-- ============================================================================= -- Copyright (c) 2004-2012 Hangzhou H3C Tech. Co., Ltd. All rights reserved. -- -- Description: -- The file defines a MIB to provide wireless detection service feature. -- Reference: -- Version: V1.7 -- History: -- V1.0 created by shiyang (Richard) -- Initial version 2006-08-20 -- V1.1 2007-05-16 modified by shiyang (Richard) -- Add new objects of h3cDot11UnauthorSSIDName and h3cDot11WIDSAPID. -- V1.2 2007-06-19 modified by Deepthi -- Changed the h3cDot11RogueAPVendorOUI to h3cDot11RogueAPVendorName, -- Type : OCTET STRING and the Size list: 1: 3 should be removed. -- Changed the h3cDot11RogueStaVendorOUI to h3cDot11RogueStaVendorName, -- Type : OCTET STRING and the Size list: 1: 3 should be removed. -- Changed the field h3cDot11DetectMaxAPSigStrength in -- h3cDot11WIDSRogueAPExtTable to h3cDot11DetectCurAPSigStrength to -- h3cDot11DetectCurAPSigStrength -- Changed the field h3cDot11DetectMaxStaSigStrength -- H3cDot11WIDSRogueStaExtEntry in h3cDot11WIDSRogueStaExtTable to -- h3cDot11DetectCurStaSigStrength -- Add new node h3cDot11WIDSPermitVendorName in -- h3cDot11WIDSPermitVendorEntry -- Remove the field Country Spec(2), ChannelSpec(3) in -- h3cDot11WIDSGlobalConfigGroup in h3cDot11WIDSScanMode. -- Obsolete the node h3cDot11WIDSScanChannelList in -- h3cDot11WIDSGlobalConfigGroup -- Add the node h3cDot11WIDSScanType to h3cDot11WIDSGlobalConfigGroup -- V1.3 2008-07-25 modified by heziqi -- Add new node h3cDot11CntMsrEnable, h3cDot11CntMsrMode, -- h3cDot11DevAgingTime, h3cDot11DynBlkListEnable, -- h3cDot11DynBlkListLifeTime, h3cDot11FloodAtkDctEnable, -- h3cDot11SpoofAtkDctEnable, h3cDot11WeakIVAtkDctEnable, -- h3cDot11ResetWIDSRogueHistory, h3cDot11ResetWIDSHistroy, -- h3cDot11ResetWIDSStatistics, h3cDot11ResetAllDynBlkList, -- h3cDot11ResetAllStcBlkList, h3cDot11ResetAllWhtBlkList, -- h3cDot11ResetAllDctRogueAP, h3cDot11ResetAllDctRogueSta, -- h3cDot11ResetAllDctAdhoc, h3cDot11ResetAllDctDevice, -- h3cDot11ResetAllDctSSID in h3cDot11WIDSGlobalConfigGroup. -- Add new node h3cDot11PermitSSIDDetected -- in h3cDot11WIDSPermitSSIDTable. -- Add new node h3cDot11IgnoreMACDetected, h3cDot11IgnoreDevType -- in h3cDot11WIDSIgnoreListTable. -- Add new table h3cDot11StaticWhiteListTable, -- h3cDot11StaticBlackListTable, h3cDot11WIDSRogueAPTable, -- h3cDot11WIDSRogueStaTable, h3cDot11WIDSDetectedDevTable, -- h3cDot11WIDSRptAPTable, h3cDot11DynBlackListTable, -- h3cDot11WIDSRogueHistoryTable, h3cDot11WIDSAtkHistroyTable -- in h3cDot11WIDSDetectGroup. -- Add h3cDot11WIDSAtkStatis in h3cDot11WIDSDetectGroup. -- Add notification h3cDot11WIDSDetectAttack and -- h3cDot11WIDSDetectWBridge. -- V1.4 2009-05-07 modified by Li Yugang, Wang Shaojie, Sun Shuai -- Add h3cDot11WidsFloodInterval, h3cDot11WidsBlackListThreshold, -- h3cDot11SSIDFilterOnOff, h3cDot11BSSIDFilterOnOff to -- h3cDot11WIDSGlobalConfigGroup. -- Add h3cDot11WIDSPermitBSSIDTable to h3cDot11WIDSConfigGroup. -- Add h3cDot11WIDSFloodTrap, h3cDot11WIDSSpoofTrap, -- h3cDot11WIDSWeakIVTrap to h3cDot11WIDSTraps. -- Add h3cDot11MonitorAPID,h3cDot11MonitorApRadioID, -- h3cDot11WIDSAtkMac, h3cDot11WIDSAtkFrameType -- to h3cDot11WIDSTrapVarObjects. -- V1.5 2009-07-29 modified by heziqi -- Add new node h3cDot11WIDSDevSnr for h3cDot11WIDSDetectedDevTable. -- V1.6 2010-01-07 modified by Wang Shaojie -- Add new node h3cDot11RogueAPFirstDetectTmStr, -- h3cDot11RogueAPLastDetectTmStr to h3cDot11WIDSRogueAPTable -- Add new node h3cDot11RogueStaFirstDetectTmStr, -- h3cDot11RogueStaLastDetectTmStr to h3cDot11WIDSRogueStaTable -- Add h3cDot11WIDSAtkChannel, h3cDot11WIDSAtkTime, -- h3cDot11WIDSAtkDestMac to h3cDot11WIDSTrapVarObjects. -- 2010-03-18 Modified by Deng Gaoliang -- Add h3cDot11BlackListTable -- 2010-05-31 Modified by LiuChen -- Add new node h3cDot11DynBlackListTimeTicks to -- h3cDot11DynBlackListTable. -- Add new node h3cDot11BlackListTimeTicks to -- h3cDot11BlackListTable. -- V1.7 2011-10-28 modified by jiaolibin -- Add h3cDot11WIDSFirstTrapTime to h3cDot11WIDSTrapVarObjects and -- varialbe bingings h3cDot11WIDSFirstTrapTime for h3cDot11WIDSFloodTrap, -- h3cDot11WIDSSpoofTrap,h3cDot11WIDSWeakIVTrap. -- ============================================================================= H3C-DOT11-WIDS-MIB DEFINITIONS ::= BEGIN IMPORTS TruthValue, MacAddress, RowStatus, DateAndTime, TEXTUAL-CONVENTION FROM SNMPv2-TC MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Integer32, Unsigned32, TimeTicks FROM SNMPv2-SMI h3cDot11, H3cDot11SSIDStringType, H3cDot11ChannelScopeType, H3cDot11RadioScopeType, H3cDot11ObjectIDType, H3cDot11RadioType FROM H3C-DOT11-REF-MIB; h3cDot11WIDS MODULE-IDENTITY LAST-UPDATED "201005311800Z" -- May 31, 2010 at 18:00 GMT ORGANIZATION "Hangzhou H3C Technologies Co., Ltd." CONTACT-INFO "Platform Team H3C Technologies Co., Ltd. Hai-Dian District Beijing P.R. China http://www.h3c.com Zip: 100085" DESCRIPTION "This MIB provides information about WIDS feature. GLOSSARY Wireless Intrusion Detection Sensor (WIDS) WIDS is designed to be employed in an area that is serviced by an existing wireless network. It aids in the early detection of malicious outsider attacks and intrusions via wireless networks. Rogue AP A rogue access point is any Wi-Fi access point connected to the network without authorization. As it is not authorized, if there is any weakness in the AP, the hacker will have chance to compromise the network. Rogue Station It is similiar to Rogue AP, while it is a station. Monitor AP An AP will scan or listen to the air, and try to detect wireless attack in the network. Some AP products will work only in monitor role, while some AP products could switch between normal AP role (only provide wireless access service)and monitor AP role. Ad Hoc Mode Station could work under Ad hoc mode, then they could directly do peer-to-peer communication without other device support." REVISION "201005311800Z" -- May 31, 2010 at 18:00 GMT DESCRIPTION "Modified to add new nodes." REVISION "200907291800Z" -- Jul 29, 2009 at 18:00 GMT DESCRIPTION "Modified to add new nodes." REVISION "200905072000Z" -- May 7, 2009 at 20:00 GMT DESCRIPTION "Add new nodes and table to support new featrues of WIDS." REVISION "200807251900Z" -- July 23, 2008 at 19:00 GMT DESCRIPTION "Add new nodes to support new featrues of WIDS." REVISION "200706191900Z" -- June 19, 2007 at 19:00 GMT DESCRIPTION "To fix bugs in the MIB file." REVISION "200705161900Z" -- May 16, 2007 at 19:00 GMT DESCRIPTION "To fix bugs in the MIB file." REVISION "200608201900Z" -- August 20, 2006 at 19:00 GMT DESCRIPTION "The initial revision of this MIB module." ::= { h3cDot11 5 } -- ================================================================== -- Textual Conventions -- ================================================================== H3cDot11WIDSDevType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The type of device detected." SYNTAX INTEGER { client(1), ap(2), adhoc(3), wirelessBridge(4), unknown(5) } H3cDot11WIDSDevPermitType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Represents whether the detected device is permitted or a rogue." SYNTAX INTEGER { permit(1), rogue(2) } H3cDot11WIDSAtkType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The type of attack. This object has following defined values: 'act': Action Frame 'asr': Association Request 'aur': Authentication Request 'daf': Deauthentication Frame 'dar': Disassociation Request 'ndf': Null Data Frame 'pbr': Probe Request 'rar': Reassociation Request 'saf': Spoofed Disassociation Frame 'sdf': Spoofed Deauthentication Frame 'wiv': Weak IV Detected" SYNTAX INTEGER { act(1), asr(2), aur(3), daf(4), dar(5), ndf(6), pbr(7), rar(8), saf(9), sdf(10), wiv(11), unknown(12) } -- ***************************************************************************** -- * Major sections -- ***************************************************************************** -- WIDS Configuration Group -- DEFINED AS "The group to provide the configuration information -- for WIDS." h3cDot11WIDSConfigGroup OBJECT IDENTIFIER ::= { h3cDot11WIDS 1 } -- The Configuration Group has the following children: h3cDot11WIDSGlobalConfigGroup OBJECT IDENTIFIER ::= { h3cDot11WIDSConfigGroup 1 } -- h3cDot11WIDSPermitVendorTable ::= { h3cDot11WIDSConfigGroup 2 } -- h3cDot11WIDSPermitSSIDTable ::= { h3cDot11WIDSConfigGroup 3 } -- h3cDot11WIDSIgnoreListTable ::= { h3cDot11WIDSConfigGroup 4 } -- h3cDot11WIDSAttackListTable ::= { h3cDot11WIDSConfigGroup 5 } -- WIDS detection Group -- DEFINED AS "The group to provide the detection information -- for WIDS." h3cDot11WIDSDetectGroup OBJECT IDENTIFIER ::= { h3cDot11WIDS 2 } -- The detection Group has the following children: -- h3cDot11WIDSRogueAPTable ::= { h3cDot11WIDSDetectGroup 1 } -- h3cDot11WIDSRogueAPExtTable ::= { h3cDot11WIDSDetectGroup 2 } -- h3cDot11WIDSRogueStaTable ::= { h3cDot11WIDSDetectGroup 3 } -- h3cDot11WIDSRogueStaExtTable ::= { h3cDot11WIDSDetectGroup 4 } -- WIDS Notification -- DEFINED AS "The notification for WIDS feature." h3cDot11WIDSNotifyGroup OBJECT IDENTIFIER ::= { h3cDot11WIDS 3 } -- ***************************************************************************** -- * h3cDot11WIDSGlobalConfigGroup Definition -- ***************************************************************************** h3cDot11WIDSScanMode OBJECT-TYPE SYNTAX INTEGER { all(1), auto(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Represents the scope of channels to be scanned. The following value are supported all(1) - Do scan on all the channels. auto(2) - Do scan for the channels that automatically selected by WIDS." DEFVAL { auto } ::= { h3cDot11WIDSGlobalConfigGroup 1 } h3cDot11WIDSScanChannelList OBJECT-TYPE SYNTAX OCTET STRING(SIZE(0..128)) MAX-ACCESS read-write STATUS obsolete DESCRIPTION "Represents the channel scope to be scanned when h3cDot11WIDSScanMode is configurated as channelSpec mode. Each channel value will be separated by comma character." ::= { h3cDot11WIDSGlobalConfigGroup 2 } h3cDot11CntMsrMode OBJECT-TYPE SYNTAX BITS { rogue(0), adhoc(1), config(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Represents the countermeasures mode." ::= { h3cDot11WIDSGlobalConfigGroup 3 } h3cDot11DevAgingTime OBJECT-TYPE SYNTAX Integer32(300..1800) UNITS "second" MAX-ACCESS read-write STATUS current DESCRIPTION "Represents the age time for entries in the detected device table. If an entry is not detected within the interval, it is deleted from the detected device table. If the deleted entry is that of a rogue, it is added into the rogue history table." ::= { h3cDot11WIDSGlobalConfigGroup 4 } h3cDot11DynBlkListEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Represents whether the dynamic blacklist feature is enabled or not. 'true' : Enable the dynamic blacklist feature to filter out unwanted clients, which will not get associated. 'false' : Disable the dynamic blacklist feature." ::= { h3cDot11WIDSGlobalConfigGroup 5 } h3cDot11DynBlkListLifeTime OBJECT-TYPE SYNTAX Integer32(60..3600) UNITS "second" MAX-ACCESS read-write STATUS current DESCRIPTION "Represents the lifetime for dynamic blacklist entries. If a dynamic blacklist entry is not detected within the lifetime, the entry will be removed from the dynamic blacklist. The lifetime becomes active only if dynamic blacklist feature is enabled." ::= { h3cDot11WIDSGlobalConfigGroup 6 } h3cDot11FloodAtkDctEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Represents whether detection of flood attack is enabled or not. 'true' : Enable the detection of flood attack. 'false' : Disable the detection of flood attack." ::= { h3cDot11WIDSGlobalConfigGroup 7 } h3cDot11SpoofAtkDctEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Represents whether detection of Spoof attack is enabled or not. 'true' : Enable the detection of Spoof attack. 'false' : Disable the detection of Spoof attack." ::= { h3cDot11WIDSGlobalConfigGroup 8 } h3cDot11WeakIVAtkDctEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Represents whether detection of weak-iv attack is enabled or not. 'true' : Enable the detection of weak-iv attack. 'false' : Disable the detection of weak-iv attack." ::= { h3cDot11WIDSGlobalConfigGroup 9 } h3cDot11ResetWIDSRogueHistory OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to clear all entries from the rogue history table. It will return false for get operation." ::= { h3cDot11WIDSGlobalConfigGroup 10 } h3cDot11ResetWIDSHistroy OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to clear the history information of attacks detected in the WLAN system. It will return false for get operation." ::= { h3cDot11WIDSGlobalConfigGroup 11 } h3cDot11ResetWIDSStatistics OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to clear the statistics of attacks detected in the WLAN system. It will return false for get operation." ::= { h3cDot11WIDSGlobalConfigGroup 12 } h3cDot11ResetAllDynBlkList OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to remove all entries from the dynamic blacklist. It will return false for get operation." ::= { h3cDot11WIDSGlobalConfigGroup 13 } h3cDot11ResetAllStcBlkList OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to remove all entries from the static blacklist. It will return false for get operation." ::= { h3cDot11WIDSGlobalConfigGroup 14 } h3cDot11ResetAllWhtBlkList OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to remove all entries from the static whitelist. It will return false for get operation." ::= { h3cDot11WIDSGlobalConfigGroup 15 } h3cDot11ResetAllDctRogueAP OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to clear the information of all detected rogue APs. It will return false for get operation." ::= { h3cDot11WIDSGlobalConfigGroup 16 } h3cDot11ResetAllDctRogueSta OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to clear the information of all detected rogue clients. It will return false for get operation." ::= { h3cDot11WIDSGlobalConfigGroup 17 } h3cDot11ResetAllDctAdhoc OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to clear the information of all detected ad hoc devices. It will return false for get operation." ::= { h3cDot11WIDSGlobalConfigGroup 18 } h3cDot11ResetAllDctDevice OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to clear the information of all detected devices. It will return false for get operation." ::= { h3cDot11WIDSGlobalConfigGroup 19 } h3cDot11ResetAllDctSSID OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to clear the information of all detected SSIDs. It will return false for get operation." ::= { h3cDot11WIDSGlobalConfigGroup 20 } h3cDot11WidsFloodInterval OBJECT-TYPE SYNTAX Unsigned32 UNITS "second" MAX-ACCESS read-write STATUS current DESCRIPTION "The interval of WIDS flood detection." DEFVAL { 1 } ::= { h3cDot11WIDSGlobalConfigGroup 21 } h3cDot11WidsBlackListThreshold OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "When flood attack exceeds the value of this node, the MAC address will be added into black list." DEFVAL { 100 } ::= { h3cDot11WIDSGlobalConfigGroup 22 } h3cDot11SSIDFilterOnOff OBJECT-TYPE SYNTAX INTEGER { on(1), off(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Represents whether the SSID permit feature is enabled or not." DEFVAL { on } ::= { h3cDot11WIDSGlobalConfigGroup 23 } h3cDot11BSSIDFilterOnOff OBJECT-TYPE SYNTAX INTEGER { on(1), off(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Represents whether the BSSID permit feature is enabled or not." DEFVAL { on } ::= { h3cDot11WIDSGlobalConfigGroup 24 } -- ********************************************************************** -- * End of h3cDot11WIDSGlobalConfigGroup Definition -- ***************************************************************************** -- ***************************************************************************** -- * h3cDot11WIDSPermitVendorTable Definition -- ***************************************************************************** h3cDot11WIDSPermitVendorTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cDot11WIDSPermitVendorEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table provides the permitted vendor list, and each vendor will be identified by OUI. The legal device should be made by the permitted vendors." ::= { h3cDot11WIDSConfigGroup 2 } h3cDot11WIDSPermitVendorEntry OBJECT-TYPE SYNTAX H3cDot11WIDSPermitVendorEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry provides the information of permitted vendor." INDEX { h3cDot11VendorOUI } ::= { h3cDot11WIDSPermitVendorTable 1 } H3cDot11WIDSPermitVendorEntry ::= SEQUENCE { h3cDot11VendorOUI OCTET STRING, h3cDot11PermitVendorRowStatus RowStatus, h3cDot11VendorName OCTET STRING } h3cDot11VendorOUI OBJECT-TYPE SYNTAX OCTET STRING(SIZE(3)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Represents the vendor OUI information of the wireless device." ::= { h3cDot11WIDSPermitVendorEntry 1 } h3cDot11PermitVendorRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this table entry." ::= { h3cDot11WIDSPermitVendorEntry 2 } h3cDot11VendorName OBJECT-TYPE SYNTAX OCTET STRING(SIZE(0..127)) MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the vendor name of the wireless device." ::= { h3cDot11WIDSPermitVendorEntry 3 } -- ***************************************************************************** -- * End of h3cDot11WIDSPermitVendorTable Definition -- ***************************************************************************** -- ***************************************************************************** -- * h3cDot11WIDSPermitSSIDTable Definition -- ***************************************************************************** h3cDot11WIDSPermitSSIDTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cDot11WIDSPermitSSIDEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table represents the list of SSID could be permitted in the wireless network." ::= { h3cDot11WIDSConfigGroup 3 } h3cDot11WIDSPermitSSIDEntry OBJECT-TYPE SYNTAX H3cDot11WIDSPermitSSIDEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry provides the information of permitted SSID." INDEX { h3cDot11PermitSSID } ::= { h3cDot11WIDSPermitSSIDTable 1 } H3cDot11WIDSPermitSSIDEntry ::= SEQUENCE { h3cDot11PermitSSID H3cDot11SSIDStringType, h3cDot11PermitSSIDRowStatus RowStatus, h3cDot11PermitSSIDDetected TruthValue } h3cDot11PermitSSID OBJECT-TYPE SYNTAX H3cDot11SSIDStringType(SIZE(0..127)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Represents the permitted SSID in the wireless network." ::= { h3cDot11WIDSPermitSSIDEntry 1 } h3cDot11PermitSSIDRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this table entry." ::= { h3cDot11WIDSPermitSSIDEntry 2 } h3cDot11PermitSSIDDetected OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Represents whether the permitted SSID is detected or not." ::= { h3cDot11WIDSPermitSSIDEntry 3 } -- ***************************************************************************** -- * End of h3cDot11WIDSPermitSSIDTable Definition -- ***************************************************************************** -- ***************************************************************************** -- * h3cDot11WIDSIgnoreListTable Definition -- ***************************************************************************** h3cDot11WIDSIgnoreListTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cDot11WIDSIgnoreListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table provides the MAC address list of stations or APs, and WIDS always take them as legal stations or APs." ::= { h3cDot11WIDSConfigGroup 4 } h3cDot11WIDSIgnoreListEntry OBJECT-TYPE SYNTAX H3cDot11WIDSIgnoreListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains the MAC address of station or AP, and WIDS always take it as legal station or AP." INDEX { h3cDot11IgnoreMAC } ::= { h3cDot11WIDSIgnoreListTable 1 } H3cDot11WIDSIgnoreListEntry ::= SEQUENCE { h3cDot11IgnoreMAC MacAddress, h3cDot11IgnoreListRowStatus RowStatus, h3cDot11IgnoreMACDetected TruthValue, h3cDot11IgnoreDevType H3cDot11WIDSDevType } h3cDot11IgnoreMAC OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "Represents the MAC address of station or AP, and WIDS always take it as legal station or AP." ::= { h3cDot11WIDSIgnoreListEntry 1 } h3cDot11IgnoreListRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this table entry." ::= { h3cDot11WIDSIgnoreListEntry 2 } h3cDot11IgnoreMACDetected OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Represents whether the MAC address detected or not." ::= { h3cDot11WIDSIgnoreListEntry 3 } h3cDot11IgnoreDevType OBJECT-TYPE SYNTAX H3cDot11WIDSDevType MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the type of the MAC address detected. The value of this object always is unknown if the MAC address is not detected." ::= { h3cDot11WIDSIgnoreListEntry 4 } -- ***************************************************************************** -- * End of h3cDot11WIDSIgnoreListTable Definition -- ***************************************************************************** -- ***************************************************************************** -- * h3cDot11WIDSAttackListTable Definition -- ***************************************************************************** h3cDot11WIDSAttackListTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cDot11WIDSAttackListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table provides the MAC address list of rogue APs or rogue stations, the WIDS will take countermeasure as per the MAC address list." ::= { h3cDot11WIDSConfigGroup 5 } h3cDot11WIDSAttackListEntry OBJECT-TYPE SYNTAX H3cDot11WIDSAttackListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains the MAC address of rogue AP or rogue station, and the countermeasure will be taken for it." INDEX { h3cDot11AttackDeviceMac } ::= { h3cDot11WIDSAttackListTable 1 } H3cDot11WIDSAttackListEntry ::= SEQUENCE { h3cDot11AttackDeviceMac MacAddress, h3cDot11AttackListRowStatus RowStatus, h3cDot11AttackDevDetected TruthValue, h3cDot11AttackDevType H3cDot11WIDSDevType } h3cDot11AttackDeviceMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "Represents the MAC address of rogue AP or rogue station, and the countermeasure will be taken for it." ::= { h3cDot11WIDSAttackListEntry 1 } h3cDot11AttackListRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this table entry." ::= { h3cDot11WIDSAttackListEntry 2 } h3cDot11AttackDevDetected OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Represents whether the assigned MAC address in attack list is detected or not." ::= { h3cDot11WIDSAttackListEntry 3 } h3cDot11AttackDevType OBJECT-TYPE SYNTAX H3cDot11WIDSDevType MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the type of detected MAC address in attack list. If the MAC address is not detected, it will return unknown(5) for get operation." ::= { h3cDot11WIDSAttackListEntry 4 } -- ***************************************************************************** -- * End of h3cDot11WIDSAttackListTable Definition -- ***************************************************************************** -- ***************************************************************************** -- * h3cDot11StaticWhiteListTable Definition -- ***************************************************************************** h3cDot11StaticWhiteListTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cDot11StaticWhiteListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table provides the information of whitelist." ::= { h3cDot11WIDSConfigGroup 6 } h3cDot11StaticWhiteListEntry OBJECT-TYPE SYNTAX H3cDot11StaticWhiteListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains the information of whitelist." INDEX { h3cDot11StaticWhiteListMAC } ::= { h3cDot11StaticWhiteListTable 1 } H3cDot11StaticWhiteListEntry ::= SEQUENCE { h3cDot11StaticWhiteListMAC MacAddress, h3cDot11StaticWhiteListRowStatus RowStatus } h3cDot11StaticWhiteListMAC OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "Represents the MAC addresses in whitelist." ::= { h3cDot11StaticWhiteListEntry 1 } h3cDot11StaticWhiteListRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this table entry." ::= { h3cDot11StaticWhiteListEntry 2 } -- ***************************************************************************** -- * End of h3cDot11StaticWhiteListTable Definition -- ***************************************************************************** -- ***************************************************************************** -- * h3cDot11StaticBlackListTable Definition -- ***************************************************************************** h3cDot11StaticBlackListTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cDot11StaticBlackListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table provides the information of static blacklist." ::= { h3cDot11WIDSConfigGroup 7 } h3cDot11StaticBlackListEntry OBJECT-TYPE SYNTAX H3cDot11StaticBlackListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains the information of static blacklist." INDEX { h3cDot11StaticBlackListMAC } ::= { h3cDot11StaticBlackListTable 1 } H3cDot11StaticBlackListEntry ::= SEQUENCE { h3cDot11StaticBlackListMAC MacAddress, h3cDot11StaticBlackListRowStatus RowStatus } h3cDot11StaticBlackListMAC OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "Represents the MAC addresses in static blacklist." ::= { h3cDot11StaticBlackListEntry 1 } h3cDot11StaticBlackListRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this table entry." ::= { h3cDot11StaticBlackListEntry 2 } -- ***************************************************************************** -- * End of h3cDot11StaticBlackListTable Definition -- ***************************************************************************** -- ***************************************************************************** -- * h3cDot11WIDSPermitBSSIDTable Definition -- ***************************************************************************** h3cDot11WIDSPermitBSSIDTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cDot11WIDSPermitBSSIDEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table represents the list of BSSID could be permitted in the wireless network." ::= { h3cDot11WIDSConfigGroup 8 } h3cDot11WIDSPermitBSSIDEntry OBJECT-TYPE SYNTAX H3cDot11WIDSPermitBSSIDEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry provides the information of permitted BSSID." INDEX { h3cDot11PermitBSSID } ::= { h3cDot11WIDSPermitBSSIDTable 1 } H3cDot11WIDSPermitBSSIDEntry ::= SEQUENCE { h3cDot11PermitBSSID MacAddress, h3cDot11PermitBSSIDDetected TruthValue, h3cDot11PermitBSSIDRowStatus RowStatus } h3cDot11PermitBSSID OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "Represents the permitted BSSID in the wireless network." ::= { h3cDot11WIDSPermitBSSIDEntry 1 } h3cDot11PermitBSSIDDetected OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Represents whether the permitted BSSID is detected or not." ::= { h3cDot11WIDSPermitBSSIDEntry 2 } h3cDot11PermitBSSIDRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Represents the row status of permit BSSID table." ::= { h3cDot11WIDSPermitBSSIDEntry 3 } -- ***************************************************************************** -- * End of h3cDot11StaticBlackListTable Definition -- ***************************************************************************** -- ***************************************************************************** -- * h3cDot11WIDSRogueAPTable Definition -- ***************************************************************************** h3cDot11WIDSRogueAPTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cDot11WIDSRogueAPEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table represents the list of possible BSS information for rogue APs detected by the WIDS." ::= { h3cDot11WIDSDetectGroup 1 } h3cDot11WIDSRogueAPEntry OBJECT-TYPE SYNTAX H3cDot11WIDSRogueAPEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains possible BSS information of each rogue AP detected by WIDS." INDEX { h3cDot11RogueAPBSSMAC } ::= { h3cDot11WIDSRogueAPTable 1 } H3cDot11WIDSRogueAPEntry ::= SEQUENCE { h3cDot11RogueAPBSSMAC MacAddress, h3cDot11RogueAPVendorName OCTET STRING, h3cDot11RogueAPMonitorNum Integer32, h3cDot11RogueAPFirstDetectTm TimeTicks, h3cDot11RogueAPLastDetectTm TimeTicks, h3cDot11RogueAPSSID H3cDot11SSIDStringType, h3cDot11RogueAPMaxSigStrength Integer32, h3cDot11RogueAPChannel H3cDot11ChannelScopeType, h3cDot11RogueAPBeaconInterval Integer32, h3cDot11RogueAPAttackedStatus TruthValue, h3cDot11RogueAPToIgnore TruthValue, h3cDot11RogueAPEncryptStatus TruthValue, h3cDot11RogueAPReset TruthValue, h3cDot11RogueAPFirstDetectTmStr OCTET STRING, h3cDot11RogueAPLastDetectTmStr OCTET STRING } h3cDot11RogueAPBSSMAC OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "Represents the BSS MAC address of rogue AP." ::= { h3cDot11WIDSRogueAPEntry 1 } h3cDot11RogueAPVendorName OBJECT-TYPE SYNTAX OCTET STRING(SIZE(0..127)) MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the vendor name of rogue AP." ::= { h3cDot11WIDSRogueAPEntry 2 } h3cDot11RogueAPMonitorNum OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the number of monitor APs which detected the rogue AP." ::= { h3cDot11WIDSRogueAPEntry 3 } h3cDot11RogueAPFirstDetectTm OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time that AP was detected as a rogue AP for the first time." ::= { h3cDot11WIDSRogueAPEntry 4 } h3cDot11RogueAPLastDetectTm OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time that AP was detected as a rogue AP for the last time." ::= { h3cDot11WIDSRogueAPEntry 5 } h3cDot11RogueAPSSID OBJECT-TYPE SYNTAX H3cDot11SSIDStringType MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the SSID broadcasted by rogue AP." ::= { h3cDot11WIDSRogueAPEntry 6 } h3cDot11RogueAPMaxSigStrength OBJECT-TYPE SYNTAX Integer32 UNITS "dBm" MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the maximal value of signal strength that WIDS received from the rogue AP." ::= { h3cDot11WIDSRogueAPEntry 7 } h3cDot11RogueAPChannel OBJECT-TYPE SYNTAX H3cDot11ChannelScopeType MAX-ACCESS read-only STATUS current DESCRIPTION "Represents on which radio channel of the rogue AP the maximal signal strength was received." ::= { h3cDot11WIDSRogueAPEntry 8 } h3cDot11RogueAPBeaconInterval OBJECT-TYPE SYNTAX Integer32 UNITS "millisecond" MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the interval for Beacon management frame of rogue AP." ::= { h3cDot11WIDSRogueAPEntry 9 } h3cDot11RogueAPAttackedStatus OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Represents whether the countermeasure have taken for the rogue AP." ::= { h3cDot11WIDSRogueAPEntry 10 } h3cDot11RogueAPToIgnore OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Represents whether the rogue AP will be taken as a rogue AP. If the value is true, NMS should not display the rogue AP as NMS display rogue AP list, and the MAC address will be automatically added into h3cDot11WIDSIgnoreListTable. If the value is false, NMS will take it as a rogue AP. " DEFVAL { false } ::= { h3cDot11WIDSRogueAPEntry 11 } h3cDot11RogueAPEncryptStatus OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Represents whether the rogue AP encrypt the frame or not." ::= { h3cDot11WIDSRogueAPEntry 12 } h3cDot11RogueAPReset OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to clear information of assigned AP. The information of AP which detect assigned rogue AP will be cleared together. It will return false for get operation." ::= { h3cDot11WIDSRogueAPEntry 13 } h3cDot11RogueAPFirstDetectTmStr OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time that AP was detected as a rogue AP for the first time." ::= { h3cDot11WIDSRogueAPEntry 14 } h3cDot11RogueAPLastDetectTmStr OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time that AP was detected as a rogue AP for the last time." ::= { h3cDot11WIDSRogueAPEntry 15 } -- ***************************************************************************** -- * end of h3cDot11WIDSRogueAPTable Definition -- ***************************************************************************** -- ***************************************************************************** -- * h3cDot11WIDSRogueAPExtTable Definition -- ***************************************************************************** h3cDot11WIDSRogueAPExtTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cDot11WIDSRogueAPExtEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "As each rogue AP could be detected by multiple monitor APs, each monitor AP could have some kind of detailed information about a specific rogue AP. In the h3cDot11WIDSRogueAPTable table, the detailed information for a specific rogue AP will be summarized from information in the h3cDot11WIDSRogueAPExtTable table. For example, multiple monitor APs could receive RF signal of one rogue AP, and each monitor AP has its maximum signal strength by itself. The information will be kept as h3cDot11DetectMaxAPSigStrength in the h3cDot11WIDSRogueAPExtTable table. While only the maximum value among all the h3cDot11DetectMaxAPSigStrength for each monitor AP will be kept in the h3cDot11WIDSRogueAPTable as h3cDot11RogueAPMaxSigStrength." ::= { h3cDot11WIDSDetectGroup 2 } h3cDot11WIDSRogueAPExtEntry OBJECT-TYPE SYNTAX H3cDot11WIDSRogueAPExtEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains information of the rogue AP detected by each monitor AP." INDEX { h3cDot11RogueAPBSSMAC, h3cDot11WIDSAPID } ::= { h3cDot11WIDSRogueAPExtTable 1 } H3cDot11WIDSRogueAPExtEntry ::= SEQUENCE { h3cDot11WIDSAPID H3cDot11ObjectIDType, h3cDot11DetectCurAPSigStrength Integer32, h3cDot11DetectAPByChannel H3cDot11ChannelScopeType, h3cDot11DetectAPByRadioID H3cDot11RadioScopeType, h3cDot11AttackAPStatus TruthValue, h3cDot11DetectAPFirstTm TimeTicks, h3cDot11DetectAPLastTm TimeTicks } h3cDot11WIDSAPID OBJECT-TYPE SYNTAX H3cDot11ObjectIDType MAX-ACCESS not-accessible STATUS current DESCRIPTION "To uniquely identify each AP, and relation-ship between h3cDot11WIDSAPID and AP device will be static." ::= { h3cDot11WIDSRogueAPExtEntry 1 } h3cDot11DetectCurAPSigStrength OBJECT-TYPE SYNTAX Integer32 UNITS "dBm" MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the current value of signal strength that WIDS monitor AP received from the rogue AP." ::= { h3cDot11WIDSRogueAPExtEntry 2 } h3cDot11DetectAPByChannel OBJECT-TYPE SYNTAX H3cDot11ChannelScopeType MAX-ACCESS read-only STATUS current DESCRIPTION "Represents on which radio channel that WIDS monitor AP detected the rogue AP." ::= { h3cDot11WIDSRogueAPExtEntry 3 } h3cDot11DetectAPByRadioID OBJECT-TYPE SYNTAX H3cDot11RadioScopeType MAX-ACCESS read-only STATUS current DESCRIPTION "Represents on which radio the monitor AP has detected the rogue AP." ::= { h3cDot11WIDSRogueAPExtEntry 4 } h3cDot11AttackAPStatus OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Represents whether monitor AP have taken countermeasure on the rogue AP." ::= { h3cDot11WIDSRogueAPExtEntry 5 } h3cDot11DetectAPFirstTm OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time that monitor AP detected the rogue AP for the first time." ::= { h3cDot11WIDSRogueAPExtEntry 6 } h3cDot11DetectAPLastTm OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time that monitor AP detected the rogue AP for the last time." ::= { h3cDot11WIDSRogueAPExtEntry 7 } -- ***************************************************************************** -- * end of h3cDot11WIDSRogueAPExtTable Definition -- ***************************************************************************** -- ***************************************************************************** -- * h3cDot11WIDSRogueStaTable Definition -- ***************************************************************************** h3cDot11WIDSRogueStaTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cDot11WIDSRogueStaEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table represents the list of rogue stations detected by the WIDS." ::= { h3cDot11WIDSDetectGroup 3 } h3cDot11WIDSRogueStaEntry OBJECT-TYPE SYNTAX H3cDot11WIDSRogueStaEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains information of each rogue station." INDEX { h3cDot11RogueStaMAC } ::= { h3cDot11WIDSRogueStaTable 1 } H3cDot11WIDSRogueStaEntry ::= SEQUENCE { h3cDot11RogueStaMAC MacAddress, h3cDot11RogueStaVendorName OCTET STRING, h3cDot11RogueStaMonitorNum Integer32, h3cDot11RogueStaFirstDetectTm TimeTicks, h3cDot11RogueStaLastDetectTm TimeTicks, h3cDot11RogueStaAccessBSSID MacAddress, h3cDot11RogueStaMaxSigStrength Integer32, h3cDot11RogueStaChannel H3cDot11ChannelScopeType, h3cDot11RogueStaAttackedStatus TruthValue, h3cDot11RogueStaToIgnore TruthValue, h3cDot11RogueStaAdHocStatus TruthValue, h3cDot11RogueStaReset TruthValue, h3cDot11RogueStaFirstDetectTmStr OCTET STRING, h3cDot11RogueStaLastDetectTmStr OCTET STRING } h3cDot11RogueStaMAC OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "Represents the MAC address of rogue station." ::= { h3cDot11WIDSRogueStaEntry 1 } h3cDot11RogueStaVendorName OBJECT-TYPE SYNTAX OCTET STRING(SIZE(0..127)) MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the vendor name of rogue station." ::= { h3cDot11WIDSRogueStaEntry 2 } h3cDot11RogueStaMonitorNum OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the number of monitor APs which detected the rogue station." ::= { h3cDot11WIDSRogueStaEntry 3 } h3cDot11RogueStaFirstDetectTm OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time that station was detected as a rogue station for the first time." ::= { h3cDot11WIDSRogueStaEntry 4 } h3cDot11RogueStaLastDetectTm OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time that station was detected as a rogue station for the last time." ::= { h3cDot11WIDSRogueStaEntry 5 } h3cDot11RogueStaAccessBSSID OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Represents BSS MAC address that rogue station try to access." ::= { h3cDot11WIDSRogueStaEntry 6 } h3cDot11RogueStaMaxSigStrength OBJECT-TYPE SYNTAX Integer32 UNITS "dBm" MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the maximal value of signal strength that WIDS received from the rogue station." ::= { h3cDot11WIDSRogueStaEntry 7 } h3cDot11RogueStaChannel OBJECT-TYPE SYNTAX H3cDot11ChannelScopeType MAX-ACCESS read-only STATUS current DESCRIPTION "Represents on which radio channel the maximal signal strength was received." ::= { h3cDot11WIDSRogueStaEntry 8 } h3cDot11RogueStaAttackedStatus OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Represents whether the countermeasure have taken for the rogue station." ::= { h3cDot11WIDSRogueStaEntry 9 } h3cDot11RogueStaToIgnore OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Represents whether the rogue AP will be taken as a rogue station. If the value is true, NMS should not display the rogue station as NMS display rogue station list, and the MAC address will be automatically added into h3cDot11WIDSIgnoreListTable. If the value is false, NMS will take it as a rogue station. " DEFVAL { false } ::= { h3cDot11WIDSRogueStaEntry 10 } h3cDot11RogueStaAdHocStatus OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Represents whether the rogue station work on the Ad Hoc mode or not." ::= { h3cDot11WIDSRogueStaEntry 11 } h3cDot11RogueStaReset OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to clear information of assigned station. The information of AP which detects assigned rogue station will be cleared together. It will return false for get operation." ::= { h3cDot11WIDSRogueStaEntry 12 } h3cDot11RogueStaFirstDetectTmStr OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time that station was detected as a rogue station for the first time." ::= { h3cDot11WIDSRogueStaEntry 13 } h3cDot11RogueStaLastDetectTmStr OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time that station was detected as a rogue station for the last time." ::= { h3cDot11WIDSRogueStaEntry 14 } -- ***************************************************************************** -- * End of h3cDot11WIDSRogueStaTable Definition -- ***************************************************************************** -- ***************************************************************************** -- * h3cDot11WIDSRogueStaExtTable Definition -- ***************************************************************************** h3cDot11WIDSRogueStaExtTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cDot11WIDSRogueStaExtEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "As each rogue station could be detected by multiple monitor APs, each monitor AP could have some kind of detailed information about a specific rogue station. In the h3cDot11WIDSRogueStaTable table, the detailed information for a specific rogue station will be summarized from information in the h3cDot11WIDSRogueStaExtTable table. For example, multiple monitor APs could receive RF signal of one rogue station, and each monitor AP has its maximum signal strength by itself. The information will be kept as h3cDot11DetectMaxStaSigStrength in the h3cDot11WIDSRogueStaExtTable table. While only the maximum value among all the h3cDot11DetectMaxStaSigStrength for each monitor AP will be kept in the h3cDot11WIDSRogueStaTable as h3cDot11RogueStaMaxSigStrength." ::= { h3cDot11WIDSDetectGroup 4 } h3cDot11WIDSRogueStaExtEntry OBJECT-TYPE SYNTAX H3cDot11WIDSRogueStaExtEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains information of rogue station detected by each monitor AP." INDEX { h3cDot11RogueStaMAC, h3cDot11WIDSAPID } ::= { h3cDot11WIDSRogueStaExtTable 1 } H3cDot11WIDSRogueStaExtEntry ::= SEQUENCE { h3cDot11DetectCurStaSigStrength Integer32, h3cDot11DetectStaByChannel H3cDot11ChannelScopeType, h3cDot11DetectStaByRadioID H3cDot11RadioScopeType, h3cDot11AttackStaStatus TruthValue, h3cDot11DetectStaFirstTm TimeTicks, h3cDot11DetectStaLastTm TimeTicks } h3cDot11DetectCurStaSigStrength OBJECT-TYPE SYNTAX Integer32 UNITS "dBm" MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the current value of signal strength that WIDS monitor AP received from the rogue station." ::= { h3cDot11WIDSRogueStaExtEntry 1 } h3cDot11DetectStaByChannel OBJECT-TYPE SYNTAX H3cDot11ChannelScopeType MAX-ACCESS read-only STATUS current DESCRIPTION "Represents on which radio channel the maximal signal strength was received." ::= { h3cDot11WIDSRogueStaExtEntry 2 } h3cDot11DetectStaByRadioID OBJECT-TYPE SYNTAX H3cDot11RadioScopeType MAX-ACCESS read-only STATUS current DESCRIPTION "Represents which radio on the monitor AP has detected the rogue station." ::= { h3cDot11WIDSRogueStaExtEntry 3 } h3cDot11AttackStaStatus OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Represents whether monitor AP have taken countermeasure for the rogue station." ::= { h3cDot11WIDSRogueStaExtEntry 4 } h3cDot11DetectStaFirstTm OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time that monitor AP detected the rogue station for the first time." ::= { h3cDot11WIDSRogueStaExtEntry 5 } h3cDot11DetectStaLastTm OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time that monitor AP detected the rogue station for the last time." ::= { h3cDot11WIDSRogueStaExtEntry 6 } -- ***************************************************************************** -- * end of h3cDot11WIDSRogueStaExtTable Definition -- ***************************************************************************** -- ***************************************************************************** -- * h3cDot11WIDSDetectedDevTable Definition -- ***************************************************************************** h3cDot11WIDSDetectedDevTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cDot11WIDSDetectedDevEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This Table contains information of detected devices." ::= { h3cDot11WIDSDetectGroup 5 } h3cDot11WIDSDetectedDevEntry OBJECT-TYPE SYNTAX H3cDot11WIDSDetectedDevEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains information of detected devices." INDEX { h3cDot11WIDSDevMAC } ::= { h3cDot11WIDSDetectedDevTable 1 } H3cDot11WIDSDetectedDevEntry ::= SEQUENCE { h3cDot11WIDSDevMAC MacAddress, h3cDot11WIDSDevType H3cDot11WIDSDevType, h3cDot11WIDSDevPermitType H3cDot11WIDSDevPermitType, h3cDot11WIDSDevVendor OCTET STRING, h3cDot11WIDSDevMonitorNum Integer32, h3cDot11WIDSDevSSID OCTET STRING, h3cDot11WIDSDevBSSID MacAddress, h3cDot11WIDSDevChannel H3cDot11ChannelScopeType, h3cDot11WIDSDevMaxRSSI Integer32, h3cDot11WIDSDevBeaconIntvl Integer32, h3cDot11WIDSDevFstDctTime DateAndTime, h3cDot11WIDSDevLstDctTime DateAndTime, h3cDot11WIDSDevReset TruthValue, h3cDot11WIDSDevSnr Integer32 } h3cDot11WIDSDevMAC OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "Represents MAC address of the device detected." ::= { h3cDot11WIDSDetectedDevEntry 1 } h3cDot11WIDSDevType OBJECT-TYPE SYNTAX H3cDot11WIDSDevType MAX-ACCESS read-only STATUS current DESCRIPTION "Represents type of the device detected." ::= { h3cDot11WIDSDetectedDevEntry 2 } h3cDot11WIDSDevPermitType OBJECT-TYPE SYNTAX H3cDot11WIDSDevPermitType MAX-ACCESS read-only STATUS current DESCRIPTION "Represents whether the device detected is a rogue device or not." ::= { h3cDot11WIDSDetectedDevEntry 3 } h3cDot11WIDSDevVendor OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-only STATUS current DESCRIPTION "Represents Vendor of the detected device." ::= { h3cDot11WIDSDetectedDevEntry 4 } h3cDot11WIDSDevMonitorNum OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the number of active APs that detect the device." ::= { h3cDot11WIDSDetectedDevEntry 5 } h3cDot11WIDSDevSSID OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the service set identifier for the ESS of the device." ::= { h3cDot11WIDSDetectedDevEntry 6 } h3cDot11WIDSDevBSSID OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the basic service set identifier of the detected device." ::= { h3cDot11WIDSDetectedDevEntry 7 } h3cDot11WIDSDevChannel OBJECT-TYPE SYNTAX H3cDot11ChannelScopeType MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the channel in which the device was last detected." ::= { h3cDot11WIDSDetectedDevEntry 8 } h3cDot11WIDSDevMaxRSSI OBJECT-TYPE SYNTAX Integer32 UNITS "dbm" MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the maximum detected RSSI of the device." ::= { h3cDot11WIDSDetectedDevEntry 9 } h3cDot11WIDSDevBeaconIntvl OBJECT-TYPE SYNTAX Integer32 UNITS "millionsecond" MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the beacon interval for the detected AP." ::= { h3cDot11WIDSDetectedDevEntry 10 } h3cDot11WIDSDevFstDctTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time at which the device was first detected." ::= { h3cDot11WIDSDetectedDevEntry 11 } h3cDot11WIDSDevLstDctTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time at which the rogue AP was detected last time." ::= { h3cDot11WIDSDetectedDevEntry 12 } h3cDot11WIDSDevReset OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to clears the information of the device detected in the WLAN. It will return false for get operation." ::= { h3cDot11WIDSDetectedDevEntry 13 } h3cDot11WIDSDevSnr OBJECT-TYPE SYNTAX Integer32 UNITS "dB" MAX-ACCESS read-only STATUS current DESCRIPTION "Represents SNR of the device detected." ::= { h3cDot11WIDSDetectedDevEntry 14 } -- ***************************************************************************** -- * end of h3cDot11WIDSDetectedDevTable Definition -- ***************************************************************************** -- ***************************************************************************** -- * h3cDot11WIDSRptAPTable Definition -- ***************************************************************************** h3cDot11WIDSRptAPTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cDot11WIDSRptAPEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This Table contains information of the AP which detected device in the WLAN." ::= { h3cDot11WIDSDetectGroup 6 } h3cDot11WIDSRptAPEntry OBJECT-TYPE SYNTAX H3cDot11WIDSRptAPEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains information of the AP which detected device in the WLAN." INDEX { h3cDot11WIDSDevMAC, h3cDot11WIDSRptAPMAC } ::= { h3cDot11WIDSRptAPTable 1 } H3cDot11WIDSRptAPEntry ::= SEQUENCE { h3cDot11WIDSRptAPMAC MacAddress, h3cDot11WIDSRptAPName OCTET STRING, h3cDot11WIDSRptAPRadioID H3cDot11RadioScopeType, h3cDot11WIDSRptAPMaxRSSI Integer32, h3cDot11WIDSRptAPFstDctTime DateAndTime, h3cDot11WIDSRptAPLstDctTime DateAndTime } h3cDot11WIDSRptAPMAC OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "Represents the MAC address of the AP that detected the device." ::= { h3cDot11WIDSRptAPEntry 1 } h3cDot11WIDSRptAPName OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the name of the AP that detected the device." ::= { h3cDot11WIDSRptAPEntry 2 } h3cDot11WIDSRptAPRadioID OBJECT-TYPE SYNTAX H3cDot11RadioScopeType MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the radio index of the AP that detected the device." ::= { h3cDot11WIDSRptAPEntry 3 } h3cDot11WIDSRptAPMaxRSSI OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the maximum detected RSSI of the device." ::= { h3cDot11WIDSRptAPEntry 4 } h3cDot11WIDSRptAPFstDctTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time at which the rogue AP was detected first time." ::= { h3cDot11WIDSRptAPEntry 5 } h3cDot11WIDSRptAPLstDctTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time at which the rogue AP was detected last time." ::= { h3cDot11WIDSRptAPEntry 6 } -- ***************************************************************************** -- * end of h3cDot11WIDSRptAPTable Definition -- ***************************************************************************** -- ***************************************************************************** -- * h3cDot11DynBlackListTable Definition -- ***************************************************************************** h3cDot11DynBlackListTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cDot11DynBlackListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains information of dynamic blacklist entries." ::= { h3cDot11WIDSDetectGroup 7 } h3cDot11DynBlackListEntry OBJECT-TYPE SYNTAX H3cDot11DynBlackListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains information of dynamic blacklist." INDEX { h3cDot11DynBlackListMAC } ::= { h3cDot11DynBlackListTable 1 } H3cDot11DynBlackListEntry ::= SEQUENCE { h3cDot11DynBlackListMAC MacAddress, h3cDot11DynBlackListTime Unsigned32, h3cDot11DynBlackListReason OCTET STRING, h3cDot11DynBlackListReset TruthValue, h3cDot11DynBlackListTimeTicks TimeTicks } h3cDot11DynBlackListMAC OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "Represents the MAC address of the device inserted into the dynamic blacklist." ::= { h3cDot11DynBlackListEntry 1 } h3cDot11DynBlackListTime OBJECT-TYPE SYNTAX Unsigned32 UNITS "second" MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time elapsed since the entry was last updated." ::= { h3cDot11DynBlackListEntry 2 } h3cDot11DynBlackListReason OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the reason why the entry was added into the dynamic blacklist." ::= { h3cDot11DynBlackListEntry 3 } h3cDot11DynBlackListReset OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to remove designated entry from the dynamic blacklist. The value which read from this object always is false." ::= { h3cDot11DynBlackListEntry 4 } h3cDot11DynBlackListTimeTicks OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time elapsed since the entry was last updated in units TimeTicks." ::= { h3cDot11DynBlackListEntry 5 } -- ***************************************************************************** -- * end of h3cDot11DynBlackListTable Definition -- ***************************************************************************** -- ***************************************************************************** -- * h3cDot11WIDSRogueHistoryTable Definition -- ***************************************************************************** h3cDot11WIDSRogueHistoryTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cDot11WIDSRogueHistoryEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains information of all expired rogue devices which have been deleted from the list of detected rogue devices because they could not be detected within the device aging duration." ::= { h3cDot11WIDSDetectGroup 8 } h3cDot11WIDSRogueHistoryEntry OBJECT-TYPE SYNTAX H3cDot11WIDSRogueHistoryEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains information of an expired rogue device which has been deleted from the list of detected rogue devices because they could not be detected within the device aging duration." INDEX { h3cDot11WIDSRogueHisIndex } ::= { h3cDot11WIDSRogueHistoryTable 1 } H3cDot11WIDSRogueHistoryEntry ::= SEQUENCE { h3cDot11WIDSRogueHisIndex Integer32, h3cDot11WIDSRogueHisMAC MacAddress, h3cDot11WIDSRogueHisVendor OCTET STRING, h3cDot11WIDSRogueHisType H3cDot11WIDSDevType, h3cDot11WIDSRogueHisChl H3cDot11ChannelScopeType, h3cDot11WIDSRogueHisSSID OCTET STRING, h3cDot11WIDSRogueHisLastDctTime DateAndTime } h3cDot11WIDSRogueHisIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Represents index of this entry." ::= { h3cDot11WIDSRogueHistoryEntry 1 } h3cDot11WIDSRogueHisMAC OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the MAC address of the device." ::= { h3cDot11WIDSRogueHistoryEntry 2 } h3cDot11WIDSRogueHisVendor OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the vendor for the device." ::= { h3cDot11WIDSRogueHistoryEntry 3 } h3cDot11WIDSRogueHisType OBJECT-TYPE SYNTAX H3cDot11WIDSDevType MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the type of the device." ::= { h3cDot11WIDSRogueHistoryEntry 4 } h3cDot11WIDSRogueHisChl OBJECT-TYPE SYNTAX H3cDot11ChannelScopeType MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the channel in which the device was last detected." ::= { h3cDot11WIDSRogueHistoryEntry 5 } h3cDot11WIDSRogueHisSSID OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the service set identifier for the ESS of the device." ::= { h3cDot11WIDSRogueHistoryEntry 6 } h3cDot11WIDSRogueHisLastDctTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time at which the device was last detected." ::= { h3cDot11WIDSRogueHistoryEntry 7 } -- ***************************************************************************** -- * end of h3cDot11WIDSRogueHistoryTable Definition -- ***************************************************************************** -- ***************************************************************************** -- * h3cDot11WIDSAtkHistroyTable Definition -- ***************************************************************************** h3cDot11WIDSAtkHistroyTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cDot11WIDSAtkHistroyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains information of the history of attacks detected in the WLAN system." ::= { h3cDot11WIDSDetectGroup 9 } h3cDot11WIDSAtkHistroyEntry OBJECT-TYPE SYNTAX H3cDot11WIDSAtkHistroyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains information of the history of attacks detected in the WLAN system." INDEX { h3cDot11WIDSAtkHisIndex } ::= { h3cDot11WIDSAtkHistroyTable 1 } H3cDot11WIDSAtkHistroyEntry ::= SEQUENCE { h3cDot11WIDSAtkHisIndex Integer32, h3cDot11WIDSAtkHisMAC MacAddress, h3cDot11WIDSAtkHisType H3cDot11WIDSAtkType, h3cDot11WIDSAtkHisChl H3cDot11ChannelScopeType, h3cDot11WIDSAtkHisRSSI Integer32, h3cDot11WIDSAtkHisDctTime DateAndTime, h3cDot11WIDSAtkHisAPName OCTET STRING } h3cDot11WIDSAtkHisIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Represents index of this entry." ::= { h3cDot11WIDSAtkHistroyEntry 1 } h3cDot11WIDSAtkHisMAC OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the Mac address. In case of spoof attacks, this field provides the BSSID which was spoofed. In case of other attacks, this field provides the MAC address of the device which initiated the attack." ::= { h3cDot11WIDSAtkHistroyEntry 2 } h3cDot11WIDSAtkHisType OBJECT-TYPE SYNTAX H3cDot11WIDSAtkType MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the type of attack." ::= { h3cDot11WIDSAtkHistroyEntry 3 } h3cDot11WIDSAtkHisChl OBJECT-TYPE SYNTAX H3cDot11ChannelScopeType MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the channel in which the attack was detected." ::= { h3cDot11WIDSAtkHistroyEntry 4 } h3cDot11WIDSAtkHisRSSI OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the average RSSI of the designated attack." ::= { h3cDot11WIDSAtkHistroyEntry 5 } h3cDot11WIDSAtkHisDctTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time at which this attack was detected." ::= { h3cDot11WIDSAtkHistroyEntry 6 } h3cDot11WIDSAtkHisAPName OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the name of the AP which detected this attack." ::= { h3cDot11WIDSAtkHistroyEntry 7 } -- ***************************************************************************** -- * end of h3cDot11WIDSAtkHistroyTable Definition -- ***************************************************************************** -- ***************************************************************************** -- * h3cDot11WIDSAtkStatis Definition -- ***************************************************************************** h3cDot11WIDSAtkStatis OBJECT IDENTIFIER ::= { h3cDot11WIDSDetectGroup 10 } h3cDot11WIDSAtkStasStartTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "Represents current attack tracking time. It is started at the system startup and is refreshed each hour subsequently." ::= { h3cDot11WIDSAtkStatis 1 } -- ***************************************************************************** -- * h3cDot11WIDSAtkStasTable Definition -- ***************************************************************************** h3cDot11WIDSAtkStasTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cDot11WIDSAtkStasEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains information of the counts of attacks detected." ::= { h3cDot11WIDSAtkStatis 2 } h3cDot11WIDSAtkStasEntry OBJECT-TYPE SYNTAX H3cDot11WIDSAtkStasEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains information of the counts of attacks detected." INDEX { h3cDot11WIDSAtkStasType } ::= { h3cDot11WIDSAtkStasTable 1 } H3cDot11WIDSAtkStasEntry ::= SEQUENCE { h3cDot11WIDSAtkStasType H3cDot11WIDSAtkType, h3cDot11WIDSAtkStasCurCnt Unsigned32, h3cDot11WIDSAtkStasTotalCnt Unsigned32 } h3cDot11WIDSAtkStasType OBJECT-TYPE SYNTAX H3cDot11WIDSAtkType MAX-ACCESS not-accessible STATUS current DESCRIPTION "Represents the type of attack." ::= { h3cDot11WIDSAtkStasEntry 1 } h3cDot11WIDSAtkStasCurCnt OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the count of attacks detected since the time specified by the current attack tracking time. The current attack tracking time is started at the system startup and is refreshed each hour subsequently." ::= { h3cDot11WIDSAtkStasEntry 2 } h3cDot11WIDSAtkStasTotalCnt OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the total count of the attacks detected since the system startup." ::= { h3cDot11WIDSAtkStasEntry 3 } -- ***************************************************************************** -- * end of h3cDot11WIDSAtkStasTable Definition -- ***************************************************************************** -- ***************************************************************************** -- * h3cDot11BlackListTable Definition -- ***************************************************************************** h3cDot11BlackListTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cDot11BlackListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains information of blacklist entries, including dynamic and static." ::= { h3cDot11WIDSDetectGroup 11 } h3cDot11BlackListEntry OBJECT-TYPE SYNTAX H3cDot11BlackListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains information of blacklist." INDEX { h3cDot11BlackListMAC } ::= { h3cDot11BlackListTable 1 } H3cDot11BlackListEntry ::= SEQUENCE { h3cDot11BlackListMAC MacAddress, h3cDot11BlackListTime Unsigned32, h3cDot11BlackListReason OCTET STRING, h3cDot11BlackListRowStatus RowStatus, h3cDot11BlackListTimeTicks TimeTicks } h3cDot11BlackListMAC OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object represents the MAC address of the device inserted into the table." ::= { h3cDot11BlackListEntry 1 } h3cDot11BlackListTime OBJECT-TYPE SYNTAX Unsigned32 UNITS "minutes" MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time elapsed since the entry was last updated. If it is static blacklist, the value is always 0." ::= { h3cDot11BlackListEntry 2 } h3cDot11BlackListReason OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the reason why the entry was added into the blacklist." ::= { h3cDot11BlackListEntry 3 } h3cDot11BlackListRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object represents the status of this table entry." ::= { h3cDot11BlackListEntry 4 } h3cDot11BlackListTimeTicks OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "Represents the time elapsed since the entry was last updated in timetick. If it is static blacklist, the value is always 0." ::= { h3cDot11BlackListEntry 5 } -- ***************************************************************************** -- * end of h3cDot11BlackListTable Definition -- ***************************************************************************** -- ***************************************************************************** -- * end of h3cDot11WIDSAtkStatis Definition -- ***************************************************************************** -- ***************************************************************************** -- * Notifications OF h3cDot11WIDSNotifyGroup -- ***************************************************************************** -- WIDS Notification h3cDot11WIDSTraps OBJECT IDENTIFIER ::= { h3cDot11WIDSNotifyGroup 1 } h3cDot11WIDSDetectRogueTrap NOTIFICATION-TYPE OBJECTS { h3cDot11WIDSRogueMAC, h3cDot11WIDSRogueType, h3cDot11WIDSMonitorMAC, h3cDot11MonitorAPID, h3cDot11MonitorApRadioID } STATUS current DESCRIPTION "The notification represents that a rogue AP or a station was detected by WIDS. The NMS would refer to MIB table under h3cDot11WIDSDetectGroup group to get more detailed information." ::= { h3cDot11WIDSTraps 1 } h3cDot11WIDSAdHocTrap NOTIFICATION-TYPE OBJECTS { h3cDot11WIDSAdHocMAC, h3cDot11WIDSMonitorMAC } STATUS current DESCRIPTION "The notification represents a rogue Ad hoc station was detected." ::= { h3cDot11WIDSTraps 2 } h3cDot11WIDSUnauthorSSIDTrap NOTIFICATION-TYPE OBJECTS { h3cDot11UnauthorSSIDName, h3cDot11WIDSMonitorMAC, h3cDot11MonitorAPID, h3cDot11MonitorApRadioID } STATUS current DESCRIPTION "The notification represents which unauthorized SSID are accessed in the network. The notification will be sent to NMS when an unauthorized SSID is detected on the network for the first time." ::= { h3cDot11WIDSTraps 3 } h3cDot11WIDSDisappearRogueTrap NOTIFICATION-TYPE OBJECTS { h3cDot11WIDSRogueMAC } STATUS current DESCRIPTION "The notification represents that a rogue device has aged out and moved to history table or the device type has been changed to friendly. The notification will be sent to NMS whenever a rogue disappears." ::= { h3cDot11WIDSTraps 4 } h3cDot11WIDSDetectAttack NOTIFICATION-TYPE OBJECTS { h3cDot11WIDSAtkHisType, h3cDot11WIDSAtkHisChl, h3cDot11WIDSAtkHisDctTime, h3cDot11WIDSAtkHisAPName } STATUS current DESCRIPTION "This notification occurs when some type of attack is detected. " ::= { h3cDot11WIDSTraps 5 } h3cDot11WIDSDetectWBridge NOTIFICATION-TYPE OBJECTS { h3cDot11WIDSRptAPName, h3cDot11WIDSRptAPRadioID, h3cDot11WIDSRptAPLstDctTime } STATUS current DESCRIPTION "This notification occurs whenever a detected device is classified as rogue wireless-bridge. " ::= { h3cDot11WIDSTraps 6 } h3cDot11WIDSFloodTrap NOTIFICATION-TYPE OBJECTS { h3cDot11WIDSAtkMac, h3cDot11WIDSAtkFrameType, h3cDot11WIDSFirstTrapTime } STATUS current DESCRIPTION "This notification occurs when flood attack is detected. " ::= { h3cDot11WIDSTraps 7 } h3cDot11WIDSSpoofTrap NOTIFICATION-TYPE OBJECTS { h3cDot11WIDSAtkMac, h3cDot11WIDSAtkFrameType, h3cDot11WIDSAtkChannel, h3cDot11WIDSAtkTime, h3cDot11WIDSAtkDestMac, h3cDot11WIDSFirstTrapTime } STATUS current DESCRIPTION "This notification occurs when spoof attack is detected. " ::= { h3cDot11WIDSTraps 8 } h3cDot11WIDSWeakIVTrap NOTIFICATION-TYPE OBJECTS { h3cDot11WIDSAtkMac, h3cDot11WIDSAtkChannel, h3cDot11WIDSAtkTime, h3cDot11WIDSAtkDestMac, h3cDot11WIDSFirstTrapTime } STATUS current DESCRIPTION "This notification occurs when weak IV attack is detected. " ::= { h3cDot11WIDSTraps 9 } -- WIDS Notification variable object h3cDot11WIDSTrapVarObjects OBJECT IDENTIFIER ::= { h3cDot11WIDSNotifyGroup 2 } h3cDot11WIDSRogueMAC OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Represents which rogue AP or station." ::= { h3cDot11WIDSTrapVarObjects 1 } h3cDot11WIDSRogueType OBJECT-TYPE SYNTAX INTEGER { rogueAp(1), rogueStation(2) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Represents the rogue type. The following value are supported rogueAp(1) - A rogue AP rogueStation(2) - A rogue Station" ::= { h3cDot11WIDSTrapVarObjects 2 } h3cDot11WIDSMonitorMAC OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Represents which monitor detected the rogue AP or station." ::= { h3cDot11WIDSTrapVarObjects 3 } h3cDot11WIDSAdHocMAC OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Represents the MAC address of Ad hoc station." ::= { h3cDot11WIDSTrapVarObjects 4 } h3cDot11UnauthorSSIDName OBJECT-TYPE SYNTAX H3cDot11SSIDStringType MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Represents an unauthorized SSID." ::= { h3cDot11WIDSTrapVarObjects 5 } h3cDot11MonitorAPID OBJECT-TYPE SYNTAX H3cDot11ObjectIDType MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Represents monitor AP's APID." ::= { h3cDot11WIDSTrapVarObjects 6 } h3cDot11MonitorApRadioID OBJECT-TYPE SYNTAX H3cDot11RadioScopeType MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Represents monitor AP's radio ID" ::= { h3cDot11WIDSTrapVarObjects 7 } h3cDot11WIDSAtkMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Represents mac address of attack source." ::= { h3cDot11WIDSTrapVarObjects 8 } h3cDot11WIDSAtkFrameType OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Represents attack frame type." ::= { h3cDot11WIDSTrapVarObjects 9 } h3cDot11WIDSAtkChannel OBJECT-TYPE SYNTAX H3cDot11ChannelScopeType MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Represents attack channel." ::= { h3cDot11WIDSTrapVarObjects 10 } h3cDot11WIDSAtkTime OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Represents when attacking happened." ::= { h3cDot11WIDSTrapVarObjects 11 } h3cDot11WIDSAtkDestMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Represents mac address of attack destination." ::= { h3cDot11WIDSTrapVarObjects 12 } h3cDot11WIDSFirstTrapTime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Represents the first trap time." ::= { h3cDot11WIDSTrapVarObjects 13 } -- ***************************************************************************** -- * End OF h3cDot11WIDSNotifyGroup -- ***************************************************************************** END