CISCO-LWAPP-AAA-MIB

File: CISCO-LWAPP-AAA-MIB.mib (42309 bytes)

Imported modules

SNMPv2-SMI SNMPv2-CONF SNMPv2-TC
INET-ADDRESS-MIB SNMP-FRAMEWORK-MIB CISCO-LWAPP-TC-MIB
CISCO-LWAPP-WLAN-MIB CISCO-SMI

Imported symbols

MODULE-IDENTITY OBJECT-TYPE NOTIFICATION-TYPE
Unsigned32 Integer32 Gauge32
MODULE-COMPLIANCE NOTIFICATION-GROUP OBJECT-GROUP
MacAddress DisplayString TruthValue
StorageType RowStatus TimeInterval
InetAddressType InetAddress InetPortNumber
SnmpAdminString CLSecKeyFormat cLWlanIndex
ciscoMgmt

Defined Types

ClaPriorityEntry  
SEQUENCE    
  claPriorityAuth INTEGER
  claPriorityOrder Unsigned32

ClaTacacsServerEntry  
SEQUENCE    
  claTacacsServerType INTEGER
  claTacacsServerPriority Unsigned32
  claTacacsServerAddressType InetAddressType
  claTacacsServerAddress InetAddress
  claTacacsServerPortNum InetPortNumber
  claTacacsServerEnabled TruthValue
  claTacacsServerSecretType CLSecKeyFormat
  claTacacsServerSecret DisplayString
  claTacacsServerTimeout Unsigned32
  claTacacsServerStorageType StorageType
  claTacacsServerRowStatus RowStatus

ClaWlanEntry  
SEQUENCE    
  claWlanAcctServerEnabled TruthValue
  claWlanAuthServerEnabled TruthValue

ClaRadiusServerEntry  
SEQUENCE    
  claRadiusReqId Unsigned32
  claRadiusAddressType InetAddressType
  claRadiusAddress InetAddress
  claRadiusPortNum InetPortNumber
  claRadiusWlanIdx Unsigned32
  claRadiusClientMacAddress MacAddress
  claRadiusUserName DisplayString

Defined Values

ciscoLwappAAAMIB 1.3.6.1.4.1.9.9.598
This MIB is intended to be implemented on all those devices operating as Central Controllers (CC), that terminate the Light Weight Access Point Protocol tunnel from Cisco Light-weight LWAPP Access Points. Information provided by this MIB is used to manage AAA information on the controller. The relationship between CC and the LWAPP APs can be depicted as follows: +......+ +......+ +......+ + + + + + + + CC + + CC + + CC + + + + + + + +......+ +......+ +......+ .. . . .. . . . . . . . . . . . . . . . . . . +......+ +......+ +......+ +......+ + + + + + + + + + AP + + AP + + AP + + AP + + + + + + + + + +......+ +......+ +......+ +......+ . . . . . . . . . . . . . . . . . . . +......+ +......+ +......+ +......+ + + + + + + + + + MN + + MN + + MN + + MN + + + + + + + + + +......+ +......+ +......+ +......+ The LWAPP tunnel exists between the controller and the APs. The MNs communicate with the APs through the protocol defined by the 802.11 standard. LWAPP APs, upon bootup, discover and join one of the controllers and the controller pushes the configuration, that includes the WLAN parameters, to the LWAPP APs. The APs then encapsulate all the 802.11 frames from wireless clients inside LWAPP frames and forward the LWAPP frames to the controller. GLOSSARY Access Point ( AP ) An entity that contains an 802.11 medium access control ( MAC ) and physical layer ( PHY ) interface and provides access to the distribution services via the wireless medium for associated clients. LWAPP APs encapsulate all the 802.11 frames in LWAPP frames and sends them to the controller to which it is logically connected. Light Weight Access Point Protocol ( LWAPP ) This is a generic protocol that defines the communication between the Access Points and the Central Controller. Mobile Node ( MN ) A roaming 802.11 wireless device in a wireless network associated with an access point. Mobile Node and client are used interchangeably. Terminal Access Controller Access-Control System ( TACACS ) A remote authentication protocol that is used to communicate with an authentication server. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access to the network. Remote Authentication Dial In User Service (RADIUS) It is an AAA (authentication, authorization and accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations. Wireless LAN ( WLAN ) It is a wireless local area network, which is the linking of two or more computers without using wires. It uses radio communication to accomplish the same functionality of a wired LAN. PAP - Password Authentication Protocol CHAP - Challenge Handshake Authentication Protocol MD5-CHAP - Message Digest 5 Challenge Handshake Authentication Protocol LSC - Local Significant Certificate LSC can be used if we want our own public key infrastructure (PKI) to provide better security, to have control of our certificate authority (CA), and to define policies, restrictions, and usages on the generated certificates. REFERENCE [1] Wireless LAN Medium Access Control ( MAC ) and Physical Layer ( PHY ) Specifications [2] Draft-obara-capwap-lwapp-00.txt, IETF Light Weight Access Point Protocol
MODULE-IDENTITY    

ciscoLwappAAAMIBNotifs 1.3.6.1.4.1.9.9.598.0
OBJECT IDENTIFIER    

ciscoLwappAAAMIBObjects 1.3.6.1.4.1.9.9.598.1
OBJECT IDENTIFIER    

ciscoLwappAAAMIBConform 1.3.6.1.4.1.9.9.598.2
OBJECT IDENTIFIER    

claConfigObjects 1.3.6.1.4.1.9.9.598.1.1
OBJECT IDENTIFIER    

claStatusObjects 1.3.6.1.4.1.9.9.598.1.2
OBJECT IDENTIFIER    

claPriorityTable 1.3.6.1.4.1.9.9.598.1.1.1
This table contains entries for AAA authentication methods configured in the controller. At startup, all the entries in this table are set up by the central controller. A management application can later change the priority order using the claPriorityOrder.
OBJECT-TYPE    
  SEQUENCE OF  
    ClaPriorityEntry

claPriorityEntry 1.3.6.1.4.1.9.9.598.1.1.1.1
A conceptual row in claPriorityTable. There is an entry in this table for each AAA authentication method available at the agent, as identified by a value of claPriorityAuth.
OBJECT-TYPE    
  ClaPriorityEntry  

claPriorityAuth 1.3.6.1.4.1.9.9.598.1.1.1.1.1
This object represents the authentication method used to authenticate users. local - indicates that local password is used for authentication. radius - indicates that RADIUS method is used for authentication. tacacsplus - indicates that TACACS method is used for authentication.
OBJECT-TYPE    
  INTEGER local(1), radius(2), tacacsplus(3)  

claPriorityOrder 1.3.6.1.4.1.9.9.598.1.1.1.1.2
This is the priority order of an authentication method to be used in user authentication for a session. At start up, the agent assigns the value of this object. Later this can be changed by the management station. This object reflects the relative priority of the authentication method denoted by claPriorityAuth with respect to already configured authentication methods. The zero value indicates that the priority is not set and that the authentication methods are applied in ascending order. Each object must contain a unique value for claPriorityOrder or zero. In the case when a priority is set for a value that is already used by existing object the existing object's claPriorityOrder with be swapped.
OBJECT-TYPE    
  Unsigned32 0..10  

claTacacsServerTable 1.3.6.1.4.1.9.9.598.1.1.2
This table represents the information about configuring the Accounting, Authentication and Authorization servers. The creation of a new row in claTacacsServerTable is through an explicit network management action results in creation of an entry in this table. Similarly, deletion of a row in claTacacsServerTable through user action causes the deletion of corresponding row in this table. The claTacacsServerType defines the server type being used and the claTacacsServerPriority defines the priority the server accessed within a given type.
OBJECT-TYPE    
  SEQUENCE OF  
    ClaTacacsServerEntry

claTacacsServerEntry 1.3.6.1.4.1.9.9.598.1.1.2.1
Each entry in this table provides information about the server that is configured for AAA. Each entry is uniquely identified by the server type and priority that server is accessed.
OBJECT-TYPE    
  ClaTacacsServerEntry  

claTacacsServerType 1.3.6.1.4.1.9.9.598.1.1.2.1.1
This attribute identifies the type of the server being configured.
OBJECT-TYPE    
  INTEGER authentication(1), authorization(2), accounting(3)  

claTacacsServerPriority 1.3.6.1.4.1.9.9.598.1.1.2.1.2
The priority value for this entry. This value determines the unique priority for this entry. The priority value for this entry determines the order in which the server configured in this entry is accessed. The lower the number, the higher the priority. For example if there are 2 entries with priority 1 and 2 respectively, the controller will try the server with priority 1 before it tries the server with priority 2.
OBJECT-TYPE    
  Unsigned32  

claTacacsServerAddressType 1.3.6.1.4.1.9.9.598.1.1.2.1.3
This object represents the type of the network address made available through claTacacsServerAddress. This object must be set to a valid value before setting the row to 'active'.
OBJECT-TYPE    
  InetAddressType  

claTacacsServerAddress 1.3.6.1.4.1.9.9.598.1.1.2.1.4
This object represents the address of the AAA server. The type of the address stored in this object is determined by the claTacacsServerAddressType object. This object must be set to a valid value before setting the row to 'active'.
OBJECT-TYPE    
  InetAddress  

claTacacsServerPortNum 1.3.6.1.4.1.9.9.598.1.1.2.1.5
The port number for this server. This object must be set to a valid value before setting the row to 'active'.
OBJECT-TYPE    
  InetPortNumber  

claTacacsServerEnabled 1.3.6.1.4.1.9.9.598.1.1.2.1.6
When set to true the server state is enabled, otherwise the state is disabled.
OBJECT-TYPE    
  TruthValue  

claTacacsServerSecretType 1.3.6.1.4.1.9.9.598.1.1.2.1.7
The claTacacsServerSecret value is set based on this type. When reading this object, the value 'default' is always returned. This object must be set to a valid value before setting the row to 'active'.
OBJECT-TYPE    
  CLSecKeyFormat  

claTacacsServerSecret 1.3.6.1.4.1.9.9.598.1.1.2.1.8
The key configured for this server. For get operation this always returns a string with asterisks. This object must be set to a valid value before setting the row to 'active'. This object can be modified when a row is in the 'active' state.
OBJECT-TYPE    
  DisplayString  

claTacacsServerTimeout 1.3.6.1.4.1.9.9.598.1.1.2.1.9
The number of seconds between retransmissions. This object can be modified when a row is in the 'active' state.
OBJECT-TYPE    
  Unsigned32 5..30  

claTacacsServerStorageType 1.3.6.1.4.1.9.9.598.1.1.2.1.10
The storage type for this conceptual row. Conceptual rows having the value 'permanent' need not allow write-access to any columnar objects in the row.
OBJECT-TYPE    
  StorageType  

claTacacsServerRowStatus 1.3.6.1.4.1.9.9.598.1.1.2.1.11
Used to add or delete an entry in this table. The required parameters for this entry are claTacacsServerAddress, claTacacsServerAddressType, claTacacsServerPortNum, claTacacsServerSecret and claTacacsServerSecretType should be provided. When a row is in 'active' state, some objects in this table can be modified as described in each individual object's description.
OBJECT-TYPE    
  RowStatus  

claWlanTable 1.3.6.1.4.1.9.9.598.1.1.3
AAA table corresponding to a WLAN. When WLAN is added a new entry gets added to this table. The entry is removed when the WLAN is removed.
OBJECT-TYPE    
  SEQUENCE OF  
    ClaWlanEntry

claWlanEntry 1.3.6.1.4.1.9.9.598.1.1.3.1
Each entry in this table provides AAA information for a WLAN.
OBJECT-TYPE    
  ClaWlanEntry  

claWlanAcctServerEnabled 1.3.6.1.4.1.9.9.598.1.1.3.1.1
Status to indicate whether the account server is enabled(true) or disabled(false) for this WLAN.
OBJECT-TYPE    
  TruthValue  

claWlanAuthServerEnabled 1.3.6.1.4.1.9.9.598.1.1.3.1.2
This object represents the status whether the authentication server is enabled(true) or disabled(false) for this WLAN.
OBJECT-TYPE    
  TruthValue  

claSaveUserData 1.3.6.1.4.1.9.9.598.1.1.9
This object is used to save the guest user config to NVRAM. Setting to the value of 'true' would save the data. Setting to the value of 'false' would have no implications here.
OBJECT-TYPE    
  TruthValue  

claWebRadiusAuthentication 1.3.6.1.4.1.9.9.598.1.1.10
This object is used to configure the Web RADIUS Authentication parameters on the WLC. PAP (1) - Configure Web RADIUS Authentication in PAP mode. CHAP (2) - Configure Web RADIUS Authentication in CHAP mode. MD5-CHAP (3) - Configure Web RADIUS Authentication in MD5-CHAP mode.
OBJECT-TYPE    
  INTEGER pap(1), chap(2), md5-chap(3)  

claRadiusFallbackMode 1.3.6.1.4.1.9.9.598.1.1.11
This object is used to configure the RADIUS Fallback Test mode on the WLC. Following are the configurable options: off (1) - Disables RADIUS server fallback test. passive (2) - Sets server status based on last transaction. active (3) - Sends probes to dead servers to test status.
OBJECT-TYPE    
  INTEGER off(1), passive(2), active(3)  

claRadiusFallbackUsername 1.3.6.1.4.1.9.9.598.1.1.12
This object is used to configure the RADIUS Fallback Test username to be sent in dead server probes
OBJECT-TYPE    
  SnmpAdminString  

claRadiusFallbackInterval 1.3.6.1.4.1.9.9.598.1.1.13
This object is used to configure the probe interval (when claRadiusFallbackMode is in active mode) or inactive time (when claRadiusFallbackMode is in passive mode)
OBJECT-TYPE    
  TimeInterval 180..3600  

claRadiusAuthMacDelimiter 1.3.6.1.4.1.9.9.598.1.1.14
The delimiter to be used for RADIUS authentication servers. The possible values allowed are - no delimiter (1) - as in xxxxxxxxxxxx. colon (2) - as in xx:xx:xx:xx:xx:xx. hyphen (3) - as in xx-xx-xx-xx-xx-xx. single hyphen (4) - as in xxxxxx-xxxxxx.
OBJECT-TYPE    
  INTEGER noDelimiter(1), colon(2), hyphen(3), singleHyphen(4)  

claRadiusAcctMacDelimiter 1.3.6.1.4.1.9.9.598.1.1.15
The delimiter to be used for RADIUS accounting servers. The possible values allowed are - no delimiter (1) - as in xxxxxxxxxxxx. colon (2) - as in xx:xx:xx:xx:xx:xx. hyphen (3) - as in xx-xx-xx-xx-xx-xx. single hyphen (4) - as in xxxxxx-xxxxxx.
OBJECT-TYPE    
  INTEGER noDelimiter(1), colon(2), hyphen(3), singleHyphen(4)  

claAcceptMICertificate 1.3.6.1.4.1.9.9.598.1.1.16
This object specifies if controller will accept Manufactured Installed Certificate from the access points as part of authorization.
OBJECT-TYPE    
  TruthValue  

claAcceptLSCertificate 1.3.6.1.4.1.9.9.598.1.1.17
This object specifies if controller will accept Local Significant Certificate from access points as part of authorization.
OBJECT-TYPE    
  TruthValue  

claAllowAuthorizeLscApAgainstAAA 1.3.6.1.4.1.9.9.598.1.1.18
This object specifies if access points to be authorized using a AAA RADIUS server or local database. If this object is false, the access points would be authorized using a local database.
OBJECT-TYPE    
  TruthValue  

claRadiusServerTable 1.3.6.1.4.1.9.9.598.1.2.1
This table represents the information about the requests sent to the RADIUS servers. When a new request gets sent to the RADIUS server an entry gets added to this table. The agents maintains a circular queue which automatically gets overwritten once the queue is full.
OBJECT-TYPE    
  SEQUENCE OF  
    ClaRadiusServerEntry

claRadiusServerEntry 1.3.6.1.4.1.9.9.598.1.2.1.1
Each entry in this table provides information about a request that is sent to a RADIUS server. Each entry is uniquely identified by the request identifier.
OBJECT-TYPE    
  ClaRadiusServerEntry  

claRadiusReqId 1.3.6.1.4.1.9.9.598.1.2.1.1.1
This object indicates the request identifier of the request sent to the RADIUS server.
OBJECT-TYPE    
  Unsigned32  

claRadiusAddressType 1.3.6.1.4.1.9.9.598.1.2.1.1.2
This object indicates the address type for the RADIUS server.
OBJECT-TYPE    
  InetAddressType  

claRadiusAddress 1.3.6.1.4.1.9.9.598.1.2.1.1.3
This object indicates the address of the RADIUS server.
OBJECT-TYPE    
  InetAddress  

claRadiusPortNum 1.3.6.1.4.1.9.9.598.1.2.1.1.4
This object indicates the port number for the RADIUS server.
OBJECT-TYPE    
  InetPortNumber  

claRadiusWlanIdx 1.3.6.1.4.1.9.9.598.1.2.1.1.5
This object indicates the WLAN index whether the RADIUS server is activating and deactivating.
OBJECT-TYPE    
  Unsigned32 1..17  

claRadiusClientMacAddress 1.3.6.1.4.1.9.9.598.1.2.1.1.6
This object indicates the client MAC address that sent the request identified by the claRadiusReqId.
OBJECT-TYPE    
  MacAddress  

claRadiusUserName 1.3.6.1.4.1.9.9.598.1.2.1.1.7
This object identifies the user for whom the request identified by the claRadiusReqId was sent.
OBJECT-TYPE    
  DisplayString  

claDBCurrentUsedEntries 1.3.6.1.4.1.9.9.598.1.2.2
This object specifies the current database entries used. This includes the number of users, mac filters configured in the system.
OBJECT-TYPE    
  Gauge32  

claRadiusServerGlobalActivatedEnabled 1.3.6.1.4.1.9.9.598.1.1.4
The object to control the generation of ciscoLwappAAARadiusServerGlobalActivated notification. A value of 'true' indicates that the agent generates ciscoLwappAAARadiusServerGlobalActivated notification. A value of 'false' indicates that the agent doesn't generate ciscoLwappAAARadiusServerGlobalActivated notification.
OBJECT-TYPE    
  TruthValue  

claRadiusServerGlobalDeactivatedEnabled 1.3.6.1.4.1.9.9.598.1.1.5
The object to control the generation of ciscoLwappAAARadiusServerGlobalDeactivated notification. A value of 'true' indicates that the agent generates ciscoLwappAAARadiusServerGlobalDeactivated notification. A value of 'false' indicates that the agent doesn't generate ciscoLwappAAARadiusServerGlobalDeactivated notification.
OBJECT-TYPE    
  TruthValue  

claRadiusServerWlanActivatedEnabled 1.3.6.1.4.1.9.9.598.1.1.6
The object to control the generation of ciscoLwappAAARadiusServerWlanActivated notification. A value of 'true' indicates that the agent generates ciscoLwappAAARadiusServerWlanActivated notification. A value of 'false' indicates that the agent doesn't generate ciscoLwappAAARadiusServerWlanActivated notification.
OBJECT-TYPE    
  TruthValue  

claRadiusServerWlanDeactivatedEnabled 1.3.6.1.4.1.9.9.598.1.1.7
The object to control the generation of ciscoLwappAAARadiusServerWlanDeactivated notification. A value of 'true' indicates that the agent generates ciscoLwappAAARadiusServerWlanDeactivated notification. A value of 'false' indicates that the agent doesn't generate ciscoLwappAAARadiusServerWlanDeactivated notification.
OBJECT-TYPE    
  TruthValue  

claRadiusReqTimedOutEnabled 1.3.6.1.4.1.9.9.598.1.1.8
The object to control the generation of ciscoLwappAAARadiusReqTimedOut notification. A value of 'true' indicates that the agent generates ciscoLwappAAARadiusReqTimedOut notification. A value of 'false' indicates that the agent doesn't generate ciscoLwappAAARadiusReqTimedOut notification.
OBJECT-TYPE    
  TruthValue  

ciscoLwappAAARadiusServerGlobalActivated 1.3.6.1.4.1.9.9.598.0.1
This notification is sent by the agent when the controller detects that the RADIUS server is activated in the global list. The RADIUS server is identified by the address (claRadiusAddress) and port number (claRadiusPortNum).
NOTIFICATION-TYPE    

ciscoLwappAAARadiusServerGlobalDeactivated 1.3.6.1.4.1.9.9.598.0.2
This notification is sent by the agent when the controller detects that the RADIUS server is deactivated in the global list. The RADIUS server is identified by the address (claRadiusAddress) and port number (claRadiusPortNum).
NOTIFICATION-TYPE    

ciscoLwappAAARadiusServerWlanActivated 1.3.6.1.4.1.9.9.598.0.3
This notification is sent by the agent when the controller detects that the RADIUS server is activated on the WLAN. The RADIUS server is identified by the address (claRadiusAddress) and port number (claRadiusPortNum).
NOTIFICATION-TYPE    

ciscoLwappAAARadiusServerWlanDeactivated 1.3.6.1.4.1.9.9.598.0.4
This notification is sent by the agent when the controller detects that the RADIUS server is deactivated on the WLAN. The RADIUS server is identified by the address (claRadiusAddress) and port number (claRadiusPortNum).
NOTIFICATION-TYPE    

ciscoLwappAAARadiusReqTimedOut 1.3.6.1.4.1.9.9.598.0.5
This notification is sent by the agent when the controller detects that the RADIUS server failed to respond to request from a client/user. The RADIUS server is identified by the address (claRadiusAddress) and port number (claRadiusPortNum).
NOTIFICATION-TYPE    

ciscoLwappAAAMIBCompliances 1.3.6.1.4.1.9.9.598.2.1
OBJECT IDENTIFIER    

ciscoLwappAAAMIBGroups 1.3.6.1.4.1.9.9.598.2.2
OBJECT IDENTIFIER    

ciscoLwappAAAMIBCompliance 1.3.6.1.4.1.9.9.598.2.1.1
The compliance statement for the SNMP entities that implement the ciscoLwappAAAMIB module.
MODULE-COMPLIANCE    

ciscoLwappAAAMIBComplianceRev1 1.3.6.1.4.1.9.9.598.2.1.2
The compliance statement for the SNMP entities that implement the ciscoLwappAAAMIB module.
MODULE-COMPLIANCE    

ciscoLwappAAAMIBConfigGroup 1.3.6.1.4.1.9.9.598.2.2.1
This collection of objects specifies the required parameters for AAA.
OBJECT-GROUP    

ciscoLwappAAAMIBSaveUserConfigGroup 1.3.6.1.4.1.9.9.598.2.2.2
These is the configuration parameter related to guest user configuration saving.
OBJECT-GROUP    

ciscoLwappAAAMIBNotifsGroup 1.3.6.1.4.1.9.9.598.2.2.3
This collection of objects specifies the notifications for AAA.
NOTIFICATION-GROUP    

ciscoLwappAAAMIBStatusObjsGroup 1.3.6.1.4.1.9.9.598.2.2.4
This collection of objects represents the information about the general status attributes for AAA.
OBJECT-GROUP    

ciscoLwappAAAMIBDBEntriesGroup 1.3.6.1.4.1.9.9.598.2.2.5
This is the additional object which represent the information about the general status attributes for AAA.
OBJECT-GROUP    

ciscoLwappAAAMIBRadiusConfigGroup 1.3.6.1.4.1.9.9.598.2.2.6
These are the RADIUS web authentication and fallback related configuration parameters on the WLC.
OBJECT-GROUP    

ciscoLwappAAAMIBAPPolicyConfigGroup 1.3.6.1.4.1.9.9.598.2.2.7
These are the AP Policy related configuration parameters on the WLC.
OBJECT-GROUP    

ciscoLwappAAAMIBWlanAuthAccServerConfigGroup 1.3.6.1.4.1.9.9.598.2.2.8
These are the authentication and account server configuration parameters per wlan.
OBJECT-GROUP