CISCO-DOT11-SSID-SECURITY-MIB device MIB details by Cisco
CISCO-DOT11-SSID-SECURITY-MIB file content
The SNMP protocol is used to for conveying information and commands between agents and managing entities. SNMP uses the User Datagram Protocol (UDP) as the transport protocol for passing data between managers and agents. The reasons for using UDP for SNMP are, firstly it has low overheads in comparison to TCP, which uses a 3-way hand shake for connection. Secondly, in congested networks, SNMP over TCP is a bad idea because TCP in order to maintain reliability will flood the network with retransmissions.
Management information (MIB) is represented as a collection of managed objects. These objects together form a virtual information base called MIB. An agent may implement many MIBs, but all agents must implement a particular MIB called MIB-II [16]. This standard defines variables for things such as interface statistics (interface speeds, MTU, octets sent, octets received, etc.) as well as various other things pertaining to the system itself (system location, system contact, etc.). The main goal of MIB-II is to provide general TCP/IP management information.
Use ActiveXperts Network Monitor 2024 to import vendor-specific MIB files, inclusing CISCO-DOT11-SSID-SECURITY-MIB.
Vendor: | Cisco |
---|---|
Mib: | CISCO-DOT11-SSID-SECURITY-MIB [download] [view objects] |
Tool: | ActiveXperts Network Monitor 2024 [download] (ships with advanced SNMP/MIB tools) |
-- ***************************************************************** -- CISCO-DOT11-SSID-SECURITY-MIB.my: -- CISCO IEEE 802.11 SSID Security MIB -- -- October 2003, Francis Pang -- -- Copyright (c) 2003-2004 by Cisco Systems, Inc. -- All rights reserved. -- ***************************************************************** -- CISCO-DOT11-SSID-SECURITY-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Integer32, Unsigned32 FROM SNMPv2-SMI MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF TEXTUAL-CONVENTION, MacAddress, RowStatus, TruthValue FROM SNMPv2-TC SnmpAdminString FROM SNMP-FRAMEWORK-MIB ifIndex FROM IF-MIB InetAddressType, InetAddress FROM INET-ADDRESS-MIB dot11AuthenticationAlgorithmsIndex FROM IEEE802dot11-MIB CDot11IfVlanIdOrZero FROM CISCO-DOT11-IF-MIB ciscoMgmt FROM CISCO-SMI; -- ******************************************************************** -- * MODULE IDENTITY -- ******************************************************************** ciscoDot11SsidSecMIB MODULE-IDENTITY LAST-UPDATED "200409140000Z" ORGANIZATION "Cisco System Inc." CONTACT-INFO " Cisco Systems Customer Service Postal: 170 West Tasman Drive, San Jose CA 95134-1706. USA Tel: +1 800 553-NETS E-mail: cs-dot11@cisco.com" DESCRIPTION "This MIB module provides network management support for Cisco IEEE 802.11 Wireless LAN devices association and authentication. ACRONYMS AES Advanced Encryption Standard. AP Access point. AID Association IDentifier for wireless stations. BSS IEEE 802.11 Basic Service Set. BSSID Basic SSID, a MAC address. CCKM Cisco Central Key Management. CCMP Code Mode/CBC Mac Protocol. CKIP Cisco per packet key hashing. CMIC Cisco MMH MIC. CRC Cyclic Redundancy Check. DTIM Data Traffic Indication Map EAP Extensible Authentication Protocol. GRE Generic Routing Encapsulation IAPP Inter-Access-Point Protocol. ICV Integrity Check Value. MBSSID Multiple Basic SSID. MIC Message Integrity Check. MMH Multi-Modal Hashing. MMIC Michael MIC. RF Radio Frequency. SSID Radio Service Set Id. SSIDL IE SSID List Information Element STA IEEE 802.11 wireless station. TKIP WPA Temporal Key encryption. VLAN Virtual LAN. WEP Wired Equivalent Privacy. WPA Wi-Fi Protected Access. WPS Wireless Provisioning System. GLOSSARY Access point Transmitter/receiver (transceiver) device that commonly connects and transports data between a wireless network and a wired network. Association The service used to establish access point or station mapping and enable STA invocation of the distribution system services. (Wireless clients attempt to connect to access points.) Basic Service Set The IEEE 802.11 BSS of an AP comprises of the stations directly associating with the AP. Bridge Device that connects two or more segments and reduces traffic by analyzing the destination address, filtering the frame, and forwarding the frame to all connected segments. Bridge AP It is an AP that functions as a transparent bridge between 2 wired LAN segments. Broadcast SSID Clients can send out Broadcast SSID Probe Requests to a nearby AP, and the AP will broadcast its own SSID within its beacons to response to clients. Clients can use this Broadcast SSID to associate and communicate with the AP. Extensible Authentication Protocol EAP acts as the interface between a wireless client and an authentication server, such as a RADIUS server, to which the access point communicates over the wired network. IEEE 802.11 Standard to encourage interoperability among wireless networking equipment. IEEE 802.11b High-rate wireless LAN standard for wireless data transfer at up to 11 Mbps. IEEE P802.11g Higher Speed Physical Layer (PHY) Extension to IEEE 802.11b, will boost wireless LAN speed to 54 Mbps by using OFDM (orthogonal frequency division multiplexing). The IEEE 802.11g specification is backward compatible with the widely deployed IEEE 802.11b standard. Inter-Access-Point Protocol The IEEE 802.11 standard does not define how access points track moving users or how to negotiate a handoff from one access point to the next, a process referred to as roaming. IAPP is a Cisco proprietary protocol to support roaming. However, IAPP does not address how the wireless system tracks users moving from one subnet to another. Independent network Network that provides peer-to-peer connectivity without relying on a complete network infrastructure. Information Element Optional wireless network management data element in the beacons and probe responses generated by wireless stations. These elements identify the extended capabilities supported by the stations. Integrity Check Value The WEP ICV shall be a 32-bit value containing the 32-bit cyclic redundancy code designed for verifying wireless data frame integrity. Message Integrity Check A MIC can, optionally, be added to WEP-encrypted 802.11 frames. MIC prevents attacks on encrypted packets. MIC, implemented on both the access point and all associated client devices, adds a few bytes to each packet to make the packets tamper-proof. Multiple BSS-ID An access point radio broadcasts and advertises multiple SSIDs in the beacons. For clients' prospective, it is like there are multiple access points existing in the wireless network. Native VLAN ID A switch port and/or AP can be configured with a 'native VLAN ID'. Untagged or priority-tagged frames are implicitly associated with the native VLAN ID. The default native VLAN ID is '1' if VLAN tagging is enabled. The native VLAN ID is '0' or 'no VLAN ID' if VLAN tagging is not enabled. Non-Root Bridge This wireless bridge does not connect to the main wired LAN segment. It connects to a remote wired LAN segment and can associate with root bridges and other non-root bridges that accept client associations. It also can accept associations from other non-root bridges, repeater access points, and client devices. Primary LAN In an AP, if the destinations of inbound unicast frames are unknown, the frames are sent toward the primary LAN defined on the device. Repeater Device that connects multiple segments, listening to each and regenerating the signal on one to every other connected one; so that the signal can travel further. Repeater or Non-root Access Point The repeater access point is not connected to the wired LAN. The Repeater is a wireless LAN transceiver that transfers data between a client and another access point, another repeater, or between two bridges. The repeater is placed within radio range of an access point connected to the wired LAN, another repeater, or an non-root bridge to extend the range of the infrastructure. Radio Frequency Radio wave and modulation process or operation. Root Access Point This access point connects clients to the main wired LAN. Root (Wireless) Bridge This wireless bridge connects to the main wired LAN. It can communicate with non-root wireless bridges, repeater access points, and client devices but not with another wireless root bridge. Only one wireless bridge in a wireless LAN can be set as the wireless root bridge. Service Set ID SSID is a unique identifier that APs and clients use to identify with each other. SSID is a simple means of access control and is not for security. The SSID can be any alphanumeric entry up to 32 characters. Virtual LAN VLAN defined in the IEEE 802.1Q VLAN standard supports logically segmenting of LAN infrastructure into different subnets or workgroups so that packets are switched only between ports within the same VLAN. VLAN ID Each VLAN is identified by a 12-bit 'VLAN ID'. A VLAN ID of '0' is used to indicate 'no VLAN ID'. Valid VLAN IDs range from '1' to '4095'. VLAN of ID '4095' is the default VLAN for Cisco VoIP Phones. Wired Equivalent Privacy WEP is generally used to refer to 802.11 encryption." REVISION "200409140000Z" DESCRIPTION "Added cdot11MbssidMacAddrSupportTable and cdot11MbssidInterfaceTable to support MBSSID feature." REVISION "200405150000Z" DESCRIPTION "This is the initial version of this MIB module." ::= { ciscoMgmt 413 } ciscoDot11SsidSecMIBObjects OBJECT IDENTIFIER ::= { ciscoDot11SsidSecMIB 1 } cdot11SecSsidManagement OBJECT IDENTIFIER ::= { ciscoDot11SsidSecMIBObjects 1 } cdot11SecAuthManagement OBJECT IDENTIFIER ::= { ciscoDot11SsidSecMIBObjects 2 } cdot11SecStatistics OBJECT IDENTIFIER ::= { ciscoDot11SsidSecMIBObjects 3 } cdot11SecVlanManagement OBJECT IDENTIFIER ::= { ciscoDot11SsidSecMIBObjects 4 } -- Textual Conventions CDot11SecAuthKeyMgmtType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This is the encryption key management type applied to different encryption key algorithms, like TKIP, WEP, and CKIP. cckm - Cisco Central Key Management wpa - Wi-Fi Protected Access" SYNTAX BITS { cckm(0), wpa(1) } CDot11WiFiPaPreSharedKey ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This is a 64-hexadecimal digit Wi-Fi Protected Access Pre-shared Key. This key is used for association authentication and dynamic encryption key generation. The key can also be in the form of a character string." SYNTAX OCTET STRING (SIZE (0..128)) CDot11SsidString ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This is the SSID string defined for IEEE 802.11 wireless LAN devices." SYNTAX OCTET STRING (SIZE(1..32)) CDot11VlanName ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This is a VLAN name string configured on RADIUS servers. This should be an alpha-numeric string with at least one alpha." SYNTAX OCTET STRING (SIZE(1..32)) CDot11InformationElementType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This is the set of Information Elements embedded in the wireless device beacons and probe response and the extended capabilities configurable on the IEs: ssidl - send SSIDL IE and may advertise extended capabilities, i.e., 802.1x and WPS; advertisement - send SSID name and capabilities in the SSIDL IE; wps - set WPS flag in the extended capabilities." SYNTAX BITS { ssidl(0), advertisement(1), wps(2) } -- ******************************************************************** -- * Cisco IEEE 802.11 Interface Ssid Management -- ******************************************************************** cdot11SecAuxSsidTable OBJECT-TYPE SYNTAX SEQUENCE OF Cdot11SecAuxSsidEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains the list of SSIDs that all radio interfaces of this device should install and use for client associations." ::= { cdot11SecSsidManagement 1 } cdot11SecAuxSsidEntry OBJECT-TYPE SYNTAX Cdot11SecAuxSsidEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A collection of attributes defining an auxiliary service set ID which client stations can use for association for the device. Entries can be installed on multiple radio interfaces." INDEX { cdot11SecAuxSsid } ::= { cdot11SecAuxSsidTable 1 } Cdot11SecAuxSsidEntry ::= SEQUENCE { cdot11SecAuxSsid CDot11SsidString, cdot11SecAuxSsidBroadcast TruthValue, cdot11SecAuxSsidInfraStruct INTEGER, cdot11SecAuxSsidProxyMobileIp TruthValue, cdot11SecAuxSsidMaxStations Unsigned32, cdot11SecAuxSsidVlan CDot11IfVlanIdOrZero, cdot11SecAuxSsidWpaPsk CDot11WiFiPaPreSharedKey, cdot11SecAuxRadiusAccounting SnmpAdminString, cdot11SecAuxSsidLoginUsername SnmpAdminString, cdot11SecAuxSsidLoginPassword SnmpAdminString, cdot11SecAuxSsidAuthKeyMgmt CDot11SecAuthKeyMgmtType, cdot11SecAuxSsidAuthKeyMgmtOpt TruthValue, cdot11SecAuxSsidRowStatus RowStatus, cdot11SecAuxSsidWirelessNetId Integer32, cdot11SecSsidRedirectAddrType InetAddressType, cdot11SecSsidRedirectDestAddr InetAddress, cdot11SecSsidRedirectFilter SnmpAdminString, cdot11SecSsidInformationElement CDot11InformationElementType, cdot11SecAuxSsidVlanName CDot11VlanName, cdot11SecAuxSsidMbssidBroadcast TruthValue, cdot11SecAuxSsidMbssidDtimPeriod Integer32 } cdot11SecAuxSsid OBJECT-TYPE SYNTAX CDot11SsidString MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object specifies a SSID defined on this IEEE 802.11 wireless LAN device. The SSID will be installed on the radio interfaces for client associations. The radio interface shall respond to probe requests using this SSID, but it does not advertise this SSID in its beacons unless the cdot11SecAuxSsidBroadcast is 'true'." ::= { cdot11SecAuxSsidEntry 1 } cdot11SecAuxSsidBroadcast OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates if an auxiliary SSID is a Broadcast SSID. There should only be one Broadcast SSID installed on any IEEE 802.11 radio interface if Multiple BSSID feature is not enabled. To enable this SSID for MBSSID broadcast, use cdot11SecAuxSsidMbssidBroadcast." REFERENCE "IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium Access Control and Physical Layer Specifications, LAN MAN Standards Committee of the IEEE Computer Society, section 7.3.2.1." DEFVAL { false } ::= { cdot11SecAuxSsidEntry 2 } cdot11SecAuxSsidInfraStruct OBJECT-TYPE SYNTAX INTEGER { infraStructure(1), nonInfraStructure(2), optional(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates if an auxiliary SSID is an infra-structure SSID. There should only be one infra-structure SSID installed on any IEEE 802.11 radio interface. The infra-structure SSID is used for uplink association while the radio interface cd11IfStationRole is roleWgb(1), roleRepeater(5), roleNrBridge(9), or roleApNrBridge(10). infraStructure(1) - infra-structure SSID, nonInfraStructure(2) - Non infra-structure SSID, optional(3) - use of this infra-structure SSID is optional for uplink connection." REFERENCE "cd11IfStationRole, cd11IfStationConfigTable, CISCO-DOT11-IF-MIB." DEFVAL { nonInfraStructure } ::= { cdot11SecAuxSsidEntry 3 } cdot11SecAuxSsidProxyMobileIp OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates if an auxiliary SSID is enabled for Proxy Mobile-IP support. If Proxy Mobile-IP is not supported in VLAN network environment, cdot11SecAuxSsidVlan should be '0' when Proxy Mobile-IP is enabled via this object." DEFVAL { false } ::= { cdot11SecAuxSsidEntry 4 } cdot11SecAuxSsidMaxStations OBJECT-TYPE SYNTAX Unsigned32 (0..2007) MAX-ACCESS read-create STATUS current DESCRIPTION "This object defines the maximum number of IEEE 802.11 stations which may associate to a radio interface through this SSID. If the value is '0', the maximum number is limited only by the IEEE 802.11 standard and any hardware or radio firmware limitations of the access point." REFERENCE "IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium Access Control and Physical Layer Specifications, LAN MAN Standards Committee of the IEEE Computer Society, section 5.7." DEFVAL { 255 } ::= { cdot11SecAuxSsidEntry 5 } cdot11SecAuxSsidVlan OBJECT-TYPE SYNTAX CDot11IfVlanIdOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "This object defines the VLAN trunk at which the traffic will be used when a client is associating with this SSID. The default value is '0', no VLAN is configured or used for this SSID." DEFVAL { 0 } ::= { cdot11SecAuxSsidEntry 6 } cdot11SecAuxSsidWpaPsk OBJECT-TYPE SYNTAX CDot11WiFiPaPreSharedKey MAX-ACCESS read-create STATUS current DESCRIPTION "This object configures Wi-Fi Protected Access Pre-shared Key for this SSID. This key is used for association authentication and dynamic encryption key generation. The default value is ''H if this shared key feature is not enabled." DEFVAL { ''H } ::= { cdot11SecAuxSsidEntry 7 } cdot11SecAuxRadiusAccounting OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "This object defines the name of the AAA accounting list to be used for association accounting. The default value is an empty string if AAA accounting is not enabled." DEFVAL { "" } ::= { cdot11SecAuxSsidEntry 8 } cdot11SecAuxSsidLoginUsername OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the username used for LEAP authentication and association to an uplink AP while this SSID is in infra-structure mode, i.e. cdot11SecAuxSsidInfraStruct is 'true'. The default value is an empty string if this feature is not enabled." DEFVAL { "" } ::= { cdot11SecAuxSsidEntry 9 } cdot11SecAuxSsidLoginPassword OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the password used for LEAP authentication association to an uplink AP while this SSID is in infra-structure mode, i.e. cdot11SecAuxSsidInfraStruct is 'true'. The default value is an empty string if this feature is not enabled." DEFVAL { "" } ::= { cdot11SecAuxSsidEntry 10 } cdot11SecAuxSsidAuthKeyMgmt OBJECT-TYPE SYNTAX CDot11SecAuthKeyMgmtType MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the type of key management employed for encryption keys defined for the VLAN in cdot11SecAuxSsidVlan. WPA key management should only be selected when encryption is TKIP and authentication is open, i.e. dot11AuthenticationAlgorithmsIndex is openSystem(1), together either with EAP or WPA-PSK for this SSID. CCKM key management can be used with encryption TKIP, WEP, CKIP, and Network-EAP authentication for this SSID. If none of the bits are set, there is no run-time key management for this SSID." ::= { cdot11SecAuxSsidEntry 11 } cdot11SecAuxSsidAuthKeyMgmtOpt OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies if the type of key management, cdot11SecAuxSsidAuthKeyMgmt, selected is optional. If it is 'true' and cdot11SecAuxSsidAuthKeyMgmt is not 'none', the key management is optional. If it is 'false' and cdot11SecAuxSsidAuthKeyMgmt is not 'none', the key management is mandatory." DEFVAL { false } ::= { cdot11SecAuxSsidEntry 12 } cdot11SecAuxSsidRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This is used to create a new SSID entry on this device, and modify or delete an existing SSID entry. Creation of rows must be done via 'createAndGo' with or without optional objects. This object will become 'active' if the NMS performs a multivarbind set including this object and successfully creates the SSID on this device. Modification and deletion (via 'destroy') of rows can be done when this object is 'active'. Any change to an existing SSID configuration can cause clients associating with the SSID to disassociate. And, depends on the implementation, changes on the existing SSIDs may not affect installed SSID on the radio interfaces. Therefore, users are advised to reset the corresponding SSID on the radio interface via the cdot11SecInterfSsidTable." ::= { cdot11SecAuxSsidEntry 13 } cdot11SecAuxSsidWirelessNetId OBJECT-TYPE SYNTAX Integer32 (0..4096) MAX-ACCESS read-create STATUS current DESCRIPTION "This object sets the Wireless Network ID of this SSID. This ID is used for Cisco GRE tunneling in layer 3 switching. The valid range for the ID is '1' to '4096' and the default value is '0' and it indicates no ID is configured or used on this SSID." DEFVAL { 0 } ::= { cdot11SecAuxSsidEntry 14 } cdot11SecSsidRedirectAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "This is the address type of for the cdot11SecSsidRedirectDestAddr." DEFVAL { ipv4 } ::= { cdot11SecAuxSsidEntry 15 } cdot11SecSsidRedirectDestAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This is the destination address set to all packets received from wireless clients associated to this wireless station using the cdot11SecAuxSsid. The cdot11SecSsidRedirectAddrType specifies the type of this address. The default value '00000000'H of cdot11SecSsidRedirectAddrType 'ipv4' indicates that this packet redirection feature is not enabled." DEFVAL { '00000000'H } ::= { cdot11SecAuxSsidEntry 16 } cdot11SecSsidRedirectFilter OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "When the packet redirection feature is enable (i.e., cdot11SecSsidRedirectAddrType is 'ipv4' and cdot11SecSsidRedirectDestAddr value is not '00000000'H), this is the Cisco IP extended access list number or name used for filtering packets from wireless clients. Only packets passed by the access list will be allowed to forward to the cdot11SecSsidRedirectDestAddr. If packet redirection is disabled, this access list will not be applied. The default value is an empty string to indicate that no access list filter will be applied." DEFVAL { "" } ::= { cdot11SecAuxSsidEntry 17 } cdot11SecSsidInformationElement OBJECT-TYPE SYNTAX CDot11InformationElementType MAX-ACCESS read-create STATUS current DESCRIPTION "This is the set of Information Elements and extended capabilities embedded in the SSID broadcasted in beacons and probe responses. The extended capabilities 'advertisement' and 'wps' are allowed only if 'ssidl' is set." DEFVAL { {} } ::= { cdot11SecAuxSsidEntry 18 } cdot11SecAuxSsidVlanName OBJECT-TYPE SYNTAX CDot11VlanName MAX-ACCESS read-create STATUS current DESCRIPTION "This is the name of the cdot11SecAuxSsidVlan. Either cdot11SecAuxSsidVlan or cdot11SecAuxSsidVlanName can be used to set the VLAN trunk for client traffic of this SSID. If both cdot11SecAuxSsidVlanName and cdot11SecAuxSsidVlan are set in a query, the set query will succeed if only if there is a matching pair of cdot11SecVlanName and cdot11SecVlanNameId in the cdot11SecVlanNameTable. The default value is a blank string, no VLAN or VLAN name is configured or used for this SSID." DEFVAL { " " } ::= { cdot11SecAuxSsidEntry 19 } cdot11SecAuxSsidMbssidBroadcast OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "This object controls if this SSID shall be broadcasted if MBSSID is enabled at the interface which this SSID is attached, i.e. if both cd11IfMultipleBssidEnable and cdot11SecAuxSsidMbssidBroadcastis are 'true', then this SSID is broadcasted. Otherwise, this SSID is not broadcasted." REFERENCE "CISCO-DOT11-IF-MIB, cd11IfStationConfigTable." DEFVAL { false } ::= { cdot11SecAuxSsidEntry 20 } cdot11SecAuxSsidMbssidDtimPeriod OBJECT-TYPE SYNTAX Integer32 (0..255) UNITS "beacons" MAX-ACCESS read-create STATUS current DESCRIPTION "This is the DTIM period for this MBSSID enabled SSID. It is the number of beacon intervals that shall elapse between transmission of Beacons frames containing a TIM element whose DTIM Count field is 0. This DTIM period is only applicable if MBSSID is enabled at the interface which this SSID is attached, i.e. cd11IfMultipleBssidEnable is 'true'. The default value is 0 which indicates dot11DTIMPeriod of IEEE802dot11-MIB is used. The current valid DTIM period range for the radio is 1 to 100." REFERENCE "IEEE802dot11-MIB, dot11DTIMPeriod." DEFVAL { 0 } ::= { cdot11SecAuxSsidEntry 21 } cdot11SecAuxSsidAuthTable OBJECT-TYPE SYNTAX SEQUENCE OF Cdot11SecAuxSsidAuthEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains attributes to configure authentication parameters for SSIDs listed in the cdot11SecAuxSsidTable. This table extends the IEEE802dot11-MIB dot11AuthenticationAlgorithmsTable to defines additional attributes authentication procedures for multiple SSIDs. Multiple authentication algorithms can apply to a single auxiliary SSID. This table has an expansion dependent relationship on the cdot11SecAuxSsidTable. For each entry in this table, there exists at least an entry in the cdot11SecAuxSsidTable." REFERENCE "IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium Access Control and Physical Layer Specifications, LAN MAN Standards Committee of the IEEE Computer Society, section 5.7.6." ::= { cdot11SecSsidManagement 2 } cdot11SecAuxSsidAuthEntry OBJECT-TYPE SYNTAX Cdot11SecAuxSsidAuthEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry specifies a pre-defined authentication algorithms and additional authentication procedures for clients of an auxiliary SSID. The three pre-defined authentication algorithms are: openSystem(1), sharedKey(2), and network-EAP(3). The valid combination of the pre-defined authentications and additional procedures are: openSystem(1) - plus EAP - plus MAC or EAP sharedKey(2) - plus MAC and EAP - plus EAP network-EAP(3) - plus MAC." REFERENCE "IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium Access Control and Physical Layer Specifications, LAN MAN Standards Committee of the IEEE Computer Society, IEEE802dot11-MIB." INDEX { cdot11SecAuxSsid, dot11AuthenticationAlgorithmsIndex } ::= { cdot11SecAuxSsidAuthTable 1 } Cdot11SecAuxSsidAuthEntry ::= SEQUENCE { cdot11SecAuxSsidAuthEnabled TruthValue, cdot11SecAuxSsidAuthPlusEap TruthValue, cdot11SecAuxSsidAuthPlusMac TruthValue, cdot11SecAuxSsidAuthEapMethod SnmpAdminString, cdot11SecAuxSsidAuthMacMethod SnmpAdminString, cdot11SecAuxSsidAuthMacAlternate TruthValue } cdot11SecAuxSsidAuthEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "If the value is 'true', this device may authenticate an association using SSID (specified by cdot11SecAuxSsid) with the corresponding pre-defined algorithm (identified by the dot11AuthenticationAlgorithmsIndex). The default value is 'true'." REFERENCE "IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium Access Control and Physical Layer Specifications, LAN MAN Standards Committee of the IEEE Computer Society, IEEE802dot11-MIB." ::= { cdot11SecAuxSsidAuthEntry 1 } cdot11SecAuxSsidAuthPlusEap OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "If both the values of this object and cdot11SecAuxSsidAuthEnabled are 'true', the association authentication must complete additional network-level EAP authentication before client stations will be unblocked from their association attempts. If the value of this object is 'false' while cdot11SecAuxSsidAuthEnabled is 'true', client stations will be unblocked as soon as they complete the enabled IEEE 802.11 authentication. The default value is 'false' for no additional EAP authentication." REFERENCE "IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium Access Control and Physical Layer Specifications, LAN MAN Standards Committee of the IEEE Computer Society, IEEE802dot11-MIB." ::= { cdot11SecAuxSsidAuthEntry 2 } cdot11SecAuxSsidAuthPlusMac OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "If both the values of this object and cdot11SecAuxSsidAuthEnabled are 'true', the association authentication must complete additional MAC address authentication before client stations will be unblocked from their association attempts. If the value of this object is 'false' while cdot11SecAuxSsidAuthEnabled is 'true', client stations will be unblocked as soon as they complete the enabled IEEE 802.11 authentication. The default value is 'false' for no additional MAC address authentication." REFERENCE "IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium Access Control and Physical Layer Specifications, LAN MAN Standards Committee of the IEEE Computer Society, IEEE802dot11-MIB." ::= { cdot11SecAuxSsidAuthEntry 3 } cdot11SecAuxSsidAuthEapMethod OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-write STATUS current DESCRIPTION "If the value of cdot11SecAuxSsidAuthPlusEap is 'true' or dot11AuthenticationAlgorithm is Network-EAP, this is the EAP method list to use for the EAP authentication. The default is an empty string if EAP is not used." REFERENCE "IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium Access Control and Physical Layer Specifications, LAN MAN Standards Committee of the IEEE Computer Society, IEEE802dot11-MIB." ::= { cdot11SecAuxSsidAuthEntry 4 } cdot11SecAuxSsidAuthMacMethod OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-write STATUS current DESCRIPTION "If the value of cdot11SecAuxSsidAuthPlusMac is 'true', this is the MAC address method list to use for the MAC authentication. The default is an empty string if MAC address authentication is not used." ::= { cdot11SecAuxSsidAuthEntry 5 } cdot11SecAuxSsidAuthMacAlternate OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "If the values of this object, cdot11SecAuxSsidAuthEnabled, cdot11SecAuxSsidAuthPlusMac, and cdot11SecAuxSsidAuthPlusEap are all 'true' and the dot11AuthenticationAlgorithm is 'openSystem' the, the association authentication only need to complete either additional MAC address or additional EAP authentication before client stations will be unblocked from their association attempts. If the value of this object is 'false', only one of the two additional authentications should be enabled. The default value is 'false' for only one additional should be configured." REFERENCE "IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium Access Control and Physical Layer Specifications, LAN MAN Standards Committee of the IEEE Computer Society, IEEE802dot11-MIB." ::= { cdot11SecAuxSsidAuthEntry 6 } cdot11SecInterfSsidTable OBJECT-TYPE SYNTAX SEQUENCE OF Cdot11SecInterfSsidEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains the list of SSIDs installed on radio interfaces of this device and are used for client association. This table has an expansion dependent relationship on the ifTable. For each entry in this table, there exists at least an entry in the ifTable of ifType ieee80211(71)." ::= { cdot11SecSsidManagement 3 } cdot11SecInterfSsidEntry OBJECT-TYPE SYNTAX Cdot11SecInterfSsidEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A collection of attributes for an auxiliary service set ID installed on a IEEE 802.11 radio interface. An interface can have multiple auxiliary service set ID installed and the current maximum for each radio interface is 16 SSIDs, and the cd11IfAuxiliarySsidLength object specifies the configured maximum." INDEX { ifIndex, cdot11SecAuxSsid } ::= { cdot11SecInterfSsidTable 1 } Cdot11SecInterfSsidEntry ::= SEQUENCE { cdot11SecInterfSsidRowStatus RowStatus } cdot11SecInterfSsidRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This is used to install a new SSID configuration, and modify or delete an existing SSID configuration on a radio interface. Creation of rows must be done via 'createAndGo' and with an existing ifIndex of ifType ieee80211(71) and an existing cdot11SecAuxSsid in the cdot11SecAuxSsidTable. This object will become 'active' if the NMS performs a multivarbind set including this object and successfully installs the SSID on this interface. Modification and deletion (via 'destroy') of rows can be done when this object is 'active'. Any change to an existing SSID configuration can cause clients associating with the SSID to disassociate." ::= { cdot11SecInterfSsidEntry 1 } cdot11MbssidMacAddrSupportTable OBJECT-TYPE SYNTAX SEQUENCE OF Cdot11MbssidMacAddrSupportEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains the list of available radio MAC addresses for supporting MBSSID on the IEEE 802.11 radio. This table has an expansion dependent relationship on the ifTable. For each entry in this table, there exists at least an entry in the ifTable of ifType ieee80211(71)." ::= { cdot11SecSsidManagement 4 } cdot11MbssidMacAddrSupportEntry OBJECT-TYPE SYNTAX Cdot11MbssidMacAddrSupportEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry is a MAC address assigned to the IEEE 802.11 radio available to be used as a BSSID and broadcasted in the radio beacon when MBSSID feature is enabled." INDEX { ifIndex, cdot11MbssidMacAddrIndex } ::= { cdot11MbssidMacAddrSupportTable 1 } Cdot11MbssidMacAddrSupportEntry ::= SEQUENCE { cdot11MbssidMacAddrIndex Integer32, cdot11MbssidMacAddrSupported MacAddress } cdot11MbssidMacAddrIndex OBJECT-TYPE SYNTAX Integer32 (1..256) MAX-ACCESS read-only STATUS current DESCRIPTION "This is an unique index identifying the MAC address assigned on the radio. If MBSSID is not supported on this device, the only available index number is 1. Currently, if MBSSID is supported, the index numbers are 1 to 16." ::= { cdot11MbssidMacAddrSupportEntry 1 } cdot11MbssidMacAddrSupported OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "This MAC address can be used as BSSID and broadcasted in the beacon with a SSID when cd11IfMultipleBssidEnable is 'true'." REFERENCE "CISCO-DOT11-IF-MIB, cd11IfStationConfigTable." ::= { cdot11MbssidMacAddrSupportEntry 2 } cdot11MbssidInterfaceTable OBJECT-TYPE SYNTAX SEQUENCE OF Cdot11MbssidInterfaceEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table displays the list of SSIDs and their corresponding BSSIDs configured on the IEEE 802.11 radios. This table has an expansion dependent relationship on the ifTable. For each entry in this table, there exists at least an entry in the ifTable of ifType ieee80211(71)." ::= { cdot11SecSsidManagement 5 } cdot11MbssidInterfaceEntry OBJECT-TYPE SYNTAX Cdot11MbssidInterfaceEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry defines an SSID being configured on the radio and the corresponding BSSID." INDEX { ifIndex, IMPLIED cdot11SecAuxSsid } ::= { cdot11MbssidInterfaceTable 1 } Cdot11MbssidInterfaceEntry ::= SEQUENCE { cdot11MbssidIfMacAddress MacAddress, cdot11MbssidIfBroadcast TruthValue } cdot11MbssidIfMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "This is the BSSID to be sent with the radio SSID. If MBSSID feature is not enabled (i.e. cd11IfMultipleBssidEnable is 'false'), all SSIDs will be sent by the radio with the same BSSID and that is the radio hardware MAC address. If MBSSID feature is enabled (i.e. cd11IfMultipleBssidEnable is 'true'), all SSIDs will be sent by the radio with different BSSIDs." REFERENCE "CISCO-DOT11-IF-MIB, cd11IfStationConfigTable." ::= { cdot11MbssidInterfaceEntry 1 } cdot11MbssidIfBroadcast OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "If d11IfMultipleBssidEnable is 'true', MBSSID is enabled for the radio and this SSID is a broadcast SSID as follows 'true' - This SSID is a broadcast SSID and being broadcasted in the radio beacon. 'false' - This SSID is not a broadcast SSID and is not broadcasted in the radio beacon." REFERENCE "CISCO-DOT11-IF-MIB, cd11IfStationConfigTable." ::= { cdot11MbssidInterfaceEntry 2 } cdot11SecLocalAuthServerEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object configures the use of local authentication server. If it is 'true', local authentication server is enabled. If it is 'false', the local authentication server is disabled. If both local and network servers are configured, the local server is used as back up when network authentication server is not available." ::= { cdot11SecAuthManagement 1 } cdot11SecVlanNameTable OBJECT-TYPE SYNTAX SEQUENCE OF Cdot11SecVlanNameEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains the mapping of VLAN names to IDs. A RADIUS server servering this wireless station can assign wireless clients associating to this station to a particular VLAN by either a VLAN name or an ID. When the VLAN assign of a client is via VLAN name, this table is used to look up for the corresponding VLAN ID and VLAN configured on this wireless station. Each VLAN name uniquely identifies a VLAN on a wireless station, and a VLAN ID can associate to multiple VLAN names in this table." ::= { cdot11SecVlanManagement 1 } cdot11SecVlanNameEntry OBJECT-TYPE SYNTAX Cdot11SecVlanNameEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A collection of attributes defining the properties of a VLAN name and the corresponding VLAN ID." INDEX { cdot11SecVlanName } ::= { cdot11SecVlanNameTable 1 } Cdot11SecVlanNameEntry ::= SEQUENCE { cdot11SecVlanName CDot11VlanName, cdot11SecVlanNameId CDot11IfVlanIdOrZero, cdot11SecVlanNameRowStatus RowStatus } cdot11SecVlanName OBJECT-TYPE SYNTAX CDot11VlanName MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object defines the VLAN name assigned to wireless clients by the RADIUS server serving this wireless station." ::= { cdot11SecVlanNameEntry 1 } cdot11SecVlanNameId OBJECT-TYPE SYNTAX CDot11IfVlanIdOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "This object defines the VLAN trunk to which a client associating to this wireless station will be on. The value is '0' is not valid." ::= { cdot11SecVlanNameEntry 2 } cdot11SecVlanNameRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This is used to create a new VLAN name to ID mapping entry on this device, and modify or delete an existing mapping entry. Creation of rows must be done via 'createAndGo' with all other mandatory objects. This object will become 'active' if the NMS performs a multivarbind set including this object and successfully creates the VLAN name entry on this device. Modification and deletion (via 'destroy') of rows can be done when this object is 'active'. Any change to an existing VLAN name to ID mapping configuration do not affect existing associated wireless clients." ::= { cdot11SecVlanNameEntry 3 } -- ******************************************************************** -- * Conformance information -- ******************************************************************** ciscoDot11SsidSecMIBConformance OBJECT IDENTIFIER ::= { ciscoDot11SsidSecMIB 2 } ciscoDot11SsidSecMIBCompliances OBJECT IDENTIFIER ::= { ciscoDot11SsidSecMIBConformance 1 } ciscoDot11SsidSecMIBGroups OBJECT IDENTIFIER ::= { ciscoDot11SsidSecMIBConformance 2 } -- ***************************************************************** -- Compliance statements -- ***************************************************************** ciscoDot11SsidSecCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "This is the compliance statement for the ciscoDot11SsidSecMIB module." MODULE MANDATORY-GROUPS { cdot11SecSsidManagementGroup, cdot11SsidAuthenticationGroup, cdot11ModuleAuthenticationGroup } GROUP cdot11SecVlanManagementGroup DESCRIPTION "This group is required only if VLAN by name is supported on the IEEE 802.11 wireless LAN devices." GROUP cdot11MbssidSupportGroup DESCRIPTION "This group is required only if MBSSID feature is supported on the IEEE 802.11 wireless LAN devices." OBJECT cdot11SecAuxSsidLoginPassword DESCRIPTION "Due to security reasons, for SNMPv1/v2c, this this object will return blank spaces if a password is configured." OBJECT cdot11SecAuxSsidMaxStations DESCRIPTION "The supported range of values for SET queries are 1 to 255. The supported range of values for SNMP GET or GET-NEXT queries are 0 to 255." OBJECT cdot11SecSsidRedirectFilter DESCRIPTION "Only Cisco IP extend access list number 100 to 199 are required and supported." OBJECT cdot11SecAuxSsidRowStatus SYNTAX INTEGER { active(1), createAndGo(4), destroy(6) } DESCRIPTION "Only the values 'createAndGo', 'destroy', and 'active' need to be supported." OBJECT cdot11SecInterfSsidRowStatus SYNTAX INTEGER { active(1), createAndGo(4), destroy(6) } DESCRIPTION "Only the values 'createAndGo', 'destroy', and 'active' need to be supported." OBJECT cdot11SecVlanNameRowStatus SYNTAX INTEGER { active(1), createAndGo(4), destroy(6) } DESCRIPTION "Only the values 'createAndGo', 'destroy', and 'active' need to be supported." ::= { ciscoDot11SsidSecMIBCompliances 1 } -- ***************************************************************** -- Units of conformance -- ***************************************************************** cdot11SecSsidManagementGroup OBJECT-GROUP OBJECTS { cdot11SecAuxSsidBroadcast, cdot11SecAuxSsidInfraStruct, cdot11SecAuxSsidProxyMobileIp, cdot11SecAuxSsidMaxStations, cdot11SecAuxSsidVlan, cdot11SecAuxSsidWpaPsk, cdot11SecAuxRadiusAccounting, cdot11SecAuxSsidLoginUsername, cdot11SecAuxSsidLoginPassword, cdot11SecAuxSsidAuthKeyMgmt, cdot11SecAuxSsidAuthKeyMgmtOpt, cdot11SecAuxSsidRowStatus, cdot11SecAuxSsidWirelessNetId, cdot11SecSsidRedirectAddrType, cdot11SecSsidRedirectDestAddr, cdot11SecSsidRedirectFilter, cdot11SecSsidInformationElement, cdot11SecAuxSsidVlanName, cdot11SecInterfSsidRowStatus } STATUS current DESCRIPTION "This group includes objects to manage SSID on IEEE 802.11 devices and interfaces." ::= { ciscoDot11SsidSecMIBGroups 1 } cdot11SsidAuthenticationGroup OBJECT-GROUP OBJECTS { cdot11SecAuxSsidAuthEnabled, cdot11SecAuxSsidAuthPlusEap, cdot11SecAuxSsidAuthPlusMac, cdot11SecAuxSsidAuthEapMethod, cdot11SecAuxSsidAuthMacMethod, cdot11SecAuxSsidAuthMacAlternate } STATUS current DESCRIPTION "This group includes objects to manage the association and authentication algorithms for SSIDs." ::= { ciscoDot11SsidSecMIBGroups 2 } cdot11ModuleAuthenticationGroup OBJECT-GROUP OBJECTS { cdot11SecLocalAuthServerEnabled } STATUS current DESCRIPTION "This group includes objects to manage the association and authentication of this wireless station module." ::= { ciscoDot11SsidSecMIBGroups 3 } cdot11SecVlanManagementGroup OBJECT-GROUP OBJECTS { cdot11SecVlanNameId, cdot11SecVlanNameRowStatus } STATUS current DESCRIPTION "This group includes objects to manage the VLAN name and ID mapping table." ::= { ciscoDot11SsidSecMIBGroups 4 } cdot11MbssidSupportGroup OBJECT-GROUP OBJECTS { cdot11SecAuxSsidMbssidBroadcast, cdot11SecAuxSsidMbssidDtimPeriod, cdot11MbssidMacAddrIndex, cdot11MbssidMacAddrSupported, cdot11MbssidIfMacAddress, cdot11MbssidIfBroadcast } STATUS current DESCRIPTION "This group includes objects providing MBSSID configuration information." ::= { ciscoDot11SsidSecMIBGroups 5 } END