553 lines
19 KiB
Plaintext
553 lines
19 KiB
Plaintext
-- ************************************************************************
|
|
-- Copyright (c) 2004-2010 Hangzhou H3C Tech. Co., Ltd. All rights reserved.
|
|
--
|
|
-- Description: WAPI extension mib
|
|
-- Reference:
|
|
-- Version: V1.3
|
|
-- History:
|
|
-- V1.0 created by zhanglianglun
|
|
-- Initial version 2007-5-20
|
|
-- V1.1 2009-06-04 modified by caizibin
|
|
-- Add h3cwapiCertificateInstalled, h3cwapiConfigTable,
|
|
-- h3cwapiUserwithInvalidCertificate,
|
|
-- h3cwapiStationReplayAttack, h3cwapiTamperAttack,
|
|
-- h3cwapiLowSafeLevelAttack, h3cwapiAddressRedirectionAttack,
|
|
-- h3cwapiTrapInfoMacAddr, h3cwapiTrapInfoAPId,
|
|
-- h3cwapiTrapInfoRadioId, h3cwapiTrapInfoBSSId
|
|
-- V1.2 2010-03-06 modified by xuyonggang
|
|
-- Add h3cwapiConfigExtTable
|
|
-- V1.3 2010-11-23 modified by xuyonggang
|
|
-- Add h3cwapiCfgExtASIPAddressType
|
|
-- Add h3cwapiCfgExtASIPAddress
|
|
-- Add h3cwapiCfgExtASName
|
|
-- Add h3cwapiCfgExtCertDomain
|
|
-- Add h3cwapiCfgExtCertInstalled
|
|
-- ************************************************************************
|
|
A3COM-HUAWEI-WAPI-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
Counter32, Integer32, Unsigned32,
|
|
MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE
|
|
FROM SNMPv2-SMI
|
|
TruthValue, MacAddress
|
|
FROM SNMPv2-TC
|
|
ifIndex, ifDescr
|
|
FROM RFC1213-MIB
|
|
InetAddressType, InetAddress
|
|
FROM INET-ADDRESS-MIB
|
|
h3cCommon
|
|
FROM A3COM-HUAWEI-OID-MIB;
|
|
|
|
h3cwapiMIB MODULE-IDENTITY
|
|
LAST-UPDATED "201012011757Z"
|
|
ORGANIZATION
|
|
"H3C Technologies Co., Ltd."
|
|
CONTACT-INFO
|
|
"Platform Team H3C Technologies Co., Ltd.
|
|
Hai-Dian District Beijing P.R. China
|
|
http://www.h3c.com
|
|
Zip:100085
|
|
"
|
|
DESCRIPTION
|
|
"A3COM-HUAWEI-WAPI-MIB is an extension of MIB in WAPI
|
|
protocol. This MIB contains objects to
|
|
manage configuration and monitor running state
|
|
for WAPI feature."
|
|
::= { h3cCommon 77 }
|
|
|
|
h3cwapiMIBObjects OBJECT IDENTIFIER ::= { h3cwapiMIB 1 }
|
|
h3cwapiMIBStatsObjects OBJECT IDENTIFIER ::= { h3cwapiMIB 2 }
|
|
h3cwapiMIBTableObjects OBJECT IDENTIFIER ::= { h3cwapiMIB 3 }
|
|
h3cwapiTrap OBJECT IDENTIFIER ::= { h3cwapiMIB 4 }
|
|
|
|
-- ************************************************************************
|
|
-- * h3cwapiModeEnabled OBJECT
|
|
-- ************************************************************************
|
|
h3cwapiModeEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"When this object is set to TRUE, it shall indicate that WAPI
|
|
is enabled. Otherwise, it shall indicate that WAPI is disabled."
|
|
::= { h3cwapiMIBObjects 1 }
|
|
|
|
-- ************************************************************************
|
|
-- * h3cwapiASIPAddress OBJECT
|
|
-- ************************************************************************
|
|
h3cwapiASIPAddressType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to set global IP addresses
|
|
type (IPv4 or IPv6) of AS."
|
|
DEFVAL { ipv4 }
|
|
::= { h3cwapiMIBObjects 2 }
|
|
|
|
h3cwapiASIPAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to set the global IP address of AS."
|
|
::= { h3cwapiMIBObjects 3 }
|
|
|
|
-- ************************************************************************
|
|
-- * h3cwapiCertificateInstalled OBJECT
|
|
-- ************************************************************************
|
|
h3cwapiCertificateInstalled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates whether the entity has installed
|
|
certificate. When the value is TURE, it shall indicate that
|
|
the entity has installed certificate. Otherwise, it shall
|
|
indicate that the entity hasn't installed certificate."
|
|
::= { h3cwapiMIBObjects 4 }
|
|
|
|
-- ************************************************************************
|
|
-- * 9 statistics OBJECTS
|
|
-- ************************************************************************
|
|
h3cwapiStatsWAISignatureErrors OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This counter increases when the received packet of
|
|
WAI signature is wrong."
|
|
::= { h3cwapiMIBStatsObjects 1 }
|
|
|
|
h3cwapiStatsWAIHMACErrors OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This counter increases when the received packet of
|
|
WAI message authentication key checking error occurs."
|
|
::= { h3cwapiMIBStatsObjects 2 }
|
|
|
|
h3cwapiStatsWAIAuthRsltFailures OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This counter increases when the WAI authentication result is
|
|
unsuccessful."
|
|
::= { h3cwapiMIBStatsObjects 3 }
|
|
|
|
h3cwapiStatsWAIDiscardCounters OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This counter increases when the received packet of WAI are
|
|
discarded."
|
|
::= { h3cwapiMIBStatsObjects 4 }
|
|
|
|
h3cwapiStatsWAITimeoutCounters OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This counter increases when the packet of WAI overtime are
|
|
detected."
|
|
::= { h3cwapiMIBStatsObjects 5 }
|
|
|
|
h3cwapiStatsWAIFormatErrors OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This counter increases when the WAI packet of WAI format
|
|
error is detected."
|
|
::= { h3cwapiMIBStatsObjects 6 }
|
|
|
|
h3cwapiStatsWAICtfHskFailures OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This counter increases when the WAI certificate authenticates
|
|
unsuccessfully."
|
|
::= { h3cwapiMIBStatsObjects 7 }
|
|
|
|
h3cwapiStatsWAIUniHskFailures OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This counter increases when the WAI unicast cipher key
|
|
negotiates unsuccessfully."
|
|
::= { h3cwapiMIBStatsObjects 8 }
|
|
|
|
h3cwapiStatsWAIMulHskFailures OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This counter increases when the WAI multicast cipher key
|
|
announces unsuccessfully."
|
|
::= { h3cwapiMIBStatsObjects 9 }
|
|
|
|
-- ************************************************************************
|
|
-- * h3cwapiConfigTable Table
|
|
-- ************************************************************************
|
|
h3cwapiConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF H3cwapiConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table containing WAPI configuration objects."
|
|
::= { h3cwapiMIBTableObjects 1 }
|
|
|
|
h3cwapiConfigEntry OBJECT-TYPE
|
|
SYNTAX H3cwapiConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the h3cwapiConfigTable."
|
|
INDEX { ifIndex }
|
|
::= { h3cwapiConfigTable 1 }
|
|
|
|
H3cwapiConfigEntry ::= SEQUENCE
|
|
{
|
|
h3cwapiConfigASIPAddressType InetAddressType,
|
|
h3cwapiConfigASIPAddress InetAddress,
|
|
h3cwapiConfigAuthMethod INTEGER,
|
|
h3cwapiConfigAuthMode INTEGER,
|
|
h3cwapiConfigISPDomain OCTET STRING,
|
|
h3cwapiConfigCertificateDomain OCTET STRING,
|
|
h3cwapiConfigASName OCTET STRING,
|
|
h3cwapiConfigBKRekeyEnabled TruthValue
|
|
}
|
|
|
|
h3cwapiConfigASIPAddressType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to set IP addresses type of AS."
|
|
::= { h3cwapiConfigEntry 1 }
|
|
|
|
h3cwapiConfigASIPAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to set the IP address of AS."
|
|
::= { h3cwapiConfigEntry 2 }
|
|
|
|
h3cwapiConfigAuthMethod OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
certificate(1),
|
|
psk(2),
|
|
certificatePsk(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object selects a mechanism for WAPI authentication method. The
|
|
default is certificate."
|
|
DEFVAL { certificate }
|
|
::= { h3cwapiConfigEntry 3 }
|
|
|
|
h3cwapiConfigAuthMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
standard(1),
|
|
radiusExtension(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object selects a mechanism for WAPI authentication mode. When
|
|
the value is standard, it shall indicate that the entity acts accord
|
|
with the official definition. Otherwise, it shall indicate that the
|
|
entity finishs authentication by means of RADIUS. The default is standard."
|
|
DEFVAL { standard }
|
|
::= { h3cwapiConfigEntry 4 }
|
|
|
|
h3cwapiConfigISPDomain OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..24))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ISP domain name."
|
|
::= { h3cwapiConfigEntry 5 }
|
|
|
|
h3cwapiConfigCertificateDomain OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(1..15))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The PKI domain name."
|
|
::= { h3cwapiConfigEntry 6 }
|
|
|
|
h3cwapiConfigASName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(1..15))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of AS."
|
|
::= { h3cwapiConfigEntry 7 }
|
|
|
|
h3cwapiConfigBKRekeyEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates whether the BK rekey function is supported. When the
|
|
value is TURE, it shall indicate that the BK rekey function is supported.
|
|
Otherwise, it shall indicate that the BK rekey function is not supported."
|
|
::= { h3cwapiConfigEntry 8 }
|
|
|
|
-- *************************************************************************
|
|
-- * h3cwapiConfigExtTable Table
|
|
-- *************************************************************************
|
|
|
|
h3cwapiConfigExtTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF H3cwapiConfigExtEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table containing WAPI configuration objects for SSID."
|
|
::= { h3cwapiMIBTableObjects 2 }
|
|
|
|
h3cwapiConfigExtEntry OBJECT-TYPE
|
|
SYNTAX H3cwapiConfigExtEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An extend entry in the h3cwapiConfigExtTable."
|
|
INDEX { h3cwapiConfigServicePolicyID }
|
|
::= { h3cwapiConfigExtTable 1 }
|
|
|
|
H3cwapiConfigExtEntry ::= SEQUENCE
|
|
{
|
|
h3cwapiConfigServicePolicyID Integer32,
|
|
h3cwapiConfigUnicastCipherEnabled TruthValue,
|
|
h3cwapiConfigUnicastCipherSize Unsigned32,
|
|
h3cwapiConfigAuthenticationSuiteEnabled TruthValue,
|
|
h3cwapiConfigAuthenticationSuite OCTET STRING,
|
|
h3cwapiCfgExtASIPAddressType InetAddressType,
|
|
h3cwapiCfgExtASIPAddress InetAddress,
|
|
h3cwapiCfgExtASName OCTET STRING,
|
|
h3cwapiCfgExtCertDomain OCTET STRING,
|
|
h3cwapiCfgExtCertInstalled TruthValue
|
|
}
|
|
|
|
h3cwapiConfigServicePolicyID OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Represents the ID of each service policy."
|
|
::= { h3cwapiConfigExtEntry 1 }
|
|
|
|
h3cwapiConfigUnicastCipherEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object enables or disables the unicast cipher."
|
|
::= { h3cwapiConfigExtEntry 2 }
|
|
|
|
h3cwapiConfigUnicastCipherSize OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..4294967295)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the length in bits of the unicast cipher
|
|
key. This should be 256 for SMS4, first 128 bits for encrypting,
|
|
last 128 bits for integrity checking."
|
|
::= { h3cwapiConfigExtEntry 3 }
|
|
|
|
h3cwapiConfigAuthenticationSuiteEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This variable indicates the corresponding AKM suite is enabled
|
|
or disabled."
|
|
::= { h3cwapiConfigExtEntry 4 }
|
|
|
|
h3cwapiConfigAuthenticationSuite OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(4))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The selector of an AKM suite. It consists of an OUI (the first 3
|
|
octets) and a cipher suite identifier (the last octet)."
|
|
::= { h3cwapiConfigExtEntry 5 }
|
|
|
|
h3cwapiCfgExtASIPAddressType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to set IP addresses type of AS."
|
|
::= { h3cwapiConfigExtEntry 6 }
|
|
|
|
h3cwapiCfgExtASIPAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to set the IP address of AS."
|
|
::= { h3cwapiConfigExtEntry 7 }
|
|
|
|
h3cwapiCfgExtASName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(1..15))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to set the name of AS."
|
|
::= { h3cwapiConfigExtEntry 8 }
|
|
|
|
h3cwapiCfgExtCertDomain OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(1..15))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to set the PKI domain name."
|
|
::= { h3cwapiConfigExtEntry 9 }
|
|
|
|
h3cwapiCfgExtCertInstalled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates whether the entity has installed
|
|
certificate. When the value is TURE, it shall indicate that
|
|
the SSID has installed certificate. Otherwise, it shall
|
|
indicate that the SSID hasn't installed certificate."
|
|
::= { h3cwapiConfigExtEntry 10 }
|
|
|
|
-- ************************************************************************
|
|
-- * trap OBJECT
|
|
-- ************************************************************************
|
|
h3cwapiTrapPrefix OBJECT IDENTIFIER ::= { h3cwapiTrap 0 }
|
|
h3cwapiUserwithInvalidCertificate NOTIFICATION-TYPE
|
|
OBJECTS
|
|
{
|
|
ifIndex,
|
|
ifDescr,
|
|
h3cwapiTrapInfoMacAddr,
|
|
h3cwapiTrapInfoAPId,
|
|
h3cwapiTrapInfoRadioId,
|
|
h3cwapiTrapInfoBSSId
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This trap is sent when a user intrudes upon network with invalid
|
|
certificate."
|
|
::= { h3cwapiTrapPrefix 1 }
|
|
|
|
h3cwapiStationReplayAttack NOTIFICATION-TYPE
|
|
OBJECTS
|
|
{
|
|
ifIndex,
|
|
ifDescr,
|
|
h3cwapiTrapInfoMacAddr,
|
|
h3cwapiTrapInfoAPId,
|
|
h3cwapiTrapInfoRadioId,
|
|
h3cwapiTrapInfoBSSId
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This trap is sent when an attacker records and replays network
|
|
transactions."
|
|
::= { h3cwapiTrapPrefix 2 }
|
|
|
|
h3cwapiTamperAttack NOTIFICATION-TYPE
|
|
OBJECTS
|
|
{
|
|
ifIndex,
|
|
ifDescr,
|
|
h3cwapiTrapInfoMacAddr,
|
|
h3cwapiTrapInfoAPId,
|
|
h3cwapiTrapInfoRadioId,
|
|
h3cwapiTrapInfoBSSId
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This trap is sent when an attacker monitors network traffic and
|
|
maliciously changes data in transit(for example, an attacker may
|
|
modify the contents of a WAI message)."
|
|
::= { h3cwapiTrapPrefix 3 }
|
|
|
|
h3cwapiLowSafeLevelAttack NOTIFICATION-TYPE
|
|
OBJECTS
|
|
{
|
|
ifIndex,
|
|
ifDescr,
|
|
h3cwapiTrapInfoMacAddr,
|
|
h3cwapiTrapInfoAPId,
|
|
h3cwapiTrapInfoRadioId,
|
|
h3cwapiTrapInfoBSSId
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This trap is sent when a station associates AP(Access Point),
|
|
creates packet of Unicast Key Negotiation Response with wrong
|
|
WIE(WAPI Information Element) of ASUE(Authentication Supplicant
|
|
Entity)."
|
|
::= { h3cwapiTrapPrefix 4 }
|
|
|
|
h3cwapiAddressRedirectionAttack NOTIFICATION-TYPE
|
|
OBJECTS
|
|
{
|
|
ifIndex,
|
|
ifDescr,
|
|
h3cwapiTrapInfoMacAddr,
|
|
h3cwapiTrapInfoAPId,
|
|
h3cwapiTrapInfoRadioId,
|
|
h3cwapiTrapInfoBSSId
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This trap is sent when an attacker maliciously changes destination
|
|
MAC address of WPI(WLAN Privacy Infrastructure) frame."
|
|
::= { h3cwapiTrapPrefix 5 }
|
|
|
|
-- ************************************************************************
|
|
-- * The following objects are used for binding informations when sending traps.
|
|
-- ************************************************************************
|
|
|
|
h3cwapiTrapInfo OBJECT IDENTIFIER ::= { h3cwapiTrap 1 }
|
|
|
|
h3cwapiTrapInfoMacAddr OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The MAC address of the WAPI user."
|
|
::= { h3cwapiTrapInfo 1 }
|
|
|
|
h3cwapiTrapInfoAPId OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"To uniquely identify each AP."
|
|
::= { h3cwapiTrapInfo 2 }
|
|
|
|
h3cwapiTrapInfoRadioId OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Represents each radio."
|
|
::= { h3cwapiTrapInfo 3 }
|
|
|
|
h3cwapiTrapInfoBSSId OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"As MAC Address format, it is to identify BSS."
|
|
::= { h3cwapiTrapInfo 4 }
|
|
|
|
END
|