CISCO-DOT11-SSID-SECURITY-MIB

File: CISCO-DOT11-SSID-SECURITY-MIB.mib (68419 bytes)

Imported modules

SNMPv2-SMI SNMPv2-CONF SNMPv2-TC
SNMP-FRAMEWORK-MIB IF-MIB INET-ADDRESS-MIB
IEEE802dot11-MIB CISCO-DOT11-IF-MIB CISCO-SMI

Imported symbols

MODULE-IDENTITY OBJECT-TYPE Integer32
Unsigned32 MODULE-COMPLIANCE OBJECT-GROUP
TEXTUAL-CONVENTION MacAddress RowStatus
TruthValue SnmpAdminString ifIndex
InetAddressType InetAddress dot11AuthenticationAlgorithmsIndex
CDot11IfVlanIdOrZero ciscoMgmt

Defined Types

CDot11SecAuthKeyMgmtType  
TEXTUAL-CONVENTION    
  current BITS cckm(0), wpa(1), wpa1(2), wpa2(3)

CDot11WiFiPaPreSharedKey  
TEXTUAL-CONVENTION    
  current STRING Size(0..128)

CDot11SsidString  
TEXTUAL-CONVENTION    
  current STRING Size(1..32)

CDot11VlanName  
TEXTUAL-CONVENTION    
  current STRING Size(1..32)

CDot11InformationElementType  
TEXTUAL-CONVENTION    
  current BITS ssidl(0), advertisement(1), wps(2)

Cdot11SecAuxSsidEntry  
SEQUENCE    
  cdot11SecAuxSsid CDot11SsidString
  cdot11SecAuxSsidBroadcast TruthValue
  cdot11SecAuxSsidInfraStruct INTEGER
  cdot11SecAuxSsidProxyMobileIp TruthValue
  cdot11SecAuxSsidMaxStations Unsigned32
  cdot11SecAuxSsidVlan CDot11IfVlanIdOrZero
  cdot11SecAuxSsidWpaPsk CDot11WiFiPaPreSharedKey
  cdot11SecAuxRadiusAccounting SnmpAdminString
  cdot11SecAuxSsidLoginUsername SnmpAdminString
  cdot11SecAuxSsidLoginPassword SnmpAdminString
  cdot11SecAuxSsidAuthKeyMgmt CDot11SecAuthKeyMgmtType
  cdot11SecAuxSsidAuthKeyMgmtOpt TruthValue
  cdot11SecAuxSsidRowStatus RowStatus
  cdot11SecAuxSsidWirelessNetId Integer32
  cdot11SecSsidRedirectAddrType InetAddressType
  cdot11SecSsidRedirectDestAddr InetAddress
  cdot11SecSsidRedirectFilter SnmpAdminString
  cdot11SecSsidInformationElement CDot11InformationElementType
  cdot11SecAuxSsidVlanName CDot11VlanName
  cdot11SecAuxSsidMbssidBroadcast TruthValue
  cdot11SecAuxSsidMbssidDtimPeriod Integer32

Cdot11SecAuxSsidAuthEntry  
SEQUENCE    
  cdot11SecAuxSsidAuthEnabled TruthValue
  cdot11SecAuxSsidAuthPlusEap TruthValue
  cdot11SecAuxSsidAuthPlusMac TruthValue
  cdot11SecAuxSsidAuthEapMethod SnmpAdminString
  cdot11SecAuxSsidAuthMacMethod SnmpAdminString
  cdot11SecAuxSsidAuthMacAlternate TruthValue

Cdot11SecInterfSsidEntry  
SEQUENCE    
  cdot11SecInterfSsidRowStatus RowStatus

Cdot11MbssidMacAddrSupportEntry  
SEQUENCE    
  cdot11MbssidMacAddrIndex Integer32
  cdot11MbssidMacAddrSupported MacAddress

Cdot11MbssidInterfaceEntry  
SEQUENCE    
  cdot11MbssidIfMacAddress MacAddress
  cdot11MbssidIfBroadcast TruthValue

Cdot11SecSsidBackupVlanEntry  
SEQUENCE    
  cdot11SecSsidBackupVlan CDot11IfVlanIdOrZero
  cdot11SecSsidBackupVlanRowStatus RowStatus

Cdot11SecVlanNameEntry  
SEQUENCE    
  cdot11SecVlanName CDot11VlanName
  cdot11SecVlanNameId CDot11IfVlanIdOrZero
  cdot11SecVlanNameRowStatus RowStatus

Defined Values

ciscoDot11SsidSecMIB 1.3.6.1.4.1.9.9.413
This MIB module provides network management support for Cisco IEEE 802.11 Wireless LAN devices association and authentication. ACRONYMS AES Advanced Encryption Standard. AP Access point. AID Association IDentifier for wireless stations. BSS IEEE 802.11 Basic Service Set. BSSID Basic SSID, a MAC address. CCKM Cisco Central Key Management. CCMP Code Mode/CBC Mac Protocol. CKIP Cisco per packet key hashing. CMIC Cisco MMH MIC. CRC Cyclic Redundancy Check. DTIM Data Traffic Indication Map EAP Extensible Authentication Protocol. GRE Generic Routing Encapsulation IAPP Inter-Access-Point Protocol. ICV Integrity Check Value. MBSSID Multiple Basic SSID. MIC Message Integrity Check. MMH Multi-Modal Hashing. MMIC Michael MIC. RF Radio Frequency. SSID Radio Service Set Id. SSIDL IE SSID List Information Element STA IEEE 802.11 wireless station. TKIP WPA Temporal Key encryption. VLAN Virtual LAN. WEP Wired Equivalent Privacy. WPA Wi-Fi Protected Access. WPS Wireless Provisioning System. GLOSSARY Access point Transmitter/receiver (transceiver) device that commonly connects and transports data between a wireless network and a wired network. Association The service used to establish access point or station mapping and enable STA invocation of the distribution system services. (Wireless clients attempt to connect to access points.) Basic Service Set The IEEE 802.11 BSS of an AP comprises of the stations directly associating with the AP. Backup VLAN Wireless clients found to be running outdated/ unsupported virus software and not compliant to network admission control guidelines need to be placed on different VLANs than the intended normal VLAN. These VLANs on which the non-compliant clients are placed are termed as Backup VLANs. Backup VLANs are used to quarantine the non-compliant clients running incorrect software till they upgrade their software to the correct version. Bridge Device that connects two or more segments and reduces traffic by analyzing the destination address, filtering the frame, and forwarding the frame to all connected segments. Bridge AP It is an AP that functions as a transparent bridge between 2 wired LAN segments. Broadcast SSID Clients can send out Broadcast SSID Probe Requests to a nearby AP, and the AP will broadcast its own SSID within its beacons to response to clients. Clients can use this Broadcast SSID to associate and communicate with the AP. Extensible Authentication Protocol EAP acts as the interface between a wireless client and an authentication server, such as a RADIUS server, to which the access point communicates over the wired network. IEEE 802.11 Standard to encourage interoperability among wireless networking equipment. IEEE 802.11b High-rate wireless LAN standard for wireless data transfer at up to 11 Mbps. IEEE P802.11g Higher Speed Physical Layer (PHY) Extension to IEEE 802.11b, will boost wireless LAN speed to 54 Mbps by using OFDM (orthogonal frequency division multiplexing). The IEEE 802.11g specification is backward compatible with the widely deployed IEEE 802.11b standard. Inter-Access-Point Protocol The IEEE 802.11 standard does not define how access points track moving users or how to negotiate a handoff from one access point to the next, a process referred to as roaming. IAPP is a Cisco proprietary protocol to support roaming. However, IAPP does not address how the wireless system tracks users moving from one subnet to another. Independent network Network that provides peer-to-peer connectivity without relying on a complete network infrastructure. Information Element Optional wireless network management data element in the beacons and probe responses generated by wireless stations. These elements identify the extended capabilities supported by the stations. Integrity Check Value The WEP ICV shall be a 32-bit value containing the 32-bit cyclic redundancy code designed for verifying wireless data frame integrity. Message Integrity Check A MIC can, optionally, be added to WEP-encrypted 802.11 frames. MIC prevents attacks on encrypted packets. MIC, implemented on both the access point and all associated client devices, adds a few bytes to each packet to make the packets tamper-proof. Multiple BSS-ID An access point radio broadcasts and advertises multiple SSIDs in the beacons. For clients' prospective, it is like there are multiple access points existing in the wireless network. Native VLAN ID A switch port and/or AP can be configured with a 'native VLAN ID'. Untagged or priority-tagged frames are implicitly associated with the native VLAN ID. The default native VLAN ID is '1' if VLAN tagging is enabled. The native VLAN ID is '0' or 'no VLAN ID' if VLAN tagging is not enabled. Non-Root Bridge This wireless bridge does not connect to the main wired LAN segment. It connects to a remote wired LAN segment and can associate with root bridges and other non-root bridges that accept client associations. It also can accept associations from other non-root bridges, repeater access points, and client devices. Primary LAN In an AP, if the destinations of inbound unicast frames are unknown, the frames are sent toward the primary LAN defined on the device. Repeater Device that connects multiple segments, listening to each and regenerating the signal on one to every other connected one; so that the signal can travel further. Repeater or Non-root Access Point The repeater access point is not connected to the wired LAN. The Repeater is a wireless LAN transceiver that transfers data between a client and another access point, another repeater, or between two bridges. The repeater is placed within radio range of an access point connected to the wired LAN, another repeater, or an non-root bridge to extend the range of the infrastructure. Radio Frequency Radio wave and modulation process or operation. Root Access Point This access point connects clients to the main wired LAN. Root (Wireless) Bridge This wireless bridge connects to the main wired LAN. It can communicate with non-root wireless bridges, repeater access points, and client devices but not with another wireless root bridge. Only one wireless bridge in a wireless LAN can be set as the wireless root bridge. Service Set ID SSID is a unique identifier that APs and clients use to identify with each other. SSID is a simple means of access control and is not for security. The SSID can be any alphanumeric entry up to 32 characters. Virtual LAN VLAN defined in the IEEE 802.1Q VLAN standard supports logically segmenting of LAN infrastructure into different subnets or workgroups so that packets are switched only between ports within the same VLAN. VLAN ID Each VLAN is identified by a 12-bit 'VLAN ID'. A VLAN ID of '0' is used to indicate 'no VLAN ID'. Valid VLAN IDs range from '1' to '4095'. VLAN of ID '4095' is the default VLAN for Cisco VoIP Phones. Wired Equivalent Privacy WEP is generally used to refer to 802.11 encryption.
MODULE-IDENTITY    

ciscoDot11SsidSecMIBObjects 1.3.6.1.4.1.9.9.413.1
OBJECT IDENTIFIER    

cdot11SecSsidManagement 1.3.6.1.4.1.9.9.413.1.1
OBJECT IDENTIFIER    

cdot11SecAuthManagement 1.3.6.1.4.1.9.9.413.1.2
OBJECT IDENTIFIER    

cdot11SecStatistics 1.3.6.1.4.1.9.9.413.1.3
OBJECT IDENTIFIER    

cdot11SecVlanManagement 1.3.6.1.4.1.9.9.413.1.4
OBJECT IDENTIFIER    

cdot11SecAuxSsidTable 1.3.6.1.4.1.9.9.413.1.1.1
This table contains the list of SSIDs that all radio interfaces of this device should install and use for client associations.
OBJECT-TYPE    
  SEQUENCE OF  
    Cdot11SecAuxSsidEntry

cdot11SecAuxSsidEntry 1.3.6.1.4.1.9.9.413.1.1.1.1
A collection of attributes defining an auxiliary service set ID which client stations can use for association for the device. Entries can be installed on multiple radio interfaces.
OBJECT-TYPE    
  Cdot11SecAuxSsidEntry  

cdot11SecAuxSsid 1.3.6.1.4.1.9.9.413.1.1.1.1.1
This object specifies a SSID defined on this IEEE 802.11 wireless LAN device. The SSID will be installed on the radio interfaces for client associations. The radio interface shall respond to probe requests using this SSID, but it does not advertise this SSID in its beacons unless the cdot11SecAuxSsidBroadcast is 'true'.
OBJECT-TYPE    
  CDot11SsidString  

cdot11SecAuxSsidBroadcast 1.3.6.1.4.1.9.9.413.1.1.1.1.2
This object indicates if an auxiliary SSID is a Broadcast SSID. There should only be one Broadcast SSID installed on any IEEE 802.11 radio interface if Multiple BSSID feature is not enabled. To enable this SSID for MBSSID broadcast, use cdot11SecAuxSsidMbssidBroadcast.
OBJECT-TYPE    
  TruthValue  

cdot11SecAuxSsidInfraStruct 1.3.6.1.4.1.9.9.413.1.1.1.1.3
This object indicates if an auxiliary SSID is an infra-structure SSID. There should only be one infra-structure SSID installed on any IEEE 802.11 radio interface. The infra-structure SSID is used for uplink association while the radio interface cd11IfStationRole is roleWgb(1), roleRepeater(5), roleNrBridge(9), or roleApNrBridge(10). infraStructure(1) - infra-structure SSID, nonInfraStructure(2) - Non infra-structure SSID, optional(3) - use of this infra-structure SSID is optional for uplink connection.
OBJECT-TYPE    
  INTEGER infraStructure(1), nonInfraStructure(2), optional(3)  

cdot11SecAuxSsidProxyMobileIp 1.3.6.1.4.1.9.9.413.1.1.1.1.4
This object indicates if an auxiliary SSID is enabled for Proxy Mobile-IP support. If Proxy Mobile-IP is not supported in VLAN network environment, cdot11SecAuxSsidVlan should be '0' when Proxy Mobile-IP is enabled via this object.
OBJECT-TYPE    
  TruthValue  

cdot11SecAuxSsidMaxStations 1.3.6.1.4.1.9.9.413.1.1.1.1.5
This object defines the maximum number of IEEE 802.11 stations which may associate to a radio interface through this SSID. If the value is '0', the maximum number is limited only by the IEEE 802.11 standard and any hardware or radio firmware limitations of the access point.
OBJECT-TYPE    
  Unsigned32 0..2007  

cdot11SecAuxSsidVlan 1.3.6.1.4.1.9.9.413.1.1.1.1.6
This object defines the VLAN trunk at which the traffic will be used when a client is associating with this SSID. The default value is '0', no VLAN is configured or used for this SSID.
OBJECT-TYPE    
  CDot11IfVlanIdOrZero  

cdot11SecAuxSsidWpaPsk 1.3.6.1.4.1.9.9.413.1.1.1.1.7
This object configures Wi-Fi Protected Access Pre-shared Key for this SSID. This key is used for association authentication and dynamic encryption key generation. The default value is ''H if this shared key feature is not enabled.
OBJECT-TYPE    
  CDot11WiFiPaPreSharedKey  

cdot11SecAuxRadiusAccounting 1.3.6.1.4.1.9.9.413.1.1.1.1.8
This object defines the name of the AAA accounting list to be used for association accounting. The default value is an empty string if AAA accounting is not enabled.
OBJECT-TYPE    
  SnmpAdminString  

cdot11SecAuxSsidLoginUsername 1.3.6.1.4.1.9.9.413.1.1.1.1.9
This object specifies the username used for LEAP authentication and association to an uplink AP while this SSID is in infra-structure mode, i.e. cdot11SecAuxSsidInfraStruct is 'true'. The default value is an empty string if this feature is not enabled.
OBJECT-TYPE    
  SnmpAdminString  

cdot11SecAuxSsidLoginPassword 1.3.6.1.4.1.9.9.413.1.1.1.1.10
This object specifies the password used for LEAP authentication association to an uplink AP while this SSID is in infra-structure mode, i.e. cdot11SecAuxSsidInfraStruct is 'true'. The default value is an empty string if this feature is not enabled.
OBJECT-TYPE    
  SnmpAdminString  

cdot11SecAuxSsidAuthKeyMgmt 1.3.6.1.4.1.9.9.413.1.1.1.1.11
This object specifies the type of key management employed for encryption keys defined for the VLAN in cdot11SecAuxSsidVlan. WPA key management('wpa') should only be selected when encryption is TKIP or AES-CCMP and authentication is open, i.e. dot11AuthenticationAlgorithmsIndex is openSystem(1), together either with EAP or WPA-PSK for this SSID. CCKM key management('cckm') can be used with encryption TKIP, WEP, CKIP, and Network-EAP authentication for this SSID. The value 'wpa1' should be selected only when encryption is TKIP. The value 'wpa2' should be selected only when encryption is either TKIP or AES-CCMP. If none of the bits are set, there is no run-time key management for this SSID.
OBJECT-TYPE    
  CDot11SecAuthKeyMgmtType  

cdot11SecAuxSsidAuthKeyMgmtOpt 1.3.6.1.4.1.9.9.413.1.1.1.1.12
This object specifies if the type of key management, cdot11SecAuxSsidAuthKeyMgmt, selected is optional. If it is 'true' and cdot11SecAuxSsidAuthKeyMgmt is not 'none', the key management is optional. If it is 'false' and cdot11SecAuxSsidAuthKeyMgmt is not 'none', the key management is mandatory.
OBJECT-TYPE    
  TruthValue  

cdot11SecAuxSsidRowStatus 1.3.6.1.4.1.9.9.413.1.1.1.1.13
This is used to create a new SSID entry on this device, and modify or delete an existing SSID entry. Creation of rows must be done via 'createAndGo' with or without optional objects. This object will become 'active' if the NMS performs a multivarbind set including this object and successfully creates the SSID on this device. Modification and deletion (via 'destroy') of rows can be done when this object is 'active'. Any change to an existing SSID configuration can cause clients associating with the SSID to disassociate. And, depends on the implementation, changes on the existing SSIDs may not affect installed SSID on the radio interfaces. Therefore, users are advised to reset the corresponding SSID on the radio interface via the cdot11SecInterfSsidTable.
OBJECT-TYPE    
  RowStatus  

cdot11SecAuxSsidWirelessNetId 1.3.6.1.4.1.9.9.413.1.1.1.1.14
This object sets the Wireless Network ID of this SSID. This ID is used for Cisco GRE tunneling in layer 3 switching. The valid range for the ID is '1' to '4096' and the default value is '0' and it indicates no ID is configured or used on this SSID.
OBJECT-TYPE    
  Integer32 0..4096  

cdot11SecSsidRedirectAddrType 1.3.6.1.4.1.9.9.413.1.1.1.1.15
This is the address type of for the cdot11SecSsidRedirectDestAddr.
OBJECT-TYPE    
  InetAddressType  

cdot11SecSsidRedirectDestAddr 1.3.6.1.4.1.9.9.413.1.1.1.1.16
This is the destination address set to all packets received from wireless clients associated to this wireless station using the cdot11SecAuxSsid. The cdot11SecSsidRedirectAddrType specifies the type of this address. The default value '00000000'H of cdot11SecSsidRedirectAddrType 'ipv4' indicates that this packet redirection feature is not enabled.
OBJECT-TYPE    
  InetAddress  

cdot11SecSsidRedirectFilter 1.3.6.1.4.1.9.9.413.1.1.1.1.17
When the packet redirection feature is enable (i.e., cdot11SecSsidRedirectAddrType is 'ipv4' and cdot11SecSsidRedirectDestAddr value is not '00000000'H), this is the Cisco IP extended access list number or name used for filtering packets from wireless clients. Only packets passed by the access list will be allowed to forward to the cdot11SecSsidRedirectDestAddr. If packet redirection is disabled, this access list will not be applied. The default value is an empty string to indicate that no access list filter will be applied.
OBJECT-TYPE    
  SnmpAdminString  

cdot11SecSsidInformationElement 1.3.6.1.4.1.9.9.413.1.1.1.1.18
This is the set of Information Elements and extended capabilities embedded in the SSID broadcasted in beacons and probe responses. The extended capabilities 'advertisement' and 'wps' are allowed only if 'ssidl' is set.
OBJECT-TYPE    
  CDot11InformationElementType  

cdot11SecAuxSsidVlanName 1.3.6.1.4.1.9.9.413.1.1.1.1.19
This is the name of the cdot11SecAuxSsidVlan. Either cdot11SecAuxSsidVlan or cdot11SecAuxSsidVlanName can be used to set the VLAN trunk for client traffic of this SSID. If both cdot11SecAuxSsidVlanName and cdot11SecAuxSsidVlan are set in a query, the set query will succeed if only if there is a matching pair of cdot11SecVlanName and cdot11SecVlanNameId in the cdot11SecVlanNameTable. The default value is a blank string, no VLAN or VLAN name is configured or used for this SSID.
OBJECT-TYPE    
  CDot11VlanName  

cdot11SecAuxSsidMbssidBroadcast 1.3.6.1.4.1.9.9.413.1.1.1.1.20
This object controls if this SSID shall be broadcasted if MBSSID is enabled at the interface which this SSID is attached, i.e. if both cd11IfMultipleBssidEnable and cdot11SecAuxSsidMbssidBroadcastis are 'true', then this SSID is broadcasted. Otherwise, this SSID is not broadcasted.
OBJECT-TYPE    
  TruthValue  

cdot11SecAuxSsidMbssidDtimPeriod 1.3.6.1.4.1.9.9.413.1.1.1.1.21
This is the DTIM period for this MBSSID enabled SSID. It is the number of beacon intervals that shall elapse between transmission of Beacons frames containing a TIM element whose DTIM Count field is 0. This DTIM period is only applicable if MBSSID is enabled at the interface which this SSID is attached, i.e. cd11IfMultipleBssidEnable is 'true'. The default value is 0 which indicates dot11DTIMPeriod of IEEE802dot11-MIB is used. The current valid DTIM period range for the radio is 1 to 100.
OBJECT-TYPE    
  Integer32 0..255  

cdot11SecAuxSsidAuthTable 1.3.6.1.4.1.9.9.413.1.1.2
This table contains attributes to configure authentication parameters for SSIDs listed in the cdot11SecAuxSsidTable. This table extends the IEEE802dot11-MIB dot11AuthenticationAlgorithmsTable to defines additional attributes authentication procedures for multiple SSIDs. Multiple authentication algorithms can apply to a single auxiliary SSID. This table has an expansion dependent relationship on the cdot11SecAuxSsidTable. For each entry in this table, there exists at least an entry in the cdot11SecAuxSsidTable.
OBJECT-TYPE    
  SEQUENCE OF  
    Cdot11SecAuxSsidAuthEntry

cdot11SecAuxSsidAuthEntry 1.3.6.1.4.1.9.9.413.1.1.2.1
Each entry specifies a pre-defined authentication algorithms and additional authentication procedures for clients of an auxiliary SSID. The three pre-defined authentication algorithms are: openSystem(1), sharedKey(2), and network-EAP(3). The valid combination of the pre-defined authentications and additional procedures are: openSystem(1) - plus EAP - plus MAC or EAP sharedKey(2) - plus MAC and EAP - plus EAP network-EAP(3) - plus MAC.
OBJECT-TYPE    
  Cdot11SecAuxSsidAuthEntry  

cdot11SecAuxSsidAuthEnabled 1.3.6.1.4.1.9.9.413.1.1.2.1.1
If the value is 'true', this device may authenticate an association using SSID (specified by cdot11SecAuxSsid) with the corresponding pre-defined algorithm (identified by the dot11AuthenticationAlgorithmsIndex). The default value is 'true'.
OBJECT-TYPE    
  TruthValue  

cdot11SecAuxSsidAuthPlusEap 1.3.6.1.4.1.9.9.413.1.1.2.1.2
If both the values of this object and cdot11SecAuxSsidAuthEnabled are 'true', the association authentication must complete additional network-level EAP authentication before client stations will be unblocked from their association attempts. If the value of this object is 'false' while cdot11SecAuxSsidAuthEnabled is 'true', client stations will be unblocked as soon as they complete the enabled IEEE 802.11 authentication. The default value is 'false' for no additional EAP authentication.
OBJECT-TYPE    
  TruthValue  

cdot11SecAuxSsidAuthPlusMac 1.3.6.1.4.1.9.9.413.1.1.2.1.3
If both the values of this object and cdot11SecAuxSsidAuthEnabled are 'true', the association authentication must complete additional MAC address authentication before client stations will be unblocked from their association attempts. If the value of this object is 'false' while cdot11SecAuxSsidAuthEnabled is 'true', client stations will be unblocked as soon as they complete the enabled IEEE 802.11 authentication. The default value is 'false' for no additional MAC address authentication.
OBJECT-TYPE    
  TruthValue  

cdot11SecAuxSsidAuthEapMethod 1.3.6.1.4.1.9.9.413.1.1.2.1.4
If the value of cdot11SecAuxSsidAuthPlusEap is 'true' or dot11AuthenticationAlgorithm is Network-EAP, this is the EAP method list to use for the EAP authentication. The default is an empty string if EAP is not used.
OBJECT-TYPE    
  SnmpAdminString  

cdot11SecAuxSsidAuthMacMethod 1.3.6.1.4.1.9.9.413.1.1.2.1.5
If the value of cdot11SecAuxSsidAuthPlusMac is 'true', this is the MAC address method list to use for the MAC authentication. The default is an empty string if MAC address authentication is not used.
OBJECT-TYPE    
  SnmpAdminString  

cdot11SecAuxSsidAuthMacAlternate 1.3.6.1.4.1.9.9.413.1.1.2.1.6
If the values of this object, cdot11SecAuxSsidAuthEnabled, cdot11SecAuxSsidAuthPlusMac, and cdot11SecAuxSsidAuthPlusEap are all 'true' and the dot11AuthenticationAlgorithm is 'openSystem' the, the association authentication only need to complete either additional MAC address or additional EAP authentication before client stations will be unblocked from their association attempts. If the value of this object is 'false', only one of the two additional authentications should be enabled. The default value is 'false' for only one additional should be configured.
OBJECT-TYPE    
  TruthValue  

cdot11SecInterfSsidTable 1.3.6.1.4.1.9.9.413.1.1.3
This table contains the list of SSIDs installed on radio interfaces of this device and are used for client association. This table has an expansion dependent relationship on the ifTable. For each entry in this table, there exists at least an entry in the ifTable of ifType ieee80211(71).
OBJECT-TYPE    
  SEQUENCE OF  
    Cdot11SecInterfSsidEntry

cdot11SecInterfSsidEntry 1.3.6.1.4.1.9.9.413.1.1.3.1
A collection of attributes for an auxiliary service set ID installed on a IEEE 802.11 radio interface. An interface can have multiple auxiliary service set ID installed and the current maximum for each radio interface is 16 SSIDs, and the cd11IfAuxiliarySsidLength object specifies the configured maximum.
OBJECT-TYPE    
  Cdot11SecInterfSsidEntry  

cdot11SecInterfSsidRowStatus 1.3.6.1.4.1.9.9.413.1.1.3.1.1
This is used to install a new SSID configuration, and modify or delete an existing SSID configuration on a radio interface. Creation of rows must be done via 'createAndGo' and with an existing ifIndex of ifType ieee80211(71) and an existing cdot11SecAuxSsid in the cdot11SecAuxSsidTable. This object will become 'active' if the NMS performs a multivarbind set including this object and successfully installs the SSID on this interface. Modification and deletion (via 'destroy') of rows can be done when this object is 'active'. Any change to an existing SSID configuration can cause clients associating with the SSID to disassociate.
OBJECT-TYPE    
  RowStatus  

cdot11MbssidMacAddrSupportTable 1.3.6.1.4.1.9.9.413.1.1.4
This table contains the list of available radio MAC addresses for supporting MBSSID on the IEEE 802.11 radio. This table has an expansion dependent relationship on the ifTable. For each entry in this table, there exists at least an entry in the ifTable of ifType ieee80211(71).
OBJECT-TYPE    
  SEQUENCE OF  
    Cdot11MbssidMacAddrSupportEntry

cdot11MbssidMacAddrSupportEntry 1.3.6.1.4.1.9.9.413.1.1.4.1
Each entry is a MAC address assigned to the IEEE 802.11 radio available to be used as a BSSID and broadcasted in the radio beacon when MBSSID feature is enabled.
OBJECT-TYPE    
  Cdot11MbssidMacAddrSupportEntry  

cdot11MbssidMacAddrIndex 1.3.6.1.4.1.9.9.413.1.1.4.1.1
This is an unique index identifying the MAC address assigned on the radio. If MBSSID is not supported on this device, the only available index number is 1. Currently, if MBSSID is supported, the index numbers are 1 to 16.
OBJECT-TYPE    
  Integer32 1..256  

cdot11MbssidMacAddrSupported 1.3.6.1.4.1.9.9.413.1.1.4.1.2
This MAC address can be used as BSSID and broadcasted in the beacon with a SSID when cd11IfMultipleBssidEnable is 'true'.
OBJECT-TYPE    
  MacAddress  

cdot11MbssidInterfaceTable 1.3.6.1.4.1.9.9.413.1.1.5
This table displays the list of SSIDs and their corresponding BSSIDs configured on the IEEE 802.11 radios. This table has an expansion dependent relationship on the ifTable. For each entry in this table, there exists at least an entry in the ifTable of ifType ieee80211(71).
OBJECT-TYPE    
  SEQUENCE OF  
    Cdot11MbssidInterfaceEntry

cdot11MbssidInterfaceEntry 1.3.6.1.4.1.9.9.413.1.1.5.1
Each entry defines an SSID being configured on the radio and the corresponding BSSID.
OBJECT-TYPE    
  Cdot11MbssidInterfaceEntry  

cdot11MbssidIfMacAddress 1.3.6.1.4.1.9.9.413.1.1.5.1.1
This is the BSSID to be sent with the radio SSID. If MBSSID feature is not enabled (i.e. cd11IfMultipleBssidEnable is 'false'), all SSIDs will be sent by the radio with the same BSSID and that is the radio hardware MAC address. If MBSSID feature is enabled (i.e. cd11IfMultipleBssidEnable is 'true'), all SSIDs will be sent by the radio with different BSSIDs.
OBJECT-TYPE    
  MacAddress  

cdot11MbssidIfBroadcast 1.3.6.1.4.1.9.9.413.1.1.5.1.2
If d11IfMultipleBssidEnable is 'true', MBSSID is enabled for the radio and this SSID is a broadcast SSID as follows 'true' - This SSID is a broadcast SSID and being broadcasted in the radio beacon. 'false' - This SSID is not a broadcast SSID and is not broadcasted in the radio beacon.
OBJECT-TYPE    
  TruthValue  

cdot11SecSsidMaxBackupVlans 1.3.6.1.4.1.9.9.413.1.1.6
Maximum number of backup VLANs that can be configured on a SSID.
OBJECT-TYPE    
  Unsigned32 1..128  

cdot11SecSsidBackupVlanTable 1.3.6.1.4.1.9.9.413.1.1.7
This table lists the backup VLANs configured on a SSID. The number of backup VLANs that can be configured for each SSID identified by cdot11SecAuxSsid is limited by the value of dot11SecSsidMaxBackupVlans. This table has an expansion depedent relationship with cdot11SecAuxSsidTable. The value of cdot11SecAuxSsid for the entries in this table must exist in cdot11SecAuxSsidTable. When an entry in cdot11SecAuxSsidTable is deleted, all the backup VLANs configured for the corresponding SSID get deleted from this table.
OBJECT-TYPE    
  SEQUENCE OF  
    Cdot11SecSsidBackupVlanEntry

cdot11SecSsidBackupVlanEntry 1.3.6.1.4.1.9.9.413.1.1.7.1
Each entry defines a backup VLAN configured on an SSID.
OBJECT-TYPE    
  Cdot11SecSsidBackupVlanEntry  

cdot11SecSsidBackupVlan 1.3.6.1.4.1.9.9.413.1.1.7.1.1
The backup VLAN configured on a SSID identified by the instance identifier value of cdot11SecAuxSsid.
OBJECT-TYPE    
  CDot11IfVlanIdOrZero 1..4095  

cdot11SecSsidBackupVlanRowStatus 1.3.6.1.4.1.9.9.413.1.1.7.1.2
The status of this conceptual row.
OBJECT-TYPE    
  RowStatus  

cdot11SecLocalAuthServerEnabled 1.3.6.1.4.1.9.9.413.1.2.1
This object configures the use of local authentication server. If it is 'true', local authentication server is enabled. If it is 'false', the local authentication server is disabled. If both local and network servers are configured, the local server is used as back up when network authentication server is not available.
OBJECT-TYPE    
  TruthValue  

cdot11SecVlanNameTable 1.3.6.1.4.1.9.9.413.1.4.1
This table contains the mapping of VLAN names to IDs. A RADIUS server servering this wireless station can assign wireless clients associating to this station to a particular VLAN by either a VLAN name or an ID. When the VLAN assign of a client is via VLAN name, this table is used to look up for the corresponding VLAN ID and VLAN configured on this wireless station. Each VLAN name uniquely identifies a VLAN on a wireless station, and a VLAN ID can associate to multiple VLAN names in this table.
OBJECT-TYPE    
  SEQUENCE OF  
    Cdot11SecVlanNameEntry

cdot11SecVlanNameEntry 1.3.6.1.4.1.9.9.413.1.4.1.1
A collection of attributes defining the properties of a VLAN name and the corresponding VLAN ID.
OBJECT-TYPE    
  Cdot11SecVlanNameEntry  

cdot11SecVlanName 1.3.6.1.4.1.9.9.413.1.4.1.1.1
This object defines the VLAN name assigned to wireless clients by the RADIUS server serving this wireless station.
OBJECT-TYPE    
  CDot11VlanName  

cdot11SecVlanNameId 1.3.6.1.4.1.9.9.413.1.4.1.1.2
This object defines the VLAN trunk to which a client associating to this wireless station will be on. The value is '0' is not valid.
OBJECT-TYPE    
  CDot11IfVlanIdOrZero  

cdot11SecVlanNameRowStatus 1.3.6.1.4.1.9.9.413.1.4.1.1.3
This is used to create a new VLAN name to ID mapping entry on this device, and modify or delete an existing mapping entry. Creation of rows must be done via 'createAndGo' with all other mandatory objects. This object will become 'active' if the NMS performs a multivarbind set including this object and successfully creates the VLAN name entry on this device. Modification and deletion (via 'destroy') of rows can be done when this object is 'active'. Any change to an existing VLAN name to ID mapping configuration do not affect existing associated wireless clients.
OBJECT-TYPE    
  RowStatus  

ciscoDot11SsidSecMIBConformance 1.3.6.1.4.1.9.9.413.2
OBJECT IDENTIFIER    

ciscoDot11SsidSecMIBCompliances 1.3.6.1.4.1.9.9.413.2.1
OBJECT IDENTIFIER    

ciscoDot11SsidSecMIBGroups 1.3.6.1.4.1.9.9.413.2.2
OBJECT IDENTIFIER    

ciscoDot11SsidSecCompliance 1.3.6.1.4.1.9.9.413.2.1.1
Only the values 'createAndGo', 'destroy', and 'active' need to be supported.
MODULE-COMPLIANCE    
  cdot11SecAuxSsidRowStatus INTEGER active(1), createAndGo(4), destroy(6)
  cdot11SecInterfSsidRowStatus INTEGER active(1), createAndGo(4), destroy(6)
  cdot11SecVlanNameRowStatus INTEGER active(1), createAndGo(4), destroy(6)

ciscoDot11SsidSecComplianceRev1 1.3.6.1.4.1.9.9.413.2.1.2
Only the values 'createAndGo', 'destroy', and 'active' need to be supported.
MODULE-COMPLIANCE    
  cdot11SecAuxSsidRowStatus INTEGER active(1), createAndGo(4), destroy(6)
  cdot11SecInterfSsidRowStatus INTEGER active(1), createAndGo(4), destroy(6)
  cdot11SecVlanNameRowStatus INTEGER active(1), createAndGo(4), destroy(6)
  cdot11SecSsidBackupVlanRowStatus INTEGER active(1), createAndGo(4), destroy(6)

cdot11SecSsidManagementGroup 1.3.6.1.4.1.9.9.413.2.2.1
This group includes objects to manage SSID on IEEE 802.11 devices and interfaces.
OBJECT-GROUP    

cdot11SsidAuthenticationGroup 1.3.6.1.4.1.9.9.413.2.2.2
This group includes objects to manage the association and authentication algorithms for SSIDs.
OBJECT-GROUP    

cdot11ModuleAuthenticationGroup 1.3.6.1.4.1.9.9.413.2.2.3
This group includes objects to manage the association and authentication of this wireless station module.
OBJECT-GROUP    

cdot11SecVlanManagementGroup 1.3.6.1.4.1.9.9.413.2.2.4
This group includes objects to manage the VLAN name and ID mapping table.
OBJECT-GROUP    

cdot11MbssidSupportGroup 1.3.6.1.4.1.9.9.413.2.2.5
This group includes objects providing MBSSID configuration information.
OBJECT-GROUP    

cdot11SecSsidBackupVlanManagementGroup 1.3.6.1.4.1.9.9.413.2.2.6
This group of objects are to manage the backup VLAN configuration on a SSID.
OBJECT-GROUP