-- ***************************************************************** -- CISCO-WLAN-VLAN-MIB.my: CISCO Wireless VIRTUAL LAN MIB file -- file -- -- June 2002, Francis Pang -- -- Copyright (c) 2002, 2003 by Cisco Systems, Inc. -- All rights reserved. -- ***************************************************************** -- CISCO-WLAN-VLAN-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, NOTIFICATION-TYPE, OBJECT-TYPE, Unsigned32 FROM SNMPv2-SMI MODULE-COMPLIANCE, NOTIFICATION-GROUP, OBJECT-GROUP FROM SNMPv2-CONF TEXTUAL-CONVENTION, RowStatus, TruthValue FROM SNMPv2-TC WepKeyType128, CDot11IfMicAlgorithm, CDot11IfWepKeyPermuteAlgorithm FROM CISCO-DOT11-IF-MIB ciscoMgmt FROM CISCO-SMI; ciscoWlanVlanMIB MODULE-IDENTITY LAST-UPDATED "200206120000Z" ORGANIZATION "Cisco System Inc." CONTACT-INFO " Cisco Systems Customer Service Postal: 170 West Tasman Drive, San Jose CA 95134-1706. USA Tel: +1 800 553-NETS E-mail: cs-dot11@cisco.com" DESCRIPTION "This MIB module provides network management support for device VLAN configuration on IEEE 802.11 wireless LAN. ACRONYMS AES Advanced Encryption Standard, an encryption mechanism. MIC Message Integrity Check. WEP Wired Equivalent Privacy, an encryption mechanism." REVISION "200206120000Z" DESCRIPTION "Remove tkip(3) option from the cwvlWlanEncryptionMode, and added cwvlWlanEncryptionAlgorithm and cwvlWlanWepKeyHashing objects to cwvlWlanVlanTable." REVISION "200204040000Z" DESCRIPTION "Added tkip(3) option and removed wepMic option from the cwvlWlanEncryptionMode, and added an cwvlWlanEncryptionMandatory object to cwvlWlanVlanTable." REVISION "200203070000Z" DESCRIPTION "Initial version of this MIB module." ::= { ciscoMgmt 268 } ciscoWlanVlanMIBObjects OBJECT IDENTIFIER ::= { ciscoWlanVlanMIB 1 } cwvlRoamDomainConfig OBJECT IDENTIFIER ::= { ciscoWlanVlanMIBObjects 1 } cwvlDot11VlanConfig OBJECT IDENTIFIER ::= { ciscoWlanVlanMIBObjects 2 } -- Textual Conventions CwvlVlanIdOrZero ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This is a 12-bit VLAN ID used in the VLAN Tag header. A value of 0 indicates NULL or no VLAN ID. This textual convention is used instead of VlanId defined in Q-BRIDGE-MIB of RFC 2674 because value 0 and 4095 is not permitted. VLAN of ID '4095' is the default VLAN for Cisco VoIP Phones." REFERENCE "RFC 2674, Bridge MIB Extensions, August 1999." SYNTAX Unsigned32 (0..4095) -- Object Type Definitions cwvlWlanDot1qEncapEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object enables and disables IEEE 802.1Q type encapsulation for all VLANs. If this object is set to 'false', then the 802.1Q encapsulation is disabled on all interfaces. If this object is set to 'true', then the 802.1Q encapsulation is enabled on all interfaces." REFERENCE "IEEE 802.1Q-1998, Section 8.11.9." DEFVAL { false } ::= { cwvlRoamDomainConfig 1 } cwvlBridgingNativeVlanId OBJECT-TYPE SYNTAX CwvlVlanIdOrZero MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the native VLAN ID for layer 2 bridging. If this object is set to '0', there is no layer 2 bridging native VLAN ID. Setting this object will automatically update the dot1qPvid for all interfaces in the Q-BRIDGE-MIB (if supported) to the same value provided it is not '0'. The dot1qPvid will be read-only. The dot1qPvid specifies the native VLAN ID on each device interface. If this object is '0', the return value of dot1qPvid is not valid. If the device is attached to a VLAN port of an Ethernet bridge or switch, then the device must have a non-zero native VLAN ID, and that VLAN ID must also match the VLAN ID of the port on the bridge or switch. The native VLAN ID is the default VLAN ID for frames received that are not otherwise associated with a VLAN ID." DEFVAL { 0 } ::= { cwvlRoamDomainConfig 2 } cwvlVoIPVlanEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object enables and disables VoIP VLAN functionality for this agent. If this object is set to 'true', and cwvlVoIPVlanId is a non-zero, the value of the cwvlVoIPVlanId object is the user-configured VoIP VLAN ID. If this object is set to 'true', and cwvlVoIPVlanId is CDP VVID, this agent automatically enables the VoIP VLAN when it receives CDP messages with non-zero VVID field on its root port, otherwise, the VoIP VLAN is disabled. If this object is set to 'false', then the VoIP VLAN is disabled and no station can associate with a VoIP VLAN ID." DEFVAL { true } ::= { cwvlRoamDomainConfig 3 } cwvlVoIPVlanId OBJECT-TYPE SYNTAX CwvlVlanIdOrZero MAX-ACCESS read-write STATUS current DESCRIPTION "This object is the VoIP VLAN ID. All VoIP VLAN ID values are non-zero VLAN ID. A value of '0' is used to represent CDP VVID." DEFVAL { 4095 } ::= { cwvlRoamDomainConfig 4 } cwvlPublicVlanId OBJECT-TYPE SYNTAX CwvlVlanIdOrZero MAX-ACCESS read-write STATUS current DESCRIPTION "The object is the Public VLAN ID. This VLAN is the only VLAN which may be configured on an 802.11 network interface to not require WEP encryption. All other VLANs require WEP encryption in order to isolate the broadcast domains. If the value of object is '0', there is no specific VLAN ID for the Public VLAN." DEFVAL { 0 } ::= { cwvlRoamDomainConfig 5 } -- VLAN Configuration Table cwvlWlanVlanTable OBJECT-TYPE SYNTAX SEQUENCE OF CwvlWlanVlanEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains attributes for configuration and security management of VLANs. Devices can configure to have multiple VLANs on an interface. VLANs on different interfaces of the same VLAN ID must have the same configuration. Therefore, attributes for each conceptual row applies to the VLANs of the corresponding VLAN ID on all interfaces." ::= { cwvlDot11VlanConfig 1 } cwvlWlanVlanEntry OBJECT-TYPE SYNTAX CwvlWlanVlanEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry includes parameters for to enable VLAN and configure encryption and key usages for a particular VLAN." INDEX { cwvlWlanVlanId } ::= { cwvlWlanVlanTable 1 } CwvlWlanVlanEntry ::= SEQUENCE { cwvlWlanVlanId CwvlVlanIdOrZero, cwvlWlanEnabled TruthValue, cwvlWlanNUcastKeyRotateInterval Unsigned32, cwvlWlanEncryptionMode INTEGER, cwvlWlanEncryptionMandatory TruthValue, cwvlWlanMicAlgorithm CDot11IfMicAlgorithm, cwvlWlanWepKeyPermuteAlgorithm CDot11IfWepKeyPermuteAlgorithm, cwvlWlanWepKeyHashing TruthValue, cwvlWlanEncryptionAlgorithm INTEGER, cwvlWlanRowStatus RowStatus } cwvlWlanVlanId OBJECT-TYPE SYNTAX CwvlVlanIdOrZero MAX-ACCESS not-accessible STATUS current DESCRIPTION "This is the VLAN ID to which the parameters in each conceptual row shall be applied." ::= { cwvlWlanVlanEntry 1 } cwvlWlanEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "If the value is 'true', this VLAN is enabled on all trunk and hybrid ports. If the value is 'false', this VLAN is disabled on all ports." DEFVAL { true } ::= { cwvlWlanVlanEntry 2 } cwvlWlanNUcastKeyRotateInterval OBJECT-TYPE SYNTAX Unsigned32 (0..10000000) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The object specifies the WEP encryption key rotation period. If the value is '0', it indicates no key rotation." DEFVAL { 0 } ::= { cwvlWlanVlanEntry 3 } cwvlWlanEncryptionMode OBJECT-TYPE SYNTAX INTEGER { none(1), wep(2), aes(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "Encryption mode used on the VLANs are: none (1) - No encryption and use VLan as security mechanism, wep (2) - WEP encryption, aes (3) - Advanced Encryption Standard." DEFVAL { none } ::= { cwvlWlanVlanEntry 4 } cwvlWlanEncryptionMandatory OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "Encryption option for wep(2) selection of cwvlWlanEncryptionMode: 'true' - WEP encryption is mandatory, 'false' - WEP encryption is option." DEFVAL { true } ::= { cwvlWlanVlanEntry 5 } cwvlWlanMicAlgorithm OBJECT-TYPE SYNTAX CDot11IfMicAlgorithm MAX-ACCESS read-create STATUS current DESCRIPTION "This is the auxiliary MIC type used on WEP-encoded packets for client stations assigned to this VLAN." DEFVAL { micNone } ::= { cwvlWlanVlanEntry 6 } cwvlWlanWepKeyPermuteAlgorithm OBJECT-TYPE SYNTAX CDot11IfWepKeyPermuteAlgorithm MAX-ACCESS read-create STATUS current DESCRIPTION "This is the function through which the WEP encryption key is permuted between key renewal periods for client stations assigned to this VLAN." DEFVAL { wepPermuteNone } ::= { cwvlWlanVlanEntry 7 } cwvlWlanWepKeyHashing OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "This is an optional key hashing for WEP encryption. If the value is 'true', the hashing option is applied. If the value is 'false', the hashing option is not applied to WEP encryption." DEFVAL { false } ::= { cwvlWlanVlanEntry 8 } cwvlWlanEncryptionAlgorithm OBJECT-TYPE SYNTAX INTEGER { standard(1), cisco(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object determines if Standard IEEE 802.11 or Cisco propriety AES, MIC, and hashing for WEP encryption is applied. If the value is standard(1), the Standard IEEE 802.11 encryption is applied. If the value is cisco(2), the Cisco propriety encryption is applied." DEFVAL { cisco } ::= { cwvlWlanVlanEntry 9 } cwvlWlanRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This is used to create a new row, modify or delete an existing row and a VLAN configuration in this table. A VLAN can only be activated by setting this object to `active' by the agent. When it is `active', the VLAN is being used or referenced in other system configurations. A VLAN should only be deleted or taken out of service, (by setting this object to `destroy' or `outOfService') if only if it is not referenced by all associated system configurations." ::= { cwvlWlanVlanEntry 10 } cwvlWlanNUcastKeyTable OBJECT-TYPE SYNTAX SEQUENCE OF CwvlWlanNUcastKeyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains shared WEP keys for all IEEE 802.11 packets transmitted and received frames over a VLAN identified by the cwvlWlanVlanId if encryption is enabled (i.e., the cwvlWlanEncryptionMode is wep(2) or aes(3)) on the VLAN. If WEP encryption is enabled for the transmitted IEEE 802.11 frames, then the Default Shared WEP key in the set are used to encrypt the transmitted both broadcast and multicast frames associated with the cwvlWlanVlanId. Key '1' in the set is the default key. The Default Shared WEP key is also used to encrypt or decrypt unicast frames, associated with the cwvlWlanVlanId, if an individual session key is not defined for the target station address." ::= { cwvlDot11VlanConfig 2 } cwvlWlanNUcastKeyEntry OBJECT-TYPE SYNTAX CwvlWlanNUcastKeyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains the key index, key length, and key value. There is a maximum of 4 keys per VLAN or key set. Each key set is indexed by the VLAN ID." INDEX { cwvlWlanVlanId, cwvlWlanNUcastKeyIndex } ::= { cwvlWlanNUcastKeyTable 1 } CwvlWlanNUcastKeyEntry ::= SEQUENCE { cwvlWlanNUcastKeyIndex Unsigned32, cwvlWlanNUcastKeyLen Unsigned32, cwvlWlanNUcastKeyValue WepKeyType128 } cwvlWlanNUcastKeyIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object is a representative of the corresponding 802.11 WEP Key Index used when transmitting or receiving frames with this key. SNMP table indexing conventions require table index to be non-zero. Therefore, this object has to be one greater than the actual 802.11 WEP key index. A value of '1' for this object corresponds to a value of '0' for the 802.11 WEP key index." ::= { cwvlWlanNUcastKeyEntry 1 } cwvlWlanNUcastKeyLen OBJECT-TYPE SYNTAX Unsigned32 (0..13) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the length in octets of cwvlWlanNUcastKeyValue. Common values are 5 for 40-bit WEP key and 13 for 128-bit WEP key. A value of '0' means that the key is not set." DEFVAL { 0 } ::= { cwvlWlanNUcastKeyEntry 2 } cwvlWlanNUcastKeyValue OBJECT-TYPE SYNTAX WepKeyType128 MAX-ACCESS read-write STATUS current DESCRIPTION "This is the WEP secret key value. The agent always returns a zero-length string when this object is read for security reason." ::= { cwvlWlanNUcastKeyEntry 3 } cwvlWlanWepChangeNotifEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether ciscoWlanVlanWepChangeNotif notifications will or will not be sent by the agent when the WEP key in the cwvlWlanNUcastKeyTable are changed." DEFVAL { false } ::= { cwvlDot11VlanConfig 3 } -- ***************************************************************** -- Notifications -- ***************************************************************** ciscoWlanVlanMIBNotifications OBJECT IDENTIFIER ::= { ciscoWlanVlanMIB 0 } ciscoWlanVlanWepChangeNotif NOTIFICATION-TYPE OBJECTS { cwvlWlanNUcastKeyValue } STATUS current DESCRIPTION "This ciscoWlanVlanWepChangeNotif notification will be sent when the WEP configuration in the cwvlWlanNUcastKeyTable is changed. The cwvlWlanNUcastKeyValue specify the new key value for a given key for a VLAN. The sending of these notifications can be enabled or disabled via the cwvlWlanWepChangeNotifEnabled object." ::= { ciscoWlanVlanMIBNotifications 1 } -- ***************************************************************** -- Conformance information -- ***************************************************************** ciscoWlanVlanMIBConformance OBJECT IDENTIFIER ::= { ciscoWlanVlanMIB 2 } ciscoWlanVlanMIBCompliances OBJECT IDENTIFIER ::= { ciscoWlanVlanMIBConformance 1 } ciscoWlanVlanMIBGroups OBJECT IDENTIFIER ::= { ciscoWlanVlanMIBConformance 2 } -- ***************************************************************** -- Compliance statements -- ***************************************************************** ciscoWlanVlanMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for the ciscoWlanVlanMIBGroups." MODULE MANDATORY-GROUPS { ciscoWlanRoamDomainGroup } GROUP ciscoWlanVlanNotificationGroup DESCRIPTION "This group is mandatory for IEEE 802.11 wireless LAN devices supporting VLAN." GROUP ciscoWlanDot11VlanConfigGroup DESCRIPTION "This group is mandatory for IEEE 802.11 wireless LAN devices supporting VLAN." ::= { ciscoWlanVlanMIBCompliances 1 } -- ***************************************************************** -- Units of conformance -- ***************************************************************** ciscoWlanRoamDomainGroup OBJECT-GROUP OBJECTS { cwvlWlanDot1qEncapEnabled, cwvlBridgingNativeVlanId, cwvlVoIPVlanEnabled, cwvlVoIPVlanId, cwvlPublicVlanId } STATUS current DESCRIPTION "Global VLAN configuration for wireless LAN roaming domain." ::= { ciscoWlanVlanMIBGroups 1 } ciscoWlanDot11VlanConfigGroup OBJECT-GROUP OBJECTS { cwvlWlanEnabled, cwvlWlanNUcastKeyRotateInterval, cwvlWlanEncryptionMode, cwvlWlanEncryptionMandatory, cwvlWlanMicAlgorithm, cwvlWlanWepKeyPermuteAlgorithm, cwvlWlanWepKeyHashing, cwvlWlanEncryptionAlgorithm, cwvlWlanRowStatus, cwvlWlanNUcastKeyLen, cwvlWlanNUcastKeyValue, cwvlWlanWepChangeNotifEnabled } STATUS current DESCRIPTION "Per VLAN based configurations for IEEE 802.11 wireless LAN." ::= { ciscoWlanVlanMIBGroups 2 } ciscoWlanVlanNotificationGroup NOTIFICATION-GROUP NOTIFICATIONS { ciscoWlanVlanWepChangeNotif } STATUS current DESCRIPTION "This is the notification group for the CISCO-WLAN-VLAN-MIB." ::= { ciscoWlanVlanMIBGroups 3 } END