1-- ******************************************************************* 2-- CISCO-DOT11-CONTEXT-SERVICES-CLIENT-MIB.my 3-- May 2003, Raju Datla, Parthasarathy Venkatavaradhan, 4-- Prasanna Viswakumar. 5-- 6-- Copyright (c) 2003, 2004 by Cisco Systems, Inc. 7-- All rights reserved. 8-- ******************************************************************* 9-- 10CISCO-DOT11-CONTEXT-SERVICES-CLIENT-MIB DEFINITIONS ::= BEGIN 11 12IMPORTS 13 MODULE-IDENTITY, 14 OBJECT-TYPE, 15 Counter32 16 FROM SNMPv2-SMI 17 MODULE-COMPLIANCE, 18 OBJECT-GROUP 19 FROM SNMPv2-CONF 20 TimeInterval 21 FROM SNMPv2-TC 22 InetAddressType, 23 InetAddress 24 FROM INET-ADDRESS-MIB 25 ciscoExperiment 26 FROM CISCO-SMI; 27 28 29--******************************************************************** 30--* MODULE IDENTITY 31--******************************************************************** 32 33ciscoDot11CscMIB MODULE-IDENTITY 34 LAST-UPDATED "200406020000Z" 35 ORGANIZATION "Cisco Systems Inc." 36 CONTACT-INFO 37 " Cisco Systems, 38 Customer Service 39 Postal: 170 West Tasman Drive 40 San Jose, CA 95134 41 USA 42 Tel: +1 800 553-NETS 43 44 E-mail: cs-dot11@cisco.com" 45 46 DESCRIPTION 47 "This MIB is intended to be implemented on all 802.11 48 Access Points and Wireless Bridges that need to 49 participate in the context management process and 50 make use of the services provided by the entities 51 offering WDS and WNS. The term '802.11 station' 52 refers to one of the Access Point / Wireless Bridge 53 throughout the MIB unless stated otherwise. 54 55 The hierarchy of the devices offering the wireless 56 domain and network services looks like the following. 57 58 += = = = + 59 | | 60 | WNS | (Campus level) 61 | | 62 += = = = + 63 / \ 64 / \ 65 / \ 66 / \ 67 \/ \/ 68 += = =+ += = =+ 69 | | | | 70 | WNS | | WNS | 71 | | | | 72 += = =+ += = =+ 73 / \ \ 74 / \ \ 75 / \ \ 76 / \ \ 77 \/ \/ \/ 78 +=====+ +=====+ +=====+ 79 | | | | | | 80 | WDS | | WDS | | WDS | ( Subnet 81 | | | | | | level- 82 +=====+ +=====+ +=====+ Single 83 / \ \ \ broadcast 84 / \ \ \ domain ) 85 / \ \ \ 86 / \ \ \ 87 / \ \ \ 88 \/ \/ \/ \/ 89 +~-~-~+ +~-~-~+ +~-~-~+ +~-~-~+ 90 + + + + + + + + 91 + AP + + AP + + AP + + AP + 92 + + + + + + + + 93 +~-~-~+ +~-~-~+ +~-~-~+ +~-~-~+ 94 .. . . . 95 . . . . . 96 . . . . . 97 . . . . . 98 . . . . . 99 \/ \/ \/ \/ \/ 100 +.....+ +.....+ +-.-.-.+ +~-~-~+ +......+ 101 + + + + + + + + + + 102 + MN + + MN + + WGB + + AP + + MN + 103 + + + + + + + + + + 104 +.....+ +.....+ +-.-.-.+ +~-~-~+ +......+ 105 . . . 106 . . . 107 . . . 108 . . . 109 \/ \/ \/ 110 ++++++++ +......+ +......+ 111 + + + + + + 112 + EN + + MN + + MN + 113 + + + + + + 114 ++++++++ +......+ +......+ 115 116 117 The diagram above depicts the overall campus network 118 hierarchy and the services being offered at various 119 levels in the hierarchy. Here, authentication 120 services for infrastructure nodes are offered by the 121 root node, the node providing WNS at the topmost 122 (Campus) level. This node spans an enterprise campus 123 that resides in a geographic location. In this case, 124 an 802.11 station performs initial authentication 125 with the topmost WNS entity. It also gets the keys 126 needed for secure context transfer by communication 127 with that entity. 128 129 WNS are offered at various levels as shown in the 130 hierarchy to achieve scalability. WNS at the 131 subsequent levels other than the root level include 132 authentication services for MNs and are typically 133 confined to a single building. 134 135 At the broadcast domain level, the WDS includes 136 authentication and registration services for the APs. 137 An AP provides proxy authentication and registration 138 services for the MNs. The APs that connect to parent 139 APs through the wireless interface ( as shown by the 140 dotted lines ) are Repeater-APs. The WGBs are managed 141 in the same manner as the MNs. However, the Ethernet 142 Nodes ( EN ) that are connected to the WGB won't be 143 served as part of the WDS. 144 145 GLOSSARY 146 147 Access Point ( AP ) 148 149 Any entity that contains an 802.11 medium access 150 control ( MAC ) and physical layer ( PHY ) interface 151 and provides access to the distribution services via 152 the wireless medium for associated clients. 153 154 Wireless Bridge 155 156 An 802.11 entity that provides wireless connectivity 157 between two wired LAN segments and is used in point- 158 to-point or point-to-multipoint configurations. 159 160 Mobile Node ( MN ) 161 162 A roaming 802.11 wireless device in a wireless 163 network associated with an access point. 164 165 166 WorkGroup Bridge ( WGB ) 167 168 A work-group bridge is a non-STP AP with an 802.11 169 primary port and a secondary Ethernet port that 170 provides access to a non-STP secondary Ethernet LAN 171 segment. STP refers to the IEEE 802.1D Spanning Tree 172 Protocol. An 'STP AP' executes the 802.1D STP and 173 the 802.1D STP is operated on an 'STP link'. A 174 'non-STP AP' does not execute the 802.1D STP. 175 176 Repeater-AP 177 178 A repeater is a 'wireless AP' that is attached to a 179 parent AP on an 802.11 primary port. The Ethernet 180 port is disabled in a Repeater-AP. 181 182 Infrastructure Node ( IN ) 183 184 This term refers to Access Points, Wireless Bridges 185 and those devices that implement and offer WNS and 186 WDS as shown in the network hierarchy. 187 188 Ethernet Node ( EN ) 189 190 The node that gets the uplink to the Wireless AP 191 via the WGB. This node connects to the WGB through 192 its primary Ethernet port. 193 194 Context 195 196 The mobility context for an MN includes its current 197 mobility bindings with the APs, IP/802 address 198 bindings, cached configuration parameters, QoS state, 199 IP group membership, authentication state, accounting 200 statistics, and other dynamically derived protocol 201 state information. 202 203 Wireless Domain Services 204 205 The set of services being offered at a particular 206 broadcast domain that may be an IP subnet or a 207 particular VLAN. The services include the following. 208 209 1. MN security credential caching to provide seamless, 210 secure intra-subnet roaming. 211 212 2. Authenticated context transfer for roaming client 213 within the subnet. 214 215 Since, by definition, the WDS are bound to one subnet 216 ( broadcast domain ), if implemented in a device 217 spanning multiple subnets, the implementation should 218 take care to provide separate set of services for 219 each of the subnets. 220 221 222 Wireless Network Services 223 224 The set of services that can be visualized as being 225 offered at various levels other than the lowest 226 (subnet) level of a hierarchical campus network. 227 228 At the topmost level, infrastructure authentication 229 services for all the devices in the network that 230 provide WNS and WDS are offered. In case if WNS are 231 not distributed at several levels as shown in the 232 hierarchy above and is confined to be offered only at 233 a single topmost level, the services offered also 234 include authentication services for the MNs. 235 236 WNS Entity 237 238 The logical entity that resides in an infrastructure 239 node and offers WNS to the descendants of that 240 infrastructure node in the wireless services 241 hierarchy. 242 243 WDS Entity 244 245 The logical entity that resides in an infrastructure 246 node and offers WDS to the descendants of that 247 infrastructure node in the wireless services 248 hierarchy. 249 250 WS Entity 251 252 Refers to one of WNS / WDS Entities. 253 254 Parent Node 255 256 The entity that immediately precedes an infrastructure 257 node in the hierarchy. For mobile nodes, the parent 258 APs provide proxy wireless services by talking to their 259 immediate parent entities providing WDS. 260 261 Root Node 262 263 The entity that is at the highest level in the network 264 hierarchy. The root node acts as the IN Authenticator 265 for the infrastructure nodes. In case if WNS are not 266 distributed, the root node also acts as the Mobile Node 267 Authenticator ( See description below ). 268 269 Descendant 270 271 A node that is in the sub-tree of the campus hierarchy 272 tree rooted at the node providing WNS at the campus 273 level. 274 275 Infrastructure Node ( IN ) Authenticator 276 277 The logical entity that communicates with the AAA 278 server and provides authentication services for the 279 infrastructure nodes. Details of the IN Authenticator 280 has to be configured in the device providing WDS 281 manually. The AP learns about the IN Authenticator 282 automatically upon registering with its immediate 283 parent. The WDS also includes MN authentication 284 services if the entity providing WDS is at the 285 topmost level in the hierarchy. 286 287 Mobile Node ( MN ) Authenticator 288 289 The logical entity that communicates with the AAA 290 server and provides authentication services for mobile 291 nodes. An infrastructure node learns the whereabouts 292 of the MN Authenticator from the root node. 293 294 Wireless Network Manager ( WNM ) 295 296 The network management system that manages the 297 entire hierarchy of devices providing WNS and WDS. 298 299 Advertisement 300 301 The process by which the Access Points identify their 302 parent entities providing WDS. APs listen to the 303 advertisements of the WDS entities and gets registered 304 with one of those entities to facilitate secured 305 context transfer. 306 307 WLCCP 308 309 Wireless LAN Context Control Protocol. Used to 310 establish and manage the network topology and 311 securely manage the 'operational context' for mobile 312 stations in a campus network. 313 314 AAA 315 316 Authentication, Authorization, Accounting 317 318 The method by which users are authenticated, 319 authorized and tracked to gain access and move about 320 inside a network. A node will request network access 321 through an appropriate protocol to an authentication 322 server that provides protocols and services for 323 providing authentication, authorization and session 324 accounting. 325 326 Service Set Identifier ( SSID ) 327 328 802.11 Service Set Identifier. An SSID identifies a 329 set of mobile nodes grouped into a logical 'service 330 set' and the APs that provide access for the service 331 set. 332 333 334 Wireless services at subnet level 335 ================================= 336 337 +========+ 338 | | 339 | WDS | ( Subnet level - Broadcast 340 | | domain ) 341 +========+ 342 / \ 343 / \ 344 / \ 345 / \ 346 / \ 347 \/ \/ 348 +~-~-~+ +~-~-~+ 349 + + + + 350 + AP + + AP + 351 + + + + 352 +~-~-~+ +~-~-~+ 353 . . . 354 . . . 355 . . . 356 . . . 357 . . . 358 . . . 359 \/ \/ \/ 360 +......+ +-.-.-.+ +~-~-~-+ 361 + + + + + + 362 + MN + + WGB + + AP + 363 + + + + + + 364 +......+ +-.-.-.+ +~-~-~-+ 365 366 367 The above diagram depicts how wireless services are 368 being offered in a network rooted at the device 369 implementing WDS. In such a network, the WDS entity 370 provides authentication services to both the 371 infrastructure and mobile nodes. 372 373 An 802.11 station in this hierarchy mentioned above 374 performs the following. 375 376 1) Provides proxy authentication and registration 377 services to the MNs, WGBs and repeater-APs. The 378 station forwards all the authentication and 379 registration requests of its clients to its parent 380 node offering WDS and acting as the IN Authenticator 381 to enable the authentication and registration of its 382 clients. 383 384 2) Participates in the election process to elect 385 the node that will provide WDS for a particular 386 broadcast domain. " 387 388 REVISION "200406020000Z" 389 DESCRIPTION 390 "The definition of the object 391 cDot11CscParentWdsAddress has been modified to 392 return a specific error value on certain 393 conditions. " 394 395 REVISION "200305060000Z" 396 DESCRIPTION 397 "Initial version of this MIB module. " 398 ::= { ciscoExperiment 109 } 399 400 401ciscoDot11CscMIBObjects OBJECT IDENTIFIER 402 ::= { ciscoDot11CscMIB 1 } 403 404ciscoDot11CscMIBConformance OBJECT IDENTIFIER 405 ::= { ciscoDot11CscMIB 2 } 406 407ciscoDot11CscConfigGlobal OBJECT IDENTIFIER 408 ::= { ciscoDot11CscMIBObjects 1 } 409 410 411--******************************************************************** 412--* Configuration global parameters 413--******************************************************************** 414 415cDot11CscAddressType OBJECT-TYPE 416 SYNTAX InetAddressType 417 MAX-ACCESS read-only 418 STATUS current 419 DESCRIPTION 420 "Represents the type of addresses stored in the 421 objects cDot11CscParentWdsAddress, 422 cDot11CscRootNodeAddress and 423 cDot11CscMnAuthenticatorAddress. " 424 ::= { ciscoDot11CscConfigGlobal 1 } 425 426 427cDot11CscParentWdsAddress OBJECT-TYPE 428 SYNTAX InetAddress 429 MAX-ACCESS read-only 430 STATUS current 431 DESCRIPTION 432 "The address of the parent WDS entity this 802.11 433 station is currently registered with. The type of 434 InetAddress supported by this object is determined 435 by the cDot11CscAddressType object. 436 437 If cDot11CscOperMode equals 'distributed' and the 438 user credentials are not configured in this 802.11 439 station, a noSuchInstance error is returned. On all 440 other occasions, when cDot11CscOperMode equals 441 'distributed', the value returned is 0.0.0.0 to 442 indicate that either this node is not registered with 443 a WDS entity or that no parent WDS entity existed 444 when the query was made. " 445 ::= { ciscoDot11CscConfigGlobal 2 } 446 447 448cDot11CscRootNodeAddress OBJECT-TYPE 449 SYNTAX InetAddress 450 MAX-ACCESS read-only 451 STATUS current 452 DESCRIPTION 453 "The address of the root node this 802.11 station 454 gets authenticated with. The type of InetAddress 455 supported by this object is determined by the 456 cDot11CscAddressType object. 457 458 If the parent WDS entity acts as the root node, this 459 object returns the address of the parent WDS entity. 460 461 If the hierarchy contains a campus level WNS entity, 462 this object returns the address of that WNS entity. " 463 ::= { ciscoDot11CscConfigGlobal 3 } 464 465cDot11CscMnAuthenticatorAddress OBJECT-TYPE 466 SYNTAX InetAddress 467 MAX-ACCESS read-only 468 STATUS current 469 DESCRIPTION 470 "The address of the Mobile Node Authenticator to 471 which this 802.11 station forwards authentication 472 requests of the mobile nodes attempting to associate 473 with this station. The type of InetAddress 474 supported by this object is determined by the 475 cDot11CscAddressType object. 476 477 If the parent WDS entity acts as the root node, so 478 that no WNS entity is present in the network 479 hierarchy, this object returns the address of the 480 parent WDS entity. 481 482 If the parent WDS entity has the root WNS entity as 483 its immediate parent, this object returns the 484 address of the root WNS entity. 485 486 If the WDS entity has a WNS entity, that is not the 487 root node, as its immediate parent, this object 488 returns the address of that WNS entity. " 489 ::= { ciscoDot11CscConfigGlobal 4 } 490 491 492cDot11CscOperMode OBJECT-TYPE 493 SYNTAX INTEGER { infrastructure(1), distributed(2) } 494 MAX-ACCESS read-only 495 STATUS current 496 DESCRIPTION 497 "The current mode of operation of this 802.11 498 station. 499 500 The semantics for this object are as follows. 501 502 infrastructure - An 802.11 station operates in the 503 'infrastructure' mode if it discovers a WDS 504 entity through advertisement messages and registers 505 with it. 506 507 distributed - If the 802.11 station couldn't 508 discover a WDS entity or has lost contact with the 509 its parent WDS entity, then the station operates in 510 the 'distributed' mode. However, the station 511 listens for the advertisement messages from the WDS 512 entity in the background to get back to the 513 'infrastructure' mode. " 514 ::= { ciscoDot11CscConfigGlobal 5 } 515 516 517cDot11CscMnInactivityTime OBJECT-TYPE 518 SYNTAX TimeInterval 519 MAX-ACCESS read-only 520 STATUS current 521 DESCRIPTION 522 "The maximum time a mobile node can remain 523 associated with this 802.11 station without sending 524 a frame. " 525 ::= { ciscoDot11CscConfigGlobal 6 } 526 527 528cDot11CscRegistrationLifeTime OBJECT-TYPE 529 SYNTAX TimeInterval 530 MAX-ACCESS read-only 531 STATUS current 532 DESCRIPTION 533 "The maximum time after which the registration of 534 this 802.11 station with its parent WDS entity 535 expires. " 536 ::= { ciscoDot11CscConfigGlobal 7 } 537 538 539cDot11CscStateTransitions OBJECT-TYPE 540 SYNTAX Counter32 541 MAX-ACCESS read-only 542 STATUS current 543 DESCRIPTION 544 "This object counts the number of times this 802.11 545 station has transitioned between the infrastructure 546 and distributed modes since the last reboot. " 547 ::= { ciscoDot11CscConfigGlobal 8 } 548 549 550--******************************************************************** 551--* End of 802.11 station Global Configuration parameters 552--******************************************************************** 553 554 555--******************************************************************** 556-- Conformance information 557--******************************************************************** 558 559ciscoDot11CscMIBCompliances OBJECT IDENTIFIER 560 ::= { ciscoDot11CscMIBConformance 1 } 561ciscoDot11CscMIBGroups OBJECT IDENTIFIER 562 ::= { ciscoDot11CscMIBConformance 2 } 563 564 565--******************************************************************** 566--* Compliance statements 567--******************************************************************** 568 569ciscoDot11CscMIBCompliance MODULE-COMPLIANCE 570 STATUS current 571 DESCRIPTION 572 "The compliance statement for the SNMP entities that 573 implement the ciscoDot11CscMIB module. " 574 MODULE MANDATORY-GROUPS { 575 ciscoDot11CscConfigGlobalGroup 576 } 577 ::= { ciscoDot11CscMIBCompliances 1 } 578 579 580--******************************************************************** 581--* Units of conformance 582--******************************************************************** 583 584ciscoDot11CscConfigGlobalGroup OBJECT-GROUP 585 OBJECTS { 586 cDot11CscAddressType, 587 cDot11CscParentWdsAddress, 588 cDot11CscRootNodeAddress, 589 cDot11CscMnAuthenticatorAddress, 590 cDot11CscOperMode, 591 cDot11CscMnInactivityTime, 592 cDot11CscRegistrationLifeTime, 593 cDot11CscStateTransitions 594 } 595 STATUS current 596 DESCRIPTION 597 "This collection of objects provide information about 598 this 802.11 station's parent WDS, its mode of 599 operation, the address of the IN/MN authenticators, 600 its registration life time and the number of times 601 the station has switched between the two modes. " 602 ::= { ciscoDot11CscMIBGroups 1 } 603 604 605--******************************************************************** 606--* End of units of conformance 607--******************************************************************** 608 609END 610