|
|
VLAN is configured or used for this SSID."
|
|
DEFVAL { 0 }
|
|
::= { cdot11SecAuxSsidEntry 6 }
|
|
|
|
cdot11SecAuxSsidWpaPsk OBJECT-TYPE
|
|
SYNTAX CDot11WiFiPaPreSharedKey
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object configures Wi-Fi Protected Access
|
|
Pre-shared Key for this SSID. This key is used
|
|
for association authentication and dynamic
|
|
encryption key generation. The default value
|
|
is ''H if this shared key feature is not enabled."
|
|
DEFVAL { ''H }
|
|
::= { cdot11SecAuxSsidEntry 7 }
|
|
|
|
cdot11SecAuxRadiusAccounting OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object defines the name of the AAA accounting
|
|
list to be used for association accounting. The
|
|
default value is an empty string if AAA accounting
|
|
is not enabled."
|
|
DEFVAL { "" }
|
|
::= { cdot11SecAuxSsidEntry 8 }
|
|
|
|
cdot11SecAuxSsidLoginUsername OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the username used for
|
|
LEAP authentication and association to an uplink
|
|
AP while this SSID is in infra-structure mode, i.e.
|
|
cdot11SecAuxSsidInfraStruct is 'true'. The default
|
|
value is an empty string if this feature is not
|
|
enabled."
|
|
DEFVAL { "" }
|
|
::= { cdot11SecAuxSsidEntry 9 }
|
|
|
|
cdot11SecAuxSsidLoginPassword OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the password used for
|
|
LEAP authentication association to an uplink
|
|
AP while this SSID is in infra-structure mode, i.e.
|
|
cdot11SecAuxSsidInfraStruct is 'true'. The default
|
|
value is an empty string if this feature is not
|
|
enabled."
|
|
DEFVAL { "" }
|
|
::= { cdot11SecAuxSsidEntry 10 }
|
|
|
|
cdot11SecAuxSsidAuthKeyMgmt OBJECT-TYPE
|
|
SYNTAX CDot11SecAuthKeyMgmtType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the type of key management
|
|
employed for encryption keys defined for the VLAN
|
|
in cdot11SecAuxSsidVlan.
|
|
|
|
WPA key management('wpa') should only be selected
|
|
when encryption is TKIP or AES-CCMP and
|
|
authentication is open, i.e.
|
|
dot11AuthenticationAlgorithmsIndex is
|
|
openSystem(1), together either with EAP or
|
|
WPA-PSK for this SSID.
|
|
|
|
CCKM key management('cckm') can be used with encryption
|
|
TKIP, WEP, CKIP, and Network-EAP authentication
|
|
for this SSID.
|
|
|
|
The value 'wpa1' should be selected only
|
|
when encryption is TKIP.
|
|
|
|
The value 'wpa2' should be selected only when
|
|
encryption is either TKIP or AES-CCMP.
|
|
|
|
If none of the bits are set, there is no run-time
|
|
key management for this SSID."
|
|
::= { cdot11SecAuxSsidEntry 11 }
|
|
|
|
cdot11SecAuxSsidAuthKeyMgmtOpt OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies if the type of key
|
|
management, cdot11SecAuxSsidAuthKeyMgmt,
|
|
selected is optional. If it is 'true' and
|
|
cdot11SecAuxSsidAuthKeyMgmt is not 'none',
|
|
the key management is optional. If it is
|
|
'false' and cdot11SecAuxSsidAuthKeyMgmt
|
|
is not 'none', the key management is
|
|
mandatory."
|
|
DEFVAL { false }
|
|
::= { cdot11SecAuxSsidEntry 12 }
|
|
|
|
cdot11SecAuxSsidRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is used to create a new SSID entry on this
|
|
device, and modify or delete an existing SSID
|
|
entry.
|
|
|
|
Creation of rows must be done via 'createAndGo'
|
|
with or without optional objects. This object will
|
|
become 'active' if the NMS performs a multivarbind
|
|
set including this object and successfully creates
|
|
the SSID on this device.
|
|
|
|
Modification and deletion (via 'destroy') of rows can
|
|
be done when this object is 'active'. Any change
|
|
to an existing SSID configuration can cause clients
|
|
associating with the SSID to disassociate. And,
|
|
depends on the implementation, changes on the
|
|
existing SSIDs may not affect installed SSID on the
|
|
radio interfaces. Therefore, users are advised
|
|
to reset the corresponding SSID on the radio
|
|
interface via the cdot11SecInterfSsidTable."
|
|
::= { cdot11SecAuxSsidEntry 13 }
|
|
|
|
cdot11SecAuxSsidWirelessNetId OBJECT-TYPE
|
|
SYNTAX Integer32 (0..4096)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object sets the Wireless Network ID of this
|
|
SSID. This ID is used for Cisco GRE tunneling in
|
|
layer 3 switching. The valid range for the ID is
|
|
'1' to '4096' and the default value is '0' and it
|
|
indicates no ID is configured or used on this SSID."
|
|
DEFVAL { 0 }
|
|
::= { cdot11SecAuxSsidEntry 14 }
|
|
|
|
cdot11SecSsidRedirectAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the address type of for the
|
|
cdot11SecSsidRedirectDestAddr."
|
|
DEFVAL { ipv4 }
|
|
::= { cdot11SecAuxSsidEntry 15 }
|
|
|
|
cdot11SecSsidRedirectDestAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the destination address set to all packets
|
|
received from wireless clients associated to this
|
|
wireless station using the cdot11SecAuxSsid. The
|
|
cdot11SecSsidRedirectAddrType specifies the type
|
|
of this address. The default value '00000000'H
|
|
of cdot11SecSsidRedirectAddrType 'ipv4' indicates
|
|
that this packet redirection feature is not
|
|
enabled."
|
|
DEFVAL { '00000000'H }
|
|
::= { cdot11SecAuxSsidEntry 16 }
|
|
|
|
cdot11SecSsidRedirectFilter OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"When the packet redirection feature is enable
|
|
(i.e., cdot11SecSsidRedirectAddrType is 'ipv4'
|
|
and cdot11SecSsidRedirectDestAddr value is not
|
|
'00000000'H), this is the Cisco IP extended
|
|
access list number or name used for filtering
|
|
packets from wireless clients. Only packets
|
|
passed by the access list will be allowed to
|
|
forward to the cdot11SecSsidRedirectDestAddr.
|
|
If packet redirection is disabled, this
|
|
access list will not be applied.
|
|
|
|
The default value is an empty string to
|
|
indicate that no access list filter will be
|
|
applied."
|
|
DEFVAL { "" }
|
|
::= { cdot11SecAuxSsidEntry 17 }
|
|
|
|
cdot11SecSsidInformationElement OBJECT-TYPE
|
|
SYNTAX CDot11InformationElementType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the set of Information Elements and
|
|
extended capabilities embedded in the SSID
|
|
broadcasted in beacons and probe responses.
|
|
The extended capabilities 'advertisement' and 'wps'
|
|
are allowed only if 'ssidl' is set."
|
|
DEFVAL { {} }
|
|
::= { cdot11SecAuxSsidEntry 18 }
|
|
|
|
cdot11SecAuxSsidVlanName OBJECT-TYPE
|
|
SYNTAX CDot11VlanName
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the name of the cdot11SecAuxSsidVlan. Either
|
|
cdot11SecAuxSsidVlan or cdot11SecAuxSsidVlanName can
|
|
be used to set the VLAN trunk for client traffic of
|
|
this SSID. If both cdot11SecAuxSsidVlanName and
|
|
cdot11SecAuxSsidVlan are set in a query, the set query
|
|
will succeed if only if there is a matching pair of
|
|
cdot11SecVlanName and cdot11SecVlanNameId in the
|
|
cdot11SecVlanNameTable.
|
|
|
|
The default value is a blank string, no VLAN or VLAN
|
|
name is configured or used for this SSID."
|
|
DEFVAL { " " }
|
|
::= { cdot11SecAuxSsidEntry 19 }
|
|
|
|
cdot11SecAuxSsidMbssidBroadcast OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object controls if this SSID shall be
|
|
broadcasted if MBSSID is enabled at the interface
|
|
which this SSID is attached, i.e.
|
|
if both cd11IfMultipleBssidEnable and
|
|
cdot11SecAuxSsidMbssidBroadcastis are 'true', then
|
|
this SSID is broadcasted. Otherwise, this SSID
|
|
is not broadcasted."
|
|
REFERENCE
|
|
"CISCO-DOT11-IF-MIB, cd11IfStationConfigTable."
|
|
DEFVAL { false }
|
|
::= { cdot11SecAuxSsidEntry 20 }
|
|
|
|
cdot11SecAuxSsidMbssidDtimPeriod OBJECT-TYPE
|
|
SYNTAX Integer32 (0..255)
|
|
UNITS "beacons"
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the DTIM period for this MBSSID enabled SSID.
|
|
It is the number of beacon intervals that shall elapse
|
|
between transmission of Beacons frames containing a
|
|
TIM element whose DTIM Count field is 0.
|
|
|
|
This DTIM period is only applicable if MBSSID is
|
|
enabled at the interface which this SSID is attached,
|
|
i.e. cd11IfMultipleBssidEnable is 'true'.
|
|
|
|
The default value is 0 which indicates dot11DTIMPeriod
|
|
of IEEE802dot11-MIB is used. The current valid DTIM
|
|
period range for the radio is 1 to 100."
|
|
REFERENCE
|
|
"IEEE802dot11-MIB, dot11DTIMPeriod."
|
|
DEFVAL { 0 }
|
|
::= { cdot11SecAuxSsidEntry 21 }
|
|
|
|
|
|
cdot11SecAuxSsidAuthTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Cdot11SecAuxSsidAuthEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains attributes to configure
|
|
authentication parameters for SSIDs listed in the
|
|
cdot11SecAuxSsidTable. This table extends the
|
|
IEEE802dot11-MIB dot11AuthenticationAlgorithmsTable
|
|
to defines additional attributes authentication
|
|
procedures for multiple SSIDs. Multiple
|
|
authentication algorithms can apply to a single
|
|
auxiliary SSID.
|
|
|
|
This table has an expansion dependent relationship
|
|
on the cdot11SecAuxSsidTable. For each entry in
|
|
this table, there exists at least an entry in the
|
|
cdot11SecAuxSsidTable."
|
|
REFERENCE
|
|
"IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium
|
|
Access Control and Physical Layer Specifications,
|
|
LAN MAN Standards Committee of the IEEE Computer
|
|
Society, section 5.7.6."
|
|
::= { cdot11SecSsidManagement 2 }
|
|
|
|
cdot11SecAuxSsidAuthEntry OBJECT-TYPE
|
|
SYNTAX Cdot11SecAuxSsidAuthEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry specifies a pre-defined
|
|
authentication algorithms and additional
|
|
authentication procedures for clients of an
|
|
auxiliary SSID. The three pre-defined
|
|
authentication algorithms are:
|
|
openSystem(1),
|
|
sharedKey(2), and
|
|
network-EAP(3).
|
|
|
|
The valid combination of the pre-defined
|
|
authentications and additional procedures are:
|
|
openSystem(1) - plus EAP
|
|
- plus MAC or EAP
|
|
sharedKey(2) - plus MAC and EAP
|
|
- plus EAP
|
|
network-EAP(3) - plus MAC."
|
|
REFERENCE
|
|
"IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium
|
|
Access Control and Physical Layer Specifications,
|
|
LAN MAN Standards Committee of the IEEE Computer
|
|
Society, IEEE802dot11-MIB."
|
|
INDEX {
|
|
cdot11SecAuxSsid,
|
|
dot11AuthenticationAlgorithmsIndex
|
|
}
|
|
::= { cdot11SecAuxSsidAuthTable 1 }
|
|
|
|
Cdot11SecAuxSsidAuthEntry ::=
|
|
SEQUENCE {
|
|
cdot11SecAuxSsidAuthEnabled TruthValue,
|
|
cdot11SecAuxSsidAuthPlusEap TruthValue,
|
|
cdot11SecAuxSsidAuthPlusMac TruthValue,
|
|
cdot11SecAuxSsidAuthEapMethod SnmpAdminString,
|
|
cdot11SecAuxSsidAuthMacMethod SnmpAdminString,
|
|
cdot11SecAuxSsidAuthMacAlternate TruthValue
|
|
}
|
|
|
|
cdot11SecAuxSsidAuthEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"If the value is 'true', this device may
|
|
authenticate an association using SSID (specified
|
|
by cdot11SecAuxSsid) with the corresponding
|
|
pre-defined algorithm (identified by the
|
|
dot11AuthenticationAlgorithmsIndex). The default
|
|
value is 'true'."
|
|
REFERENCE
|
|
"IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium
|
|
Access Control and Physical Layer Specifications,
|
|
LAN MAN Standards Committee of the IEEE Computer
|
|
Society, IEEE802dot11-MIB."
|
|
::= { cdot11SecAuxSsidAuthEntry 1 }
|
|
|
|
cdot11SecAuxSsidAuthPlusEap OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"If both the values of this object and
|
|
cdot11SecAuxSsidAuthEnabled are 'true', the
|
|
association authentication must complete additional
|
|
network-level EAP authentication before client
|
|
stations will be unblocked from their association
|
|
attempts. If the value of this object is 'false'
|
|
while cdot11SecAuxSsidAuthEnabled is 'true', client
|
|
stations will be unblocked as soon as they
|
|
complete the enabled IEEE 802.11 authentication.
|
|
|
|
The default value is 'false' for no additional
|
|
EAP authentication."
|
|
REFERENCE
|
|
"IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium
|
|
Access Control and Physical Layer Specifications,
|
|
LAN MAN Standards Committee of the IEEE Computer
|
|
Society, IEEE802dot11-MIB."
|
|
::= { cdot11SecAuxSsidAuthEntry 2 }
|
|
|
|
cdot11SecAuxSsidAuthPlusMac OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"If both the values of this object and
|
|
cdot11SecAuxSsidAuthEnabled are 'true', the
|
|
association authentication must complete additional
|
|
MAC address authentication before client stations
|
|
will be unblocked from their association
|
|
attempts. If the value of this object is 'false'
|
|
while cdot11SecAuxSsidAuthEnabled is 'true', client
|
|
stations will be unblocked as soon as they
|
|
complete the enabled IEEE 802.11 authentication.
|
|
|
|
The default value is 'false' for no additional
|
|
MAC address authentication."
|
|
REFERENCE
|
|
"IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium
|
|
Access Control and Physical Layer Specifications,
|
|
LAN MAN Standards Committee of the IEEE Computer
|
|
Society, IEEE802dot11-MIB."
|
|
::= { cdot11SecAuxSsidAuthEntry 3 }
|
|
|
|
cdot11SecAuxSsidAuthEapMethod OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"If the value of cdot11SecAuxSsidAuthPlusEap
|
|
is 'true' or dot11AuthenticationAlgorithm is
|
|
Network-EAP, this is the EAP method list to use
|
|
for the EAP authentication. The default is an
|
|
empty string if EAP is not used."
|
|
REFERENCE
|
|
"IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium
|
|
Access Control and Physical Layer Specifications,
|
|
LAN MAN Standards Committee of the IEEE Computer
|
|
Society, IEEE802dot11-MIB."
|
|
::= { cdot11SecAuxSsidAuthEntry 4 }
|
|
|
|
cdot11SecAuxSsidAuthMacMethod OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"If the value of cdot11SecAuxSsidAuthPlusMac
|
|
is 'true', this is the MAC address method list to
|
|
use for the MAC authentication. The default is
|
|
an empty string if MAC address authentication
|
|
is not used."
|
|
::= { cdot11SecAuxSsidAuthEntry 5 }
|
|
|
|
cdot11SecAuxSsidAuthMacAlternate OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"If the values of this object,
|
|
cdot11SecAuxSsidAuthEnabled,
|
|
cdot11SecAuxSsidAuthPlusMac, and
|
|
cdot11SecAuxSsidAuthPlusEap are all 'true' and
|
|
the dot11AuthenticationAlgorithm is 'openSystem'
|
|
the, the association authentication only need to
|
|
complete either additional MAC address or
|
|
additional EAP authentication before client
|
|
stations will be unblocked from their association
|
|
attempts. If the value of this object is 'false',
|
|
only one of the two additional authentications
|
|
should be enabled. The default value is 'false'
|
|
for only one additional should be configured."
|
|
REFERENCE
|
|
"IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium
|
|
Access Control and Physical Layer Specifications,
|
|
LAN MAN Standards Committee of the IEEE Computer
|
|
Society, IEEE802dot11-MIB."
|
|
::= { cdot11SecAuxSsidAuthEntry 6 }
|
|
|
|
|
|
cdot11SecInterfSsidTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Cdot11SecInterfSsidEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains the list of SSIDs installed
|
|
on radio interfaces of this device and are used
|
|
for client association.
|
|
|
|
This table has an expansion dependent relationship
|
|
on the ifTable. For each entry in this table,
|
|
there exists at least an entry in the ifTable of
|
|
ifType ieee80211(71)."
|
|
::= { cdot11SecSsidManagement 3 }
|
|
|
|
cdot11SecInterfSsidEntry OBJECT-TYPE
|
|
SYNTAX Cdot11SecInterfSsidEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of attributes for an auxiliary
|
|
service set ID installed on a IEEE 802.11 radio
|
|
interface. An interface can have multiple
|
|
auxiliary service set ID installed and the
|
|
current maximum for each radio interface is
|
|
16 SSIDs, and the cd11IfAuxiliarySsidLength
|
|
object specifies the configured maximum."
|
|
INDEX {
|
|
ifIndex,
|
|
cdot11SecAuxSsid
|
|
}
|
|
::= { cdot11SecInterfSsidTable 1 }
|
|
|
|
Cdot11SecInterfSsidEntry ::=
|
|
SEQUENCE {
|
|
cdot11SecInterfSsidRowStatus RowStatus
|
|
}
|
|
|
|
cdot11SecInterfSsidRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is used to install a new SSID configuration,
|
|
and modify or delete an existing SSID configuration
|
|
on a radio interface.
|
|
|
|
Creation of rows must be done via 'createAndGo' and
|
|
with an existing ifIndex of ifType ieee80211(71)
|
|
and an existing cdot11SecAuxSsid in the
|
|
cdot11SecAuxSsidTable. This object will become
|
|
'active' if the NMS performs a multivarbind set
|
|
including this object and successfully installs
|
|
the SSID on this interface.
|
|
|
|
Modification and deletion (via 'destroy') of rows can
|
|
be done when this object is 'active'. Any change
|
|
to an existing SSID configuration can cause clients
|
|
associating with the SSID to disassociate."
|
|
::= { cdot11SecInterfSsidEntry 1 }
|
|
|
|
|
|
cdot11MbssidMacAddrSupportTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Cdot11MbssidMacAddrSupportEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains the list of available radio MAC
|
|
addresses for supporting MBSSID on the IEEE 802.11
|
|
radio.
|
|
|
|
This table has an expansion dependent relationship
|
|
on the ifTable. For each entry in this table, there
|
|
exists at least an entry in the ifTable of ifType
|
|
ieee80211(71)."
|
|
::= { cdot11SecSsidManagement 4 }
|
|
|
|
cdot11MbssidMacAddrSupportEntry OBJECT-TYPE
|
|
SYNTAX Cdot11MbssidMacAddrSupportEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry is a MAC address assigned to the IEEE
|
|
802.11 radio available to be used as a BSSID and
|
|
broadcasted in the radio beacon when MBSSID feature
|
|
is enabled."
|
|
INDEX {
|
|
ifIndex,
|
|
cdot11MbssidMacAddrIndex
|
|
}
|
|
::= { cdot11MbssidMacAddrSupportTable 1 }
|
|
|
|
Cdot11MbssidMacAddrSupportEntry ::=
|
|
SEQUENCE {
|
|
cdot11MbssidMacAddrIndex Integer32,
|
|
cdot11MbssidMacAddrSupported MacAddress
|
|
}
|
|
|
|
cdot11MbssidMacAddrIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..256)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is an unique index identifying the
|
|
MAC address assigned on the radio. If MBSSID
|
|
is not supported on this device, the only
|
|
available index number is 1. Currently, if MBSSID
|
|
is supported, the index numbers are 1 to 16."
|
|
::= { cdot11MbssidMacAddrSupportEntry 1 }
|
|
|
|
cdot11MbssidMacAddrSupported OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This MAC address can be used as BSSID and
|
|
broadcasted in the beacon with a SSID when
|
|
cd11IfMultipleBssidEnable is 'true'."
|
|
REFERENCE
|
|
"CISCO-DOT11-IF-MIB, cd11IfStationConfigTable."
|
|
::= { cdot11MbssidMacAddrSupportEntry 2 }
|
|
|
|
|
|
cdot11MbssidInterfaceTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Cdot11MbssidInterfaceEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table displays the list of SSIDs and their
|
|
corresponding BSSIDs configured on the IEEE
|
|
802.11 radios.
|
|
|
|
This table has an expansion dependent relationship
|
|
on the ifTable. For each entry in this table, there
|
|
exists at least an entry in the ifTable of ifType
|
|
ieee80211(71)."
|
|
::= { cdot11SecSsidManagement 5 }
|
|
|
|
cdot11MbssidInterfaceEntry OBJECT-TYPE
|
|
SYNTAX Cdot11MbssidInterfaceEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry defines an SSID being configured on
|
|
the radio and the corresponding BSSID."
|
|
INDEX {
|
|
ifIndex,
|
|
IMPLIED cdot11SecAuxSsid
|
|
}
|
|
::= { cdot11MbssidInterfaceTable 1 }
|
|
|
|
Cdot11MbssidInterfaceEntry ::=
|
|
SEQUENCE {
|
|
cdot11MbssidIfMacAddress MacAddress,
|
|
cdot11MbssidIfBroadcast TruthValue
|
|
}
|
|
|
|
cdot11MbssidIfMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the BSSID to be sent with the radio SSID.
|
|
If MBSSID feature is not enabled (i.e.
|
|
cd11IfMultipleBssidEnable is 'false'), all SSIDs
|
|
will be sent by the radio with the same BSSID and
|
|
that is the radio hardware MAC address.
|
|
|
|
If MBSSID feature is enabled (i.e.
|
|
cd11IfMultipleBssidEnable is 'true'), all SSIDs
|
|
will be sent by the radio with different BSSIDs."
|
|
REFERENCE
|
|
"CISCO-DOT11-IF-MIB, cd11IfStationConfigTable."
|
|
::= { cdot11MbssidInterfaceEntry 1 }
|
|
|
|
cdot11MbssidIfBroadcast OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"If d11IfMultipleBssidEnable is 'true', MBSSID
|
|
is enabled for the radio and this SSID is a
|
|
broadcast SSID as follows
|
|
'true' - This SSID is a broadcast SSID and
|
|
being broadcasted in the radio beacon.
|
|
'false' - This SSID is not a broadcast SSID and
|
|
is not broadcasted in the radio beacon."
|
|
REFERENCE
|
|
"CISCO-DOT11-IF-MIB, cd11IfStationConfigTable."
|
|
::= { cdot11MbssidInterfaceEntry 2 }
|
|
|
|
cdot11SecSsidMaxBackupVlans OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..128)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Maximum number of backup VLANs that can be
|
|
configured on a SSID."
|
|
DEFVAL { 3 }
|
|
::= { cdot11SecSsidManagement 6 }
|
|
|
|
cdot11SecSsidBackupVlanTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Cdot11SecSsidBackupVlanEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table lists the backup VLANs configured
|
|
on a SSID.
|
|
|
|
The number of backup VLANs that can be configured
|
|
for each SSID identified by cdot11SecAuxSsid is
|
|
limited by the value of dot11SecSsidMaxBackupVlans.
|
|
|
|
This table has an expansion depedent relationship with
|
|
cdot11SecAuxSsidTable. The value of cdot11SecAuxSsid
|
|
for the entries in this table must exist in
|
|
cdot11SecAuxSsidTable.
|
|
|
|
When an entry in cdot11SecAuxSsidTable is deleted,
|
|
all the backup VLANs configured for the corresponding
|
|
SSID get deleted from this table."
|
|
::= { cdot11SecSsidManagement 7 }
|
|
|
|
cdot11SecSsidBackupVlanEntry OBJECT-TYPE
|
|
SYNTAX Cdot11SecSsidBackupVlanEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry defines a backup VLAN configured on an
|
|
SSID. "
|
|
INDEX { cdot11SecAuxSsid, cdot11SecSsidBackupVlan }
|
|
::= { cdot11SecSsidBackupVlanTable 1 }
|
|
|
|
Cdot11SecSsidBackupVlanEntry ::=
|
|
SEQUENCE {
|
|
cdot11SecSsidBackupVlan CDot11IfVlanIdOrZero,
|
|
cdot11SecSsidBackupVlanRowStatus RowStatus
|
|
}
|
|
|
|
cdot11SecSsidBackupVlan OBJECT-TYPE
|
|
SYNTAX CDot11IfVlanIdOrZero (1..4095)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The backup VLAN configured on a SSID identified
|
|
by the instance identifier value of cdot11SecAuxSsid. "
|
|
::= { cdot11SecSsidBackupVlanEntry 1 }
|
|
|
|
cdot11SecSsidBackupVlanRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of this conceptual row."
|
|
::= { cdot11SecSsidBackupVlanEntry 2 }
|
|
|
|
cdot11SecLocalAuthServerEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object configures the use of local
|
|
authentication server. If it is 'true',
|
|
local authentication server is enabled. If it
|
|
is 'false', the local authentication server is
|
|
disabled. If both local and network servers are
|
|
configured, the local server is used as back up
|
|
when network authentication server is not
|
|
available."
|
|
::= { cdot11SecAuthManagement 1 }
|
|
|
|
cdot11SecVlanNameTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Cdot11SecVlanNameEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains the mapping of VLAN names to
|
|
IDs. A RADIUS server servering this wireless
|
|
station can assign wireless clients associating
|
|
to this station to a particular VLAN by either
|
|
a VLAN name or an ID.
|
|
|
|
When the VLAN assign of a client is via VLAN name,
|
|
this table is used to look up for the corresponding
|
|
VLAN ID and VLAN configured on this wireless
|
|
station. Each VLAN name uniquely identifies a
|
|
VLAN on a wireless station, and a VLAN ID can
|
|
associate to multiple VLAN names in this table."
|
|
::= { cdot11SecVlanManagement 1 }
|
|
|
|
cdot11SecVlanNameEntry OBJECT-TYPE
|
|
SYNTAX Cdot11SecVlanNameEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of attributes defining the properties
|
|
of a VLAN name and the corresponding VLAN ID."
|
|
INDEX {
|
|
cdot11SecVlanName
|
|
}
|
|
::= { cdot11SecVlanNameTable 1 }
|
|
|
|
Cdot11SecVlanNameEntry ::=
|
|
SEQUENCE {
|
|
cdot11SecVlanName CDot11VlanName,
|
|
cdot11SecVlanNameId CDot11IfVlanIdOrZero,
|
|
cdot11SecVlanNameRowStatus RowStatus
|
|
}
|
|
|
|
cdot11SecVlanName OBJECT-TYPE
|
|
SYNTAX CDot11VlanName
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object defines the VLAN name assigned to
|
|
wireless clients by the RADIUS server serving
|
|
this wireless station."
|
|
::= { cdot11SecVlanNameEntry 1 }
|
|
|
|
cdot11SecVlanNameId OBJECT-TYPE
|
|
SYNTAX CDot11IfVlanIdOrZero
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object defines the VLAN trunk to which
|
|
a client associating to this wireless station
|
|
will be on. The value is '0' is not valid."
|
|
::= { cdot11SecVlanNameEntry 2 }
|
|
|
|
cdot11SecVlanNameRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is used to create a new VLAN name to ID
|
|
mapping entry on this device, and modify or delete
|
|
an existing mapping entry.
|
|
|
|
Creation of rows must be done via 'createAndGo'
|
|
with all other mandatory objects. This object will
|
|
become 'active' if the NMS performs a multivarbind
|
|
set including this object and successfully creates
|
|
the VLAN name entry on this device.
|
|
|
|
Modification and deletion (via 'destroy') of rows can
|
|
be done when this object is 'active'. Any change
|
|
to an existing VLAN name to ID mapping configuration
|
|
do not affect existing associated wireless clients."
|
|
::= { cdot11SecVlanNameEntry 3 }
|
|
|
|
|
|
-- ********************************************************************
|
|
-- * Conformance information
|
|
-- ********************************************************************
|
|
|
|
|
|
ciscoDot11SsidSecMIBConformance
|
|
OBJECT IDENTIFIER ::= { ciscoDot11SsidSecMIB 2 }
|
|
ciscoDot11SsidSecMIBCompliances
|
|
OBJECT IDENTIFIER ::= { ciscoDot11SsidSecMIBConformance 1 }
|
|
ciscoDot11SsidSecMIBGroups
|
|
OBJECT IDENTIFIER ::= { ciscoDot11SsidSecMIBConformance 2 }
|
|
|
|
|
|
-- *****************************************************************
|
|
-- Compliance statements
|
|
-- *****************************************************************
|
|
|
|
ciscoDot11SsidSecCompliance MODULE-COMPLIANCE
|
|
STATUS deprecated -- by ciscoDot11SsidSecComplianceRev1
|
|
DESCRIPTION
|
|
"This is the compliance statement for the
|
|
ciscoDot11SsidSecMIB module."
|
|
MODULE
|
|
MANDATORY-GROUPS {
|
|
cdot11SecSsidManagementGroup,
|
|
cdot11SsidAuthenticationGroup,
|
|
cdot11ModuleAuthenticationGroup
|
|
}
|
|
|
|
GROUP cdot11SecVlanManagementGroup
|
|
DESCRIPTION
|
|
"This group is required only if VLAN by name is
|
|
supported on the IEEE 802.11 wireless LAN
|
|
devices."
|
|
|
|
GROUP cdot11MbssidSupportGroup
|
|
DESCRIPTION
|
|
"This group is required only if MBSSID feature
|
|
is supported on the IEEE 802.11 wireless LAN
|
|
devices."
|
|
|
|
OBJECT cdot11SecAuxSsidLoginPassword
|
|
DESCRIPTION
|
|
"Due to security reasons, for SNMPv1/v2c, this
|
|
this object will return blank spaces if a
|
|
password is configured."
|
|
|
|
OBJECT cdot11SecAuxSsidMaxStations
|
|
DESCRIPTION
|
|
"The supported range of values for SET queries
|
|
are 1 to 255. The supported range of values for
|
|
SNMP GET or GET-NEXT queries are 0 to 255."
|
|
|
|
OBJECT cdot11SecSsidRedirectFilter
|
|
DESCRIPTION
|
|
"Only Cisco IP extend access list number 100 to
|
|
199 are required and supported."
|
|
|
|
OBJECT cdot11SecAuxSsidRowStatus
|
|
SYNTAX INTEGER {
|
|
active(1),
|
|
createAndGo(4),
|
|
destroy(6)
|
|
}
|
|
DESCRIPTION
|
|
"Only the values 'createAndGo', 'destroy', and
|
|
'active' need to be supported."
|
|
|
|
OBJECT cdot11SecInterfSsidRowStatus
|
|
SYNTAX INTEGER {
|
|
active(1),
|
|
createAndGo(4),
|
|
destroy(6)
|
|
}
|
|
DESCRIPTION
|
|
"Only the values 'createAndGo', 'destroy', and
|
|
'active' need to be supported."
|
|
|
|
OBJECT cdot11SecVlanNameRowStatus
|
|
SYNTAX INTEGER {
|
|
active(1),
|
|
createAndGo(4),
|
|
destroy(6)
|
|
}
|
|
DESCRIPTION
|
|
"Only the values 'createAndGo', 'destroy', and
|
|
'active' need to be supported."
|
|
|
|
::= { ciscoDot11SsidSecMIBCompliances 1 }
|
|
|
|
|
|
ciscoDot11SsidSecComplianceRev1 MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the compliance statement for the
|
|
ciscoDot11SsidSecMIB module."
|
|
MODULE
|
|
MANDATORY-GROUPS {
|
|
cdot11SecSsidManagementGroup,
|
|
cdot11SsidAuthenticationGroup,
|
|
cdot11ModuleAuthenticationGroup,
|
|
cdot11SecSsidBackupVlanManagementGroup
|
|
}
|
|
|
|
GROUP cdot11SecVlanManagementGroup
|
|
DESCRIPTION
|
|
"This group is required only if VLAN by name is
|
|
supported on the IEEE 802.11 wireless LAN
|
|
devices."
|
|
|
|
GROUP cdot11MbssidSupportGroup
|
|
DESCRIPTION
|
|
"This group is required only if MBSSID feature
|
|
is supported on the IEEE 802.11 wireless LAN
|
|
devices."
|
|
|
|
OBJECT cdot11SecAuxSsidLoginPassword
|
|
DESCRIPTION
|
|
"Due to security reasons, for SNMPv1/v2c, this
|
|
this object will return blank spaces if a
|
|
password is configured."
|
|
|
|
OBJECT cdot11SecAuxSsidMaxStations
|
|
DESCRIPTION
|
|
"The supported range of values for SET queries
|
|
are 1 to 255. The supported range of values for
|
|
SNMP GET or GET-NEXT queries are 0 to 255."
|
|
|
|
OBJECT cdot11SecSsidRedirectFilter
|
|
DESCRIPTION
|
|
"Only Cisco IP extend access list number 100 to
|
|
199 are required and supported."
|
|
|
|
OBJECT cdot11SecAuxSsidRowStatus
|
|
SYNTAX INTEGER {
|
|
active(1),
|
|
createAndGo(4),
|
|
destroy(6)
|
|
}
|
|
DESCRIPTION
|
|
"Only the values 'createAndGo', 'destroy', and
|
|
'active' need to be supported."
|
|
|
|
OBJECT cdot11SecInterfSsidRowStatus
|
|
SYNTAX INTEGER {
|
|
active(1),
|
|
createAndGo(4),
|
|
destroy(6)
|
|
}
|
|
DESCRIPTION
|
|
"Only the values 'createAndGo', 'destroy', and
|
|
'active' need to be supported."
|
|
|
|
OBJECT cdot11SecVlanNameRowStatus
|
|
SYNTAX INTEGER {
|
|
active(1),
|
|
createAndGo(4),
|
|
destroy(6)
|
|
}
|
|
DESCRIPTION
|
|
"Only the values 'createAndGo', 'destroy', and
|
|
'active' need to be supported."
|
|
|
|
OBJECT cdot11SecSsidBackupVlanRowStatus
|
|
SYNTAX INTEGER {
|
|
active(1),
|
|
createAndGo(4),
|
|
destroy(6)
|
|
}
|
|
DESCRIPTION
|
|
"Only the values 'createAndGo', 'destroy', and
|
|
'active' need to be supported."
|
|
|
|
::= { ciscoDot11SsidSecMIBCompliances 2 }
|
|
|
|
-- *****************************************************************
|
|
-- Units of conformance
|
|
-- *****************************************************************
|
|
|
|
cdot11SecSsidManagementGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cdot11SecAuxSsidBroadcast,
|
|
cdot11SecAuxSsidInfraStruct,
|
|
cdot11SecAuxSsidProxyMobileIp,
|
|
cdot11SecAuxSsidMaxStations,
|
|
cdot11SecAuxSsidVlan,
|
|
cdot11SecAuxSsidWpaPsk,
|
|
cdot11SecAuxRadiusAccounting,
|
|
cdot11SecAuxSsidLoginUsername,
|
|
cdot11SecAuxSsidLoginPassword,
|
|
cdot11SecAuxSsidAuthKeyMgmt,
|
|
cdot11SecAuxSsidAuthKeyMgmtOpt,
|
|
cdot11SecAuxSsidRowStatus,
|
|
cdot11SecAuxSsidWirelessNetId,
|
|
cdot11SecSsidRedirectAddrType,
|
|
cdot11SecSsidRedirectDestAddr,
|
|
cdot11SecSsidRedirectFilter,
|
|
cdot11SecSsidInformationElement,
|
|
cdot11SecAuxSsidVlanName,
|
|
cdot11SecInterfSsidRowStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This group includes objects to manage SSID
|
|
on IEEE 802.11 devices and interfaces."
|
|
::= { ciscoDot11SsidSecMIBGroups 1 }
|
|
|
|
cdot11SsidAuthenticationGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cdot11SecAuxSsidAuthEnabled,
|
|
cdot11SecAuxSsidAuthPlusEap,
|
|
cdot11SecAuxSsidAuthPlusMac,
|
|
cdot11SecAuxSsidAuthEapMethod,
|
|
cdot11SecAuxSsidAuthMacMethod,
|
|
cdot11SecAuxSsidAuthMacAlternate
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This group includes objects to manage the
|
|
association and authentication algorithms
|
|
for SSIDs."
|
|
::= { ciscoDot11SsidSecMIBGroups 2 }
|
|
|
|
cdot11ModuleAuthenticationGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cdot11SecLocalAuthServerEnabled
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This group includes objects to manage the
|
|
association and authentication of this
|
|
wireless station module."
|
|
::= { ciscoDot11SsidSecMIBGroups 3 }
|
|
|
|
cdot11SecVlanManagementGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cdot11SecVlanNameId,
|
|
cdot11SecVlanNameRowStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This group includes objects to manage the
|
|
VLAN name and ID mapping table."
|
|
::= { ciscoDot11SsidSecMIBGroups 4 }
|
|
|
|
|
|
cdot11MbssidSupportGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cdot11SecAuxSsidMbssidBroadcast,
|
|
cdot11SecAuxSsidMbssidDtimPeriod,
|
|
cdot11MbssidMacAddrIndex,
|
|
cdot11MbssidMacAddrSupported,
|
|
cdot11MbssidIfMacAddress,
|
|
cdot11MbssidIfBroadcast
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This group includes objects providing
|
|
MBSSID configuration information."
|
|
::= { ciscoDot11SsidSecMIBGroups 5 }
|
|
|
|
|
|
cdot11SecSsidBackupVlanManagementGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cdot11SecSsidBackupVlanRowStatus,
|
|
cdot11SecSsidMaxBackupVlans
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This group of objects are to manage the
|
|
backup VLAN configuration on a SSID. "
|
|
::= { ciscoDot11SsidSecMIBGroups 6 }
|
|
END
|