-
Notifications
You must be signed in to change notification settings - Fork 59
/
Copy pathCISCO-LWAPP-LOCAL-AUTH-MIB.mib
571 lines (487 loc) · 19.9 KB
/
CISCO-LWAPP-LOCAL-AUTH-MIB.mib
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
-- *******************************************************************
-- CISCO-LWAPP-LOCAL-AUTH-MIB.my
-- March 2007, Devesh Pujari, Srinath Candadai
--
-- Copyright (c) 2007 by Cisco Systems, Inc.
-- All rights reserved.
-- *******************************************************************
CISCO-LWAPP-LOCAL-AUTH-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY,
OBJECT-TYPE,
Unsigned32,
Integer32
FROM SNMPv2-SMI
MODULE-COMPLIANCE,
OBJECT-GROUP
FROM SNMPv2-CONF
DisplayString,
RowStatus,
TruthValue
FROM SNMPv2-TC
ciscoMgmt
FROM CISCO-SMI
cLWlanIndex
FROM CISCO-LWAPP-WLAN-MIB;
-- ********************************************************************
-- * MODULE IDENTITY
-- ********************************************************************
ciscoLwappLocalAuthMIB MODULE-IDENTITY
LAST-UPDATED "200703150000Z"
ORGANIZATION "Cisco Systems Inc."
CONTACT-INFO
"Cisco Systems,
Customer Service
Postal: 170 West Tasman Drive
San Jose, CA 95134
USA
Tel: +1 800 553-NETS
Email: [email protected]"
DESCRIPTION
"This MIB is intended to be implemented on all those
devices operating as Central controllers, that
terminate the Light Weight Access Point Protocol
tunnel from Cisco Light-weight LWAPP Access Points.
Information provided by this MIB is used to manage
Local authentication information on the controller.
The relationship between CC and the LWAPP APs
can be depicted as follows:
+......+ +......+ +......+
+ + + + + +
+ CC + + CC + + CC +
+ + + + + +
+......+ +......+ +......+
.. . .
.. . .
. . . .
. . . .
. . . .
. . . .
+......+ +......+ +......+ +......+
+ + + + + + + +
+ AP + + AP + + AP + + AP +
+ + + + + + + +
+......+ +......+ +......+ +......+
. . .
. . . .
. . . .
. . . .
. . . .
+......+ +......+ +......+ +......+
+ + + + + + + +
+ MN + + MN + + MN + + MN +
+ + + + + + + +
+......+ +......+ +......+ +......+
The LWAPP tunnel exists between the controller and
the APs. The MNs communicate with the APs through
the protocol defined by the 802.11 standard.
LWAPP APs, upon bootup, discover and join one of the
controllers and the controller pushes the configuration,
that includes the WLAN parameters, to the LWAPP APs.
The APs then encapsulate all the 802.11 frames from
wireless clients inside LWAPP frames and forward
the LWAPP frames to the controller.
GLOSSARY
Access Point ( AP )
An entity that contains an 802.11 medium access
control ( MAC ) and physical layer ( PHY ) interface
and provides access to the distribution services via
the wireless medium for associated clients.
LWAPP APs encapsulate all the 802.11 frames in
LWAPP frames and sends them to the controller to which
it is logically connected.
Gratuitous Probe Response (GPR)
The Gratuitous Probe Response feature aids in conserving
battery power of WLAN-enabled cell phones by providing
a high rate packet on the order of tens of milliseconds
such that these kind of phones can wake up and wait at
predefined intervals, to reduce battery power. The
GPR packet is transmitted from the AP at a predefined
time interval.
Light Weight Access Point Protocol ( LWAPP )
This is a generic protocol that defines the
communication between the Access Points and the
Central Controller.
Mobile Node ( MN )
A roaming 802.11 wireless device in a wireless
network associated with an access point. Mobile Node
and client are used interchangeably.
Extensible Authentication Protocol ( EAP )
EAP is a universal authentication protocol used in
wireless and PPP networks. It is defined by RFC 3748.
EAP-Flexible Authentication ( EAP-FAST )
This protocol is used via secure tunneling for 802.1X EAP.
Transport Layer Security ( TLS )
This is a cryptographic protocol which provides secure
communication over the network.
Lightweight Directory Access Protocol ( LDAP )
LDAP is a protocol used for obtaining directory services
and runs over TCP/IP.
REFERENCE
[1] Wireless LAN Medium Access Control ( MAC ) and
Physical Layer ( PHY ) Specifications
[2] Draft-obara-capwap-lwapp-00.txt, IETF Light
Weight Access Point Protocol"
REVISION "200703150000Z"
DESCRIPTION
"Initial version of this MIB module."
::= { ciscoMgmt 619 }
ciscoLwappLocalAuthMIBNotifs OBJECT IDENTIFIER
::= { ciscoLwappLocalAuthMIB 0 }
ciscoLwappLocalAuthMIBObjects OBJECT IDENTIFIER
::= { ciscoLwappLocalAuthMIB 1 }
ciscoLwappLocalAuthMIBConform OBJECT IDENTIFIER
::= { ciscoLwappLocalAuthMIB 2 }
cllaConfig OBJECT IDENTIFIER
::= { ciscoLwappLocalAuthMIBObjects 1 }
-- ********************************************************************
-- Global Local Auth configs
-- ********************************************************************
cllaLocalAuth OBJECT IDENTIFIER
::= { cllaConfig 1 }
cllaActiveTimeout OBJECT-TYPE
SYNTAX Unsigned32 (1..3600 )
UNITS "seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The timeout period for the Local EAP to remain
active, in seconds."
DEFVAL { 300 }
::= { cllaLocalAuth 1 }
-- ********************************************************************
-- EAP Profile
-- ********************************************************************
cllaEapProfileTable OBJECT-TYPE
SYNTAX SEQUENCE OF CllaEapProfileEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table represents the local EAP authentication
information on the controller.
Rows are added or deleted by explicit
management actions initiated by the user from a
network management station through the
cllaEapProfileRowStatus object."
::= { cllaConfig 2 }
cllaEapProfileEntry OBJECT-TYPE
SYNTAX CllaEapProfileEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A conceptual row in cllaEapProfileTable. Each
entry in this table represents the local EAP
authentication information, identified by
the cllEapProfileName."
INDEX { cllaEapProfileName }
::= { cllaEapProfileTable 1 }
CllaEapProfileEntry ::= SEQUENCE {
cllaEapProfileName DisplayString,
cllaEapProfileMethods BITS,
cllaEapProfileCertIssuer INTEGER ,
cllaEapProfileCaCertificationCheck TruthValue,
cllaEapProfileCnCertificationIdVerify TruthValue,
cllaEapProfileDateValidityEnabled TruthValue,
cllaEapProfileLocalCertificateRequired TruthValue,
cllaEapProfileClientCertificateRequired TruthValue,
cllaEapProfileRowStatus RowStatus
}
cllaEapProfileName OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..63))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This object represent the profile name used to identify
the Local EAP information."
::= { cllaEapProfileEntry 1 }
cllaEapProfileMethods OBJECT-TYPE
SYNTAX BITS {
none(0),
leap(1),
eapFast(2),
tls(3)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object represents the method type for this
entry.
none - No method is in use
leap - LEAP is used as one of the methods
eap-fast - EAP-FAST is used as one of the methods
tls - TLS is being used as one of the methods."
::= { cllaEapProfileEntry 2 }
cllaEapProfileCertIssuer OBJECT-TYPE
SYNTAX INTEGER {
cisco(1),
vendor(2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object represents the name of the certificate issuer
cisco - Cisco is the certificate issuer.
vendor - The issuer is an outside vendor."
DEFVAL { cisco }
::= { cllaEapProfileEntry 3 }
cllaEapProfileCaCertificationCheck OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This parameter indicates whether to check peer certificate
against installed CA certificates."
DEFVAL { true }
::= { cllaEapProfileEntry 4 }
cllaEapProfileCnCertificationIdVerify OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This parameter indicates whether to verify certificate
CN against peer identity and user database."
DEFVAL { false }
::= { cllaEapProfileEntry 5 }
cllaEapProfileDateValidityEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This parameter indicates whether to verify certificate
date is valid and is within validity period."
DEFVAL { true }
::= { cllaEapProfileEntry 6 }
cllaEapProfileLocalCertificateRequired OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This is applicable when cllaEapProfileMethods is
EAP-FAST parameter. This parameter indicates
whether local certificate is required."
DEFVAL { false }
::= { cllaEapProfileEntry 7 }
cllaEapProfileClientCertificateRequired OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This is applicable when cllaEapProfileMethods is
EAP-FAST parameter. This parameter indicates
whether client certificate is required."
DEFVAL { false }
::= { cllaEapProfileEntry 8 }
cllaEapProfileRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Used to add or delete an entry in this table."
::= { cllaEapProfileEntry 9 }
-- ********************************************************************
-- WLAN Profile table
-- ********************************************************************
cllaWlanProfileTable OBJECT-TYPE
SYNTAX SEQUENCE OF CllaWlanProfileEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table represents the information about configuring
the EAP profiles for a WLAN. The creation of a new row
occurs when a WLAN entry is added through an explicit
network management action to the cLWlanConfigTable in
CISCO-LWAPP-WLAN-MIB.
Similarly, deletion of a row in cLWlanConfigTable
through user action, causes the deletion of corresponding
row in this table."
::= { cllaConfig 3 }
cllaWlanProfileEntry OBJECT-TYPE
SYNTAX CllaWlanProfileEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry in this table provides information about
the Local EAP profile configured for this WLAN."
INDEX { cLWlanIndex }
::= { cllaWlanProfileTable 1 }
CllaWlanProfileEntry ::= SEQUENCE {
cllaWlanProfileName DisplayString,
cllaWlanProfileState TruthValue
}
cllaWlanProfileName OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..63))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The profile name configured for this WLAN."
::= { cllaWlanProfileEntry 1 }
cllaWlanProfileState OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object indicates whether Local Authentication
is enabled or disables for this WLAN."
::= { cllaWlanProfileEntry 2 }
-- ********************************************************************
-- User Credential Priority Table
-- ********************************************************************
cllaUserPriorityTable OBJECT-TYPE
SYNTAX SEQUENCE OF CllaUserPriorityEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table contains entries for 802.11 user credential
methods configured in the controller. At startup,
all the entries in this table are set up by the central
controller. A management application can later change
the priority order using the cllaUserPriorityNumber."
::= { cllaConfig 4 }
cllaUserPriorityEntry OBJECT-TYPE
SYNTAX CllaUserPriorityEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A conceptual row in cllaUserPriorityTable. There is an
entry in this table for each 802.11 user authentication
available at the agent, as identified by a value of
cllaUserCredential."
INDEX { cllaUserCredential }
::= { cllaUserPriorityTable 1 }
CllaUserPriorityEntry ::= SEQUENCE {
cllaUserCredential INTEGER ,
cllaUserPriorityNumber Integer32
}
cllaUserCredential OBJECT-TYPE
SYNTAX INTEGER {
local(1),
ldap(2)
}
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This object represents the user crediantial information.
local - indicates that local credential is used
for authentication
ldap - indicates that LDAP credential is used
for authentication."
::= { cllaUserPriorityEntry 1 }
cllaUserPriorityNumber OBJECT-TYPE
SYNTAX Integer32 (0..2 )
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object represents the order in which the user credentials
are validated by the controller. At start up,
the agent assigns the value of this object. Later this can
be changed by the management station.
This object reflects the priority in which the user credential
information is applied. A lower value indicates an higher
priority. For example, an entry set to value '1' has a higher
priority over an entry set to value '2'.
The zero value indicates that the priority is not set.
No two instances of this object will have the same priority."
::= { cllaUserPriorityEntry 2 }
-- ********************************************************************
-- Local-auth eap-fast method parameters
-- ********************************************************************
cllaEapParams OBJECT IDENTIFIER
::= { cllaConfig 5 }
cllaEapMethodPacTtl OBJECT-TYPE
SYNTAX Unsigned32 (1..1000 )
UNITS "days"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This is EAP Fast parameter. This parameter represents
time to live for the protected access credentials."
DEFVAL { 10 }
::= { cllaEapParams 1 }
cllaEapAnonymousProvEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This is EAP Fast parameter. This parameter represents
whether anonymous provisioning is enabled. A value of
'true' indicates the controller will accept anonymous
requests. A value of 'false' indicates that the controller
will reject anonymous requests."
DEFVAL { true }
::= { cllaEapParams 2 }
cllaEapAuthorityId OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..128))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This is EAP Fast parameter. This parameter configures
the authority ID. The maximum length per platform is
specified by the cllaEapAuthorityIdLength object."
::= { cllaEapParams 3 }
cllaEapAuthorityInfo OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..32))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This is EAP Fast parameter. This parameter configures
the authority information."
::= { cllaEapParams 4 }
cllaEapServerKey OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..32))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This is EAP Fast parameter. This parameter configures
the server key ID."
::= { cllaEapParams 5 }
cllaEapAuthorityIdLength OBJECT-TYPE
SYNTAX Unsigned32 (0..128 )
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object represents the length of the cllaEapAuthorityId
object, supported by this agent implementation."
DEFVAL { 32 }
::= { cllaEapParams 6 }
-- ********************************************************************
-- * Units of conformance
-- ********************************************************************
ciscoLwappLocalAuthMIBCompliances OBJECT IDENTIFIER
::= { ciscoLwappLocalAuthMIBConform 1 }
ciscoLwappLocalAuthMIBGroups OBJECT IDENTIFIER
::= { ciscoLwappLocalAuthMIBConform 2 }
ciscoLwappLocalAuthMIBCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for the SNMP entities that
implement the ciscoLwappLocalAuthMIB module."
MODULE -- this module
MANDATORY-GROUPS { ciscoLwappLocalAuthMIBConfigGroup }
::= { ciscoLwappLocalAuthMIBCompliances 1 }
ciscoLwappLocalAuthMIBConfigGroup OBJECT-GROUP
OBJECTS {
cllaActiveTimeout,
cllaEapProfileMethods,
cllaEapProfileCertIssuer,
cllaEapProfileCaCertificationCheck,
cllaEapProfileCnCertificationIdVerify,
cllaEapProfileDateValidityEnabled,
cllaEapProfileLocalCertificateRequired,
cllaEapProfileClientCertificateRequired,
cllaEapProfileRowStatus,
cllaWlanProfileName,
cllaWlanProfileState,
cllaUserPriorityNumber,
cllaEapMethodPacTtl,
cllaEapAnonymousProvEnabled,
cllaEapAuthorityId,
cllaEapAuthorityInfo,
cllaEapServerKey,
cllaEapAuthorityIdLength
}
STATUS current
DESCRIPTION
"This collection of objects specifies the required
configuration parameters for local authentication."
::= { ciscoLwappLocalAuthMIBGroups 1 }
END