2198 lines
84 KiB
Plaintext
2198 lines
84 KiB
Plaintext
-- *******************************************************************
|
|
-- CISCO-LWAPP-AAA-MIB.my
|
|
-- November 2006, Devesh Pujari, Srinath Candadai
|
|
--
|
|
-- Copyright (c) 2006, 2009-2010, 2017 by Cisco Systems, Inc.
|
|
-- All rights reserved.
|
|
-- *******************************************************************
|
|
--
|
|
CISCO-LWAPP-AAA-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY,
|
|
OBJECT-TYPE,
|
|
NOTIFICATION-TYPE,
|
|
Unsigned32,
|
|
Integer32,
|
|
Gauge32,
|
|
Counter32
|
|
FROM SNMPv2-SMI
|
|
MODULE-COMPLIANCE,
|
|
NOTIFICATION-GROUP,
|
|
OBJECT-GROUP
|
|
FROM SNMPv2-CONF
|
|
MacAddress,
|
|
TruthValue,
|
|
StorageType,
|
|
RowStatus,
|
|
TimeInterval
|
|
FROM SNMPv2-TC
|
|
CLSecKeyFormat
|
|
FROM CISCO-LWAPP-TC-MIB
|
|
ciscoMgmt
|
|
FROM CISCO-SMI
|
|
InetAddressType,
|
|
InetAddress,
|
|
InetPortNumber
|
|
FROM INET-ADDRESS-MIB
|
|
cLWlanIndex
|
|
FROM CISCO-LWAPP-WLAN-MIB
|
|
CiscoURLString
|
|
FROM CISCO-TC
|
|
SnmpAdminString
|
|
FROM SNMP-FRAMEWORK-MIB;
|
|
|
|
|
|
--********************************************************************
|
|
--* MODULE IDENTITY
|
|
--********************************************************************
|
|
|
|
ciscoLwappAAAMIB MODULE-IDENTITY
|
|
LAST-UPDATED "201703170000Z"
|
|
ORGANIZATION "Cisco Systems Inc."
|
|
CONTACT-INFO
|
|
" Cisco Systems,
|
|
Customer Service
|
|
Postal: 170 West Tasman Drive
|
|
San Jose, CA 95134
|
|
USA
|
|
Tel: +1 800 553-NETS
|
|
Email: cs-wnbu-snmp@cisco.com"
|
|
|
|
DESCRIPTION
|
|
"This MIB is intended to be implemented on all those
|
|
devices operating as Central Controllers (CC), that
|
|
terminate the Light Weight Access Point Protocol
|
|
tunnel from Cisco Light-weight LWAPP Access Points.
|
|
|
|
Information provided by this MIB is used to manage
|
|
AAA information on the controller.
|
|
|
|
The relationship between CC and the LWAPP APs
|
|
can be depicted as follows:
|
|
|
|
+......+ +......+ +......+
|
|
+ + + + + +
|
|
+ CC + + CC + + CC +
|
|
+ + + + + +
|
|
+......+ +......+ +......+
|
|
.. . .
|
|
.. . .
|
|
. . . .
|
|
. . . .
|
|
. . . .
|
|
. . . .
|
|
+......+ +......+ +......+ +......+
|
|
+ + + + + + + +
|
|
+ AP + + AP + + AP + + AP +
|
|
+ + + + + + + +
|
|
+......+ +......+ +......+ +......+
|
|
. . .
|
|
. . . .
|
|
. . . .
|
|
. . . .
|
|
. . . .
|
|
+......+ +......+ +......+ +......+
|
|
+ + + + + + + +
|
|
+ MN + + MN + + MN + + MN +
|
|
+ + + + + + + +
|
|
+......+ +......+ +......+ +......+
|
|
|
|
|
|
The LWAPP tunnel exists between the controller and
|
|
the APs. The MNs communicate with the APs through
|
|
the protocol defined by the 802.11 standard.
|
|
|
|
LWAPP APs, upon bootup, discover and join one of the
|
|
controllers and the controller pushes the configuration,
|
|
that includes the WLAN parameters, to the LWAPP APs.
|
|
The APs then encapsulate all the 802.11 frames from
|
|
wireless clients inside LWAPP frames and forward
|
|
the LWAPP frames to the controller.
|
|
|
|
GLOSSARY
|
|
|
|
Access Point ( AP )
|
|
|
|
An entity that contains an 802.11 medium access
|
|
control ( MAC ) and physical layer ( PHY ) interface
|
|
and provides access to the distribution services via
|
|
the wireless medium for associated clients.
|
|
|
|
LWAPP APs encapsulate all the 802.11 frames in
|
|
LWAPP frames and sends them to the controller to which
|
|
it is logically connected.
|
|
|
|
Light Weight Access Point Protocol ( LWAPP )
|
|
|
|
This is a generic protocol that defines the
|
|
communication between the Access Points and the
|
|
Central Controller.
|
|
|
|
Mobile Node ( MN )
|
|
|
|
A roaming 802.11 wireless device in a wireless
|
|
network associated with an access point. Mobile Node
|
|
and client are used interchangeably.
|
|
|
|
Terminal Access Controller Access-Control System
|
|
( TACACS )
|
|
|
|
A remote authentication protocol that is used to
|
|
communicate with an authentication server.
|
|
TACACS allows a remote access server to communicate
|
|
with an authentication server in order to determine
|
|
if the user has access to the network.
|
|
|
|
Remote Authentication Dial In User Service (RADIUS)
|
|
|
|
It is an AAA (authentication, authorization and accounting)
|
|
protocol for applications such as network access or
|
|
IP mobility. It is intended to work in both local and
|
|
roaming situations.
|
|
|
|
Wireless LAN ( WLAN )
|
|
|
|
It is a wireless local area network, which is the
|
|
linking of two or more computers without using wires.
|
|
It uses radio communication to accomplish the same
|
|
functionality of a wired LAN.
|
|
|
|
PAP - Password Authentication Protocol
|
|
CHAP - Challenge Handshake Authentication Protocol
|
|
MD5-CHAP - Message Digest 5 Challenge Handshake Authentication
|
|
Protocol
|
|
|
|
LSC - Local Significant Certificate
|
|
|
|
LSC can be used if we want our own public key
|
|
infrastructure (PKI) to provide better security,
|
|
to have control of our certificate authority (CA),
|
|
and to define policies, restrictions, and usages
|
|
on the generated certificates.
|
|
|
|
REFERENCE
|
|
|
|
[1] Wireless LAN Medium Access Control ( MAC ) and
|
|
Physical Layer ( PHY ) Specifications
|
|
|
|
[2] Draft-obara-capwap-lwapp-00.txt, IETF Light
|
|
Weight Access Point Protocol "
|
|
|
|
REVISION "201703170000Z"
|
|
DESCRIPTION
|
|
"Following compliance groups are updated :
|
|
1. ciscoLwappAAAMIBConfigGroup
|
|
2. ciscoLwappAAAMIBRadiusConfigGroup
|
|
3. ciscoLwappAAAMIBAPPolicyConfigGroup"
|
|
REVISION "201007250000Z"
|
|
DESCRIPTION
|
|
"A new variable, claWlanAuthServerEnabled
|
|
has been added to the existing table, claWlanTable.
|
|
|
|
A new scalar variable, claSaveUserData has been
|
|
added to support saving of user configuration data to NVRAM.
|
|
|
|
The following scalar variables have been added to support
|
|
RADIUS web auth and fallback configuration.
|
|
|
|
claWebRadiusAuthentication
|
|
claRadiusFallbackMode
|
|
claRadiusFallbackUsername
|
|
claRadiusFallbackInterval
|
|
claRadiusAuthMacDelimiter
|
|
claRadiusAcctMacDelimiter
|
|
|
|
The following scalar vriables have been added to support
|
|
AP policy configuration
|
|
|
|
claAcceptMICertificate
|
|
claAcceptLSCertificate
|
|
claAllowAuthorizeLscApAgainstAAA
|
|
|
|
|
|
A new scalar read-only variable, claDBCurrentUsedEntries
|
|
has been added to show the total number of database entries used.
|
|
|
|
The groups, ciscoLwappAAAMIBRev1ConfigGroup and
|
|
ciscoLwappAAAMIBDBEntriesGroup have been added.
|
|
|
|
ciscoLwappAAAMIBCompliance has been deprecated by
|
|
ciscoLwappAAAMIBComplianceRev1."
|
|
REVISION "200611210000Z"
|
|
DESCRIPTION
|
|
"Initial version of this MIB module."
|
|
::= { ciscoMgmt 598 }
|
|
|
|
|
|
ciscoLwappAAAMIBNotifs OBJECT IDENTIFIER ::= { ciscoLwappAAAMIB 0 }
|
|
ciscoLwappAAAMIBObjects OBJECT IDENTIFIER ::= { ciscoLwappAAAMIB 1 }
|
|
ciscoLwappAAAMIBConform OBJECT IDENTIFIER ::= { ciscoLwappAAAMIB 2 }
|
|
|
|
|
|
claConfigObjects OBJECT IDENTIFIER ::= { ciscoLwappAAAMIBObjects 1 }
|
|
claStatusObjects OBJECT IDENTIFIER ::= { ciscoLwappAAAMIBObjects 2 }
|
|
claGlobalObjects OBJECT IDENTIFIER ::= { ciscoLwappAAAMIBObjects 3 }
|
|
|
|
--********************************************************************
|
|
--* Configuration for parameters
|
|
--********************************************************************
|
|
|
|
--********************************************************************
|
|
--* Priority Table
|
|
--********************************************************************
|
|
|
|
claPriorityTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF ClaPriorityEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains entries for AAA authentication
|
|
methods configured in the controller. At startup,
|
|
all the entries in this table are set up by the central
|
|
controller. A management application can later change
|
|
the priority order using the claPriorityOrder."
|
|
::= { claConfigObjects 1 }
|
|
|
|
claPriorityEntry OBJECT-TYPE
|
|
SYNTAX ClaPriorityEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A conceptual row in claPriorityTable. There is an entry in
|
|
this table for each AAA authentication method available at the
|
|
agent, as identified by a value of claPriorityAuth."
|
|
INDEX { claPriorityAuth }
|
|
::= { claPriorityTable 1 }
|
|
|
|
|
|
ClaPriorityEntry ::=
|
|
SEQUENCE {
|
|
claPriorityAuth INTEGER,
|
|
claPriorityOrder Unsigned32
|
|
}
|
|
|
|
|
|
|
|
claPriorityAuth OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
local (1),
|
|
radius (2),
|
|
tacacsplus (3)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the authentication method used to
|
|
authenticate users.
|
|
local - indicates that local password is used
|
|
for authentication.
|
|
|
|
radius - indicates that RADIUS method is used for
|
|
authentication.
|
|
|
|
tacacsplus - indicates that TACACS method is used for
|
|
authentication."
|
|
::= { claPriorityEntry 1 }
|
|
|
|
|
|
claPriorityOrder OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..10)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the priority order of an authentication method to
|
|
be used in user authentication for a session. At start up,
|
|
the agent assigns the value of this object. Later this can
|
|
be changed by the management station. This object reflects
|
|
the relative priority of the authentication method denoted
|
|
by claPriorityAuth with respect to already configured
|
|
authentication methods.
|
|
The zero value indicates that the priority is not set and that
|
|
the authentication methods are applied in ascending order.
|
|
Each object must contain a unique value for claPriorityOrder
|
|
or zero. In the case when a priority is set for a value that
|
|
is already used by existing object the existing object's
|
|
claPriorityOrder with be swapped. When priority is set to 0
|
|
for an auth method the priority of the existing methods with
|
|
lower priority will be pushed up"
|
|
::= { claPriorityEntry 2 }
|
|
|
|
|
|
-- ********************************************************************
|
|
-- TACACS+ AAA Servers
|
|
-- ********************************************************************
|
|
claTacacsServerTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF ClaTacacsServerEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table represents the information about configuring
|
|
the Accounting, Authentication and Authorization servers.
|
|
The creation of a new row in claTacacsServerTable is
|
|
through an explicit network management action
|
|
results in creation of an entry in this table.
|
|
Similarly, deletion of a row in claTacacsServerTable
|
|
through user action causes the deletion of corresponding
|
|
row in this table. The claTacacsServerType defines the
|
|
server type being used and the claTacacsServerPriority
|
|
defines the priority the server accessed within a given
|
|
type."
|
|
::= { claConfigObjects 2 }
|
|
|
|
|
|
claTacacsServerEntry OBJECT-TYPE
|
|
SYNTAX ClaTacacsServerEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry in this table provides information about
|
|
the server that is configured for AAA. Each entry is
|
|
uniquely identified by the server type and priority
|
|
that server is accessed."
|
|
INDEX { claTacacsServerType, claTacacsServerPriority }
|
|
::= { claTacacsServerTable 1 }
|
|
|
|
ClaTacacsServerEntry ::=
|
|
SEQUENCE {
|
|
claTacacsServerType INTEGER,
|
|
claTacacsServerPriority Unsigned32,
|
|
claTacacsServerAddressType InetAddressType,
|
|
claTacacsServerAddress InetAddress,
|
|
claTacacsServerPortNum InetPortNumber,
|
|
claTacacsServerEnabled TruthValue,
|
|
claTacacsServerSecretType CLSecKeyFormat,
|
|
claTacacsServerSecret SnmpAdminString,
|
|
claTacacsServerTimeout Unsigned32,
|
|
claTacacsServerStorageType StorageType,
|
|
claTacacsServerRowStatus RowStatus
|
|
}
|
|
|
|
|
|
claTacacsServerType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
authentication(1),
|
|
authorization(2),
|
|
accounting(3)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute identifies the type of the server
|
|
being configured."
|
|
::= { claTacacsServerEntry 1 }
|
|
|
|
claTacacsServerPriority OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The priority value for this entry. This value
|
|
determines the unique priority for this entry.
|
|
The priority value for this entry determines the
|
|
order in which the server configured in this entry
|
|
is accessed. The lower the number, the higher the
|
|
priority. For example if there are 2 entries with
|
|
priority 1 and 2 respectively, the controller will
|
|
try the server with priority 1 before it tries
|
|
the server with priority 2."
|
|
::= { claTacacsServerEntry 2 }
|
|
|
|
claTacacsServerAddressType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the type of the network
|
|
address made available through claTacacsServerAddress.
|
|
This object must be set to a valid value before
|
|
setting the row to 'active'."
|
|
::= { claTacacsServerEntry 3 }
|
|
|
|
claTacacsServerAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the address of the AAA server.
|
|
The type of the address stored in this object is
|
|
determined by the claTacacsServerAddressType object.
|
|
This object must be set to a valid value before
|
|
setting the row to 'active'."
|
|
::= { claTacacsServerEntry 4 }
|
|
|
|
claTacacsServerPortNum OBJECT-TYPE
|
|
SYNTAX InetPortNumber
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the port number for this server.
|
|
It must be set to a valid value before setting the row to
|
|
'active'."
|
|
::= { claTacacsServerEntry 5 }
|
|
|
|
claTacacsServerEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the server state.
|
|
A value of 'true' indicates that the server state is enabled.
|
|
A value of 'false' indicates that the server state is disabled."
|
|
DEFVAL { true }
|
|
::= { claTacacsServerEntry 6 }
|
|
|
|
claTacacsServerSecretType OBJECT-TYPE
|
|
SYNTAX CLSecKeyFormat
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the server secret type.
|
|
The claTacacsServerSecret value is set based on this
|
|
type. When reading this object, the value 'default'
|
|
is always returned. This object must be set to a valid
|
|
value before setting the row to 'active'."
|
|
::= { claTacacsServerEntry 7 }
|
|
|
|
claTacacsServerSecret OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the key configured for this server.
|
|
For get operation
|
|
this always returns a string with asterisks. This object
|
|
must be set to a valid value before setting the row to
|
|
'active'. This object can be modified when a row is in
|
|
the 'active' state."
|
|
::= { claTacacsServerEntry 8 }
|
|
|
|
claTacacsServerTimeout OBJECT-TYPE
|
|
SYNTAX Unsigned32 (5..30)
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the number of seconds between retransmissions.
|
|
This object can be modified when a row is in the 'active'
|
|
state."
|
|
DEFVAL { 5 }
|
|
::= { claTacacsServerEntry 9 }
|
|
|
|
claTacacsServerStorageType OBJECT-TYPE
|
|
SYNTAX StorageType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the storage type for this conceptual row. Conceptual
|
|
rows having the value 'permanent' need not allow
|
|
write-access to any columnar objects in the row."
|
|
DEFVAL { nonVolatile }
|
|
::= { claTacacsServerEntry 10 }
|
|
|
|
claTacacsServerRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies to add or delete an entry in this table.
|
|
The required parameters for this entry are
|
|
claTacacsServerAddress, claTacacsServerAddressType,
|
|
claTacacsServerPortNum, claTacacsServerSecret and
|
|
claTacacsServerSecretType should be provided.
|
|
When a row is in 'active' state, some objects
|
|
in this table can be modified as described in each
|
|
individual object's description."
|
|
::= { claTacacsServerEntry 11 }
|
|
|
|
-- ********************************************************************
|
|
-- AAA WLAN Table
|
|
-- ********************************************************************
|
|
|
|
claWlanTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF ClaWlanEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"AAA table corresponding to a WLAN. When WLAN is added a
|
|
new entry gets added to this table. The entry is removed
|
|
when the WLAN is removed."
|
|
::= { claConfigObjects 3 }
|
|
|
|
claWlanEntry OBJECT-TYPE
|
|
SYNTAX ClaWlanEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry in this table provides AAA information for
|
|
a WLAN."
|
|
INDEX { cLWlanIndex }
|
|
::= { claWlanTable 1 }
|
|
|
|
ClaWlanEntry ::=
|
|
SEQUENCE {
|
|
claWlanAcctServerEnabled TruthValue,
|
|
claWlanAuthServerEnabled TruthValue,
|
|
claWlanOverwriteInterface TruthValue,
|
|
claWlanInterimUpdate TruthValue,
|
|
claWlanInterimUpdateInterval TimeInterval
|
|
}
|
|
|
|
claWlanAcctServerEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the status to indicate whether the account server
|
|
is enabled(true) or disabled(false) for this WLAN.
|
|
A value of 'true' indicates that the server is enabled.
|
|
A value of 'false' indicates that the server is disabled."
|
|
DEFVAL { true }
|
|
::= { claWlanEntry 1 }
|
|
|
|
claWlanAuthServerEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the status whether the authentication
|
|
server is enabled(true) or disabled(false) for this WLAN.
|
|
A value of 'true' indicates that the server is enabled.
|
|
A value of 'false' indicates that the server is disabled."
|
|
DEFVAL { true }
|
|
::= { claWlanEntry 2 }
|
|
|
|
claWlanOverwriteInterface OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the status whether dynamic interface
|
|
is enabled(true) or disabled(false) for this WLAN.
|
|
A value of 'true' indicates that the dynamic interface is enabled.
|
|
A value of 'false' indicates that the dynamic interface is disabled."
|
|
DEFVAL { false }
|
|
::= { claWlanEntry 3 }
|
|
|
|
claWlanInterimUpdate OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the status whether the interim update
|
|
is enabled(true) or disabled(false) for this WLAN.
|
|
A value of 'true' indicates that the interim update is enabled.
|
|
A value of 'false' indicates that the interim update is disabled."
|
|
DEFVAL { false }
|
|
::= { claWlanEntry 4 }
|
|
|
|
claWlanInterimUpdateInterval OBJECT-TYPE
|
|
SYNTAX TimeInterval (180..3600)
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the interim update interval configuration."
|
|
DEFVAL {600}
|
|
::= { claWlanEntry 5 }
|
|
|
|
|
|
--*******************************************************************
|
|
--* Users Database
|
|
--*******************************************************************
|
|
claSaveUserData OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies to save the guest user config to NVRAM.
|
|
A value of 'true' indicates that the data is saved.
|
|
A value of 'false' indicates the data is not saved."
|
|
DEFVAL { true }
|
|
::= { claConfigObjects 9 }
|
|
|
|
--*******************************************************************
|
|
--* RADIUS web auth and Fallback params.
|
|
--*******************************************************************
|
|
|
|
claWebRadiusAuthentication OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
pap (1),
|
|
chap (2),
|
|
md5-chap (3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies to configure the Web RADIUS Authentication
|
|
parameters on the WLC.
|
|
PAP (1) - Configure Web RADIUS Authentication in PAP mode.
|
|
CHAP (2) - Configure Web RADIUS Authentication in CHAP mode.
|
|
MD5-CHAP (3) - Configure Web RADIUS Authentication in MD5-CHAP mode."
|
|
DEFVAL { pap }
|
|
::= { claConfigObjects 10 }
|
|
|
|
claRadiusFallbackMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
off (1),
|
|
passive (2),
|
|
active (3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies to configure the RADIUS Fallback Test mode
|
|
on the WLC. Following are the configurable options:-
|
|
off (1) - Disables RADIUS server fallback test.
|
|
passive (2) - Sets server status based on last transaction.
|
|
active (3) - Sends probes to dead servers to test status."
|
|
DEFVAL {off}
|
|
::= { claConfigObjects 11 }
|
|
|
|
claRadiusFallbackUsername OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies to configure the RADIUS Fallback Test.
|
|
username to be sent in dead server probes"
|
|
::= { claConfigObjects 12 }
|
|
|
|
claRadiusFallbackInterval OBJECT-TYPE
|
|
SYNTAX TimeInterval (180..3600)
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies to configure the probe interval (when
|
|
claRadiusFallbackMode is in active mode) or inactive time
|
|
(when claRadiusFallbackMode is in passive mode)"
|
|
DEFVAL {300}
|
|
::= { claConfigObjects 13 }
|
|
|
|
claRadiusAuthMacDelimiter OBJECT-TYPE
|
|
SYNTAX INTEGER { noDelimiter (0),
|
|
colon(1),
|
|
hyphen (2),
|
|
singleHyphen (3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the delimiter to be used for RADIUS authentication servers.
|
|
The possible values allowed are -
|
|
no delimiter (0) - as in xxxxxxxxxxxx.
|
|
colon (1) - as in xx:xx:xx:xx:xx:xx.
|
|
hyphen (2) - as in xx-xx-xx-xx-xx-xx.
|
|
single hyphen (3) - as in xxxxxx-xxxxxx."
|
|
DEFVAL { hyphen }
|
|
::= { claConfigObjects 14 }
|
|
|
|
claRadiusAcctMacDelimiter OBJECT-TYPE
|
|
SYNTAX INTEGER { noDelimiter (0),
|
|
colon(1),
|
|
hyphen (2),
|
|
singleHyphen (3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the delimiter to be used for RADIUS accounting servers.
|
|
The possible values allowed are -
|
|
no delimiter (0) - as in xxxxxxxxxxxx.
|
|
colon (1) - as in xx:xx:xx:xx:xx:xx.
|
|
hyphen (2) - as in xx-xx-xx-xx-xx-xx.
|
|
single hyphen (3) - as in xxxxxx-xxxxxx."
|
|
DEFVAL { hyphen }
|
|
::= { claConfigObjects 15 }
|
|
|
|
--*******************************************************************
|
|
--* AP Policy Configuration params.
|
|
--*******************************************************************
|
|
|
|
claAcceptMICertificate OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies if controller will accept
|
|
Manufactured Installed Certificate from the
|
|
access points as part of authorization.
|
|
A value of 'true' indicates that the controller will accept the certificate.
|
|
A value of 'false' indicates that the controller will not accept the certificate."
|
|
DEFVAL { false }
|
|
::= { claConfigObjects 16 }
|
|
|
|
claAcceptLSCertificate OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies if controller will accept
|
|
Local Significant Certificate from access points
|
|
as part of authorization.
|
|
A value of 'true' indicates that the controller will accept the certificate.
|
|
A value of 'false' indicates that the controller will not accept the certificate."
|
|
DEFVAL { false }
|
|
::= { claConfigObjects 17 }
|
|
|
|
claAllowAuthorizeLscApAgainstAAA OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies if access points to be authorized
|
|
using a AAA RADIUS server or local database.
|
|
A value of 'true' indicates that the access points would be
|
|
authorized using a AAA RADIUS.
|
|
A value of 'false' indicates that the access points would be
|
|
authorized using a local database."
|
|
DEFVAL { false }
|
|
::= { claConfigObjects 18 }
|
|
|
|
claSscHashValidationEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies if the SSC Hash
|
|
Validation is configured on the controller.
|
|
If true, then SSC Hash Validation is enabled.
|
|
If false, then SSC Hash validation is disabled."
|
|
DEFVAL { false }
|
|
::= { claConfigObjects 19 }
|
|
|
|
claSscCertificateSubject OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE(0..512))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the SSC Certificate
|
|
subject value of the controller."
|
|
::= { claConfigObjects 20 }
|
|
|
|
claSscCertificateValidity OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE(0..512))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the SSC Certificate
|
|
validity value of the controller."
|
|
::= { claConfigObjects 21 }
|
|
|
|
claSscCertificateHashKey OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE(0..512))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the SSC Certificate
|
|
hash key value of the controller."
|
|
::= { claConfigObjects 22 }
|
|
|
|
--********************************************************************
|
|
--* Auth and accounting server objects
|
|
--********************************************************************
|
|
|
|
claRadiusAuthServerTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF ClaRadiusAuthServerEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table represents the conceptual listing the RADIUS authentication
|
|
servers with which the client shares a secret."
|
|
::= { claConfigObjects 23 }
|
|
|
|
|
|
claRadiusAuthServerEntry OBJECT-TYPE
|
|
SYNTAX ClaRadiusAuthServerEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry is a conceptual row representing a RADIUS
|
|
authentication server with which the client shares
|
|
a secret."
|
|
INDEX { claRadiusAuthServerIndex }
|
|
::= { claRadiusAuthServerTable 1 }
|
|
|
|
ClaRadiusAuthServerEntry ::= SEQUENCE {
|
|
claRadiusAuthServerIndex Integer32,
|
|
claRadiusAuthServerIPSecAuthMethod INTEGER,
|
|
claRadiusAuthServerKey OCTET STRING,
|
|
claRadiusAuthServerKeyFormat INTEGER,
|
|
claRadiusAuthServerIsActive INTEGER,
|
|
claRadiusAuthServerTunnelProxy TruthValue,
|
|
claRadiusAuthServerPacState TruthValue
|
|
}
|
|
|
|
claRadiusAuthServerIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..17)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies a number uniquely identifying each RADIUS
|
|
authentication server with which this client
|
|
communicates."
|
|
::= { claRadiusAuthServerEntry 1 }
|
|
|
|
claRadiusAuthServerIPSecAuthMethod OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
psk(1),
|
|
cert(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies IPSec authentication method over RADIUS.
|
|
The value of 'psk' indicates that the authentication is through PSK method.
|
|
The value of 'cert' indicates that the authentication is through certificate method."
|
|
DEFVAL { psk }
|
|
::= { claRadiusAuthServerEntry 2 }
|
|
|
|
|
|
claRadiusAuthServerKey OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..128))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the authentication and encryption key shared between
|
|
the Radius client and this Radius Server.
|
|
When the claRadiusAuthServerKeyFormat is hex it
|
|
can have max length of 128 bytes. If the
|
|
claRadiusAuthServerKeyFormat is Ascii it can have
|
|
max length of 64 bytes."
|
|
DEFVAL { "" }
|
|
::= { claRadiusAuthServerEntry 3 }
|
|
|
|
claRadiusAuthServerKeyFormat OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
hex(1),
|
|
ascii(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the format of the server key. When hex, the number of
|
|
characters in the key should be even.
|
|
The value of 'hex' indicates that the format is in hex format.
|
|
The value of 'cert' indicates that the format is in ascii format."
|
|
::= { claRadiusAuthServerEntry 4 }
|
|
|
|
claRadiusAuthServerIsActive OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
disable(0),
|
|
enable(1)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of the RADIUS authentication server.
|
|
The value of 'disable' indicates that the status is disabled.
|
|
The value of 'enable' indicates that the status is enabled."
|
|
::= { claRadiusAuthServerEntry 5 }
|
|
|
|
claRadiusAuthServerTunnelProxy OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies active RADIUS authentication server's
|
|
tunnel proxy.
|
|
A value of 'true' indicates that the tunnel proxy is enabled.
|
|
A value of 'false' indicates that the tunnel proxy is disabled."
|
|
::= { claRadiusAuthServerEntry 6 }
|
|
|
|
claRadiusAuthServerPacState OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies active RADIUS authentication server's
|
|
PAC (Protected Access Control) state.
|
|
A value of 'true' indicates that the server PAC state is enabled.
|
|
A value of 'false' indicates that the server PAC state is disabled."
|
|
DEFVAL { false }
|
|
::= { claRadiusAuthServerEntry 7 }
|
|
|
|
claRadiusAccServerTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF ClaRadiusAccServerEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table represents the conceptual table listing the RADIUS accounting
|
|
servers with which the client shares a secret."
|
|
::= { claConfigObjects 24 }
|
|
|
|
|
|
claRadiusAccServerEntry OBJECT-TYPE
|
|
SYNTAX ClaRadiusAccServerEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry is a conceptual row representing a RADIUS
|
|
accounting server with which the client shares
|
|
a secret."
|
|
INDEX { claRadiusAccServerIndex }
|
|
::= { claRadiusAccServerTable 1 }
|
|
|
|
ClaRadiusAccServerEntry ::= SEQUENCE {
|
|
claRadiusAccServerIndex Integer32,
|
|
claRadiusAccServerIPSecAuthMethod INTEGER,
|
|
claRadiusAccServerKey OCTET STRING,
|
|
claRadiusAccServerKeyFormat INTEGER,
|
|
claRadiusAccServerIsActive INTEGER,
|
|
claRadiusAccServerTunnelProxy TruthValue,
|
|
claRadiusAccServerPacState TruthValue
|
|
}
|
|
|
|
claRadiusAccServerIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..17)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies a number uniquely identifying each RADIUS
|
|
accounting server with which this client
|
|
communicates."
|
|
::= { claRadiusAccServerEntry 1 }
|
|
|
|
claRadiusAccServerIPSecAuthMethod OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
psk(1),
|
|
cert(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies IPSec Authentication method over RADIUS.
|
|
The value of 'psk' indicates that the authentication is through PSK method.
|
|
The value of 'cert' indicates that the authentication is through certificate method."
|
|
DEFVAL { psk }
|
|
::= { claRadiusAccServerEntry 2 }
|
|
|
|
|
|
claRadiusAccServerKey OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..128))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the accounting and encryption key shared between
|
|
the RADIUS client and this RADIUS Server.
|
|
When the claRadiusAccServerKeyFormat is hex it
|
|
can have max length of 128 bytes. If the
|
|
claRadiusAccServerKeyFormat is Ascii it can have
|
|
max length of 64 bytes."
|
|
DEFVAL { "" }
|
|
::= { claRadiusAccServerEntry 3 }
|
|
|
|
claRadiusAccServerKeyFormat OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
hex(1),
|
|
ascii(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the format of the server key.
|
|
When hex, the number of
|
|
characters in the key should be even.
|
|
The value of 'hex' indicates that the format is in hex format.
|
|
The value of 'cert' indicates that the format is in ascii format."
|
|
::= { claRadiusAccServerEntry 4 }
|
|
|
|
claRadiusAccServerIsActive OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
disable(0),
|
|
enable(1)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of the RADIUS accounting server.
|
|
The value of 'disable' indicates that status is disabled.
|
|
The value of 'enable' indicates that status is enabled."
|
|
::= { claRadiusAccServerEntry 5 }
|
|
|
|
claRadiusAccServerTunnelProxy OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies active RADIUS accounting server's
|
|
tunnel proxy.
|
|
A value of 'true' indicates that the tunnel proxy is enabled.
|
|
A value of 'false' indicates that the tunnel proxy is disabled."
|
|
::= { claRadiusAccServerEntry 6 }
|
|
|
|
claRadiusAccServerPacState OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies active RADIUS accounting server's
|
|
PAC (Protected Access Control).
|
|
A value of 'true' indicates that the server PAC state is enabled.
|
|
A value of 'false' indicates that the server PAC state is disabled."
|
|
DEFVAL { false }
|
|
::= { claRadiusAccServerEntry 7 }
|
|
|
|
--********************************************************************
|
|
--* Auth and accounting Realm configuration
|
|
--********************************************************************
|
|
|
|
claRadiusAuthServerRealmTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF ClaRadiusAuthServerRealmEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table represents the conceptual table listing the RADIUS authentication
|
|
servers with realm config."
|
|
::= { claConfigObjects 25 }
|
|
|
|
|
|
claRadiusAuthServerRealmEntry OBJECT-TYPE
|
|
SYNTAX ClaRadiusAuthServerRealmEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry is a conceptual row representing a RADIUS
|
|
authentication server with a particular realm."
|
|
INDEX { claRadiusAuthServerIndex, claRadiusAuthServerRealm }
|
|
::= { claRadiusAuthServerRealmTable 1 }
|
|
|
|
ClaRadiusAuthServerRealmEntry ::= SEQUENCE {
|
|
claRadiusAuthServerRealm SnmpAdminString,
|
|
claRadiusAuthRealmRowStatus RowStatus
|
|
}
|
|
|
|
claRadiusAuthServerRealm OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents authentication realm string on this
|
|
index. This is used to filter the realms that are
|
|
received from the client on the controller."
|
|
::= { claRadiusAuthServerRealmEntry 1 }
|
|
|
|
claRadiusAuthRealmRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the row status is used to control the realm
|
|
to add or delete an entry in this table."
|
|
::= { claRadiusAuthServerRealmEntry 2 }
|
|
|
|
claRadiusAcctServerRealmTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF ClaRadiusAcctServerRealmEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table represents the conceptual table listing the RADIUS accounting
|
|
servers with which the client shares a realm."
|
|
::= { claConfigObjects 26 }
|
|
|
|
|
|
claRadiusAcctServerRealmEntry OBJECT-TYPE
|
|
SYNTAX ClaRadiusAcctServerRealmEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry is a conceptual row representing a RADIUS
|
|
accounting server with a particular realm."
|
|
INDEX { claRadiusAccServerIndex, claRadiusAcctServerRealm }
|
|
::= { claRadiusAcctServerRealmTable 1 }
|
|
|
|
ClaRadiusAcctServerRealmEntry ::= SEQUENCE {
|
|
claRadiusAcctServerRealm SnmpAdminString,
|
|
claRadiusAcctRealmRowStatus RowStatus
|
|
}
|
|
|
|
claRadiusAcctServerRealm OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the accounting realm string on this index.
|
|
This is used to filter the realms that are
|
|
received from the client on the controller."
|
|
::= { claRadiusAcctServerRealmEntry 1 }
|
|
|
|
claRadiusAcctRealmRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the row status, used to control the realm
|
|
to add or delete an entry in this table."
|
|
::= { claRadiusAcctServerRealmEntry 2 }
|
|
|
|
claTacacsFallbackTestInterval OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the TACACS Fallback Test Interval
|
|
in seconds."
|
|
::= { claConfigObjects 27 }
|
|
|
|
--********************************************************************
|
|
--* Status objects
|
|
--********************************************************************
|
|
|
|
claRadiusServerTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF ClaRadiusServerEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table represents the information about the
|
|
requests sent to the RADIUS servers.
|
|
When a new request gets sent to the RADIUS server
|
|
an entry gets added to this table. The agents
|
|
maintains a circular queue which automatically
|
|
gets overwritten once the queue is full."
|
|
::= { claStatusObjects 1 }
|
|
|
|
|
|
claRadiusServerEntry OBJECT-TYPE
|
|
SYNTAX ClaRadiusServerEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry in this table provides information about
|
|
a request that is sent to a RADIUS server.
|
|
Each entry is uniquely identified by the
|
|
request identifier."
|
|
INDEX { claRadiusReqId }
|
|
::= { claRadiusServerTable 1 }
|
|
|
|
ClaRadiusServerEntry ::=
|
|
SEQUENCE {
|
|
claRadiusReqId Unsigned32,
|
|
claRadiusAddressType InetAddressType,
|
|
claRadiusAddress InetAddress,
|
|
claRadiusPortNum InetPortNumber,
|
|
claRadiusWlanIdx Unsigned32,
|
|
claRadiusClientMacAddress MacAddress,
|
|
claRadiusUserName SnmpAdminString
|
|
}
|
|
|
|
claRadiusReqId OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the request identifier of the
|
|
request sent to the RADIUS server."
|
|
::= { claRadiusServerEntry 1 }
|
|
|
|
claRadiusAddressType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the address type for the RADIUS server. "
|
|
::= { claRadiusServerEntry 2 }
|
|
|
|
claRadiusAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the address of the RADIUS server."
|
|
::= { claRadiusServerEntry 3 }
|
|
|
|
claRadiusPortNum OBJECT-TYPE
|
|
SYNTAX InetPortNumber
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the port number for the RADIUS
|
|
server."
|
|
::= { claRadiusServerEntry 4 }
|
|
|
|
claRadiusWlanIdx OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..17)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the WLAN index whether the RADIUS
|
|
server is activating and deactivating."
|
|
::= { claRadiusServerEntry 5 }
|
|
|
|
claRadiusClientMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the client MAC address that sent the
|
|
request identified by the claRadiusReqId."
|
|
::= { claRadiusServerEntry 6 }
|
|
|
|
claRadiusUserName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object identifies the user for whom the request
|
|
identified by the claRadiusReqId was sent."
|
|
::= { claRadiusServerEntry 7 }
|
|
|
|
claDBCurrentUsedEntries OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the current database entries used.
|
|
This includes the number of users, mac filters
|
|
configured in the system."
|
|
::= { claStatusObjects 2 }
|
|
|
|
|
|
--********************************************************************
|
|
--* Stats objects
|
|
--********************************************************************
|
|
|
|
claRadiusAuthClientAccessRequestsTotal OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the number of RADIUS Access-Request
|
|
packets sent by the controller. This also includes
|
|
retransmissions."
|
|
::= { claStatusObjects 3 }
|
|
|
|
claRadiusAuthClientAccessResponseTotal OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the number of RADIUS Auth response
|
|
packets received by the controller. This includes
|
|
'Access-Accept', 'Access-Reject' and 'Access-Challenge'."
|
|
::= { claStatusObjects 4 }
|
|
|
|
claRadiusAuthClientAccessAcceptsTotal OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the number of RADIUS Access-Accept
|
|
packets received by the controller."
|
|
::= { claStatusObjects 5 }
|
|
|
|
--********************************************************************
|
|
--* Status objects
|
|
--********************************************************************
|
|
|
|
claRadiusServerAvpTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF ClaRadiusServerAvpEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table represents the information about
|
|
the avp entries sent in the authentication and
|
|
accounting packets to radius servers.
|
|
These avp entries are populated from the
|
|
downloaded XML file."
|
|
::= { claStatusObjects 6 }
|
|
|
|
|
|
claRadiusServerAvpEntry OBJECT-TYPE
|
|
SYNTAX ClaRadiusServerAvpEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry in this table provides information about
|
|
a request that is sent to a RADIUS server.
|
|
Each entry is uniquely identified by the
|
|
wlan id,radius type and serial entry."
|
|
INDEX { claWlanId, claRadiusType, claAvpEntryId }
|
|
::= { claRadiusServerAvpTable 1 }
|
|
|
|
ClaRadiusServerAvpEntry ::=
|
|
SEQUENCE {
|
|
claWlanId Unsigned32,
|
|
claRadiusType Unsigned32,
|
|
claAvpEntryId Unsigned32,
|
|
claAvpVendorId Unsigned32,
|
|
claAvpAttribute Unsigned32,
|
|
claAvpType INTEGER,
|
|
claAvpValue SnmpAdminString
|
|
}
|
|
|
|
claWlanId OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the wlan id of the ssid
|
|
profile for which the avp entries are applied."
|
|
::= { claRadiusServerAvpEntry 1 }
|
|
|
|
claRadiusType OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the radius type
|
|
for which the packets are sent, it takes the
|
|
value auth(1), acct (2) or both (3)"
|
|
::= { claRadiusServerAvpEntry 2 }
|
|
|
|
claAvpEntryId OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object identifies the entry index for this
|
|
avp pair."
|
|
::= { claRadiusServerAvpEntry 3 }
|
|
|
|
claAvpVendorId OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the vendor id of this
|
|
radius avp entry "
|
|
::= { claRadiusServerAvpEntry 4 }
|
|
|
|
claAvpAttribute OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the attribute id for each vendor
|
|
in the avp pair"
|
|
::= { claRadiusServerAvpEntry 5 }
|
|
|
|
claAvpType OBJECT-TYPE
|
|
SYNTAX INTEGER { string (0),
|
|
char (1),
|
|
short (2),
|
|
integer (4) }
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the value type in the avp pair."
|
|
::= { claRadiusServerAvpEntry 6 }
|
|
|
|
claAvpValue OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the value of the avp pair which is
|
|
as per the type, currently only the string is returned
|
|
for all types of values."
|
|
::= { claRadiusServerAvpEntry 7 }
|
|
|
|
--*******************************************************************
|
|
--* Radius and Tacacs DNS Configuration params.
|
|
--*******************************************************************
|
|
claTacacsDnsServerEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies whether TACACS DNS
|
|
feature is enabled on the controller
|
|
A value of 'true' indicates that TACACS DNS feature is enabled.
|
|
A value of 'false' indicates that TACACS DNS feature is disabled."
|
|
::= { claGlobalObjects 1 }
|
|
|
|
claTacacsDnsServerAddressType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the TACACS DNS
|
|
server address type."
|
|
::= { claGlobalObjects 2 }
|
|
|
|
claTacacsDnsServerAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the TACACS DNS
|
|
server address."
|
|
::= { claGlobalObjects 3 }
|
|
|
|
claTacacsDnsServerPort OBJECT-TYPE
|
|
SYNTAX InetPortNumber
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the port number for
|
|
TACACS DNS server."
|
|
::= { claGlobalObjects 4 }
|
|
|
|
claTacacsDnsServerSecretType OBJECT-TYPE
|
|
SYNTAX CLSecKeyFormat
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the secret key type of
|
|
TACACS DNS server."
|
|
::= { claGlobalObjects 5 }
|
|
|
|
claTacacsDnsServerSecret OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the secret key configured
|
|
for TACACS DNS server.The secret key and type has to be
|
|
set together.For get operation this object
|
|
always returns a string with asterisks."
|
|
::= { claGlobalObjects 6 }
|
|
|
|
claTacacsDnsServerURL OBJECT-TYPE
|
|
SYNTAX CiscoURLString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the URL of the
|
|
TACACS DNS server."
|
|
::= { claGlobalObjects 7 }
|
|
|
|
claTacacsDnsServerTimeout OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "days"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the TACACS DNS server
|
|
timeout in days."
|
|
::= { claGlobalObjects 8 }
|
|
|
|
claRadiusDnsServerEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies whether Radius DNS
|
|
feature is enabled on the controller
|
|
A value of 'true' indicates that Radius DNS feature is enabled.
|
|
A value of 'false' indicates that Radius DNS feature is disabled."
|
|
::= { claGlobalObjects 9 }
|
|
|
|
claRadiusDnsServerAddressType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the Radius DNS
|
|
server address type."
|
|
::= { claGlobalObjects 10 }
|
|
|
|
claRadiusDnsServerAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the Radius DNS
|
|
server address."
|
|
::= { claGlobalObjects 11 }
|
|
|
|
claRadiusDnsServerPort OBJECT-TYPE
|
|
SYNTAX InetPortNumber
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the port number for
|
|
Radius DNS server."
|
|
::= { claGlobalObjects 12 }
|
|
|
|
claRadiusDnsServerSecretType OBJECT-TYPE
|
|
SYNTAX CLSecKeyFormat
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the secret key type of
|
|
Radius DNS server."
|
|
::= { claGlobalObjects 13 }
|
|
|
|
claRadiusDnsServerSecret OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the secret key configured
|
|
for Radius DNS server.The secret key and type has to be
|
|
set together.For get operation this object always
|
|
returns a string with asterisks."
|
|
::= { claGlobalObjects 14 }
|
|
|
|
claRadiusDnsServerURL OBJECT-TYPE
|
|
SYNTAX CiscoURLString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the URL of the
|
|
Radius DNS server. "
|
|
::= { claGlobalObjects 15 }
|
|
|
|
claRadiusDnsServerTimeout OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "days"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the Radius DNS server
|
|
timeout in days."
|
|
::= { claGlobalObjects 16 }
|
|
|
|
claAAARadiusAuthCallStationIdType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
ipAddr(0),
|
|
macAddr(1),
|
|
apMacAddress(2),
|
|
apMacAddressSsid(3),
|
|
apNameSsid(4),
|
|
apName(5),
|
|
apGroupName(6),
|
|
flexGroupName(7),
|
|
apLocation(8),
|
|
apVlanId(9),
|
|
apMacEthAddress(10),
|
|
apMacEthAddressSsid(11),
|
|
apLabelMac(12),
|
|
apLableMacSsid(13),
|
|
apMacSsidApGroup(14)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the call station ID information
|
|
sent in RADIUS auth messages.
|
|
ipAddr(0) : Sets Call Station Id Type to the system's IP Address.
|
|
macAddr(1) : Sets Call Station Id Type to the system's MAC Address.
|
|
apMacAddress(2) : Sets Call Station Id Type to the AP's Radio MAC Address.
|
|
apMacAddressSsid(3) : Sets Call Station Id Type to the format <AP Radio MAC address>:<SSID>.
|
|
apNameSsid(4) : Sets Called Station Id to the format <AP Name>:<SSID>.
|
|
apName(5) : Sets Called Station Id to the AP Name.
|
|
apGroupName(6) : Sets Called Station Id to the AP Group Name.
|
|
flexGroupName(7) : Sets Called Station Id to the Flex Connect Group Name.
|
|
apLocation(8) : Sets Called Station Id to the AP Location.
|
|
apVlanId(9) : Sets Called Station Id to the VLAN id.
|
|
apMacEthAddress(10) : Sets Called Station Id Type to the AP's Ethernet MAC address.
|
|
apMacEthAddressSsid(11) : Sets Called Station Id Type to the format <AP Ethernet MAC address>:<SSID>.
|
|
apLabelMac(12) : Sets Call Station Id Type to the AP MAC address printed on APLabel.
|
|
apLableMacSsid(13) : Sets Call Station Id Type to the format <AP Label MAC address>:<SSID>.
|
|
apMacSsidApGroup(14) : Sets Called Station Id Type to the format <AP MAC address>:<SSID>:<AP Group>."
|
|
::= { claGlobalObjects 17 }
|
|
|
|
claRadiusDnsAuthnetworkState OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies whether the Radius DNS server
|
|
auth network flag is enabled (true) or disabled (false).
|
|
A value of 'true' indicates that auth network flag is enabled.
|
|
A value of 'false' indicates that auth network flag is disabled."
|
|
::= { claGlobalObjects 18 }
|
|
|
|
|
|
claRadiusDnsAuthmgmtState OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies whether the Radius DNS server
|
|
auth management flag is enabled (true) or disabled(false).
|
|
A value of 'true' indicates that auth management flag is enabled.
|
|
A value of 'false' indicates that auth management flag is disabled."
|
|
::= { claGlobalObjects 19 }
|
|
|
|
|
|
claRadiusDnsAcctnetworkState OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies whether the Radius DNS server
|
|
accounting network flag is enabled (true) or disabled (false).
|
|
A value of 'true' indicates that accounting network flag is enabled.
|
|
A value of 'false' indicates that accounting network flag is disabled."
|
|
::= { claGlobalObjects 20 }
|
|
|
|
claRadiusDnsAuthRetransmitTimeout OBJECT-TYPE
|
|
SYNTAX Unsigned32 (2..30)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the Radius Authentication DNS server's
|
|
re-transmit Timeout."
|
|
::= { claGlobalObjects 21 }
|
|
|
|
claRadiusDnsAcctRetransmitTimeout OBJECT-TYPE
|
|
SYNTAX Unsigned32 (2..30)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the Radius Accounting DNS server's
|
|
re-transmit Timeout."
|
|
::= { claGlobalObjects 22 }
|
|
|
|
claRadiusDnsAuthRfc3576State OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies whether the Radius DNS server
|
|
authentication server RFC3576 flag is enabled (true) or disabled(false).
|
|
A value of 'true' indicates that authentication server flag is enabled.
|
|
A value of 'false' indicates that authentication server flag is disabled."
|
|
::= { claGlobalObjects 23 }
|
|
|
|
claRadiusFramedMtu OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies framed-mtu-size for Radius EAP"
|
|
::= { claGlobalObjects 24 }
|
|
|
|
claRadiusDnsAuthMgmtRetransmitTimeout OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..30)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the Radius Authentication DNS server's
|
|
Mgmt-Retransmit Timeout."
|
|
::= { claGlobalObjects 25 }
|
|
|
|
claMgmtUserReauthInterval OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies termination-interval for management users."
|
|
::= { claGlobalObjects 26 }
|
|
|
|
--********************************************************************
|
|
--* NOTIFICATION Control objects
|
|
--********************************************************************
|
|
claRadiusServerGlobalActivatedEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The object specifies to control the generation of
|
|
ciscoLwappAAARadiusServerGlobalActivated
|
|
notification.
|
|
|
|
A value of 'true' indicates that the agent generates
|
|
ciscoLwappAAARadiusServerGlobalActivated
|
|
notification.
|
|
|
|
A value of 'false' indicates that the agent doesn't
|
|
generate ciscoLwappAAARadiusServerGlobalActivated
|
|
notification. "
|
|
DEFVAL { true }
|
|
::= { claConfigObjects 4 }
|
|
|
|
claRadiusServerGlobalDeactivatedEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The object specifies to control the generation of
|
|
ciscoLwappAAARadiusServerGlobalDeactivated
|
|
notification.
|
|
|
|
A value of 'true' indicates that the agent generates
|
|
ciscoLwappAAARadiusServerGlobalDeactivated
|
|
notification.
|
|
|
|
A value of 'false' indicates that the agent doesn't
|
|
generate ciscoLwappAAARadiusServerGlobalDeactivated
|
|
notification. "
|
|
DEFVAL { true }
|
|
::= { claConfigObjects 5 }
|
|
|
|
claRadiusServerWlanActivatedEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The object specifies to control the generation of
|
|
ciscoLwappAAARadiusServerWlanActivated
|
|
notification.
|
|
|
|
A value of 'true' indicates that the agent generates
|
|
ciscoLwappAAARadiusServerWlanActivated
|
|
notification.
|
|
|
|
A value of 'false' indicates that the agent doesn't
|
|
generate ciscoLwappAAARadiusServerWlanActivated
|
|
notification. "
|
|
DEFVAL { true }
|
|
::= { claConfigObjects 6 }
|
|
|
|
claRadiusServerWlanDeactivatedEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The object specifies to control the generation of
|
|
ciscoLwappAAARadiusServerWlanDeactivated
|
|
notification.
|
|
|
|
A value of 'true' indicates that the agent generates
|
|
ciscoLwappAAARadiusServerWlanDeactivated
|
|
notification.
|
|
|
|
A value of 'false' indicates that the agent doesn't
|
|
generate ciscoLwappAAARadiusServerWlanDeactivated
|
|
notification. "
|
|
DEFVAL { true }
|
|
::= { claConfigObjects 7 }
|
|
|
|
claRadiusReqTimedOutEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The object specifies to control the generation of
|
|
ciscoLwappAAARadiusReqTimedOut notification.
|
|
|
|
A value of 'true' indicates that the agent generates
|
|
ciscoLwappAAARadiusReqTimedOut notification.
|
|
|
|
A value of 'false' indicates that the agent doesn't
|
|
generate ciscoLwappAAARadiusReqTimedOut notification."
|
|
|
|
DEFVAL { true }
|
|
::= { claConfigObjects 8 }
|
|
|
|
--********************************************************************
|
|
--* NOTIFICATION TYPE objects
|
|
--********************************************************************
|
|
|
|
ciscoLwappAAARadiusServerGlobalActivated NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
claRadiusAddressType,
|
|
claRadiusAddress,
|
|
claRadiusPortNum
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is sent by the agent when the
|
|
controller detects that the RADIUS server is
|
|
activated in the global list. The RADIUS server
|
|
is identified by the address (claRadiusAddress)
|
|
and port number (claRadiusPortNum)."
|
|
::= { ciscoLwappAAAMIBNotifs 1 }
|
|
|
|
|
|
ciscoLwappAAARadiusServerGlobalDeactivated NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
claRadiusAddressType,
|
|
claRadiusAddress,
|
|
claRadiusPortNum
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is sent by the agent when the
|
|
controller detects that the RADIUS server is
|
|
deactivated in the global list. The RADIUS server
|
|
is identified by the address (claRadiusAddress)
|
|
and port number (claRadiusPortNum)."
|
|
::= { ciscoLwappAAAMIBNotifs 2 }
|
|
|
|
ciscoLwappAAARadiusServerWlanActivated NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
claRadiusAddressType,
|
|
claRadiusAddress,
|
|
claRadiusPortNum,
|
|
claRadiusWlanIdx
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is sent by the agent when the
|
|
controller detects that the RADIUS server is
|
|
activated on the WLAN. The RADIUS server
|
|
is identified by the address (claRadiusAddress)
|
|
and port number (claRadiusPortNum)."
|
|
::= { ciscoLwappAAAMIBNotifs 3 }
|
|
|
|
|
|
ciscoLwappAAARadiusServerWlanDeactivated NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
claRadiusAddressType,
|
|
claRadiusAddress,
|
|
claRadiusPortNum,
|
|
claRadiusWlanIdx
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is sent by the agent when the
|
|
controller detects that the RADIUS server is
|
|
deactivated on the WLAN. The RADIUS server
|
|
is identified by the address (claRadiusAddress)
|
|
and port number (claRadiusPortNum)."
|
|
::= { ciscoLwappAAAMIBNotifs 4 }
|
|
|
|
ciscoLwappAAARadiusReqTimedOut NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
claRadiusAddressType,
|
|
claRadiusAddress,
|
|
claRadiusPortNum,
|
|
claRadiusClientMacAddress,
|
|
claRadiusUserName
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is sent by the agent when the
|
|
controller detects that the RADIUS server failed
|
|
to respond to request from a client/user. The RADIUS
|
|
server is identified by the address (claRadiusAddress)
|
|
and port number (claRadiusPortNum)."
|
|
::= { ciscoLwappAAAMIBNotifs 5 }
|
|
|
|
|
|
ciscoLwappAAARadiusAuthServerAvailable NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
claRadiusAddressType,
|
|
claRadiusAddress,
|
|
claRadiusPortNum
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is sent by the agent when the
|
|
controller detects that the RADIUS authenticating
|
|
server is available/responsive when it was
|
|
previously unavailable/unresponsive. The state
|
|
change triggers this notification. The RADIUS
|
|
server is identified by the address
|
|
(claRadiusAddress) and port number
|
|
(claRadiusPortNum)."
|
|
::= { ciscoLwappAAAMIBNotifs 6 }
|
|
|
|
ciscoLwappAAARadiusAuthServerUnavailable NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
claRadiusAddressType,
|
|
claRadiusAddress,
|
|
claRadiusPortNum
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is sent by the agent when the
|
|
controller detects that the RADIUS authenticating
|
|
server is unavailable/unresponsive when it was
|
|
previously available/responsive. The state change
|
|
triggers this notification. The RADIUS server
|
|
is identified by the address (claRadiusAddress)
|
|
and port number (claRadiusPortNum)."
|
|
::= { ciscoLwappAAAMIBNotifs 7 }
|
|
|
|
ciscoLwappAAARadiusAcctServerAvailable NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
claRadiusAddressType,
|
|
claRadiusAddress,
|
|
claRadiusPortNum
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is sent by the agent when the
|
|
controller detects that the RADIUS accounting server
|
|
is available/responsive when it was previously
|
|
unavailable/unresponsive. The state change
|
|
triggers this notification. The RADIUS server
|
|
is identified by the address (claRadiusAddress)
|
|
and port number (claRadiusPortNum)."
|
|
::= { ciscoLwappAAAMIBNotifs 8 }
|
|
|
|
ciscoLwappAAARadiusAcctServerUnavailable NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
claRadiusAddressType,
|
|
claRadiusAddress,
|
|
claRadiusPortNum
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is sent by the agent when the
|
|
controller detects that the RADIUS accounting server
|
|
is unavailable/unresponsive when it was previously
|
|
available/responsive. The state change triggers
|
|
this notification. The RADIUS server is identified
|
|
by the address (claRadiusAddress) and port number
|
|
(claRadiusPortNum)."
|
|
::= { ciscoLwappAAAMIBNotifs 9 }
|
|
|
|
--********************************************************************
|
|
ciscoLwappAAAMIBCompliances OBJECT IDENTIFIER
|
|
::= { ciscoLwappAAAMIBConform 1 }
|
|
|
|
ciscoLwappAAAMIBGroups OBJECT IDENTIFIER
|
|
::= { ciscoLwappAAAMIBConform 2 }
|
|
|
|
|
|
ciscoLwappAAAMIBCompliance MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"The compliance statement for the SNMP entities that
|
|
implement the ciscoLwappAAAMIB module. "
|
|
MODULE MANDATORY-GROUPS {
|
|
ciscoLwappAAAMIBConfigGroup,
|
|
ciscoLwappAAAMIBNotifsGroup,
|
|
ciscoLwappAAAMIBStatusObjsGroup
|
|
}
|
|
::= { ciscoLwappAAAMIBCompliances 1 }
|
|
|
|
ciscoLwappAAAMIBComplianceRev1 MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The compliance statement for the SNMP entities that
|
|
implement the ciscoLwappAAAMIB module."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS {
|
|
ciscoLwappAAAMIBConfigGroup,
|
|
ciscoLwappAAAMIBSaveUserConfigGroup,
|
|
ciscoLwappAAAMIBRadiusConfigGroup,
|
|
ciscoLwappAAAMIBAPPolicyConfigGroup,
|
|
ciscoLwappAAAMIBWlanAuthAccServerConfigGroup,
|
|
ciscoLwappAAAMIBNotifsGroup,
|
|
ciscoLwappAAAMIBStatusObjsGroup,
|
|
ciscoLwappAAAMIBDBEntriesGroup
|
|
}
|
|
::= { ciscoLwappAAAMIBCompliances 2 }
|
|
|
|
--********************************************************************
|
|
--* Units of conformance
|
|
--********************************************************************
|
|
|
|
ciscoLwappAAAMIBConfigGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
claPriorityOrder,
|
|
claTacacsServerAddressType,
|
|
claTacacsServerAddress,
|
|
claTacacsServerPortNum,
|
|
claTacacsServerEnabled,
|
|
claTacacsServerSecretType,
|
|
claTacacsServerSecret,
|
|
claTacacsServerTimeout,
|
|
claTacacsServerStorageType,
|
|
claTacacsServerRowStatus,
|
|
claRadiusServerGlobalActivatedEnabled,
|
|
claRadiusServerGlobalDeactivatedEnabled,
|
|
claRadiusServerWlanActivatedEnabled,
|
|
claRadiusServerWlanDeactivatedEnabled,
|
|
claRadiusReqTimedOutEnabled
|
|
}
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"This collection of objects specifies the required
|
|
parameters for AAA. "
|
|
::= { ciscoLwappAAAMIBGroups 1 }
|
|
|
|
ciscoLwappAAAMIBConfigGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
claPriorityOrder,
|
|
claTacacsServerAddressType,
|
|
claTacacsServerAddress,
|
|
claTacacsServerPortNum,
|
|
claTacacsServerEnabled,
|
|
claTacacsServerSecretType,
|
|
claTacacsServerSecret,
|
|
claTacacsServerTimeout,
|
|
claTacacsServerStorageType,
|
|
claTacacsServerRowStatus,
|
|
claRadiusServerGlobalActivatedEnabled,
|
|
claRadiusServerGlobalDeactivatedEnabled,
|
|
claRadiusServerWlanActivatedEnabled,
|
|
claRadiusServerWlanDeactivatedEnabled,
|
|
claRadiusReqTimedOutEnabled,
|
|
claTacacsDnsServerEnabled,
|
|
claTacacsDnsServerAddressType,
|
|
claTacacsDnsServerAddress,
|
|
claTacacsDnsServerPort,
|
|
claTacacsDnsServerSecretType,
|
|
claTacacsDnsServerSecret,
|
|
claTacacsDnsServerURL,
|
|
claTacacsDnsServerTimeout,
|
|
claRadiusDnsServerEnabled,
|
|
claRadiusDnsServerAddressType,
|
|
claRadiusDnsServerAddress,
|
|
claRadiusDnsServerPort,
|
|
claRadiusDnsServerSecretType,
|
|
claRadiusDnsServerSecret,
|
|
claRadiusDnsServerURL,
|
|
claRadiusDnsServerTimeout,
|
|
claAAARadiusAuthCallStationIdType,
|
|
claRadiusDnsAuthnetworkState,
|
|
claRadiusDnsAuthmgmtState,
|
|
claRadiusDnsAcctnetworkState,
|
|
claRadiusDnsAuthRetransmitTimeout,
|
|
claRadiusDnsAcctRetransmitTimeout,
|
|
claRadiusDnsAuthRfc3576State,
|
|
claRadiusFramedMtu,
|
|
claRadiusDnsAuthMgmtRetransmitTimeout,
|
|
claMgmtUserReauthInterval,
|
|
claWlanOverwriteInterface,
|
|
claWlanInterimUpdate,
|
|
claWlanInterimUpdateInterval,
|
|
claTacacsFallbackTestInterval,
|
|
claRadiusAuthClientAccessRequestsTotal,
|
|
claRadiusAuthClientAccessResponseTotal,
|
|
claRadiusAuthClientAccessAcceptsTotal,
|
|
claWlanId,
|
|
claRadiusType,
|
|
claAvpEntryId,
|
|
claAvpVendorId,
|
|
claAvpAttribute,
|
|
claAvpType,
|
|
claAvpValue
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This collection of objects specifies the required
|
|
parameters for AAA. "
|
|
::= { ciscoLwappAAAMIBGroups 1 }
|
|
|
|
|
|
ciscoLwappAAAMIBSaveUserConfigGroup OBJECT-GROUP
|
|
OBJECTS { claSaveUserData }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"These is the configuration parameter related to
|
|
guest user configuration saving."
|
|
::= { ciscoLwappAAAMIBGroups 2 }
|
|
|
|
ciscoLwappAAAMIBNotifsGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS {
|
|
ciscoLwappAAARadiusServerGlobalActivated,
|
|
ciscoLwappAAARadiusServerGlobalDeactivated,
|
|
ciscoLwappAAARadiusServerWlanActivated,
|
|
ciscoLwappAAARadiusServerWlanDeactivated,
|
|
ciscoLwappAAARadiusReqTimedOut,
|
|
ciscoLwappAAARadiusAuthServerAvailable,
|
|
ciscoLwappAAARadiusAuthServerUnavailable,
|
|
ciscoLwappAAARadiusAcctServerAvailable,
|
|
ciscoLwappAAARadiusAcctServerUnavailable
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This collection of objects specifies the
|
|
notifications for AAA."
|
|
::= { ciscoLwappAAAMIBGroups 3 }
|
|
|
|
ciscoLwappAAAMIBStatusObjsGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
claRadiusAddressType,
|
|
claRadiusAddress,
|
|
claRadiusPortNum,
|
|
claRadiusWlanIdx,
|
|
claRadiusClientMacAddress,
|
|
claRadiusUserName
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This collection of objects represents the information
|
|
about the general status attributes for AAA."
|
|
::= { ciscoLwappAAAMIBGroups 4 }
|
|
|
|
ciscoLwappAAAMIBDBEntriesGroup OBJECT-GROUP
|
|
OBJECTS { claDBCurrentUsedEntries }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the additional object which represent
|
|
the information about the general status
|
|
attributes for AAA."
|
|
::= { ciscoLwappAAAMIBGroups 5 }
|
|
|
|
ciscoLwappAAAMIBRadiusConfigGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
claWebRadiusAuthentication,
|
|
claRadiusFallbackMode,
|
|
claRadiusFallbackUsername,
|
|
claRadiusFallbackInterval,
|
|
claRadiusAuthMacDelimiter,
|
|
claRadiusAcctMacDelimiter
|
|
}
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"These are the RADIUS web authentication and
|
|
fallback related configuration parameters on the WLC."
|
|
::= { ciscoLwappAAAMIBGroups 6 }
|
|
|
|
ciscoLwappAAAMIBRadiusConfigGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
claWebRadiusAuthentication,
|
|
claRadiusFallbackMode,
|
|
claRadiusFallbackUsername,
|
|
claRadiusFallbackInterval,
|
|
claRadiusAuthMacDelimiter,
|
|
claRadiusAcctMacDelimiter,
|
|
claRadiusAuthServerIndex,
|
|
claRadiusAuthServerIPSecAuthMethod,
|
|
claRadiusAuthServerKey,
|
|
claRadiusAuthServerKeyFormat,
|
|
claRadiusAuthServerIsActive,
|
|
claRadiusAuthServerPacState,
|
|
claRadiusAccServerIndex,
|
|
claRadiusAccServerIPSecAuthMethod,
|
|
claRadiusAccServerKey,
|
|
claRadiusAccServerKeyFormat,
|
|
claRadiusAccServerIsActive,
|
|
claRadiusAccServerTunnelProxy,
|
|
claRadiusAccServerPacState,
|
|
claRadiusAuthServerRealm,
|
|
claRadiusAuthRealmRowStatus,
|
|
claRadiusAcctServerRealm,
|
|
claRadiusAcctRealmRowStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"These are the RADIUS web authentication and
|
|
fallback related configuration parameters on the WLC."
|
|
::= { ciscoLwappAAAMIBGroups 6 }
|
|
|
|
ciscoLwappAAAMIBAPPolicyConfigGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
claAcceptMICertificate,
|
|
claAcceptLSCertificate,
|
|
claAllowAuthorizeLscApAgainstAAA
|
|
}
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"These are the AP Policy related configuration
|
|
parameters on the WLC."
|
|
::= { ciscoLwappAAAMIBGroups 7 }
|
|
|
|
ciscoLwappAAAMIBAPPolicyConfigGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
claAcceptMICertificate,
|
|
claAcceptLSCertificate,
|
|
claAllowAuthorizeLscApAgainstAAA,
|
|
claSscHashValidationEnabled,
|
|
claSscCertificateSubject,
|
|
claSscCertificateValidity,
|
|
claSscCertificateHashKey
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"These are the AP Policy related configuration
|
|
parameters on the WLC."
|
|
::= { ciscoLwappAAAMIBGroups 7 }
|
|
|
|
ciscoLwappAAAMIBWlanAuthAccServerConfigGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
claWlanAuthServerEnabled,
|
|
claWlanAcctServerEnabled
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"These are the authentication and account server configuration
|
|
parameters per wlan."
|
|
::= { ciscoLwappAAAMIBGroups 8 }
|
|
|
|
END
|
|
|