CISCO-LWAPP-AAA-MIB: View SNMP OID List / Download MIB

This MIB is intended to be implemented on all those devices operating as Central Controllers (CC), that terminate the Light Weight Access Point Protocol tunnel from Cisco Light-weight LWAPP Access Points. Information provided by this MIB is used to manage AAA information on the controller. The relationship between CC and the LWAPP APs can be depicted as follows: +......+ +......+ +......+ + + + + + + + CC + + CC + + CC + + + + + + + +......+ +......+ +......+ .. . . .. . . . . . . . . . . . . . . . . . . +......+ +......+ +......+ +......+ + + + + + + + + + AP + + AP + + AP + + AP + + + + + + + + + +......+ +......+ +......+ +......+ . . . . . . . . . . . . . . . . . . . +......+ +......+ +......+ +......+ + + + + + + + + + MN + + MN + + MN + + MN + + + + + + + + + +......+ +......+ +......+ +......+ The LWAPP tunnel exists between the controller and the APs. The MNs communicate with the APs through the protocol defined by the 802.11 standard. LWAPP APs, upon bootup, discover and join one of the controllers and the controller pushes the configuration, that includes the WLAN parameters, to the LWAPP APs. The APs then encapsulate all the 802.11 frames from wireless clients inside LWAPP frames and forward the LWAPP frames to the controller. GLOSSARY Access Point ( AP ) An entity that contains an 802.11 medium access control ( MAC ) and physical layer ( PHY ) interface and provides access to the distribution services via the wireless medium for associated clients. LWAPP APs encapsulate all the 802.11 frames in LWAPP frames and sends them to the controller to which it is logically connected. Light Weight Access Point Protocol ( LWAPP ) This is a generic protocol that defines the communication between the Access Points and the Central Controller. Mobile Node ( MN ) A roaming 802.11 wireless device in a wireless network associated with an access point. Mobile Node and client are used interchangeably. Terminal Access Controller Access-Control System ( TACACS ) A remote authentication protocol that is used to communicate with an authentication server. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access to the network. Remote Authentication Dial In User Service (RADIUS) It is an AAA (authentication, authorization and accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations. Wireless LAN ( WLAN ) It is a wireless local area network, which is the linking of two or more computers without using wires. It uses radio communication to accomplish the same functionality of a wired LAN. PAP - Password Authentication Protocol CHAP - Challenge Handshake Authentication Protocol MD5-CHAP - Message Digest 5 Challenge Handshake Authentication Protocol LSC - Local Significant Certificate LSC can be used if we want our own public key infrastructure (PKI) to provide better security, to have control of our certificate authority (CA), and to define policies, restrictions, and usages on the generated certificates. REFERENCE [1] Wireless LAN Medium Access Control ( MAC ) and Physical Layer ( PHY ) Specifications [2] Draft-obara-capwap-lwapp-00.txt, IETF Light Weight Access Point Protocol

This notification is sent by the agent when the controller detects that the RADIUS server is activated in the global list. The RADIUS server is identified by the address (claRadiusAddress) and port number (claRadiusPortNum).

This notification is sent by the agent when the controller detects that the RADIUS server is deactivated in the global list. The RADIUS server is identified by the address (claRadiusAddress) and port number (claRadiusPortNum).

This notification is sent by the agent when the controller detects that the RADIUS server is activated on the WLAN. The RADIUS server is identified by the address (claRadiusAddress) and port number (claRadiusPortNum).

This notification is sent by the agent when the controller detects that the RADIUS server is deactivated on the WLAN. The RADIUS server is identified by the address (claRadiusAddress) and port number (claRadiusPortNum).

This notification is sent by the agent when the controller detects that the RADIUS server failed to respond to request from a client/user. The RADIUS server is identified by the address (claRadiusAddress) and port number (claRadiusPortNum).

This table contains entries for AAA authentication methods configured in the controller. At startup, all the entries in this table are set up by the central controller. A management application can later change the priority order using the claPriorityOrder.

A conceptual row in claPriorityTable. There is an entry in this table for each AAA authentication method available at the agent, as identified by a value of claPriorityAuth.

This object represents the authentication method used to authenticate users. local - indicates that local password is used for authentication. radius - indicates that RADIUS method is used for authentication. tacacsplus - indicates that TACACS method is used for authentication. Enumeration: 'radius': 2, 'local': 1, 'tacacsplus': 3.

This is the priority order of an authentication method to be used in user authentication for a session. At start up, the agent assigns the value of this object. Later this can be changed by the management station. This object reflects the relative priority of the authentication method denoted by claPriorityAuth with respect to already configured authentication methods. The zero value indicates that the priority is not set and that the authentication methods are applied in ascending order. Each object must contain a unique value for claPriorityOrder or zero. In the case when a priority is set for a value that is already used by existing object the existing object's claPriorityOrder with be swapped.

This table represents the information about configuring the Accounting, Authentication and Authorization servers. The creation of a new row in claTacacsServerTable is through an explicit network management action results in creation of an entry in this table. Similarly, deletion of a row in claTacacsServerTable through user action causes the deletion of corresponding row in this table. The claTacacsServerType defines the server type being used and the claTacacsServerPriority defines the priority the server accessed within a given type.

Each entry in this table provides information about the server that is configured for AAA. Each entry is uniquely identified by the server type and priority that server is accessed.

This attribute identifies the type of the server being configured. Enumeration: 'accounting': 3, 'authentication': 1, 'authorization': 2.

The priority value for this entry. This value determines the unique priority for this entry. The priority value for this entry determines the order in which the server configured in this entry is accessed. The lower the number, the higher the priority. For example if there are 2 entries with priority 1 and 2 respectively, the controller will try the server with priority 1 before it tries the server with priority 2.

This object represents the type of the network address made available through claTacacsServerAddress. This object must be set to a valid value before setting the row to 'active'.

This object represents the address of the AAA server. The type of the address stored in this object is determined by the claTacacsServerAddressType object. This object must be set to a valid value before setting the row to 'active'.

The port number for this server. This object must be set to a valid value before setting the row to 'active'.

When set to true the server state is enabled, otherwise the state is disabled.

The claTacacsServerSecret value is set based on this type. When reading this object, the value 'default' is always returned. This object must be set to a valid value before setting the row to 'active'.

The key configured for this server. For get operation this always returns a string with asterisks. This object must be set to a valid value before setting the row to 'active'. This object can be modified when a row is in the 'active' state.

The number of seconds between retransmissions. This object can be modified when a row is in the 'active' state.

The storage type for this conceptual row. Conceptual rows having the value 'permanent' need not allow write-access to any columnar objects in the row.

Used to add or delete an entry in this table. The required parameters for this entry are claTacacsServerAddress, claTacacsServerAddressType, claTacacsServerPortNum, claTacacsServerSecret and claTacacsServerSecretType should be provided. When a row is in 'active' state, some objects in this table can be modified as described in each individual object's description.

AAA table corresponding to a WLAN. When WLAN is added a new entry gets added to this table. The entry is removed when the WLAN is removed.

Each entry in this table provides AAA information for a WLAN.

Status to indicate whether the account server is enabled(true) or disabled(false) for this WLAN.

This object represents the status whether the authentication server is enabled(true) or disabled(false) for this WLAN.

The object to control the generation of ciscoLwappAAARadiusServerGlobalActivated notification. A value of 'true' indicates that the agent generates ciscoLwappAAARadiusServerGlobalActivated notification. A value of 'false' indicates that the agent doesn't generate ciscoLwappAAARadiusServerGlobalActivated notification.

The object to control the generation of ciscoLwappAAARadiusServerGlobalDeactivated notification. A value of 'true' indicates that the agent generates ciscoLwappAAARadiusServerGlobalDeactivated notification. A value of 'false' indicates that the agent doesn't generate ciscoLwappAAARadiusServerGlobalDeactivated notification.

The object to control the generation of ciscoLwappAAARadiusServerWlanActivated notification. A value of 'true' indicates that the agent generates ciscoLwappAAARadiusServerWlanActivated notification. A value of 'false' indicates that the agent doesn't generate ciscoLwappAAARadiusServerWlanActivated notification.

The object to control the generation of ciscoLwappAAARadiusServerWlanDeactivated notification. A value of 'true' indicates that the agent generates ciscoLwappAAARadiusServerWlanDeactivated notification. A value of 'false' indicates that the agent doesn't generate ciscoLwappAAARadiusServerWlanDeactivated notification.

The object to control the generation of ciscoLwappAAARadiusReqTimedOut notification. A value of 'true' indicates that the agent generates ciscoLwappAAARadiusReqTimedOut notification. A value of 'false' indicates that the agent doesn't generate ciscoLwappAAARadiusReqTimedOut notification.

This object is used to save the guest user config to NVRAM. Setting to the value of 'true' would save the data. Setting to the value of 'false' would have no implications here.

This object is used to configure the Web RADIUS Authentication parameters on the WLC. PAP (1) - Configure Web RADIUS Authentication in PAP mode. CHAP (2) - Configure Web RADIUS Authentication in CHAP mode. MD5-CHAP (3) - Configure Web RADIUS Authentication in MD5-CHAP mode. Enumeration: 'pap': 1, 'chap': 2, 'md5-chap': 3.

This object is used to configure the RADIUS Fallback Test mode on the WLC. Following are the configurable options: off (1) - Disables RADIUS server fallback test. passive (2) - Sets server status based on last transaction. active (3) - Sends probes to dead servers to test status. Enumeration: 'passive': 2, 'active': 3, 'off': 1.

This object is used to configure the RADIUS Fallback Test username to be sent in dead server probes

This object is used to configure the probe interval (when claRadiusFallbackMode is in active mode) or inactive time (when claRadiusFallbackMode is in passive mode)

The delimiter to be used for RADIUS authentication servers. The possible values allowed are - no delimiter (1) - as in xxxxxxxxxxxx. colon (2) - as in xx:xx:xx:xx:xx:xx. hyphen (3) - as in xx-xx-xx-xx-xx-xx. single hyphen (4) - as in xxxxxx-xxxxxx. Enumeration: 'singleHyphen': 4, 'hyphen': 3, 'colon': 2, 'noDelimiter': 1.

The delimiter to be used for RADIUS accounting servers. The possible values allowed are - no delimiter (1) - as in xxxxxxxxxxxx. colon (2) - as in xx:xx:xx:xx:xx:xx. hyphen (3) - as in xx-xx-xx-xx-xx-xx. single hyphen (4) - as in xxxxxx-xxxxxx. Enumeration: 'singleHyphen': 4, 'hyphen': 3, 'colon': 2, 'noDelimiter': 1.

This object specifies if controller will accept Manufactured Installed Certificate from the access points as part of authorization.

This object specifies if controller will accept Local Significant Certificate from access points as part of authorization.

This object specifies if access points to be authorized using a AAA RADIUS server or local database. If this object is false, the access points would be authorized using a local database.

This table represents the information about the requests sent to the RADIUS servers. When a new request gets sent to the RADIUS server an entry gets added to this table. The agents maintains a circular queue which automatically gets overwritten once the queue is full.

Each entry in this table provides information about a request that is sent to a RADIUS server. Each entry is uniquely identified by the request identifier.

This object indicates the request identifier of the request sent to the RADIUS server.

This object indicates the address type for the RADIUS server.

This object indicates the address of the RADIUS server.

This object indicates the port number for the RADIUS server.

This object indicates the WLAN index whether the RADIUS server is activating and deactivating.

This object indicates the client MAC address that sent the request identified by the claRadiusReqId.

This object identifies the user for whom the request identified by the claRadiusReqId was sent.

This object specifies the current database entries used. This includes the number of users, mac filters configured in the system.

The compliance statement for the SNMP entities that implement the ciscoLwappAAAMIB module.

The compliance statement for the SNMP entities that implement the ciscoLwappAAAMIB module.

This collection of objects specifies the required parameters for AAA.

These is the configuration parameter related to guest user configuration saving.

This collection of objects specifies the notifications for AAA.

This collection of objects represents the information about the general status attributes for AAA.

This is the additional object which represent the information about the general status attributes for AAA.

These are the RADIUS web authentication and fallback related configuration parameters on the WLC.

These are the AP Policy related configuration parameters on the WLC.

These are the authentication and account server configuration parameters per wlan.