1-- ============================================================================= 2-- Copyright (c) 2004-2010 Hangzhou H3C Tech. Co., Ltd. All rights reserved. 3-- 4-- Description: 5-- The file defines a MIB to provide wireless detection service feature. 6-- Reference: 7-- Version: V1.7 8-- History: 9-- V1.0 created by shiyang (Richard) 10-- Initial version 2006-08-20 11-- V1.1 2007-05-16 modified by shiyang (Richard) 12-- Add new objects of h3cDot11UnauthorSSIDName and h3cDot11WIDSAPID. 13-- V1.2 2007-06-19 modified by Deepthi 14-- Changed the h3cDot11RogueAPVendorOUI to h3cDot11RogueAPVendorName, 15-- Type : OCTET STRING and the Size list: 1: 3 should be removed. 16-- Changed the h3cDot11RogueStaVendorOUI to h3cDot11RogueStaVendorName, 17-- Type : OCTET STRING and the Size list: 1: 3 should be removed. 18-- Changed the field h3cDot11DetectMaxAPSigStrength in 19-- h3cDot11WIDSRogueAPExtTable to h3cDot11DetectCurAPSigStrength to 20-- h3cDot11DetectCurAPSigStrength 21-- Changed the field h3cDot11DetectMaxStaSigStrength 22-- H3cDot11WIDSRogueStaExtEntry in h3cDot11WIDSRogueStaExtTable to 23-- h3cDot11DetectCurStaSigStrength 24-- Add new node h3cDot11WIDSPermitVendorName in 25-- h3cDot11WIDSPermitVendorEntry 26-- Remove the field Country Spec(2), ChannelSpec(3) in 27-- h3cDot11WIDSGlobalConfigGroup in h3cDot11WIDSScanMode. 28-- Obsolete the node h3cDot11WIDSScanChannelList in 29-- h3cDot11WIDSGlobalConfigGroup 30-- Add the node h3cDot11WIDSScanType to h3cDot11WIDSGlobalConfigGroup 31-- V1.3 2008-07-25 modified by heziqi 32-- Add new node h3cDot11CntMsrEnable, h3cDot11CntMsrMode, 33-- h3cDot11DevAgingTime, h3cDot11DynBlkListEnable, 34-- h3cDot11DynBlkListLifeTime, h3cDot11FloodAtkDctEnable, 35-- h3cDot11SpoofAtkDctEnable, h3cDot11WeakIVAtkDctEnable, 36-- h3cDot11ResetWIDSRogueHistory, h3cDot11ResetWIDSHistroy, 37-- h3cDot11ResetWIDSStatistics, h3cDot11ResetAllDynBlkList, 38-- h3cDot11ResetAllStcBlkList, h3cDot11ResetAllWhtBlkList, 39-- h3cDot11ResetAllDctRogueAP, h3cDot11ResetAllDctRogueSta, 40-- h3cDot11ResetAllDctAdhoc, h3cDot11ResetAllDctDevice, 41-- h3cDot11ResetAllDctSSID in h3cDot11WIDSGlobalConfigGroup. 42-- Add new node h3cDot11PermitSSIDDetected 43-- in h3cDot11WIDSPermitSSIDTable. 44-- Add new node h3cDot11IgnoreMACDetected, h3cDot11IgnoreDevType 45-- in h3cDot11WIDSIgnoreListTable. 46-- Add new table h3cDot11StaticWhiteListTable, 47-- h3cDot11StaticBlackListTable, h3cDot11WIDSRogueAPTable, 48-- h3cDot11WIDSRogueStaTable, h3cDot11WIDSDetectedDevTable, 49-- h3cDot11WIDSRptAPTable, h3cDot11DynBlackListTable, 50-- h3cDot11WIDSRogueHistoryTable, h3cDot11WIDSAtkHistroyTable 51-- in h3cDot11WIDSDetectGroup. 52-- Add h3cDot11WIDSAtkStatis in h3cDot11WIDSDetectGroup. 53-- Add notification h3cDot11WIDSDetectAttack and 54-- h3cDot11WIDSDetectWBridge. 55-- V1.4 2009-05-07 modified by Li Yugang, Wang Shaojie, Sun Shuai 56-- Add h3cDot11WidsFloodInterval, h3cDot11WidsBlackListThreshold, 57-- h3cDot11SSIDFilterOnOff, h3cDot11BSSIDFilterOnOff to 58-- h3cDot11WIDSGlobalConfigGroup. 59-- Add h3cDot11WIDSPermitBSSIDTable to h3cDot11WIDSConfigGroup. 60-- Add h3cDot11WIDSFloodTrap, h3cDot11WIDSSpoofTrap, 61-- h3cDot11WIDSWeakIVTrap to h3cDot11WIDSTraps. 62-- Add h3cDot11MonitorAPID,h3cDot11MonitorApRadioID, 63-- h3cDot11WIDSAtkMac, h3cDot11WIDSAtkFrameType 64-- to h3cDot11WIDSTrapVarObjects. 65-- V1.5 2009-07-29 modified by heziqi 66-- Add new node h3cDot11WIDSDevSnr for h3cDot11WIDSDetectedDevTable. 67-- V1.6 2010-01-07 modified by Wang Shaojie 68-- Add new node h3cDot11RogueAPFirstDetectTmStr, 69-- h3cDot11RogueAPLastDetectTmStr to h3cDot11WIDSRogueAPTable 70-- Add new node h3cDot11RogueStaFirstDetectTmStr, 71-- h3cDot11RogueStaLastDetectTmStr to h3cDot11WIDSRogueStaTable 72-- Add h3cDot11WIDSAtkChannel, h3cDot11WIDSAtkTime, 73-- h3cDot11WIDSAtkDestMac to h3cDot11WIDSTrapVarObjects. 74-- 2010-03-18 Modified by Deng Gaoliang 75-- Add h3cDot11BlackListTable 76-- 2010-05-31 Modified by LiuChen 77-- Add new node h3cDot11DynBlackListTimeTicks to 78-- h3cDot11DynBlackListTable. 79-- Add new node h3cDot11BlackListTimeTicks to 80-- h3cDot11BlackListTable. 81-- V1.7 2011-10-28 modified by jiaolibin 82-- Add h3cDot11WIDSFirstTrapTime to h3cDot11WIDSTrapVarObjects and 83-- varialbe bingings h3cDot11WIDSFirstTrapTime for h3cDot11WIDSFloodTrap, 84-- h3cDot11WIDSSpoofTrap,h3cDot11WIDSWeakIVTrap. 85-- ============================================================================= 86A3COM-HUAWEI-DOT11-WIDS-MIB DEFINITIONS ::= BEGIN 87 88IMPORTS 89 TruthValue, 90 MacAddress, 91 RowStatus, 92 DateAndTime, 93 TEXTUAL-CONVENTION 94 FROM SNMPv2-TC 95 MODULE-IDENTITY, 96 OBJECT-TYPE, 97 NOTIFICATION-TYPE, 98 Integer32, 99 Unsigned32, 100 TimeTicks 101 FROM SNMPv2-SMI 102 h3cDot11, 103 H3cDot11SSIDStringType, 104 H3cDot11ChannelScopeType, 105 H3cDot11RadioScopeType, 106 H3cDot11ObjectIDType, 107 H3cDot11RadioType 108 FROM A3COM-HUAWEI-DOT11-REF-MIB; 109 110h3cDot11WIDS MODULE-IDENTITY 111 LAST-UPDATED "201005311800Z" -- May 31, 2010 at 18:00 GMT 112 ORGANIZATION 113 "Hangzhou H3C Technologies Co., Ltd." 114 CONTACT-INFO 115 "Platform Team H3C Technologies Co., Ltd. 116 Hai-Dian District Beijing P.R. China 117 http://www.h3c.com 118 Zip: 100085" 119 DESCRIPTION 120 "This MIB provides information about WIDS feature. 121 122 GLOSSARY 123 124 Wireless Intrusion Detection Sensor (WIDS) 125 WIDS is designed to be employed in an area that is serviced 126 by an existing wireless network. 127 It aids in the early detection of malicious outsider attacks 128 and intrusions via wireless networks. 129 130 Rogue AP 131 A rogue access point is any Wi-Fi access point connected to 132 the network without authorization. 133 As it is not authorized, if there is any weakness in 134 the AP, the hacker will have chance to compromise the 135 network. 136 137 Rogue Station 138 It is similiar to Rogue AP, while it is a station. 139 140 Monitor AP 141 An AP will scan or listen to the air, and try to detect 142 wireless attack in the network. 143 Some AP products will work only in monitor role, while some 144 AP products could switch between normal AP role (only 145 provide wireless access service)and monitor AP role. 146 147 Ad Hoc Mode 148 Station could work under Ad hoc mode, then they 149 could directly do peer-to-peer communication without 150 other device support." 151 152 REVISION "201005311800Z" -- May 31, 2010 at 18:00 GMT 153 DESCRIPTION 154 "Modified to add new nodes." 155 REVISION "200907291800Z" -- Jul 29, 2009 at 18:00 GMT 156 DESCRIPTION 157 "Modified to add new nodes." 158 REVISION "200905072000Z" -- May 7, 2009 at 20:00 GMT 159 DESCRIPTION 160 "Add new nodes and table to support new featrues of WIDS." 161 REVISION "200807251900Z" -- July 23, 2008 at 19:00 GMT 162 DESCRIPTION 163 "Add new nodes to support new featrues of WIDS." 164 REVISION "200706191900Z" -- June 19, 2007 at 19:00 GMT 165 DESCRIPTION 166 "To fix bugs in the MIB file." 167 REVISION "200705161900Z" -- May 16, 2007 at 19:00 GMT 168 DESCRIPTION 169 "To fix bugs in the MIB file." 170 REVISION "200608201900Z" -- August 20, 2006 at 19:00 GMT 171 DESCRIPTION 172 "The initial revision of this MIB module." 173 ::= { h3cDot11 5 } 174 175-- ================================================================== 176-- Textual Conventions 177-- ================================================================== 178 179H3cDot11WIDSDevType ::= TEXTUAL-CONVENTION 180 STATUS current 181 DESCRIPTION 182 "The type of device detected." 183 SYNTAX INTEGER 184 { 185 client(1), 186 ap(2), 187 adhoc(3), 188 wirelessBridge(4), 189 unknown(5) 190 } 191 192H3cDot11WIDSDevPermitType ::= TEXTUAL-CONVENTION 193 STATUS current 194 DESCRIPTION 195 "Represents whether the detected device is permitted or a rogue." 196 SYNTAX INTEGER 197 { 198 permit(1), 199 rogue(2) 200 } 201 202H3cDot11WIDSAtkType ::= TEXTUAL-CONVENTION 203 STATUS current 204 DESCRIPTION 205 "The type of attack. 206 This object has following defined values: 207 'act': Action Frame 208 'asr': Association Request 209 'aur': Authentication Request 210 'daf': Deauthentication Frame 211 'dar': Disassociation Request 212 'ndf': Null Data Frame 213 'pbr': Probe Request 214 'rar': Reassociation Request 215 'saf': Spoofed Disassociation Frame 216 'sdf': Spoofed Deauthentication Frame 217 'wiv': Weak IV Detected" 218 SYNTAX INTEGER 219 { 220 act(1), 221 asr(2), 222 aur(3), 223 daf(4), 224 dar(5), 225 ndf(6), 226 pbr(7), 227 rar(8), 228 saf(9), 229 sdf(10), 230 wiv(11), 231 unknown(12) 232 } 233 234 235-- ***************************************************************************** 236-- * Major sections 237-- ***************************************************************************** 238-- WIDS Configuration Group 239-- DEFINED AS "The group to provide the configuration information 240-- for WIDS." 241h3cDot11WIDSConfigGroup OBJECT IDENTIFIER ::= { h3cDot11WIDS 1 } 242-- The Configuration Group has the following children: 243h3cDot11WIDSGlobalConfigGroup OBJECT IDENTIFIER 244 ::= { h3cDot11WIDSConfigGroup 1 } 245-- h3cDot11WIDSPermitVendorTable ::= { h3cDot11WIDSConfigGroup 2 } 246-- h3cDot11WIDSPermitSSIDTable ::= { h3cDot11WIDSConfigGroup 3 } 247-- h3cDot11WIDSIgnoreListTable ::= { h3cDot11WIDSConfigGroup 4 } 248-- h3cDot11WIDSAttackListTable ::= { h3cDot11WIDSConfigGroup 5 } 249 250-- WIDS detection Group 251-- DEFINED AS "The group to provide the detection information 252-- for WIDS." 253h3cDot11WIDSDetectGroup OBJECT IDENTIFIER ::= { h3cDot11WIDS 2 } 254-- The detection Group has the following children: 255-- h3cDot11WIDSRogueAPTable ::= { h3cDot11WIDSDetectGroup 1 } 256-- h3cDot11WIDSRogueAPExtTable ::= { h3cDot11WIDSDetectGroup 2 } 257-- h3cDot11WIDSRogueStaTable ::= { h3cDot11WIDSDetectGroup 3 } 258-- h3cDot11WIDSRogueStaExtTable ::= { h3cDot11WIDSDetectGroup 4 } 259 260-- WIDS Notification 261-- DEFINED AS "The notification for WIDS feature." 262h3cDot11WIDSNotifyGroup OBJECT IDENTIFIER ::= { h3cDot11WIDS 3 } 263 264-- ***************************************************************************** 265-- * h3cDot11WIDSGlobalConfigGroup Definition 266-- ***************************************************************************** 267h3cDot11WIDSScanMode OBJECT-TYPE 268 SYNTAX INTEGER 269 { 270 all(1), 271 auto(2) 272 } 273 MAX-ACCESS read-write 274 STATUS current 275 DESCRIPTION 276 "Represents the scope of channels to be scanned. 277 The following value are supported 278 all(1) - Do scan on all the channels. 279 auto(2) - Do scan for the channels that automatically 280 selected by WIDS." 281 DEFVAL { auto } 282 ::= { h3cDot11WIDSGlobalConfigGroup 1 } 283 284h3cDot11WIDSScanChannelList OBJECT-TYPE 285 SYNTAX OCTET STRING(SIZE(0..128)) 286 MAX-ACCESS read-write 287 STATUS obsolete 288 DESCRIPTION 289 "Represents the channel scope to be scanned when 290 h3cDot11WIDSScanMode is configurated as channelSpec mode. 291 Each channel value will be separated by comma character." 292 ::= { h3cDot11WIDSGlobalConfigGroup 2 } 293 294h3cDot11CntMsrMode OBJECT-TYPE 295 SYNTAX BITS 296 { 297 rogue(0), 298 adhoc(1), 299 config(2) 300 } 301 MAX-ACCESS read-write 302 STATUS current 303 DESCRIPTION 304 "Represents the countermeasures mode." 305 ::= { h3cDot11WIDSGlobalConfigGroup 3 } 306 307h3cDot11DevAgingTime OBJECT-TYPE 308 SYNTAX Integer32(300..1800) 309 UNITS "second" 310 MAX-ACCESS read-write 311 STATUS current 312 DESCRIPTION 313 "Represents the age time for entries in the detected device table. 314 If an entry is not detected within the interval, it is deleted from 315 the detected device table. If the deleted entry is that of a rogue, it 316 is added into the rogue history table." 317 ::= { h3cDot11WIDSGlobalConfigGroup 4 } 318 319h3cDot11DynBlkListEnable OBJECT-TYPE 320 SYNTAX TruthValue 321 MAX-ACCESS read-write 322 STATUS current 323 DESCRIPTION 324 "Represents whether the dynamic blacklist feature is enabled or not. 325 'true' : Enable the dynamic blacklist feature to filter out unwanted 326 clients, which will not get associated. 327 'false' : Disable the dynamic blacklist feature." 328 ::= { h3cDot11WIDSGlobalConfigGroup 5 } 329 330h3cDot11DynBlkListLifeTime OBJECT-TYPE 331 SYNTAX Integer32(60..3600) 332 UNITS "second" 333 MAX-ACCESS read-write 334 STATUS current 335 DESCRIPTION 336 "Represents the lifetime for dynamic blacklist entries. 337 If a dynamic blacklist entry is not detected within the lifetime, the 338 entry will be removed from the dynamic blacklist. 339 The lifetime becomes active only if dynamic blacklist feature is 340 enabled." 341 ::= { h3cDot11WIDSGlobalConfigGroup 6 } 342 343h3cDot11FloodAtkDctEnable OBJECT-TYPE 344 SYNTAX TruthValue 345 MAX-ACCESS read-write 346 STATUS current 347 DESCRIPTION 348 "Represents whether detection of flood attack is enabled or not. 349 'true' : Enable the detection of flood attack. 350 'false' : Disable the detection of flood attack." 351 ::= { h3cDot11WIDSGlobalConfigGroup 7 } 352 353h3cDot11SpoofAtkDctEnable OBJECT-TYPE 354 SYNTAX TruthValue 355 MAX-ACCESS read-write 356 STATUS current 357 DESCRIPTION 358 "Represents whether detection of Spoof attack is enabled or not. 359 'true' : Enable the detection of Spoof attack. 360 'false' : Disable the detection of Spoof attack." 361 ::= { h3cDot11WIDSGlobalConfigGroup 8 } 362 363h3cDot11WeakIVAtkDctEnable OBJECT-TYPE 364 SYNTAX TruthValue 365 MAX-ACCESS read-write 366 STATUS current 367 DESCRIPTION 368 "Represents whether detection of weak-iv attack is enabled or not. 369 'true' : Enable the detection of weak-iv attack. 370 'false' : Disable the detection of weak-iv attack." 371 ::= { h3cDot11WIDSGlobalConfigGroup 9 } 372 373h3cDot11ResetWIDSRogueHistory OBJECT-TYPE 374 SYNTAX TruthValue 375 MAX-ACCESS read-write 376 STATUS current 377 DESCRIPTION 378 "This object is used to clear all entries from the rogue history table. 379 It will return false for get operation." 380 ::= { h3cDot11WIDSGlobalConfigGroup 10 } 381 382h3cDot11ResetWIDSHistroy OBJECT-TYPE 383 SYNTAX TruthValue 384 MAX-ACCESS read-write 385 STATUS current 386 DESCRIPTION 387 "This object is used to clear the history information of attacks 388 detected in the WLAN system. 389 It will return false for get operation." 390 ::= { h3cDot11WIDSGlobalConfigGroup 11 } 391 392h3cDot11ResetWIDSStatistics OBJECT-TYPE 393 SYNTAX TruthValue 394 MAX-ACCESS read-write 395 STATUS current 396 DESCRIPTION 397 "This object is used to clear the statistics of attacks detected in the 398 WLAN system. 399 It will return false for get operation." 400 ::= { h3cDot11WIDSGlobalConfigGroup 12 } 401 402h3cDot11ResetAllDynBlkList OBJECT-TYPE 403 SYNTAX TruthValue 404 MAX-ACCESS read-write 405 STATUS current 406 DESCRIPTION 407 "This object is used to remove all entries from the dynamic blacklist. 408 It will return false for get operation." 409 ::= { h3cDot11WIDSGlobalConfigGroup 13 } 410 411h3cDot11ResetAllStcBlkList OBJECT-TYPE 412 SYNTAX TruthValue 413 MAX-ACCESS read-write 414 STATUS current 415 DESCRIPTION 416 "This object is used to remove all entries from the static blacklist. 417 It will return false for get operation." 418 ::= { h3cDot11WIDSGlobalConfigGroup 14 } 419 420h3cDot11ResetAllWhtBlkList OBJECT-TYPE 421 SYNTAX TruthValue 422 MAX-ACCESS read-write 423 STATUS current 424 DESCRIPTION 425 "This object is used to remove all entries from the static whitelist. 426 It will return false for get operation." 427 ::= { h3cDot11WIDSGlobalConfigGroup 15 } 428 429h3cDot11ResetAllDctRogueAP OBJECT-TYPE 430 SYNTAX TruthValue 431 MAX-ACCESS read-write 432 STATUS current 433 DESCRIPTION 434 "This object is used to clear the information of all detected rogue APs. 435 It will return false for get operation." 436 ::= { h3cDot11WIDSGlobalConfigGroup 16 } 437 438h3cDot11ResetAllDctRogueSta OBJECT-TYPE 439 SYNTAX TruthValue 440 MAX-ACCESS read-write 441 STATUS current 442 DESCRIPTION 443 "This object is used to clear the information of all detected rogue 444 clients. 445 It will return false for get operation." 446 ::= { h3cDot11WIDSGlobalConfigGroup 17 } 447 448h3cDot11ResetAllDctAdhoc OBJECT-TYPE 449 SYNTAX TruthValue 450 MAX-ACCESS read-write 451 STATUS current 452 DESCRIPTION 453 "This object is used to clear the information of all detected ad hoc 454 devices. 455 It will return false for get operation." 456 ::= { h3cDot11WIDSGlobalConfigGroup 18 } 457 458h3cDot11ResetAllDctDevice OBJECT-TYPE 459 SYNTAX TruthValue 460 MAX-ACCESS read-write 461 STATUS current 462 DESCRIPTION 463 "This object is used to clear the information of all detected devices. 464 It will return false for get operation." 465 ::= { h3cDot11WIDSGlobalConfigGroup 19 } 466 467h3cDot11ResetAllDctSSID OBJECT-TYPE 468 SYNTAX TruthValue 469 MAX-ACCESS read-write 470 STATUS current 471 DESCRIPTION 472 "This object is used to clear the information of all detected SSIDs. 473 It will return false for get operation." 474 ::= { h3cDot11WIDSGlobalConfigGroup 20 } 475 476h3cDot11WidsFloodInterval OBJECT-TYPE 477 SYNTAX Unsigned32 478 UNITS "second" 479 MAX-ACCESS read-write 480 STATUS current 481 DESCRIPTION 482 "The interval of WIDS flood detection." 483 DEFVAL { 1 } 484 ::= { h3cDot11WIDSGlobalConfigGroup 21 } 485 486h3cDot11WidsBlackListThreshold OBJECT-TYPE 487 SYNTAX Unsigned32 488 MAX-ACCESS read-write 489 STATUS current 490 DESCRIPTION 491 "When flood attack exceeds the value of this node, 492 the MAC address will be added into black list." 493 DEFVAL { 100 } 494 ::= { h3cDot11WIDSGlobalConfigGroup 22 } 495 496h3cDot11SSIDFilterOnOff OBJECT-TYPE 497 SYNTAX INTEGER 498 { 499 on(1), 500 off(2) 501 } 502 MAX-ACCESS read-write 503 STATUS current 504 DESCRIPTION 505 "Represents whether the SSID permit feature is enabled or not." 506 DEFVAL { on } 507 ::= { h3cDot11WIDSGlobalConfigGroup 23 } 508 509h3cDot11BSSIDFilterOnOff OBJECT-TYPE 510 SYNTAX INTEGER 511 { 512 on(1), 513 off(2) 514 } 515 MAX-ACCESS read-write 516 STATUS current 517 DESCRIPTION 518 "Represents whether the BSSID permit feature is enabled or not." 519 DEFVAL { on } 520 ::= { h3cDot11WIDSGlobalConfigGroup 24 } 521 522-- ********************************************************************** 523-- * End of h3cDot11WIDSGlobalConfigGroup Definition 524-- ***************************************************************************** 525 526-- ***************************************************************************** 527-- * h3cDot11WIDSPermitVendorTable Definition 528-- ***************************************************************************** 529h3cDot11WIDSPermitVendorTable OBJECT-TYPE 530 SYNTAX SEQUENCE OF H3cDot11WIDSPermitVendorEntry 531 MAX-ACCESS not-accessible 532 STATUS current 533 DESCRIPTION 534 "The table provides the permitted vendor list, and each vendor 535 will be identified by OUI. 536 The legal device should be made by the permitted vendors." 537 ::= { h3cDot11WIDSConfigGroup 2 } 538 539h3cDot11WIDSPermitVendorEntry OBJECT-TYPE 540 SYNTAX H3cDot11WIDSPermitVendorEntry 541 MAX-ACCESS not-accessible 542 STATUS current 543 DESCRIPTION 544 "Each entry provides the information of permitted vendor." 545 INDEX 546 { 547 h3cDot11VendorOUI 548 } 549 ::= { h3cDot11WIDSPermitVendorTable 1 } 550 551H3cDot11WIDSPermitVendorEntry ::= SEQUENCE 552 { 553 h3cDot11VendorOUI OCTET STRING, 554 h3cDot11PermitVendorRowStatus RowStatus, 555 h3cDot11VendorName OCTET STRING 556 } 557 558h3cDot11VendorOUI OBJECT-TYPE 559 SYNTAX OCTET STRING(SIZE(3)) 560 MAX-ACCESS not-accessible 561 STATUS current 562 DESCRIPTION 563 "Represents the vendor OUI information of the wireless device." 564 ::= { h3cDot11WIDSPermitVendorEntry 1 } 565 566h3cDot11PermitVendorRowStatus OBJECT-TYPE 567 SYNTAX RowStatus 568 MAX-ACCESS read-create 569 STATUS current 570 DESCRIPTION 571 "The status of this table entry." 572 ::= { h3cDot11WIDSPermitVendorEntry 2 } 573 574h3cDot11VendorName OBJECT-TYPE 575 SYNTAX OCTET STRING(SIZE(0..127)) 576 MAX-ACCESS read-only 577 STATUS current 578 DESCRIPTION 579 "Represents the vendor name of the wireless device." 580 ::= { h3cDot11WIDSPermitVendorEntry 3 } 581-- ***************************************************************************** 582-- * End of h3cDot11WIDSPermitVendorTable Definition 583-- ***************************************************************************** 584 585-- ***************************************************************************** 586-- * h3cDot11WIDSPermitSSIDTable Definition 587-- ***************************************************************************** 588h3cDot11WIDSPermitSSIDTable OBJECT-TYPE 589 SYNTAX SEQUENCE OF H3cDot11WIDSPermitSSIDEntry 590 MAX-ACCESS not-accessible 591 STATUS current 592 DESCRIPTION 593 "The table represents the list of SSID could be permitted in 594 the wireless network." 595 ::= { h3cDot11WIDSConfigGroup 3 } 596 597h3cDot11WIDSPermitSSIDEntry OBJECT-TYPE 598 SYNTAX H3cDot11WIDSPermitSSIDEntry 599 MAX-ACCESS not-accessible 600 STATUS current 601 DESCRIPTION 602 "Each entry provides the information of permitted SSID." 603 INDEX 604 { 605 h3cDot11PermitSSID 606 } 607 ::= { h3cDot11WIDSPermitSSIDTable 1 } 608 609H3cDot11WIDSPermitSSIDEntry ::= SEQUENCE 610 { 611 h3cDot11PermitSSID H3cDot11SSIDStringType, 612 h3cDot11PermitSSIDRowStatus RowStatus, 613 h3cDot11PermitSSIDDetected TruthValue 614 } 615 616h3cDot11PermitSSID OBJECT-TYPE 617 SYNTAX H3cDot11SSIDStringType(SIZE(0..127)) 618 MAX-ACCESS not-accessible 619 STATUS current 620 DESCRIPTION 621 "Represents the permitted SSID in the wireless network." 622 ::= { h3cDot11WIDSPermitSSIDEntry 1 } 623 624h3cDot11PermitSSIDRowStatus OBJECT-TYPE 625 SYNTAX RowStatus 626 MAX-ACCESS read-create 627 STATUS current 628 DESCRIPTION 629 "The status of this table entry." 630 ::= { h3cDot11WIDSPermitSSIDEntry 2 } 631 632h3cDot11PermitSSIDDetected OBJECT-TYPE 633 SYNTAX TruthValue 634 MAX-ACCESS read-only 635 STATUS current 636 DESCRIPTION 637 "Represents whether the permitted SSID is detected or not." 638 ::= { h3cDot11WIDSPermitSSIDEntry 3 } 639-- ***************************************************************************** 640-- * End of h3cDot11WIDSPermitSSIDTable Definition 641-- ***************************************************************************** 642 643-- ***************************************************************************** 644-- * h3cDot11WIDSIgnoreListTable Definition 645-- ***************************************************************************** 646h3cDot11WIDSIgnoreListTable OBJECT-TYPE 647 SYNTAX SEQUENCE OF H3cDot11WIDSIgnoreListEntry 648 MAX-ACCESS not-accessible 649 STATUS current 650 DESCRIPTION 651 "The table provides the MAC address list of stations or APs, 652 and WIDS always take them as legal stations or APs." 653 ::= { h3cDot11WIDSConfigGroup 4 } 654 655h3cDot11WIDSIgnoreListEntry OBJECT-TYPE 656 SYNTAX H3cDot11WIDSIgnoreListEntry 657 MAX-ACCESS not-accessible 658 STATUS current 659 DESCRIPTION 660 "Each entry contains the MAC address of station or AP, 661 and WIDS always take it as legal station or AP." 662 INDEX 663 { 664 h3cDot11IgnoreMAC 665 } 666 ::= { h3cDot11WIDSIgnoreListTable 1 } 667 668H3cDot11WIDSIgnoreListEntry ::= SEQUENCE 669 { 670 h3cDot11IgnoreMAC MacAddress, 671 h3cDot11IgnoreListRowStatus RowStatus, 672 h3cDot11IgnoreMACDetected TruthValue, 673 h3cDot11IgnoreDevType H3cDot11WIDSDevType 674 } 675 676h3cDot11IgnoreMAC OBJECT-TYPE 677 SYNTAX MacAddress 678 MAX-ACCESS not-accessible 679 STATUS current 680 DESCRIPTION 681 "Represents the MAC address of station or AP, and WIDS always 682 take it as legal station or AP." 683 ::= { h3cDot11WIDSIgnoreListEntry 1 } 684 685h3cDot11IgnoreListRowStatus OBJECT-TYPE 686 SYNTAX RowStatus 687 MAX-ACCESS read-create 688 STATUS current 689 DESCRIPTION 690 "The status of this table entry." 691 ::= { h3cDot11WIDSIgnoreListEntry 2 } 692 693h3cDot11IgnoreMACDetected OBJECT-TYPE 694 SYNTAX TruthValue 695 MAX-ACCESS read-only 696 STATUS current 697 DESCRIPTION 698 "Represents whether the MAC address detected or not." 699 ::= { h3cDot11WIDSIgnoreListEntry 3 } 700 701h3cDot11IgnoreDevType OBJECT-TYPE 702 SYNTAX H3cDot11WIDSDevType 703 MAX-ACCESS read-only 704 STATUS current 705 DESCRIPTION 706 "Represents the type of the MAC address detected. 707 The value of this object always is unknown if the MAC address is not 708 detected." 709 ::= { h3cDot11WIDSIgnoreListEntry 4 } 710-- ***************************************************************************** 711-- * End of h3cDot11WIDSIgnoreListTable Definition 712-- ***************************************************************************** 713 714-- ***************************************************************************** 715-- * h3cDot11WIDSAttackListTable Definition 716-- ***************************************************************************** 717h3cDot11WIDSAttackListTable OBJECT-TYPE 718 SYNTAX SEQUENCE OF H3cDot11WIDSAttackListEntry 719 MAX-ACCESS not-accessible 720 STATUS current 721 DESCRIPTION 722 "The table provides the MAC address list of rogue APs or rogue 723 stations, the WIDS will take countermeasure as per the MAC 724 address list." 725 ::= { h3cDot11WIDSConfigGroup 5 } 726 727h3cDot11WIDSAttackListEntry OBJECT-TYPE 728 SYNTAX H3cDot11WIDSAttackListEntry 729 MAX-ACCESS not-accessible 730 STATUS current 731 DESCRIPTION 732 "Each entry contains the MAC address of rogue AP or rogue station, 733 and the countermeasure will be taken for it." 734 INDEX 735 { 736 h3cDot11AttackDeviceMac 737 } 738 ::= { h3cDot11WIDSAttackListTable 1 } 739 740H3cDot11WIDSAttackListEntry ::= SEQUENCE 741 { 742 h3cDot11AttackDeviceMac MacAddress, 743 h3cDot11AttackListRowStatus RowStatus, 744 h3cDot11AttackDevDetected TruthValue, 745 h3cDot11AttackDevType H3cDot11WIDSDevType 746 } 747 748h3cDot11AttackDeviceMac OBJECT-TYPE 749 SYNTAX MacAddress 750 MAX-ACCESS not-accessible 751 STATUS current 752 DESCRIPTION 753 "Represents the MAC address of rogue AP or rogue station, 754 and the countermeasure will be taken for it." 755 ::= { h3cDot11WIDSAttackListEntry 1 } 756 757h3cDot11AttackListRowStatus OBJECT-TYPE 758 SYNTAX RowStatus 759 MAX-ACCESS read-create 760 STATUS current 761 DESCRIPTION 762 "The status of this table entry." 763 ::= { h3cDot11WIDSAttackListEntry 2 } 764 765h3cDot11AttackDevDetected OBJECT-TYPE 766 SYNTAX TruthValue 767 MAX-ACCESS read-only 768 STATUS current 769 DESCRIPTION 770 "Represents whether the assigned MAC address in attack list is detected 771 or not." 772 ::= { h3cDot11WIDSAttackListEntry 3 } 773 774h3cDot11AttackDevType OBJECT-TYPE 775 SYNTAX H3cDot11WIDSDevType 776 MAX-ACCESS read-only 777 STATUS current 778 DESCRIPTION 779 "Represents the type of detected MAC address in attack list. If the 780 MAC address is not detected, it will return unknown(5) for get 781 operation." 782 ::= { h3cDot11WIDSAttackListEntry 4 } 783-- ***************************************************************************** 784-- * End of h3cDot11WIDSAttackListTable Definition 785-- ***************************************************************************** 786 787-- ***************************************************************************** 788-- * h3cDot11StaticWhiteListTable Definition 789-- ***************************************************************************** 790h3cDot11StaticWhiteListTable OBJECT-TYPE 791 SYNTAX SEQUENCE OF H3cDot11StaticWhiteListEntry 792 MAX-ACCESS not-accessible 793 STATUS current 794 DESCRIPTION 795 "The table provides the information of whitelist." 796 ::= { h3cDot11WIDSConfigGroup 6 } 797 798h3cDot11StaticWhiteListEntry OBJECT-TYPE 799 SYNTAX H3cDot11StaticWhiteListEntry 800 MAX-ACCESS not-accessible 801 STATUS current 802 DESCRIPTION 803 "Each entry contains the information of whitelist." 804 INDEX 805 { 806 h3cDot11StaticWhiteListMAC 807 } 808 ::= { h3cDot11StaticWhiteListTable 1 } 809 810H3cDot11StaticWhiteListEntry ::= SEQUENCE 811 { 812 h3cDot11StaticWhiteListMAC MacAddress, 813 h3cDot11StaticWhiteListRowStatus RowStatus 814 } 815 816h3cDot11StaticWhiteListMAC OBJECT-TYPE 817 SYNTAX MacAddress 818 MAX-ACCESS not-accessible 819 STATUS current 820 DESCRIPTION 821 "Represents the MAC addresses in whitelist." 822 ::= { h3cDot11StaticWhiteListEntry 1 } 823 824h3cDot11StaticWhiteListRowStatus OBJECT-TYPE 825 SYNTAX RowStatus 826 MAX-ACCESS read-create 827 STATUS current 828 DESCRIPTION 829 "The status of this table entry." 830 ::= { h3cDot11StaticWhiteListEntry 2 } 831-- ***************************************************************************** 832-- * End of h3cDot11StaticWhiteListTable Definition 833-- ***************************************************************************** 834 835-- ***************************************************************************** 836-- * h3cDot11StaticBlackListTable Definition 837-- ***************************************************************************** 838h3cDot11StaticBlackListTable OBJECT-TYPE 839 SYNTAX SEQUENCE OF H3cDot11StaticBlackListEntry 840 MAX-ACCESS not-accessible 841 STATUS current 842 DESCRIPTION 843 "The table provides the information of static blacklist." 844 ::= { h3cDot11WIDSConfigGroup 7 } 845 846h3cDot11StaticBlackListEntry OBJECT-TYPE 847 SYNTAX H3cDot11StaticBlackListEntry 848 MAX-ACCESS not-accessible 849 STATUS current 850 DESCRIPTION 851 "Each entry contains the information of static blacklist." 852 INDEX 853 { 854 h3cDot11StaticBlackListMAC 855 } 856 ::= { h3cDot11StaticBlackListTable 1 } 857 858H3cDot11StaticBlackListEntry ::= SEQUENCE 859 { 860 h3cDot11StaticBlackListMAC MacAddress, 861 h3cDot11StaticBlackListRowStatus RowStatus 862 } 863 864h3cDot11StaticBlackListMAC OBJECT-TYPE 865 SYNTAX MacAddress 866 MAX-ACCESS not-accessible 867 STATUS current 868 DESCRIPTION 869 "Represents the MAC addresses in static blacklist." 870 ::= { h3cDot11StaticBlackListEntry 1 } 871 872h3cDot11StaticBlackListRowStatus OBJECT-TYPE 873 SYNTAX RowStatus 874 MAX-ACCESS read-create 875 STATUS current 876 DESCRIPTION 877 "The status of this table entry." 878 ::= { h3cDot11StaticBlackListEntry 2 } 879-- ***************************************************************************** 880-- * End of h3cDot11StaticBlackListTable Definition 881-- ***************************************************************************** 882 883-- ***************************************************************************** 884-- * h3cDot11WIDSPermitBSSIDTable Definition 885-- ***************************************************************************** 886h3cDot11WIDSPermitBSSIDTable OBJECT-TYPE 887 SYNTAX SEQUENCE OF H3cDot11WIDSPermitBSSIDEntry 888 MAX-ACCESS not-accessible 889 STATUS current 890 DESCRIPTION 891 "The table represents the list of BSSID could be permitted in 892 the wireless network." 893 ::= { h3cDot11WIDSConfigGroup 8 } 894 895h3cDot11WIDSPermitBSSIDEntry OBJECT-TYPE 896 SYNTAX H3cDot11WIDSPermitBSSIDEntry 897 MAX-ACCESS not-accessible 898 STATUS current 899 DESCRIPTION 900 "Each entry provides the information of permitted BSSID." 901 INDEX 902 { 903 h3cDot11PermitBSSID 904 } 905 ::= { h3cDot11WIDSPermitBSSIDTable 1 } 906 907H3cDot11WIDSPermitBSSIDEntry ::= SEQUENCE 908 { 909 h3cDot11PermitBSSID MacAddress, 910 h3cDot11PermitBSSIDDetected TruthValue, 911 h3cDot11PermitBSSIDRowStatus RowStatus 912 } 913 914h3cDot11PermitBSSID OBJECT-TYPE 915 SYNTAX MacAddress 916 MAX-ACCESS not-accessible 917 STATUS current 918 DESCRIPTION 919 "Represents the permitted BSSID in the wireless network." 920 ::= { h3cDot11WIDSPermitBSSIDEntry 1 } 921 922h3cDot11PermitBSSIDDetected OBJECT-TYPE 923 SYNTAX TruthValue 924 MAX-ACCESS read-only 925 STATUS current 926 DESCRIPTION 927 "Represents whether the permitted BSSID is detected or not." 928 ::= { h3cDot11WIDSPermitBSSIDEntry 2 } 929 930h3cDot11PermitBSSIDRowStatus OBJECT-TYPE 931 SYNTAX RowStatus 932 MAX-ACCESS read-create 933 STATUS current 934 DESCRIPTION 935 "Represents the row status of permit BSSID table." 936 ::= { h3cDot11WIDSPermitBSSIDEntry 3 } 937-- ***************************************************************************** 938-- * End of h3cDot11StaticBlackListTable Definition 939-- ***************************************************************************** 940 941-- ***************************************************************************** 942-- * h3cDot11WIDSRogueAPTable Definition 943-- ***************************************************************************** 944h3cDot11WIDSRogueAPTable OBJECT-TYPE 945 SYNTAX SEQUENCE OF H3cDot11WIDSRogueAPEntry 946 MAX-ACCESS not-accessible 947 STATUS current 948 DESCRIPTION 949 "The table represents the list of possible BSS information for 950 rogue APs detected by the WIDS." 951 ::= { h3cDot11WIDSDetectGroup 1 } 952 953h3cDot11WIDSRogueAPEntry OBJECT-TYPE 954 SYNTAX H3cDot11WIDSRogueAPEntry 955 MAX-ACCESS not-accessible 956 STATUS current 957 DESCRIPTION 958 "Each entry contains possible BSS information of each rogue AP 959 detected by WIDS." 960 INDEX 961 { 962 h3cDot11RogueAPBSSMAC 963 } 964 ::= { h3cDot11WIDSRogueAPTable 1 } 965 966H3cDot11WIDSRogueAPEntry ::= SEQUENCE 967 { 968 h3cDot11RogueAPBSSMAC MacAddress, 969 h3cDot11RogueAPVendorName OCTET STRING, 970 h3cDot11RogueAPMonitorNum Integer32, 971 h3cDot11RogueAPFirstDetectTm TimeTicks, 972 h3cDot11RogueAPLastDetectTm TimeTicks, 973 h3cDot11RogueAPSSID H3cDot11SSIDStringType, 974 h3cDot11RogueAPMaxSigStrength Integer32, 975 h3cDot11RogueAPChannel H3cDot11ChannelScopeType, 976 h3cDot11RogueAPBeaconInterval Integer32, 977 h3cDot11RogueAPAttackedStatus TruthValue, 978 h3cDot11RogueAPToIgnore TruthValue, 979 h3cDot11RogueAPEncryptStatus TruthValue, 980 h3cDot11RogueAPReset TruthValue, 981 h3cDot11RogueAPFirstDetectTmStr OCTET STRING, 982 h3cDot11RogueAPLastDetectTmStr OCTET STRING 983 } 984 985h3cDot11RogueAPBSSMAC OBJECT-TYPE 986 SYNTAX MacAddress 987 MAX-ACCESS not-accessible 988 STATUS current 989 DESCRIPTION 990 "Represents the BSS MAC address of rogue AP." 991 ::= { h3cDot11WIDSRogueAPEntry 1 } 992 993h3cDot11RogueAPVendorName OBJECT-TYPE 994 SYNTAX OCTET STRING(SIZE(0..127)) 995 MAX-ACCESS read-only 996 STATUS current 997 DESCRIPTION 998 "Represents the vendor name of rogue AP." 999 ::= { h3cDot11WIDSRogueAPEntry 2 } 1000 1001h3cDot11RogueAPMonitorNum OBJECT-TYPE 1002 SYNTAX Integer32 1003 MAX-ACCESS read-only 1004 STATUS current 1005 DESCRIPTION 1006 "Represents the number of monitor APs which detected the 1007 rogue AP." 1008 ::= { h3cDot11WIDSRogueAPEntry 3 } 1009 1010h3cDot11RogueAPFirstDetectTm OBJECT-TYPE 1011 SYNTAX TimeTicks 1012 MAX-ACCESS read-only 1013 STATUS current 1014 DESCRIPTION 1015 "Represents the time that AP was detected as a rogue AP for 1016 the first time." 1017 ::= { h3cDot11WIDSRogueAPEntry 4 } 1018 1019h3cDot11RogueAPLastDetectTm OBJECT-TYPE 1020 SYNTAX TimeTicks 1021 MAX-ACCESS read-only 1022 STATUS current 1023 DESCRIPTION 1024 "Represents the time that AP was detected as a rogue AP for 1025 the last time." 1026 ::= { h3cDot11WIDSRogueAPEntry 5 } 1027 1028h3cDot11RogueAPSSID OBJECT-TYPE 1029 SYNTAX H3cDot11SSIDStringType 1030 MAX-ACCESS read-only 1031 STATUS current 1032 DESCRIPTION 1033 "Represents the SSID broadcasted by rogue AP." 1034 ::= { h3cDot11WIDSRogueAPEntry 6 } 1035 1036h3cDot11RogueAPMaxSigStrength OBJECT-TYPE 1037 SYNTAX Integer32 1038 UNITS "dBm" 1039 MAX-ACCESS read-only 1040 STATUS current 1041 DESCRIPTION 1042 "Represents the maximal value of signal strength that WIDS received 1043 from the rogue AP." 1044 ::= { h3cDot11WIDSRogueAPEntry 7 } 1045 1046h3cDot11RogueAPChannel OBJECT-TYPE 1047 SYNTAX H3cDot11ChannelScopeType 1048 MAX-ACCESS read-only 1049 STATUS current 1050 DESCRIPTION 1051 "Represents on which radio channel of the rogue AP the maximal signal 1052 strength was received." 1053 ::= { h3cDot11WIDSRogueAPEntry 8 } 1054 1055h3cDot11RogueAPBeaconInterval OBJECT-TYPE 1056 SYNTAX Integer32 1057 UNITS "millisecond" 1058 MAX-ACCESS read-only 1059 STATUS current 1060 DESCRIPTION 1061 "Represents the interval for Beacon management frame of rogue AP." 1062 ::= { h3cDot11WIDSRogueAPEntry 9 } 1063 1064h3cDot11RogueAPAttackedStatus OBJECT-TYPE 1065 SYNTAX TruthValue 1066 MAX-ACCESS read-only 1067 STATUS current 1068 DESCRIPTION 1069 "Represents whether the countermeasure have taken for the rogue AP." 1070 ::= { h3cDot11WIDSRogueAPEntry 10 } 1071 1072h3cDot11RogueAPToIgnore OBJECT-TYPE 1073 SYNTAX TruthValue 1074 MAX-ACCESS read-write 1075 STATUS current 1076 DESCRIPTION 1077 "Represents whether the rogue AP will be taken as a rogue AP. 1078 If the value is true, NMS should not display the rogue AP 1079 as NMS display rogue AP list, and the MAC address will be 1080 automatically added into h3cDot11WIDSIgnoreListTable. 1081 If the value is false, NMS will take it as a rogue AP. " 1082 DEFVAL { false } 1083 ::= { h3cDot11WIDSRogueAPEntry 11 } 1084 1085h3cDot11RogueAPEncryptStatus OBJECT-TYPE 1086 SYNTAX TruthValue 1087 MAX-ACCESS read-only 1088 STATUS current 1089 DESCRIPTION 1090 "Represents whether the rogue AP encrypt the frame or not." 1091 ::= { h3cDot11WIDSRogueAPEntry 12 } 1092 1093h3cDot11RogueAPReset OBJECT-TYPE 1094 SYNTAX TruthValue 1095 MAX-ACCESS read-write 1096 STATUS current 1097 DESCRIPTION 1098 "This object is used to clear information of assigned AP. The 1099 information of AP which detect assigned rogue AP will be cleared 1100 together. 1101 It will return false for get operation." 1102 ::= { h3cDot11WIDSRogueAPEntry 13 } 1103 1104h3cDot11RogueAPFirstDetectTmStr OBJECT-TYPE 1105 SYNTAX OCTET STRING 1106 MAX-ACCESS read-only 1107 STATUS current 1108 DESCRIPTION 1109 "Represents the time that AP was detected as a rogue AP for 1110 the first time." 1111 ::= { h3cDot11WIDSRogueAPEntry 14 } 1112 1113h3cDot11RogueAPLastDetectTmStr OBJECT-TYPE 1114 SYNTAX OCTET STRING 1115 MAX-ACCESS read-only 1116 STATUS current 1117 DESCRIPTION 1118 "Represents the time that AP was detected as a rogue AP for 1119 the last time." 1120 ::= { h3cDot11WIDSRogueAPEntry 15 } 1121-- ***************************************************************************** 1122-- * end of h3cDot11WIDSRogueAPTable Definition 1123-- ***************************************************************************** 1124 1125-- ***************************************************************************** 1126-- * h3cDot11WIDSRogueAPExtTable Definition 1127-- ***************************************************************************** 1128h3cDot11WIDSRogueAPExtTable OBJECT-TYPE 1129 SYNTAX SEQUENCE OF H3cDot11WIDSRogueAPExtEntry 1130 MAX-ACCESS not-accessible 1131 STATUS current 1132 DESCRIPTION 1133 "As each rogue AP could be detected by multiple monitor APs, each 1134 monitor AP could have some kind of detailed information about 1135 a specific rogue AP. 1136 In the h3cDot11WIDSRogueAPTable table, the detailed 1137 information for a specific rogue AP will be summarized from 1138 information in the h3cDot11WIDSRogueAPExtTable table. 1139 For example, multiple monitor APs could receive RF signal of 1140 one rogue AP, and each monitor AP has its maximum signal strength by 1141 itself. The information will be kept as 1142 h3cDot11DetectMaxAPSigStrength in the h3cDot11WIDSRogueAPExtTable 1143 table. While only the maximum value among all the 1144 h3cDot11DetectMaxAPSigStrength for each monitor AP will be 1145 kept in the h3cDot11WIDSRogueAPTable as 1146 h3cDot11RogueAPMaxSigStrength." 1147 ::= { h3cDot11WIDSDetectGroup 2 } 1148 1149h3cDot11WIDSRogueAPExtEntry OBJECT-TYPE 1150 SYNTAX H3cDot11WIDSRogueAPExtEntry 1151 MAX-ACCESS not-accessible 1152 STATUS current 1153 DESCRIPTION 1154 "Each entry contains information of the rogue AP detected 1155 by each monitor AP." 1156 INDEX 1157 { 1158 h3cDot11RogueAPBSSMAC, 1159 h3cDot11WIDSAPID 1160 } 1161 ::= { h3cDot11WIDSRogueAPExtTable 1 } 1162 1163H3cDot11WIDSRogueAPExtEntry ::= SEQUENCE 1164 { 1165 h3cDot11WIDSAPID H3cDot11ObjectIDType, 1166 h3cDot11DetectCurAPSigStrength Integer32, 1167 h3cDot11DetectAPByChannel H3cDot11ChannelScopeType, 1168 h3cDot11DetectAPByRadioID H3cDot11RadioScopeType, 1169 h3cDot11AttackAPStatus TruthValue, 1170 h3cDot11DetectAPFirstTm TimeTicks, 1171 h3cDot11DetectAPLastTm TimeTicks 1172 } 1173 1174h3cDot11WIDSAPID OBJECT-TYPE 1175 SYNTAX H3cDot11ObjectIDType 1176 MAX-ACCESS not-accessible 1177 STATUS current 1178 DESCRIPTION 1179 "To uniquely identify each AP, and relation-ship between 1180 h3cDot11WIDSAPID and AP device will be static." 1181 ::= { h3cDot11WIDSRogueAPExtEntry 1 } 1182 1183h3cDot11DetectCurAPSigStrength OBJECT-TYPE 1184 SYNTAX Integer32 1185 UNITS "dBm" 1186 MAX-ACCESS read-only 1187 STATUS current 1188 DESCRIPTION 1189 "Represents the current value of signal strength that WIDS monitor 1190 AP received from the rogue AP." 1191 ::= { h3cDot11WIDSRogueAPExtEntry 2 } 1192 1193h3cDot11DetectAPByChannel OBJECT-TYPE 1194 SYNTAX H3cDot11ChannelScopeType 1195 MAX-ACCESS read-only 1196 STATUS current 1197 DESCRIPTION 1198 "Represents on which radio channel that WIDS monitor AP detected 1199 the rogue AP." 1200 ::= { h3cDot11WIDSRogueAPExtEntry 3 } 1201 1202h3cDot11DetectAPByRadioID OBJECT-TYPE 1203 SYNTAX H3cDot11RadioScopeType 1204 MAX-ACCESS read-only 1205 STATUS current 1206 DESCRIPTION 1207 "Represents on which radio the monitor AP has detected the rogue 1208 AP." 1209 ::= { h3cDot11WIDSRogueAPExtEntry 4 } 1210 1211h3cDot11AttackAPStatus OBJECT-TYPE 1212 SYNTAX TruthValue 1213 MAX-ACCESS read-only 1214 STATUS current 1215 DESCRIPTION 1216 "Represents whether monitor AP have taken countermeasure on the 1217 rogue AP." 1218 ::= { h3cDot11WIDSRogueAPExtEntry 5 } 1219 1220h3cDot11DetectAPFirstTm OBJECT-TYPE 1221 SYNTAX TimeTicks 1222 MAX-ACCESS read-only 1223 STATUS current 1224 DESCRIPTION 1225 "Represents the time that monitor AP detected the rogue AP for 1226 the first time." 1227 ::= { h3cDot11WIDSRogueAPExtEntry 6 } 1228 1229h3cDot11DetectAPLastTm OBJECT-TYPE 1230 SYNTAX TimeTicks 1231 MAX-ACCESS read-only 1232 STATUS current 1233 DESCRIPTION 1234 "Represents the time that monitor AP detected the rogue AP for 1235 the last time." 1236 ::= { h3cDot11WIDSRogueAPExtEntry 7 } 1237-- ***************************************************************************** 1238-- * end of h3cDot11WIDSRogueAPExtTable Definition 1239-- ***************************************************************************** 1240 1241-- ***************************************************************************** 1242-- * h3cDot11WIDSRogueStaTable Definition 1243-- ***************************************************************************** 1244h3cDot11WIDSRogueStaTable OBJECT-TYPE 1245 SYNTAX SEQUENCE OF H3cDot11WIDSRogueStaEntry 1246 MAX-ACCESS not-accessible 1247 STATUS current 1248 DESCRIPTION 1249 "The table represents the list of rogue stations detected by 1250 the WIDS." 1251 ::= { h3cDot11WIDSDetectGroup 3 } 1252 1253h3cDot11WIDSRogueStaEntry OBJECT-TYPE 1254 SYNTAX H3cDot11WIDSRogueStaEntry 1255 MAX-ACCESS not-accessible 1256 STATUS current 1257 DESCRIPTION 1258 "Each entry contains information of each rogue station." 1259 INDEX 1260 { 1261 h3cDot11RogueStaMAC 1262 } 1263 ::= { h3cDot11WIDSRogueStaTable 1 } 1264 1265H3cDot11WIDSRogueStaEntry ::= SEQUENCE 1266 { 1267 h3cDot11RogueStaMAC MacAddress, 1268 h3cDot11RogueStaVendorName OCTET STRING, 1269 h3cDot11RogueStaMonitorNum Integer32, 1270 h3cDot11RogueStaFirstDetectTm TimeTicks, 1271 h3cDot11RogueStaLastDetectTm TimeTicks, 1272 h3cDot11RogueStaAccessBSSID MacAddress, 1273 h3cDot11RogueStaMaxSigStrength Integer32, 1274 h3cDot11RogueStaChannel H3cDot11ChannelScopeType, 1275 h3cDot11RogueStaAttackedStatus TruthValue, 1276 h3cDot11RogueStaToIgnore TruthValue, 1277 h3cDot11RogueStaAdHocStatus TruthValue, 1278 h3cDot11RogueStaReset TruthValue, 1279 h3cDot11RogueStaFirstDetectTmStr OCTET STRING, 1280 h3cDot11RogueStaLastDetectTmStr OCTET STRING 1281 } 1282 1283h3cDot11RogueStaMAC OBJECT-TYPE 1284 SYNTAX MacAddress 1285 MAX-ACCESS not-accessible 1286 STATUS current 1287 DESCRIPTION 1288 "Represents the MAC address of rogue station." 1289 ::= { h3cDot11WIDSRogueStaEntry 1 } 1290 1291h3cDot11RogueStaVendorName OBJECT-TYPE 1292 SYNTAX OCTET STRING(SIZE(0..127)) 1293 MAX-ACCESS read-only 1294 STATUS current 1295 DESCRIPTION 1296 "Represents the vendor name of rogue station." 1297 ::= { h3cDot11WIDSRogueStaEntry 2 } 1298 1299h3cDot11RogueStaMonitorNum OBJECT-TYPE 1300 SYNTAX Integer32 1301 MAX-ACCESS read-only 1302 STATUS current 1303 DESCRIPTION 1304 "Represents the number of monitor APs which detected the 1305 rogue station." 1306 ::= { h3cDot11WIDSRogueStaEntry 3 } 1307 1308h3cDot11RogueStaFirstDetectTm OBJECT-TYPE 1309 SYNTAX TimeTicks 1310 MAX-ACCESS read-only 1311 STATUS current 1312 DESCRIPTION 1313 "Represents the time that station was detected as a rogue station for 1314 the first time." 1315 ::= { h3cDot11WIDSRogueStaEntry 4 } 1316 1317h3cDot11RogueStaLastDetectTm OBJECT-TYPE 1318 SYNTAX TimeTicks 1319 MAX-ACCESS read-only 1320 STATUS current 1321 DESCRIPTION 1322 "Represents the time that station was detected as a rogue station for 1323 the last time." 1324 ::= { h3cDot11WIDSRogueStaEntry 5 } 1325 1326h3cDot11RogueStaAccessBSSID OBJECT-TYPE 1327 SYNTAX MacAddress 1328 MAX-ACCESS read-only 1329 STATUS current 1330 DESCRIPTION 1331 "Represents BSS MAC address that rogue station try to access." 1332 ::= { h3cDot11WIDSRogueStaEntry 6 } 1333 1334h3cDot11RogueStaMaxSigStrength OBJECT-TYPE 1335 SYNTAX Integer32 1336 UNITS "dBm" 1337 MAX-ACCESS read-only 1338 STATUS current 1339 DESCRIPTION 1340 "Represents the maximal value of signal strength that WIDS received 1341 from the rogue station." 1342 ::= { h3cDot11WIDSRogueStaEntry 7 } 1343 1344h3cDot11RogueStaChannel OBJECT-TYPE 1345 SYNTAX H3cDot11ChannelScopeType 1346 MAX-ACCESS read-only 1347 STATUS current 1348 DESCRIPTION 1349 "Represents on which radio channel the maximal signal strength 1350 was received." 1351 ::= { h3cDot11WIDSRogueStaEntry 8 } 1352 1353h3cDot11RogueStaAttackedStatus OBJECT-TYPE 1354 SYNTAX TruthValue 1355 MAX-ACCESS read-only 1356 STATUS current 1357 DESCRIPTION 1358 "Represents whether the countermeasure have taken for the rogue 1359 station." 1360 ::= { h3cDot11WIDSRogueStaEntry 9 } 1361 1362h3cDot11RogueStaToIgnore OBJECT-TYPE 1363 SYNTAX TruthValue 1364 MAX-ACCESS read-write 1365 STATUS current 1366 DESCRIPTION 1367 "Represents whether the rogue AP will be taken as a rogue station. 1368 If the value is true, NMS should not display the rogue station 1369 as NMS display rogue station list, and the MAC address will be 1370 automatically added into h3cDot11WIDSIgnoreListTable. 1371 If the value is false, NMS will take it as a rogue station. " 1372 DEFVAL { false } 1373 ::= { h3cDot11WIDSRogueStaEntry 10 } 1374 1375h3cDot11RogueStaAdHocStatus OBJECT-TYPE 1376 SYNTAX TruthValue 1377 MAX-ACCESS read-only 1378 STATUS current 1379 DESCRIPTION 1380 "Represents whether the rogue station work on the Ad Hoc mode 1381 or not." 1382 ::= { h3cDot11WIDSRogueStaEntry 11 } 1383 1384h3cDot11RogueStaReset OBJECT-TYPE 1385 SYNTAX TruthValue 1386 MAX-ACCESS read-write 1387 STATUS current 1388 DESCRIPTION 1389 "This object is used to clear information of assigned station. The 1390 information of AP which detects assigned rogue station will be cleared 1391 together. 1392 It will return false for get operation." 1393 ::= { h3cDot11WIDSRogueStaEntry 12 } 1394 1395h3cDot11RogueStaFirstDetectTmStr OBJECT-TYPE 1396 SYNTAX OCTET STRING 1397 MAX-ACCESS read-only 1398 STATUS current 1399 DESCRIPTION 1400 "Represents the time that station was detected as a rogue station for 1401 the first time." 1402 ::= { h3cDot11WIDSRogueStaEntry 13 } 1403 1404h3cDot11RogueStaLastDetectTmStr OBJECT-TYPE 1405 SYNTAX OCTET STRING 1406 MAX-ACCESS read-only 1407 STATUS current 1408 DESCRIPTION 1409 "Represents the time that station was detected as a rogue station for 1410 the last time." 1411 ::= { h3cDot11WIDSRogueStaEntry 14 } 1412-- ***************************************************************************** 1413-- * End of h3cDot11WIDSRogueStaTable Definition 1414-- ***************************************************************************** 1415 1416-- ***************************************************************************** 1417-- * h3cDot11WIDSRogueStaExtTable Definition 1418-- ***************************************************************************** 1419h3cDot11WIDSRogueStaExtTable OBJECT-TYPE 1420 SYNTAX SEQUENCE OF H3cDot11WIDSRogueStaExtEntry 1421 MAX-ACCESS not-accessible 1422 STATUS current 1423 DESCRIPTION 1424 "As each rogue station could be detected by multiple monitor APs, each 1425 monitor AP could have some kind of detailed information about 1426 a specific rogue station. 1427 In the h3cDot11WIDSRogueStaTable table, the detailed 1428 information for a specific rogue station will be summarized from 1429 information in the h3cDot11WIDSRogueStaExtTable table. 1430 For example, multiple monitor APs could receive RF signal of one rogue 1431 station, and each monitor AP has its maximum signal strength by 1432 itself. The information will be kept as 1433 h3cDot11DetectMaxStaSigStrength in the h3cDot11WIDSRogueStaExtTable 1434 table. While only the maximum value among all the 1435 h3cDot11DetectMaxStaSigStrength for each monitor AP will be 1436 kept in the h3cDot11WIDSRogueStaTable as 1437 h3cDot11RogueStaMaxSigStrength." 1438 ::= { h3cDot11WIDSDetectGroup 4 } 1439 1440h3cDot11WIDSRogueStaExtEntry OBJECT-TYPE 1441 SYNTAX H3cDot11WIDSRogueStaExtEntry 1442 MAX-ACCESS not-accessible 1443 STATUS current 1444 DESCRIPTION 1445 "Each entry contains information of rogue station detected 1446 by each monitor AP." 1447 INDEX 1448 { 1449 h3cDot11RogueStaMAC, 1450 h3cDot11WIDSAPID 1451 } 1452 ::= { h3cDot11WIDSRogueStaExtTable 1 } 1453 1454H3cDot11WIDSRogueStaExtEntry ::= SEQUENCE 1455 { 1456 h3cDot11DetectCurStaSigStrength Integer32, 1457 h3cDot11DetectStaByChannel H3cDot11ChannelScopeType, 1458 h3cDot11DetectStaByRadioID H3cDot11RadioScopeType, 1459 h3cDot11AttackStaStatus TruthValue, 1460 h3cDot11DetectStaFirstTm TimeTicks, 1461 h3cDot11DetectStaLastTm TimeTicks 1462 } 1463 1464h3cDot11DetectCurStaSigStrength OBJECT-TYPE 1465 SYNTAX Integer32 1466 UNITS "dBm" 1467 MAX-ACCESS read-only 1468 STATUS current 1469 DESCRIPTION 1470 "Represents the current value of signal strength that WIDS monitor 1471 AP received from the rogue station." 1472 ::= { h3cDot11WIDSRogueStaExtEntry 1 } 1473 1474h3cDot11DetectStaByChannel OBJECT-TYPE 1475 SYNTAX H3cDot11ChannelScopeType 1476 MAX-ACCESS read-only 1477 STATUS current 1478 DESCRIPTION 1479 "Represents on which radio channel the maximal signal strength 1480 was received." 1481 ::= { h3cDot11WIDSRogueStaExtEntry 2 } 1482 1483h3cDot11DetectStaByRadioID OBJECT-TYPE 1484 SYNTAX H3cDot11RadioScopeType 1485 MAX-ACCESS read-only 1486 STATUS current 1487 DESCRIPTION 1488 "Represents which radio on the monitor AP has detected the 1489 rogue station." 1490 ::= { h3cDot11WIDSRogueStaExtEntry 3 } 1491 1492h3cDot11AttackStaStatus OBJECT-TYPE 1493 SYNTAX TruthValue 1494 MAX-ACCESS read-only 1495 STATUS current 1496 DESCRIPTION 1497 "Represents whether monitor AP have taken countermeasure for the 1498 rogue station." 1499 ::= { h3cDot11WIDSRogueStaExtEntry 4 } 1500 1501h3cDot11DetectStaFirstTm OBJECT-TYPE 1502 SYNTAX TimeTicks 1503 MAX-ACCESS read-only 1504 STATUS current 1505 DESCRIPTION 1506 "Represents the time that monitor AP detected the rogue station 1507 for the first time." 1508 ::= { h3cDot11WIDSRogueStaExtEntry 5 } 1509 1510h3cDot11DetectStaLastTm OBJECT-TYPE 1511 SYNTAX TimeTicks 1512 MAX-ACCESS read-only 1513 STATUS current 1514 DESCRIPTION 1515 "Represents the time that monitor AP detected the rogue station 1516 for the last time." 1517 ::= { h3cDot11WIDSRogueStaExtEntry 6 } 1518-- ***************************************************************************** 1519-- * end of h3cDot11WIDSRogueStaExtTable Definition 1520-- ***************************************************************************** 1521 1522-- ***************************************************************************** 1523-- * h3cDot11WIDSDetectedDevTable Definition 1524-- ***************************************************************************** 1525h3cDot11WIDSDetectedDevTable OBJECT-TYPE 1526 SYNTAX SEQUENCE OF H3cDot11WIDSDetectedDevEntry 1527 MAX-ACCESS not-accessible 1528 STATUS current 1529 DESCRIPTION 1530 "This Table contains information of detected devices." 1531 ::= { h3cDot11WIDSDetectGroup 5 } 1532 1533h3cDot11WIDSDetectedDevEntry OBJECT-TYPE 1534 SYNTAX H3cDot11WIDSDetectedDevEntry 1535 MAX-ACCESS not-accessible 1536 STATUS current 1537 DESCRIPTION 1538 "Each entry contains information of detected devices." 1539 INDEX 1540 { 1541 h3cDot11WIDSDevMAC 1542 } 1543 ::= { h3cDot11WIDSDetectedDevTable 1 } 1544 1545H3cDot11WIDSDetectedDevEntry ::= SEQUENCE 1546 { 1547 h3cDot11WIDSDevMAC MacAddress, 1548 h3cDot11WIDSDevType H3cDot11WIDSDevType, 1549 h3cDot11WIDSDevPermitType H3cDot11WIDSDevPermitType, 1550 h3cDot11WIDSDevVendor OCTET STRING, 1551 h3cDot11WIDSDevMonitorNum Integer32, 1552 h3cDot11WIDSDevSSID OCTET STRING, 1553 h3cDot11WIDSDevBSSID MacAddress, 1554 h3cDot11WIDSDevChannel H3cDot11ChannelScopeType, 1555 h3cDot11WIDSDevMaxRSSI Integer32, 1556 h3cDot11WIDSDevBeaconIntvl Integer32, 1557 h3cDot11WIDSDevFstDctTime DateAndTime, 1558 h3cDot11WIDSDevLstDctTime DateAndTime, 1559 h3cDot11WIDSDevReset TruthValue, 1560 h3cDot11WIDSDevSnr Integer32 1561 } 1562 1563h3cDot11WIDSDevMAC OBJECT-TYPE 1564 SYNTAX MacAddress 1565 MAX-ACCESS not-accessible 1566 STATUS current 1567 DESCRIPTION 1568 "Represents MAC address of the device detected." 1569 ::= { h3cDot11WIDSDetectedDevEntry 1 } 1570 1571h3cDot11WIDSDevType OBJECT-TYPE 1572 SYNTAX H3cDot11WIDSDevType 1573 MAX-ACCESS read-only 1574 STATUS current 1575 DESCRIPTION 1576 "Represents type of the device detected." 1577 ::= { h3cDot11WIDSDetectedDevEntry 2 } 1578 1579h3cDot11WIDSDevPermitType OBJECT-TYPE 1580 SYNTAX H3cDot11WIDSDevPermitType 1581 MAX-ACCESS read-only 1582 STATUS current 1583 DESCRIPTION 1584 "Represents whether the device detected is a rogue device or not." 1585 ::= { h3cDot11WIDSDetectedDevEntry 3 } 1586 1587h3cDot11WIDSDevVendor OBJECT-TYPE 1588 SYNTAX OCTET STRING 1589 MAX-ACCESS read-only 1590 STATUS current 1591 DESCRIPTION 1592 "Represents Vendor of the detected device." 1593 ::= { h3cDot11WIDSDetectedDevEntry 4 } 1594 1595h3cDot11WIDSDevMonitorNum OBJECT-TYPE 1596 SYNTAX Integer32 1597 MAX-ACCESS read-only 1598 STATUS current 1599 DESCRIPTION 1600 "Represents the number of active APs that detect the device." 1601 ::= { h3cDot11WIDSDetectedDevEntry 5 } 1602 1603h3cDot11WIDSDevSSID OBJECT-TYPE 1604 SYNTAX OCTET STRING 1605 MAX-ACCESS read-only 1606 STATUS current 1607 DESCRIPTION 1608 "Represents the service set identifier for the ESS of the device." 1609 ::= { h3cDot11WIDSDetectedDevEntry 6 } 1610 1611h3cDot11WIDSDevBSSID OBJECT-TYPE 1612 SYNTAX MacAddress 1613 MAX-ACCESS read-only 1614 STATUS current 1615 DESCRIPTION 1616 "Represents the basic service set identifier of the detected device." 1617 ::= { h3cDot11WIDSDetectedDevEntry 7 } 1618 1619h3cDot11WIDSDevChannel OBJECT-TYPE 1620 SYNTAX H3cDot11ChannelScopeType 1621 MAX-ACCESS read-only 1622 STATUS current 1623 DESCRIPTION 1624 "Represents the channel in which the device was last detected." 1625 ::= { h3cDot11WIDSDetectedDevEntry 8 } 1626 1627h3cDot11WIDSDevMaxRSSI OBJECT-TYPE 1628 SYNTAX Integer32 1629 UNITS "dbm" 1630 MAX-ACCESS read-only 1631 STATUS current 1632 DESCRIPTION 1633 "Represents the maximum detected RSSI of the device." 1634 ::= { h3cDot11WIDSDetectedDevEntry 9 } 1635 1636h3cDot11WIDSDevBeaconIntvl OBJECT-TYPE 1637 SYNTAX Integer32 1638 UNITS "millionsecond" 1639 MAX-ACCESS read-only 1640 STATUS current 1641 DESCRIPTION 1642 "Represents the beacon interval for the detected AP." 1643 ::= { h3cDot11WIDSDetectedDevEntry 10 } 1644 1645h3cDot11WIDSDevFstDctTime OBJECT-TYPE 1646 SYNTAX DateAndTime 1647 MAX-ACCESS read-only 1648 STATUS current 1649 DESCRIPTION 1650 "Represents the time at which the device was first detected." 1651 ::= { h3cDot11WIDSDetectedDevEntry 11 } 1652 1653h3cDot11WIDSDevLstDctTime OBJECT-TYPE 1654 SYNTAX DateAndTime 1655 MAX-ACCESS read-only 1656 STATUS current 1657 DESCRIPTION 1658 "Represents the time at which the rogue AP was detected last time." 1659 ::= { h3cDot11WIDSDetectedDevEntry 12 } 1660 1661h3cDot11WIDSDevReset OBJECT-TYPE 1662 SYNTAX TruthValue 1663 MAX-ACCESS read-write 1664 STATUS current 1665 DESCRIPTION 1666 "This object is used to clears the information of the device detected 1667 in the WLAN. 1668 It will return false for get operation." 1669 ::= { h3cDot11WIDSDetectedDevEntry 13 } 1670 1671h3cDot11WIDSDevSnr OBJECT-TYPE 1672 SYNTAX Integer32 1673 UNITS "dB" 1674 MAX-ACCESS read-only 1675 STATUS current 1676 DESCRIPTION 1677 "Represents SNR of the device detected." 1678 ::= { h3cDot11WIDSDetectedDevEntry 14 } 1679 1680-- ***************************************************************************** 1681-- * end of h3cDot11WIDSDetectedDevTable Definition 1682-- ***************************************************************************** 1683 1684-- ***************************************************************************** 1685-- * h3cDot11WIDSRptAPTable Definition 1686-- ***************************************************************************** 1687h3cDot11WIDSRptAPTable OBJECT-TYPE 1688 SYNTAX SEQUENCE OF H3cDot11WIDSRptAPEntry 1689 MAX-ACCESS not-accessible 1690 STATUS current 1691 DESCRIPTION 1692 "This Table contains information of the AP which detected device in the 1693 WLAN." 1694 ::= { h3cDot11WIDSDetectGroup 6 } 1695 1696h3cDot11WIDSRptAPEntry OBJECT-TYPE 1697 SYNTAX H3cDot11WIDSRptAPEntry 1698 MAX-ACCESS not-accessible 1699 STATUS current 1700 DESCRIPTION 1701 "Each entry contains information of the AP which detected device in the 1702 WLAN." 1703 INDEX 1704 { 1705 h3cDot11WIDSDevMAC, 1706 h3cDot11WIDSRptAPMAC 1707 } 1708 ::= { h3cDot11WIDSRptAPTable 1 } 1709 1710H3cDot11WIDSRptAPEntry ::= SEQUENCE 1711 { 1712 h3cDot11WIDSRptAPMAC MacAddress, 1713 h3cDot11WIDSRptAPName OCTET STRING, 1714 h3cDot11WIDSRptAPRadioID H3cDot11RadioScopeType, 1715 h3cDot11WIDSRptAPMaxRSSI Integer32, 1716 h3cDot11WIDSRptAPFstDctTime DateAndTime, 1717 h3cDot11WIDSRptAPLstDctTime DateAndTime 1718 } 1719 1720h3cDot11WIDSRptAPMAC OBJECT-TYPE 1721 SYNTAX MacAddress 1722 MAX-ACCESS not-accessible 1723 STATUS current 1724 DESCRIPTION 1725 "Represents the MAC address of the AP that detected the device." 1726 ::= { h3cDot11WIDSRptAPEntry 1 } 1727 1728h3cDot11WIDSRptAPName OBJECT-TYPE 1729 SYNTAX OCTET STRING 1730 MAX-ACCESS read-only 1731 STATUS current 1732 DESCRIPTION 1733 "Represents the name of the AP that detected the device." 1734 ::= { h3cDot11WIDSRptAPEntry 2 } 1735 1736h3cDot11WIDSRptAPRadioID OBJECT-TYPE 1737 SYNTAX H3cDot11RadioScopeType 1738 MAX-ACCESS read-only 1739 STATUS current 1740 DESCRIPTION 1741 "Represents the radio index of the AP that detected the device." 1742 ::= { h3cDot11WIDSRptAPEntry 3 } 1743 1744h3cDot11WIDSRptAPMaxRSSI OBJECT-TYPE 1745 SYNTAX Integer32 1746 MAX-ACCESS read-only 1747 STATUS current 1748 DESCRIPTION 1749 "Represents the maximum detected RSSI of the device." 1750 ::= { h3cDot11WIDSRptAPEntry 4 } 1751 1752h3cDot11WIDSRptAPFstDctTime OBJECT-TYPE 1753 SYNTAX DateAndTime 1754 MAX-ACCESS read-only 1755 STATUS current 1756 DESCRIPTION 1757 "Represents the time at which the rogue AP was detected first time." 1758 ::= { h3cDot11WIDSRptAPEntry 5 } 1759 1760h3cDot11WIDSRptAPLstDctTime OBJECT-TYPE 1761 SYNTAX DateAndTime 1762 MAX-ACCESS read-only 1763 STATUS current 1764 DESCRIPTION 1765 "Represents the time at which the rogue AP was detected last time." 1766 ::= { h3cDot11WIDSRptAPEntry 6 } 1767-- ***************************************************************************** 1768-- * end of h3cDot11WIDSRptAPTable Definition 1769-- ***************************************************************************** 1770 1771-- ***************************************************************************** 1772-- * h3cDot11DynBlackListTable Definition 1773-- ***************************************************************************** 1774h3cDot11DynBlackListTable OBJECT-TYPE 1775 SYNTAX SEQUENCE OF H3cDot11DynBlackListEntry 1776 MAX-ACCESS not-accessible 1777 STATUS current 1778 DESCRIPTION 1779 "This table contains information of dynamic blacklist entries." 1780 ::= { h3cDot11WIDSDetectGroup 7 } 1781 1782h3cDot11DynBlackListEntry OBJECT-TYPE 1783 SYNTAX H3cDot11DynBlackListEntry 1784 MAX-ACCESS not-accessible 1785 STATUS current 1786 DESCRIPTION 1787 "Each entry contains information of dynamic blacklist." 1788 INDEX 1789 { 1790 h3cDot11DynBlackListMAC 1791 } 1792 ::= { h3cDot11DynBlackListTable 1 } 1793 1794H3cDot11DynBlackListEntry ::= SEQUENCE 1795 { 1796 h3cDot11DynBlackListMAC MacAddress, 1797 h3cDot11DynBlackListTime Unsigned32, 1798 h3cDot11DynBlackListReason OCTET STRING, 1799 h3cDot11DynBlackListReset TruthValue, 1800 h3cDot11DynBlackListTimeTicks TimeTicks 1801 } 1802 1803h3cDot11DynBlackListMAC OBJECT-TYPE 1804 SYNTAX MacAddress 1805 MAX-ACCESS not-accessible 1806 STATUS current 1807 DESCRIPTION 1808 "Represents the MAC address of the device inserted into the dynamic 1809 blacklist." 1810 ::= { h3cDot11DynBlackListEntry 1 } 1811 1812h3cDot11DynBlackListTime OBJECT-TYPE 1813 SYNTAX Unsigned32 1814 UNITS "second" 1815 MAX-ACCESS read-only 1816 STATUS current 1817 DESCRIPTION 1818 "Represents the time elapsed since the entry was last updated." 1819 ::= { h3cDot11DynBlackListEntry 2 } 1820 1821h3cDot11DynBlackListReason OBJECT-TYPE 1822 SYNTAX OCTET STRING 1823 MAX-ACCESS read-only 1824 STATUS current 1825 DESCRIPTION 1826 "Represents the reason why the entry was added into the dynamic 1827 blacklist." 1828 ::= { h3cDot11DynBlackListEntry 3 } 1829 1830h3cDot11DynBlackListReset OBJECT-TYPE 1831 SYNTAX TruthValue 1832 MAX-ACCESS read-write 1833 STATUS current 1834 DESCRIPTION 1835 "This object is used to remove designated entry from the dynamic 1836 blacklist. 1837 The value which read from this object always is false." 1838 ::= { h3cDot11DynBlackListEntry 4 } 1839 1840h3cDot11DynBlackListTimeTicks OBJECT-TYPE 1841 SYNTAX TimeTicks 1842 MAX-ACCESS read-only 1843 STATUS current 1844 DESCRIPTION 1845 "Represents the time elapsed since the entry was last updated in units TimeTicks." 1846 ::= { h3cDot11DynBlackListEntry 5 } 1847 1848-- ***************************************************************************** 1849-- * end of h3cDot11DynBlackListTable Definition 1850-- ***************************************************************************** 1851 1852-- ***************************************************************************** 1853-- * h3cDot11WIDSRogueHistoryTable Definition 1854-- ***************************************************************************** 1855h3cDot11WIDSRogueHistoryTable OBJECT-TYPE 1856 SYNTAX SEQUENCE OF H3cDot11WIDSRogueHistoryEntry 1857 MAX-ACCESS not-accessible 1858 STATUS current 1859 DESCRIPTION 1860 "This table contains information of all expired rogue devices which 1861 have been deleted from the list of detected rogue devices because 1862 they could not be detected within the device aging duration." 1863 ::= { h3cDot11WIDSDetectGroup 8 } 1864 1865h3cDot11WIDSRogueHistoryEntry OBJECT-TYPE 1866 SYNTAX H3cDot11WIDSRogueHistoryEntry 1867 MAX-ACCESS not-accessible 1868 STATUS current 1869 DESCRIPTION 1870 "Each entry contains information of an expired rogue device which 1871 has been deleted from the list of detected rogue devices because 1872 they could not be detected within the device aging duration." 1873 INDEX 1874 { 1875 h3cDot11WIDSRogueHisIndex 1876 } 1877 ::= { h3cDot11WIDSRogueHistoryTable 1 } 1878 1879H3cDot11WIDSRogueHistoryEntry ::= SEQUENCE 1880 { 1881 h3cDot11WIDSRogueHisIndex Integer32, 1882 h3cDot11WIDSRogueHisMAC MacAddress, 1883 h3cDot11WIDSRogueHisVendor OCTET STRING, 1884 h3cDot11WIDSRogueHisType H3cDot11WIDSDevType, 1885 h3cDot11WIDSRogueHisChl H3cDot11ChannelScopeType, 1886 h3cDot11WIDSRogueHisSSID OCTET STRING, 1887 h3cDot11WIDSRogueHisLastDctTime DateAndTime 1888 } 1889 1890h3cDot11WIDSRogueHisIndex OBJECT-TYPE 1891 SYNTAX Integer32 1892 MAX-ACCESS not-accessible 1893 STATUS current 1894 DESCRIPTION 1895 "Represents index of this entry." 1896 ::= { h3cDot11WIDSRogueHistoryEntry 1 } 1897 1898h3cDot11WIDSRogueHisMAC OBJECT-TYPE 1899 SYNTAX MacAddress 1900 MAX-ACCESS read-only 1901 STATUS current 1902 DESCRIPTION 1903 "Represents the MAC address of the device." 1904 ::= { h3cDot11WIDSRogueHistoryEntry 2 } 1905 1906h3cDot11WIDSRogueHisVendor OBJECT-TYPE 1907 SYNTAX OCTET STRING 1908 MAX-ACCESS read-only 1909 STATUS current 1910 DESCRIPTION 1911 "Represents the vendor for the device." 1912 ::= { h3cDot11WIDSRogueHistoryEntry 3 } 1913 1914h3cDot11WIDSRogueHisType OBJECT-TYPE 1915 SYNTAX H3cDot11WIDSDevType 1916 MAX-ACCESS read-only 1917 STATUS current 1918 DESCRIPTION 1919 "Represents the type of the device." 1920 ::= { h3cDot11WIDSRogueHistoryEntry 4 } 1921 1922h3cDot11WIDSRogueHisChl OBJECT-TYPE 1923 SYNTAX H3cDot11ChannelScopeType 1924 MAX-ACCESS read-only 1925 STATUS current 1926 DESCRIPTION 1927 "Represents the channel in which the device was last detected." 1928 ::= { h3cDot11WIDSRogueHistoryEntry 5 } 1929 1930h3cDot11WIDSRogueHisSSID OBJECT-TYPE 1931 SYNTAX OCTET STRING 1932 MAX-ACCESS read-only 1933 STATUS current 1934 DESCRIPTION 1935 "Represents the service set identifier for the ESS of the device." 1936 ::= { h3cDot11WIDSRogueHistoryEntry 6 } 1937 1938h3cDot11WIDSRogueHisLastDctTime OBJECT-TYPE 1939 SYNTAX DateAndTime 1940 MAX-ACCESS read-only 1941 STATUS current 1942 DESCRIPTION 1943 "Represents the time at which the device was last detected." 1944 ::= { h3cDot11WIDSRogueHistoryEntry 7 } 1945-- ***************************************************************************** 1946-- * end of h3cDot11WIDSRogueHistoryTable Definition 1947-- ***************************************************************************** 1948 1949-- ***************************************************************************** 1950-- * h3cDot11WIDSAtkHistroyTable Definition 1951-- ***************************************************************************** 1952h3cDot11WIDSAtkHistroyTable OBJECT-TYPE 1953 SYNTAX SEQUENCE OF H3cDot11WIDSAtkHistroyEntry 1954 MAX-ACCESS not-accessible 1955 STATUS current 1956 DESCRIPTION 1957 "This table contains information of the history of attacks detected in 1958 the WLAN system." 1959 ::= { h3cDot11WIDSDetectGroup 9 } 1960 1961h3cDot11WIDSAtkHistroyEntry OBJECT-TYPE 1962 SYNTAX H3cDot11WIDSAtkHistroyEntry 1963 MAX-ACCESS not-accessible 1964 STATUS current 1965 DESCRIPTION 1966 "Each entry contains information of the history of attacks detected in 1967 the WLAN system." 1968 INDEX 1969 { 1970 h3cDot11WIDSAtkHisIndex 1971 } 1972 ::= { h3cDot11WIDSAtkHistroyTable 1 } 1973 1974H3cDot11WIDSAtkHistroyEntry ::= SEQUENCE 1975 { 1976 h3cDot11WIDSAtkHisIndex Integer32, 1977 h3cDot11WIDSAtkHisMAC MacAddress, 1978 h3cDot11WIDSAtkHisType H3cDot11WIDSAtkType, 1979 h3cDot11WIDSAtkHisChl H3cDot11ChannelScopeType, 1980 h3cDot11WIDSAtkHisRSSI Integer32, 1981 h3cDot11WIDSAtkHisDctTime DateAndTime, 1982 h3cDot11WIDSAtkHisAPName OCTET STRING 1983 } 1984 1985h3cDot11WIDSAtkHisIndex OBJECT-TYPE 1986 SYNTAX Integer32 1987 MAX-ACCESS not-accessible 1988 STATUS current 1989 DESCRIPTION 1990 "Represents index of this entry." 1991 ::= { h3cDot11WIDSAtkHistroyEntry 1 } 1992 1993h3cDot11WIDSAtkHisMAC OBJECT-TYPE 1994 SYNTAX MacAddress 1995 MAX-ACCESS read-only 1996 STATUS current 1997 DESCRIPTION 1998 "Represents the Mac address. In case of spoof attacks, this field 1999 provides the BSSID which was spoofed. In case of other attacks, 2000 this field provides the MAC address of the device which initiated 2001 the attack." 2002 ::= { h3cDot11WIDSAtkHistroyEntry 2 } 2003 2004h3cDot11WIDSAtkHisType OBJECT-TYPE 2005 SYNTAX H3cDot11WIDSAtkType 2006 MAX-ACCESS read-only 2007 STATUS current 2008 DESCRIPTION 2009 "Represents the type of attack." 2010 ::= { h3cDot11WIDSAtkHistroyEntry 3 } 2011 2012h3cDot11WIDSAtkHisChl OBJECT-TYPE 2013 SYNTAX H3cDot11ChannelScopeType 2014 MAX-ACCESS read-only 2015 STATUS current 2016 DESCRIPTION 2017 "Represents the channel in which the attack was detected." 2018 ::= { h3cDot11WIDSAtkHistroyEntry 4 } 2019 2020h3cDot11WIDSAtkHisRSSI OBJECT-TYPE 2021 SYNTAX Integer32 2022 MAX-ACCESS read-only 2023 STATUS current 2024 DESCRIPTION 2025 "Represents the average RSSI of the designated attack." 2026 ::= { h3cDot11WIDSAtkHistroyEntry 5 } 2027 2028h3cDot11WIDSAtkHisDctTime OBJECT-TYPE 2029 SYNTAX DateAndTime 2030 MAX-ACCESS read-only 2031 STATUS current 2032 DESCRIPTION 2033 "Represents the time at which this attack was detected." 2034 ::= { h3cDot11WIDSAtkHistroyEntry 6 } 2035 2036h3cDot11WIDSAtkHisAPName OBJECT-TYPE 2037 SYNTAX OCTET STRING 2038 MAX-ACCESS read-only 2039 STATUS current 2040 DESCRIPTION 2041 "Represents the name of the AP which detected this attack." 2042 ::= { h3cDot11WIDSAtkHistroyEntry 7 } 2043-- ***************************************************************************** 2044-- * end of h3cDot11WIDSAtkHistroyTable Definition 2045-- ***************************************************************************** 2046 2047-- ***************************************************************************** 2048-- * h3cDot11WIDSAtkStatis Definition 2049-- ***************************************************************************** 2050h3cDot11WIDSAtkStatis OBJECT IDENTIFIER ::= { h3cDot11WIDSDetectGroup 10 } 2051 2052h3cDot11WIDSAtkStasStartTime OBJECT-TYPE 2053 SYNTAX DateAndTime 2054 MAX-ACCESS read-only 2055 STATUS current 2056 DESCRIPTION 2057 "Represents current attack tracking time. It is started at the system 2058 startup and is refreshed each hour subsequently." 2059 ::= { h3cDot11WIDSAtkStatis 1 } 2060 2061-- ***************************************************************************** 2062-- * h3cDot11WIDSAtkStasTable Definition 2063-- ***************************************************************************** 2064h3cDot11WIDSAtkStasTable OBJECT-TYPE 2065 SYNTAX SEQUENCE OF H3cDot11WIDSAtkStasEntry 2066 MAX-ACCESS not-accessible 2067 STATUS current 2068 DESCRIPTION 2069 "This table contains information of the counts of attacks detected." 2070 ::= { h3cDot11WIDSAtkStatis 2 } 2071 2072h3cDot11WIDSAtkStasEntry OBJECT-TYPE 2073 SYNTAX H3cDot11WIDSAtkStasEntry 2074 MAX-ACCESS not-accessible 2075 STATUS current 2076 DESCRIPTION 2077 "Each entry contains information of the counts of attacks detected." 2078 INDEX 2079 { 2080 h3cDot11WIDSAtkStasType 2081 } 2082 ::= { h3cDot11WIDSAtkStasTable 1 } 2083 2084H3cDot11WIDSAtkStasEntry ::= SEQUENCE 2085 { 2086 h3cDot11WIDSAtkStasType H3cDot11WIDSAtkType, 2087 h3cDot11WIDSAtkStasCurCnt Unsigned32, 2088 h3cDot11WIDSAtkStasTotalCnt Unsigned32 2089 } 2090 2091h3cDot11WIDSAtkStasType OBJECT-TYPE 2092 SYNTAX H3cDot11WIDSAtkType 2093 MAX-ACCESS not-accessible 2094 STATUS current 2095 DESCRIPTION 2096 "Represents the type of attack." 2097 ::= { h3cDot11WIDSAtkStasEntry 1 } 2098 2099h3cDot11WIDSAtkStasCurCnt OBJECT-TYPE 2100 SYNTAX Unsigned32 2101 MAX-ACCESS read-only 2102 STATUS current 2103 DESCRIPTION 2104 "Represents the count of attacks detected since the time 2105 specified by the current attack tracking time. The current 2106 attack tracking time is started at the system startup and 2107 is refreshed each hour subsequently." 2108 ::= { h3cDot11WIDSAtkStasEntry 2 } 2109 2110h3cDot11WIDSAtkStasTotalCnt OBJECT-TYPE 2111 SYNTAX Unsigned32 2112 MAX-ACCESS read-only 2113 STATUS current 2114 DESCRIPTION 2115 "Represents the total count of the attacks detected since 2116 the system startup." 2117 ::= { h3cDot11WIDSAtkStasEntry 3 } 2118-- ***************************************************************************** 2119-- * end of h3cDot11WIDSAtkStasTable Definition 2120-- ***************************************************************************** 2121 2122-- ***************************************************************************** 2123-- * h3cDot11BlackListTable Definition 2124-- ***************************************************************************** 2125h3cDot11BlackListTable OBJECT-TYPE 2126 SYNTAX SEQUENCE OF H3cDot11BlackListEntry 2127 MAX-ACCESS not-accessible 2128 STATUS current 2129 DESCRIPTION 2130 "This table contains information of blacklist entries, including 2131 dynamic and static." 2132 ::= { h3cDot11WIDSDetectGroup 11 } 2133 2134h3cDot11BlackListEntry OBJECT-TYPE 2135 SYNTAX H3cDot11BlackListEntry 2136 MAX-ACCESS not-accessible 2137 STATUS current 2138 DESCRIPTION 2139 "Each entry contains information of blacklist." 2140 INDEX 2141 { 2142 h3cDot11BlackListMAC 2143 } 2144 ::= { h3cDot11BlackListTable 1 } 2145 2146H3cDot11BlackListEntry ::= SEQUENCE 2147 { 2148 h3cDot11BlackListMAC MacAddress, 2149 h3cDot11BlackListTime Unsigned32, 2150 h3cDot11BlackListReason OCTET STRING, 2151 h3cDot11BlackListRowStatus RowStatus, 2152 h3cDot11BlackListTimeTicks TimeTicks 2153 } 2154 2155h3cDot11BlackListMAC OBJECT-TYPE 2156 SYNTAX MacAddress 2157 MAX-ACCESS not-accessible 2158 STATUS current 2159 DESCRIPTION 2160 "This object represents the MAC address of the device inserted into 2161 the table." 2162 ::= { h3cDot11BlackListEntry 1 } 2163 2164h3cDot11BlackListTime OBJECT-TYPE 2165 SYNTAX Unsigned32 2166 UNITS "minutes" 2167 MAX-ACCESS read-only 2168 STATUS current 2169 DESCRIPTION 2170 "Represents the time elapsed since the entry was last updated. 2171 If it is static blacklist, the value is always 0." 2172 ::= { h3cDot11BlackListEntry 2 } 2173 2174h3cDot11BlackListReason OBJECT-TYPE 2175 SYNTAX OCTET STRING 2176 MAX-ACCESS read-only 2177 STATUS current 2178 DESCRIPTION 2179 "Represents the reason why the entry was added into the blacklist." 2180 ::= { h3cDot11BlackListEntry 3 } 2181 2182h3cDot11BlackListRowStatus OBJECT-TYPE 2183 SYNTAX RowStatus 2184 MAX-ACCESS read-create 2185 STATUS current 2186 DESCRIPTION 2187 "This object represents the status of this table entry." 2188 ::= { h3cDot11BlackListEntry 4 } 2189 2190h3cDot11BlackListTimeTicks OBJECT-TYPE 2191 SYNTAX TimeTicks 2192 MAX-ACCESS read-only 2193 STATUS current 2194 DESCRIPTION 2195 "Represents the time elapsed since the entry was last updated in timetick. 2196 If it is static blacklist, the value is always 0." 2197 ::= { h3cDot11BlackListEntry 5 } 2198-- ***************************************************************************** 2199-- * end of h3cDot11BlackListTable Definition 2200-- ***************************************************************************** 2201 2202 2203-- ***************************************************************************** 2204-- * end of h3cDot11WIDSAtkStatis Definition 2205-- ***************************************************************************** 2206 2207-- ***************************************************************************** 2208-- * Notifications OF h3cDot11WIDSNotifyGroup 2209-- ***************************************************************************** 2210-- WIDS Notification 2211 h3cDot11WIDSTraps OBJECT IDENTIFIER 2212 ::= { h3cDot11WIDSNotifyGroup 1 } 2213 2214h3cDot11WIDSDetectRogueTrap NOTIFICATION-TYPE 2215 OBJECTS 2216 { 2217 h3cDot11WIDSRogueMAC, 2218 h3cDot11WIDSRogueType, 2219 h3cDot11WIDSMonitorMAC, 2220 h3cDot11MonitorAPID, 2221 h3cDot11MonitorApRadioID 2222 } 2223 STATUS current 2224 DESCRIPTION 2225 "The notification represents that a rogue AP or a station was 2226 detected by WIDS. 2227 The NMS would refer to MIB table under h3cDot11WIDSDetectGroup 2228 group to get more detailed information." 2229 ::= { h3cDot11WIDSTraps 1 } 2230 2231h3cDot11WIDSAdHocTrap NOTIFICATION-TYPE 2232 OBJECTS 2233 { 2234 h3cDot11WIDSAdHocMAC, 2235 h3cDot11WIDSMonitorMAC 2236 } 2237 STATUS current 2238 DESCRIPTION 2239 "The notification represents a rogue Ad hoc station was detected." 2240 ::= { h3cDot11WIDSTraps 2 } 2241 2242h3cDot11WIDSUnauthorSSIDTrap NOTIFICATION-TYPE 2243 OBJECTS 2244 { 2245 h3cDot11UnauthorSSIDName, 2246 h3cDot11WIDSMonitorMAC, 2247 h3cDot11MonitorAPID, 2248 h3cDot11MonitorApRadioID 2249 } 2250 STATUS current 2251 DESCRIPTION 2252 "The notification represents which unauthorized SSID are 2253 accessed in the network. 2254 The notification will be sent to NMS when an 2255 unauthorized SSID is detected on the network for the 2256 first time." 2257 ::= { h3cDot11WIDSTraps 3 } 2258 2259h3cDot11WIDSDisappearRogueTrap NOTIFICATION-TYPE 2260 OBJECTS 2261 { 2262 h3cDot11WIDSRogueMAC 2263 } 2264 STATUS current 2265 DESCRIPTION 2266 "The notification represents that a rogue device has aged out 2267 and moved to history table or the device type has been changed 2268 to friendly. 2269 The notification will be sent to NMS whenever a rogue disappears." 2270 ::= { h3cDot11WIDSTraps 4 } 2271 2272h3cDot11WIDSDetectAttack NOTIFICATION-TYPE 2273 OBJECTS 2274 { 2275 h3cDot11WIDSAtkHisType, 2276 h3cDot11WIDSAtkHisChl, 2277 h3cDot11WIDSAtkHisDctTime, 2278 h3cDot11WIDSAtkHisAPName 2279 } 2280 STATUS current 2281 DESCRIPTION 2282 "This notification occurs when some type of attack is detected. 2283 " 2284 ::= { h3cDot11WIDSTraps 5 } 2285 2286h3cDot11WIDSDetectWBridge NOTIFICATION-TYPE 2287 OBJECTS 2288 { 2289 h3cDot11WIDSRptAPName, 2290 h3cDot11WIDSRptAPRadioID, 2291 h3cDot11WIDSRptAPLstDctTime 2292 } 2293 STATUS current 2294 DESCRIPTION 2295 "This notification occurs whenever a detected device is classified 2296 as rogue wireless-bridge. 2297 " 2298 ::= { h3cDot11WIDSTraps 6 } 2299 2300h3cDot11WIDSFloodTrap NOTIFICATION-TYPE 2301 OBJECTS 2302 { 2303 h3cDot11WIDSAtkMac, 2304 h3cDot11WIDSAtkFrameType, 2305 h3cDot11WIDSFirstTrapTime 2306 } 2307 STATUS current 2308 DESCRIPTION 2309 "This notification occurs when flood attack is detected. 2310 " 2311 ::= { h3cDot11WIDSTraps 7 } 2312 2313h3cDot11WIDSSpoofTrap NOTIFICATION-TYPE 2314 OBJECTS 2315 { 2316 h3cDot11WIDSAtkMac, 2317 h3cDot11WIDSAtkFrameType, 2318 h3cDot11WIDSAtkChannel, 2319 h3cDot11WIDSAtkTime, 2320 h3cDot11WIDSAtkDestMac, 2321 h3cDot11WIDSFirstTrapTime 2322 } 2323 STATUS current 2324 DESCRIPTION 2325 "This notification occurs when spoof attack is detected. 2326 " 2327 ::= { h3cDot11WIDSTraps 8 } 2328 2329h3cDot11WIDSWeakIVTrap NOTIFICATION-TYPE 2330 OBJECTS 2331 { 2332 h3cDot11WIDSAtkMac, 2333 h3cDot11WIDSAtkChannel, 2334 h3cDot11WIDSAtkTime, 2335 h3cDot11WIDSAtkDestMac, 2336 h3cDot11WIDSFirstTrapTime 2337 } 2338 STATUS current 2339 DESCRIPTION 2340 "This notification occurs when weak IV attack is detected. 2341 " 2342 ::= { h3cDot11WIDSTraps 9 } 2343 2344-- WIDS Notification variable object 2345 2346 h3cDot11WIDSTrapVarObjects OBJECT IDENTIFIER 2347 ::= { h3cDot11WIDSNotifyGroup 2 } 2348 2349h3cDot11WIDSRogueMAC OBJECT-TYPE 2350 SYNTAX MacAddress 2351 MAX-ACCESS accessible-for-notify 2352 STATUS current 2353 DESCRIPTION 2354 "Represents which rogue AP or station." 2355 ::= { h3cDot11WIDSTrapVarObjects 1 } 2356 2357h3cDot11WIDSRogueType OBJECT-TYPE 2358 SYNTAX INTEGER 2359 { 2360 rogueAp(1), 2361 rogueStation(2) 2362 } 2363 MAX-ACCESS accessible-for-notify 2364 STATUS current 2365 DESCRIPTION 2366 "Represents the rogue type. 2367 The following value are supported 2368 rogueAp(1) - A rogue AP 2369 rogueStation(2) - A rogue Station" 2370 ::= { h3cDot11WIDSTrapVarObjects 2 } 2371 2372h3cDot11WIDSMonitorMAC OBJECT-TYPE 2373 SYNTAX MacAddress 2374 MAX-ACCESS accessible-for-notify 2375 STATUS current 2376 DESCRIPTION 2377 "Represents which monitor detected the rogue AP or station." 2378 ::= { h3cDot11WIDSTrapVarObjects 3 } 2379 2380h3cDot11WIDSAdHocMAC OBJECT-TYPE 2381 SYNTAX MacAddress 2382 MAX-ACCESS accessible-for-notify 2383 STATUS current 2384 DESCRIPTION 2385 "Represents the MAC address of Ad hoc station." 2386 ::= { h3cDot11WIDSTrapVarObjects 4 } 2387 2388h3cDot11UnauthorSSIDName OBJECT-TYPE 2389 SYNTAX H3cDot11SSIDStringType 2390 MAX-ACCESS accessible-for-notify 2391 STATUS current 2392 DESCRIPTION 2393 "Represents an unauthorized SSID." 2394 ::= { h3cDot11WIDSTrapVarObjects 5 } 2395 2396h3cDot11MonitorAPID OBJECT-TYPE 2397 SYNTAX H3cDot11ObjectIDType 2398 MAX-ACCESS accessible-for-notify 2399 STATUS current 2400 DESCRIPTION 2401 "Represents monitor AP's APID." 2402 ::= { h3cDot11WIDSTrapVarObjects 6 } 2403 2404h3cDot11MonitorApRadioID OBJECT-TYPE 2405 SYNTAX H3cDot11RadioScopeType 2406 MAX-ACCESS accessible-for-notify 2407 STATUS current 2408 DESCRIPTION 2409 "Represents monitor AP's radio ID" 2410 ::= { h3cDot11WIDSTrapVarObjects 7 } 2411 2412h3cDot11WIDSAtkMac OBJECT-TYPE 2413 SYNTAX MacAddress 2414 MAX-ACCESS accessible-for-notify 2415 STATUS current 2416 DESCRIPTION 2417 "Represents mac address of attack source." 2418 ::= { h3cDot11WIDSTrapVarObjects 8 } 2419 2420h3cDot11WIDSAtkFrameType OBJECT-TYPE 2421 SYNTAX OCTET STRING 2422 MAX-ACCESS accessible-for-notify 2423 STATUS current 2424 DESCRIPTION 2425 "Represents attack frame type." 2426 ::= { h3cDot11WIDSTrapVarObjects 9 } 2427 2428h3cDot11WIDSAtkChannel OBJECT-TYPE 2429 SYNTAX H3cDot11ChannelScopeType 2430 MAX-ACCESS accessible-for-notify 2431 STATUS current 2432 DESCRIPTION 2433 "Represents attack channel." 2434 ::= { h3cDot11WIDSTrapVarObjects 10 } 2435 2436h3cDot11WIDSAtkTime OBJECT-TYPE 2437 SYNTAX OCTET STRING 2438 MAX-ACCESS accessible-for-notify 2439 STATUS current 2440 DESCRIPTION 2441 "Represents when attacking happened." 2442 ::= { h3cDot11WIDSTrapVarObjects 11 } 2443 2444h3cDot11WIDSAtkDestMac OBJECT-TYPE 2445 SYNTAX MacAddress 2446 MAX-ACCESS accessible-for-notify 2447 STATUS current 2448 DESCRIPTION 2449 "Represents mac address of attack destination." 2450 ::= { h3cDot11WIDSTrapVarObjects 12 } 2451 2452h3cDot11WIDSFirstTrapTime OBJECT-TYPE 2453 SYNTAX TimeTicks 2454 MAX-ACCESS accessible-for-notify 2455 STATUS current 2456 DESCRIPTION 2457 "Represents the first trap time." 2458 ::= { h3cDot11WIDSTrapVarObjects 13 } 2459-- ***************************************************************************** 2460-- * End OF h3cDot11WIDSNotifyGroup 2461-- ***************************************************************************** 2462END 2463