ENTERASYS-WIFI-PROTECTED-ACCESS-MIB

File: ENTERASYS-WIFI-PROTECTED-ACCESS-MIB.mib (30220 bytes)

Imported modules

SNMPv2-SMI SNMPv2-CONF SNMPv2-TC
ENTERASYS-MIB-NAMES

Imported symbols

MODULE-IDENTITY OBJECT-TYPE Integer32
Unsigned32 Counter32 MODULE-COMPLIANCE
OBJECT-GROUP DisplayString MacAddress
TruthValue etsysModules

Defined Types

EtsysWPAConfigEntry  
SEQUENCE    
  etsysWPAConfigIndex INTEGER
  etsysWPAConfigOptionImplemented TruthValue
  etsysWPAConfigEnabled TruthValue
  etsysWPAConfigTKIPNumberOfReplayCounters INTEGER
  etsysWPAConfigVersion Integer32
  etsysWPAConfigPairwiseKeysSupported Unsigned32
  etsysWPAConfigMulticastCipher OCTET STRING
  etsysWPAConfigGroupRekeyMethod INTEGER
  etsysWPAConfigGroupRekeyTime Unsigned32
  etsysWPAConfigGroupRekeyPackets Unsigned32
  etsysWPAConfigGroupRekeyStrict TruthValue
  etsysWPAConfigPSKValue OCTET STRING
  etsysWPAConfigPSKPassPhrase DisplayString
  etsysWPAConfigPSKValueEntered TruthValue
  etsysWPAConfigMultipleAuthSuitesSupported TruthValue
  etsysWPAConfigGroupMasterRekeyTime Unsigned32
  etsysWPAConfigGroupUpdateTimeOut Unsigned32
  etsysWPAConfigGroupUpdateCount Unsigned32
  etsysWPAConfigPairwiseUpdateTimeOut Unsigned32
  etsysWPAConfigPairwiseUpdateCount Unsigned32
  etsysWPAConfigLegacyOptionSupported TruthValue
  etsysWPAConfigAllowLegacyClients TruthValue
  etsysWPAConfigRekeyPairwiseWEP TruthValue

EtsysWPAConfigUnicastCiphersEntry  
SEQUENCE    
  etsysWPAConfigUnicastCipherIndex Unsigned32
  etsysWPAConfigUnicastCipher OCTET STRING
  etsysWPAConfigUnicastCipherEnabled TruthValue

EtsysWPAConfigAuthenticationSuitesEntry  
SEQUENCE    
  etsysWPAConfigAuthenticationSuiteIndex Unsigned32
  etsysWPAConfigAuthenticationSuite OCTET STRING
  etsysWPAConfigAuthenticationSuiteEnabled TruthValue

EtsysWPAStatsEntry  
SEQUENCE    
  etsysWPAStatsIndex Unsigned32
  etsysWPAStatsSTAAddress MacAddress
  etsysWPAStatsVersion Unsigned32
  etsysWPAStatsSelectedUnicastCipher OCTET STRING
  etsysWPAStatsTKIPICVErrors Counter32
  etsysWPAStatsTKIPLocalMICFailures Counter32
  etsysWPAStatsTKIPRemoteMICFailures Counter32
  etsysWPAStatsTKIPCounterMeasuresInvoked Counter32

Defined Values

etsysWiFiProtectedAccessMIB 1.3.6.1.4.1.5624.1.2.32
This MIB module defines a portion of the SNMP enterprise MIBs under Enterasys Networks' enterprise OID pertaining to Wi-Fi Protected Access (WPA) management functionality. This implementation includes Enterasys variants of objects that appear in draft 3.0 of IEEE Std 802.11i, and are relevant to the Wi-Fi Alliance's WPA specification. Since the initial WPA implementation is TKIP-based, the initial version of this MIB does not include AES-specific objects.
MODULE-IDENTITY    

etsysWiFiProtectedAccessObjects 1.3.6.1.4.1.5624.1.2.32.1
OBJECT IDENTIFIER    

etsysWPAConfigTable 1.3.6.1.4.1.5624.1.2.32.1.1
The table containing WPA configuration objects.
OBJECT-TYPE    
  SEQUENCE OF  
    EtsysWPAConfigEntry

etsysWPAConfigEntry 1.3.6.1.4.1.5624.1.2.32.1.1.1
An entry in the etsysWPAConfigTable.
OBJECT-TYPE    
  EtsysWPAConfigEntry  

etsysWPAConfigIndex 1.3.6.1.4.1.5624.1.2.32.1.1.1.1
Each 802.11 interface is represented by an entry in the ifTable. If this index is zero, the information in this table shall apply to all 802.11 interfaces.
OBJECT-TYPE    
  INTEGER 0..2147483647  

etsysWPAConfigOptionImplemented 1.3.6.1.4.1.5624.1.2.32.1.1.1.2
This variable indicates whether the entity is WPA-capable.
OBJECT-TYPE    
  TruthValue  

etsysWPAConfigEnabled 1.3.6.1.4.1.5624.1.2.32.1.1.1.3
When this object is set to TRUE, this shall indicate that WPA is enabled on this entity. The entity will advertise the WPA Information Element in its Beacons and Probe Responses. This object requires that dot11PrivacyInvoked also be set to TRUE. If dot11PrivacyInvoked is TRUE and etsysWPAConfigEnabled is FALSE, the security mechanism used is WEP.
OBJECT-TYPE    
  TruthValue  

etsysWPAConfigTKIPNumberOfReplayCounters 1.3.6.1.4.1.5624.1.2.32.1.1.1.4
Specifies the number of replay counters: (0) - 1 replay counter, (1) - 2 replay counters, (2) - 4 replay counters, (3) - 16 replay counters.
OBJECT-TYPE    
  INTEGER  

etsysWPAConfigVersion 1.3.6.1.4.1.5624.1.2.32.1.1.1.5
The highest WPA version this entity supports.
OBJECT-TYPE    
  Integer32  

etsysWPAConfigPairwiseKeysSupported 1.3.6.1.4.1.5624.1.2.32.1.1.1.6
This object indicates how many pairwise keys the entity supports for WPA. When zero, it only supports (four) group keys.
OBJECT-TYPE    
  Unsigned32 0..4294967295  

etsysWPAConfigMulticastCipher 1.3.6.1.4.1.5624.1.2.32.1.1.1.7
This object indicates the multicast cipher suite selector the entity must use. The multicast cipher suite in the WPA Information Element shall take its value from this variable. It consists of an OUI (the three most significant octets) and a cipher suite identifier (the least significant octet). The network administrator can always override the automatically selected multicast cipher suite by writing this object.
OBJECT-TYPE    
  OCTET STRING Size(4)  

etsysWPAConfigGroupRekeyMethod 1.3.6.1.4.1.5624.1.2.32.1.1.1.8
This object selects a mechanism for rekeying the WPA Group Key. The default is time-based, once per day. Rekeying the Group key is only applicable to an entity acting in the Authenticator role (an AP in an ESS).
OBJECT-TYPE    
  INTEGER disabled(1), timeBased(2), packetBased(3)  

etsysWPAConfigGroupRekeyTime 1.3.6.1.4.1.5624.1.2.32.1.1.1.9
The time in seconds after which the WPA group key must be refreshed. The timer shall start at the moment the group key was set using the MLME-SetKeys primitive. The fine granularity (seconds) also enables the network Administrator to 'immediately' refresh the group key.
OBJECT-TYPE    
  Unsigned32 1..4294967295  

etsysWPAConfigGroupRekeyPackets 1.3.6.1.4.1.5624.1.2.32.1.1.1.10
A packet count (in 1000s of packets) after which the WPA group key shall be refreshed. The packet counter shall start at the moment the group key was set using the MLME-SetKeys primitive and it shall count all packets encrypted using the current group key.
OBJECT-TYPE    
  Unsigned32 1..4294967295  

etsysWPAConfigGroupRekeyStrict 1.3.6.1.4.1.5624.1.2.32.1.1.1.11
This object signals that the WPA group key shall be refreshed whenever a Station leaves the BSS.
OBJECT-TYPE    
  TruthValue  

etsysWPAConfigPSKValue 1.3.6.1.4.1.5624.1.2.32.1.1.1.12
The Pre-Shared Key (PSK) for when WPA in PSK mode is the selected authentication suite. In that case, the PMK will obtain its value from this object. A string of all 0x00 octets has the meaning 'clear the key'. This object is logically write-only. Reading this variable shall return unsuccessful status or null or zero.
OBJECT-TYPE    
  OCTET STRING Size(32)  

etsysWPAConfigPSKPassPhrase 1.3.6.1.4.1.5624.1.2.32.1.1.1.13
The PSK, for when WPA in PSK mode is the selected authentication suite, is configured by etsysWPAConfigPSKValue. An alternative manner of setting the PSK uses the password-to-key algorithm defined in section XXX. This variable provides a means to enter a pass phrase. When this object is written, the WPA entity shall use the password-to-key algorithm specified in section XXX to derive a pre-shared key and populate etsysWPAConfigPSKValue with this key. This object is logically write-only. Reading this variable shall return unsuccessful status or null or zero.
OBJECT-TYPE    
  DisplayString  

etsysWPAConfigPSKValueEntered 1.3.6.1.4.1.5624.1.2.32.1.1.1.14
Indicates whether the Pre-Shared Key (etsysWPAConfigPSKValue) is set. This allows a network management system to prompt the network manager, when appropriate, to enter the initial value of the key.
OBJECT-TYPE    
  TruthValue  

etsysWPAConfigMultipleAuthSuitesSupported 1.3.6.1.4.1.5624.1.2.32.1.1.1.15
Indicates whether the entity can take advantage of multiple selections in the etsysWPAConfigAuthenticationSuitesTable. On radios that allow use of only one key management suite at a time, the access point may choose among the selected suites in an arbitrary fashion.
OBJECT-TYPE    
  TruthValue  

etsysWPAConfigGroupMasterRekeyTime 1.3.6.1.4.1.5624.1.2.32.1.1.1.16
The time in seconds after which the WPA group master key must be changed. The timer shall start at the moment the group master key was set. A group key refresh will occur on a group master key change. The fine granularity (seconds) also enables the network Administrator to 'immediately' refresh the group master key.
OBJECT-TYPE    
  Unsigned32 1..4294967295  

etsysWPAConfigGroupUpdateTimeOut 1.3.6.1.4.1.5624.1.2.32.1.1.1.17
The time in seconds after which the WPA group update handshake will be retried. The timer shall start at the moment the group update message is sent.
OBJECT-TYPE    
  Unsigned32 1..4294967295  

etsysWPAConfigGroupUpdateCount 1.3.6.1.4.1.5624.1.2.32.1.1.1.18
The number of times the WPA Group update will be retried.
OBJECT-TYPE    
  Unsigned32 1..4294967295  

etsysWPAConfigPairwiseUpdateTimeOut 1.3.6.1.4.1.5624.1.2.32.1.1.1.19
The time in seconds after which the WPA 4-way handshake will be retried. The timer shall start at the moment a 4-way message is sent.
OBJECT-TYPE    
  Unsigned32 1..4294967295  

etsysWPAConfigPairwiseUpdateCount 1.3.6.1.4.1.5624.1.2.32.1.1.1.20
The number of times the WPA 4-way handshake will be retried.
OBJECT-TYPE    
  Unsigned32 1..4294967295  

etsysWPAConfigLegacyOptionSupported 1.3.6.1.4.1.5624.1.2.32.1.1.1.21
This object indicates whether the entity supports the 'Allow Legacy Clients' option. The answer may vary depending upon the currently-installed radio card model.
OBJECT-TYPE    
  TruthValue  

etsysWPAConfigAllowLegacyClients 1.3.6.1.4.1.5624.1.2.32.1.1.1.22
This object provides a way to indicate that an access point in WPA mode should accept associations from both WPA clients and legacy (pre-WPA, pre-RSN) clients. When this object is true(1), the etsysWPAConfigMulticastCipher must be WEP-40 or WEP-104 (a.k.a. 128-bit WEP). Using WEP Group keys and letting legacy clients associate may weaken security. To minimize this, 1. Enable legacy associations only on radios that support Pairwise keys. 2. Enable frequent Group key rekeying. With TKIP and AES, there's much less threat of key cracking than with WEP, so the default is 'once in a blue moon'. With WEP, you need to think more in terms of Rapid Rekeying. Access points implementing this feature are under no obligation to support non-802.1X clients. For instance, an access point might use one-time dynamic WEP keys when WPA Group key rotation is disabled. Static WEP clients would not know these keys.
OBJECT-TYPE    
  TruthValue  

etsysWPAConfigRekeyPairwiseWEP 1.3.6.1.4.1.5624.1.2.32.1.1.1.23
This object applies when WPA is enabled (dot11PrivacyInvoked, etsysWPAConfigEnabled) and management has chosen to allow a mix of WPA and non-WPA clients (etsysWPAConfigAllowLegacyClients). It specifies whether the access point should tumble Pairwise WEP keys belonging to non-WPA clients. The access point uses Group key rotation as a trigger for Pairwise WEP key tumbling; if you want the latter, be sure to configure the former. See also: etsysDot1xRekeyPairwise.
OBJECT-TYPE    
  TruthValue  

etsysWPAConfigUnicastCiphersTable 1.3.6.1.4.1.5624.1.2.32.1.2
This table lists the unicast ciphers supported by this entity. It allows enabling and disabling of each unicast cipher by network management. The Unicast Cipher Suite list in the WPA Information Element is formed using the information in this table.
OBJECT-TYPE    
  SEQUENCE OF  
    EtsysWPAConfigUnicastCiphersEntry

etsysWPAConfigUnicastCiphersEntry 1.3.6.1.4.1.5624.1.2.32.1.2.1
The table entry, indexed by the interface index (or all interfaces) and the unicast cipher.
OBJECT-TYPE    
  EtsysWPAConfigUnicastCiphersEntry  

etsysWPAConfigUnicastCipherIndex 1.3.6.1.4.1.5624.1.2.32.1.2.1.1
The auxiliary index into the etsysWPAConfigUnicastCiphersTable.
OBJECT-TYPE    
  Unsigned32 1..4294967295  

etsysWPAConfigUnicastCipher 1.3.6.1.4.1.5624.1.2.32.1.2.1.2
The selector of a supported unicast cipher. It consists of an OUI (the three most significant octets) and a cipher suite identifier (the least significant octet).
OBJECT-TYPE    
  OCTET STRING Size(4)  

etsysWPAConfigUnicastCipherEnabled 1.3.6.1.4.1.5624.1.2.32.1.2.1.3
This object enables or disables the unicast cipher.
OBJECT-TYPE    
  TruthValue  

etsysWPAConfigAuthenticationSuitesTable 1.3.6.1.4.1.5624.1.2.32.1.3
This table lists the authentication suites supported by this entity. Each authentication suite can be individually enabled and disabled. The Authentication Suite List in the WPA IE is formed using the information in this table.
OBJECT-TYPE    
  SEQUENCE OF  
    EtsysWPAConfigAuthenticationSuitesEntry

etsysWPAConfigAuthenticationSuitesEntry 1.3.6.1.4.1.5624.1.2.32.1.3.1
An entry (row) in the etsysWPAConfigAuthenticationSuitesTable.
OBJECT-TYPE    
  EtsysWPAConfigAuthenticationSuitesEntry  

etsysWPAConfigAuthenticationSuiteIndex 1.3.6.1.4.1.5624.1.2.32.1.3.1.1
The auxiliary variable used as an index into the etsysWPAConfigAuthenticationSuitesTable.
OBJECT-TYPE    
  Unsigned32 1..4294967295  

etsysWPAConfigAuthenticationSuite 1.3.6.1.4.1.5624.1.2.32.1.3.1.2
The selector of an authentication suite. It consists of an OUI (the three most significant octets) and a cipher suite identifier (the least significant octet).
OBJECT-TYPE    
  OCTET STRING Size(4)  

etsysWPAConfigAuthenticationSuiteEnabled 1.3.6.1.4.1.5624.1.2.32.1.3.1.3
This variable indicates whether the corresponding authentication suite is enabled/disabled.
OBJECT-TYPE    
  TruthValue  

etsysWPAStatsTable 1.3.6.1.4.1.5624.1.2.32.1.4
This table maintains per-STA statistics for SN. The entry with etsysWPAStatsSTAAddress set to FF-FF-FF-FF-FF-FF shall contain statistics for broadcast/multicast traffic.
OBJECT-TYPE    
  SEQUENCE OF  
    EtsysWPAStatsEntry

etsysWPAStatsEntry 1.3.6.1.4.1.5624.1.2.32.1.4.1
An entry in the etsysWPAStatsTable.
OBJECT-TYPE    
  EtsysWPAStatsEntry  

etsysWPAStatsIndex 1.3.6.1.4.1.5624.1.2.32.1.4.1.1
An auxiliary index into the etsysWPAStatsTable.
OBJECT-TYPE    
  Unsigned32 1..4294967295  

etsysWPAStatsSTAAddress 1.3.6.1.4.1.5624.1.2.32.1.4.1.2
The MAC address of the station the statistics in this conceptual row belong to.
OBJECT-TYPE    
  MacAddress  

etsysWPAStatsVersion 1.3.6.1.4.1.5624.1.2.32.1.4.1.3
The WPA version which the station associated with.
OBJECT-TYPE    
  Unsigned32 1..4294967295  

etsysWPAStatsSelectedUnicastCipher 1.3.6.1.4.1.5624.1.2.32.1.4.1.4
The Authentication Suite the station selected during association. The value consists of a three octet OUI followed by a one octet Type as follows: OUI Value Authentication Type Key Management Type -------- ----- ------------------- ------------------- 00:00:00 0 Reserved Reserved 00:00:00 1 Unspecified authentication 802.1X Key Management over 802.1X 00:00:00 2 None 802.1X Key Management using pre-shared Key 00:00:00 3-255 Reserved Reserved Vendor any Vendor Specific Vendor Specific other any Reserved Reserved
OBJECT-TYPE    
  OCTET STRING Size(4)  

etsysWPAStatsTKIPICVErrors 1.3.6.1.4.1.5624.1.2.32.1.4.1.5
Counts the number of TKIP ICV errors encountered when decrypting packets for the station.
OBJECT-TYPE    
  Counter32  

etsysWPAStatsTKIPLocalMICFailures 1.3.6.1.4.1.5624.1.2.32.1.4.1.6
Counts the number of Michael MIC failure encountered when checking the integrity of packets received from the station at this entity.
OBJECT-TYPE    
  Counter32  

etsysWPAStatsTKIPRemoteMICFailures 1.3.6.1.4.1.5624.1.2.32.1.4.1.7
Counts the number of Michael MIC failures encountered by the station identified by dot11StatsSTAAddress and reported back to this entity.
OBJECT-TYPE    
  Counter32  

etsysWPAStatsTKIPCounterMeasuresInvoked 1.3.6.1.4.1.5624.1.2.32.1.4.1.8
Counts the number of times a MIC failure occurred two times within 60 seconds and counter-measures were invoked. This variables counts this for both local and remote. It counts every time countermeasures are invoked.
OBJECT-TYPE    
  Counter32  

etsysWpaConformance 1.3.6.1.4.1.5624.1.2.32.2
OBJECT IDENTIFIER    

etsysWpaGroups 1.3.6.1.4.1.5624.1.2.32.2.1
OBJECT IDENTIFIER    

etsysWpaCompliances 1.3.6.1.4.1.5624.1.2.32.2.2
OBJECT IDENTIFIER    

etsysWpaBaseGroup 1.3.6.1.4.1.5624.1.2.32.2.1.1
A collection of objects providing configuration information for the WPA service.
OBJECT-GROUP    

etsysWpaUnicastCipherGroup 1.3.6.1.4.1.5624.1.2.32.2.1.2
A collection of objects providing configuration information for the WPA service.
OBJECT-GROUP    

etsysWpaAuthSuiteGroup 1.3.6.1.4.1.5624.1.2.32.2.1.3
A collection of objects providing configuration information for the WPA service.
OBJECT-GROUP    

etsysWpaStatsGroup 1.3.6.1.4.1.5624.1.2.32.2.1.4
A collection of objects providing statistics information for the WPA service.
OBJECT-GROUP    

etsysWpaCompliance 1.3.6.1.4.1.5624.1.2.32.2.2.1
The compliance statement for devices that support the Enterasys Wi-Fi Protected Access (WPA) MIB.
MODULE-COMPLIANCE