1-- ******************************************************************* 2-- CISCO-LWAPP-AAA-MIB.my 3-- November 2006, Devesh Pujari, Srinath Candadai 4-- 5-- Copyright (c) 2006, 2009-2010 by Cisco Systems Inc. 6-- All rights reserved. 7-- ******************************************************************* 8 9CISCO-LWAPP-AAA-MIB DEFINITIONS ::= BEGIN 10 11IMPORTS 12 MODULE-IDENTITY, 13 OBJECT-TYPE, 14 NOTIFICATION-TYPE, 15 Unsigned32, 16 Integer32, 17 Gauge32 18 FROM SNMPv2-SMI 19 MODULE-COMPLIANCE, 20 NOTIFICATION-GROUP, 21 OBJECT-GROUP 22 FROM SNMPv2-CONF 23 MacAddress, 24 DisplayString, 25 TruthValue, 26 StorageType, 27 RowStatus, 28 TimeInterval 29 FROM SNMPv2-TC 30 InetAddressType, 31 InetAddress, 32 InetPortNumber 33 FROM INET-ADDRESS-MIB 34 SnmpAdminString 35 FROM SNMP-FRAMEWORK-MIB 36 CLSecKeyFormat 37 FROM CISCO-LWAPP-TC-MIB 38 cLWlanIndex 39 FROM CISCO-LWAPP-WLAN-MIB 40 ciscoMgmt 41 FROM CISCO-SMI; 42 43 44-- ******************************************************************** 45-- * MODULE IDENTITY 46-- ******************************************************************** 47 48ciscoLwappAAAMIB MODULE-IDENTITY 49 LAST-UPDATED "201007250000Z" 50 ORGANIZATION "Cisco Systems Inc." 51 CONTACT-INFO 52 "Cisco Systems, 53 Customer Service 54 Postal: 170 West Tasman Drive 55 San Jose, CA 95134 56 USA 57 Tel: +1 800 553-NETS 58 Email: cs-wnbu-snmp@cisco.com" 59 DESCRIPTION 60 "This MIB is intended to be implemented on all those 61 devices operating as Central Controllers (CC), that 62 terminate the Light Weight Access Point Protocol 63 tunnel from Cisco Light-weight LWAPP Access Points. 64 65 Information provided by this MIB is used to manage 66 AAA information on the controller. 67 68 The relationship between CC and the LWAPP APs 69 can be depicted as follows: 70 71 +......+ +......+ +......+ 72 + + + + + + 73 + CC + + CC + + CC + 74 + + + + + + 75 +......+ +......+ +......+ 76 .. . . 77 .. . . 78 . . . . 79 . . . . 80 . . . . 81 . . . . 82 +......+ +......+ +......+ +......+ 83 + + + + + + + + 84 + AP + + AP + + AP + + AP + 85 + + + + + + + + 86 +......+ +......+ +......+ +......+ 87 . . . 88 . . . . 89 . . . . 90 . . . . 91 . . . . 92 +......+ +......+ +......+ +......+ 93 + + + + + + + + 94 + MN + + MN + + MN + + MN + 95 + + + + + + + + 96 +......+ +......+ +......+ +......+ 97 98 99 The LWAPP tunnel exists between the controller and 100 the APs. The MNs communicate with the APs through 101 the protocol defined by the 802.11 standard. 102 103 LWAPP APs, upon bootup, discover and join one of the 104 controllers and the controller pushes the configuration, 105 that includes the WLAN parameters, to the LWAPP APs. 106 The APs then encapsulate all the 802.11 frames from 107 wireless clients inside LWAPP frames and forward 108 the LWAPP frames to the controller. 109 110 GLOSSARY 111 112 Access Point ( AP ) 113 114 An entity that contains an 802.11 medium access 115 control ( MAC ) and physical layer ( PHY ) interface 116 and provides access to the distribution services via 117 the wireless medium for associated clients. 118 119 LWAPP APs encapsulate all the 802.11 frames in 120 LWAPP frames and sends them to the controller to which 121 it is logically connected. 122 123 Light Weight Access Point Protocol ( LWAPP ) 124 125 This is a generic protocol that defines the 126 communication between the Access Points and the 127 Central Controller. 128 129 Mobile Node ( MN ) 130 131 A roaming 802.11 wireless device in a wireless 132 network associated with an access point. Mobile Node 133 and client are used interchangeably. 134 135 Terminal Access Controller Access-Control System 136 ( TACACS ) 137 138 A remote authentication protocol that is used to 139 communicate with an authentication server. 140 TACACS allows a remote access server to communicate 141 with an authentication server in order to determine 142 if the user has access to the network. 143 144 Remote Authentication Dial In User Service (RADIUS) 145 146 It is an AAA (authentication, authorization and accounting) 147 protocol for applications such as network access or 148 IP mobility. It is intended to work in both local and 149 roaming situations. 150 151 Wireless LAN ( WLAN ) 152 153 It is a wireless local area network, which is the 154 linking of two or more computers without using wires. 155 It uses radio communication to accomplish the same 156 functionality of a wired LAN. 157 158 PAP - Password Authentication Protocol 159 CHAP - Challenge Handshake Authentication Protocol 160 MD5-CHAP - Message Digest 5 Challenge Handshake Authentication 161 Protocol 162 163 LSC - Local Significant Certificate 164 165 LSC can be used if we want our own public key 166 infrastructure (PKI) to provide better security, 167 to have control of our certificate authority (CA), 168 and to define policies, restrictions, and usages 169 on the generated certificates. 170 171 REFERENCE 172 173 [1] Wireless LAN Medium Access Control ( MAC ) and 174 Physical Layer ( PHY ) Specifications 175 176 [2] Draft-obara-capwap-lwapp-00.txt, IETF Light 177 Weight Access Point Protocol" 178 REVISION "201007250000Z" 179 DESCRIPTION 180 "A new variable, claWlanAuthServerEnabled 181 has been added to the existing table, claWlanTable. 182 183 A new scalar variable, claSaveUserData has been 184 added to support saving of user configuration data to NVRAM. 185 186 The following scalar variables have been added to support 187 RADIUS web auth and fallback configuration. 188 189 claWebRadiusAuthentication 190 claRadiusFallbackMode 191 claRadiusFallbackUsername 192 claRadiusFallbackInterval 193 claRadiusAuthMacDelimiter 194 claRadiusAcctMacDelimiter 195 196 The following scalar vriables have been added to support 197 AP policy configuration 198 199 claAcceptMICertificate 200 claAcceptLSCertificate 201 claAllowAuthorizeLscApAgainstAAA 202 203 204 A new scalar read-only variable, claDBCurrentUsedEntries 205 has been added to show the total number of database entries used. 206 207 The groups, ciscoLwappAAAMIBRev1ConfigGroup and 208 ciscoLwappAAAMIBDBEntriesGroup have been added. 209 210 ciscoLwappAAAMIBCompliance has been deprecated by 211 ciscoLwappAAAMIBComplianceRev1." 212 REVISION "200611210000Z" 213 DESCRIPTION 214 "Initial version of this MIB module." 215 ::= { ciscoMgmt 598 } 216 217 218ciscoLwappAAAMIBNotifs OBJECT IDENTIFIER 219 ::= { ciscoLwappAAAMIB 0 } 220 221ciscoLwappAAAMIBObjects OBJECT IDENTIFIER 222 ::= { ciscoLwappAAAMIB 1 } 223 224ciscoLwappAAAMIBConform OBJECT IDENTIFIER 225 ::= { ciscoLwappAAAMIB 2 } 226 227claConfigObjects OBJECT IDENTIFIER 228 ::= { ciscoLwappAAAMIBObjects 1 } 229 230claStatusObjects OBJECT IDENTIFIER 231 ::= { ciscoLwappAAAMIBObjects 2 } 232 233-- ******************************************************************** 234-- * Configuration for parameters 235-- ******************************************************************** 236-- 237-- ******************************************************************** 238-- * Priority Table 239-- ******************************************************************** 240 241claPriorityTable OBJECT-TYPE 242 SYNTAX SEQUENCE OF ClaPriorityEntry 243 MAX-ACCESS not-accessible 244 STATUS current 245 DESCRIPTION 246 "This table contains entries for AAA authentication 247 methods configured in the controller. At startup, 248 all the entries in this table are set up by the central 249 controller. A management application can later change 250 the priority order using the claPriorityOrder." 251 ::= { claConfigObjects 1 } 252 253claPriorityEntry OBJECT-TYPE 254 SYNTAX ClaPriorityEntry 255 MAX-ACCESS not-accessible 256 STATUS current 257 DESCRIPTION 258 "A conceptual row in claPriorityTable. There is an entry in 259 this table for each AAA authentication method available at the 260 agent, as identified by a value of claPriorityAuth." 261 INDEX { claPriorityAuth } 262 ::= { claPriorityTable 1 } 263 264ClaPriorityEntry ::= SEQUENCE { 265 claPriorityAuth INTEGER, 266 claPriorityOrder Unsigned32 267} 268 269claPriorityAuth OBJECT-TYPE 270 SYNTAX INTEGER { 271 local(1), 272 radius(2), 273 tacacsplus(3) 274 } 275 MAX-ACCESS not-accessible 276 STATUS current 277 DESCRIPTION 278 "This object represents the authentication method used to 279 authenticate users. 280 local - indicates that local password is used 281 for authentication. 282 283 radius - indicates that RADIUS method is used for 284 authentication. 285 286 tacacsplus - indicates that TACACS method is used for 287 authentication." 288 ::= { claPriorityEntry 1 } 289 290claPriorityOrder OBJECT-TYPE 291 SYNTAX Unsigned32 (0..10) 292 MAX-ACCESS read-write 293 STATUS current 294 DESCRIPTION 295 "This is the priority order of an authentication method to 296 be used in user authentication for a session. At start up, 297 the agent assigns the value of this object. Later this can 298 be changed by the management station. This object reflects 299 the relative priority of the authentication method denoted 300 by claPriorityAuth with respect to already configured 301 authentication methods. 302 The zero value indicates that the priority is not set and that 303 the authentication methods are applied in ascending order. 304 Each object must contain a unique value for claPriorityOrder 305 or zero. In the case when a priority is set for a value that 306 is already used by existing object the existing object's 307 claPriorityOrder with be swapped." 308 ::= { claPriorityEntry 2 } 309 310 311-- ******************************************************************** 312-- TACACS+ AAA Servers 313-- ******************************************************************** 314 315claTacacsServerTable OBJECT-TYPE 316 SYNTAX SEQUENCE OF ClaTacacsServerEntry 317 MAX-ACCESS not-accessible 318 STATUS current 319 DESCRIPTION 320 "This table represents the information about configuring 321 the Accounting, Authentication and Authorization servers. 322 The creation of a new row in claTacacsServerTable is 323 through an explicit network management action 324 results in creation of an entry in this table. 325 Similarly, deletion of a row in claTacacsServerTable 326 through user action causes the deletion of corresponding 327 row in this table. The claTacacsServerType defines the 328 server type being used and the claTacacsServerPriority 329 defines the priority the server accessed within a given 330 type." 331 ::= { claConfigObjects 2 } 332 333claTacacsServerEntry OBJECT-TYPE 334 SYNTAX ClaTacacsServerEntry 335 MAX-ACCESS not-accessible 336 STATUS current 337 DESCRIPTION 338 "Each entry in this table provides information about 339 the server that is configured for AAA. Each entry is 340 uniquely identified by the server type and priority 341 that server is accessed." 342 INDEX { 343 claTacacsServerType, 344 claTacacsServerPriority 345 } 346 ::= { claTacacsServerTable 1 } 347 348ClaTacacsServerEntry ::= SEQUENCE { 349 claTacacsServerType INTEGER, 350 claTacacsServerPriority Unsigned32, 351 claTacacsServerAddressType InetAddressType, 352 claTacacsServerAddress InetAddress, 353 claTacacsServerPortNum InetPortNumber, 354 claTacacsServerEnabled TruthValue, 355 claTacacsServerSecretType CLSecKeyFormat, 356 claTacacsServerSecret DisplayString, 357 claTacacsServerTimeout Unsigned32, 358 claTacacsServerStorageType StorageType, 359 claTacacsServerRowStatus RowStatus 360} 361 362claTacacsServerType OBJECT-TYPE 363 SYNTAX INTEGER { 364 authentication(1), 365 authorization(2), 366 accounting(3) 367 } 368 MAX-ACCESS not-accessible 369 STATUS current 370 DESCRIPTION 371 "This attribute identifies the type of the server 372 being configured." 373 ::= { claTacacsServerEntry 1 } 374 375claTacacsServerPriority OBJECT-TYPE 376 SYNTAX Unsigned32 377 MAX-ACCESS not-accessible 378 STATUS current 379 DESCRIPTION 380 "The priority value for this entry. This value 381 determines the unique priority for this entry. 382 The priority value for this entry determines the 383 order in which the server configured in this entry 384 is accessed. The lower the number, the higher the 385 priority. For example if there are 2 entries with 386 priority 1 and 2 respectively, the controller will 387 try the server with priority 1 before it tries 388 the server with priority 2." 389 ::= { claTacacsServerEntry 2 } 390 391claTacacsServerAddressType OBJECT-TYPE 392 SYNTAX InetAddressType 393 MAX-ACCESS read-create 394 STATUS current 395 DESCRIPTION 396 "This object represents the type of the network 397 address made available through claTacacsServerAddress. 398 This object must be set to a valid value before 399 setting the row to 'active'." 400 ::= { claTacacsServerEntry 3 } 401 402claTacacsServerAddress OBJECT-TYPE 403 SYNTAX InetAddress 404 MAX-ACCESS read-create 405 STATUS current 406 DESCRIPTION 407 "This object represents the address of the AAA server. 408 The type of the address stored in this object is 409 determined by the claTacacsServerAddressType object. 410 This object must be set to a valid value before 411 setting the row to 'active'." 412 ::= { claTacacsServerEntry 4 } 413 414claTacacsServerPortNum OBJECT-TYPE 415 SYNTAX InetPortNumber 416 MAX-ACCESS read-create 417 STATUS current 418 DESCRIPTION 419 "The port number for this server. This object must be 420 set to a valid value before setting the row to 421 'active'." 422 ::= { claTacacsServerEntry 5 } 423 424claTacacsServerEnabled OBJECT-TYPE 425 SYNTAX TruthValue 426 MAX-ACCESS read-create 427 STATUS current 428 DESCRIPTION 429 "When set to true the server state is enabled, 430 otherwise the state is disabled." 431 DEFVAL { true } 432 ::= { claTacacsServerEntry 6 } 433 434claTacacsServerSecretType OBJECT-TYPE 435 SYNTAX CLSecKeyFormat 436 MAX-ACCESS read-create 437 STATUS current 438 DESCRIPTION 439 "The claTacacsServerSecret value is set based on this 440 type. When reading this object, the value 'default' 441 is always returned. This object must be set to a valid 442 value before setting the row to 'active'." 443 ::= { claTacacsServerEntry 7 } 444 445claTacacsServerSecret OBJECT-TYPE 446 SYNTAX DisplayString 447 MAX-ACCESS read-create 448 STATUS current 449 DESCRIPTION 450 "The key configured for this server. For get operation 451 this always returns a string with asterisks. This object 452 must be set to a valid value before setting the row to 453 'active'. This object can be modified when a row is in 454 the 'active' state." 455 ::= { claTacacsServerEntry 8 } 456 457claTacacsServerTimeout OBJECT-TYPE 458 SYNTAX Unsigned32 (5..30) 459 UNITS "seconds" 460 MAX-ACCESS read-create 461 STATUS current 462 DESCRIPTION 463 "The number of seconds between retransmissions. This 464 object can be modified when a row is in the 'active' 465 state." 466 DEFVAL { 5 } 467 ::= { claTacacsServerEntry 9 } 468 469claTacacsServerStorageType OBJECT-TYPE 470 SYNTAX StorageType 471 MAX-ACCESS read-create 472 STATUS current 473 DESCRIPTION 474 "The storage type for this conceptual row. Conceptual 475 rows having the value 'permanent' need not allow 476 write-access to any columnar objects in the row." 477 DEFVAL { nonVolatile } 478 ::= { claTacacsServerEntry 10 } 479 480claTacacsServerRowStatus OBJECT-TYPE 481 SYNTAX RowStatus 482 MAX-ACCESS read-create 483 STATUS current 484 DESCRIPTION 485 "Used to add or delete an entry in this table. 486 The required parameters for this entry are 487 claTacacsServerAddress, claTacacsServerAddressType, 488 claTacacsServerPortNum, claTacacsServerSecret and 489 claTacacsServerSecretType should be provided. 490 When a row is in 'active' state, some objects 491 in this table can be modified as described in each 492 individual object's description." 493 ::= { claTacacsServerEntry 11 } 494 495 496-- ******************************************************************** 497-- AAA WLAN Table 498-- ******************************************************************** 499 500claWlanTable OBJECT-TYPE 501 SYNTAX SEQUENCE OF ClaWlanEntry 502 MAX-ACCESS not-accessible 503 STATUS current 504 DESCRIPTION 505 "AAA table corresponding to a WLAN. When WLAN is added a 506 new entry gets added to this table. The entry is removed 507 when the WLAN is removed." 508 ::= { claConfigObjects 3 } 509 510claWlanEntry OBJECT-TYPE 511 SYNTAX ClaWlanEntry 512 MAX-ACCESS not-accessible 513 STATUS current 514 DESCRIPTION 515 "Each entry in this table provides AAA information for 516 a WLAN." 517 INDEX { cLWlanIndex } 518 ::= { claWlanTable 1 } 519 520ClaWlanEntry ::= SEQUENCE { 521 claWlanAcctServerEnabled TruthValue, 522 claWlanAuthServerEnabled TruthValue 523} 524 525claWlanAcctServerEnabled OBJECT-TYPE 526 SYNTAX TruthValue 527 MAX-ACCESS read-write 528 STATUS current 529 DESCRIPTION 530 "Status to indicate whether the account server 531 is enabled(true) or disabled(false) for this WLAN." 532 DEFVAL { true } 533 ::= { claWlanEntry 1 } 534 535claWlanAuthServerEnabled OBJECT-TYPE 536 SYNTAX TruthValue 537 MAX-ACCESS read-write 538 STATUS current 539 DESCRIPTION 540 "This object represents the status whether the authentication 541 server is enabled(true) or disabled(false) for this WLAN." 542 DEFVAL { true } 543 ::= { claWlanEntry 2 } 544 545 546 547-- ******************************************************************* 548-- * Users Database 549-- ******************************************************************* 550 551claSaveUserData OBJECT-TYPE 552 SYNTAX TruthValue 553 MAX-ACCESS read-write 554 STATUS current 555 DESCRIPTION 556 "This object is used to save the guest user config to NVRAM. 557 Setting to the value of 'true' would save the data. 558 Setting to the value of 'false' would have no implications 559 here." 560 DEFVAL { true } 561 ::= { claConfigObjects 9 } 562 563-- ******************************************************************* 564-- * RADIUS web auth and Fallback params. 565-- ******************************************************************* 566 567claWebRadiusAuthentication OBJECT-TYPE 568 SYNTAX INTEGER { 569 pap(1), 570 chap(2), 571 md5-chap(3) 572 } 573 MAX-ACCESS read-write 574 STATUS current 575 DESCRIPTION 576 "This object is used to configure the Web RADIUS Authentication 577 parameters on the WLC. 578 PAP (1) - Configure Web RADIUS Authentication in PAP mode. 579 CHAP (2) - Configure Web RADIUS Authentication in CHAP mode. 580 MD5-CHAP (3) - Configure Web RADIUS Authentication in MD5-CHAP mode." 581 DEFVAL { pap } 582 ::= { claConfigObjects 10 } 583 584claRadiusFallbackMode OBJECT-TYPE 585 SYNTAX INTEGER { 586 off(1), 587 passive(2), 588 active(3) 589 } 590 MAX-ACCESS read-write 591 STATUS current 592 DESCRIPTION 593 "This object is used to configure the RADIUS Fallback Test mode 594 on the WLC. Following are the configurable options: 595 off (1) - Disables RADIUS server fallback test. 596 passive (2) - Sets server status based on last transaction. 597 active (3) - Sends probes to dead servers to test status." 598 DEFVAL { off } 599 ::= { claConfigObjects 11 } 600 601claRadiusFallbackUsername OBJECT-TYPE 602 SYNTAX SnmpAdminString 603 MAX-ACCESS read-write 604 STATUS current 605 DESCRIPTION 606 "This object is used to configure the RADIUS Fallback Test 607 username to be sent in dead server probes" 608 ::= { claConfigObjects 12 } 609 610claRadiusFallbackInterval OBJECT-TYPE 611 SYNTAX TimeInterval (180..3600) 612 UNITS "seconds" 613 MAX-ACCESS read-write 614 STATUS current 615 DESCRIPTION 616 "This object is used to configure the probe interval (when 617 claRadiusFallbackMode is in active mode) or inactive time 618 (when claRadiusFallbackMode is in passive mode)" 619 DEFVAL { 300 } 620 ::= { claConfigObjects 13 } 621 622claRadiusAuthMacDelimiter OBJECT-TYPE 623 SYNTAX INTEGER { 624 noDelimiter(1), 625 colon(2), 626 hyphen(3), 627 singleHyphen(4) 628 } 629 MAX-ACCESS read-write 630 STATUS current 631 DESCRIPTION 632 "The delimiter to be used for RADIUS authentication servers. 633 The possible values allowed are - 634 no delimiter (1) - as in xxxxxxxxxxxx. 635 colon (2) - as in xx:xx:xx:xx:xx:xx. 636 hyphen (3) - as in xx-xx-xx-xx-xx-xx. 637 single hyphen (4) - as in xxxxxx-xxxxxx." 638 DEFVAL { hyphen } 639 ::= { claConfigObjects 14 } 640 641claRadiusAcctMacDelimiter OBJECT-TYPE 642 SYNTAX INTEGER { 643 noDelimiter(1), 644 colon(2), 645 hyphen(3), 646 singleHyphen(4) 647 } 648 MAX-ACCESS read-write 649 STATUS current 650 DESCRIPTION 651 "The delimiter to be used for RADIUS accounting servers. 652 The possible values allowed are - 653 no delimiter (1) - as in xxxxxxxxxxxx. 654 colon (2) - as in xx:xx:xx:xx:xx:xx. 655 hyphen (3) - as in xx-xx-xx-xx-xx-xx. 656 single hyphen (4) - as in xxxxxx-xxxxxx." 657 DEFVAL { hyphen } 658 ::= { claConfigObjects 15 } 659 660-- ******************************************************************* 661-- * AP Policy Configuration params. 662-- ******************************************************************* 663 664claAcceptMICertificate OBJECT-TYPE 665 SYNTAX TruthValue 666 MAX-ACCESS read-write 667 STATUS current 668 DESCRIPTION 669 "This object specifies if controller will accept 670 Manufactured Installed Certificate from the 671 access points as part of authorization." 672 DEFVAL { false } 673 ::= { claConfigObjects 16 } 674 675claAcceptLSCertificate OBJECT-TYPE 676 SYNTAX TruthValue 677 MAX-ACCESS read-write 678 STATUS current 679 DESCRIPTION 680 "This object specifies if controller will accept 681 Local Significant Certificate from access points 682 as part of authorization." 683 DEFVAL { false } 684 ::= { claConfigObjects 17 } 685 686claAllowAuthorizeLscApAgainstAAA OBJECT-TYPE 687 SYNTAX TruthValue 688 MAX-ACCESS read-write 689 STATUS current 690 DESCRIPTION 691 "This object specifies if access points to be authorized 692 using a AAA RADIUS server or local database. 693 If this object is false, the access points would be 694 authorized using a local database." 695 DEFVAL { false } 696 ::= { claConfigObjects 18 } 697-- ******************************************************************** 698-- * Status objects 699-- ******************************************************************** 700 701claRadiusServerTable OBJECT-TYPE 702 SYNTAX SEQUENCE OF ClaRadiusServerEntry 703 MAX-ACCESS not-accessible 704 STATUS current 705 DESCRIPTION 706 "This table represents the information about the 707 requests sent to the RADIUS servers. 708 When a new request gets sent to the RADIUS server 709 an entry gets added to this table. The agents 710 maintains a circular queue which automatically 711 gets overwritten once the queue is full." 712 ::= { claStatusObjects 1 } 713 714claRadiusServerEntry OBJECT-TYPE 715 SYNTAX ClaRadiusServerEntry 716 MAX-ACCESS not-accessible 717 STATUS current 718 DESCRIPTION 719 "Each entry in this table provides information about 720 a request that is sent to a RADIUS server. 721 Each entry is uniquely identified by the 722 request identifier." 723 INDEX { claRadiusReqId } 724 ::= { claRadiusServerTable 1 } 725 726ClaRadiusServerEntry ::= SEQUENCE { 727 claRadiusReqId Unsigned32, 728 claRadiusAddressType InetAddressType, 729 claRadiusAddress InetAddress, 730 claRadiusPortNum InetPortNumber, 731 claRadiusWlanIdx Unsigned32, 732 claRadiusClientMacAddress MacAddress, 733 claRadiusUserName DisplayString 734} 735 736claRadiusReqId OBJECT-TYPE 737 SYNTAX Unsigned32 738 MAX-ACCESS not-accessible 739 STATUS current 740 DESCRIPTION 741 "This object indicates the request identifier of the 742 request sent to the RADIUS server." 743 ::= { claRadiusServerEntry 1 } 744 745claRadiusAddressType OBJECT-TYPE 746 SYNTAX InetAddressType 747 MAX-ACCESS read-only 748 STATUS current 749 DESCRIPTION 750 "This object indicates the address type for the RADIUS server." 751 ::= { claRadiusServerEntry 2 } 752 753claRadiusAddress OBJECT-TYPE 754 SYNTAX InetAddress 755 MAX-ACCESS read-only 756 STATUS current 757 DESCRIPTION 758 "This object indicates the address of the RADIUS server." 759 ::= { claRadiusServerEntry 3 } 760 761claRadiusPortNum OBJECT-TYPE 762 SYNTAX InetPortNumber 763 MAX-ACCESS read-only 764 STATUS current 765 DESCRIPTION 766 "This object indicates the port number for the RADIUS 767 server." 768 ::= { claRadiusServerEntry 4 } 769 770claRadiusWlanIdx OBJECT-TYPE 771 SYNTAX Unsigned32 (1..17) 772 MAX-ACCESS read-only 773 STATUS current 774 DESCRIPTION 775 "This object indicates the WLAN index whether the RADIUS 776 server is activating and deactivating." 777 ::= { claRadiusServerEntry 5 } 778 779claRadiusClientMacAddress OBJECT-TYPE 780 SYNTAX MacAddress 781 MAX-ACCESS read-only 782 STATUS current 783 DESCRIPTION 784 "This object indicates the client MAC address that sent the 785 request identified by the claRadiusReqId." 786 ::= { claRadiusServerEntry 6 } 787 788claRadiusUserName OBJECT-TYPE 789 SYNTAX DisplayString 790 MAX-ACCESS read-only 791 STATUS current 792 DESCRIPTION 793 "This object identifies the user for whom the request 794 identified by the claRadiusReqId was sent." 795 ::= { claRadiusServerEntry 7 } 796 797 798 799claDBCurrentUsedEntries OBJECT-TYPE 800 SYNTAX Gauge32 801 MAX-ACCESS read-only 802 STATUS current 803 DESCRIPTION 804 "This object specifies the current database entries used. 805 This includes the number of users, mac filters 806 configured in the system." 807 ::= { claStatusObjects 2 } 808 809-- ******************************************************************** 810-- * NOTIFICATION Control objects 811-- ******************************************************************** 812 813claRadiusServerGlobalActivatedEnabled OBJECT-TYPE 814 SYNTAX TruthValue 815 MAX-ACCESS read-write 816 STATUS current 817 DESCRIPTION 818 "The object to control the generation of 819 ciscoLwappAAARadiusServerGlobalActivated 820 notification. 821 822 A value of 'true' indicates that the agent generates 823 ciscoLwappAAARadiusServerGlobalActivated 824 notification. 825 826 A value of 'false' indicates that the agent doesn't 827 generate ciscoLwappAAARadiusServerGlobalActivated 828 notification." 829 DEFVAL { true } 830 ::= { claConfigObjects 4 } 831 832claRadiusServerGlobalDeactivatedEnabled OBJECT-TYPE 833 SYNTAX TruthValue 834 MAX-ACCESS read-write 835 STATUS current 836 DESCRIPTION 837 "The object to control the generation of 838 ciscoLwappAAARadiusServerGlobalDeactivated 839 notification. 840 841 A value of 'true' indicates that the agent generates 842 ciscoLwappAAARadiusServerGlobalDeactivated 843 notification. 844 845 A value of 'false' indicates that the agent doesn't 846 generate ciscoLwappAAARadiusServerGlobalDeactivated 847 notification." 848 DEFVAL { true } 849 ::= { claConfigObjects 5 } 850 851claRadiusServerWlanActivatedEnabled OBJECT-TYPE 852 SYNTAX TruthValue 853 MAX-ACCESS read-write 854 STATUS current 855 DESCRIPTION 856 "The object to control the generation of 857 ciscoLwappAAARadiusServerWlanActivated 858 notification. 859 860 A value of 'true' indicates that the agent generates 861 ciscoLwappAAARadiusServerWlanActivated 862 notification. 863 864 A value of 'false' indicates that the agent doesn't 865 generate ciscoLwappAAARadiusServerWlanActivated 866 notification." 867 DEFVAL { true } 868 ::= { claConfigObjects 6 } 869 870claRadiusServerWlanDeactivatedEnabled OBJECT-TYPE 871 SYNTAX TruthValue 872 MAX-ACCESS read-write 873 STATUS current 874 DESCRIPTION 875 "The object to control the generation of 876 ciscoLwappAAARadiusServerWlanDeactivated 877 notification. 878 879 A value of 'true' indicates that the agent generates 880 ciscoLwappAAARadiusServerWlanDeactivated 881 notification. 882 883 A value of 'false' indicates that the agent doesn't 884 generate ciscoLwappAAARadiusServerWlanDeactivated 885 notification." 886 DEFVAL { true } 887 ::= { claConfigObjects 7 } 888 889claRadiusReqTimedOutEnabled OBJECT-TYPE 890 SYNTAX TruthValue 891 MAX-ACCESS read-write 892 STATUS current 893 DESCRIPTION 894 "The object to control the generation of 895 ciscoLwappAAARadiusReqTimedOut notification. 896 897 A value of 'true' indicates that the agent generates 898 ciscoLwappAAARadiusReqTimedOut notification. 899 900 A value of 'false' indicates that the agent doesn't 901 generate ciscoLwappAAARadiusReqTimedOut notification." 902 DEFVAL { true } 903 ::= { claConfigObjects 8 } 904 905-- ******************************************************************** 906-- * NOTIFICATION TYPE objects 907-- ******************************************************************** 908 909ciscoLwappAAARadiusServerGlobalActivated NOTIFICATION-TYPE 910 OBJECTS { 911 claRadiusAddressType, 912 claRadiusAddress, 913 claRadiusPortNum 914 } 915 STATUS current 916 DESCRIPTION 917 "This notification is sent by the agent when the 918 controller detects that the RADIUS server is 919 activated in the global list. The RADIUS server 920 is identified by the address (claRadiusAddress) 921 and port number (claRadiusPortNum)." 922 ::= { ciscoLwappAAAMIBNotifs 1 } 923 924ciscoLwappAAARadiusServerGlobalDeactivated NOTIFICATION-TYPE 925 OBJECTS { 926 claRadiusAddressType, 927 claRadiusAddress, 928 claRadiusPortNum 929 } 930 STATUS current 931 DESCRIPTION 932 "This notification is sent by the agent when the 933 controller detects that the RADIUS server is 934 deactivated in the global list. The RADIUS server 935 is identified by the address (claRadiusAddress) 936 and port number (claRadiusPortNum)." 937 ::= { ciscoLwappAAAMIBNotifs 2 } 938 939ciscoLwappAAARadiusServerWlanActivated NOTIFICATION-TYPE 940 OBJECTS { 941 claRadiusAddressType, 942 claRadiusAddress, 943 claRadiusPortNum, 944 claRadiusWlanIdx 945 } 946 STATUS current 947 DESCRIPTION 948 "This notification is sent by the agent when the 949 controller detects that the RADIUS server is 950 activated on the WLAN. The RADIUS server 951 is identified by the address (claRadiusAddress) 952 and port number (claRadiusPortNum)." 953 ::= { ciscoLwappAAAMIBNotifs 3 } 954 955ciscoLwappAAARadiusServerWlanDeactivated NOTIFICATION-TYPE 956 OBJECTS { 957 claRadiusAddressType, 958 claRadiusAddress, 959 claRadiusPortNum, 960 claRadiusWlanIdx 961 } 962 STATUS current 963 DESCRIPTION 964 "This notification is sent by the agent when the 965 controller detects that the RADIUS server is 966 deactivated on the WLAN. The RADIUS server 967 is identified by the address (claRadiusAddress) 968 and port number (claRadiusPortNum)." 969 ::= { ciscoLwappAAAMIBNotifs 4 } 970 971ciscoLwappAAARadiusReqTimedOut NOTIFICATION-TYPE 972 OBJECTS { 973 claRadiusAddressType, 974 claRadiusAddress, 975 claRadiusPortNum, 976 claRadiusClientMacAddress, 977 claRadiusUserName 978 } 979 STATUS current 980 DESCRIPTION 981 "This notification is sent by the agent when the 982 controller detects that the RADIUS server failed 983 to respond to request from a client/user. The RADIUS 984 server is identified by the address (claRadiusAddress) 985 and port number (claRadiusPortNum)." 986 ::= { ciscoLwappAAAMIBNotifs 5 } 987-- ******************************************************************** 988 989ciscoLwappAAAMIBCompliances OBJECT IDENTIFIER 990 ::= { ciscoLwappAAAMIBConform 1 } 991 992ciscoLwappAAAMIBGroups OBJECT IDENTIFIER 993 ::= { ciscoLwappAAAMIBConform 2 } 994 995 996ciscoLwappAAAMIBCompliance MODULE-COMPLIANCE 997 STATUS deprecated 998 DESCRIPTION 999 "The compliance statement for the SNMP entities that 1000 implement the ciscoLwappAAAMIB module." 1001 MODULE -- this module 1002 MANDATORY-GROUPS { 1003 ciscoLwappAAAMIBConfigGroup, 1004 ciscoLwappAAAMIBNotifsGroup, 1005 ciscoLwappAAAMIBStatusObjsGroup 1006 } 1007 ::= { ciscoLwappAAAMIBCompliances 1 } 1008 1009ciscoLwappAAAMIBComplianceRev1 MODULE-COMPLIANCE 1010 STATUS current 1011 DESCRIPTION 1012 "The compliance statement for the SNMP entities that 1013 implement the ciscoLwappAAAMIB module." 1014 MODULE -- this module 1015 MANDATORY-GROUPS { 1016 ciscoLwappAAAMIBConfigGroup, 1017 ciscoLwappAAAMIBSaveUserConfigGroup, 1018 ciscoLwappAAAMIBRadiusConfigGroup, 1019 ciscoLwappAAAMIBAPPolicyConfigGroup, 1020 ciscoLwappAAAMIBWlanAuthAccServerConfigGroup, 1021 ciscoLwappAAAMIBNotifsGroup, 1022 ciscoLwappAAAMIBStatusObjsGroup, 1023 ciscoLwappAAAMIBDBEntriesGroup 1024 } 1025 ::= { ciscoLwappAAAMIBCompliances 2 } 1026 1027-- ******************************************************************** 1028-- * Units of conformance 1029-- ******************************************************************** 1030 1031ciscoLwappAAAMIBConfigGroup OBJECT-GROUP 1032 OBJECTS { 1033 claPriorityOrder, 1034 claTacacsServerAddressType, 1035 claTacacsServerAddress, 1036 claTacacsServerPortNum, 1037 claTacacsServerEnabled, 1038 claTacacsServerSecretType, 1039 claTacacsServerSecret, 1040 claTacacsServerTimeout, 1041 claTacacsServerStorageType, 1042 claTacacsServerRowStatus, 1043 claRadiusServerGlobalActivatedEnabled, 1044 claRadiusServerGlobalDeactivatedEnabled, 1045 claRadiusServerWlanActivatedEnabled, 1046 claRadiusServerWlanDeactivatedEnabled, 1047 claRadiusReqTimedOutEnabled 1048 } 1049 STATUS current 1050 DESCRIPTION 1051 "This collection of objects specifies the required 1052 parameters for AAA." 1053 ::= { ciscoLwappAAAMIBGroups 1 } 1054 1055ciscoLwappAAAMIBSaveUserConfigGroup OBJECT-GROUP 1056 OBJECTS { claSaveUserData } 1057 STATUS current 1058 DESCRIPTION 1059 "These is the configuration parameter related to 1060 guest user configuration saving." 1061 ::= { ciscoLwappAAAMIBGroups 2 } 1062 1063ciscoLwappAAAMIBNotifsGroup NOTIFICATION-GROUP 1064 NOTIFICATIONS { 1065 ciscoLwappAAARadiusServerGlobalActivated, 1066 ciscoLwappAAARadiusServerGlobalDeactivated, 1067 ciscoLwappAAARadiusServerWlanActivated, 1068 ciscoLwappAAARadiusServerWlanDeactivated, 1069 ciscoLwappAAARadiusReqTimedOut 1070 } 1071 STATUS current 1072 DESCRIPTION 1073 "This collection of objects specifies the 1074 notifications for AAA." 1075 ::= { ciscoLwappAAAMIBGroups 3 } 1076 1077ciscoLwappAAAMIBStatusObjsGroup OBJECT-GROUP 1078 OBJECTS { 1079 claRadiusAddressType, 1080 claRadiusAddress, 1081 claRadiusPortNum, 1082 claRadiusWlanIdx, 1083 claRadiusClientMacAddress, 1084 claRadiusUserName 1085 } 1086 STATUS current 1087 DESCRIPTION 1088 "This collection of objects represents the information 1089 about the general status attributes for AAA." 1090 ::= { ciscoLwappAAAMIBGroups 4 } 1091 1092ciscoLwappAAAMIBDBEntriesGroup OBJECT-GROUP 1093 OBJECTS { claDBCurrentUsedEntries } 1094 STATUS current 1095 DESCRIPTION 1096 "This is the additional object which represent 1097 the information about the general status 1098 attributes for AAA." 1099 ::= { ciscoLwappAAAMIBGroups 5 } 1100 1101ciscoLwappAAAMIBRadiusConfigGroup OBJECT-GROUP 1102 OBJECTS { 1103 claWebRadiusAuthentication, 1104 claRadiusFallbackMode, 1105 claRadiusFallbackUsername, 1106 claRadiusFallbackInterval, 1107 claRadiusAuthMacDelimiter, 1108 claRadiusAcctMacDelimiter 1109 } 1110 STATUS current 1111 DESCRIPTION 1112 "These are the RADIUS web authentication and 1113 fallback related configuration parameters on the WLC." 1114 ::= { ciscoLwappAAAMIBGroups 6 } 1115 1116ciscoLwappAAAMIBAPPolicyConfigGroup OBJECT-GROUP 1117 OBJECTS { 1118 claAcceptMICertificate, 1119 claAcceptLSCertificate, 1120 claAllowAuthorizeLscApAgainstAAA 1121 } 1122 STATUS current 1123 DESCRIPTION 1124 "These are the AP Policy related configuration 1125 parameters on the WLC." 1126 ::= { ciscoLwappAAAMIBGroups 7 } 1127 1128ciscoLwappAAAMIBWlanAuthAccServerConfigGroup OBJECT-GROUP 1129 OBJECTS { 1130 claWlanAuthServerEnabled, 1131 claWlanAcctServerEnabled 1132 } 1133 STATUS current 1134 DESCRIPTION 1135 "These are the authentication and account server configuration 1136 parameters per wlan." 1137 ::= { ciscoLwappAAAMIBGroups 8 } 1138 1139END 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156