1-- ***************************************************************** 2-- CISCO-DOT11-SSID-SECURITY-MIB.my: 3-- CISCO IEEE 802.11 SSID Security MIB 4-- 5-- October 2003, Francis Pang 6-- 7-- Copyright (c) 2003-2007 by Cisco Systems, Inc. 8-- All rights reserved. 9-- ***************************************************************** 10-- 11CISCO-DOT11-SSID-SECURITY-MIB DEFINITIONS ::= BEGIN 12 13IMPORTS 14 MODULE-IDENTITY, 15 OBJECT-TYPE, 16 Integer32, 17 Unsigned32 18 FROM SNMPv2-SMI 19 MODULE-COMPLIANCE, 20 OBJECT-GROUP 21 FROM SNMPv2-CONF 22 TEXTUAL-CONVENTION, 23 MacAddress, 24 RowStatus, 25 TruthValue 26 FROM SNMPv2-TC 27 SnmpAdminString 28 FROM SNMP-FRAMEWORK-MIB 29 ifIndex 30 FROM IF-MIB 31 InetAddressType, 32 InetAddress 33 FROM INET-ADDRESS-MIB 34 dot11AuthenticationAlgorithmsIndex 35 FROM IEEE802dot11-MIB 36 CDot11IfVlanIdOrZero 37 FROM CISCO-DOT11-IF-MIB 38 ciscoMgmt 39 FROM CISCO-SMI; 40 41 42-- ******************************************************************** 43-- * MODULE IDENTITY 44-- ******************************************************************** 45 46ciscoDot11SsidSecMIB MODULE-IDENTITY 47 LAST-UPDATED "200704120000Z" 48 ORGANIZATION "Cisco System Inc." 49 CONTACT-INFO 50 " Cisco Systems 51 Customer Service 52 53 Postal: 170 West Tasman Drive, 54 San Jose CA 95134-1706. 55 USA 56 57 Tel: +1 800 553-NETS 58 59 E-mail: cs-dot11@cisco.com" 60 DESCRIPTION 61 "This MIB module provides network management 62 support for Cisco IEEE 802.11 Wireless LAN 63 devices association and authentication. 64 65 ACRONYMS 66 AES 67 Advanced Encryption Standard. 68 69 AP 70 Access point. 71 72 AID 73 Association IDentifier for wireless stations. 74 75 BSS 76 IEEE 802.11 Basic Service Set. 77 78 BSSID 79 Basic SSID, a MAC address. 80 81 CCKM 82 Cisco Central Key Management. 83 84 CCMP 85 Code Mode/CBC Mac Protocol. 86 87 CKIP 88 Cisco per packet key hashing. 89 90 CMIC 91 Cisco MMH MIC. 92 93 CRC 94 Cyclic Redundancy Check. 95 96 DTIM 97 Data Traffic Indication Map 98 99 EAP 100 Extensible Authentication Protocol. 101 102 GRE 103 Generic Routing Encapsulation 104 105 IAPP 106 Inter-Access-Point Protocol. 107 108 ICV 109 Integrity Check Value. 110 111 MBSSID 112 Multiple Basic SSID. 113 114 MIC 115 Message Integrity Check. 116 117 MMH 118 Multi-Modal Hashing. 119 120 MMIC 121 Michael MIC. 122 123 RF 124 Radio Frequency. 125 126 SSID 127 Radio Service Set Id. 128 129 SSIDL IE 130 SSID List Information Element 131 132 STA 133 IEEE 802.11 wireless station. 134 135 TKIP 136 WPA Temporal Key encryption. 137 138 VLAN 139 Virtual LAN. 140 141 WEP 142 Wired Equivalent Privacy. 143 144 WPA 145 Wi-Fi Protected Access. 146 147 WPS 148 Wireless Provisioning System. 149 150 151 GLOSSARY 152 153 Access point 154 Transmitter/receiver (transceiver) device 155 that commonly connects and transports data 156 between a wireless network and a wired network. 157 158 Association 159 The service used to establish access point 160 or station mapping and enable STA invocation 161 of the distribution system services. 162 (Wireless clients attempt to connect to 163 access points.) 164 165 Basic Service Set 166 The IEEE 802.11 BSS of an AP comprises of the 167 stations directly associating with the AP. 168 169 Backup VLAN 170 Wireless clients found to be running outdated/ 171 unsupported virus software and not compliant to 172 network admission control guidelines need to be 173 placed on different VLANs than the intended normal 174 VLAN. These VLANs on which the non-compliant 175 clients are placed are termed as Backup VLANs. 176 Backup VLANs are used to quarantine the 177 non-compliant clients running incorrect software 178 till they upgrade their software to the correct 179 version. 180 181 Bridge 182 Device that connects two or more segments 183 and reduces traffic by analyzing the 184 destination address, filtering the frame, 185 and forwarding the frame to all connected 186 segments. 187 188 Bridge AP 189 It is an AP that functions as a transparent 190 bridge between 2 wired LAN segments. 191 192 Broadcast SSID 193 Clients can send out Broadcast SSID Probe 194 Requests to a nearby AP, and the AP will 195 broadcast its own SSID within its beacons 196 to response to clients. Clients can use this 197 Broadcast SSID to associate and communicate 198 with the AP. 199 200 Extensible Authentication Protocol 201 EAP acts as the interface between a wireless 202 client and an authentication server, such as a 203 RADIUS server, to which the access point 204 communicates over the wired network. 205 206 IEEE 802.11 207 Standard to encourage interoperability among 208 wireless networking equipment. 209 210 IEEE 802.11b 211 High-rate wireless LAN standard for wireless 212 data transfer at up to 11 Mbps. 213 214 IEEE P802.11g 215 Higher Speed Physical Layer (PHY) Extension to 216 IEEE 802.11b, will boost wireless LAN speed to 54 217 Mbps by using OFDM (orthogonal frequency division 218 multiplexing). The IEEE 802.11g specification is 219 backward compatible with the widely deployed IEEE 220 802.11b standard. 221 222 Inter-Access-Point Protocol 223 The IEEE 802.11 standard does not define how 224 access points track moving users or how to 225 negotiate a handoff from one access point to the 226 next, a process referred to as roaming. IAPP is 227 a Cisco proprietary protocol to support roaming. 228 However, IAPP does not address how the wireless 229 system tracks users moving from one subnet to 230 another. 231 232 Independent network 233 Network that provides peer-to-peer connectivity 234 without relying on a complete network 235 infrastructure. 236 237 Information Element 238 Optional wireless network management data element 239 in the beacons and probe responses generated by 240 wireless stations. These elements identify the 241 extended capabilities supported by the stations. 242 243 Integrity Check Value 244 The WEP ICV shall be a 32-bit value containing 245 the 32-bit cyclic redundancy code designed for 246 verifying wireless data frame integrity. 247 248 Message Integrity Check 249 A MIC can, optionally, be added to WEP-encrypted 250 802.11 frames. MIC prevents attacks on encrypted 251 packets. MIC, implemented on both the access point 252 and all associated client devices, adds a few bytes 253 to each packet to make the packets tamper-proof. 254 255 Multiple BSS-ID 256 An access point radio broadcasts and advertises 257 multiple SSIDs in the beacons. For clients' 258 prospective, it is like there are multiple access 259 points existing in the wireless network. 260 261 Native VLAN ID 262 A switch port and/or AP can be configured with a 263 'native VLAN ID'. Untagged or priority-tagged 264 frames are implicitly associated with the native 265 VLAN ID. The default native VLAN ID is '1' if 266 VLAN tagging is enabled. The native VLAN ID is '0' 267 or 'no VLAN ID' if VLAN tagging is not enabled. 268 269 Non-Root Bridge 270 This wireless bridge does not connect to the main 271 wired LAN segment. It connects to a remote wired 272 LAN segment and can associate with root bridges and 273 other non-root bridges that accept client 274 associations. It also can accept associations from 275 other non-root bridges, repeater access points, 276 and client devices. 277 278 Primary LAN 279 In an AP, if the destinations of inbound unicast 280 frames are unknown, the frames are sent toward 281 the primary LAN defined on the device. 282 283 Repeater 284 Device that connects multiple segments, 285 listening to each and regenerating the signal 286 on one to every other connected one; so that 287 the signal can travel further. 288 289 Repeater or Non-root Access Point 290 The repeater access point is not connected 291 to the wired LAN. The Repeater is a wireless 292 LAN transceiver that transfers data between 293 a client and another access point, another 294 repeater, or between two bridges. The repeater 295 is placed within radio range of an access point 296 connected to the wired LAN, another repeater, or 297 an non-root bridge to extend the range of the 298 infrastructure. 299 300 Radio Frequency 301 Radio wave and modulation process or operation. 302 303 Root Access Point 304 This access point connects clients to the main 305 wired LAN. 306 307 Root (Wireless) Bridge 308 This wireless bridge connects to the main wired 309 LAN. It can communicate with non-root wireless 310 bridges, repeater access points, and client 311 devices but not with another wireless root 312 bridge. Only one wireless bridge in a wireless 313 LAN can be set as the wireless root bridge. 314 315 Service Set ID 316 SSID is a unique identifier that APs and clients 317 use to identify with each other. SSID is a simple 318 means of access control and is not for security. 319 The SSID can be any alphanumeric entry up to 32 320 characters. 321 322 Virtual LAN 323 VLAN defined in the IEEE 802.1Q VLAN standard 324 supports logically segmenting of LAN 325 infrastructure into different subnets or 326 workgroups so that packets are switched only 327 between ports within the same VLAN. 328 329 VLAN ID 330 Each VLAN is identified by a 12-bit 'VLAN ID'. 331 A VLAN ID of '0' is used to indicate 332 'no VLAN ID'. Valid VLAN IDs range from '1' to 333 '4095'. VLAN of ID '4095' is the default VLAN 334 for Cisco VoIP Phones. 335 336 Wired Equivalent Privacy 337 WEP is generally used to refer to 802.11 338 encryption." 339 340 REVISION "200704120000Z" 341 DESCRIPTION 342 "The following changes have been made 343 - Added the following enumerations to 344 CDot11SecAuthKeyMgmtType. 345 346 - 'wpa1' 347 - 'wpa2' 348 349 - Added more explanations for the object 350 cdot11SecAuxSsidAuthKeyMgmt to describe 351 about the new key management 'wpa1' and 'wpa2'." 352 REVISION "200605160000Z" 353 DESCRIPTION 354 "Add cdot11SecSsidMaxBackupVlans, and 355 cdot11SecSsidBackupVlanTable, and 356 cdot11SecSsidvlanManagementGroup to manage the backup 357 VLAN configuration." 358 REVISION "200409140000Z" 359 DESCRIPTION 360 "Added cdot11MbssidMacAddrSupportTable and 361 cdot11MbssidInterfaceTable to support MBSSID 362 feature." 363 REVISION "200405150000Z" 364 DESCRIPTION 365 "This is the initial version of this MIB module." 366 ::= { ciscoMgmt 413 } 367 368 369ciscoDot11SsidSecMIBObjects OBJECT IDENTIFIER 370 ::= { ciscoDot11SsidSecMIB 1 } 371 372cdot11SecSsidManagement OBJECT IDENTIFIER 373 ::= { ciscoDot11SsidSecMIBObjects 1 } 374 375cdot11SecAuthManagement OBJECT IDENTIFIER 376 ::= { ciscoDot11SsidSecMIBObjects 2 } 377 378cdot11SecStatistics OBJECT IDENTIFIER 379 ::= { ciscoDot11SsidSecMIBObjects 3 } 380 381cdot11SecVlanManagement OBJECT IDENTIFIER 382 ::= { ciscoDot11SsidSecMIBObjects 4 } 383 384-- Textual Conventions 385 386CDot11SecAuthKeyMgmtType ::= TEXTUAL-CONVENTION 387 STATUS current 388 DESCRIPTION 389 "This is the encryption key management type 390 applied to different encryption key algorithms, 391 like TKIP, WEP, and CKIP. 392 cckm - Cisco Central Key Management 393 wpa - Key management WPA version 1 for TKIP Cipher and 394 Key management WPA version 2 for AES-CCMP Cipher 395 wpa1 - Key management WPA version 1 396 wpa2 - Key management WPA version 2" 397 SYNTAX BITS { 398 cckm(0), 399 wpa(1), 400 wpa1(2), 401 wpa2(3) 402 } 403 404CDot11WiFiPaPreSharedKey ::= TEXTUAL-CONVENTION 405 STATUS current 406 DESCRIPTION 407 "This is a 64-hexadecimal digit Wi-Fi Protected 408 Access Pre-shared Key. This key is used for 409 association authentication and dynamic encryption 410 key generation. The key can also be in the form 411 of a character string." 412 SYNTAX OCTET STRING (SIZE (0..128)) 413 414CDot11SsidString ::= TEXTUAL-CONVENTION 415 STATUS current 416 DESCRIPTION 417 "This is the SSID string defined for IEEE 802.11 418 wireless LAN devices." 419 SYNTAX OCTET STRING (SIZE(1..32)) 420 421CDot11VlanName ::= TEXTUAL-CONVENTION 422 STATUS current 423 DESCRIPTION 424 "This is a VLAN name string configured on RADIUS 425 servers. This should be an alpha-numeric string 426 with at least one alpha." 427 SYNTAX OCTET STRING (SIZE(1..32)) 428 429CDot11InformationElementType ::= TEXTUAL-CONVENTION 430 STATUS current 431 DESCRIPTION 432 "This is the set of Information Elements embedded 433 in the wireless device beacons and probe response 434 and the extended capabilities configurable on the 435 IEs: 436 ssidl - send SSIDL IE and may advertise extended 437 capabilities, i.e., 802.1x and WPS; 438 advertisement - send SSID name and capabilities 439 in the SSIDL IE; 440 wps - set WPS flag in the extended capabilities." 441 SYNTAX BITS { 442 ssidl(0), 443 advertisement(1), 444 wps(2) 445 } 446 447 448-- ******************************************************************** 449-- * Cisco IEEE 802.11 Interface Ssid Management 450-- ******************************************************************** 451 452cdot11SecAuxSsidTable OBJECT-TYPE 453 SYNTAX SEQUENCE OF Cdot11SecAuxSsidEntry 454 MAX-ACCESS not-accessible 455 STATUS current 456 DESCRIPTION 457 "This table contains the list of SSIDs that all 458 radio interfaces of this device should install 459 and use for client associations." 460 ::= { cdot11SecSsidManagement 1 } 461 462cdot11SecAuxSsidEntry OBJECT-TYPE 463 SYNTAX Cdot11SecAuxSsidEntry 464 MAX-ACCESS not-accessible 465 STATUS current 466 DESCRIPTION 467 "A collection of attributes defining an auxiliary 468 service set ID which client stations can use for 469 association for the device. Entries can be 470 installed on multiple radio interfaces." 471 INDEX { 472 cdot11SecAuxSsid 473 } 474 ::= { cdot11SecAuxSsidTable 1 } 475 476Cdot11SecAuxSsidEntry ::= 477 SEQUENCE { 478 cdot11SecAuxSsid 479 CDot11SsidString, 480 cdot11SecAuxSsidBroadcast 481 TruthValue, 482 cdot11SecAuxSsidInfraStruct 483 INTEGER, 484 cdot11SecAuxSsidProxyMobileIp 485 TruthValue, 486 cdot11SecAuxSsidMaxStations 487 Unsigned32, 488 cdot11SecAuxSsidVlan 489 CDot11IfVlanIdOrZero, 490 cdot11SecAuxSsidWpaPsk 491 CDot11WiFiPaPreSharedKey, 492 cdot11SecAuxRadiusAccounting 493 SnmpAdminString, 494 cdot11SecAuxSsidLoginUsername 495 SnmpAdminString, 496 cdot11SecAuxSsidLoginPassword 497 SnmpAdminString, 498 cdot11SecAuxSsidAuthKeyMgmt 499 CDot11SecAuthKeyMgmtType, 500 cdot11SecAuxSsidAuthKeyMgmtOpt 501 TruthValue, 502 cdot11SecAuxSsidRowStatus 503 RowStatus, 504 cdot11SecAuxSsidWirelessNetId 505 Integer32, 506 cdot11SecSsidRedirectAddrType 507 InetAddressType, 508 cdot11SecSsidRedirectDestAddr 509 InetAddress, 510 cdot11SecSsidRedirectFilter 511 SnmpAdminString, 512 cdot11SecSsidInformationElement 513 CDot11InformationElementType, 514 cdot11SecAuxSsidVlanName 515 CDot11VlanName, 516 cdot11SecAuxSsidMbssidBroadcast 517 TruthValue, 518 cdot11SecAuxSsidMbssidDtimPeriod 519 Integer32 520 } 521 522cdot11SecAuxSsid OBJECT-TYPE 523 SYNTAX CDot11SsidString 524 MAX-ACCESS not-accessible 525 STATUS current 526 DESCRIPTION 527 "This object specifies a SSID defined on this 528 IEEE 802.11 wireless LAN device. The SSID will 529 be installed on the radio interfaces for client 530 associations. The radio interface shall respond 531 to probe requests using this SSID, but it does 532 not advertise this SSID in its beacons unless 533 the cdot11SecAuxSsidBroadcast is 'true'." 534 ::= { cdot11SecAuxSsidEntry 1 } 535 536cdot11SecAuxSsidBroadcast OBJECT-TYPE 537 SYNTAX TruthValue 538 MAX-ACCESS read-create 539 STATUS current 540 DESCRIPTION 541 "This object indicates if an auxiliary SSID 542 is a Broadcast SSID. There should only be one 543 Broadcast SSID installed on any IEEE 802.11 544 radio interface if Multiple BSSID feature is 545 not enabled. To enable this SSID for MBSSID 546 broadcast, use cdot11SecAuxSsidMbssidBroadcast." 547 REFERENCE 548 "IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium 549 Access Control and Physical Layer Specifications, 550 LAN MAN Standards Committee of the IEEE Computer 551 Society, section 7.3.2.1." 552 DEFVAL { false } 553 ::= { cdot11SecAuxSsidEntry 2 } 554 555cdot11SecAuxSsidInfraStruct OBJECT-TYPE 556 SYNTAX INTEGER { 557 infraStructure(1), 558 nonInfraStructure(2), 559 optional(3) 560 } 561 MAX-ACCESS read-create 562 STATUS current 563 DESCRIPTION 564 "This object indicates if an auxiliary SSID 565 is an infra-structure SSID. There should only be 566 one infra-structure SSID installed on any IEEE 567 802.11 radio interface. The infra-structure 568 SSID is used for uplink association while the 569 radio interface cd11IfStationRole is roleWgb(1), 570 roleRepeater(5), roleNrBridge(9), or 571 roleApNrBridge(10). 572 infraStructure(1) - infra-structure SSID, 573 nonInfraStructure(2) - Non infra-structure SSID, 574 optional(3) - use of this infra-structure SSID 575 is optional for uplink connection." 576 REFERENCE 577 "cd11IfStationRole, cd11IfStationConfigTable, 578 CISCO-DOT11-IF-MIB." 579 DEFVAL { nonInfraStructure } 580 ::= { cdot11SecAuxSsidEntry 3 } 581 582cdot11SecAuxSsidProxyMobileIp OBJECT-TYPE 583 SYNTAX TruthValue 584 MAX-ACCESS read-create 585 STATUS current 586 DESCRIPTION 587 "This object indicates if an auxiliary SSID 588 is enabled for Proxy Mobile-IP support. If 589 Proxy Mobile-IP is not supported in VLAN 590 network environment, cdot11SecAuxSsidVlan should 591 be '0' when Proxy Mobile-IP is enabled via this 592 object." 593 DEFVAL { false } 594 ::= { cdot11SecAuxSsidEntry 4 } 595 596cdot11SecAuxSsidMaxStations OBJECT-TYPE 597 SYNTAX Unsigned32 (0..2007) 598 MAX-ACCESS read-create 599 STATUS current 600 DESCRIPTION 601 "This object defines the maximum number of IEEE 602 802.11 stations which may associate to a radio 603 interface through this SSID. If the value 604 is '0', the maximum number is limited only by the 605 IEEE 802.11 standard and any hardware or radio 606 firmware limitations of the access point." 607 REFERENCE 608 "IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium 609 Access Control and Physical Layer Specifications, 610 LAN MAN Standards Committee of the IEEE Computer 611 Society, section 5.7." 612 DEFVAL { 255 } 613 ::= { cdot11SecAuxSsidEntry 5 } 614 615cdot11SecAuxSsidVlan OBJECT-TYPE 616 SYNTAX CDot11IfVlanIdOrZero 617 MAX-ACCESS read-create 618 STATUS current 619 DESCRIPTION 620 "This object defines the VLAN trunk at which the 621 traffic will be used when a client is associating 622 with this SSID. The default value is '0', no 623 VLAN is configured or used for this SSID." 624 DEFVAL { 0 } 625 ::= { cdot11SecAuxSsidEntry 6 } 626 627cdot11SecAuxSsidWpaPsk OBJECT-TYPE 628 SYNTAX CDot11WiFiPaPreSharedKey 629 MAX-ACCESS read-create 630 STATUS current 631 DESCRIPTION 632 "This object configures Wi-Fi Protected Access 633 Pre-shared Key for this SSID. This key is used 634 for association authentication and dynamic 635 encryption key generation. The default value 636 is ''H if this shared key feature is not enabled." 637 DEFVAL { ''H } 638 ::= { cdot11SecAuxSsidEntry 7 } 639 640cdot11SecAuxRadiusAccounting OBJECT-TYPE 641 SYNTAX SnmpAdminString 642 MAX-ACCESS read-create 643 STATUS current 644 DESCRIPTION 645 "This object defines the name of the AAA accounting 646 list to be used for association accounting. The 647 default value is an empty string if AAA accounting 648 is not enabled." 649 DEFVAL { "" } 650 ::= { cdot11SecAuxSsidEntry 8 } 651 652cdot11SecAuxSsidLoginUsername OBJECT-TYPE 653 SYNTAX SnmpAdminString 654 MAX-ACCESS read-create 655 STATUS current 656 DESCRIPTION 657 "This object specifies the username used for 658 LEAP authentication and association to an uplink 659 AP while this SSID is in infra-structure mode, i.e. 660 cdot11SecAuxSsidInfraStruct is 'true'. The default 661 value is an empty string if this feature is not 662 enabled." 663 DEFVAL { "" } 664 ::= { cdot11SecAuxSsidEntry 9 } 665 666cdot11SecAuxSsidLoginPassword OBJECT-TYPE 667 SYNTAX SnmpAdminString 668 MAX-ACCESS read-create 669 STATUS current 670 DESCRIPTION 671 "This object specifies the password used for 672 LEAP authentication association to an uplink 673 AP while this SSID is in infra-structure mode, i.e. 674 cdot11SecAuxSsidInfraStruct is 'true'. The default 675 value is an empty string if this feature is not 676 enabled." 677 DEFVAL { "" } 678 ::= { cdot11SecAuxSsidEntry 10 } 679 680cdot11SecAuxSsidAuthKeyMgmt OBJECT-TYPE 681 SYNTAX CDot11SecAuthKeyMgmtType 682 MAX-ACCESS read-create 683 STATUS current 684 DESCRIPTION 685 "This object specifies the type of key management 686 employed for encryption keys defined for the VLAN 687 in cdot11SecAuxSsidVlan. 688 689 WPA key management('wpa') should only be selected 690 when encryption is TKIP or AES-CCMP and 691 authentication is open, i.e. 692 dot11AuthenticationAlgorithmsIndex is 693 openSystem(1), together either with EAP or 694 WPA-PSK for this SSID. 695 696 CCKM key management('cckm') can be used with encryption 697 TKIP, WEP, CKIP, and Network-EAP authentication 698 for this SSID. 699 700 The value 'wpa1' should be selected only 701 when encryption is TKIP. 702 703 The value 'wpa2' should be selected only when 704 encryption is either TKIP or AES-CCMP. 705 706 If none of the bits are set, there is no run-time 707 key management for this SSID." 708 ::= { cdot11SecAuxSsidEntry 11 } 709 710cdot11SecAuxSsidAuthKeyMgmtOpt OBJECT-TYPE 711 SYNTAX TruthValue 712 MAX-ACCESS read-create 713 STATUS current 714 DESCRIPTION 715 "This object specifies if the type of key 716 management, cdot11SecAuxSsidAuthKeyMgmt, 717 selected is optional. If it is 'true' and 718 cdot11SecAuxSsidAuthKeyMgmt is not 'none', 719 the key management is optional. If it is 720 'false' and cdot11SecAuxSsidAuthKeyMgmt 721 is not 'none', the key management is 722 mandatory." 723 DEFVAL { false } 724 ::= { cdot11SecAuxSsidEntry 12 } 725 726cdot11SecAuxSsidRowStatus OBJECT-TYPE 727 SYNTAX RowStatus 728 MAX-ACCESS read-create 729 STATUS current 730 DESCRIPTION 731 "This is used to create a new SSID entry on this 732 device, and modify or delete an existing SSID 733 entry. 734 735 Creation of rows must be done via 'createAndGo' 736 with or without optional objects. This object will 737 become 'active' if the NMS performs a multivarbind 738 set including this object and successfully creates 739 the SSID on this device. 740 741 Modification and deletion (via 'destroy') of rows can 742 be done when this object is 'active'. Any change 743 to an existing SSID configuration can cause clients 744 associating with the SSID to disassociate. And, 745 depends on the implementation, changes on the 746 existing SSIDs may not affect installed SSID on the 747 radio interfaces. Therefore, users are advised 748 to reset the corresponding SSID on the radio 749 interface via the cdot11SecInterfSsidTable." 750 ::= { cdot11SecAuxSsidEntry 13 } 751 752cdot11SecAuxSsidWirelessNetId OBJECT-TYPE 753 SYNTAX Integer32 (0..4096) 754 MAX-ACCESS read-create 755 STATUS current 756 DESCRIPTION 757 "This object sets the Wireless Network ID of this 758 SSID. This ID is used for Cisco GRE tunneling in 759 layer 3 switching. The valid range for the ID is 760 '1' to '4096' and the default value is '0' and it 761 indicates no ID is configured or used on this SSID." 762 DEFVAL { 0 } 763 ::= { cdot11SecAuxSsidEntry 14 } 764 765cdot11SecSsidRedirectAddrType OBJECT-TYPE 766 SYNTAX InetAddressType 767 MAX-ACCESS read-create 768 STATUS current 769 DESCRIPTION 770 "This is the address type of for the 771 cdot11SecSsidRedirectDestAddr." 772 DEFVAL { ipv4 } 773 ::= { cdot11SecAuxSsidEntry 15 } 774 775cdot11SecSsidRedirectDestAddr OBJECT-TYPE 776 SYNTAX InetAddress 777 MAX-ACCESS read-create 778 STATUS current 779 DESCRIPTION 780 "This is the destination address set to all packets 781 received from wireless clients associated to this 782 wireless station using the cdot11SecAuxSsid. The 783 cdot11SecSsidRedirectAddrType specifies the type 784 of this address. The default value '00000000'H 785 of cdot11SecSsidRedirectAddrType 'ipv4' indicates 786 that this packet redirection feature is not 787 enabled." 788 DEFVAL { '00000000'H } 789 ::= { cdot11SecAuxSsidEntry 16 } 790 791cdot11SecSsidRedirectFilter OBJECT-TYPE 792 SYNTAX SnmpAdminString 793 MAX-ACCESS read-create 794 STATUS current 795 DESCRIPTION 796 "When the packet redirection feature is enable 797 (i.e., cdot11SecSsidRedirectAddrType is 'ipv4' 798 and cdot11SecSsidRedirectDestAddr value is not 799 '00000000'H), this is the Cisco IP extended 800 access list number or name used for filtering 801 packets from wireless clients. Only packets 802 passed by the access list will be allowed to 803 forward to the cdot11SecSsidRedirectDestAddr. 804 If packet redirection is disabled, this 805 access list will not be applied. 806 807 The default value is an empty string to 808 indicate that no access list filter will be 809 applied." 810 DEFVAL { "" } 811 ::= { cdot11SecAuxSsidEntry 17 } 812 813cdot11SecSsidInformationElement OBJECT-TYPE 814 SYNTAX CDot11InformationElementType 815 MAX-ACCESS read-create 816 STATUS current 817 DESCRIPTION 818 "This is the set of Information Elements and 819 extended capabilities embedded in the SSID 820 broadcasted in beacons and probe responses. 821 The extended capabilities 'advertisement' and 'wps' 822 are allowed only if 'ssidl' is set." 823 DEFVAL { {} } 824 ::= { cdot11SecAuxSsidEntry 18 } 825 826cdot11SecAuxSsidVlanName OBJECT-TYPE 827 SYNTAX CDot11VlanName 828 MAX-ACCESS read-create 829 STATUS current 830 DESCRIPTION 831 "This is the name of the cdot11SecAuxSsidVlan. Either 832 cdot11SecAuxSsidVlan or cdot11SecAuxSsidVlanName can 833 be used to set the VLAN trunk for client traffic of 834 this SSID. If both cdot11SecAuxSsidVlanName and 835 cdot11SecAuxSsidVlan are set in a query, the set query 836 will succeed if only if there is a matching pair of 837 cdot11SecVlanName and cdot11SecVlanNameId in the 838 cdot11SecVlanNameTable. 839 840 The default value is a blank string, no VLAN or VLAN 841 name is configured or used for this SSID." 842 DEFVAL { " " } 843 ::= { cdot11SecAuxSsidEntry 19 } 844 845cdot11SecAuxSsidMbssidBroadcast OBJECT-TYPE 846 SYNTAX TruthValue 847 MAX-ACCESS read-create 848 STATUS current 849 DESCRIPTION 850 "This object controls if this SSID shall be 851 broadcasted if MBSSID is enabled at the interface 852 which this SSID is attached, i.e. 853 if both cd11IfMultipleBssidEnable and 854 cdot11SecAuxSsidMbssidBroadcastis are 'true', then 855 this SSID is broadcasted. Otherwise, this SSID 856 is not broadcasted." 857 REFERENCE 858 "CISCO-DOT11-IF-MIB, cd11IfStationConfigTable." 859 DEFVAL { false } 860 ::= { cdot11SecAuxSsidEntry 20 } 861 862cdot11SecAuxSsidMbssidDtimPeriod OBJECT-TYPE 863 SYNTAX Integer32 (0..255) 864 UNITS "beacons" 865 MAX-ACCESS read-create 866 STATUS current 867 DESCRIPTION 868 "This is the DTIM period for this MBSSID enabled SSID. 869 It is the number of beacon intervals that shall elapse 870 between transmission of Beacons frames containing a 871 TIM element whose DTIM Count field is 0. 872 873 This DTIM period is only applicable if MBSSID is 874 enabled at the interface which this SSID is attached, 875 i.e. cd11IfMultipleBssidEnable is 'true'. 876 877 The default value is 0 which indicates dot11DTIMPeriod 878 of IEEE802dot11-MIB is used. The current valid DTIM 879 period range for the radio is 1 to 100." 880 REFERENCE 881 "IEEE802dot11-MIB, dot11DTIMPeriod." 882 DEFVAL { 0 } 883 ::= { cdot11SecAuxSsidEntry 21 } 884 885 886cdot11SecAuxSsidAuthTable OBJECT-TYPE 887 SYNTAX SEQUENCE OF Cdot11SecAuxSsidAuthEntry 888 MAX-ACCESS not-accessible 889 STATUS current 890 DESCRIPTION 891 "This table contains attributes to configure 892 authentication parameters for SSIDs listed in the 893 cdot11SecAuxSsidTable. This table extends the 894 IEEE802dot11-MIB dot11AuthenticationAlgorithmsTable 895 to defines additional attributes authentication 896 procedures for multiple SSIDs. Multiple 897 authentication algorithms can apply to a single 898 auxiliary SSID. 899 900 This table has an expansion dependent relationship 901 on the cdot11SecAuxSsidTable. For each entry in 902 this table, there exists at least an entry in the 903 cdot11SecAuxSsidTable." 904 REFERENCE 905 "IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium 906 Access Control and Physical Layer Specifications, 907 LAN MAN Standards Committee of the IEEE Computer 908 Society, section 5.7.6." 909 ::= { cdot11SecSsidManagement 2 } 910 911cdot11SecAuxSsidAuthEntry OBJECT-TYPE 912 SYNTAX Cdot11SecAuxSsidAuthEntry 913 MAX-ACCESS not-accessible 914 STATUS current 915 DESCRIPTION 916 "Each entry specifies a pre-defined 917 authentication algorithms and additional 918 authentication procedures for clients of an 919 auxiliary SSID. The three pre-defined 920 authentication algorithms are: 921 openSystem(1), 922 sharedKey(2), and 923 network-EAP(3). 924 925 The valid combination of the pre-defined 926 authentications and additional procedures are: 927 openSystem(1) - plus EAP 928 - plus MAC or EAP 929 sharedKey(2) - plus MAC and EAP 930 - plus EAP 931 network-EAP(3) - plus MAC." 932 REFERENCE 933 "IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium 934 Access Control and Physical Layer Specifications, 935 LAN MAN Standards Committee of the IEEE Computer 936 Society, IEEE802dot11-MIB." 937 INDEX { 938 cdot11SecAuxSsid, 939 dot11AuthenticationAlgorithmsIndex 940 } 941 ::= { cdot11SecAuxSsidAuthTable 1 } 942 943Cdot11SecAuxSsidAuthEntry ::= 944 SEQUENCE { 945 cdot11SecAuxSsidAuthEnabled TruthValue, 946 cdot11SecAuxSsidAuthPlusEap TruthValue, 947 cdot11SecAuxSsidAuthPlusMac TruthValue, 948 cdot11SecAuxSsidAuthEapMethod SnmpAdminString, 949 cdot11SecAuxSsidAuthMacMethod SnmpAdminString, 950 cdot11SecAuxSsidAuthMacAlternate TruthValue 951 } 952 953cdot11SecAuxSsidAuthEnabled OBJECT-TYPE 954 SYNTAX TruthValue 955 MAX-ACCESS read-write 956 STATUS current 957 DESCRIPTION 958 "If the value is 'true', this device may 959 authenticate an association using SSID (specified 960 by cdot11SecAuxSsid) with the corresponding 961 pre-defined algorithm (identified by the 962 dot11AuthenticationAlgorithmsIndex). The default 963 value is 'true'." 964 REFERENCE 965 "IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium 966 Access Control and Physical Layer Specifications, 967 LAN MAN Standards Committee of the IEEE Computer 968 Society, IEEE802dot11-MIB." 969 ::= { cdot11SecAuxSsidAuthEntry 1 } 970 971cdot11SecAuxSsidAuthPlusEap OBJECT-TYPE 972 SYNTAX TruthValue 973 MAX-ACCESS read-write 974 STATUS current 975 DESCRIPTION 976 "If both the values of this object and 977 cdot11SecAuxSsidAuthEnabled are 'true', the 978 association authentication must complete additional 979 network-level EAP authentication before client 980 stations will be unblocked from their association 981 attempts. If the value of this object is 'false' 982 while cdot11SecAuxSsidAuthEnabled is 'true', client 983 stations will be unblocked as soon as they 984 complete the enabled IEEE 802.11 authentication. 985 986 The default value is 'false' for no additional 987 EAP authentication." 988 REFERENCE 989 "IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium 990 Access Control and Physical Layer Specifications, 991 LAN MAN Standards Committee of the IEEE Computer 992 Society, IEEE802dot11-MIB." 993 ::= { cdot11SecAuxSsidAuthEntry 2 } 994 995cdot11SecAuxSsidAuthPlusMac OBJECT-TYPE 996 SYNTAX TruthValue 997 MAX-ACCESS read-write 998 STATUS current 999 DESCRIPTION 1000 "If both the values of this object and 1001 cdot11SecAuxSsidAuthEnabled are 'true', the 1002 association authentication must complete additional 1003 MAC address authentication before client stations 1004 will be unblocked from their association 1005 attempts. If the value of this object is 'false' 1006 while cdot11SecAuxSsidAuthEnabled is 'true', client 1007 stations will be unblocked as soon as they 1008 complete the enabled IEEE 802.11 authentication. 1009 1010 The default value is 'false' for no additional 1011 MAC address authentication." 1012 REFERENCE 1013 "IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium 1014 Access Control and Physical Layer Specifications, 1015 LAN MAN Standards Committee of the IEEE Computer 1016 Society, IEEE802dot11-MIB." 1017 ::= { cdot11SecAuxSsidAuthEntry 3 } 1018 1019cdot11SecAuxSsidAuthEapMethod OBJECT-TYPE 1020 SYNTAX SnmpAdminString 1021 MAX-ACCESS read-write 1022 STATUS current 1023 DESCRIPTION 1024 "If the value of cdot11SecAuxSsidAuthPlusEap 1025 is 'true' or dot11AuthenticationAlgorithm is 1026 Network-EAP, this is the EAP method list to use 1027 for the EAP authentication. The default is an 1028 empty string if EAP is not used." 1029 REFERENCE 1030 "IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium 1031 Access Control and Physical Layer Specifications, 1032 LAN MAN Standards Committee of the IEEE Computer 1033 Society, IEEE802dot11-MIB." 1034 ::= { cdot11SecAuxSsidAuthEntry 4 } 1035 1036cdot11SecAuxSsidAuthMacMethod OBJECT-TYPE 1037 SYNTAX SnmpAdminString 1038 MAX-ACCESS read-write 1039 STATUS current 1040 DESCRIPTION 1041 "If the value of cdot11SecAuxSsidAuthPlusMac 1042 is 'true', this is the MAC address method list to 1043 use for the MAC authentication. The default is 1044 an empty string if MAC address authentication 1045 is not used." 1046 ::= { cdot11SecAuxSsidAuthEntry 5 } 1047 1048cdot11SecAuxSsidAuthMacAlternate OBJECT-TYPE 1049 SYNTAX TruthValue 1050 MAX-ACCESS read-write 1051 STATUS current 1052 DESCRIPTION 1053 "If the values of this object, 1054 cdot11SecAuxSsidAuthEnabled, 1055 cdot11SecAuxSsidAuthPlusMac, and 1056 cdot11SecAuxSsidAuthPlusEap are all 'true' and 1057 the dot11AuthenticationAlgorithm is 'openSystem' 1058 the, the association authentication only need to 1059 complete either additional MAC address or 1060 additional EAP authentication before client 1061 stations will be unblocked from their association 1062 attempts. If the value of this object is 'false', 1063 only one of the two additional authentications 1064 should be enabled. The default value is 'false' 1065 for only one additional should be configured." 1066 REFERENCE 1067 "IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium 1068 Access Control and Physical Layer Specifications, 1069 LAN MAN Standards Committee of the IEEE Computer 1070 Society, IEEE802dot11-MIB." 1071 ::= { cdot11SecAuxSsidAuthEntry 6 } 1072 1073 1074cdot11SecInterfSsidTable OBJECT-TYPE 1075 SYNTAX SEQUENCE OF Cdot11SecInterfSsidEntry 1076 MAX-ACCESS not-accessible 1077 STATUS current 1078 DESCRIPTION 1079 "This table contains the list of SSIDs installed 1080 on radio interfaces of this device and are used 1081 for client association. 1082 1083 This table has an expansion dependent relationship 1084 on the ifTable. For each entry in this table, 1085 there exists at least an entry in the ifTable of 1086 ifType ieee80211(71)." 1087 ::= { cdot11SecSsidManagement 3 } 1088 1089cdot11SecInterfSsidEntry OBJECT-TYPE 1090 SYNTAX Cdot11SecInterfSsidEntry 1091 MAX-ACCESS not-accessible 1092 STATUS current 1093 DESCRIPTION 1094 "A collection of attributes for an auxiliary 1095 service set ID installed on a IEEE 802.11 radio 1096 interface. An interface can have multiple 1097 auxiliary service set ID installed and the 1098 current maximum for each radio interface is 1099 16 SSIDs, and the cd11IfAuxiliarySsidLength 1100 object specifies the configured maximum." 1101 INDEX { 1102 ifIndex, 1103 cdot11SecAuxSsid 1104 } 1105 ::= { cdot11SecInterfSsidTable 1 } 1106 1107Cdot11SecInterfSsidEntry ::= 1108 SEQUENCE { 1109 cdot11SecInterfSsidRowStatus RowStatus 1110 } 1111 1112cdot11SecInterfSsidRowStatus OBJECT-TYPE 1113 SYNTAX RowStatus 1114 MAX-ACCESS read-create 1115 STATUS current 1116 DESCRIPTION 1117 "This is used to install a new SSID configuration, 1118 and modify or delete an existing SSID configuration 1119 on a radio interface. 1120 1121 Creation of rows must be done via 'createAndGo' and 1122 with an existing ifIndex of ifType ieee80211(71) 1123 and an existing cdot11SecAuxSsid in the 1124 cdot11SecAuxSsidTable. This object will become 1125 'active' if the NMS performs a multivarbind set 1126 including this object and successfully installs 1127 the SSID on this interface. 1128 1129 Modification and deletion (via 'destroy') of rows can 1130 be done when this object is 'active'. Any change 1131 to an existing SSID configuration can cause clients 1132 associating with the SSID to disassociate." 1133 ::= { cdot11SecInterfSsidEntry 1 } 1134 1135 1136cdot11MbssidMacAddrSupportTable OBJECT-TYPE 1137 SYNTAX SEQUENCE OF Cdot11MbssidMacAddrSupportEntry 1138 MAX-ACCESS not-accessible 1139 STATUS current 1140 DESCRIPTION 1141 "This table contains the list of available radio MAC 1142 addresses for supporting MBSSID on the IEEE 802.11 1143 radio. 1144 1145 This table has an expansion dependent relationship 1146 on the ifTable. For each entry in this table, there 1147 exists at least an entry in the ifTable of ifType 1148 ieee80211(71)." 1149 ::= { cdot11SecSsidManagement 4 } 1150 1151cdot11MbssidMacAddrSupportEntry OBJECT-TYPE 1152 SYNTAX Cdot11MbssidMacAddrSupportEntry 1153 MAX-ACCESS not-accessible 1154 STATUS current 1155 DESCRIPTION 1156 "Each entry is a MAC address assigned to the IEEE 1157 802.11 radio available to be used as a BSSID and 1158 broadcasted in the radio beacon when MBSSID feature 1159 is enabled." 1160 INDEX { 1161 ifIndex, 1162 cdot11MbssidMacAddrIndex 1163 } 1164 ::= { cdot11MbssidMacAddrSupportTable 1 } 1165 1166Cdot11MbssidMacAddrSupportEntry ::= 1167 SEQUENCE { 1168 cdot11MbssidMacAddrIndex Integer32, 1169 cdot11MbssidMacAddrSupported MacAddress 1170 } 1171 1172cdot11MbssidMacAddrIndex OBJECT-TYPE 1173 SYNTAX Integer32 (1..256) 1174 MAX-ACCESS read-only 1175 STATUS current 1176 DESCRIPTION 1177 "This is an unique index identifying the 1178 MAC address assigned on the radio. If MBSSID 1179 is not supported on this device, the only 1180 available index number is 1. Currently, if MBSSID 1181 is supported, the index numbers are 1 to 16." 1182 ::= { cdot11MbssidMacAddrSupportEntry 1 } 1183 1184cdot11MbssidMacAddrSupported OBJECT-TYPE 1185 SYNTAX MacAddress 1186 MAX-ACCESS read-only 1187 STATUS current 1188 DESCRIPTION 1189 "This MAC address can be used as BSSID and 1190 broadcasted in the beacon with a SSID when 1191 cd11IfMultipleBssidEnable is 'true'." 1192 REFERENCE 1193 "CISCO-DOT11-IF-MIB, cd11IfStationConfigTable." 1194 ::= { cdot11MbssidMacAddrSupportEntry 2 } 1195 1196 1197cdot11MbssidInterfaceTable OBJECT-TYPE 1198 SYNTAX SEQUENCE OF Cdot11MbssidInterfaceEntry 1199 MAX-ACCESS not-accessible 1200 STATUS current 1201 DESCRIPTION 1202 "This table displays the list of SSIDs and their 1203 corresponding BSSIDs configured on the IEEE 1204 802.11 radios. 1205 1206 This table has an expansion dependent relationship 1207 on the ifTable. For each entry in this table, there 1208 exists at least an entry in the ifTable of ifType 1209 ieee80211(71)." 1210 ::= { cdot11SecSsidManagement 5 } 1211 1212cdot11MbssidInterfaceEntry OBJECT-TYPE 1213 SYNTAX Cdot11MbssidInterfaceEntry 1214 MAX-ACCESS not-accessible 1215 STATUS current 1216 DESCRIPTION 1217 "Each entry defines an SSID being configured on 1218 the radio and the corresponding BSSID." 1219 INDEX { 1220 ifIndex, 1221 IMPLIED cdot11SecAuxSsid 1222 } 1223 ::= { cdot11MbssidInterfaceTable 1 } 1224 1225Cdot11MbssidInterfaceEntry ::= 1226 SEQUENCE { 1227 cdot11MbssidIfMacAddress MacAddress, 1228 cdot11MbssidIfBroadcast TruthValue 1229 } 1230 1231cdot11MbssidIfMacAddress OBJECT-TYPE 1232 SYNTAX MacAddress 1233 MAX-ACCESS read-only 1234 STATUS current 1235 DESCRIPTION 1236 "This is the BSSID to be sent with the radio SSID. 1237 If MBSSID feature is not enabled (i.e. 1238 cd11IfMultipleBssidEnable is 'false'), all SSIDs 1239 will be sent by the radio with the same BSSID and 1240 that is the radio hardware MAC address. 1241 1242 If MBSSID feature is enabled (i.e. 1243 cd11IfMultipleBssidEnable is 'true'), all SSIDs 1244 will be sent by the radio with different BSSIDs." 1245 REFERENCE 1246 "CISCO-DOT11-IF-MIB, cd11IfStationConfigTable." 1247 ::= { cdot11MbssidInterfaceEntry 1 } 1248 1249cdot11MbssidIfBroadcast OBJECT-TYPE 1250 SYNTAX TruthValue 1251 MAX-ACCESS read-only 1252 STATUS current 1253 DESCRIPTION 1254 "If d11IfMultipleBssidEnable is 'true', MBSSID 1255 is enabled for the radio and this SSID is a 1256 broadcast SSID as follows 1257 'true' - This SSID is a broadcast SSID and 1258 being broadcasted in the radio beacon. 1259 'false' - This SSID is not a broadcast SSID and 1260 is not broadcasted in the radio beacon." 1261 REFERENCE 1262 "CISCO-DOT11-IF-MIB, cd11IfStationConfigTable." 1263 ::= { cdot11MbssidInterfaceEntry 2 } 1264 1265cdot11SecSsidMaxBackupVlans OBJECT-TYPE 1266 SYNTAX Unsigned32 (1..128) 1267 MAX-ACCESS read-write 1268 STATUS current 1269 DESCRIPTION 1270 "Maximum number of backup VLANs that can be 1271 configured on a SSID." 1272 DEFVAL { 3 } 1273 ::= { cdot11SecSsidManagement 6 } 1274 1275cdot11SecSsidBackupVlanTable OBJECT-TYPE 1276 SYNTAX SEQUENCE OF Cdot11SecSsidBackupVlanEntry 1277 MAX-ACCESS not-accessible 1278 STATUS current 1279 DESCRIPTION 1280 "This table lists the backup VLANs configured 1281 on a SSID. 1282 1283 The number of backup VLANs that can be configured 1284 for each SSID identified by cdot11SecAuxSsid is 1285 limited by the value of dot11SecSsidMaxBackupVlans. 1286 1287 This table has an expansion depedent relationship with 1288 cdot11SecAuxSsidTable. The value of cdot11SecAuxSsid 1289 for the entries in this table must exist in 1290 cdot11SecAuxSsidTable. 1291 1292 When an entry in cdot11SecAuxSsidTable is deleted, 1293 all the backup VLANs configured for the corresponding 1294 SSID get deleted from this table." 1295 ::= { cdot11SecSsidManagement 7 } 1296 1297cdot11SecSsidBackupVlanEntry OBJECT-TYPE 1298 SYNTAX Cdot11SecSsidBackupVlanEntry 1299 MAX-ACCESS not-accessible 1300 STATUS current 1301 DESCRIPTION 1302 "Each entry defines a backup VLAN configured on an 1303 SSID. " 1304 INDEX { cdot11SecAuxSsid, cdot11SecSsidBackupVlan } 1305 ::= { cdot11SecSsidBackupVlanTable 1 } 1306 1307Cdot11SecSsidBackupVlanEntry ::= 1308 SEQUENCE { 1309 cdot11SecSsidBackupVlan CDot11IfVlanIdOrZero, 1310 cdot11SecSsidBackupVlanRowStatus RowStatus 1311 } 1312 1313cdot11SecSsidBackupVlan OBJECT-TYPE 1314 SYNTAX CDot11IfVlanIdOrZero (1..4095) 1315 MAX-ACCESS not-accessible 1316 STATUS current 1317 DESCRIPTION 1318 "The backup VLAN configured on a SSID identified 1319 by the instance identifier value of cdot11SecAuxSsid. " 1320 ::= { cdot11SecSsidBackupVlanEntry 1 } 1321 1322cdot11SecSsidBackupVlanRowStatus OBJECT-TYPE 1323 SYNTAX RowStatus 1324 MAX-ACCESS read-create 1325 STATUS current 1326 DESCRIPTION 1327 "The status of this conceptual row." 1328 ::= { cdot11SecSsidBackupVlanEntry 2 } 1329 1330cdot11SecLocalAuthServerEnabled OBJECT-TYPE 1331 SYNTAX TruthValue 1332 MAX-ACCESS read-write 1333 STATUS current 1334 DESCRIPTION 1335 "This object configures the use of local 1336 authentication server. If it is 'true', 1337 local authentication server is enabled. If it 1338 is 'false', the local authentication server is 1339 disabled. If both local and network servers are 1340 configured, the local server is used as back up 1341 when network authentication server is not 1342 available." 1343 ::= { cdot11SecAuthManagement 1 } 1344 1345cdot11SecVlanNameTable OBJECT-TYPE 1346 SYNTAX SEQUENCE OF Cdot11SecVlanNameEntry 1347 MAX-ACCESS not-accessible 1348 STATUS current 1349 DESCRIPTION 1350 "This table contains the mapping of VLAN names to 1351 IDs. A RADIUS server servering this wireless 1352 station can assign wireless clients associating 1353 to this station to a particular VLAN by either 1354 a VLAN name or an ID. 1355 1356 When the VLAN assign of a client is via VLAN name, 1357 this table is used to look up for the corresponding 1358 VLAN ID and VLAN configured on this wireless 1359 station. Each VLAN name uniquely identifies a 1360 VLAN on a wireless station, and a VLAN ID can 1361 associate to multiple VLAN names in this table." 1362 ::= { cdot11SecVlanManagement 1 } 1363 1364cdot11SecVlanNameEntry OBJECT-TYPE 1365 SYNTAX Cdot11SecVlanNameEntry 1366 MAX-ACCESS not-accessible 1367 STATUS current 1368 DESCRIPTION 1369 "A collection of attributes defining the properties 1370 of a VLAN name and the corresponding VLAN ID." 1371 INDEX { 1372 cdot11SecVlanName 1373 } 1374 ::= { cdot11SecVlanNameTable 1 } 1375 1376Cdot11SecVlanNameEntry ::= 1377 SEQUENCE { 1378 cdot11SecVlanName CDot11VlanName, 1379 cdot11SecVlanNameId CDot11IfVlanIdOrZero, 1380 cdot11SecVlanNameRowStatus RowStatus 1381 } 1382 1383cdot11SecVlanName OBJECT-TYPE 1384 SYNTAX CDot11VlanName 1385 MAX-ACCESS not-accessible 1386 STATUS current 1387 DESCRIPTION 1388 "This object defines the VLAN name assigned to 1389 wireless clients by the RADIUS server serving 1390 this wireless station." 1391 ::= { cdot11SecVlanNameEntry 1 } 1392 1393cdot11SecVlanNameId OBJECT-TYPE 1394 SYNTAX CDot11IfVlanIdOrZero 1395 MAX-ACCESS read-create 1396 STATUS current 1397 DESCRIPTION 1398 "This object defines the VLAN trunk to which 1399 a client associating to this wireless station 1400 will be on. The value is '0' is not valid." 1401 ::= { cdot11SecVlanNameEntry 2 } 1402 1403cdot11SecVlanNameRowStatus OBJECT-TYPE 1404 SYNTAX RowStatus 1405 MAX-ACCESS read-create 1406 STATUS current 1407 DESCRIPTION 1408 "This is used to create a new VLAN name to ID 1409 mapping entry on this device, and modify or delete 1410 an existing mapping entry. 1411 1412 Creation of rows must be done via 'createAndGo' 1413 with all other mandatory objects. This object will 1414 become 'active' if the NMS performs a multivarbind 1415 set including this object and successfully creates 1416 the VLAN name entry on this device. 1417 1418 Modification and deletion (via 'destroy') of rows can 1419 be done when this object is 'active'. Any change 1420 to an existing VLAN name to ID mapping configuration 1421 do not affect existing associated wireless clients." 1422 ::= { cdot11SecVlanNameEntry 3 } 1423 1424 1425-- ******************************************************************** 1426-- * Conformance information 1427-- ******************************************************************** 1428 1429 1430ciscoDot11SsidSecMIBConformance 1431 OBJECT IDENTIFIER ::= { ciscoDot11SsidSecMIB 2 } 1432ciscoDot11SsidSecMIBCompliances 1433 OBJECT IDENTIFIER ::= { ciscoDot11SsidSecMIBConformance 1 } 1434ciscoDot11SsidSecMIBGroups 1435 OBJECT IDENTIFIER ::= { ciscoDot11SsidSecMIBConformance 2 } 1436 1437 1438-- ***************************************************************** 1439-- Compliance statements 1440-- ***************************************************************** 1441 1442ciscoDot11SsidSecCompliance MODULE-COMPLIANCE 1443 STATUS deprecated -- by ciscoDot11SsidSecComplianceRev1 1444 DESCRIPTION 1445 "This is the compliance statement for the 1446 ciscoDot11SsidSecMIB module." 1447 MODULE 1448 MANDATORY-GROUPS { 1449 cdot11SecSsidManagementGroup, 1450 cdot11SsidAuthenticationGroup, 1451 cdot11ModuleAuthenticationGroup 1452 } 1453 1454 GROUP cdot11SecVlanManagementGroup 1455 DESCRIPTION 1456 "This group is required only if VLAN by name is 1457 supported on the IEEE 802.11 wireless LAN 1458 devices." 1459 1460 GROUP cdot11MbssidSupportGroup 1461 DESCRIPTION 1462 "This group is required only if MBSSID feature 1463 is supported on the IEEE 802.11 wireless LAN 1464 devices." 1465 1466 OBJECT cdot11SecAuxSsidLoginPassword 1467 DESCRIPTION 1468 "Due to security reasons, for SNMPv1/v2c, this 1469 this object will return blank spaces if a 1470 password is configured." 1471 1472 OBJECT cdot11SecAuxSsidMaxStations 1473 DESCRIPTION 1474 "The supported range of values for SET queries 1475 are 1 to 255. The supported range of values for 1476 SNMP GET or GET-NEXT queries are 0 to 255." 1477 1478 OBJECT cdot11SecSsidRedirectFilter 1479 DESCRIPTION 1480 "Only Cisco IP extend access list number 100 to 1481 199 are required and supported." 1482 1483 OBJECT cdot11SecAuxSsidRowStatus 1484 SYNTAX INTEGER { 1485 active(1), 1486 createAndGo(4), 1487 destroy(6) 1488 } 1489 DESCRIPTION 1490 "Only the values 'createAndGo', 'destroy', and 1491 'active' need to be supported." 1492 1493 OBJECT cdot11SecInterfSsidRowStatus 1494 SYNTAX INTEGER { 1495 active(1), 1496 createAndGo(4), 1497 destroy(6) 1498 } 1499 DESCRIPTION 1500 "Only the values 'createAndGo', 'destroy', and 1501 'active' need to be supported." 1502 1503 OBJECT cdot11SecVlanNameRowStatus 1504 SYNTAX INTEGER { 1505 active(1), 1506 createAndGo(4), 1507 destroy(6) 1508 } 1509 DESCRIPTION 1510 "Only the values 'createAndGo', 'destroy', and 1511 'active' need to be supported." 1512 1513 ::= { ciscoDot11SsidSecMIBCompliances 1 } 1514 1515 1516ciscoDot11SsidSecComplianceRev1 MODULE-COMPLIANCE 1517 STATUS current 1518 DESCRIPTION 1519 "This is the compliance statement for the 1520 ciscoDot11SsidSecMIB module." 1521 MODULE 1522 MANDATORY-GROUPS { 1523 cdot11SecSsidManagementGroup, 1524 cdot11SsidAuthenticationGroup, 1525 cdot11ModuleAuthenticationGroup, 1526 cdot11SecSsidBackupVlanManagementGroup 1527 } 1528 1529 GROUP cdot11SecVlanManagementGroup 1530 DESCRIPTION 1531 "This group is required only if VLAN by name is 1532 supported on the IEEE 802.11 wireless LAN 1533 devices." 1534 1535 GROUP cdot11MbssidSupportGroup 1536 DESCRIPTION 1537 "This group is required only if MBSSID feature 1538 is supported on the IEEE 802.11 wireless LAN 1539 devices." 1540 1541 OBJECT cdot11SecAuxSsidLoginPassword 1542 DESCRIPTION 1543 "Due to security reasons, for SNMPv1/v2c, this 1544 this object will return blank spaces if a 1545 password is configured." 1546 1547 OBJECT cdot11SecAuxSsidMaxStations 1548 DESCRIPTION 1549 "The supported range of values for SET queries 1550 are 1 to 255. The supported range of values for 1551 SNMP GET or GET-NEXT queries are 0 to 255." 1552 1553 OBJECT cdot11SecSsidRedirectFilter 1554 DESCRIPTION 1555 "Only Cisco IP extend access list number 100 to 1556 199 are required and supported." 1557 1558 OBJECT cdot11SecAuxSsidRowStatus 1559 SYNTAX INTEGER { 1560 active(1), 1561 createAndGo(4), 1562 destroy(6) 1563 } 1564 DESCRIPTION 1565 "Only the values 'createAndGo', 'destroy', and 1566 'active' need to be supported." 1567 1568 OBJECT cdot11SecInterfSsidRowStatus 1569 SYNTAX INTEGER { 1570 active(1), 1571 createAndGo(4), 1572 destroy(6) 1573 } 1574 DESCRIPTION 1575 "Only the values 'createAndGo', 'destroy', and 1576 'active' need to be supported." 1577 1578 OBJECT cdot11SecVlanNameRowStatus 1579 SYNTAX INTEGER { 1580 active(1), 1581 createAndGo(4), 1582 destroy(6) 1583 } 1584 DESCRIPTION 1585 "Only the values 'createAndGo', 'destroy', and 1586 'active' need to be supported." 1587 1588 OBJECT cdot11SecSsidBackupVlanRowStatus 1589 SYNTAX INTEGER { 1590 active(1), 1591 createAndGo(4), 1592 destroy(6) 1593 } 1594 DESCRIPTION 1595 "Only the values 'createAndGo', 'destroy', and 1596 'active' need to be supported." 1597 1598 ::= { ciscoDot11SsidSecMIBCompliances 2 } 1599 1600-- ***************************************************************** 1601-- Units of conformance 1602-- ***************************************************************** 1603 1604cdot11SecSsidManagementGroup OBJECT-GROUP 1605 OBJECTS { 1606 cdot11SecAuxSsidBroadcast, 1607 cdot11SecAuxSsidInfraStruct, 1608 cdot11SecAuxSsidProxyMobileIp, 1609 cdot11SecAuxSsidMaxStations, 1610 cdot11SecAuxSsidVlan, 1611 cdot11SecAuxSsidWpaPsk, 1612 cdot11SecAuxRadiusAccounting, 1613 cdot11SecAuxSsidLoginUsername, 1614 cdot11SecAuxSsidLoginPassword, 1615 cdot11SecAuxSsidAuthKeyMgmt, 1616 cdot11SecAuxSsidAuthKeyMgmtOpt, 1617 cdot11SecAuxSsidRowStatus, 1618 cdot11SecAuxSsidWirelessNetId, 1619 cdot11SecSsidRedirectAddrType, 1620 cdot11SecSsidRedirectDestAddr, 1621 cdot11SecSsidRedirectFilter, 1622 cdot11SecSsidInformationElement, 1623 cdot11SecAuxSsidVlanName, 1624 cdot11SecInterfSsidRowStatus 1625 } 1626 STATUS current 1627 DESCRIPTION 1628 "This group includes objects to manage SSID 1629 on IEEE 802.11 devices and interfaces." 1630 ::= { ciscoDot11SsidSecMIBGroups 1 } 1631 1632cdot11SsidAuthenticationGroup OBJECT-GROUP 1633 OBJECTS { 1634 cdot11SecAuxSsidAuthEnabled, 1635 cdot11SecAuxSsidAuthPlusEap, 1636 cdot11SecAuxSsidAuthPlusMac, 1637 cdot11SecAuxSsidAuthEapMethod, 1638 cdot11SecAuxSsidAuthMacMethod, 1639 cdot11SecAuxSsidAuthMacAlternate 1640 } 1641 STATUS current 1642 DESCRIPTION 1643 "This group includes objects to manage the 1644 association and authentication algorithms 1645 for SSIDs." 1646 ::= { ciscoDot11SsidSecMIBGroups 2 } 1647 1648cdot11ModuleAuthenticationGroup OBJECT-GROUP 1649 OBJECTS { 1650 cdot11SecLocalAuthServerEnabled 1651 } 1652 STATUS current 1653 DESCRIPTION 1654 "This group includes objects to manage the 1655 association and authentication of this 1656 wireless station module." 1657 ::= { ciscoDot11SsidSecMIBGroups 3 } 1658 1659cdot11SecVlanManagementGroup OBJECT-GROUP 1660 OBJECTS { 1661 cdot11SecVlanNameId, 1662 cdot11SecVlanNameRowStatus 1663 } 1664 STATUS current 1665 DESCRIPTION 1666 "This group includes objects to manage the 1667 VLAN name and ID mapping table." 1668 ::= { ciscoDot11SsidSecMIBGroups 4 } 1669 1670 1671cdot11MbssidSupportGroup OBJECT-GROUP 1672 OBJECTS { 1673 cdot11SecAuxSsidMbssidBroadcast, 1674 cdot11SecAuxSsidMbssidDtimPeriod, 1675 cdot11MbssidMacAddrIndex, 1676 cdot11MbssidMacAddrSupported, 1677 cdot11MbssidIfMacAddress, 1678 cdot11MbssidIfBroadcast 1679 } 1680 STATUS current 1681 DESCRIPTION 1682 "This group includes objects providing 1683 MBSSID configuration information." 1684 ::= { ciscoDot11SsidSecMIBGroups 5 } 1685 1686 1687cdot11SecSsidBackupVlanManagementGroup OBJECT-GROUP 1688 OBJECTS { 1689 cdot11SecSsidBackupVlanRowStatus, 1690 cdot11SecSsidMaxBackupVlans 1691 } 1692 STATUS current 1693 DESCRIPTION 1694 "This group of objects are to manage the 1695 backup VLAN configuration on a SSID. " 1696 ::= { ciscoDot11SsidSecMIBGroups 6 } 1697END 1698