-- *******************************************************************
-- CISCO-DOT11-WIDS-MIB.my
-- November 2004, Prasanna Viswakumar
--
-- Copyright (c) 2004-2005 by Cisco Systems, Inc.
-- All rights reserved.
-- *******************************************************************
--CISCO-DOT11-WIDS-MIB DEFINITIONS::=BEGIN
IMPORTSMODULE-IDENTITY,OBJECT-TYPE,Unsigned32,Integer32,Counter32FROM SNMPv2-SMI
MODULE-COMPLIANCE,OBJECT-GROUPFROM SNMPv2-CONF
MacAddress,TimeStamp,TruthValueFROM SNMPv2-TC
ifIndex
FROM IF-MIB
ciscoMgmt
FROM CISCO-SMI;--********************************************************************
--* MODULE IDENTITY
--********************************************************************ciscoDot11WidsMIB MODULE-IDENTITYLAST-UPDATED"200411300000Z"ORGANIZATION"Cisco System Inc."CONTACT-INFO" Cisco Systems,
Customer Service
Postal: 170 West Tasman Drive
San Jose, CA 95134
USA
Tel: +1 800 553-NETS
E-mail: cs-dot11@cisco.com"DESCRIPTION"This MIB is intended to be implemented on the
following IOS based network entities for the purpose
of providing network management stations information
about the various attempts to compromise the security
in the 802.11-based wireless networks.
(i) 802.11 Access Points that accept wireless client
associations.
The MIB reports the information about the following
attacks that can happen either at the initial
authentication phase or during normal data
communication between the client and the AP.
EAPOL flooding - This is an attempt made by an
invalid 802.11 client to send too many EAPOL-Start
messages and bring the authentication services
on the Authenticator, typically the AP, down.
BlackListing - This is the process of marking
a client as invalid when its authentication
attempts fail. The client is put in a list
when its authentication attempt fails for the
first time. If the number of consecutive
failed authentication attempts reach a threshold,
any subsequent authentication requests made by
the client will be rejected from that point for
a configurable period of time.
Protection Failures - These kind of failures
happen when the attacker injects invalid packets
onto the wireless network thereby corrupting the
802.11 data traffic between an AP and its
associated wireless clients.
The administrator, through the NMS, can configure
the thresholds on the AP using this MIB to enable
the AP detect the EAPOL flood attacks and provide
related statistics to the NMS.
To detect protection failures, the AP provides the
relevant statistics about the protection errors in
the form of MIB objects, which are compared against
the thresholds configured on the NMS and appropriate
events are raised by the NMS, if thresholds are
found to be exceeded.
The hierarchy of the AP and MNs is as follows.
+~-~-~+ +~-~-~+ +~-~-~+ +~-~-~+
+ + + + + + + +
+ AP + + AP + + AP + + AP +
+ + + + + + + +
+~-~-~+ +~-~-~+ +~-~-~+ +~-~-~+
.. . . .
.. . . .
. . . . .
. . . . .
. . . . .
. . . . .
\/ \/ \/ \/ \/
+.....+ +.....+ +-.-.-.+ +~-~-~+ +......+
+ + + + + + + + + +
+ MN + + MN + + MN + + MN + + MN +
+ + + + + + + + + +
+.....+ +.....+ +-.-.-.+ +~-~-~+ +......+
The wireless connections are represented as dotted
lines in the above diagram.
GLOSSARY
Access Point ( AP )
An entity that contains an 802.11 medium access
control ( MAC ) and physical layer ( PHY ) interface
and provides access to the distribution services via
the wireless medium for associated clients.
Mobile Node ( MN )
A roaming 802.11 wireless device in a wireless
network associated with an access point.
Service Set Identifier (SSID)
The Radio Service Set ID that is used by the mobile
wireless clients for identification during the
association with the APs.
Temporal Key Integrity Protocol (TKIP)
A security protocol defined to enhance the limitations
of WEP. Message Integrity Check and per-packet keying
on all WEP-encrypted frames are two significant
enhancements provided by TKIP to WEP.
Counter mode with CBC-MAC Protocol (CCMP)
A security protocol that uses the counter mode in
conjunction with cipher block chaining. This method
divides the data into blocks, encrypts the first
block, XORs the results with the second block,
encrypts the result, XORs the result with the next
block and continues till all the blocks are
processed. This way, this protocol derives a
64-bit MIC which is appended to the plaintext data
which is again encrypted using the counter mode.
Message Integrity Check (MIC)
The Message Integrity Check is an improvement over the
Integrity Check Function (ICV) of the 802.11 standard.
MIC adds two new fields to the wireless frames - a
sequence number field for detecting out-of-order
frames and a MIC field to provide a frame integrity
check to overcome the mathematical shortcomings of
the ICV.
802.1x
The IEEE ratified standard for enforcing port based
access control. This was originally intended for
use on wired LANs and later extended for use in
802.11 WLAN environments. This defines an
architecture with three main parts - a supplicant
(Ex. an 802.11 wireless client), an authenticator
(the AP) and an authentication server(a Radius
server). The authenticator passes messages back
and forth between the supplicant and the
authentication server to enable the supplicant
get authenticated to the network.
Extensible Authentication Protocol Over LAN (EAPOL)
This is an encapsulation method defined by 802.1x
passing EAP packets over Ethernet frames. "-- REFERENCE-- [1] Wireless LAN Medium Access Control ( MAC ) and
-- Physical Layer ( PHY ) Specifications,
-- Amendment 6, MAC Security Enhancements.REVISION"200411300000Z"DESCRIPTION"Initial version of this MIB module. "::={ ciscoMgmt 456}ciscoDot11WidsMIBNotifs OBJECTIDENTIFIER::={ ciscoDot11WidsMIB 0}ciscoDot11WidsMIBObjects OBJECTIDENTIFIER::={ ciscoDot11WidsMIB 1}ciscoDot11WidsAuthFailures OBJECTIDENTIFIER
::={ ciscoDot11WidsMIBObjects 1}ciscoDot11WidsProtectFailures OBJECTIDENTIFIER::={ ciscoDot11WidsMIBObjects 2}ciscoDot11WidsMIBConform OBJECTIDENTIFIER::={ ciscoDot11WidsMIB 2}ciscoDot11WidsMIBCompliances OBJECTIDENTIFIER::={ ciscoDot11WidsMIBConform 1}ciscoDot11WidsMIBGroups OBJECTIDENTIFIER::={ ciscoDot11WidsMIBConform 2}--********************************************************************
--* EAPOL Flooding / Black Listing global configuration
--********************************************************************cDot11WidsFloodDetectEnable OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-writeSTATUScurrent
DESCRIPTION"This object is used to enable or disable the WIDS
flood detection feature.
Set this MIB object to 'true' to enable the
flood detection and 'false' to disable it.
Note that the values configured through
cDot11WidsFloodThreshold and
cDot11WidsEapolFloodInterval take effect only if
flood detection is enabled through this MIB
object. "::={ ciscoDot11WidsAuthFailures 1}cDot11WidsEapolFloodThreshold OBJECT-TYPESYNTAXUnsigned32(1..512)UNITS"attempts"MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"This object specifies the maximum number of
authentication attempts allowed for all the clients
taken together in the interval specified by
cDot11WidsEapolFloodInterval. The attempts include
both the successful as well as failed attempts. "
DEFVAL{3}::={ ciscoDot11WidsAuthFailures 2}cDot11WidsEapolFloodInterval OBJECT-TYPESYNTAXUnsigned32(1..300)UNITS"seconds"MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"This object specifies the time duration for
which the client authentication attempts have to
be monitored for detecting the flood attack. "DEFVAL{60}::={ ciscoDot11WidsAuthFailures 3}cDot11WidsBlackListThreshold OBJECT-TYPESYNTAXUnsigned32(1..512)UNITS"attempts"
MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"This object configures the maximum threshold on
the number of unsuccessful authentication attempts,
that can be made by a particular client. Once the
threshold is reached, the client is retained in the
list for a period of time equal to the value
configured through cDot11WidsBlackListDuration,
during which its attempts to get authenticated
are blocked. "DEFVAL{3}::={ ciscoDot11WidsAuthFailures 4}cDot11WidsBlackListDuration OBJECT-TYPESYNTAXUnsigned32(1..300)UNITS"seconds"MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"This object indicates the time duration for which a
particular client has to be kept in the black list
after the number of unsuccessful attempts reach the
threshold given by cDot11WidsBlackListThreshold. "DEFVAL{60}::={ ciscoDot11WidsAuthFailures 5}cDot11WidsFloodMaxEntriesPerIntf OBJECT-TYPESYNTAXInteger32(1..2147483647)MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"This object indicates the maximum number of entries
that can be held for a particular 802.11 radio
interface identified by ifIndex. "::={ ciscoDot11WidsAuthFailures 6}cDot11WidsEapolFloodTable OBJECT-TYPESYNTAXSEQUENCEOF CDot11WidsEapolFloodEntry
MAX-ACCESSnot-accessibleSTATUScurrent
DESCRIPTION"This table gives the statistics on the EAPOL flood
attacks observed at this radio interface.
An entry in this table is created by the agent when
this 802.11 station detects an EAPOL flood attack.
All the columns in the entries except the
cDot11WidsEapolFloodStopTime are populated when
the attack is observed first. The object
cDot11WidsEapolFloodStopTime is populated when no
flood conditions are observed following the initial
observation at the time indicated by
cDot11WidsEapolFloodStartTime.
This can be illustrated by the following example.
Assume that the monitoring interval is configured
to 1 minute through the
cDot11WidsEapolFloodInterval object and the number
of attempts is set to 5.
At the end of the first minute after this
configuration is made, client c1 is found to
have made 4 attempts and another client c2 have
made 3. Hence, in total, the attempt count
exceeds 7 and the agent adds a new row to this
table. The cDot11WidsFloodStopTime carries a
value of 0 at this point in the newly added row.
The MIB object cDot11WidsEapolFloodClientMac
at this point holds the MAC address of c1
and cDot11WidsEapolFloodClientCount holds the
value of 4.
At the end of the second interval, assume that
the clients are found to have made only 4
attempts in total with c1 and c2 making 3 and 1
attempt(s) respectively. Now the total count
is not found to exceed the threshold. Hence
the flood is observed to be stopped. The
object cDot11WidsEapolFloodStopTime is now
populated with this time at which the flood is
observed to be stopped. The MIB object
cDot11WidsEapolFloodClientMac at this point
holds c1's MAC address and
cDot11WidsEapolFloodClientCount would hold a
value of 7. If the count is found to exceed in
the next interval, it will be treated as a
beginning of a new flood event and hence a new
entry will be created for the same.
Assume the case where, at the end of the second
interval, the total count continues at the
rate above the threshold, with c1 making 5 and
c2 making 2 attempts respectively. Since the
flood is not observed to be stopped, the
object cDot11WidsFloodStopTime continues to
hold a value of zero.
The agent at anytime will retain only the most
recent and maximum number of entries, as given
by cDot11WidsFloodMaxEntriesPerIntf, for a
particular value of ifIndex. The older entries
are purged automatically when the number of
entries for a particular ifIndex reaches its
maximum.
This table has a expansion dependent relationship
with ifTable defined in IF-MIB. There exists a
row in this table corresponding to the row for each
interface of iftype ieee80211(71) found in ifTable.
cDot11WidsEapolFloodIndex acts as the
expansion index. "::={ ciscoDot11WidsAuthFailures 7}cDot11WidsEapolFloodEntry OBJECT-TYPESYNTAX CDot11WidsEapolFloodEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"An entry holds the statistics about one instance of
EAPOL flood attack observed at this particular
radio interface. "INDEX{ ifIndex, cDot11WidsEapolFloodIndex }::={ cDot11WidsEapolFloodTable 1}
CDot11WidsEapolFloodEntry ::=SEQUENCE{
cDot11WidsEapolFloodIndex Unsigned32,
cDot11WidsEapolFloodClientMac MacAddress,
cDot11WidsEapolFloodClientCount Unsigned32,
cDot11WidsEapolFloodStartTime TimeStamp,
cDot11WidsEapolFloodStopTime TimeStamp,
cDot11WidsEapolFloodTotalCount Counter32}cDot11WidsEapolFloodIndex OBJECT-TYPESYNTAXUnsigned32(1..100)MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"This object identifies the set of information about
one instance of an EAPOL flood event observed at
this radio interface between the start and stop
times indicated by cDot11WidsEapolFloodStartTime
and cDot11WidsEapolFloodStopTime. "::={ cDot11WidsEapolFloodEntry 1}cDot11WidsEapolFloodClientMac OBJECT-TYPE
SYNTAXMacAddressMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This object identifies the MAC address of the
wireless client that has made the maximum
number of authentication attempts in the
duration specified by the
cDot11WidsEapolFloodInterval object.
At the end of each interval time indicated by
cDot11WidsFloodInterval, the 802.11 station
checks whether the total count of the number of
authentication attempts made by all the clients
exceed the threshold configured through the
object cDot11WidsEapolFloodThreshold. If yes,
then the agent populates this MIB object
with the MAC of the wireless client that has
made the maximum number of authentication
attempts in that interval.
When the flood event is observed to be stopped,
as indicated by a non-zero value for the
cDot11WidsEapolFloodStopTime object,
this object indicates the MAC of the wireless
client that has made the maximum number of
attempts for the entire duration of the flood
observed between the times indicated by the
objects cDot11WidsEapolFloodStartTime and
cDot11WidsEapolFloodStopTime respectively. "::={ cDot11WidsEapolFloodEntry 2}cDot11WidsEapolFloodClientCount OBJECT-TYPESYNTAXUnsigned32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This object provides the count associated with
the client with largest number of attempts in
the last interval.
When the flood event is observed to be stopped,
as indicated by a non-zero value for the
cDot11WidsEapolFloodStopTime object, this
object gives the count associated with the
client with the largest number of attempts,
for the entire duration of the flood observed
between the times indicated by the objects
cDot11WidsEapolFloodStartTime and
cDot11WidsEapolFloodStopTime respectively. "::={ cDot11WidsEapolFloodEntry 3}cDot11WidsEapolFloodStartTime OBJECT-TYPESYNTAXTimeStampMAX-ACCESSread-only
STATUScurrentDESCRIPTION"This object indicates the time at which the
EAPOL flood event identified by one entry of
this table was observed first at this radio
interface. "::={ cDot11WidsEapolFloodEntry 4}cDot11WidsEapolFloodStopTime OBJECT-TYPESYNTAXTimeStampMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This object indicates the time at which the
the EAPOL flood event observed first at the
time indicated by cDot11WidsEapolFloodStartTime
has stopped.
If this 802.11 station finds that the flood
conditions observed in the one or more prior
intervals has ceased, it marks the flood
event as stopped at the time indicated by
this object. That the flood has ceased is
indicated by the number of authentication
attempts dropping below the value specified by
the cDot11WidsEapolFloodThreshold object.
A value of 0 for this object indicates that
the number of authentication attempts continue
to exceed the value specified by the
cDot11WidsEapolFloodThreshold object. "::={ cDot11WidsEapolFloodEntry 5}cDot11WidsEapolFloodTotalCount OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This object gives the accumulated count of the
number of authentication attempts made by all the
clients at the time of query. "::={ cDot11WidsEapolFloodEntry 6}cDot11WidsBlackListTable OBJECT-TYPESYNTAXSEQUENCEOF CDot11WidsBlackListEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"This table gives the information about the
802.11 wireless clients that have been blacklisted
while attempting to get authenticated with this
802.11 station at this radio interface.
An entry is added to this table when the number
of consecutive failed authentication attempts
made by a client equals the value configured
through cDot11WidsBlackListThreshold. The
client will then be blocked from getting
authenticated for a time period equal to the
value configured through
cDot11WidsBlackListDuration. After this time
elapses, the client is taken off from the list
and the agent automatically removes the entry
corresponding to that client from this table.
This table has a expansion dependent relationship on
the ifTable. For each entry in this table, there
exists at least an entry in the ifTable of ifType
ieee80211(71). cDot11BlackListIndex acts as the
expansion index. "::={ ciscoDot11WidsAuthFailures 8}cDot11WidsBlackListEntry OBJECT-TYPESYNTAX CDot11WidsBlackListEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"Each entry holds the information about one
802.11 wireless client that has been blacklisted
when attempting to get authenticated with
this 802.11 station at this radio interface. "INDEX{ ifIndex, cDot11WidsBlackListClientMac }::={ cDot11WidsBlackListTable 1}
CDot11WidsBlackListEntry ::=SEQUENCE{
cDot11WidsBlackListClientMac MacAddress,
cDot11WidsBlackListAttemptCount Counter32,
cDot11WidsBlackListTime TimeStamp}cDot11WidsBlackListClientMac OBJECT-TYPESYNTAXMacAddressMAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"This object indicates the Mac Address of the
blacklisted client. "::={ cDot11WidsBlackListEntry 1}cDot11WidsBlackListAttemptCount OBJECT-TYPESYNTAXCounter32
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This object counts the total number of attempts
made by the client identified by
cDot11WidsBlackListClientMac to get authenticated
with the 802.11 station through this radio
interface. "::={ cDot11WidsBlackListEntry 2}cDot11WidsBlackListTime OBJECT-TYPESYNTAXTimeStampMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This object indicates the time at which the client
was blacklisted after failing in its attempt to get
authenticated with this 802.11 station at this radio
interface. "::={ cDot11WidsBlackListEntry 3}--********************************************************************
--* End of EAPOL Flooding group parameters
--********************************************************************--********************************************************************
--* MIC / Protection failure statistics
--********************************************************************cDot11WidsProtectFailClientTable OBJECT-TYPESYNTAXSEQUENCEOF CDot11WidsProtectFailClientEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"This table gives the statistics on the various
protection failures occurred during the data
communication of this 802.11 station with a
particular client currently associated at this
dot11 interface.
Note that the agent populates this table with an
entry for an associated client if and only if
at least one of the error statistics, as reported
by the counter-type objects of this table, has a
non-zero value.
This table has a expansion dependent relationship on
the ifTable. For each entry in this table, there
exists at least an entry in the ifTable of ifType
ieee80211(71). cDot11WidsSsid and
cDot11WidsClientMacAddress act as the
expansion indices. "::={ ciscoDot11WidsProtectFailures 1}
cDot11WidsProtectFailClientEntry OBJECT-TYPESYNTAX CDot11WidsProtectFailClientEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"Each entry holds the information about the
protection failures observed at this radio
interface when this 802.11 station communicates with
its associated client identified by
cDot11WidsClientMacAddress at the interface
identified by ifIndex. The clients are grouped
according to the SSIDs they use for their
association with the dot11 interface. "INDEX{ ifIndex,
cDot11WidsSsid,
cDot11WidsClientMacAddress }::={ cDot11WidsProtectFailClientTable 1}
CDot11WidsProtectFailClientEntry ::=SEQUENCE{
cDot11WidsSsid OCTETSTRING,
cDot11WidsClientMacAddress MacAddress,
cDot11WidsSelPairWiseCipher OCTETSTRING,
cDot11WidsTkipIcvErrors Counter32,
cDot11WidsTkipLocalMicFailures Counter32,
cDot11WidsTkipRemoteMicFailures Counter32,
cDot11WidsCcmpReplays Counter32,
cDot11WidsCcmpDecryptErrors Counter32,
cDot11WidsTkipReplays Counter32,
cDot11WidsWepReplays Counter32,
cDot11WidsWepIcvErrors Counter32,
cDot11WidsCkipReplays Counter32,
cDot11WidsCkipCmicErrors Counter32}cDot11WidsSsid OBJECT-TYPESYNTAXOCTETSTRING(SIZE(1..32))MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"This object specifies one of the SSIDs of this
radio interface using which the client has
associated with the 802.11 station. "::={ cDot11WidsProtectFailClientEntry 1}cDot11WidsClientMacAddress OBJECT-TYPESYNTAXMacAddressMAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"This object identifies the MAC address of the
associated client to which this set of
statistics are applicable. "::={ cDot11WidsProtectFailClientEntry 2}cDot11WidsSelPairWiseCipher OBJECT-TYPESYNTAXOCTETSTRING(SIZE(4))MAX-ACCESSread-onlySTATUScurrent
DESCRIPTION"This object identifies the pairwise cipher used by
the client identified by cDot11WidsClientMacAddress
during its association with this 802.11 station
at the interface identified by ifIndex. "REFERENCE"Section 7.3.2.25.1, 802.11i Amendment 6: Medium
Access Control(MAC) Security Enhancements. "::={ cDot11WidsProtectFailClientEntry 3}cDot11WidsTkipIcvErrors OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This object counts the total number of TKIP ICV
Errors observed in the data communication between
this 802.11 station and the client indicated by
cDot11WidsClientMacAddress since the client's
association with this 802.11 station at the
radio interface identified by ifIndex. "::={ cDot11WidsProtectFailClientEntry 4}cDot11WidsTkipLocalMicFailures OBJECT-TYPE
SYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This object counts the total number of TKIP local
MIC failures observed in the data communication
between this 802.11 station and the client
indicated by cDot11WidsClientMacAddress since
the client's association with this 802.11 station
at the radio interface identified by ifIndex. "::={ cDot11WidsProtectFailClientEntry 5}cDot11WidsTkipRemoteMicFailures OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This object counts the total number of TKIP remote
MIC failures observed in the data communication
between this 802.11 station and the client
indicated by cDot11WidsClientMacAddress since the
client's association with this 802.11 station
at the radio interface identified by ifIndex. "::={ cDot11WidsProtectFailClientEntry 6}
cDot11WidsCcmpReplays OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This object counts the total number of CCMP replay
failures observed in the data communication between
this 802.11 station and the client indicated by
cDot11WidsClientMacAddress since the client's
association with this 802.11 station at the radio
interface identified by ifIndex. "::={ cDot11WidsProtectFailClientEntry 7}cDot11WidsCcmpDecryptErrors OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This object counts the total number of CCMP
decryption failures observed in the data
communication between this 802.11 station and
the client indicated by cDot11WidsClientMacAddress
since the client's association with this
802.11 station at the radio interface identified
by ifIndex. "::={ cDot11WidsProtectFailClientEntry 8}cDot11WidsTkipReplays OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This object counts the total number of TKIP
replay failures observed in the data
communication between this 802.11 station and the
client indicated by cDot11WidsClientMacAddress
since the client's association with this
802.11 station at the radio interface identified
by ifIndex. "::={ cDot11WidsProtectFailClientEntry 9}cDot11WidsWepReplays OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This object counts the total number of WEP Replay
errors observed in the data communication between
this 802.11 station and the client indicated by
cDot11WidsClientMacAddress since the client's
association with this 802.11 station at the radio
interface identified by ifIndex. "::={ cDot11WidsProtectFailClientEntry 10}cDot11WidsWepIcvErrors OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This object counts the total number of WEP ICV
errors observed in the data communication between
this 802.11 station and the client indicated by
cDot11WidsClientMacAddress since the client's
association with this 802.11 station at the radio
interface identified by ifIndex. "::={ cDot11WidsProtectFailClientEntry 11}cDot11WidsCkipReplays OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrent
DESCRIPTION"This object counts the total number of CKIP replay
errors observed in the data communication between
this 802.11 station and the client indicated by
cDot11WidsClientMacAddress since the client's
association with this 802.11 station at the radio
interface identified by ifIndex. "::={ cDot11WidsProtectFailClientEntry 12}cDot11WidsCkipCmicErrors OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This object counts the total number of CKIP-CMIC
errors observed in the data communication between
this 802.11 station and the client indicated by
cDot11WidsClientMacAddress since the client's
association with this 802.11 station at the
radio interface identified by ifIndex. "::={ cDot11WidsProtectFailClientEntry 13}--********************************************************************
--* End of MIC / protection failure statistics
--********************************************************************--********************************************************************
--* Compliance statements
--********************************************************************ciscoDot11WidsMIBCompliance MODULE-COMPLIANCESTATUScurrentDESCRIPTION"The compliance statement for the SNMP entities that
implement the ciscoDot11WidsMIB module."MODULEMANDATORY-GROUPS{
ciscoDot11WidsAuthFailGroup,
ciscoDot11WidsProtectFailGroup
}::={ ciscoDot11WidsMIBCompliances 1}--********************************************************************
--* Units of conformance
--********************************************************************ciscoDot11WidsAuthFailGroup OBJECT-GROUPOBJECTS{
cDot11WidsFloodDetectEnable,
cDot11WidsEapolFloodThreshold,
cDot11WidsEapolFloodInterval,
cDot11WidsBlackListThreshold,
cDot11WidsBlackListDuration,
cDot11WidsFloodMaxEntriesPerIntf,
cDot11WidsEapolFloodTotalCount,
cDot11WidsEapolFloodClientMac,
cDot11WidsEapolFloodClientCount,
cDot11WidsEapolFloodStartTime,
cDot11WidsEapolFloodStopTime,
cDot11WidsBlackListAttemptCount,
cDot11WidsBlackListTime
}STATUScurrentDESCRIPTION"This collection of objects provide information about
configuration needed on the 802.11 station to detect
the EAPOL flood attacks and black-list clients,
the general statistics about the detected flood
flood attacks and the information about the
blacklisted clients. "::={ ciscoDot11WidsMIBGroups 1}ciscoDot11WidsProtectFailGroup OBJECT-GROUPOBJECTS{
cDot11WidsSelPairWiseCipher,
cDot11WidsTkipIcvErrors,
cDot11WidsTkipLocalMicFailures,
cDot11WidsTkipRemoteMicFailures,
cDot11WidsCcmpReplays,
cDot11WidsCcmpDecryptErrors,
cDot11WidsTkipReplays,
cDot11WidsWepReplays,
cDot11WidsWepIcvErrors,
cDot11WidsCkipReplays,
cDot11WidsCkipCmicErrors
}STATUScurrentDESCRIPTION"This collection of objects provide information about
the various protection failures observed during the
associated clients' data communications with this
802.11 station. "::={ ciscoDot11WidsMIBGroups 2}--********************************************************************
--* End of units of conformance
--********************************************************************END