CISCO-LWAPP-LOCAL-AUTH-MIB
File:
CISCO-LWAPP-LOCAL-AUTH-MIB.mib (27280 bytes)
Imported modules
Imported symbols
Defined Types
CllaEapProfileEntry |
|
SEQUENCE |
|
|
|
|
cllaEapProfileName |
DisplayString |
|
|
cllaEapProfileMethods |
BITS |
|
|
cllaEapProfileCertIssuer |
INTEGER |
|
|
cllaEapProfileCaCertificationCheck |
TruthValue |
|
|
cllaEapProfileCnCertificationIdVerify |
TruthValue |
|
|
cllaEapProfileDateValidityEnabled |
TruthValue |
|
|
cllaEapProfileLocalCertificateRequired |
TruthValue |
|
|
cllaEapProfileClientCertificateRequired |
TruthValue |
|
|
cllaEapProfileRowStatus |
RowStatus |
|
CllaWlanProfileEntry |
|
SEQUENCE |
|
|
|
|
cllaWlanProfileName |
DisplayString |
|
|
cllaWlanProfileState |
TruthValue |
|
CllaUserPriorityEntry |
|
SEQUENCE |
|
|
|
|
cllaUserCredential |
INTEGER |
|
|
cllaUserPriorityNumber |
Integer32 |
|
Defined Values
ciscoLwappLocalAuthMIB |
1.9.619 |
This MIB is intended to be implemented on all those
devices operating as Central controllers, that
terminate the Light Weight Access Point Protocol
tunnel from Cisco Light-weight LWAPP Access Points.
Information provided by this MIB is used to manage
Local authentication information on the controller.
The relationship between CC and the LWAPP APs
can be depicted as follows:
+......+ +......+ +......+
+ + + + + +
+ CC + + CC + + CC +
+ + + + + +
+......+ +......+ +......+
.. . .
.. . .
. . . .
. . . .
. . . .
. . . .
+......+ +......+ +......+ +......+
+ + + + + + + +
+ AP + + AP + + AP + + AP +
+ + + + + + + +
+......+ +......+ +......+ +......+
. . .
. . . .
. . . .
. . . .
. . . .
+......+ +......+ +......+ +......+
+ + + + + + + +
+ MN + + MN + + MN + + MN +
+ + + + + + + +
+......+ +......+ +......+ +......+
The LWAPP tunnel exists between the controller and
the APs. The MNs communicate with the APs through
the protocol defined by the 802.11 standard.
LWAPP APs, upon bootup, discover and join one of the
controllers and the controller pushes the configuration,
that includes the WLAN parameters, to the LWAPP APs.
The APs then encapsulate all the 802.11 frames from
wireless clients inside LWAPP frames and forward
the LWAPP frames to the controller.
GLOSSARY
Access Point ( AP )
An entity that contains an 802.11 medium access
control ( MAC ) and physical layer ( PHY ) interface
and provides access to the distribution services via
the wireless medium for associated clients.
LWAPP APs encapsulate all the 802.11 frames in
LWAPP frames and sends them to the controller to which
it is logically connected.
Gratuitous Probe Response (GPR)
The Gratuitous Probe Response feature aids in conserving
battery power of WLAN-enabled cell phones by providing
a high rate packet on the order of tens of milliseconds
such that these kind of phones can wake up and wait at
predefined intervals, to reduce battery power. The
GPR packet is transmitted from the AP at a predefined
time interval.
Light Weight Access Point Protocol ( LWAPP )
This is a generic protocol that defines the
communication between the Access Points and the
Central Controller.
Mobile Node ( MN )
A roaming 802.11 wireless device in a wireless
network associated with an access point. Mobile Node
and client are used interchangeably.
Extensible Authentication Protocol ( EAP )
EAP is a universal authentication protocol used in
wireless and PPP networks. It is defined by RFC 3748.
EAP-Flexible Authentication ( EAP-FAST )
This protocol is used via secure tunneling for 802.1X EAP.
Transport Layer Security ( TLS )
This is a cryptographic protocol which provides secure
communication over the network.
Protected Extensible Authentication Protocol ( PEAP )
PEAP is a method to securely transmit authentication
information, including passwords, over wired or wireless
networks.
Lightweight Directory Access Protocol ( LDAP )
LDAP is a protocol used for obtaining directory services
and runs over TCP/IP.
REFERENCE
[1] Wireless LAN Medium Access Control ( MAC ) and
Physical Layer ( PHY ) Specifications
[2] Draft-obara-capwap-lwapp-00.txt, IETF Light
Weight Access Point Protocol |
MODULE-IDENTITY |
|
|
|
cllaActiveTimeout |
1.9.619.1.1.1.1 |
This object represents timeout period for the Local EAP
to remain active. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
cllaEapIdentityReqTimeout |
1.9.619.1.1.1.2 |
This object represents timeout period for the EAP
Identity request within which response should be sent. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
cllaEapDynamicWepKeyIndex |
1.9.619.1.1.1.4 |
This object represents key index for the EAP dynamic
Wired Equivalent Privacy security policy.
It applies to Static WEP key index of WLAN which has layer 2
security of type Static WEP. According to 802.11 standard 4
keys
are supported for informing Mobile Station (clients) which key
it
should use for Static WEP Authentication
The default value of 0 works for all devices, but for some old
devices/clients which uses the unicast key as 3, the key index
has to be configured to 3 to match the client side setting. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
0..3 |
|
cllaEapReqTimeout |
1.9.619.1.1.1.5 |
This object represents timeout period for the EAP request
within which response should be sent. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
cllaEapReqMaxRetries |
1.9.619.1.1.1.6 |
This object represents maximum number of retransmissions
for EAP request. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
cllaEapMaxLoginIgnIdResp |
1.9.619.1.1.1.7 |
This object enables the checking of the number of devices that
can be connected to the controller with the same username.
You can login up to eight times from different devices
(PDA, laptop, IP phone, and so on) on the same controller. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
cllaEapKeyTimeout |
1.9.619.1.1.1.8 |
This object represents the amount of time in which the
controller attempts to send an EAP key over the LAN to
wireless clients using local EAP. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
200..5000 |
|
cllaEapKeyMaxRetries |
1.9.619.1.1.1.9 |
This object represents the maximum number of times
that the controller attempts to send an EAP key over
the LAN to wireless clients using local EAP. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
0..4 |
|
cllaEapProfileTable |
1.9.619.1.1.2 |
This table represents the local EAP authentication
information on the controller.
Rows are added or deleted by explicit
management actions initiated by the user from a
network management station through the
cllaEapProfileRowStatus object. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
CllaEapProfileEntry |
|
cllaEapProfileEntry |
1.9.619.1.1.2.1 |
A conceptual row in cllaEapProfileTable. Each
entry in this table represents the local EAP
authentication information, identified by
the cllEapProfileName. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CllaEapProfileEntry |
|
|
cllaEapProfileName |
1.9.619.1.1.2.1.1 |
This object represent the profile name used to identify
the Local EAP information. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
DisplayString |
Size(0..63) |
|
cllaEapProfileMethods |
1.9.619.1.1.2.1.2 |
This object represents the method type for this
entry.
none - No method is in use
leap - LEAP is used as one of the methods
eapFast - EAP-FAST is used as one of the methods
tls - TLS is being used as one of the methods
peap - PEAP is being used as one of the methods. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
BITS |
none(0), leap(1), eapFast(2), tls(3), peap(4) |
|
cllaEapProfileCertIssuer |
1.9.619.1.1.2.1.3 |
This object represents the name of the certificate issuer
cisco - Cisco is the certificate issuer.
vendor - The issuer is an outside vendor. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
INTEGER |
cisco(1), vendor(2) |
|
cllaEapProfileLocalCertificateRequired |
1.9.619.1.1.2.1.7 |
This is applicable when cllaEapProfileMethods is
EAP-FAST parameter. This parameter indicates
whether local certificate is required. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
cllaEapProfileClientCertificateRequired |
1.9.619.1.1.2.1.8 |
This is applicable when cllaEapProfileMethods is
EAP-FAST parameter. This parameter indicates
whether client certificate is required. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
cllaWlanProfileTable |
1.9.619.1.1.3 |
This table represents the information about configuring
the EAP profiles for a WLAN. The creation of a new row
occurs when a WLAN entry is added through an explicit
network management action to the cLWlanConfigTable in
CISCO-LWAPP-WLAN-MIB.
Similarly, deletion of a row in cLWlanConfigTable
through user action, causes the deletion of corresponding
row in this table. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
CllaWlanProfileEntry |
|
cllaWlanProfileEntry |
1.9.619.1.1.3.1 |
Each entry in this table provides information about
the Local EAP profile configured for this WLAN. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CllaWlanProfileEntry |
|
|
cllaWlanProfileState |
1.9.619.1.1.3.1.2 |
This object indicates whether Local Authentication
is enabled or disables for this WLAN. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
cllaUserPriorityTable |
1.9.619.1.1.4 |
This table contains entries for 802.11 user credential
methods configured in the controller. At startup,
all the entries in this table are set up by the central
controller. A management application can later change
the priority order using the cllaUserPriorityNumber. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
CllaUserPriorityEntry |
|
cllaUserPriorityEntry |
1.9.619.1.1.4.1 |
A conceptual row in cllaUserPriorityTable. There is an
entry in this table for each 802.11 user authentication
available at the agent, as identified by a value of
cllaUserCredential. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CllaUserPriorityEntry |
|
|
cllaUserCredential |
1.9.619.1.1.4.1.1 |
This object represents the user crediantial information.
local - indicates that local credential is used
for authentication
ldap - indicates that LDAP credential is used
for authentication. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
INTEGER |
local(1), ldap(2) |
|
cllaUserPriorityNumber |
1.9.619.1.1.4.1.2 |
This object represents the order in which the user credentials
are validated by the controller. At start up,
the agent assigns the value of this object. Later this can
be changed by the management station.
This object reflects the priority in which the user credential
information is applied. A lower value indicates an higher
priority. For example, an entry set to value '1' has a higher
priority over an entry set to value '2'.
The zero value indicates that the priority is not set.
No two instances of this object will have the same priority. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..2 |
|
cllaEapMethodPacTtl |
1.9.619.1.1.5.1 |
This is EAP Fast parameter. This parameter represents
time to live for the protected access credentials. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
1..1000 |
|
cllaEapAnonymousProvEnabled |
1.9.619.1.1.5.2 |
This is EAP Fast parameter. This parameter represents
whether anonymous provisioning is enabled. A value of
'true' indicates the controller will accept anonymous
requests. A value of 'false' indicates that the controller
will reject anonymous requests. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
cllaEapAuthorityId |
1.9.619.1.1.5.3 |
This is EAP Fast parameter. This parameter configures
the authority ID. The maximum length per platform is
specified by the cllaEapAuthorityIdLength object. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..128) |
|
cllaEapAuthorityInfo |
1.9.619.1.1.5.4 |
This is EAP Fast parameter. This parameter configures
the authority information. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..32) |
|
cllaEapServerKey |
1.9.619.1.1.5.5 |
This is EAP Fast parameter. This parameter configures
the server key ID. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(1..32) |
|
cllaEapAuthorityIdLength |
1.9.619.1.1.5.6 |
This object represents the length of the cllaEapAuthorityId
object, supported by this agent implementation. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
0..128 |
|
ciscoLwappLocalAuthMIBCompliance |
1.9.619.2.1.1 |
The compliance statement for the SNMP entities that
implement the ciscoLwappLocalAuthMIB module. |
Status: deprecated |
Access: read-only |
MODULE-COMPLIANCE |
|
|
|
ciscoLwappLocalAuthMIBComplianceRev1 |
1.9.619.2.1.2 |
The compliance statement for the SNMP entities that
implement the ciscoLwappLocalAuthMIB module. |
Status: current |
Access: read-only |
MODULE-COMPLIANCE |
|
|
|
ciscoLwappLocalAuthMIBConfigGroup |
1.9.619.2.2.1 |
This collection of objects specifies the required
configuration parameters for local authentication. |
Status: deprecated |
Access: read-only |
OBJECT-GROUP |
|
|
|
ciscoLwappLocalAuthMIBConfigGroupSup1 |
1.9.619.2.2.2 |
This collection of objects specifies the required
configuration parameters for local authentication. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|