CISCO-LWAPP-RLAN-MIB: View SNMP OID List / Download MIB

This MIB is intended to be implemented on all those devices operating as Central Controllers (CC) that terminate the Light Weight Access Point Protocol tunnel from Cisco Light-weight LWAPP Access Points. This MIB helps to manage the RLANs on the controller. The relationship between CC and the LWAPP APs can be depicted as follows: +......+ +......+ +......+ +......+ + + + + + + + + + CC + + CC + + CC + + CC + + + + + + + + + +......+ +......+ +......+ +......+ .. . . . .. . . . . . . . . . . . . . . . . . . . . . . . +......+ +......+ +......+ +......+ +......+ + + + + + + + + + + + AP + + AP + + AP + + AP + + AP + + + + + + + + + + + +......+ +......+ +......+ +......+ +......+ . . . . . . . . . . . . . . . . . . . . . . . . +......+ +......+ +......+ +......+ +......+ + + + + + + + + + + + MN + + MN + + MN + + MN + + MN + + + + + + + + + + + +......+ +......+ +......+ +......+ +......+ The LWAPP tunnel exists between the controller and the APs. The MNs communicate with the APs through the protocol defined by the 802.11 standard. LWAPP APs, upon bootup, discover and join one of the controllers and the controller pushes the configuration, that includes the RLAN parameters, to the LWAPP APs. The APs then encapsulate all the 802.11 frames from wireless clients inside LWAPP frames and forward the LWAPP frames to the controller. GLOSSARY Access Point ( AP ) An entity that contains an 802.11 medium access control ( MAC ) and physical layer ( PHY ) interface and provides access to the distribution services via the wireless medium for associated clients. LWAPP APs encapsulate all the 802.11 frames in LWAPP frames and sends it to the controller to which it is logically connected to. Central Controller ( CC ) The central entity that terminates the LWAPP protocol tunnel from the LWAPP APs. Throughout this MIB, this entity also referred to as 'controller'. Light Weight Access Point Protocol ( LWAPP ) This is a generic protocol that defines the communication between the Access Points and the controllers. Mobile Node ( MN ) A roaming 802.11 wireless device in a wireless network associated with an access point. Access Control List ( ACL ) A list of rules used to restrict the traffic reaching an interface or the CPU or RLAN. Each ACL is an ordered set of rules and actions. If a rule matches then the action for that rule is applied to the packet. 802.1x The IEEE ratified standard for enforcing port based access control. This was originally intended for use on wired LANs and later extended for use in 802.11 RLAN environments. This defines an architecture with three main parts - a supplicant (Ex. an 802.11 wireless client), an authenticator (the AP) and an authentication server(a Radius server). The authenticator passes messages back and forth between the supplicant and the authentication server to enable the supplicant get authenticated to the network. Temporal Key Integrity Protocol ( TKIP ) A security protocol defined to enhance the limitations of WEP. Message Integrity Check and per-packet keying on all WEP-encrypted frames are two significant enhancements provided by TKIP to WEP. Cisco Key Integrity Protocol ( CKIP ) A proprietary implementation similar to TKIP. CKIP implements key permutation for protecting the CKIP key against attacks. Other features of CKIP include expansion of encryption key to 16 bytes of length for key protection and MIC to ensure data integrity. Wired Equivalent Privacy ( WEP ) A security method defined by 802.11. WEP uses a symmetric key stream cipher called RC4 to encrypt the data packets. Wi-Fi Protected Access ( WPA ) Wi-Fi Protected Access (WPA and WPA2) are security systems created in response to several serious weaknesses found in Wired Equivalent Privacy (WEP). WPA implements the majority of the IEEE 802.11i standard, and was intended as an intermediate measure to take the place of WEP while 802.11i was prepared. WPA is designed to work with all wireless network interface cards, but not necessarily with first generation wireless access points. RLAN Layer 2 Security RLAN layer 2 (MAC) security defines the encryption and authentication approaches such as 802.1x, WPA, WPA2, CKIP and WEP. POE (Power Over Ethernet) Power over Ethernet or PoE describes any of several standardized or ad-hoc systems which pass electrical power along with data on Ethernet cabling. This allows a single cable to provide both data connection and electrical power to devices such as wireless access points or IP cameras. REFERENCE [1] Wireless LAN Medium Access Control ( MAC ) and Physical Layer ( PHY ) Specifications. [2] Draft-obara-capwap-lwapp-00.txt, IETF Light Weight Access Point Protocol [3] IEEE 802.11 - The original 1 Mbit/s and 2 Mbit/s, 2.4 GHz RF and IR standard.

This table represents the RLAN configuration sent by the controller to the APs for their operation. LWAPP APs exchange configuration messages with the controller and get the required configuration for their 802.11 related operations. As part of these messages, the RLAN configuration is pushed by the controller to the LWAPP APs. This table doesn't have any dependencies on other existing tables. By defining cLRlanIndex, the unique identifier for a RLAN, this table provides a common index structure for use in several other new tables that populate information on security related attributes like authentication, encryption, 802.11 parameters, Quality-of-Service attributes etc., that would relate to a particular RLAN. Rows are added or deleted by explicit management actions initiated by the user from a network management station through the cLRlanRowStatus object.

Each entry in this table represents the RLAN configuration sent by the controller to APs for use during their operations. entries can be added/deleted by explicit management actions by Prime or by user console.

This object uniquely identifies one instance of a RLAN on the controller.

This is the status column for this row and used to create, modify and delete specific instances of rows in this table. This table supports modification of writable objects when the RowStatus is 'active'. The following objects are mandatory for successful creation of an entry: cLRlanIndex cLRlanProfileName.

This object represents the profile name assigned to this RLAN. The name assigned to a RLAN has to be unique across all the RLANs on the controller. An administrator can assign a meaningful name that could later be used to refer a particular RLAN on the controller. This object cannot be modified when cLRlanRowStatus is 'active'.

A type of security policy for Mobile Stations (Clients). This enables filtering of clients by MAC address.

This object is used to configure AAA Authentication list for RLAN

This object specifies if the dot1x authentication is enabled or not for the RLAN. A value of 'true' indicates that dot1x security is enabled. A value of 'false' indicates that dot1x security is disabled.

This object specifies if the web authentication is enabled or not for the RLAN. A value of 'true' indicates that web authentication is enabled. A value of 'false' indicates that web authentication is disabled.

This object uniquely identifies the profile name using which EAP authentication is done for this RLAN

This object specifies if the EAP authentication is enabled or not for the RLAN. A value of 'true' indicates that EAP authentication is enabled. A value of 'false' indicates that EAP authentication is disabled.

This object specifies the Parameter for web authentication for the given RLAN

This object indicates the maximum number of allowed clients for the given RLAN. Default value 0 indicates no restriction on the client number.

This object represents the status of the RLAN. A value of 'true' indicates that RLAN profile is enabled. A value of 'false' indicates that RLAN profile is disabled.

This object represents the pre web Auth IPv4 ACL for the given RLAN.

This object represents the pre web Auth IPv4 ACL for the given RLAN.

This object represents the dot1x authentication list for the given RLAN.

This table holds the RLAN policies configured on the controller. Each entry is represented by the object cLRlanPolicyEntry.

Each entry in this table represents the RLAN policy configuration sent by the controller to APs for use during their operations. entries can be added/deleted by explicit management actions by NMS or by user console

This object uniquely identifies one instance of a RLAN policy on the controller.

This is the status column for this row and used to create, modify and delete specific instances of rows in this table. This table supports modification of writable objects when the RowStatus is 'active'. The following objects are mandatory for successful creation of an entry: cLRlanPolicyProfileName.

This object specifies whether the RLAN policy is enabled or not. A value of 'true' indicates that RLAN policy profile is enabled. A value of 'false' indicates that RLAN policy profile is disabled.

This object describes the policy of RLAN.

This object uniquely identifies the name of ipv4 ACL for given RLAN.

This object uniquely identifies the name of ipv6 ACL for given RLAN.

This object specifies if the AAA override for global parameters is enabled or disabled. A value of 'true' indicates that AAA Override is enabled. A value of 'false' indicates that AAA Override is disabled.

This object specifies if the central switching for RLAN is enabled or disabled. A value of 'true' indicates that Central Switching is enabled. A value of 'false' indicates that Central Switching is disabled.

This object uniquely identifies the RLAN interface name.

This object uniquely identifies RLAN Power Over Ethernet status. A value of 'true' indicates that RLAN POE is enabled. A value of 'false' indicates that RLAN POE is disabled.

This object configures the host mode for the RLAN. 1 - SINGLE_HOST_MODE, 2 - MULTI_HOST_MODE, 3 - MULTI_DOMAIN_MODE. Enumeration: 'multiDomainMode': 3, 'multiHostMode': 2, 'sinlgeHostMode': 1.

This objecti configures the voilation mode for the RLAN. 0 - REPLACE, 1 - SHUTDOWN, 2 - PROTECT Enumeration: 'protect': 0, 'shutdown': 2, 'replace': 1.

This object specifies VLAN ID for the voice during the multi domain mode for RLAN on the controller. The host mode (cLRlanHostMode) should be set to multi-domain mode(value: 3).

This object specifies VLAN ID for the data during the multi domain mode for RLAN on the controller. The host mode (cLRlanHostMode) should be set to multi-domain mode(value: 3).

This object identifies is the blacklisting is enabled or not for the given RLAN. A value of 'true' indicates that RLAN Blacklisting is enabled. A value of 'false' indicates that RLAN Blacklisting is disabled.

This object identifies the timeout duration in seconds for the blacklist in RLAN.

This object identifies the AAA policy name for the given RLAN.

This object identifies the session timeout duration in seconds for RLAN.

This object specifies if the preAuth is enabled or not for the RLAN on the controller. A value of 'true' indicates that RLAN Pre-Authentication is enabled. A value of 'false' indicates that RLAN Pre-Authentication is disabled.

This object specifies the address type DHCP parameters IP for Remote-LAN.

This object configures the DHCP parameters for Remote-LAN

This object uniquely identifies Client profiling on RLAN in Radius mode based on HTTP attribute. A value of 'true' indicates that Radius HTTP profiling is enabled. A value of 'false' indicates that Radius HTTP profiling is disabled.

This object uniquely identifies Client profiling on RLAN in Radius mode based on DHCP attribute. A value of 'true' indicates that Radius DHCP profiling is enabled. A value of 'false' indicates that Radius DHCP profiling is disabled.

This object uniquely identifies Client profiling on RLAN in local mode based on HTTP attribute. A value of 'true' indicates that Local HTTP profiling is enabled. A value of 'false' indicates that Local HTTP profiling is disabled.

This object uniquely identifies Client profiling on RLAN in local mode based on DHCP attribute. A value of 'true' indicates that Local DHCP profiling is enabled. A value of 'false' indicates that Local DHCP profiling is disabled.

This object specifies if the flow monitor on ingress traffic, for IPv6, is enabled or disabled. A value of 'true' indicates that IPv6 Ingress traffic is enabled. A value of 'false' indicates that IPv6 Ingress traffic is disabled.

This object specifies if the flow monitor on egress traffic, for IPv6, is enabled or disabled. A value of 'true' indicates that IPv6 Engress traffic is enabled. A value of 'false' indicates that IPv6 Engress traffic is disabled.

This object specifies if the flow monitor on ingress traffic, for IPv4, is enabled or disabled. A value of 'true' indicates that IPv4 Ingress traffic is enabled. A value of 'false' indicates that IPv4 Ingress traffic is disabled.

This object specifies if the flow monitor on egress traffic, for IPv4, is enabled or disabled. A value of 'true' indicates that IPv4 Engress traffic is enabled. A value of 'false' indicates that IPv4 Engress traffic is disabled.

This object specifies the Qos profile name for flow monitor on ingress traffic, for IPv6.

This object specifies the Qos profile name for flow monitor on egress traffic, for IPv6.

This object specifies the Qos profile name for flow monitor on ingress traffic, for IPv4.

This object specifies the Qos profile name for flow monitor on egress traffic, for IPv4.

This object identifies the IP address type of gateway address for the split tunnel trafficking of the data on RLAN.

This object identifies the gateway address for the split tunnel trafficking of the data on RLAN.

This object identifies the netmask for the split tunnel trafficking of the data on RLAN.

This object identifies the netmask for the split tunnel trafficking of the data on RLAN.

This object identifies whether the split tunnel traffic movement of the data is enabled. A value of 'true' indicates that split tunnelling is enabled. A value of 'false' indicates that split tunnelling is disabled.

This object identifies the ACL name for the split tunnel data trafficking.

This object identifies whether the split tunnel traffic movement of the data is overriden. A value of 'true' indicates that split tunnel override is enabled. A value of 'false' indicates that split tunnel override is disabled.

This object specifies the AAA Accounting list associated to the given RLAN

This object specifies whether the DHCP is required for the IPv4 of the given RLAN. A value of 'true' indicates that RLAN DHCP is enabled. A value of 'false' indicates that RLAN DHCP is disabled.

This object specifies if the central dhcp for RLAN is enabled or disabled. A value of 'true' indicates that Central DHCP is enabled. A value of 'false' indicates that Central DHCP is disabled.

The compliance statement for the SNMP entities that implement the ciscoLwappRlanMIB module.

This collection of objects represents the RLAN policy attributes.

This collection of objects represents the RLAN profile policy attributes.