1-- ******************************************************************* 2-- CISCO-LWAPP-DOT11-LDAP-MIB.my 3-- January 2007, Devesh Pujari, Srinath Candadai 4-- 5-- Copyright (c) 2007, 2009 by Cisco Systems Inc. 6-- All rights reserved. 7-- ******************************************************************* 8 9CISCO-LWAPP-DOT11-LDAP-MIB DEFINITIONS ::= BEGIN 10 11IMPORTS 12 MODULE-IDENTITY, 13 OBJECT-TYPE, 14 Unsigned32 15 FROM SNMPv2-SMI 16 MODULE-COMPLIANCE, 17 OBJECT-GROUP 18 FROM SNMPv2-CONF 19 DisplayString, 20 RowStatus, 21 TruthValue, 22 StorageType, 23 TEXTUAL-CONVENTION 24 FROM SNMPv2-TC 25 InetAddressType, 26 InetAddress, 27 InetPortNumber 28 FROM INET-ADDRESS-MIB 29 SnmpAdminString 30 FROM SNMP-FRAMEWORK-MIB 31 cLWlanIndex 32 FROM CISCO-LWAPP-WLAN-MIB 33 ciscoMgmt 34 FROM CISCO-SMI; 35 36 37-- ******************************************************************** 38-- * MODULE IDENTITY 39-- ******************************************************************** 40 41ciscoLwappDot11LdapMIB MODULE-IDENTITY 42 LAST-UPDATED "200912100000Z" 43 ORGANIZATION "Cisco Systems Inc." 44 CONTACT-INFO 45 "Cisco Systems, 46 Customer Service 47 Postal: 170 West Tasman Drive 48 San Jose, CA 95134 49 USA 50 Tel: +1 800 553-NETS 51 52 Email: cs-wnbu-snmp@cisco.com" 53 DESCRIPTION 54 "This MIB is intended to be implemented on all those 55 devices operating as Central controllers, that 56 terminate the Light Weight Access Point Protocol 57 tunnel from Cisco Light-weight LWAPP Access Points. 58 59 Information provided by this MIB is used to manage 60 LDAP features on the controller. 61 62 The relationship between CC and the LWAPP APs 63 can be depicted as follows: 64 65 +......+ +......+ +......+ 66 + + + + + + 67 + CC + + CC + + CC + 68 + + + + + + 69 +......+ +......+ +......+ 70 .. . . 71 .. . . 72 . . . . 73 . . . . 74 . . . . 75 . . . . 76 +......+ +......+ +......+ +......+ 77 + + + + + + + + 78 + AP + + AP + + AP + + AP + 79 + + + + + + + + 80 +......+ +......+ +......+ +......+ 81 . . . 82 . . . . 83 . . . . 84 . . . . 85 . . . . 86 +......+ +......+ +......+ +......+ 87 + + + + + + + + 88 + MN + + MN + + MN + + MN + 89 + + + + + + + + 90 +......+ +......+ +......+ +......+ 91 92 93 The LWAPP tunnel exists between the controller and 94 the APs. The MNs communicate with the APs through 95 the protocol defined by the 802.11 standard. 96 97 LWAPP APs, upon bootup, discover and join one of the 98 controllers and the controller pushes the configuration, 99 that includes the WLAN parameters, to the LWAPP APs. 100 The APs then encapsulate all the 802.11 frames from 101 wireless clients inside LWAPP frames and forward 102 the LWAPP frames to the controller. 103 104 GLOSSARY 105 106 Access Point ( AP ) 107 108 An entity that contains an 802.11 medium access 109 control ( MAC ) and physical layer ( PHY ) interface 110 and provides access to the distribution services via 111 the wireless medium for associated clients. 112 113 LWAPP APs encapsulate all the 802.11 frames in 114 LWAPP frames and sends them to the controller to which 115 it is logically connected. 116 117 Gratuitous Probe Response (GPR) 118 119 The Gratuitous Probe Response feature aids in conserving 120 battery power of WLAN-enabled cell phones by providing 121 a high rate packet on the order of tens of milliseconds 122 such that these kind of phones can wake up and wait at 123 predefined intervals, to reduce battery power. The 124 GPR packet is transmitted from the AP at a predefined 125 time interval. 126 127 128 Light Weight Access Point Protocol ( LWAPP ) 129 130 This is a generic protocol that defines the 131 communication between the Access Points and the 132 Central Controller. 133 134 Mobile Node ( MN ) 135 136 A roaming 802.11 wireless device in a wireless 137 network associated with an access point. Mobile Node 138 and client are used interchangeably. 139 140 Lightweight Directory Access Protocol ( LDAP ) 141 142 LDAP is a protocol used for obtaining directory services 143 and runs over TCP/IP. 144 145 Transport Layer Security ( TLS ) 146 147 This is a cryptographic protocol which provides secure 148 communication over the network. 149 150 REFERENCE 151 152 [1] Wireless LAN Medium Access Control ( MAC ) and 153 Physical Layer ( PHY ) Specifications 154 155 [2] Draft-obara-capwap-lwapp-00.txt, IETF Light 156 Weight Access Point Protocol" 157 REVISION "200912100000Z" 158 DESCRIPTION 159 "A new textual-convention named CldlBindType 160 has been defined. 161 162 The range for cldlServerTimeout has been modified from 163 1-3600 to 2-30 due to modification in back-end code. 164 165 The following objects have been added to cldlServerTable. 166 1)cldlServerBindType 167 2)cldlServerAuthBindUserName 168 3)cldlServerAuthBindPassword 169 170 The group ciscoLwappDot11LdapMIBConfigGroupSup1 171 has been added. 172 173 ciscoLwappDot11LdapMIBCompliance has been deprecated by 174 ciscoLwappDot11LdapMIBComplianceRev1." 175 REVISION "200701130000Z" 176 DESCRIPTION 177 "Initial version of this MIB module." 178 ::= { ciscoMgmt 614 } 179 180 181ciscoLwappDot11LdapMIBNotifs OBJECT IDENTIFIER 182 ::= { ciscoLwappDot11LdapMIB 0 } 183 184ciscoLwappDot11LdapMIBObjects OBJECT IDENTIFIER 185 ::= { ciscoLwappDot11LdapMIB 1 } 186 187ciscoLwappDot11LdapMIBConform OBJECT IDENTIFIER 188 ::= { ciscoLwappDot11LdapMIB 2 } 189 190cldlConfig OBJECT IDENTIFIER 191 ::= { ciscoLwappDot11LdapMIBObjects 1 } 192 193cldlStatus OBJECT IDENTIFIER 194 ::= { ciscoLwappDot11LdapMIBObjects 2 } 195 196CldlBindType ::= TEXTUAL-CONVENTION 197 STATUS current 198 199 DESCRIPTION 200 "This textual convention represents the kind of 201 authentications done by the LDAP server. 202 The semantics are as follows. 203 204 anonymous(1) - This indicates that the LDAP server accepts 205 anonymous authentication attempts. 206 207 authenticated(2) - This indicates that the LDAP server 208 authenticates based on the credentials provided in the 209 form of username/password." 210 211 SYNTAX INTEGER { 212 anonymous(1), 213 authenticated(2) 214 } 215 216-- ******************************************************************** 217-- LDAP Servers configuration 218-- ******************************************************************** 219 220cldlServerTable OBJECT-TYPE 221 SYNTAX SEQUENCE OF CldlServerEntry 222 MAX-ACCESS not-accessible 223 STATUS current 224 DESCRIPTION 225 "This table lists the information about LDAP servers 226 configured on the controller. Entries are added or deleted 227 by the user through the use of cldlServerRowStatus." 228 ::= { cldlConfig 1 } 229 230cldlServerEntry OBJECT-TYPE 231 SYNTAX CldlServerEntry 232 MAX-ACCESS not-accessible 233 STATUS current 234 DESCRIPTION 235 "Each entry corresponds to a row in cldlServerTable and 236 represents the information about an LDAP server the 237 controller would contact for its operations." 238 INDEX { cldlServerIndex } 239 ::= { cldlServerTable 1 } 240 241CldlServerEntry ::= SEQUENCE { 242 cldlServerIndex Unsigned32, 243 cldlServerAddressType InetAddressType, 244 cldlServerAddress InetAddress, 245 cldlServerPortNum InetPortNumber, 246 cldlServerState TruthValue, 247 cldlServerTimeout Unsigned32, 248 cldlServerUserBase DisplayString, 249 cldlServerUserNameAttribute DisplayString, 250 cldlServerUserName DisplayString, 251 cldlServerSecurityEnable TruthValue, 252 cldlServerStorageType StorageType, 253 cldlServerRowStatus RowStatus, 254 cldlServerBindType CldlBindType, 255 cldlServerAuthBindUserName SnmpAdminString, 256 cldlServerAuthBindPassword SnmpAdminString 257} 258 259cldlServerIndex OBJECT-TYPE 260 SYNTAX Unsigned32 (1..255) 261 MAX-ACCESS not-accessible 262 STATUS current 263 DESCRIPTION 264 "This object uniquely identifies an entry in 265 cldlServerTable." 266 ::= { cldlServerEntry 1 } 267 268cldlServerAddressType OBJECT-TYPE 269 SYNTAX InetAddressType 270 MAX-ACCESS read-create 271 STATUS current 272 DESCRIPTION 273 "This object represents the type of the network 274 address made available through cldlServerAddress." 275 ::= { cldlServerEntry 2 } 276 277cldlServerAddress OBJECT-TYPE 278 SYNTAX InetAddress 279 MAX-ACCESS read-create 280 STATUS current 281 DESCRIPTION 282 "This object represents the address of the LDAP server 283 that can be contacted by the controller for the purpose 284 of authentication, authorization and accounting." 285 ::= { cldlServerEntry 3 } 286 287cldlServerPortNum OBJECT-TYPE 288 SYNTAX InetPortNumber 289 MAX-ACCESS read-create 290 STATUS current 291 DESCRIPTION 292 "This object represents the port number at which the 293 controller contacts the LDAP server." 294 DEFVAL { 389 } 295 ::= { cldlServerEntry 4 } 296 297cldlServerState OBJECT-TYPE 298 SYNTAX TruthValue 299 MAX-ACCESS read-create 300 STATUS current 301 DESCRIPTION 302 "This object indicates whether the LDAP server is currently 303 in use by the controller. A value of 'true' indicates that 304 the LDAP server is in use. A value of 'false' indicates that 305 the LDAP server is not in use." 306 ::= { cldlServerEntry 5 } 307 308cldlServerTimeout OBJECT-TYPE 309 SYNTAX Unsigned32 (2..30) 310 UNITS "seconds" 311 MAX-ACCESS read-create 312 STATUS current 313 DESCRIPTION 314 "This object represents the retransmit time-out value for 315 this LDAP server. If there is no response from the LDAP 316 server, the controller will wait for this duration, 317 before retransmitting." 318 ::= { cldlServerEntry 6 } 319 320cldlServerUserBase OBJECT-TYPE 321 SYNTAX DisplayString 322 MAX-ACCESS read-create 323 STATUS current 324 DESCRIPTION 325 "This object represents the name of the sub-tree in 326 the LDAP server that contains the information about all 327 the users in that sub-tree." 328 ::= { cldlServerEntry 7 } 329 330cldlServerUserNameAttribute OBJECT-TYPE 331 SYNTAX DisplayString 332 MAX-ACCESS read-create 333 STATUS current 334 DESCRIPTION 335 "This object represents the attribute that stores 336 the name of the user." 337 ::= { cldlServerEntry 8 } 338 339cldlServerUserName OBJECT-TYPE 340 SYNTAX DisplayString 341 MAX-ACCESS read-create 342 STATUS current 343 DESCRIPTION 344 "This object represents the name of the user. 345 This is the value for the attribute identified by 346 cldlServerUserNameAttribute." 347 ::= { cldlServerEntry 9 } 348 349cldlServerSecurityEnable OBJECT-TYPE 350 SYNTAX TruthValue 351 MAX-ACCESS read-create 352 STATUS current 353 DESCRIPTION 354 "This object indicates whether the LDAP transactions are 355 secured. A value of 'true' indicates that all the 356 LDAP transactions of the controller are secured the use 357 of TLS tunnel. A value of 'false' indicates that the LDAP 358 transactions are not secured." 359 DEFVAL { false } 360 ::= { cldlServerEntry 10 } 361 362cldlServerStorageType OBJECT-TYPE 363 SYNTAX StorageType 364 MAX-ACCESS read-create 365 STATUS current 366 DESCRIPTION 367 "This object represents the storage type for this conceptual 368 row." 369 DEFVAL { nonVolatile } 370 ::= { cldlServerEntry 11 } 371 372cldlServerRowStatus OBJECT-TYPE 373 SYNTAX RowStatus 374 MAX-ACCESS read-create 375 STATUS current 376 DESCRIPTION 377 "This object represents the status column for a 378 conceptual row in this table." 379 ::= { cldlServerEntry 12 } 380 381cldlServerBindType OBJECT-TYPE 382 SYNTAX CldlBindType 383 MAX-ACCESS read-create 384 STATUS current 385 DESCRIPTION 386 "This object represents the kind of authentication the 387 Controller does with the LDAP server." 388 DEFVAL { anonymous } 389 ::= { cldlServerEntry 13 } 390 391cldlServerAuthBindUserName OBJECT-TYPE 392 SYNTAX SnmpAdminString 393 MAX-ACCESS read-create 394 STATUS current 395 DESCRIPTION 396 "This object represents the name used by the Controller 397 for the authentication with the LDAP server. 398 For values other than 'authenticated', as identified through 399 cldlServerBindType, this object will be populated with an 400 empty string." 401 ::= { cldlServerEntry 14 } 402 403cldlServerAuthBindPassword OBJECT-TYPE 404 SYNTAX SnmpAdminString 405 MAX-ACCESS read-create 406 STATUS current 407 DESCRIPTION 408 "This object represents the password used by the Controller 409 for authentication with the LDAP server. 410 For security purposes, this object will be populated with 411 the string '****', when a valid password has been configured. 412 For values other than 'authenticated', as identified through 413 cldlServerBindType, this object will be populated with an 414 empty string." 415 ::= { cldlServerEntry 15 } 416 417 418-- ******************************************************************** 419-- WLAN LDAP table 420-- ******************************************************************** 421 422cldlWlanLdapTable OBJECT-TYPE 423 SYNTAX SEQUENCE OF CldlWlanLdapEntry 424 MAX-ACCESS not-accessible 425 STATUS current 426 DESCRIPTION 427 "This table helps to map LDAP servers for WLANs 428 from cldlServerTable through the use of 429 cldlServerIndex. When a client gets associated to a WLAN, 430 the controller uses those LDAP servers that are 431 mapped to that WLAN for access to information about 432 the clients. 433 434 The creation of a new row in cLWlanConfigTable, 435 through an explicit network management action, 436 results in creation of an entry in this table. 437 Similarly, deletion of a row in 438 cLWlanConfigTable through user action causes the 439 deletion of corresponding row in this table. 440 441 This table has an one-to-one relationship with 442 cLWlanConfigTable of CISCO-LWAPP-WLAN-MIB. There 443 exists an entry in this table for each corresponding 444 entry in the cLWlanConfigTable." 445 ::= { cldlConfig 2 } 446 447cldlWlanLdapEntry OBJECT-TYPE 448 SYNTAX CldlWlanLdapEntry 449 MAX-ACCESS not-accessible 450 STATUS current 451 DESCRIPTION 452 "Each entry represents a conceptual row in 453 cldlWlanLdapTable and represents the LDAP 454 configuration for a particular WLAN 455 identified by cLWlanIndex." 456 INDEX { cLWlanIndex } 457 ::= { cldlWlanLdapTable 1 } 458 459CldlWlanLdapEntry ::= SEQUENCE { 460 cldlWlanLdapPrimaryServerIndex Unsigned32, 461 cldlWlanLdapSecondaryServerIndex Unsigned32, 462 cldlWlanLdapTertiaryServerIndex Unsigned32 463} 464 465cldlWlanLdapPrimaryServerIndex OBJECT-TYPE 466 SYNTAX Unsigned32 (0..255) 467 MAX-ACCESS read-write 468 STATUS current 469 DESCRIPTION 470 "The object represents the value that maps to the 471 primary LDAP server for this WLAN. A value of 0 472 indicates that the primary LDAP server is not 473 configured for this WLAN." 474 DEFVAL { 0 } 475 ::= { cldlWlanLdapEntry 1 } 476 477cldlWlanLdapSecondaryServerIndex OBJECT-TYPE 478 SYNTAX Unsigned32 (0..255) 479 MAX-ACCESS read-write 480 STATUS current 481 DESCRIPTION 482 "The object represents the value that maps to the 483 secondary LDAP server for this WLAN. A value of 0 484 indicates that the primary LDAP server is not 485 configured for this WLAN." 486 DEFVAL { 0 } 487 ::= { cldlWlanLdapEntry 2 } 488 489cldlWlanLdapTertiaryServerIndex OBJECT-TYPE 490 SYNTAX Unsigned32 (0..255) 491 MAX-ACCESS read-write 492 STATUS current 493 DESCRIPTION 494 "The object represents the value that maps to the 495 tertiary LDAP server for this WLAN. A value of 0 496 indicates that the primary LDAP server is not 497 configured for this WLAN." 498 DEFVAL { 0 } 499 ::= { cldlWlanLdapEntry 3 } 500 501 502-- ******************************************************************** 503 504ciscoLwappDot11LdapMIBCompliances OBJECT IDENTIFIER 505 ::= { ciscoLwappDot11LdapMIBConform 1 } 506 507ciscoLwappDot11LdapMIBGroups OBJECT IDENTIFIER 508 ::= { ciscoLwappDot11LdapMIBConform 2 } 509 510 511-- ******************************************************************** 512 513ciscoLwappDot11LdapMIBCompliance MODULE-COMPLIANCE 514 STATUS deprecated 515 DESCRIPTION 516 "The compliance statement for the SNMP entities that 517 implement the ciscoLwappDot11LdapMIB module." 518 MODULE -- this module 519 MANDATORY-GROUPS { ciscoLwappDot11LdapMIBConfigGroup } 520 ::= { ciscoLwappDot11LdapMIBCompliances 1 } 521 522ciscoLwappDot11LdapMIBComplianceRev1 MODULE-COMPLIANCE 523 STATUS current 524 DESCRIPTION 525 "The compliance statement for the SNMP entities that 526 implement the ciscoLwappDot11LdapMIB module." 527 MODULE -- this module 528 MANDATORY-GROUPS { 529 ciscoLwappDot11LdapMIBConfigGroup, 530 ciscoLwappDot11LdapMIBConfigGroupSup1 531 } 532 ::= { ciscoLwappDot11LdapMIBCompliances 2 } 533 534-- ******************************************************************** 535-- * Units of conformance 536-- ******************************************************************** 537 538ciscoLwappDot11LdapMIBConfigGroup OBJECT-GROUP 539 OBJECTS { 540 cldlServerAddressType, 541 cldlServerAddress, 542 cldlServerPortNum, 543 cldlServerState, 544 cldlServerTimeout, 545 cldlServerUserBase, 546 cldlServerUserNameAttribute, 547 cldlServerUserName, 548 cldlServerSecurityEnable, 549 cldlServerRowStatus, 550 cldlServerStorageType, 551 cldlWlanLdapPrimaryServerIndex, 552 cldlWlanLdapSecondaryServerIndex, 553 cldlWlanLdapTertiaryServerIndex 554 } 555 STATUS current 556 DESCRIPTION 557 "This collection of objects specifies the LDAP 558 configuration on the controller." 559 ::= { ciscoLwappDot11LdapMIBGroups 1 } 560 561ciscoLwappDot11LdapMIBConfigGroupSup1 OBJECT-GROUP 562 OBJECTS { 563 cldlServerBindType, 564 cldlServerAuthBindUserName, 565 cldlServerAuthBindPassword 566 } 567 STATUS current 568 DESCRIPTION 569 "This group of objects supplements the 570 ciscoLwappDot11LdapMIBConfigGroup, 571 to configure the information about the Controller's 572 authentication done with the LDAP server." 573 ::= { ciscoLwappDot11LdapMIBGroups 2 } 574 575END 576 577 578 579 580 581 582 583 584 585 586 587 588