-
Notifications
You must be signed in to change notification settings - Fork 59
/
Copy pathCISCO-DOT11-SSID-SECURITY-MIB.mib
1697 lines (1486 loc) · 66.8 KB
/
CISCO-DOT11-SSID-SECURITY-MIB.mib
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
-- *****************************************************************
-- CISCO-DOT11-SSID-SECURITY-MIB.my:
-- CISCO IEEE 802.11 SSID Security MIB
--
-- October 2003, Francis Pang
--
-- Copyright (c) 2003-2007 by Cisco Systems, Inc.
-- All rights reserved.
-- *****************************************************************
--
CISCO-DOT11-SSID-SECURITY-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY,
OBJECT-TYPE,
Integer32,
Unsigned32
FROM SNMPv2-SMI
MODULE-COMPLIANCE,
OBJECT-GROUP
FROM SNMPv2-CONF
TEXTUAL-CONVENTION,
MacAddress,
RowStatus,
TruthValue
FROM SNMPv2-TC
SnmpAdminString
FROM SNMP-FRAMEWORK-MIB
ifIndex
FROM IF-MIB
InetAddressType,
InetAddress
FROM INET-ADDRESS-MIB
dot11AuthenticationAlgorithmsIndex
FROM IEEE802dot11-MIB
CDot11IfVlanIdOrZero
FROM CISCO-DOT11-IF-MIB
ciscoMgmt
FROM CISCO-SMI;
-- ********************************************************************
-- * MODULE IDENTITY
-- ********************************************************************
ciscoDot11SsidSecMIB MODULE-IDENTITY
LAST-UPDATED "200704120000Z"
ORGANIZATION "Cisco System Inc."
CONTACT-INFO
" Cisco Systems
Customer Service
Postal: 170 West Tasman Drive,
San Jose CA 95134-1706.
USA
Tel: +1 800 553-NETS
E-mail: [email protected]"
DESCRIPTION
"This MIB module provides network management
support for Cisco IEEE 802.11 Wireless LAN
devices association and authentication.
ACRONYMS
AES
Advanced Encryption Standard.
AP
Access point.
AID
Association IDentifier for wireless stations.
BSS
IEEE 802.11 Basic Service Set.
BSSID
Basic SSID, a MAC address.
CCKM
Cisco Central Key Management.
CCMP
Code Mode/CBC Mac Protocol.
CKIP
Cisco per packet key hashing.
CMIC
Cisco MMH MIC.
CRC
Cyclic Redundancy Check.
DTIM
Data Traffic Indication Map
EAP
Extensible Authentication Protocol.
GRE
Generic Routing Encapsulation
IAPP
Inter-Access-Point Protocol.
ICV
Integrity Check Value.
MBSSID
Multiple Basic SSID.
MIC
Message Integrity Check.
MMH
Multi-Modal Hashing.
MMIC
Michael MIC.
RF
Radio Frequency.
SSID
Radio Service Set Id.
SSIDL IE
SSID List Information Element
STA
IEEE 802.11 wireless station.
TKIP
WPA Temporal Key encryption.
VLAN
Virtual LAN.
WEP
Wired Equivalent Privacy.
WPA
Wi-Fi Protected Access.
WPS
Wireless Provisioning System.
GLOSSARY
Access point
Transmitter/receiver (transceiver) device
that commonly connects and transports data
between a wireless network and a wired network.
Association
The service used to establish access point
or station mapping and enable STA invocation
of the distribution system services.
(Wireless clients attempt to connect to
access points.)
Basic Service Set
The IEEE 802.11 BSS of an AP comprises of the
stations directly associating with the AP.
Backup VLAN
Wireless clients found to be running outdated/
unsupported virus software and not compliant to
network admission control guidelines need to be
placed on different VLANs than the intended normal
VLAN. These VLANs on which the non-compliant
clients are placed are termed as Backup VLANs.
Backup VLANs are used to quarantine the
non-compliant clients running incorrect software
till they upgrade their software to the correct
version.
Bridge
Device that connects two or more segments
and reduces traffic by analyzing the
destination address, filtering the frame,
and forwarding the frame to all connected
segments.
Bridge AP
It is an AP that functions as a transparent
bridge between 2 wired LAN segments.
Broadcast SSID
Clients can send out Broadcast SSID Probe
Requests to a nearby AP, and the AP will
broadcast its own SSID within its beacons
to response to clients. Clients can use this
Broadcast SSID to associate and communicate
with the AP.
Extensible Authentication Protocol
EAP acts as the interface between a wireless
client and an authentication server, such as a
RADIUS server, to which the access point
communicates over the wired network.
IEEE 802.11
Standard to encourage interoperability among
wireless networking equipment.
IEEE 802.11b
High-rate wireless LAN standard for wireless
data transfer at up to 11 Mbps.
IEEE P802.11g
Higher Speed Physical Layer (PHY) Extension to
IEEE 802.11b, will boost wireless LAN speed to 54
Mbps by using OFDM (orthogonal frequency division
multiplexing). The IEEE 802.11g specification is
backward compatible with the widely deployed IEEE
802.11b standard.
Inter-Access-Point Protocol
The IEEE 802.11 standard does not define how
access points track moving users or how to
negotiate a handoff from one access point to the
next, a process referred to as roaming. IAPP is
a Cisco proprietary protocol to support roaming.
However, IAPP does not address how the wireless
system tracks users moving from one subnet to
another.
Independent network
Network that provides peer-to-peer connectivity
without relying on a complete network
infrastructure.
Information Element
Optional wireless network management data element
in the beacons and probe responses generated by
wireless stations. These elements identify the
extended capabilities supported by the stations.
Integrity Check Value
The WEP ICV shall be a 32-bit value containing
the 32-bit cyclic redundancy code designed for
verifying wireless data frame integrity.
Message Integrity Check
A MIC can, optionally, be added to WEP-encrypted
802.11 frames. MIC prevents attacks on encrypted
packets. MIC, implemented on both the access point
and all associated client devices, adds a few bytes
to each packet to make the packets tamper-proof.
Multiple BSS-ID
An access point radio broadcasts and advertises
multiple SSIDs in the beacons. For clients'
prospective, it is like there are multiple access
points existing in the wireless network.
Native VLAN ID
A switch port and/or AP can be configured with a
'native VLAN ID'. Untagged or priority-tagged
frames are implicitly associated with the native
VLAN ID. The default native VLAN ID is '1' if
VLAN tagging is enabled. The native VLAN ID is '0'
or 'no VLAN ID' if VLAN tagging is not enabled.
Non-Root Bridge
This wireless bridge does not connect to the main
wired LAN segment. It connects to a remote wired
LAN segment and can associate with root bridges and
other non-root bridges that accept client
associations. It also can accept associations from
other non-root bridges, repeater access points,
and client devices.
Primary LAN
In an AP, if the destinations of inbound unicast
frames are unknown, the frames are sent toward
the primary LAN defined on the device.
Repeater
Device that connects multiple segments,
listening to each and regenerating the signal
on one to every other connected one; so that
the signal can travel further.
Repeater or Non-root Access Point
The repeater access point is not connected
to the wired LAN. The Repeater is a wireless
LAN transceiver that transfers data between
a client and another access point, another
repeater, or between two bridges. The repeater
is placed within radio range of an access point
connected to the wired LAN, another repeater, or
an non-root bridge to extend the range of the
infrastructure.
Radio Frequency
Radio wave and modulation process or operation.
Root Access Point
This access point connects clients to the main
wired LAN.
Root (Wireless) Bridge
This wireless bridge connects to the main wired
LAN. It can communicate with non-root wireless
bridges, repeater access points, and client
devices but not with another wireless root
bridge. Only one wireless bridge in a wireless
LAN can be set as the wireless root bridge.
Service Set ID
SSID is a unique identifier that APs and clients
use to identify with each other. SSID is a simple
means of access control and is not for security.
The SSID can be any alphanumeric entry up to 32
characters.
Virtual LAN
VLAN defined in the IEEE 802.1Q VLAN standard
supports logically segmenting of LAN
infrastructure into different subnets or
workgroups so that packets are switched only
between ports within the same VLAN.
VLAN ID
Each VLAN is identified by a 12-bit 'VLAN ID'.
A VLAN ID of '0' is used to indicate
'no VLAN ID'. Valid VLAN IDs range from '1' to
'4095'. VLAN of ID '4095' is the default VLAN
for Cisco VoIP Phones.
Wired Equivalent Privacy
WEP is generally used to refer to 802.11
encryption."
REVISION "200704120000Z"
DESCRIPTION
"The following changes have been made
- Added the following enumerations to
CDot11SecAuthKeyMgmtType.
- 'wpa1'
- 'wpa2'
- Added more explanations for the object
cdot11SecAuxSsidAuthKeyMgmt to describe
about the new key management 'wpa1' and 'wpa2'."
REVISION "200605160000Z"
DESCRIPTION
"Add cdot11SecSsidMaxBackupVlans, and
cdot11SecSsidBackupVlanTable, and
cdot11SecSsidvlanManagementGroup to manage the backup
VLAN configuration."
REVISION "200409140000Z"
DESCRIPTION
"Added cdot11MbssidMacAddrSupportTable and
cdot11MbssidInterfaceTable to support MBSSID
feature."
REVISION "200405150000Z"
DESCRIPTION
"This is the initial version of this MIB module."
::= { ciscoMgmt 413 }
ciscoDot11SsidSecMIBObjects OBJECT IDENTIFIER
::= { ciscoDot11SsidSecMIB 1 }
cdot11SecSsidManagement OBJECT IDENTIFIER
::= { ciscoDot11SsidSecMIBObjects 1 }
cdot11SecAuthManagement OBJECT IDENTIFIER
::= { ciscoDot11SsidSecMIBObjects 2 }
cdot11SecStatistics OBJECT IDENTIFIER
::= { ciscoDot11SsidSecMIBObjects 3 }
cdot11SecVlanManagement OBJECT IDENTIFIER
::= { ciscoDot11SsidSecMIBObjects 4 }
-- Textual Conventions
CDot11SecAuthKeyMgmtType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"This is the encryption key management type
applied to different encryption key algorithms,
like TKIP, WEP, and CKIP.
cckm - Cisco Central Key Management
wpa - Key management WPA version 1 for TKIP Cipher and
Key management WPA version 2 for AES-CCMP Cipher
wpa1 - Key management WPA version 1
wpa2 - Key management WPA version 2"
SYNTAX BITS {
cckm(0),
wpa(1),
wpa1(2),
wpa2(3)
}
CDot11WiFiPaPreSharedKey ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"This is a 64-hexadecimal digit Wi-Fi Protected
Access Pre-shared Key. This key is used for
association authentication and dynamic encryption
key generation. The key can also be in the form
of a character string."
SYNTAX OCTET STRING (SIZE (0..128))
CDot11SsidString ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"This is the SSID string defined for IEEE 802.11
wireless LAN devices."
SYNTAX OCTET STRING (SIZE(1..32))
CDot11VlanName ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"This is a VLAN name string configured on RADIUS
servers. This should be an alpha-numeric string
with at least one alpha."
SYNTAX OCTET STRING (SIZE(1..32))
CDot11InformationElementType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"This is the set of Information Elements embedded
in the wireless device beacons and probe response
and the extended capabilities configurable on the
IEs:
ssidl - send SSIDL IE and may advertise extended
capabilities, i.e., 802.1x and WPS;
advertisement - send SSID name and capabilities
in the SSIDL IE;
wps - set WPS flag in the extended capabilities."
SYNTAX BITS {
ssidl(0),
advertisement(1),
wps(2)
}
-- ********************************************************************
-- * Cisco IEEE 802.11 Interface Ssid Management
-- ********************************************************************
cdot11SecAuxSsidTable OBJECT-TYPE
SYNTAX SEQUENCE OF Cdot11SecAuxSsidEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table contains the list of SSIDs that all
radio interfaces of this device should install
and use for client associations."
::= { cdot11SecSsidManagement 1 }
cdot11SecAuxSsidEntry OBJECT-TYPE
SYNTAX Cdot11SecAuxSsidEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A collection of attributes defining an auxiliary
service set ID which client stations can use for
association for the device. Entries can be
installed on multiple radio interfaces."
INDEX {
cdot11SecAuxSsid
}
::= { cdot11SecAuxSsidTable 1 }
Cdot11SecAuxSsidEntry ::=
SEQUENCE {
cdot11SecAuxSsid
CDot11SsidString,
cdot11SecAuxSsidBroadcast
TruthValue,
cdot11SecAuxSsidInfraStruct
INTEGER,
cdot11SecAuxSsidProxyMobileIp
TruthValue,
cdot11SecAuxSsidMaxStations
Unsigned32,
cdot11SecAuxSsidVlan
CDot11IfVlanIdOrZero,
cdot11SecAuxSsidWpaPsk
CDot11WiFiPaPreSharedKey,
cdot11SecAuxRadiusAccounting
SnmpAdminString,
cdot11SecAuxSsidLoginUsername
SnmpAdminString,
cdot11SecAuxSsidLoginPassword
SnmpAdminString,
cdot11SecAuxSsidAuthKeyMgmt
CDot11SecAuthKeyMgmtType,
cdot11SecAuxSsidAuthKeyMgmtOpt
TruthValue,
cdot11SecAuxSsidRowStatus
RowStatus,
cdot11SecAuxSsidWirelessNetId
Integer32,
cdot11SecSsidRedirectAddrType
InetAddressType,
cdot11SecSsidRedirectDestAddr
InetAddress,
cdot11SecSsidRedirectFilter
SnmpAdminString,
cdot11SecSsidInformationElement
CDot11InformationElementType,
cdot11SecAuxSsidVlanName
CDot11VlanName,
cdot11SecAuxSsidMbssidBroadcast
TruthValue,
cdot11SecAuxSsidMbssidDtimPeriod
Integer32
}
cdot11SecAuxSsid OBJECT-TYPE
SYNTAX CDot11SsidString
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This object specifies a SSID defined on this
IEEE 802.11 wireless LAN device. The SSID will
be installed on the radio interfaces for client
associations. The radio interface shall respond
to probe requests using this SSID, but it does
not advertise this SSID in its beacons unless
the cdot11SecAuxSsidBroadcast is 'true'."
::= { cdot11SecAuxSsidEntry 1 }
cdot11SecAuxSsidBroadcast OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates if an auxiliary SSID
is a Broadcast SSID. There should only be one
Broadcast SSID installed on any IEEE 802.11
radio interface if Multiple BSSID feature is
not enabled. To enable this SSID for MBSSID
broadcast, use cdot11SecAuxSsidMbssidBroadcast."
REFERENCE
"IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium
Access Control and Physical Layer Specifications,
LAN MAN Standards Committee of the IEEE Computer
Society, section 7.3.2.1."
DEFVAL { false }
::= { cdot11SecAuxSsidEntry 2 }
cdot11SecAuxSsidInfraStruct OBJECT-TYPE
SYNTAX INTEGER {
infraStructure(1),
nonInfraStructure(2),
optional(3)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates if an auxiliary SSID
is an infra-structure SSID. There should only be
one infra-structure SSID installed on any IEEE
802.11 radio interface. The infra-structure
SSID is used for uplink association while the
radio interface cd11IfStationRole is roleWgb(1),
roleRepeater(5), roleNrBridge(9), or
roleApNrBridge(10).
infraStructure(1) - infra-structure SSID,
nonInfraStructure(2) - Non infra-structure SSID,
optional(3) - use of this infra-structure SSID
is optional for uplink connection."
REFERENCE
"cd11IfStationRole, cd11IfStationConfigTable,
CISCO-DOT11-IF-MIB."
DEFVAL { nonInfraStructure }
::= { cdot11SecAuxSsidEntry 3 }
cdot11SecAuxSsidProxyMobileIp OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates if an auxiliary SSID
is enabled for Proxy Mobile-IP support. If
Proxy Mobile-IP is not supported in VLAN
network environment, cdot11SecAuxSsidVlan should
be '0' when Proxy Mobile-IP is enabled via this
object."
DEFVAL { false }
::= { cdot11SecAuxSsidEntry 4 }
cdot11SecAuxSsidMaxStations OBJECT-TYPE
SYNTAX Unsigned32 (0..2007)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object defines the maximum number of IEEE
802.11 stations which may associate to a radio
interface through this SSID. If the value
is '0', the maximum number is limited only by the
IEEE 802.11 standard and any hardware or radio
firmware limitations of the access point."
REFERENCE
"IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium
Access Control and Physical Layer Specifications,
LAN MAN Standards Committee of the IEEE Computer
Society, section 5.7."
DEFVAL { 255 }
::= { cdot11SecAuxSsidEntry 5 }
cdot11SecAuxSsidVlan OBJECT-TYPE
SYNTAX CDot11IfVlanIdOrZero
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object defines the VLAN trunk at which the
traffic will be used when a client is associating
with this SSID. The default value is '0', no
VLAN is configured or used for this SSID."
DEFVAL { 0 }
::= { cdot11SecAuxSsidEntry 6 }
cdot11SecAuxSsidWpaPsk OBJECT-TYPE
SYNTAX CDot11WiFiPaPreSharedKey
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object configures Wi-Fi Protected Access
Pre-shared Key for this SSID. This key is used
for association authentication and dynamic
encryption key generation. The default value
is ''H if this shared key feature is not enabled."
DEFVAL { ''H }
::= { cdot11SecAuxSsidEntry 7 }
cdot11SecAuxRadiusAccounting OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object defines the name of the AAA accounting
list to be used for association accounting. The
default value is an empty string if AAA accounting
is not enabled."
DEFVAL { "" }
::= { cdot11SecAuxSsidEntry 8 }
cdot11SecAuxSsidLoginUsername OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object specifies the username used for
LEAP authentication and association to an uplink
AP while this SSID is in infra-structure mode, i.e.
cdot11SecAuxSsidInfraStruct is 'true'. The default
value is an empty string if this feature is not
enabled."
DEFVAL { "" }
::= { cdot11SecAuxSsidEntry 9 }
cdot11SecAuxSsidLoginPassword OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object specifies the password used for
LEAP authentication association to an uplink
AP while this SSID is in infra-structure mode, i.e.
cdot11SecAuxSsidInfraStruct is 'true'. The default
value is an empty string if this feature is not
enabled."
DEFVAL { "" }
::= { cdot11SecAuxSsidEntry 10 }
cdot11SecAuxSsidAuthKeyMgmt OBJECT-TYPE
SYNTAX CDot11SecAuthKeyMgmtType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object specifies the type of key management
employed for encryption keys defined for the VLAN
in cdot11SecAuxSsidVlan.
WPA key management('wpa') should only be selected
when encryption is TKIP or AES-CCMP and
authentication is open, i.e.
dot11AuthenticationAlgorithmsIndex is
openSystem(1), together either with EAP or
WPA-PSK for this SSID.
CCKM key management('cckm') can be used with encryption
TKIP, WEP, CKIP, and Network-EAP authentication
for this SSID.
The value 'wpa1' should be selected only
when encryption is TKIP.
The value 'wpa2' should be selected only when
encryption is either TKIP or AES-CCMP.
If none of the bits are set, there is no run-time
key management for this SSID."
::= { cdot11SecAuxSsidEntry 11 }
cdot11SecAuxSsidAuthKeyMgmtOpt OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object specifies if the type of key
management, cdot11SecAuxSsidAuthKeyMgmt,
selected is optional. If it is 'true' and
cdot11SecAuxSsidAuthKeyMgmt is not 'none',
the key management is optional. If it is
'false' and cdot11SecAuxSsidAuthKeyMgmt
is not 'none', the key management is
mandatory."
DEFVAL { false }
::= { cdot11SecAuxSsidEntry 12 }
cdot11SecAuxSsidRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This is used to create a new SSID entry on this
device, and modify or delete an existing SSID
entry.
Creation of rows must be done via 'createAndGo'
with or without optional objects. This object will
become 'active' if the NMS performs a multivarbind
set including this object and successfully creates
the SSID on this device.
Modification and deletion (via 'destroy') of rows can
be done when this object is 'active'. Any change
to an existing SSID configuration can cause clients
associating with the SSID to disassociate. And,
depends on the implementation, changes on the
existing SSIDs may not affect installed SSID on the
radio interfaces. Therefore, users are advised
to reset the corresponding SSID on the radio
interface via the cdot11SecInterfSsidTable."
::= { cdot11SecAuxSsidEntry 13 }
cdot11SecAuxSsidWirelessNetId OBJECT-TYPE
SYNTAX Integer32 (0..4096)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object sets the Wireless Network ID of this
SSID. This ID is used for Cisco GRE tunneling in
layer 3 switching. The valid range for the ID is
'1' to '4096' and the default value is '0' and it
indicates no ID is configured or used on this SSID."
DEFVAL { 0 }
::= { cdot11SecAuxSsidEntry 14 }
cdot11SecSsidRedirectAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This is the address type of for the
cdot11SecSsidRedirectDestAddr."
DEFVAL { ipv4 }
::= { cdot11SecAuxSsidEntry 15 }
cdot11SecSsidRedirectDestAddr OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This is the destination address set to all packets
received from wireless clients associated to this
wireless station using the cdot11SecAuxSsid. The
cdot11SecSsidRedirectAddrType specifies the type
of this address. The default value '00000000'H
of cdot11SecSsidRedirectAddrType 'ipv4' indicates
that this packet redirection feature is not
enabled."
DEFVAL { '00000000'H }
::= { cdot11SecAuxSsidEntry 16 }
cdot11SecSsidRedirectFilter OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"When the packet redirection feature is enable
(i.e., cdot11SecSsidRedirectAddrType is 'ipv4'
and cdot11SecSsidRedirectDestAddr value is not
'00000000'H), this is the Cisco IP extended
access list number or name used for filtering
packets from wireless clients. Only packets
passed by the access list will be allowed to
forward to the cdot11SecSsidRedirectDestAddr.
If packet redirection is disabled, this
access list will not be applied.
The default value is an empty string to
indicate that no access list filter will be
applied."
DEFVAL { "" }
::= { cdot11SecAuxSsidEntry 17 }
cdot11SecSsidInformationElement OBJECT-TYPE
SYNTAX CDot11InformationElementType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This is the set of Information Elements and
extended capabilities embedded in the SSID
broadcasted in beacons and probe responses.
The extended capabilities 'advertisement' and 'wps'
are allowed only if 'ssidl' is set."
DEFVAL { {} }
::= { cdot11SecAuxSsidEntry 18 }
cdot11SecAuxSsidVlanName OBJECT-TYPE
SYNTAX CDot11VlanName
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This is the name of the cdot11SecAuxSsidVlan. Either
cdot11SecAuxSsidVlan or cdot11SecAuxSsidVlanName can
be used to set the VLAN trunk for client traffic of
this SSID. If both cdot11SecAuxSsidVlanName and
cdot11SecAuxSsidVlan are set in a query, the set query
will succeed if only if there is a matching pair of
cdot11SecVlanName and cdot11SecVlanNameId in the
cdot11SecVlanNameTable.
The default value is a blank string, no VLAN or VLAN
name is configured or used for this SSID."
DEFVAL { " " }
::= { cdot11SecAuxSsidEntry 19 }
cdot11SecAuxSsidMbssidBroadcast OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object controls if this SSID shall be
broadcasted if MBSSID is enabled at the interface
which this SSID is attached, i.e.
if both cd11IfMultipleBssidEnable and
cdot11SecAuxSsidMbssidBroadcastis are 'true', then
this SSID is broadcasted. Otherwise, this SSID
is not broadcasted."
REFERENCE
"CISCO-DOT11-IF-MIB, cd11IfStationConfigTable."
DEFVAL { false }
::= { cdot11SecAuxSsidEntry 20 }
cdot11SecAuxSsidMbssidDtimPeriod OBJECT-TYPE
SYNTAX Integer32 (0..255)
UNITS "beacons"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This is the DTIM period for this MBSSID enabled SSID.
It is the number of beacon intervals that shall elapse
between transmission of Beacons frames containing a
TIM element whose DTIM Count field is 0.
This DTIM period is only applicable if MBSSID is
enabled at the interface which this SSID is attached,
i.e. cd11IfMultipleBssidEnable is 'true'.
The default value is 0 which indicates dot11DTIMPeriod
of IEEE802dot11-MIB is used. The current valid DTIM
period range for the radio is 1 to 100."
REFERENCE
"IEEE802dot11-MIB, dot11DTIMPeriod."
DEFVAL { 0 }
::= { cdot11SecAuxSsidEntry 21 }
cdot11SecAuxSsidAuthTable OBJECT-TYPE
SYNTAX SEQUENCE OF Cdot11SecAuxSsidAuthEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table contains attributes to configure
authentication parameters for SSIDs listed in the
cdot11SecAuxSsidTable. This table extends the
IEEE802dot11-MIB dot11AuthenticationAlgorithmsTable
to defines additional attributes authentication
procedures for multiple SSIDs. Multiple
authentication algorithms can apply to a single
auxiliary SSID.
This table has an expansion dependent relationship
on the cdot11SecAuxSsidTable. For each entry in
this table, there exists at least an entry in the
cdot11SecAuxSsidTable."
REFERENCE
"IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium
Access Control and Physical Layer Specifications,
LAN MAN Standards Committee of the IEEE Computer
Society, section 5.7.6."
::= { cdot11SecSsidManagement 2 }
cdot11SecAuxSsidAuthEntry OBJECT-TYPE
SYNTAX Cdot11SecAuxSsidAuthEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry specifies a pre-defined
authentication algorithms and additional
authentication procedures for clients of an
auxiliary SSID. The three pre-defined
authentication algorithms are:
openSystem(1),
sharedKey(2), and
network-EAP(3).
The valid combination of the pre-defined
authentications and additional procedures are:
openSystem(1) - plus EAP
- plus MAC or EAP
sharedKey(2) - plus MAC and EAP
- plus EAP
network-EAP(3) - plus MAC."
REFERENCE
"IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium
Access Control and Physical Layer Specifications,
LAN MAN Standards Committee of the IEEE Computer
Society, IEEE802dot11-MIB."
INDEX {
cdot11SecAuxSsid,
dot11AuthenticationAlgorithmsIndex
}
::= { cdot11SecAuxSsidAuthTable 1 }
Cdot11SecAuxSsidAuthEntry ::=
SEQUENCE {
cdot11SecAuxSsidAuthEnabled TruthValue,
cdot11SecAuxSsidAuthPlusEap TruthValue,
cdot11SecAuxSsidAuthPlusMac TruthValue,
cdot11SecAuxSsidAuthEapMethod SnmpAdminString,
cdot11SecAuxSsidAuthMacMethod SnmpAdminString,
cdot11SecAuxSsidAuthMacAlternate TruthValue
}
cdot11SecAuxSsidAuthEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"If the value is 'true', this device may
authenticate an association using SSID (specified
by cdot11SecAuxSsid) with the corresponding
pre-defined algorithm (identified by the
dot11AuthenticationAlgorithmsIndex). The default
value is 'true'."
REFERENCE
"IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium
Access Control and Physical Layer Specifications,
LAN MAN Standards Committee of the IEEE Computer
Society, IEEE802dot11-MIB."
::= { cdot11SecAuxSsidAuthEntry 1 }
cdot11SecAuxSsidAuthPlusEap OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"If both the values of this object and
cdot11SecAuxSsidAuthEnabled are 'true', the
association authentication must complete additional
network-level EAP authentication before client
stations will be unblocked from their association
attempts. If the value of this object is 'false'
while cdot11SecAuxSsidAuthEnabled is 'true', client
stations will be unblocked as soon as they
complete the enabled IEEE 802.11 authentication.
The default value is 'false' for no additional
EAP authentication."
REFERENCE
"IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium
Access Control and Physical Layer Specifications,
LAN MAN Standards Committee of the IEEE Computer
Society, IEEE802dot11-MIB."
::= { cdot11SecAuxSsidAuthEntry 2 }
cdot11SecAuxSsidAuthPlusMac OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"If both the values of this object and