1659 lines
55 KiB
Plaintext
1659 lines
55 KiB
Plaintext
-- *******************************************************************
|
|
-- CISCO-LWAPP-ROGUE-MIB.my
|
|
-- February 2007, Devesh Pujari, Srinath Candadai
|
|
--
|
|
-- Copyright (c) 2007, 2010-2014 by Cisco Systems Inc.
|
|
-- All rights reserved.
|
|
-- *******************************************************************
|
|
|
|
CISCO-LWAPP-ROGUE-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY,
|
|
NOTIFICATION-TYPE,
|
|
OBJECT-TYPE,
|
|
Integer32,
|
|
Unsigned32
|
|
FROM SNMPv2-SMI
|
|
MODULE-COMPLIANCE,
|
|
NOTIFICATION-GROUP,
|
|
OBJECT-GROUP
|
|
FROM SNMPv2-CONF
|
|
SnmpAdminString
|
|
FROM SNMP-FRAMEWORK-MIB
|
|
StorageType,
|
|
RowStatus,
|
|
MacAddress,
|
|
TruthValue,
|
|
TEXTUAL-CONVENTION
|
|
FROM SNMPv2-TC
|
|
cLApName
|
|
FROM CISCO-LWAPP-AP-MIB
|
|
ciscoMgmt
|
|
FROM CISCO-SMI;
|
|
|
|
|
|
ciscoLwappRogueMIB MODULE-IDENTITY
|
|
LAST-UPDATED "201407140000Z"
|
|
ORGANIZATION "Cisco Systems Inc."
|
|
CONTACT-INFO
|
|
"Cisco Systems,
|
|
Customer Service
|
|
Postal: 170 West Tasman Drive
|
|
San Jose, CA 95134
|
|
USA
|
|
Tel: +1 800 553-NETS
|
|
|
|
Email: cs-wnbu-snmp@cisco.com"
|
|
DESCRIPTION
|
|
"This MIB is intended to be implemented on all those
|
|
devices operating as Central Controllers, that
|
|
terminate the Light Weight Access Point Protocol
|
|
tunnel from Cisco Light-weight LWAPP Access Points.
|
|
|
|
This MIB provides information about the Rogue APs
|
|
and Clients that are detected by the controller.
|
|
|
|
The relationship between CC and the LWAPP APs
|
|
can be depicted as follows:
|
|
|
|
+......+ +......+ +......+
|
|
+ + + + + +
|
|
+ CC + + CC + + CC +
|
|
+ + + + + +
|
|
+......+ +......+ +......+
|
|
.. . .
|
|
.. . .
|
|
. . . .
|
|
. . . .
|
|
. . . .
|
|
. . . .
|
|
+......+ +......+ +......+ +......+
|
|
+ + + + + + + +
|
|
+ AP + + AP + + AP + + AP +
|
|
+ + + + + + + +
|
|
+......+ +......+ +......+ +......+
|
|
. . .
|
|
. . . .
|
|
. . . .
|
|
. . . .
|
|
. . . .
|
|
+......+ +......+ +......+ +......+
|
|
+ + + + + + + +
|
|
+ MN + + MN + + MN + + MN +
|
|
+ + + + + + + +
|
|
+......+ +......+ +......+ +......+
|
|
|
|
|
|
The LWAPP tunnel exists between the controller and
|
|
the APs. The MNs communicate with the APs through
|
|
the protocol defined by the 802.11 standard.
|
|
|
|
LWAPP APs, upon bootup, discover and join one of the
|
|
controllers and the controller pushes the configuration,
|
|
that includes the WLAN parameters, to the LWAPP APs.
|
|
The APs then encapsulate all the 802.11 frames from
|
|
wireless clients inside LWAPP frames and forward
|
|
the LWAPP frames to the controller.
|
|
|
|
GLOSSARY
|
|
|
|
Access Point ( AP )
|
|
|
|
An entity that contains an 802.11 medium access
|
|
control ( MAC ) and physical layer ( PHY ) interface
|
|
and provides access to the distribution services via
|
|
the wireless medium for associated clients.
|
|
|
|
LWAPP APs encapsulate all the 802.11 frames in
|
|
LWAPP frames and sends them to the controller to which
|
|
it is logically connected.
|
|
|
|
Light Weight Access Point Protocol ( LWAPP )
|
|
|
|
This is a generic protocol that defines the
|
|
communication between the Access Points and the
|
|
Central Controller.
|
|
|
|
Mobile Node ( MN )
|
|
|
|
A roaming 802.11 wireless device in a wireless
|
|
network associated with an access point. Mobile Node
|
|
and client are used interchangeably.
|
|
|
|
Rogue
|
|
|
|
Any 802.11 device which is not part of the RF network
|
|
is a Rogue device.
|
|
|
|
Ad-hoc Network
|
|
|
|
A set of mobile devices within direct communication
|
|
range establishing a network among themselves for
|
|
transmitting data, without the use of a Access point
|
|
is called a ad-hoc network.
|
|
|
|
Rogue Ad-hoc Client
|
|
|
|
Any 802.11 client which is part of that ad-hoc network,
|
|
but not in the trusted list.
|
|
|
|
Service Set Identifier ( SSID )
|
|
|
|
SSID is a unique identifier that APs and clients
|
|
use to identify with each other. SSID is a simple
|
|
means of access control and is not for security.
|
|
The SSID can be any alphanumeric entry up to 32
|
|
characters.
|
|
|
|
RSSI
|
|
|
|
Received Signal Strength Indication (RSSI), the IEEE 802.11
|
|
standard defines a mechanism by which RF energy is to be
|
|
measured by the circuitry on a wireless NIC. Its value is
|
|
measured in dBm and ranges from -128 to 0.
|
|
|
|
Rogue Location Detection Protocol (RLDP)
|
|
|
|
RLDP is a protocol to detect and automatically
|
|
contain rogue devices. When the controller discovers
|
|
a rogue access point, it uses the Rogue Location
|
|
Discovery Protocol (RLDP) to determine if the
|
|
rogue is attached to your network.
|
|
RLDP can be enabled/disabled per controller level.
|
|
|
|
LRAD (LWAPP RADIO)
|
|
|
|
Light Weight Access Point Protocol Radio
|
|
basically ones own AP.
|
|
|
|
REFERENCE
|
|
|
|
[1] Wireless LAN Medium Access Control ( MAC ) and
|
|
Physical Layer ( PHY ) Specifications.
|
|
|
|
[2] Draft-obara-capwap-lwapp-00.txt, IETF Light
|
|
Weight Access Point Protocol."
|
|
REVISION "201407140000Z"
|
|
DESCRIPTION
|
|
"Added new object group
|
|
- ciscoLwappRogueConfigSup4Group
|
|
Added new compliance
|
|
- ciscoLwappRogueMIBComplianceRev4."
|
|
REVISION "201109070000Z"
|
|
DESCRIPTION
|
|
"Added following objects:
|
|
|
|
cLRogueReportInterval
|
|
cLRogueMinimumRssi
|
|
cLRogueTransientInterval.
|
|
|
|
Deprecated ciscoLwappRogueMIBComplianceRev2 and
|
|
added ciscoLwappRogueMIBComplianceRev3."
|
|
REVISION "201103110000Z"
|
|
DESCRIPTION
|
|
"Added following objects:
|
|
|
|
cLRldpAutoContainLevel
|
|
cLRldpAutoContainOnlyforMonitorModeAps.
|
|
|
|
Deprecated ciscoLwappRogueMIBComplianceRev1 and
|
|
added ciscoLwappRogueMIBComplianceRev2."
|
|
REVISION "201007170000Z"
|
|
DESCRIPTION
|
|
"Added following tables:
|
|
|
|
cLRogueIgnoreListTable
|
|
cLRuleConfigTable
|
|
cLConditionConfigTable
|
|
cLConditionSsidConfigTable
|
|
|
|
Added following objects:
|
|
|
|
cLRldpAutoContainFeatureOnWiredNetwork
|
|
cLRldpAutoContainRoguesAdvertisingSsid
|
|
cLRldpAutoContainAdhocNetworks
|
|
cLRldpAutoContainTrustedClientsOnRogueAps
|
|
|
|
Deprecated ciscoLwappRogueMIBCompliance and
|
|
added ciscoLwappRogueMIBComplianceRev1."
|
|
REVISION "200702060000Z"
|
|
DESCRIPTION
|
|
"Initial version of this MIB module."
|
|
::= { ciscoMgmt 610 }
|
|
|
|
|
|
ciscoLwappRogueMIBNotifs OBJECT IDENTIFIER
|
|
::= { ciscoLwappRogueMIB 0 }
|
|
|
|
ciscoLwappRogueMIBObjects OBJECT IDENTIFIER
|
|
::= { ciscoLwappRogueMIB 1 }
|
|
|
|
ciscoLwappRogueMIBConform OBJECT IDENTIFIER
|
|
::= { ciscoLwappRogueMIB 2 }
|
|
|
|
cLRogueConfig OBJECT IDENTIFIER
|
|
::= { ciscoLwappRogueMIBObjects 1 }
|
|
|
|
cLRoguePolicyConfig OBJECT IDENTIFIER
|
|
::= { cLRogueConfig 1 }
|
|
|
|
cLRogueRuleConfig OBJECT IDENTIFIER
|
|
::= { cLRogueConfig 3 }
|
|
|
|
cLRogueIgnoreListConfig OBJECT IDENTIFIER
|
|
::= { cLRogueConfig 4 }
|
|
|
|
cLRldpAutoContainConfig OBJECT IDENTIFIER
|
|
::= { cLRogueConfig 5 }
|
|
|
|
cLRogueApConfig OBJECT IDENTIFIER
|
|
::= { cLRogueConfig 6 }
|
|
|
|
|
|
CLAutoContainActions ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This textual convention represents the action that should be
|
|
taken with respect to auto containment feature when any of the
|
|
following are detected by the switch:
|
|
rogue adhoc network
|
|
rogues APs that are advertising our SSID
|
|
trusted clients that are associated to rogue APs
|
|
|
|
alarmOnly(1) - only an alarm will be generated
|
|
contain(2) - contain automatically"
|
|
SYNTAX INTEGER {
|
|
alarmOnly(1),
|
|
contain(2)
|
|
}
|
|
|
|
cLRogueAdhocRogueReportEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to turn on and off ad-hoc
|
|
rogue reporting. Setting this object to 'true'
|
|
will enable ad-hoc rogue reporting. Setting to
|
|
'false' will disable ad-hoc rogue reporting."
|
|
DEFVAL { true }
|
|
::= { cLRoguePolicyConfig 1 }
|
|
|
|
cLRogueReportInterval OBJECT-TYPE
|
|
SYNTAX Unsigned32 (10..300)
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the rogue report interval,
|
|
which is the interval that monitor mode APs send
|
|
rogue detection details to the controller."
|
|
::= { cLRoguePolicyConfig 2 }
|
|
|
|
cLRogueMinimumRssi OBJECT-TYPE
|
|
SYNTAX Integer32 (-128..-70)
|
|
UNITS "dBm"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the minimum value of RSSI
|
|
considered for detection of rogues."
|
|
::= { cLRoguePolicyConfig 3 }
|
|
|
|
cLRogueTransientInterval OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0 | 120..1800)
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the rogue transient
|
|
interval.
|
|
|
|
A value of '0' specifies that an AP sends
|
|
rogue detection details to the controller
|
|
as soon as it detects a rogue.
|
|
|
|
A non-zero value specifies that an AP sends
|
|
rogue detection details to the controller if
|
|
it hears the rogue more than once in the specified
|
|
interval."
|
|
::= { cLRoguePolicyConfig 4 }
|
|
|
|
cLRogueClientNumThreshold OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the number of clients the Rogue AP
|
|
can have. A value of zero indicates no limitation on
|
|
the number of clients the Rogue AP can have."
|
|
::= { cLRoguePolicyConfig 5 }
|
|
|
|
cLRogueDetectionSecurityLevel OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
low(1),
|
|
high(2),
|
|
critical(3),
|
|
custom(4)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the rogue detection security level.
|
|
When the object has value of 'low', 'high' or 'critical',
|
|
controller uses pre-defined rogue detection parameters for
|
|
the specified security level.
|
|
When the object has value of 'custom', controller uses the
|
|
user configured rogue detection parameters.
|
|
|
|
low - security level is low
|
|
high - security level is high
|
|
critical - security level is critical
|
|
custom - customized security level"
|
|
::= { cLRoguePolicyConfig 6 }
|
|
|
|
cLRogueValidateRogueClientsAgainstMse OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
disable(1),
|
|
enable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The object specifies whether the controller validates
|
|
'valid' clients which are associating with rogue AP,
|
|
against MSE. A value of 'enable' indicates that the
|
|
controller does validates 'valid'clients which are
|
|
associating with rogue AP, against MSE. A value of
|
|
'disable' indicates that the controller does not
|
|
validates 'valid' clients which are associating
|
|
with rogue AP, against MSE."
|
|
::= { cLRoguePolicyConfig 7 }
|
|
|
|
cLRogueAdhocRogueNotifEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The object to control the generation of
|
|
cLRogueAdhocDetected notification.
|
|
|
|
A value of 'true' indicates that the agent generates
|
|
cLRogueAdhocDetected notification.
|
|
|
|
A value of 'false' indicates that the agent doesn't
|
|
generate cLRogueAdhocDetected notification."
|
|
DEFVAL { false }
|
|
::= { cLRogueConfig 2 }
|
|
|
|
cLRogueAdhocRogueDetected NOTIFICATION-TYPE
|
|
OBJECTS { cLApName }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is generated by the controller when a
|
|
a rogue is detected. The name of the AP that
|
|
detected this rogue is sent in the notification."
|
|
::= { ciscoLwappRogueMIBNotifs 1 }
|
|
-- ********************************************************************
|
|
-- Rule configuration
|
|
-- ********************************************************************
|
|
|
|
cLRuleConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CLRuleConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table provides the configuration needed
|
|
by the controller for classifying rogue APs.
|
|
The user defines the custom rules which are
|
|
used to classify the APs under different
|
|
classification types. When a new rule is created
|
|
priority will be assigned automatically by controller,
|
|
highest priority given to rule which are created first.
|
|
Also if user is changing the priority of a rule manually,
|
|
the new priority should not be used by any other existing rule."
|
|
::= { cLRogueRuleConfig 1 }
|
|
|
|
cLRuleConfigEntry OBJECT-TYPE
|
|
SYNTAX CLRuleConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry represents a conceptual row
|
|
(as identified by a rule name)in cLRuleConfigTable."
|
|
INDEX { cLRuleName }
|
|
::= { cLRuleConfigTable 1 }
|
|
|
|
CLRuleConfigEntry ::= SEQUENCE {
|
|
cLRuleName SnmpAdminString,
|
|
cLRuleRogueType INTEGER,
|
|
cLRuleConditionsMatch INTEGER,
|
|
cLRulePriority Unsigned32,
|
|
cLRuleEnable TruthValue,
|
|
cLRuleStorageType StorageType,
|
|
cLRuleRowStatus RowStatus
|
|
}
|
|
|
|
cLRuleName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE (1..32))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the rule name to identify
|
|
this entry."
|
|
::= { cLRuleConfigEntry 1 }
|
|
|
|
cLRuleRogueType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
friendly(1),
|
|
malicious(2),
|
|
unclassified(3),
|
|
custom(4)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object determines the classification applied
|
|
to the rogue AP that matches this rule.
|
|
|
|
friendly - known and acknowledged rogue AP.
|
|
malicious - unknown AP that matches user defined
|
|
malicious rules.
|
|
unclassified - an unknown AP that did not match malicious
|
|
or friendly rules.
|
|
custom - user can configure rogue detection parameters."
|
|
DEFVAL { custom }
|
|
::= { cLRuleConfigEntry 2 }
|
|
|
|
cLRuleConditionsMatch OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
all(1),
|
|
any(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents how the conditions
|
|
defined by corresponding instances of
|
|
cLConditionType, are matched under each rule.
|
|
all - all the conditions defined per rule should be matched
|
|
any - any conditions defined per rule can be matched."
|
|
::= { cLRuleConfigEntry 3 }
|
|
|
|
cLRulePriority OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to define the order in which the
|
|
rules will be applied. The rules will be applied from
|
|
lowest to highest and gaps are allowed.
|
|
Each rule must have and unique value for this object."
|
|
::= { cLRuleConfigEntry 4 }
|
|
|
|
cLRuleEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies whether this rule is enabled or not.
|
|
A value of 'true' specifies this rule is enabled.
|
|
A value of 'false' specifies this rule is disabled."
|
|
::= { cLRuleConfigEntry 5 }
|
|
|
|
cLRuleStorageType OBJECT-TYPE
|
|
SYNTAX StorageType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the storage type for this conceptual
|
|
row."
|
|
DEFVAL { nonVolatile }
|
|
::= { cLRuleConfigEntry 6 }
|
|
|
|
cLRuleRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the status column for a
|
|
conceptual row in this table. All writable objects
|
|
in this row may be modified when the row is active."
|
|
::= { cLRuleConfigEntry 7 }
|
|
|
|
|
|
-- ********************************************************************
|
|
-- Rule/Condition name configuration
|
|
-- ********************************************************************
|
|
|
|
cLConditionConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CLConditionConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table represents the configuration of
|
|
conditions that can be applied to a rule."
|
|
::= { cLRogueRuleConfig 2 }
|
|
|
|
cLConditionConfigEntry OBJECT-TYPE
|
|
SYNTAX CLConditionConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry represents a conceptual row in
|
|
cLConditionConfigTable, as identified by a
|
|
specific condition name to be applied on a
|
|
specific rule name."
|
|
INDEX {
|
|
cLRuleName,
|
|
cLConditionName
|
|
}
|
|
::= { cLConditionConfigTable 1 }
|
|
|
|
CLConditionConfigEntry ::= SEQUENCE {
|
|
cLConditionName SnmpAdminString,
|
|
cLConditionType INTEGER,
|
|
cLConditionValue Integer32,
|
|
cLConditionEnable TruthValue,
|
|
cLConditionStorageType StorageType,
|
|
cLConditionRowStatus RowStatus,
|
|
cLConditionRssi Integer32,
|
|
cLConditionClientCount Unsigned32,
|
|
cLConditionNoEncryptionEnabled TruthValue,
|
|
cLConditionManagedSsidEnabled TruthValue,
|
|
cLConditionDuration Unsigned32
|
|
}
|
|
|
|
cLConditionName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE (1..64))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the condition name."
|
|
::= { cLConditionConfigEntry 1 }
|
|
|
|
cLConditionType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
managedSsid(1),
|
|
rssi(2),
|
|
duration(3),
|
|
clientCount(4),
|
|
noEncryption(5),
|
|
userConfigSsid(6)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the condition type
|
|
for this condition associated with a rule.
|
|
managedSsid - matches managed SSID
|
|
rssi - required minimum RSSI
|
|
duration - limited to this time duration
|
|
clientCount - number of associated clients
|
|
noEncryption - no encryption rule
|
|
userConfigSsid - matches user configured SSID"
|
|
::= { cLConditionConfigEntry 2 }
|
|
|
|
cLConditionValue OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the value associated
|
|
with the condition type as specified by
|
|
the corresponding cLConditionType instance.
|
|
If cLConditionType is 'userConfigSsid',
|
|
then corresponding 'cLConditionValue' can
|
|
only take on the value of zero."
|
|
::= { cLConditionConfigEntry 3 }
|
|
|
|
cLConditionEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates whether matching against
|
|
this condition is enabled or not. A value of 'true'
|
|
indicates matching against this condition is enabled.
|
|
A value of 'false' indicates matching against
|
|
this condition is disabled."
|
|
::= { cLConditionConfigEntry 4 }
|
|
|
|
cLConditionStorageType OBJECT-TYPE
|
|
SYNTAX StorageType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the storage type for this conceptual
|
|
row."
|
|
DEFVAL { nonVolatile }
|
|
::= { cLConditionConfigEntry 5 }
|
|
|
|
cLConditionRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the status column for a
|
|
conceptual row in this table. All writable objects
|
|
except cLConditionType in this row may be
|
|
modified when the row is active."
|
|
::= { cLConditionConfigEntry 6 }
|
|
|
|
cLConditionRssi OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the minimum value of RSSI that
|
|
a rogue AP must have in order to match cLConditionType
|
|
of 'rssi'."
|
|
DEFVAL { 0 }
|
|
::= { cLConditionConfigEntry 7 }
|
|
|
|
cLConditionClientCount OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the minimum value of client count
|
|
that a rogue AP must have in order to match cLConditionType
|
|
of 'clientCount'."
|
|
DEFVAL { 0 }
|
|
::= { cLConditionConfigEntry 8 }
|
|
|
|
cLConditionNoEncryptionEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies whether or not encryption is enabled.
|
|
A value of 'true' indicates that encryption is not enabled.
|
|
A value of 'false' indicates that encryption is enabled
|
|
for this condition."
|
|
DEFVAL { true }
|
|
::= { cLConditionConfigEntry 9 }
|
|
|
|
cLConditionManagedSsidEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies whether or not managed SSID is enabled.
|
|
A value of 'true' indicates managed SSID is enabled.
|
|
A value of 'false' indicates managed SSID is not enabled
|
|
for this condition."
|
|
DEFVAL { true }
|
|
::= { cLConditionConfigEntry 10 }
|
|
|
|
cLConditionDuration OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the minimum value of duration,
|
|
in seconds, a rogue AP must be present in order to match
|
|
cLConditionType of 'duration'."
|
|
DEFVAL { 0 }
|
|
::= { cLConditionConfigEntry 11 }
|
|
|
|
|
|
-- ********************************************************************
|
|
-- Rule/Condition SSID configuration
|
|
-- ********************************************************************
|
|
|
|
cLConditionSsidConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CLConditionSsidConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table represents the configuration of
|
|
SSID for a rule. This is applicable to
|
|
conditions within a rule which has the
|
|
corresponding cLConditionType taking on the value
|
|
of 'userConfigSsid'."
|
|
::= { cLRogueRuleConfig 3 }
|
|
|
|
cLConditionSsidConfigEntry OBJECT-TYPE
|
|
SYNTAX CLConditionSsidConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry represents a conceptual row in
|
|
cLConditionSsidConfigTable."
|
|
INDEX {
|
|
cLRuleName,
|
|
cLConditionName,
|
|
cLConditionSsidValue
|
|
}
|
|
::= { cLConditionSsidConfigTable 1 }
|
|
|
|
CLConditionSsidConfigEntry ::= SEQUENCE {
|
|
cLConditionSsidValue SnmpAdminString,
|
|
cLConditionSsidStorageType StorageType,
|
|
cLConditionSsidRowStatus RowStatus
|
|
}
|
|
|
|
cLConditionSsidValue OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE (1..32))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the SSID value for this
|
|
condition associated with a rule."
|
|
::= { cLConditionSsidConfigEntry 1 }
|
|
|
|
cLConditionSsidStorageType OBJECT-TYPE
|
|
SYNTAX StorageType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the storage
|
|
type for this conceptual row."
|
|
DEFVAL { nonVolatile }
|
|
::= { cLConditionSsidConfigEntry 2 }
|
|
|
|
cLConditionSsidRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the status column for a
|
|
conceptual row in this table. All writable objects
|
|
in this row may not be modified when the row is active."
|
|
::= { cLConditionSsidConfigEntry 3 }
|
|
|
|
|
|
-- ********************************************************************
|
|
-- Rogue Ignore List Configuration
|
|
-- ********************************************************************
|
|
|
|
cLRogueIgnoreListTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CLRogueIgnoreListEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table lists the APs, as identified by the AP's mac address,
|
|
which should not be treated as rogue by the controller.
|
|
These APs are the autonomous access points that have been
|
|
manually added to WCS."
|
|
::= { cLRogueIgnoreListConfig 1 }
|
|
|
|
cLRogueIgnoreListEntry OBJECT-TYPE
|
|
SYNTAX CLRogueIgnoreListEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry represents a conceptual row in this table.
|
|
There will be a row for each entry of the autonomous
|
|
APs which are manually added to WCS. When the autonomous
|
|
AP is no longer managed by WCS, the corresponding row
|
|
entry will be removed."
|
|
INDEX { cLRogueIgnoreListMACAddress }
|
|
::= { cLRogueIgnoreListTable 1 }
|
|
|
|
CLRogueIgnoreListEntry ::= SEQUENCE {
|
|
cLRogueIgnoreListMACAddress MacAddress,
|
|
cLRogueIgnoreListStorageType StorageType,
|
|
cLRogueIgnoreListRowStatus RowStatus
|
|
}
|
|
|
|
cLRogueIgnoreListMACAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the MAC Address of the AP to be put in the
|
|
rogue ignore list."
|
|
::= { cLRogueIgnoreListEntry 1 }
|
|
|
|
cLRogueIgnoreListStorageType OBJECT-TYPE
|
|
SYNTAX StorageType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the storage type for this
|
|
conceptual row."
|
|
DEFVAL { nonVolatile }
|
|
::= { cLRogueIgnoreListEntry 2 }
|
|
|
|
cLRogueIgnoreListRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the status of the conceptual row.
|
|
All writable objects in this row may not be
|
|
modified when the row is active."
|
|
::= { cLRogueIgnoreListEntry 3 }
|
|
|
|
|
|
|
|
-- ********************************************************************
|
|
-- Auto Containment configuration
|
|
-- ********************************************************************
|
|
|
|
cLRldpAutoContainFeatureOnWiredNetwork OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
disable(1),
|
|
enable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the RLDP Auto contain feature status.
|
|
|
|
disable - automatic containment of rogues on wired network
|
|
is disabled
|
|
enable - automatic containment of rogues on wired network
|
|
is enabled
|
|
|
|
NOTE: Using this feature may have legal consequences!!!"
|
|
DEFVAL { disable }
|
|
::= { cLRldpAutoContainConfig 1 }
|
|
|
|
cLRldpAutoContainRoguesAdvertisingSsid OBJECT-TYPE
|
|
SYNTAX CLAutoContainActions
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the action with respect to auto containment feature,
|
|
that should be taken when switch detects rogues that are
|
|
advertising our SSID.
|
|
|
|
NOTE: Using this feature may have legal consequences!!!"
|
|
DEFVAL { alarmOnly }
|
|
::= { cLRldpAutoContainConfig 2 }
|
|
|
|
cLRldpAutoContainAdhocNetworks OBJECT-TYPE
|
|
SYNTAX CLAutoContainActions
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the action with respect to auto containment feature,
|
|
that should be taken when adhoc networks are
|
|
detected by the switch.
|
|
|
|
NOTE: Using this feature may have legal consequences!!!"
|
|
DEFVAL { alarmOnly }
|
|
::= { cLRldpAutoContainConfig 3 }
|
|
|
|
cLRldpAutoContainTrustedClientsOnRogueAps OBJECT-TYPE
|
|
SYNTAX CLAutoContainActions
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the action with respect to auto containment feature,
|
|
that should be taken when trusted clients that
|
|
are associated to rogue APs are detected by the switch.
|
|
|
|
NOTE: Using this feature may have legal consequences!!!"
|
|
DEFVAL { alarmOnly }
|
|
::= { cLRldpAutoContainConfig 4 }
|
|
|
|
cLRldpAutoContainLevel OBJECT-TYPE
|
|
SYNTAX Integer32 (1..4)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to specify the level of auto containment.
|
|
The level actually denotes the number of APs that should be
|
|
used by the controller for auto containment."
|
|
DEFVAL { 1 }
|
|
::= { cLRldpAutoContainConfig 5 }
|
|
|
|
cLRldpAutoContainOnlyforMonitorModeAps OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
disable(1),
|
|
enable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to specify if auto containment should be
|
|
done only using monitor mode APs or not.
|
|
|
|
disable - auto containment will be done using all APs
|
|
irrespective of the mode
|
|
enable - auto containment will be done only using monitor
|
|
mode APs."
|
|
DEFVAL { disable }
|
|
::= { cLRldpAutoContainConfig 6 }
|
|
-- ********************************************************************
|
|
-- Rogue AP List Configuration
|
|
-- ********************************************************************
|
|
|
|
cLRogueApTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CLRogueApEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table lists the configured rogue APs in the system."
|
|
::= { cLRogueApConfig 1 }
|
|
|
|
cLRogueApEntry OBJECT-TYPE
|
|
SYNTAX CLRogueApEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry containing contains management information
|
|
of a particular rogue AP.
|
|
|
|
An entry can be created, or deleted by using
|
|
cLRogueApRowStatus."
|
|
INDEX { cLRogueApMACAddress }
|
|
::= { cLRogueApTable 1 }
|
|
|
|
CLRogueApEntry ::= SEQUENCE {
|
|
cLRogueApMACAddress MacAddress,
|
|
cLRogueApClassType INTEGER,
|
|
cLRogueApState INTEGER,
|
|
cLRogueApStorageType StorageType,
|
|
cLRogueApRowStatus RowStatus
|
|
}
|
|
|
|
cLRogueApMACAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"MAC Address of a rogue AP."
|
|
::= { cLRogueApEntry 1 }
|
|
|
|
cLRogueApClassType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
friendly(1),
|
|
malicious(2),
|
|
unclassified(3),
|
|
custom(4)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the type of a rogue AP.
|
|
|
|
friendly - existing known, Acknowledge, and Trust missing
|
|
rogue states are classified as Friendly.
|
|
malicious - unknown AP that could be a threat.
|
|
unclassified - an unknown AP or rogue AP is identified
|
|
but it does not belong to Friendly or
|
|
Malicious rogue types.
|
|
custom - AP that matches user defined custom rules."
|
|
DEFVAL { custom }
|
|
::= { cLRogueApEntry 2 }
|
|
|
|
cLRogueApState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
pending(1),
|
|
alert(2),
|
|
detectedLrad(3),
|
|
known(4),
|
|
acknowledge(5),
|
|
contained(6),
|
|
threat(7),
|
|
containedPending(8),
|
|
knownContained(9),
|
|
trustedMissing(10),
|
|
initializing(11)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This objects specifies the state in which
|
|
the rogue AP is.
|
|
|
|
pending - a read-only value indicates that rogue AP
|
|
can not be state to any of the following
|
|
type.
|
|
alert - rogue AP can be a potential threat.
|
|
Trap will be sent out to trap recipients.
|
|
detectedLrad - a read-only value indicates that a LRAD
|
|
that got detected as rogue.
|
|
known - a read-only value indicates that an internal
|
|
AP which is not on the same switch.
|
|
acknowledge - a read-only value indicates that an external
|
|
AP whose existence is acceptable and not a
|
|
threat(probably from vendor other than
|
|
cisco).
|
|
contained - containment is initiated and ongoing.
|
|
threat - rogue AP is found on wired network.
|
|
containedPending - a read-only value indicates that no AP
|
|
resources available for containment.
|
|
knownContained - a read-only value indicates that no longer
|
|
used.
|
|
trustedMissing - rogue AP is friendly but there is no slot
|
|
for friendly AP.
|
|
initializing - a read-only value indicates that rogue
|
|
AP is being initialized.
|
|
|
|
For a friendly rogue AP, only two states are valid:
|
|
'known' and 'acknowledge'.
|
|
|
|
'known', 'knownContained' and 'trustedMissing'
|
|
can appear in known rogue list.
|
|
|
|
Known rogues can be pre-provisioned and known rogues
|
|
state can be changed to 'alert'."
|
|
DEFVAL { alert }
|
|
::= { cLRogueApEntry 3 }
|
|
|
|
cLRogueApStorageType OBJECT-TYPE
|
|
SYNTAX StorageType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the storage type for this
|
|
conceptual row."
|
|
DEFVAL { nonVolatile }
|
|
::= { cLRogueApEntry 4 }
|
|
|
|
cLRogueApRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of the conceptual row.
|
|
All writable objects in this row may be modified when
|
|
the row is active."
|
|
::= { cLRogueApEntry 5 }
|
|
|
|
|
|
-- ********************************************************************
|
|
-- MIB Compliance Statements
|
|
-- ********************************************************************
|
|
|
|
ciscoLwappRogueMIBCompliances OBJECT IDENTIFIER
|
|
::= { ciscoLwappRogueMIBConform 1 }
|
|
|
|
ciscoLwappRogueMIBGroups OBJECT IDENTIFIER
|
|
::= { ciscoLwappRogueMIBConform 2 }
|
|
|
|
|
|
ciscoLwappRogueMIBCompliance MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"The compliance statement for the SNMP entities that
|
|
implement the ciscoLwappRogueMIB module."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS {
|
|
ciscoLwappRogueConfigGroup,
|
|
ciscoLwappRogueNotifsGroup
|
|
}
|
|
::= { ciscoLwappRogueMIBCompliances 1 }
|
|
|
|
ciscoLwappRogueMIBComplianceRev1 MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"The compliance statement for the SNMP entities that
|
|
implement the ciscoLwappRogueMIB module."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS {
|
|
ciscoLwappRogueConfigGroup,
|
|
ciscoLwappRogueNotifsGroup,
|
|
ciscoLwappRogueConfigSup1Group
|
|
}
|
|
|
|
OBJECT cLRogueIgnoreListRowStatus
|
|
SYNTAX INTEGER {
|
|
active(1),
|
|
createAndGo(4),
|
|
destroy(6)
|
|
}
|
|
DESCRIPTION
|
|
"An implementation is only required to support
|
|
three of the six enumerated values of the
|
|
RowStatus textual convention, specifically,
|
|
'active', 'createAndGo' and 'destroy'."
|
|
|
|
OBJECT cLRuleRowStatus
|
|
SYNTAX INTEGER {
|
|
active(1),
|
|
createAndGo(4),
|
|
destroy(6)
|
|
}
|
|
DESCRIPTION
|
|
"An implementation is only required to support
|
|
three of the six enumerated values of the
|
|
RowStatus textual convention, specifically,
|
|
'active', 'createAndGo' and 'destroy'."
|
|
|
|
OBJECT cLConditionRowStatus
|
|
SYNTAX INTEGER {
|
|
active(1),
|
|
createAndGo(4),
|
|
destroy(6)
|
|
}
|
|
DESCRIPTION
|
|
"An implementation is only required to support
|
|
three of the six enumerated values of the
|
|
RowStatus textual convention, specifically,
|
|
'active', 'createAndGo' and 'destroy'."
|
|
|
|
OBJECT cLConditionSsidRowStatus
|
|
SYNTAX INTEGER {
|
|
active(1),
|
|
createAndGo(4),
|
|
destroy(6)
|
|
}
|
|
DESCRIPTION
|
|
"An implementation is only required to support
|
|
three of the six enumerated values of the
|
|
RowStatus textual convention, specifically,
|
|
'active', 'createAndGo' and 'destroy'."
|
|
|
|
OBJECT cLRogueIgnoreListStorageType
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cLRuleStorageType
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cLConditionStorageType
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cLConditionSsidStorageType
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
::= { ciscoLwappRogueMIBCompliances 2 }
|
|
|
|
ciscoLwappRogueMIBComplianceRev2 MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"The compliance statement for the SNMP entities that
|
|
implement the ciscoLwappRogueMIB module."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS {
|
|
ciscoLwappRogueConfigGroup,
|
|
ciscoLwappRogueNotifsGroup,
|
|
ciscoLwappRogueConfigSup2Group
|
|
}
|
|
|
|
OBJECT cLRogueIgnoreListRowStatus
|
|
SYNTAX INTEGER {
|
|
active(1),
|
|
createAndGo(4),
|
|
destroy(6)
|
|
}
|
|
DESCRIPTION
|
|
"An implementation is only required to support
|
|
three of the six enumerated values of the
|
|
RowStatus textual convention, specifically,
|
|
'active', 'createAndGo' and 'destroy'."
|
|
|
|
OBJECT cLRuleRowStatus
|
|
SYNTAX INTEGER {
|
|
active(1),
|
|
createAndGo(4),
|
|
destroy(6)
|
|
}
|
|
DESCRIPTION
|
|
"An implementation is only required to support
|
|
three of the six enumerated values of the
|
|
RowStatus textual convention, specifically,
|
|
'active', 'createAndGo' and 'destroy'."
|
|
|
|
OBJECT cLConditionRowStatus
|
|
SYNTAX INTEGER {
|
|
active(1),
|
|
createAndGo(4),
|
|
destroy(6)
|
|
}
|
|
DESCRIPTION
|
|
"An implementation is only required to support
|
|
three of the six enumerated values of the
|
|
RowStatus textual convention, specifically,
|
|
'active', 'createAndGo' and 'destroy'."
|
|
|
|
OBJECT cLConditionSsidRowStatus
|
|
SYNTAX INTEGER {
|
|
active(1),
|
|
createAndGo(4),
|
|
destroy(6)
|
|
}
|
|
DESCRIPTION
|
|
"An implementation is only required to support
|
|
three of the six enumerated values of the
|
|
RowStatus textual convention, specifically,
|
|
'active', 'createAndGo' and 'destroy'."
|
|
|
|
OBJECT cLRogueIgnoreListStorageType
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cLRuleStorageType
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cLConditionStorageType
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cLConditionSsidStorageType
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
::= { ciscoLwappRogueMIBCompliances 3 }
|
|
|
|
ciscoLwappRogueMIBComplianceRev3 MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"The compliance statement for the SNMP entities that
|
|
implement the ciscoLwappRogueMIB module."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS {
|
|
ciscoLwappRogueConfigGroup,
|
|
ciscoLwappRogueNotifsGroup,
|
|
ciscoLwappRogueConfigSup3Group
|
|
}
|
|
|
|
OBJECT cLRogueIgnoreListRowStatus
|
|
SYNTAX INTEGER {
|
|
active(1),
|
|
createAndGo(4),
|
|
destroy(6)
|
|
}
|
|
DESCRIPTION
|
|
"An implementation is only required to support
|
|
three of the six enumerated values of the
|
|
RowStatus textual convention, specifically,
|
|
'active', 'createAndGo' and 'destroy'."
|
|
|
|
OBJECT cLRuleRowStatus
|
|
SYNTAX INTEGER {
|
|
active(1),
|
|
createAndGo(4),
|
|
destroy(6)
|
|
}
|
|
DESCRIPTION
|
|
"An implementation is only required to support
|
|
three of the six enumerated values of the
|
|
RowStatus textual convention, specifically,
|
|
'active', 'createAndGo' and 'destroy'."
|
|
|
|
OBJECT cLConditionRowStatus
|
|
SYNTAX INTEGER {
|
|
active(1),
|
|
createAndGo(4),
|
|
destroy(6)
|
|
}
|
|
DESCRIPTION
|
|
"An implementation is only required to support
|
|
three of the six enumerated values of the
|
|
RowStatus textual convention, specifically,
|
|
'active', 'createAndGo' and 'destroy'."
|
|
|
|
OBJECT cLConditionSsidRowStatus
|
|
SYNTAX INTEGER {
|
|
active(1),
|
|
createAndGo(4),
|
|
destroy(6)
|
|
}
|
|
DESCRIPTION
|
|
"An implementation is only required to support
|
|
three of the six enumerated values of the
|
|
RowStatus textual convention, specifically,
|
|
'active', 'createAndGo' and 'destroy'."
|
|
|
|
OBJECT cLRogueIgnoreListStorageType
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cLRuleStorageType
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cLConditionStorageType
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cLConditionSsidStorageType
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
::= { ciscoLwappRogueMIBCompliances 4 }
|
|
|
|
ciscoLwappRogueMIBComplianceRev4 MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The compliance statement for the SNMP entities that
|
|
implement the ciscoLwappRogueMIB module."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS {
|
|
ciscoLwappRogueConfigGroup,
|
|
ciscoLwappRogueNotifsGroup,
|
|
ciscoLwappRogueConfigSup3Group
|
|
}
|
|
|
|
GROUP ciscoLwappRogueConfigSup4Group
|
|
DESCRIPTION
|
|
"This group is mandatory for platforms which support
|
|
rogue functionality."
|
|
|
|
OBJECT cLRogueIgnoreListRowStatus
|
|
SYNTAX INTEGER {
|
|
active(1),
|
|
createAndGo(4),
|
|
destroy(6)
|
|
}
|
|
DESCRIPTION
|
|
"An implementation is only required to support
|
|
three of the six enumerated values of the
|
|
RowStatus textual convention, specifically,
|
|
'active', 'createAndGo' and 'destroy'."
|
|
|
|
OBJECT cLRuleRowStatus
|
|
SYNTAX INTEGER {
|
|
active(1),
|
|
createAndGo(4),
|
|
destroy(6)
|
|
}
|
|
DESCRIPTION
|
|
"An implementation is only required to support
|
|
three of the six enumerated values of the
|
|
RowStatus textual convention, specifically,
|
|
'active', 'createAndGo' and 'destroy'."
|
|
|
|
OBJECT cLConditionRowStatus
|
|
SYNTAX INTEGER {
|
|
active(1),
|
|
createAndGo(4),
|
|
destroy(6)
|
|
}
|
|
DESCRIPTION
|
|
"An implementation is only required to support
|
|
three of the six enumerated values of the
|
|
RowStatus textual convention, specifically,
|
|
'active', 'createAndGo' and 'destroy'."
|
|
|
|
OBJECT cLConditionSsidRowStatus
|
|
SYNTAX INTEGER {
|
|
active(1),
|
|
createAndGo(4),
|
|
destroy(6)
|
|
}
|
|
DESCRIPTION
|
|
"An implementation is only required to support
|
|
three of the six enumerated values of the
|
|
RowStatus textual convention, specifically,
|
|
'active', 'createAndGo' and 'destroy'."
|
|
|
|
OBJECT cLRogueIgnoreListStorageType
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cLRuleStorageType
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cLConditionStorageType
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cLConditionSsidStorageType
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cLRogueClientNumThreshold
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cLRogueDetectionSecurityLevel
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cLRogueValidateRogueClientsAgainstMse
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cLConditionRssi
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cLConditionClientCount
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cLConditionNoEncryptionEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cLConditionManagedSsidEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cLConditionDuration
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cLRogueApClassType
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cLRogueApState
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cLRogueApStorageType
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cLRogueApRowStatus
|
|
SYNTAX INTEGER {
|
|
active(1)
|
|
}
|
|
WRITE-SYNTAX INTEGER {
|
|
createAndGo(4),
|
|
destroy(6)
|
|
}
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required.
|
|
Support for createAndWait and notInService
|
|
is not required."
|
|
::= { ciscoLwappRogueMIBCompliances 5 }
|
|
|
|
-- Units of Conformance
|
|
|
|
ciscoLwappRogueConfigGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cLRogueAdhocRogueReportEnable,
|
|
cLRogueAdhocRogueNotifEnabled
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This collection of objects represent the
|
|
rogue configuration on the controller."
|
|
::= { ciscoLwappRogueMIBGroups 1 }
|
|
|
|
ciscoLwappRogueNotifsGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS { cLRogueAdhocRogueDetected }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This collection of objects specifies the
|
|
notifications for rogue detection."
|
|
::= { ciscoLwappRogueMIBGroups 2 }
|
|
|
|
ciscoLwappRogueConfigSup1Group OBJECT-GROUP
|
|
OBJECTS {
|
|
cLRogueIgnoreListStorageType,
|
|
cLRogueIgnoreListRowStatus,
|
|
cLRuleRogueType,
|
|
cLRuleConditionsMatch,
|
|
cLRulePriority,
|
|
cLRuleEnable,
|
|
cLRuleStorageType,
|
|
cLRuleRowStatus,
|
|
cLConditionType,
|
|
cLConditionValue,
|
|
cLConditionEnable,
|
|
cLConditionStorageType,
|
|
cLConditionRowStatus,
|
|
cLConditionSsidStorageType,
|
|
cLConditionSsidRowStatus,
|
|
cLRldpAutoContainFeatureOnWiredNetwork,
|
|
cLRldpAutoContainRoguesAdvertisingSsid,
|
|
cLRldpAutoContainAdhocNetworks,
|
|
cLRldpAutoContainTrustedClientsOnRogueAps
|
|
}
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"This collection of objects represent the
|
|
rogue configuration on the controller.
|
|
ciscoLwappRogueConfigSup1Group object is superseded
|
|
by ciscoLwappRogueConfigSup2Group."
|
|
::= { ciscoLwappRogueMIBGroups 3 }
|
|
|
|
ciscoLwappRogueConfigSup2Group OBJECT-GROUP
|
|
OBJECTS {
|
|
cLRogueIgnoreListStorageType,
|
|
cLRogueIgnoreListRowStatus,
|
|
cLRuleRogueType,
|
|
cLRuleConditionsMatch,
|
|
cLRulePriority,
|
|
cLRuleEnable,
|
|
cLRuleStorageType,
|
|
cLRuleRowStatus,
|
|
cLConditionType,
|
|
cLConditionValue,
|
|
cLConditionEnable,
|
|
cLConditionStorageType,
|
|
cLConditionRowStatus,
|
|
cLConditionSsidStorageType,
|
|
cLConditionSsidRowStatus,
|
|
cLRldpAutoContainFeatureOnWiredNetwork,
|
|
cLRldpAutoContainRoguesAdvertisingSsid,
|
|
cLRldpAutoContainAdhocNetworks,
|
|
cLRldpAutoContainTrustedClientsOnRogueAps,
|
|
cLRldpAutoContainLevel,
|
|
cLRldpAutoContainOnlyforMonitorModeAps
|
|
}
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"This collection of objects represent the
|
|
rogue configuration on the controller.
|
|
ciscoLwappRogueConfigSup2Group object is
|
|
superseded by ciscoLwappRogueConfigSup3Group."
|
|
::= { ciscoLwappRogueMIBGroups 4 }
|
|
|
|
ciscoLwappRogueConfigSup3Group OBJECT-GROUP
|
|
OBJECTS {
|
|
cLRogueIgnoreListStorageType,
|
|
cLRogueIgnoreListRowStatus,
|
|
cLRuleRogueType,
|
|
cLRuleConditionsMatch,
|
|
cLRulePriority,
|
|
cLRuleEnable,
|
|
cLRuleStorageType,
|
|
cLRuleRowStatus,
|
|
cLConditionType,
|
|
cLConditionValue,
|
|
cLConditionEnable,
|
|
cLConditionStorageType,
|
|
cLConditionRowStatus,
|
|
cLConditionSsidStorageType,
|
|
cLConditionSsidRowStatus,
|
|
cLRldpAutoContainFeatureOnWiredNetwork,
|
|
cLRldpAutoContainRoguesAdvertisingSsid,
|
|
cLRldpAutoContainAdhocNetworks,
|
|
cLRldpAutoContainTrustedClientsOnRogueAps,
|
|
cLRldpAutoContainLevel,
|
|
cLRldpAutoContainOnlyforMonitorModeAps,
|
|
cLRogueReportInterval,
|
|
cLRogueMinimumRssi,
|
|
cLRogueTransientInterval
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This collection of objects represent the
|
|
rogue configuration on the controller."
|
|
::= { ciscoLwappRogueMIBGroups 5 }
|
|
|
|
ciscoLwappRogueConfigSup4Group OBJECT-GROUP
|
|
OBJECTS {
|
|
cLRogueApClassType,
|
|
cLRogueApState,
|
|
cLRogueApStorageType,
|
|
cLRogueApRowStatus,
|
|
cLRogueClientNumThreshold,
|
|
cLRogueDetectionSecurityLevel,
|
|
cLRogueValidateRogueClientsAgainstMse,
|
|
cLConditionRssi,
|
|
cLConditionClientCount,
|
|
cLConditionNoEncryptionEnabled,
|
|
cLConditionManagedSsidEnabled,
|
|
cLConditionDuration
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This collection of objects represent the
|
|
rogue configuration on the controller."
|
|
::= { ciscoLwappRogueMIBGroups 6 }
|
|
|
|
END
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|