950 lines
31 KiB
Plaintext
950 lines
31 KiB
Plaintext
--**********************************************
|
|
-- CISCO-LWAPP-WAPI-MIB
|
|
-- CISCO Private version for WAPI
|
|
-- Sunday, 05-23, 2010 at 00:00:00
|
|
--
|
|
--Copyright (c) 2010 by Cisco Systems Inc.
|
|
--ALL rights reserved
|
|
--*********************************************
|
|
|
|
CISCO-LWAPP-WAPI-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
Counter32,
|
|
IpAddress,
|
|
OBJECT-TYPE,
|
|
MODULE-IDENTITY
|
|
FROM SNMPv2-SMI
|
|
MacAddress
|
|
FROM SNMPv2-TC
|
|
cLWlanIndex
|
|
FROM CISCO-LWAPP-WLAN-MIB
|
|
cldcClientMacAddress
|
|
FROM CISCO-LWAPP-DOT11-CLIENT-MIB
|
|
ciscoMgmt
|
|
FROM CISCO-SMI
|
|
CLSecKeyFormat
|
|
FROM CISCO-LWAPP-TC-MIB
|
|
DisplayString,
|
|
TruthValue
|
|
FROM SNMPv2-TC
|
|
cLApSysMacAddress
|
|
FROM CISCO-LWAPP-AP-MIB;
|
|
|
|
ciscoLwappWapiMIB MODULE-IDENTITY
|
|
LAST-UPDATED "201005230000Z" -- MAY 23, 2010 at 00:00 GMT
|
|
ORGANIZATION "Cisco Systems, Inc."
|
|
CONTACT-INFO
|
|
"Cisco Systems Customer Service
|
|
Postal: 170 West Tasman Drive
|
|
San Jose, CA 95134
|
|
USA
|
|
Tel: +1 800 553-NETS
|
|
Email : cs-wnbu-snmp@cisco.com"
|
|
DESCRIPTION
|
|
"cisco WiFi Controller Snmp agent support for Wapi.
|
|
WAPI is a Chinese National Standard for Wireless LAN (GB 15629.11-2003)
|
|
GLOSSARY:
|
|
WAPI - WLAN Authentication and Privacy Infrastructures
|
|
WAI - WLAN Authentication Interface
|
|
WLAN - Wireless Local Area Network
|
|
WPI - Wireless Privacy Interface
|
|
MSK - multicast session key
|
|
AKM - authentication and key management
|
|
BKID - Base Key IDentification"
|
|
REVISION "201012180000Z"
|
|
DESCRIPTION
|
|
"cisco WiFi Controller Snmp agent support for Wapi.
|
|
WAPI is a Chinese National Standard for Wireless LAN (GB 15629.11-2003)"
|
|
::= {ciscoMgmt 9997}
|
|
|
|
ciscoLwappWapiMIBObjects OBJECT IDENTIFIER ::={ciscoLwappWapiMIB 1}
|
|
|
|
-- wapiStatsTable
|
|
cLWapiWlanStats OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CiscoWapiWlanStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table maintains the WAPI statistics for each WLAN on which WAPI is configured as the security protocol."
|
|
::= {ciscoLwappWapiMIBObjects 1}
|
|
|
|
cLWapiWlanStatsEntry OBJECT-TYPE
|
|
SYNTAX CiscoWapiWlanStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the cLWWSW Table"
|
|
INDEX {cLWlanIndex}
|
|
::= {cLWapiWlanStats 1}
|
|
|
|
CiscoWapiWlanStatsEntry ::=
|
|
SEQUENCE
|
|
{
|
|
cLWWSWAISignatureErrors Counter32,
|
|
cLWWSWAIHMACErrors Counter32,
|
|
cLWWSWAIAuthResultFailures Counter32,
|
|
cLWWSWAIDiscardCounters Counter32,
|
|
cLWWSWAITimeoutCounters Counter32,
|
|
cLWWSWAIFormatErrors Counter32,
|
|
cLWWSWAICertHandshakeFailures Counter32,
|
|
cLWWSWAIUnicastHandshakeFailures Counter32,
|
|
cLWWSWAIMulticastHandshakeFailures Counter32,
|
|
cLWWSWPIRXReplayCounters Counter32,
|
|
cLWWSWPIRXMicErrorCounters Counter64,
|
|
cLWWSWPIRXDecryptErrorCounters Counter64 }
|
|
|
|
cLWWSWAISignatureErrors OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This counter shall increment when the signature in the received WAI message is incorrect"
|
|
::= { cLWapiWlanStatsEntry 1 }
|
|
|
|
cLWWSWAIHMACErrors OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This counter shall increment when the message authentication code in the received WAI message is incorrect"
|
|
::= { cLWapiWlanStatsEntry 2 }
|
|
|
|
cLWWSWAIAuthResultFailures OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This counter shall increment when the WAI authentication is unsuccessful"
|
|
::= { cLWapiWlanStatsEntry 3 }
|
|
|
|
cLWWSWAIDiscardCounters OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This counter shall increment when the received WAI message is discarded"
|
|
::= { cLWapiWlanStatsEntry 4 }
|
|
|
|
cLWWSWAITimeoutCounters OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This counter shall increment when the WAI message is timeout"
|
|
::= { cLWapiWlanStatsEntry 5 }
|
|
|
|
cLWWSWAIFormatErrors OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This counter shall increment when there exists format error in the WAI message"
|
|
::= { cLWapiWlanStatsEntry 6 }
|
|
|
|
cLWWSWAICertHandshakeFailures OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This counter shall increment when the WAI Certificate Authentication is unsuccessful"
|
|
::= { cLWapiWlanStatsEntry 7 }
|
|
|
|
cLWWSWAIUnicastHandshakeFailures OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This counter shall increment when the WAI Unicast Key Negotiation is unsuccessful"
|
|
::= { cLWapiWlanStatsEntry 8 }
|
|
|
|
cLWWSWAIMulticastHandshakeFailures OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This counter shall increment when the WAI Multicast Key Negotiation is unsuccessful"
|
|
::= { cLWapiWlanStatsEntry 9 }
|
|
|
|
cLWWSWPIRXReplayCounters OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This counter shall increment when the WPI RX replay check is unsuccessful"
|
|
::= { cLWapiWlanStatsEntry 10 }
|
|
|
|
cLWWSWPIRXMicErrorCounters OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This counter shall increment when the WPI MIC is error"
|
|
::= { cLWapiWlanStatsEntry 11 }
|
|
|
|
cLWWSWPIRXDecryptErrorCounters OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This counter shall increment when the WPI Decryption is error"
|
|
::= { cLWapiWlanStatsEntry 12 }
|
|
|
|
-- wapiClientStatsTable
|
|
cLWapiClientStats OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CiscoWapiClientStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table maintains the WAPI statistics for each client connected to a WLAN on which WAPI is configured as the security protocol."
|
|
::= {ciscoLwappWapiMIBObjects 2}
|
|
|
|
cLWapiClientStatsEntry OBJECT-TYPE
|
|
SYNTAX CiscoWapiClientStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the cLWapiClientStats Table"
|
|
INDEX {cldcClientMacAddress}
|
|
::= {cLWapiClientStats 1}
|
|
|
|
CiscoWapiClientStatsEntry ::=
|
|
SEQUENCE{
|
|
cLWCSWapiClientVersion Integer32,
|
|
cLWCSWAISignatureErrors Counter32,
|
|
cLWCSWAIHMACErrors Counter32,
|
|
cLWCSWAIAuthResultFailures Counter32,
|
|
cLWCSWAIDiscardCounters Counter32,
|
|
cLWCSWAITimeoutCounters Counter32,
|
|
cLWCSWAIFormatErrors Counter32,
|
|
cLWCSWAICertHandshakeFailures Counter32,
|
|
cLWCSWAIUnicastHandshakeFailures Counter32,
|
|
cLWCSWAIMulticastHandshakeFailures Counter32,
|
|
cLWCSWAIUnicastCipherSuite OCTET STRING,
|
|
cLWCSWAIMcastCipherSuite OCTET STRING,
|
|
cLWCSWAIAuthenticationSuiteRequested OCTET STRING,
|
|
cLWCSWAIBKIDUsed OCTET STRING,
|
|
cLWCSWAICtrPortState TruthValue }
|
|
|
|
cLWCSWapiClientVersion OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the WAPI draft version used by the WAPI client"
|
|
::= { cLWapiClientStatsEntry 1 }
|
|
|
|
cLWCSWAISignatureErrors OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This counter shall increment when the signature in the received WAI message is incorrect"
|
|
::= { cLWapiClientStatsEntry 2 }
|
|
|
|
cLWCSWAIHMACErrors OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This counter shall increment when the message authentication code in the received WAI message is incorrect"
|
|
::= { cLWapiClientStatsEntry 3 }
|
|
|
|
cLWCSWAIAuthResultFailures OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This counter shall increment when the WAI authentication is unsuccessful"
|
|
::= { cLWapiClientStatsEntry 4 }
|
|
|
|
cLWCSWAIDiscardCounters OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This counter shall increment when the received WAI message is discarded"
|
|
::= { cLWapiClientStatsEntry 5 }
|
|
|
|
cLWCSWAITimeoutCounters OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This counter shall increment when the WAI message is timeout"
|
|
::= { cLWapiClientStatsEntry 6 }
|
|
|
|
cLWCSWAIFormatErrors OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This counter shall increment when there exists format error in the WAI message"
|
|
::= { cLWapiClientStatsEntry 7 }
|
|
|
|
cLWCSWAICertHandshakeFailures OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This counter shall increment when the WAI Certificate Authentication is unsuccessful"
|
|
::= { cLWapiClientStatsEntry 8 }
|
|
|
|
cLWCSWAIUnicastHandshakeFailures OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This counter shall increment when the WAI Unicast Key Negotiation is unsuccessful"
|
|
::= { cLWapiClientStatsEntry 9 }
|
|
|
|
cLWCSWAIMulticastHandshakeFailures OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This counter shall increment when the WAI Multicast Key Negotiation is unsuccessful"
|
|
::= { cLWapiClientStatsEntry 10 }
|
|
|
|
cLWCSWAIUnicastCipherSuite OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(4))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This value represents the Client Unicast Cipher Suite in use, of which obtained from Assoc req frame"
|
|
::= { cLWapiClientStatsEntry 11 }
|
|
|
|
cLWCSWAIMcastCipherSuite OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(4))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This value represents the Client Multicast Cipher Suite in use, of which obtained from Assoc req frame"
|
|
::= { cLWapiClientStatsEntry 12}
|
|
|
|
cLWCSWAIAuthenticationSuiteRequested OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(4))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specificies the last AKM suite requested from client.
|
|
0x 00 14 72 01 : cert
|
|
0x 00 14 72 02 : psk "
|
|
::= { cLWapiClientStatsEntry 13 }
|
|
|
|
cLWCSWAIBKIDUsed OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(16))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This value represents the selector of the last BKID used in the last Unicast Key Negotiation Handshake"
|
|
::= { cLWapiClientStatsEntry 14 }
|
|
|
|
cLWCSWAICtrPortState OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This value represents the state of client controlled port entity,
|
|
true means authenticated, false means not authenticated"
|
|
::= { cLWapiClientStatsEntry 15 }
|
|
|
|
-- wapiWlanConfigTable
|
|
cLWapiWlanConfig OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CiscoWapiWlanConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table maintains the WAPI config entry for the WLAN."
|
|
::= {ciscoLwappWapiMIBObjects 3}
|
|
|
|
cLWapiWlanConfigEntrty OBJECT-TYPE
|
|
SYNTAX CiscoWapiWlanConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the cLWapiWlanConfig Table"
|
|
INDEX {cLWlanIndex}
|
|
::= {cLWapiWlanConfig 1}
|
|
|
|
CiscoWapiWlanConfigEntry ::=
|
|
SEQUENCE{
|
|
cLWCSWlanWapiEnable TruthValue,
|
|
cLWCSWlanWapiAkmKeyMgmtMode INTEGER,
|
|
cLWCSWlanWapiEncryptType BITS,
|
|
cLWCSWlanWapiPskFmt CLSecKeyFormat,
|
|
cLWCSWlanWapiPsk OCTET STRING,
|
|
cLWCSWlanWapiConfigUnicasCiphersEntry OCTET STRING,
|
|
cLWCSWlanWapiConfigUnicastCipherSize Unsigned32,
|
|
cLWCSWlanWapiMcastCipherSize Unsigned32,
|
|
cLWCSWlanBKLifeTime Unsigned32,
|
|
cLWCSWlanBKReauthThreshold Unsigned32,
|
|
cLWCSWlanWapiConfigMulticastCipher OCTET STRING,
|
|
cLWCSWlanWapiAuthenticationSuiteSelected OCTET STRING,
|
|
cLWCSWlanWapiUnicastCipherSelected OCTET STRING,
|
|
cLWCSWlanWapiMulticastCipherSelected OCTET STRING,
|
|
cLWCSWlanWapiPreauthenticationState TruthValue}
|
|
|
|
cLWCSWlanWapiEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to enable the WAPI security on the WLAN."
|
|
::= { cLWapiWlanConfigEntrty 1 }
|
|
|
|
cLWCSWlanWapiAkmKeyMgmtMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
invalid(0),
|
|
cert (1),
|
|
psk (2) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to enable the AKM type to be used for the WAPI WLAN."
|
|
::= { cLWapiWlanConfigEntrty 2 }
|
|
|
|
cLWCSWlanWapiEncryptType OBJECT-TYPE
|
|
SYNTAX BITS {
|
|
sms4 (0) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to enable the encryption type for WAPI WLAN."
|
|
::= { cLWapiWlanConfigEntrty 3 }
|
|
|
|
cLWCSWlanWapiPskFmt OBJECT-TYPE
|
|
SYNTAX CLSecKeyFormat
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the type of the authentication preshared key
|
|
configured through the object cLWCSWlanWapiPskSetkey.
|
|
Note that the key configuration is applicable only when psk is configured
|
|
as the key management mechanism through the cLWCSWlanWapiAkmKeyMgmtMode object."
|
|
DEFVAL { default }
|
|
::= { cLWapiWlanConfigEntrty 4 }
|
|
|
|
cLWCSWlanWapiPsk OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(8..80))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to configure the Pre-Shared Key for WAI PSK authentication for the WLAN.
|
|
The key can be in ASCII or HEX format.
|
|
'ascii' 8-40 characters
|
|
'hex' 4-40 octets. "
|
|
::= { cLWapiWlanConfigEntrty 5 }
|
|
|
|
cLWCSWlanWapiConfigUnicasCiphersEntry OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(4))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The selector of a supported unicast cipher suite. It consists of an OUI (the first 3 octets)
|
|
and a cipher suite identifier (the last octet)."
|
|
::= { cLWapiWlanConfigEntrty 6 }
|
|
|
|
cLWCSWlanWapiConfigUnicastCipherSize OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the length in bit of the USK. This should be 256 for SMS4.
|
|
The first 128bits is the UEK and the last 128bits is the UCK."
|
|
::= { cLWapiWlanConfigEntrty 7 }
|
|
|
|
cLWCSWlanWapiMcastCipherSize OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the length in bit of the MSK. This should be 256 for in SMS4.
|
|
The first 128bits is the MEK and the last 128bits is the MCK."
|
|
::= { cLWapiWlanConfigEntrty 8 }
|
|
|
|
cLWCSWlanBKLifeTime OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to configure the maximum lifetime of a BK in the BK cache."
|
|
DEFVAL {43200}
|
|
::= { cLWapiWlanConfigEntrty 9 }
|
|
|
|
cLWCSWlanBKReauthThreshold OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "percentage"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to configure the percentage of the BK lifetime that should expire before a WAI reauthentication occurs."
|
|
DEFVAL {70}
|
|
::= { cLWapiWlanConfigEntrty 10 }
|
|
|
|
cLWCSWlanWapiConfigMulticastCipher OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(4))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the multicast cipher suite that this entity must adopt. The WAPI Parameter
|
|
Set information element shall adopt the value of this variable, which contains a 3-octet OUI and
|
|
a one-octet cipher suite identifier."
|
|
::= { cLWapiWlanConfigEntrty 11 }
|
|
|
|
cLWCSWlanWapiAuthenticationSuiteSelected OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(4))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the selector of the last AKM suite negotiated."
|
|
::= { cLWapiWlanConfigEntrty 12 }
|
|
|
|
cLWCSWlanWapiUnicastCipherSelected OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(4))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the selector of the last unicast cipher suite negotiated."
|
|
::= { cLWapiWlanConfigEntrty 13 }
|
|
|
|
cLWCSWlanWapiMulticastCipherSelected OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(4))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the selector of the last multicast cipher suite negotiated."
|
|
::= { cLWapiWlanConfigEntrty 14 }
|
|
|
|
cLWCSWlanWapiPreauthenticationState OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the state of Preauthentication
|
|
in WAPI and currently it is not supported."
|
|
::= { cLWapiWlanConfigEntrty 15 }
|
|
|
|
-- wapiAPTable
|
|
cLWapiAPTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CiscoWapiAPEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table maintains the WAPI details and
|
|
configurations for each AP connected."
|
|
::= {ciscoLwappWapiMIBObjects 4}
|
|
|
|
cLWapiAPEntry OBJECT-TYPE
|
|
SYNTAX CiscoWapiAPEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the cLWapiAPTable Table."
|
|
INDEX {cLApSysMacAddress}
|
|
::= {cLWapiAPTable 1}
|
|
|
|
CiscoWapiAPEntry ::=
|
|
SEQUENCE{
|
|
cLWCSWapiAPMaxUnicastKeysSupport Integer32 }
|
|
|
|
cLWCSWapiAPMaxUnicastKeysSupport OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the maximum number of USK's that an AP can support."
|
|
::= { cLWapiAPEntry 1 }
|
|
|
|
-- wapiWlanAuthenticationSuitesConfigTable
|
|
cLWapiWlanAKMSuitesConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CiscoWapiAuthenticationConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table maintains the WAPI config entry for the WLAN."
|
|
::= {ciscoLwappWapiMIBObjects 5}
|
|
|
|
cLWapiWlanAKMSuitesConfigEntry OBJECT-TYPE
|
|
SYNTAX CiscoWapiAuthenticationConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the cLWapiWlanAKMSuitesConfig Table"
|
|
INDEX {cLWlanIndex, cLWCSWlanWapiAuthenticationSuiteIndex}
|
|
::= {cLWapiWlanAKMSuitesConfigTable 1}
|
|
|
|
CiscoWapiAuthenticationConfigEntry ::=
|
|
SEQUENCE{
|
|
cLWCSWlanWapiAuthenticationSuiteIndex INTEGER,
|
|
cLWCSWlanWapiAuthenticationSuite OCTET STRING,
|
|
cLWCSWlanWapiAuthenticationSuiteEnable TruthValue }
|
|
|
|
cLWCSWlanWapiAuthenticationSuiteIndex OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
cert (1),
|
|
psk (2) }
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to a index for AKM suites on the WLAN."
|
|
::= { cLWapiWlanAKMSuitesConfigEntry 1 }
|
|
|
|
cLWCSWlanWapiAuthenticationSuite OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(4))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to indicate the AKM suite octects on the WLAN."
|
|
::= { cLWapiWlanAKMSuitesConfigEntry 2 }
|
|
|
|
cLWCSWlanWapiAuthenticationSuiteEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to enable the AKM suites on the WLAN."
|
|
::= { cLWapiWlanAKMSuitesConfigEntry 3 }
|
|
|
|
-- wapiCipherstable
|
|
cLWapiCiphers OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CiscoWapiCiphersEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table maintains the unicast cipher suites supported by this entity.
|
|
It allows enabling and disabling of each unicast cipher suite by network management.
|
|
The unicast cipher suite list in the WAPI Parameter Set information
|
|
element is formed using the information in this table."
|
|
::= {ciscoLwappWapiMIBObjects 6 }
|
|
|
|
cLWapiCiphersEntry OBJECT-TYPE
|
|
SYNTAX CiscoWapiCiphersEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the cLWapiCiphers Table."
|
|
INDEX { cLWlanIndex, cLWCSWlanCipherIndex }
|
|
::= { cLWapiCiphers 1 }
|
|
|
|
CiscoWapiCiphersEntry ::=
|
|
SEQUENCE {
|
|
cLWCSWlanCipherIndex Unsigned32,
|
|
cLWCSWlanCipherEnabled TruthValue
|
|
}
|
|
|
|
cLWCSWlanCipherIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents auxiliary index of the CiscoWapiCiphersEntry."
|
|
::= { cLWapiCiphersEntry 1 }
|
|
|
|
cLWCSWlanCipherEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents enables or disables the unicast cipher."
|
|
::= { cLWapiCiphersEntry 2 }
|
|
|
|
ciscoLwappWapiConfig OBJECT IDENTIFIER ::={ciscoLwappWapiMIB 2}
|
|
|
|
clWapiASIpAddress OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the IP address of the WAPI authentication server."
|
|
::= { ciscoLwappWapiConfig 1 }
|
|
|
|
clWapiASPortNumber OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the UDP port number for WAPI authentication server."
|
|
::= { ciscoLwappWapiConfig 2 }
|
|
|
|
clWapiASRequestTimeout OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents timeout value for the packets sent to Auth Server."
|
|
::= { ciscoLwappWapiConfig 3 }
|
|
|
|
|
|
clWapiMulticastRekeyMethod OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
disabled(1),
|
|
timeBased(2),
|
|
messageBased(3),
|
|
timemessageBased(4)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object selects a mechanism for rekeying the WAPI MSK. The default is time-based, once per day. Rekeying the MSK is only applicable to an entry acting in the AE role."
|
|
DEFVAL {timeBased}
|
|
::= { ciscoLwappWapiConfig 4 }
|
|
|
|
clWapiMulticastRekeyTime OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the time in seconds after which the WAPI MSK will be refreshed. The timer will start the moment the MSK was set using the MLME-SETWPIKEYS request primitive."
|
|
DEFVAL {86400}
|
|
::= { ciscoLwappWapiConfig 5 }
|
|
|
|
clWapiMulticastRekeyMessages OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the message count in thousands after which the WAPI MSK will be refreshed. The message counter will start the moment the MSK was set using the MLME-SETWPIKEYS request primitive."
|
|
::= { ciscoLwappWapiConfig 6 }
|
|
|
|
clWapiMulticastRekeyStrict OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object signals that the MSK shall be refreshed whenever a STA leaves the BSS that possesses the MSK."
|
|
::= { ciscoLwappWapiConfig 7 }
|
|
|
|
clWapiConfigCertificateUpdateCount OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the number of times messages in the WAPI hhandshake protocol will be retried per certificate handshake attempt."
|
|
DEFVAL {3}
|
|
::= { ciscoLwappWapiConfig 8 }
|
|
|
|
clWapiConfigMulticastUpdateCount OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the number of times message 1 in the WAPI muticast key announcement handshake will be retried per MSK handshake attempt."
|
|
DEFVAL {3}
|
|
::= { ciscoLwappWapiConfig 9 }
|
|
|
|
clWapiConfigUnicastUpdateCount OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the number of times message 1 and message 3 in the WAPI unicast key announcement handshake will be retried per USK handshake attempt."
|
|
DEFVAL {3}
|
|
::= { ciscoLwappWapiConfig 10 }
|
|
|
|
cLWCSWapiConfigureVersion OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the WAPI configuration version"
|
|
::= { ciscoLwappWapiConfig 11 }
|
|
|
|
clWapiConfigControlledPortControl OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
auto(0)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the value of the Controlled
|
|
port. If the value is 0 which means automatic, the
|
|
current behaviour. The state of the controlled port
|
|
shall be based on the result of authentication."
|
|
::= { ciscoLwappWapiConfig 12 }
|
|
|
|
clWapiUserInvalidCertificationInbreakNetwork OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the WAPI user with
|
|
invalid certification."
|
|
::= { ciscoLwappWapiConfig 13 }
|
|
|
|
cLApWAPISecurityLowAttack OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the WAPI security low attack notification
|
|
information."
|
|
::= { ciscoLwappWapiConfig 14 }
|
|
|
|
clWapiUnicastRekeyMethod OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
disabled(1),
|
|
timeBased(2),
|
|
messageBased(3),
|
|
timeMessageBased(4)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object selects a mechanism for rekeying the WAPI USK.
|
|
The default is time-based, once per day. Rekeying the USK
|
|
is only applicable to an entry acting in the AE role.
|
|
Method 1 (disabled) will temporarily stop the unicast rekeying"
|
|
DEFVAL {timeBased}
|
|
::= { ciscoLwappWapiConfig 15 }
|
|
|
|
clWapiUnicastRekeyTime OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the time in seconds after which the
|
|
WAPI USK will be refreshed. The timer will start the
|
|
moment the USK was set using the MLME-SETWPIKEYS
|
|
request primitive."
|
|
DEFVAL {86400}
|
|
::= { ciscoLwappWapiConfig 16 }
|
|
|
|
clWapiUnicastRekeyMessage OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "1000 messages"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the message count in thousands
|
|
after which the WAPI USK will be refreshed.
|
|
The message counter will start the moment the USK was set
|
|
using the MLME-SETWPIKEYS request primitive. This MIB will be
|
|
configurable od of TIME or TIME&PACKET"
|
|
::= { ciscoLwappWapiConfig 17 }
|
|
|
|
clWapiConfigSATimeout OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the maximum time a security association shall take to set up."
|
|
DEFVAL {60}
|
|
::= { ciscoLwappWapiConfig 18 }
|
|
|
|
cLApWAPIReplayAttack OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the WAPI replay attack notification information."
|
|
::= { ciscoLwappWapiConfig 19 }
|
|
|
|
cLApWAPITamperAttack OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the WAPI tamper attack notification information."
|
|
::= { ciscoLwappWapiConfig 20 }
|
|
|
|
clWapiAddressRedirectAttack OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the WAPI redirect attack notification information."
|
|
::= { ciscoLwappWapiConfig 21}
|
|
|
|
ciscoLwappWapiCertificateObjects OBJECT IDENTIFIER ::={ciscoLwappWapiMIB 3}
|
|
|
|
clWapiWLCCertificateStatus OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the installation
|
|
state of WLC Certificate. True means the WLC certificate
|
|
is installed. False means it is uninstalled."
|
|
::= { ciscoLwappWapiCertificateObjects 1 }
|
|
|
|
clWapiCACertificateStatus OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the installation
|
|
state of Certificate Authority Certificate. True means the CA certificate
|
|
is installed. False means it is uninstalled"
|
|
::= { ciscoLwappWapiCertificateObjects 2 }
|
|
|
|
clWapiASCertificateStatus OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the installation
|
|
state of Auth Server Certificate. True means the AS certificate
|
|
is installed. False means it is uninstalled."
|
|
::= { ciscoLwappWapiCertificateObjects 3 }
|
|
|
|
ciscoLwappWapiMIBNotifObjects OBJECT IDENTIFIER ::={ciscoLwappWapiMIB 4}
|
|
|
|
--********************************************************************
|
|
-- * Notifications
|
|
--********************************************************************
|
|
ciscoLwappWapiUserInvalidCertificateNetworkTrap NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
clWapiUserInvalidCertificationInbreakNetwork
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification will be sent when the WAPI
|
|
Client is installed with invalid certificates."
|
|
::= {ciscoLwappWapiMIBNotifObjects 1 }
|
|
|
|
ciscoLwappWapiSecurityLowAttackTrap NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
cLApWAPISecurityLowAttack
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification will be sent when AP received a fake Unicast Key
|
|
Negotiation Response frame of which the WIE_AUSE is different with that
|
|
of AP sent before."
|
|
::= {ciscoLwappWapiMIBNotifObjects 2 }
|
|
|
|
ciscoLwappWapiReplayAttackTrap NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
cLApWAPIReplayAttack
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification will be sent when AP received an AE challenge is different with that of AP received before."
|
|
::= {ciscoLwappWapiMIBNotifObjects 3 }
|
|
|
|
ciscoLwappWapiTamperAttackTrap NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
cLApWAPITamperAttack
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification will be sent when AP received an invaild Message Authentication Code."
|
|
::= {ciscoLwappWapiMIBNotifObjects 4 }
|
|
|
|
ciscoLwappWapiAddressRedirectAttackTrap NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
clWapiAddressRedirectAttack
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification will be sent when AP received an address redirect attack trap.
|
|
Radio interface information (MAC), BSSID, SSID, Mac of station"
|
|
::= {ciscoLwappWapiMIBNotifObjects 5 }
|
|
|
|
END
|