1-- ***************************************************************** 2-- CISCO-WLAN-VLAN-MIB.my: CISCO Wireless VIRTUAL LAN MIB file 3-- file 4-- 5-- June 2002, Francis Pang 6-- 7-- Copyright (c) 2002, 2003 by Cisco Systems, Inc. 8-- All rights reserved. 9-- ***************************************************************** 10-- 11CISCO-WLAN-VLAN-MIB DEFINITIONS ::= BEGIN 12 13IMPORTS 14 MODULE-IDENTITY, 15 NOTIFICATION-TYPE, 16 OBJECT-TYPE, 17 Unsigned32 18 FROM SNMPv2-SMI 19 MODULE-COMPLIANCE, 20 NOTIFICATION-GROUP, 21 OBJECT-GROUP 22 FROM SNMPv2-CONF 23 TEXTUAL-CONVENTION, 24 RowStatus, 25 TruthValue 26 FROM SNMPv2-TC 27 WepKeyType128, 28 CDot11IfMicAlgorithm, 29 CDot11IfWepKeyPermuteAlgorithm 30 FROM CISCO-DOT11-IF-MIB 31 ciscoMgmt 32 FROM CISCO-SMI; 33 34 35 36 37ciscoWlanVlanMIB MODULE-IDENTITY 38 LAST-UPDATED "200206120000Z" 39 ORGANIZATION "Cisco System Inc." 40 CONTACT-INFO 41 " Cisco Systems 42 Customer Service 43 44 Postal: 170 West Tasman Drive, 45 San Jose CA 95134-1706. 46 USA 47 48 Tel: +1 800 553-NETS 49 50 E-mail: cs-dot11@cisco.com" 51 DESCRIPTION 52 "This MIB module provides network management 53 support for device VLAN configuration on 54 IEEE 802.11 wireless LAN. 55 56 ACRONYMS 57 AES 58 Advanced Encryption Standard, an encryption 59 mechanism. 60 61 MIC 62 Message Integrity Check. 63 64 WEP 65 Wired Equivalent Privacy, an encryption mechanism." 66 REVISION "200206120000Z" 67 DESCRIPTION 68 "Remove tkip(3) option from the cwvlWlanEncryptionMode, 69 and added cwvlWlanEncryptionAlgorithm and 70 cwvlWlanWepKeyHashing objects to cwvlWlanVlanTable." 71 REVISION "200204040000Z" 72 DESCRIPTION 73 "Added tkip(3) option and removed wepMic option 74 from the cwvlWlanEncryptionMode, and added an 75 cwvlWlanEncryptionMandatory object to 76 cwvlWlanVlanTable." 77 REVISION "200203070000Z" 78 DESCRIPTION 79 "Initial version of this MIB module." 80 ::= { ciscoMgmt 268 } 81 82 83 84 85ciscoWlanVlanMIBObjects OBJECT IDENTIFIER 86 ::= { ciscoWlanVlanMIB 1 } 87 88cwvlRoamDomainConfig OBJECT IDENTIFIER 89 ::= { ciscoWlanVlanMIBObjects 1 } 90 91cwvlDot11VlanConfig OBJECT IDENTIFIER 92 ::= { ciscoWlanVlanMIBObjects 2 } 93 94 95-- Textual Conventions 96 97 98CwvlVlanIdOrZero ::= TEXTUAL-CONVENTION 99 STATUS current 100 DESCRIPTION 101 "This is a 12-bit VLAN ID used in the VLAN Tag 102 header. A value of 0 indicates NULL or no VLAN ID. 103 This textual convention is used instead of VlanId 104 defined in Q-BRIDGE-MIB of RFC 2674 because value 105 0 and 4095 is not permitted. VLAN of ID '4095' is 106 the default VLAN for Cisco VoIP Phones." 107 REFERENCE 108 "RFC 2674, Bridge MIB Extensions, August 1999." 109 SYNTAX Unsigned32 (0..4095) 110 111 112 113-- Object Type Definitions 114 115cwvlWlanDot1qEncapEnabled OBJECT-TYPE 116 SYNTAX TruthValue 117 MAX-ACCESS read-write 118 STATUS current 119 DESCRIPTION 120 "This object enables and disables IEEE 802.1Q 121 type encapsulation for all VLANs. If this object 122 is set to 'false', then the 802.1Q encapsulation 123 is disabled on all interfaces. If this object 124 is set to 'true', then the 802.1Q encapsulation 125 is enabled on all interfaces." 126 REFERENCE 127 "IEEE 802.1Q-1998, Section 8.11.9." 128 DEFVAL { false } 129 ::= { cwvlRoamDomainConfig 1 } 130 131cwvlBridgingNativeVlanId OBJECT-TYPE 132 SYNTAX CwvlVlanIdOrZero 133 MAX-ACCESS read-write 134 STATUS current 135 DESCRIPTION 136 "This object specifies the native VLAN ID for layer 137 2 bridging. If this object is set to '0', there is 138 no layer 2 bridging native VLAN ID. Setting this 139 object will automatically update the dot1qPvid for 140 all interfaces in the Q-BRIDGE-MIB (if supported) to 141 the same value provided it is not '0'. The dot1qPvid 142 will be read-only. The dot1qPvid specifies the native 143 VLAN ID on each device interface. If this object is 144 '0', the return value of dot1qPvid is not valid. 145 146 If the device is attached to a VLAN port of an Ethernet 147 bridge or switch, then the device must have a non-zero 148 native VLAN ID, and that VLAN ID must also match the 149 VLAN ID of the port on the bridge or switch. The native 150 VLAN ID is the default VLAN ID for frames received that 151 are not otherwise associated with a VLAN ID." 152 DEFVAL { 0 } 153 ::= { cwvlRoamDomainConfig 2 } 154 155cwvlVoIPVlanEnabled OBJECT-TYPE 156 SYNTAX TruthValue 157 MAX-ACCESS read-write 158 STATUS current 159 DESCRIPTION 160 "This object enables and disables VoIP VLAN 161 functionality for this agent. If this object is 162 set to 'true', and cwvlVoIPVlanId is a non-zero, 163 the value of the cwvlVoIPVlanId object is the 164 user-configured VoIP VLAN ID. If this object is 165 set to 'true', and cwvlVoIPVlanId is CDP VVID, 166 this agent automatically enables the VoIP VLAN 167 when it receives CDP messages with non-zero VVID 168 field on its root port, otherwise, the VoIP VLAN 169 is disabled. If this object is set to 'false', 170 then the VoIP VLAN is disabled and no station can 171 associate with a VoIP VLAN ID." 172 DEFVAL { true } 173 ::= { cwvlRoamDomainConfig 3 } 174 175cwvlVoIPVlanId OBJECT-TYPE 176 SYNTAX CwvlVlanIdOrZero 177 MAX-ACCESS read-write 178 STATUS current 179 DESCRIPTION 180 "This object is the VoIP VLAN ID. All VoIP VLAN 181 ID values are non-zero VLAN ID. A value of '0' is 182 used to represent CDP VVID." 183 DEFVAL { 4095 } 184 ::= { cwvlRoamDomainConfig 4 } 185 186cwvlPublicVlanId OBJECT-TYPE 187 SYNTAX CwvlVlanIdOrZero 188 MAX-ACCESS read-write 189 STATUS current 190 DESCRIPTION 191 "The object is the Public VLAN ID. This VLAN is 192 the only VLAN which may be configured on an 802.11 193 network interface to not require WEP encryption. All 194 other VLANs require WEP encryption in order 195 to isolate the broadcast domains. If the value of 196 object is '0', there is no specific VLAN ID for 197 the Public VLAN." 198 DEFVAL { 0 } 199 ::= { cwvlRoamDomainConfig 5 } 200 201 202 203-- VLAN Configuration Table 204 205cwvlWlanVlanTable OBJECT-TYPE 206 SYNTAX SEQUENCE OF CwvlWlanVlanEntry 207 MAX-ACCESS not-accessible 208 STATUS current 209 DESCRIPTION 210 "This table contains attributes for configuration 211 and security management of VLANs. Devices can 212 configure to have multiple VLANs on an interface. 213 VLANs on different interfaces of the same VLAN ID 214 must have the same configuration. Therefore, 215 attributes for each conceptual row applies to the 216 VLANs of the corresponding VLAN ID on all 217 interfaces." 218 ::= { cwvlDot11VlanConfig 1 } 219 220cwvlWlanVlanEntry OBJECT-TYPE 221 SYNTAX CwvlWlanVlanEntry 222 MAX-ACCESS not-accessible 223 STATUS current 224 DESCRIPTION 225 "Each entry includes parameters for to enable 226 VLAN and configure encryption and key usages 227 for a particular VLAN." 228 INDEX { cwvlWlanVlanId } 229 ::= { cwvlWlanVlanTable 1 } 230 231CwvlWlanVlanEntry ::= SEQUENCE { 232 cwvlWlanVlanId CwvlVlanIdOrZero, 233 cwvlWlanEnabled TruthValue, 234 cwvlWlanNUcastKeyRotateInterval 235 Unsigned32, 236 cwvlWlanEncryptionMode INTEGER, 237 cwvlWlanEncryptionMandatory TruthValue, 238 cwvlWlanMicAlgorithm CDot11IfMicAlgorithm, 239 cwvlWlanWepKeyPermuteAlgorithm 240 CDot11IfWepKeyPermuteAlgorithm, 241 cwvlWlanWepKeyHashing TruthValue, 242 cwvlWlanEncryptionAlgorithm INTEGER, 243 cwvlWlanRowStatus RowStatus } 244 245cwvlWlanVlanId OBJECT-TYPE 246 SYNTAX CwvlVlanIdOrZero 247 MAX-ACCESS not-accessible 248 STATUS current 249 DESCRIPTION 250 "This is the VLAN ID to which the parameters in 251 each conceptual row shall be applied." 252 ::= { cwvlWlanVlanEntry 1 } 253 254cwvlWlanEnabled OBJECT-TYPE 255 SYNTAX TruthValue 256 MAX-ACCESS read-create 257 STATUS current 258 DESCRIPTION 259 "If the value is 'true', this VLAN is enabled on 260 all trunk and hybrid ports. If the value is 'false', 261 this VLAN is disabled on all ports." 262 DEFVAL { true } 263 ::= { cwvlWlanVlanEntry 2 } 264 265cwvlWlanNUcastKeyRotateInterval OBJECT-TYPE 266 SYNTAX Unsigned32 (0..10000000) 267 UNITS "seconds" 268 MAX-ACCESS read-create 269 STATUS current 270 DESCRIPTION 271 "The object specifies the WEP encryption key 272 rotation period. If the value is '0', it indicates 273 no key rotation." 274 DEFVAL { 0 } 275 ::= { cwvlWlanVlanEntry 3 } 276 277cwvlWlanEncryptionMode OBJECT-TYPE 278 SYNTAX INTEGER { 279 none(1), 280 wep(2), 281 aes(3) } 282 MAX-ACCESS read-create 283 STATUS current 284 DESCRIPTION 285 "Encryption mode used on the VLANs are: 286 none (1) - No encryption and use VLan as security 287 mechanism, 288 wep (2) - WEP encryption, 289 aes (3) - Advanced Encryption Standard." 290 DEFVAL { none } 291 ::= { cwvlWlanVlanEntry 4 } 292 293cwvlWlanEncryptionMandatory OBJECT-TYPE 294 SYNTAX TruthValue 295 MAX-ACCESS read-create 296 STATUS current 297 DESCRIPTION 298 "Encryption option for wep(2) selection of 299 cwvlWlanEncryptionMode: 300 'true' - WEP encryption is mandatory, 301 'false' - WEP encryption is option." 302 DEFVAL { true } 303 ::= { cwvlWlanVlanEntry 5 } 304 305cwvlWlanMicAlgorithm OBJECT-TYPE 306 SYNTAX CDot11IfMicAlgorithm 307 MAX-ACCESS read-create 308 STATUS current 309 DESCRIPTION 310 "This is the auxiliary MIC type used on WEP-encoded 311 packets for client stations assigned to this VLAN." 312 DEFVAL { micNone } 313 ::= { cwvlWlanVlanEntry 6 } 314 315cwvlWlanWepKeyPermuteAlgorithm OBJECT-TYPE 316 SYNTAX CDot11IfWepKeyPermuteAlgorithm 317 MAX-ACCESS read-create 318 STATUS current 319 DESCRIPTION 320 "This is the function through which the WEP 321 encryption key is permuted between key renewal 322 periods for client stations assigned to this VLAN." 323 DEFVAL { wepPermuteNone } 324 ::= { cwvlWlanVlanEntry 7 } 325 326cwvlWlanWepKeyHashing OBJECT-TYPE 327 SYNTAX TruthValue 328 MAX-ACCESS read-create 329 STATUS current 330 DESCRIPTION 331 "This is an optional key hashing for WEP encryption. 332 If the value is 'true', the hashing option is applied. 333 If the value is 'false', the hashing option is not 334 applied to WEP encryption." 335 DEFVAL { false } 336 ::= { cwvlWlanVlanEntry 8 } 337 338cwvlWlanEncryptionAlgorithm OBJECT-TYPE 339 SYNTAX INTEGER { 340 standard(1), 341 cisco(2) } 342 MAX-ACCESS read-create 343 STATUS current 344 DESCRIPTION 345 "This object determines if Standard IEEE 802.11 or 346 Cisco propriety AES, MIC, and hashing for WEP 347 encryption is applied. If the value is standard(1), the 348 Standard IEEE 802.11 encryption is applied. If the 349 value is cisco(2), the Cisco propriety encryption is 350 applied." 351 DEFVAL { cisco } 352 ::= { cwvlWlanVlanEntry 9 } 353 354cwvlWlanRowStatus OBJECT-TYPE 355 SYNTAX RowStatus 356 MAX-ACCESS read-create 357 STATUS current 358 DESCRIPTION 359 "This is used to create a new row, modify or 360 delete an existing row and a VLAN configuration 361 in this table. 362 363 A VLAN can only be activated by setting this 364 object to `active' by the agent. When it is 365 `active', the VLAN is being used or referenced 366 in other system configurations. 367 368 A VLAN should only be deleted or taken out of 369 service, (by setting this object to `destroy' or 370 `outOfService') if only if it is not referenced 371 by all associated system configurations." 372 ::= { cwvlWlanVlanEntry 10 } 373 374 375 376cwvlWlanNUcastKeyTable OBJECT-TYPE 377 SYNTAX SEQUENCE OF CwvlWlanNUcastKeyEntry 378 MAX-ACCESS not-accessible 379 STATUS current 380 DESCRIPTION 381 "This table contains shared WEP keys for all IEEE 382 802.11 packets transmitted and received frames over 383 a VLAN identified by the cwvlWlanVlanId if encryption 384 is enabled (i.e., the cwvlWlanEncryptionMode is 385 wep(2) or aes(3)) on the VLAN. 386 387 If WEP encryption is enabled for the transmitted 388 IEEE 802.11 frames, then the Default Shared WEP 389 key in the set are used to encrypt the transmitted 390 both broadcast and multicast frames associated with 391 the cwvlWlanVlanId. Key '1' in the set is the 392 default key. The Default Shared WEP key is 393 also used to encrypt or decrypt unicast frames, 394 associated with the cwvlWlanVlanId, if an individual 395 session key is not defined for the target station 396 address." 397 ::= { cwvlDot11VlanConfig 2 } 398 399 400cwvlWlanNUcastKeyEntry OBJECT-TYPE 401 SYNTAX CwvlWlanNUcastKeyEntry 402 MAX-ACCESS not-accessible 403 STATUS current 404 DESCRIPTION 405 "Each entry contains the key index, key length, and 406 key value. There is a maximum of 4 keys per VLAN or 407 key set. Each key set is indexed by the VLAN ID." 408 INDEX { 409 cwvlWlanVlanId, 410 cwvlWlanNUcastKeyIndex } 411 ::= { cwvlWlanNUcastKeyTable 1 } 412 413CwvlWlanNUcastKeyEntry ::= SEQUENCE { 414 cwvlWlanNUcastKeyIndex Unsigned32, 415 cwvlWlanNUcastKeyLen Unsigned32, 416 cwvlWlanNUcastKeyValue WepKeyType128 } 417 418cwvlWlanNUcastKeyIndex OBJECT-TYPE 419 SYNTAX Unsigned32 (1..4) 420 MAX-ACCESS not-accessible 421 STATUS current 422 DESCRIPTION 423 "This object is a representative of the 424 corresponding 802.11 WEP Key Index used when 425 transmitting or receiving frames with this key. 426 SNMP table indexing conventions require table 427 index to be non-zero. Therefore, this object has 428 to be one greater than the actual 802.11 WEP key 429 index. A value of '1' for this object corresponds 430 to a value of '0' for the 802.11 WEP key index." 431 ::= { cwvlWlanNUcastKeyEntry 1 } 432 433cwvlWlanNUcastKeyLen OBJECT-TYPE 434 SYNTAX Unsigned32 (0..13) 435 MAX-ACCESS read-write 436 STATUS current 437 DESCRIPTION 438 "This object specifies the length in octets of 439 cwvlWlanNUcastKeyValue. Common values are 5 for 440 40-bit WEP key and 13 for 128-bit WEP key. A value 441 of '0' means that the key is not set." 442 DEFVAL { 0 } 443 ::= { cwvlWlanNUcastKeyEntry 2 } 444 445cwvlWlanNUcastKeyValue OBJECT-TYPE 446 SYNTAX WepKeyType128 447 MAX-ACCESS read-write 448 STATUS current 449 DESCRIPTION 450 "This is the WEP secret key value. The agent 451 always returns a zero-length string when this 452 object is read for security reason." 453 ::= { cwvlWlanNUcastKeyEntry 3 } 454 455 456cwvlWlanWepChangeNotifEnabled OBJECT-TYPE 457 SYNTAX TruthValue 458 MAX-ACCESS read-write 459 STATUS current 460 DESCRIPTION 461 "Indicates whether ciscoWlanVlanWepChangeNotif 462 notifications will or will not be sent by 463 the agent when the WEP key in the 464 cwvlWlanNUcastKeyTable are changed." 465 DEFVAL { false } 466 ::= { cwvlDot11VlanConfig 3 } 467 468 469-- ***************************************************************** 470-- Notifications 471-- ***************************************************************** 472 473ciscoWlanVlanMIBNotifications OBJECT IDENTIFIER 474 ::= { ciscoWlanVlanMIB 0 } 475 476ciscoWlanVlanWepChangeNotif NOTIFICATION-TYPE 477 OBJECTS { 478 cwvlWlanNUcastKeyValue } 479 STATUS current 480 DESCRIPTION 481 "This ciscoWlanVlanWepChangeNotif notification 482 will be sent when the WEP configuration 483 in the cwvlWlanNUcastKeyTable is changed. 484 The cwvlWlanNUcastKeyValue specify the new key 485 value for a given key for a VLAN. The sending 486 of these notifications can be enabled or disabled 487 via the cwvlWlanWepChangeNotifEnabled object." 488 ::= { ciscoWlanVlanMIBNotifications 1 } 489 490 491-- ***************************************************************** 492-- Conformance information 493-- ***************************************************************** 494 495ciscoWlanVlanMIBConformance OBJECT IDENTIFIER 496 ::= { ciscoWlanVlanMIB 2 } 497 498ciscoWlanVlanMIBCompliances OBJECT IDENTIFIER 499 ::= { ciscoWlanVlanMIBConformance 1 } 500 501ciscoWlanVlanMIBGroups OBJECT IDENTIFIER 502 ::= { ciscoWlanVlanMIBConformance 2 } 503 504 505 506-- ***************************************************************** 507-- Compliance statements 508-- ***************************************************************** 509 510ciscoWlanVlanMIBCompliance MODULE-COMPLIANCE 511 STATUS current 512 DESCRIPTION 513 "The compliance statement for the 514 ciscoWlanVlanMIBGroups." 515 MODULE 516 MANDATORY-GROUPS { 517 ciscoWlanRoamDomainGroup 518 } 519 520 GROUP ciscoWlanVlanNotificationGroup 521 DESCRIPTION 522 "This group is mandatory for IEEE 802.11 wireless 523 LAN devices supporting VLAN." 524 525 GROUP ciscoWlanDot11VlanConfigGroup 526 DESCRIPTION 527 "This group is mandatory for IEEE 802.11 wireless 528 LAN devices supporting VLAN." 529 530 ::= { ciscoWlanVlanMIBCompliances 1 } 531 532 533 534-- ***************************************************************** 535-- Units of conformance 536-- ***************************************************************** 537 538ciscoWlanRoamDomainGroup OBJECT-GROUP 539 OBJECTS { 540 cwvlWlanDot1qEncapEnabled, 541 cwvlBridgingNativeVlanId, 542 cwvlVoIPVlanEnabled, 543 cwvlVoIPVlanId, 544 cwvlPublicVlanId } 545 STATUS current 546 DESCRIPTION 547 "Global VLAN configuration for wireless LAN 548 roaming domain." 549 ::= { ciscoWlanVlanMIBGroups 1 } 550 551 552ciscoWlanDot11VlanConfigGroup OBJECT-GROUP 553 OBJECTS { 554 cwvlWlanEnabled, 555 cwvlWlanNUcastKeyRotateInterval, 556 cwvlWlanEncryptionMode, 557 cwvlWlanEncryptionMandatory, 558 cwvlWlanMicAlgorithm, 559 cwvlWlanWepKeyPermuteAlgorithm, 560 cwvlWlanWepKeyHashing, 561 cwvlWlanEncryptionAlgorithm, 562 cwvlWlanRowStatus, 563 cwvlWlanNUcastKeyLen, 564 cwvlWlanNUcastKeyValue, 565 cwvlWlanWepChangeNotifEnabled } 566 STATUS current 567 DESCRIPTION 568 "Per VLAN based configurations for IEEE 802.11 569 wireless LAN." 570 ::= { ciscoWlanVlanMIBGroups 2 } 571 572 573ciscoWlanVlanNotificationGroup NOTIFICATION-GROUP 574 NOTIFICATIONS { 575 ciscoWlanVlanWepChangeNotif } 576 STATUS current 577 DESCRIPTION 578 "This is the notification group for the 579 CISCO-WLAN-VLAN-MIB." 580 ::= { ciscoWlanVlanMIBGroups 3 } 581 582 583END 584 585