1-- *******************************************************************
2-- CISCO-LWAPP-DOT11-LDAP-MIB.my
3-- January 2007, Devesh Pujari, Srinath Candadai
4--
5-- Copyright (c) 2007, 2009 by Cisco Systems Inc.
6-- All rights reserved.
7-- *******************************************************************
8
9CISCO-LWAPP-DOT11-LDAP-MIB DEFINITIONS ::= BEGIN
10
11IMPORTS
12    MODULE-IDENTITY,
13    OBJECT-TYPE,
14    Unsigned32
15        FROM SNMPv2-SMI
16    MODULE-COMPLIANCE,
17    OBJECT-GROUP
18        FROM SNMPv2-CONF
19    DisplayString,
20    RowStatus,
21    TruthValue,
22    StorageType,
23    TEXTUAL-CONVENTION
24        FROM SNMPv2-TC
25    InetAddressType,
26    InetAddress,
27    InetPortNumber
28        FROM INET-ADDRESS-MIB
29    SnmpAdminString
30        FROM SNMP-FRAMEWORK-MIB
31    cLWlanIndex
32        FROM CISCO-LWAPP-WLAN-MIB
33    ciscoMgmt
34        FROM CISCO-SMI;
35
36
37-- ********************************************************************
38-- *  MODULE IDENTITY
39-- ********************************************************************
40
41ciscoLwappDot11LdapMIB MODULE-IDENTITY
42    LAST-UPDATED    "200912100000Z"
43    ORGANIZATION    "Cisco Systems Inc."
44    CONTACT-INFO
45            "Cisco Systems,
46            Customer Service
47            Postal: 170 West Tasman Drive
48            San Jose, CA  95134
49            USA
50            Tel: +1 800 553-NETS
51
52            Email: cs-wnbu-snmp@cisco.com"
53    DESCRIPTION
54        "This MIB is intended to be implemented on all those
55        devices operating as Central controllers, that
56        terminate the Light Weight Access Point Protocol
57        tunnel from Cisco Light-weight LWAPP Access Points.
58
59        Information provided by this MIB is used to manage
60        LDAP features on the controller.
61
62        The relationship between CC and the LWAPP APs
63        can be depicted as follows:
64
65              +......+     +......+     +......+
66              +      +     +      +     +      +
67              +  CC  +     +  CC  +     +  CC  +
68              +      +     +      +     +      +
69              +......+     +......+     +......+
70                ..            .             .
71                ..            .             .
72               .  .            .             .
73              .    .            .             .
74             .      .            .             .
75            .        .            .             .
76        +......+ +......+     +......+      +......+
77        +      + +      +     +      +      +      +
78        +  AP  + +  AP  +     +  AP  +      +  AP  +
79        +      + +      +     +      +      +      +
80        +......+ +......+     +......+      +......+
81                   .              .             .
82                 .  .              .             .
83                .    .              .             .
84               .      .              .             .
85              .        .              .             .
86           +......+ +......+     +......+      +......+
87           +      + +      +     +      +      +      +
88           +  MN  + +  MN  +     +  MN  +      +  MN  +
89           +      + +      +     +      +      +      +
90           +......+ +......+     +......+      +......+
91
92
93        The LWAPP tunnel exists between the controller and
94        the APs.  The MNs communicate with the APs through
95        the protocol defined by the 802.11 standard.
96
97        LWAPP APs, upon bootup, discover and join one of the
98        controllers and the controller pushes the configuration,
99        that includes the WLAN parameters, to the LWAPP APs.
100        The APs then encapsulate all the 802.11 frames from
101        wireless clients inside LWAPP frames and forward
102        the LWAPP frames to the controller.
103
104                           GLOSSARY
105
106        Access Point ( AP )
107
108        An entity that contains an 802.11 medium access
109        control ( MAC ) and physical layer ( PHY ) interface
110        and provides access to the distribution services via
111        the wireless medium for associated clients.
112
113        LWAPP APs encapsulate all the 802.11 frames in
114        LWAPP frames and sends them to the controller to which
115        it is logically connected.
116
117        Gratuitous Probe Response (GPR)
118
119        The Gratuitous Probe Response feature aids in conserving
120        battery power of WLAN-enabled cell phones by providing
121        a high rate packet on the order of tens of milliseconds
122        such that these kind of phones can wake up and wait at
123        predefined intervals, to reduce battery power.  The
124        GPR packet is transmitted from the AP at a predefined
125        time interval.
126
127
128        Light Weight Access Point Protocol ( LWAPP )
129
130        This is a generic protocol that defines the
131        communication between the Access Points and the
132        Central Controller.
133
134        Mobile Node ( MN )
135
136        A roaming 802.11 wireless device in a wireless
137        network associated with an access point. Mobile Node
138        and client are used interchangeably.
139
140        Lightweight Directory Access Protocol ( LDAP )
141
142        LDAP is a protocol used for obtaining directory services
143        and runs over TCP/IP.
144
145        Transport Layer Security ( TLS )
146
147        This is a cryptographic protocol which provides secure
148        communication over the network.
149
150        REFERENCE
151
152        [1] Wireless LAN Medium Access Control ( MAC ) and
153        Physical Layer ( PHY ) Specifications
154
155        [2] Draft-obara-capwap-lwapp-00.txt, IETF Light
156        Weight Access Point Protocol"
157    REVISION        "200912100000Z"
158    DESCRIPTION
159        "A new textual-convention named CldlBindType
160        has been defined.
161
162        The range for cldlServerTimeout has been modified from
163        1-3600 to 2-30 due to modification in back-end code.
164
165        The following objects have been added to cldlServerTable.
166        1)cldlServerBindType
167        2)cldlServerAuthBindUserName
168        3)cldlServerAuthBindPassword
169
170        The group ciscoLwappDot11LdapMIBConfigGroupSup1
171        has been added.
172
173        ciscoLwappDot11LdapMIBCompliance has been deprecated by
174        ciscoLwappDot11LdapMIBComplianceRev1."
175    REVISION        "200701130000Z"
176    DESCRIPTION
177        "Initial version of this MIB module."
178    ::= { ciscoMgmt 614 }
179
180
181ciscoLwappDot11LdapMIBNotifs  OBJECT IDENTIFIER
182    ::= { ciscoLwappDot11LdapMIB 0 }
183
184ciscoLwappDot11LdapMIBObjects  OBJECT IDENTIFIER
185    ::= { ciscoLwappDot11LdapMIB 1 }
186
187ciscoLwappDot11LdapMIBConform  OBJECT IDENTIFIER
188    ::= { ciscoLwappDot11LdapMIB 2 }
189
190cldlConfig  OBJECT IDENTIFIER
191    ::= { ciscoLwappDot11LdapMIBObjects 1 }
192
193cldlStatus  OBJECT IDENTIFIER
194    ::= { ciscoLwappDot11LdapMIBObjects 2 }
195
196CldlBindType ::= TEXTUAL-CONVENTION
197    STATUS          current
198
199    DESCRIPTION
200        "This textual convention represents the kind of
201        authentications done by the LDAP server.
202        The semantics are as follows.
203
204        anonymous(1) - This indicates that the LDAP server accepts
205        anonymous authentication attempts.
206
207        authenticated(2) - This indicates that the LDAP server
208        authenticates based on the credentials provided in the
209        form of username/password."
210
211    SYNTAX          INTEGER  {
212                        anonymous(1),
213                        authenticated(2)
214                    }
215
216-- ********************************************************************
217-- LDAP Servers configuration
218-- ********************************************************************
219
220cldlServerTable OBJECT-TYPE
221    SYNTAX          SEQUENCE OF CldlServerEntry
222    MAX-ACCESS      not-accessible
223    STATUS          current
224    DESCRIPTION
225        "This table lists the information about LDAP servers
226        configured on the controller. Entries are added or deleted
227        by the user through the use of cldlServerRowStatus."
228    ::= { cldlConfig 1 }
229
230cldlServerEntry OBJECT-TYPE
231    SYNTAX          CldlServerEntry
232    MAX-ACCESS      not-accessible
233    STATUS          current
234    DESCRIPTION
235        "Each entry corresponds to a row in cldlServerTable and
236        represents the information about an LDAP server the
237        controller would contact for its operations."
238    INDEX           { cldlServerIndex }
239    ::= { cldlServerTable 1 }
240
241CldlServerEntry ::= SEQUENCE {
242        cldlServerIndex             Unsigned32,
243        cldlServerAddressType       InetAddressType,
244        cldlServerAddress           InetAddress,
245        cldlServerPortNum           InetPortNumber,
246        cldlServerState             TruthValue,
247        cldlServerTimeout           Unsigned32,
248        cldlServerUserBase          DisplayString,
249        cldlServerUserNameAttribute DisplayString,
250        cldlServerUserName          DisplayString,
251        cldlServerSecurityEnable    TruthValue,
252        cldlServerStorageType       StorageType,
253        cldlServerRowStatus         RowStatus,
254        cldlServerBindType          CldlBindType,
255        cldlServerAuthBindUserName  SnmpAdminString,
256        cldlServerAuthBindPassword  SnmpAdminString
257}
258
259cldlServerIndex OBJECT-TYPE
260    SYNTAX          Unsigned32 (1..255)
261    MAX-ACCESS      not-accessible
262    STATUS          current
263    DESCRIPTION
264        "This object uniquely identifies an entry in
265        cldlServerTable."
266    ::= { cldlServerEntry 1 }
267
268cldlServerAddressType OBJECT-TYPE
269    SYNTAX          InetAddressType
270    MAX-ACCESS      read-create
271    STATUS          current
272    DESCRIPTION
273        "This object represents the type of the network
274        address made available through cldlServerAddress."
275    ::= { cldlServerEntry 2 }
276
277cldlServerAddress OBJECT-TYPE
278    SYNTAX          InetAddress
279    MAX-ACCESS      read-create
280    STATUS          current
281    DESCRIPTION
282        "This object represents the address of the LDAP server
283        that can be contacted by the controller for the purpose
284        of authentication, authorization and accounting."
285    ::= { cldlServerEntry 3 }
286
287cldlServerPortNum OBJECT-TYPE
288    SYNTAX          InetPortNumber
289    MAX-ACCESS      read-create
290    STATUS          current
291    DESCRIPTION
292        "This object represents the port number at which the
293        controller contacts the LDAP server."
294    DEFVAL          { 389 }
295    ::= { cldlServerEntry 4 }
296
297cldlServerState OBJECT-TYPE
298    SYNTAX          TruthValue
299    MAX-ACCESS      read-create
300    STATUS          current
301    DESCRIPTION
302        "This object indicates whether the LDAP server is currently
303        in use by the controller. A value of 'true' indicates that
304        the LDAP server is in use. A value of 'false' indicates that
305        the LDAP server is not in use."
306    ::= { cldlServerEntry 5 }
307
308cldlServerTimeout OBJECT-TYPE
309    SYNTAX          Unsigned32 (2..30)
310    UNITS           "seconds"
311    MAX-ACCESS      read-create
312    STATUS          current
313    DESCRIPTION
314        "This object represents the retransmit time-out value for
315        this LDAP server. If there is no response from the LDAP
316        server, the controller will wait for this duration,
317        before retransmitting."
318    ::= { cldlServerEntry 6 }
319
320cldlServerUserBase OBJECT-TYPE
321    SYNTAX          DisplayString
322    MAX-ACCESS      read-create
323    STATUS          current
324    DESCRIPTION
325        "This object represents the name of the sub-tree in
326        the LDAP server that contains the information about all
327        the users in that sub-tree."
328    ::= { cldlServerEntry 7 }
329
330cldlServerUserNameAttribute OBJECT-TYPE
331    SYNTAX          DisplayString
332    MAX-ACCESS      read-create
333    STATUS          current
334    DESCRIPTION
335        "This object represents the attribute that stores
336        the name of the user."
337    ::= { cldlServerEntry 8 }
338
339cldlServerUserName OBJECT-TYPE
340    SYNTAX          DisplayString
341    MAX-ACCESS      read-create
342    STATUS          current
343    DESCRIPTION
344        "This object represents the name of the user.
345        This is the value for the attribute identified by
346        cldlServerUserNameAttribute."
347    ::= { cldlServerEntry 9 }
348
349cldlServerSecurityEnable OBJECT-TYPE
350    SYNTAX          TruthValue
351    MAX-ACCESS      read-create
352    STATUS          current
353    DESCRIPTION
354        "This object indicates whether the LDAP transactions are
355        secured. A value of 'true' indicates that all the
356        LDAP transactions of the controller are secured the use
357        of TLS tunnel. A value of 'false' indicates that the LDAP
358        transactions are not secured."
359    DEFVAL          { false }
360    ::= { cldlServerEntry 10 }
361
362cldlServerStorageType OBJECT-TYPE
363    SYNTAX          StorageType
364    MAX-ACCESS      read-create
365    STATUS          current
366    DESCRIPTION
367        "This object represents the storage type for this conceptual
368        row."
369    DEFVAL          { nonVolatile }
370    ::= { cldlServerEntry 11 }
371
372cldlServerRowStatus OBJECT-TYPE
373    SYNTAX          RowStatus
374    MAX-ACCESS      read-create
375    STATUS          current
376    DESCRIPTION
377        "This object represents the status column for a
378        conceptual row in this table."
379    ::= { cldlServerEntry 12 }
380
381cldlServerBindType OBJECT-TYPE
382    SYNTAX          CldlBindType
383    MAX-ACCESS      read-create
384    STATUS          current
385    DESCRIPTION
386        "This object represents the kind of authentication the
387        Controller does with the LDAP server."
388    DEFVAL          { anonymous }
389    ::= { cldlServerEntry 13 }
390
391cldlServerAuthBindUserName OBJECT-TYPE
392    SYNTAX          SnmpAdminString
393    MAX-ACCESS      read-create
394    STATUS          current
395    DESCRIPTION
396        "This object represents the name used by the Controller
397        for the authentication with the LDAP server.
398        For values other than 'authenticated', as identified through
399        cldlServerBindType,  this object will be populated with an
400        empty string."
401    ::= { cldlServerEntry 14 }
402
403cldlServerAuthBindPassword OBJECT-TYPE
404    SYNTAX          SnmpAdminString
405    MAX-ACCESS      read-create
406    STATUS          current
407    DESCRIPTION
408        "This object represents the password used by the Controller
409        for authentication with the LDAP server.
410        For security purposes,  this object will be populated with
411        the string '****', when a valid password has been configured.
412        For values other than 'authenticated', as identified through
413        cldlServerBindType,  this object will be populated with an
414        empty string."
415    ::= { cldlServerEntry 15 }
416
417
418-- ********************************************************************
419-- WLAN LDAP table
420-- ********************************************************************
421
422cldlWlanLdapTable OBJECT-TYPE
423    SYNTAX          SEQUENCE OF CldlWlanLdapEntry
424    MAX-ACCESS      not-accessible
425    STATUS          current
426    DESCRIPTION
427        "This table helps to map LDAP servers for WLANs
428        from cldlServerTable through the use of
429        cldlServerIndex. When a client gets associated to a WLAN,
430        the controller uses those LDAP servers that are
431        mapped to that WLAN for access to information about
432        the clients.
433
434        The creation of a new row in cLWlanConfigTable,
435        through an explicit network management action,
436        results in creation of an entry in this table.
437        Similarly, deletion of a row in
438        cLWlanConfigTable through user action causes the
439        deletion of corresponding row in this table.
440
441        This table has an one-to-one relationship with
442        cLWlanConfigTable of CISCO-LWAPP-WLAN-MIB. There
443        exists an entry in this table for each corresponding
444        entry in the cLWlanConfigTable."
445    ::= { cldlConfig 2 }
446
447cldlWlanLdapEntry OBJECT-TYPE
448    SYNTAX          CldlWlanLdapEntry
449    MAX-ACCESS      not-accessible
450    STATUS          current
451    DESCRIPTION
452        "Each entry represents a conceptual row in
453        cldlWlanLdapTable and represents the LDAP
454        configuration for a particular WLAN
455        identified by cLWlanIndex."
456    INDEX           { cLWlanIndex }
457    ::= { cldlWlanLdapTable 1 }
458
459CldlWlanLdapEntry ::= SEQUENCE {
460        cldlWlanLdapPrimaryServerIndex   Unsigned32,
461        cldlWlanLdapSecondaryServerIndex Unsigned32,
462        cldlWlanLdapTertiaryServerIndex  Unsigned32
463}
464
465cldlWlanLdapPrimaryServerIndex OBJECT-TYPE
466    SYNTAX          Unsigned32 (0..255)
467    MAX-ACCESS      read-write
468    STATUS          current
469    DESCRIPTION
470        "The object represents the value that maps to the
471        primary LDAP server for this WLAN. A value of 0
472        indicates that the primary LDAP server is not
473        configured for this WLAN."
474    DEFVAL          { 0 }
475    ::= { cldlWlanLdapEntry 1 }
476
477cldlWlanLdapSecondaryServerIndex OBJECT-TYPE
478    SYNTAX          Unsigned32 (0..255)
479    MAX-ACCESS      read-write
480    STATUS          current
481    DESCRIPTION
482        "The object represents the value that maps to the
483        secondary LDAP server for this WLAN. A value of 0
484        indicates that the primary LDAP server is not
485        configured for this WLAN."
486    DEFVAL          { 0 }
487    ::= { cldlWlanLdapEntry 2 }
488
489cldlWlanLdapTertiaryServerIndex OBJECT-TYPE
490    SYNTAX          Unsigned32 (0..255)
491    MAX-ACCESS      read-write
492    STATUS          current
493    DESCRIPTION
494        "The object represents the value that maps to the
495        tertiary LDAP server for this WLAN. A value of 0
496        indicates that the primary LDAP server is not
497        configured for this WLAN."
498    DEFVAL          { 0 }
499    ::= { cldlWlanLdapEntry 3 }
500
501
502-- ********************************************************************
503
504ciscoLwappDot11LdapMIBCompliances  OBJECT IDENTIFIER
505    ::= { ciscoLwappDot11LdapMIBConform 1 }
506
507ciscoLwappDot11LdapMIBGroups  OBJECT IDENTIFIER
508    ::= { ciscoLwappDot11LdapMIBConform 2 }
509
510
511-- ********************************************************************
512
513ciscoLwappDot11LdapMIBCompliance MODULE-COMPLIANCE
514    STATUS          deprecated
515    DESCRIPTION
516        "The compliance statement for the SNMP entities that
517        implement the ciscoLwappDot11LdapMIB module."
518    MODULE          -- this module
519    MANDATORY-GROUPS { ciscoLwappDot11LdapMIBConfigGroup }
520    ::= { ciscoLwappDot11LdapMIBCompliances 1 }
521
522ciscoLwappDot11LdapMIBComplianceRev1 MODULE-COMPLIANCE
523    STATUS          current
524    DESCRIPTION
525        "The compliance statement for the SNMP entities that
526        implement the ciscoLwappDot11LdapMIB module."
527    MODULE          -- this module
528    MANDATORY-GROUPS {
529                        ciscoLwappDot11LdapMIBConfigGroup,
530                        ciscoLwappDot11LdapMIBConfigGroupSup1
531                    }
532    ::= { ciscoLwappDot11LdapMIBCompliances 2 }
533
534-- ********************************************************************
535-- *    Units of conformance
536-- ********************************************************************
537
538ciscoLwappDot11LdapMIBConfigGroup OBJECT-GROUP
539    OBJECTS         {
540                        cldlServerAddressType,
541                        cldlServerAddress,
542                        cldlServerPortNum,
543                        cldlServerState,
544                        cldlServerTimeout,
545                        cldlServerUserBase,
546                        cldlServerUserNameAttribute,
547                        cldlServerUserName,
548                        cldlServerSecurityEnable,
549                        cldlServerRowStatus,
550                        cldlServerStorageType,
551                        cldlWlanLdapPrimaryServerIndex,
552                        cldlWlanLdapSecondaryServerIndex,
553                        cldlWlanLdapTertiaryServerIndex
554                    }
555    STATUS          current
556    DESCRIPTION
557        "This collection of objects specifies the LDAP
558        configuration on the controller."
559    ::= { ciscoLwappDot11LdapMIBGroups 1 }
560
561ciscoLwappDot11LdapMIBConfigGroupSup1 OBJECT-GROUP
562    OBJECTS         {
563                        cldlServerBindType,
564                        cldlServerAuthBindUserName,
565                        cldlServerAuthBindPassword
566                    }
567    STATUS          current
568    DESCRIPTION
569        "This group of objects supplements the
570        ciscoLwappDot11LdapMIBConfigGroup,
571        to configure the information about the Controller's
572        authentication done with the LDAP server."
573    ::= { ciscoLwappDot11LdapMIBGroups 2 }
574
575END
576
577
578
579
580
581
582
583
584
585
586
587
588