-- *******************************************************************
-- CISCO-LWAPP-DOT11-LDAP-MIB.my
-- January 2007, Devesh Pujari, Srinath Candadai
--
-- Copyright (c) 2007 by Cisco Systems, Inc.
-- All rights reserved.
-- *******************************************************************CISCO-LWAPP-DOT11-LDAP-MIB DEFINITIONS::=BEGINIMPORTSMODULE-IDENTITY,OBJECT-TYPE,Unsigned32FROM SNMPv2-SMI
MODULE-COMPLIANCE,OBJECT-GROUPFROM SNMPv2-CONF
DisplayString,RowStatus,TruthValue,StorageTypeFROM SNMPv2-TC
InetAddressType,InetAddress,InetPortNumberFROM INET-ADDRESS-MIB
ciscoMgmt
FROM CISCO-SMI
cLWlanConfigEntry
FROM CISCO-LWAPP-WLAN-MIB;
-- ********************************************************************
-- * MODULE IDENTITY
-- ********************************************************************ciscoLwappDot11LdapMIB MODULE-IDENTITYLAST-UPDATED"200701130000Z"ORGANIZATION"Cisco Systems Inc."CONTACT-INFO"Cisco Systems,
Customer Service
Postal: 170 West Tasman Drive
San Jose, CA 95134
USA
Tel: +1 800 553-NETS
Email: cs-wnbu-snmp@cisco.com"DESCRIPTION"This MIB is intended to be implemented on all those
devices operating as Central controllers, that
terminate the Light Weight Access Point Protocol
tunnel from Cisco Light-weight LWAPP Access Points.
Information provided by this MIB is used to manage
LDAP features on the controller.
The relationship between CC and the LWAPP APs
can be depicted as follows:
+......+ +......+ +......+
+ + + + + +
+ CC + + CC + + CC +
+ + + + + +
+......+ +......+ +......+
.. . .
.. . .
. . . .
. . . .
. . . .
. . . .
+......+ +......+ +......+ +......+
+ + + + + + + +
+ AP + + AP + + AP + + AP +
+ + + + + + + +
+......+ +......+ +......+ +......+
. . .
. . . .
. . . .
. . . .
. . . .
+......+ +......+ +......+ +......+
+ + + + + + + +
+ MN + + MN + + MN + + MN +
+ + + + + + + +
+......+ +......+ +......+ +......+
The LWAPP tunnel exists between the controller and
the APs. The MNs communicate with the APs through
the protocol defined by the 802.11 standard.
LWAPP APs, upon bootup, discover and join one of the
controllers and the controller pushes the configuration,
that includes the WLAN parameters, to the LWAPP APs.
The APs then encapsulate all the 802.11 frames from
wireless clients inside LWAPP frames and forward
the LWAPP frames to the controller.
GLOSSARY
Access Point ( AP )
An entity that contains an 802.11 medium access
control ( MAC ) and physical layer ( PHY ) interface
and provides access to the distribution services via
the wireless medium for associated clients.
LWAPP APs encapsulate all the 802.11 frames in
LWAPP frames and sends them to the controller to which
it is logically connected.
Gratuitous Probe Response (GPR)
The Gratuitous Probe Response feature aids in conserving
battery power of WLAN-enabled cell phones by providing
a high rate packet on the order of tens of milliseconds
such that these kind of phones can wake up and wait at
predefined intervals, to reduce battery power. The
GPR packet is transmitted from the AP at a predefined
time interval.
Light Weight Access Point Protocol ( LWAPP )
This is a generic protocol that defines the
communication between the Access Points and the
Central Controller.
Mobile Node ( MN )
A roaming 802.11 wireless device in a wireless
network associated with an access point. Mobile Node
and client are used interchangeably.
Lightweight Directory Access Protocol ( LDAP )
LDAP is a protocol used for obtaining directory services
and runs over TCP/IP.
Transport Layer Security ( TLS )
This is a cryptographic protocol which provides secure
communication over the network.
REFERENCE
[1] Wireless LAN Medium Access Control ( MAC ) and
Physical Layer ( PHY ) Specifications
[2] Draft-obara-capwap-lwapp-00.txt, IETF Light
Weight Access Point Protocol"REVISION"200701130000Z"DESCRIPTION"Initial version of this MIB module."::={ ciscoMgmt 614}ciscoLwappDot11LdapMIBNotifs OBJECTIDENTIFIER::={ ciscoLwappDot11LdapMIB 0}ciscoLwappDot11LdapMIBObjects OBJECTIDENTIFIER::={ ciscoLwappDot11LdapMIB 1}ciscoLwappDot11LdapMIBConform OBJECTIDENTIFIER::={ ciscoLwappDot11LdapMIB 2}cldlConfig OBJECTIDENTIFIER
::={ ciscoLwappDot11LdapMIBObjects 1}cldlStatus OBJECTIDENTIFIER::={ ciscoLwappDot11LdapMIBObjects 2}-- ********************************************************************
-- LDAP Servers configuration
-- ********************************************************************cldlServerTable OBJECT-TYPESYNTAXSEQUENCEOF CldlServerEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"This table lists the information about LDAP servers
configured on the controller. Entries are added or deleted
by the user through the use of cldlServerRowStatus."::={ cldlConfig 1}cldlServerEntry OBJECT-TYPESYNTAX CldlServerEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"Each entry corresponds to a row in cldlServerTable and
represents the information about an LDAP server the
controller would contact for its operations."INDEX{ cldlServerIndex }::={ cldlServerTable 1}
CldlServerEntry ::=SEQUENCE{
cldlServerIndex Unsigned32,
cldlServerAddressType InetAddressType,
cldlServerAddress InetAddress,
cldlServerPortNum InetPortNumber,
cldlServerState TruthValue,
cldlServerTimeout Unsigned32,
cldlServerUserBase DisplayString,
cldlServerUserNameAttribute DisplayString,
cldlServerUserName DisplayString,
cldlServerSecurityEnable TruthValue,
cldlServerStorageType StorageType,
cldlServerRowStatus RowStatus}cldlServerIndex OBJECT-TYPESYNTAXUnsigned32(1..255)MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"This object uniquely identifies an entry in
cldlServerTable."::={ cldlServerEntry 1}
cldlServerAddressType OBJECT-TYPESYNTAXInetAddressTypeMAX-ACCESSread-createSTATUScurrentDESCRIPTION"This object represents the type of the network
address made available through cldlServerAddress."::={ cldlServerEntry 2}cldlServerAddress OBJECT-TYPESYNTAXInetAddressMAX-ACCESSread-createSTATUScurrentDESCRIPTION"This object represents the address of the LDAP server
that can be contacted by the controller for the purpose
of authentication, authorization and accounting."::={ cldlServerEntry 3}cldlServerPortNum OBJECT-TYPESYNTAXInetPortNumberMAX-ACCESSread-createSTATUScurrentDESCRIPTION"This object represents the port number at which the
controller contacts the LDAP server."DEFVAL{389}::={ cldlServerEntry 4}
cldlServerState OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-createSTATUScurrentDESCRIPTION"This object indicates whether the LDAP server is currently
in use by the controller. A value of 'true' indicates that
the LDAP server is in use. A value of 'false' indicates that
the LDAP server is not in use."::={ cldlServerEntry 5}cldlServerTimeout OBJECT-TYPESYNTAXUnsigned32(1..3600)UNITS"seconds"MAX-ACCESSread-createSTATUScurrentDESCRIPTION"This object represents the retransmit time-out value for
this LDAP server. If there is no response from the LDAP
server, the controller will wait for this duration,
before retransmitting."::={ cldlServerEntry 6}cldlServerUserBase OBJECT-TYPESYNTAXDisplayStringMAX-ACCESSread-create
STATUScurrentDESCRIPTION"This object represents the name of the sub-tree in
the LDAP server that contains the information about all
the users in that sub-tree."::={ cldlServerEntry 7}cldlServerUserNameAttribute OBJECT-TYPESYNTAXDisplayStringMAX-ACCESSread-createSTATUScurrentDESCRIPTION"This object represents the attribute that stores
the name of the user."::={ cldlServerEntry 8}cldlServerUserName OBJECT-TYPESYNTAXDisplayStringMAX-ACCESSread-createSTATUScurrentDESCRIPTION"This object represents the name of the user.
This is the value for the attribute identified by
cldlServerUserNameAttribute."::={ cldlServerEntry 9}cldlServerSecurityEnable OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-createSTATUScurrentDESCRIPTION
"This object indicates whether the LDAP transactions are
secured. A value of 'true' indicates that all the
LDAP transactions of the controller are secured the use
of TLS tunnel. A value of 'false' indicates that the LDAP
transactions are not secured."DEFVAL{ false }::={ cldlServerEntry 10}cldlServerStorageType OBJECT-TYPESYNTAXStorageTypeMAX-ACCESSread-createSTATUScurrentDESCRIPTION"This object represents the storage type for this conceptual
row."DEFVAL{ nonVolatile }::={ cldlServerEntry 11}cldlServerRowStatus OBJECT-TYPESYNTAXRowStatusMAX-ACCESSread-createSTATUScurrentDESCRIPTION"This object represents the status column for a
conceptual row in this table."::={ cldlServerEntry 12}-- ********************************************************************
-- WLAN LDAP table
-- ********************************************************************
cldlWlanLdapTable OBJECT-TYPESYNTAXSEQUENCEOF CldlWlanLdapEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"This table helps to map LDAP servers for WLANs
from cldlServerTable through the use of
cldlServerIndex. When a client gets associated to a WLAN,
the controller uses those LDAP servers that are
mapped to that WLAN for access to information about
the clients.
The creation of a new row in cLWlanConfigTable,
through an explicit network management action,
results in creation of an entry in this table.
Similarly, deletion of a row in
cLWlanConfigTable through user action causes the
deletion of corresponding row in this table.
This table has an one-to-one relationship with
cLWlanConfigTable of CISCO-LWAPP-WLAN-MIB. There
exists an entry in this table for each corresponding
entry in the cLWlanConfigTable."::={ cldlConfig 2}cldlWlanLdapEntry OBJECT-TYPESYNTAX CldlWlanLdapEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"Each entry represents a conceptual row in
cldlWlanLdapTable and represents the LDAP
configuration for a particular WLAN
identified by cLWlanIndex."AUGMENTS{ cLWlanConfigEntry }::={ cldlWlanLdapTable 1}
CldlWlanLdapEntry ::=SEQUENCE{
cldlWlanLdapPrimaryServerIndex Unsigned32,
cldlWlanLdapSecondaryServerIndex Unsigned32,
cldlWlanLdapTertiaryServerIndex Unsigned32}cldlWlanLdapPrimaryServerIndex OBJECT-TYPESYNTAXUnsigned32(0..255)MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"The object represents the value that maps to the
primary LDAP server for this WLAN. A value of 0
indicates that the primary LDAP server is not
configured for this WLAN."DEFVAL{0}::={ cldlWlanLdapEntry 1}cldlWlanLdapSecondaryServerIndex OBJECT-TYPESYNTAXUnsigned32(0..255)MAX-ACCESSread-writeSTATUScurrent
DESCRIPTION"The object represents the value that maps to the
secondary LDAP server for this WLAN. A value of 0
indicates that the primary LDAP server is not
configured for this WLAN."DEFVAL{0}::={ cldlWlanLdapEntry 2}cldlWlanLdapTertiaryServerIndex OBJECT-TYPESYNTAXUnsigned32(0..255)MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"The object represents the value that maps to the
tertiary LDAP server for this WLAN. A value of 0
indicates that the primary LDAP server is not
configured for this WLAN."DEFVAL{0}::={ cldlWlanLdapEntry 3}-- ********************************************************************ciscoLwappDot11LdapMIBCompliances OBJECTIDENTIFIER::={ ciscoLwappDot11LdapMIBConform 1}ciscoLwappDot11LdapMIBGroups OBJECTIDENTIFIER
::={ ciscoLwappDot11LdapMIBConform 2}-- ********************************************************************ciscoLwappDot11LdapMIBCompliance MODULE-COMPLIANCESTATUScurrentDESCRIPTION"The compliance statement for the SNMP entities that
implement the ciscoLwappDot11LdapMIB module."MODULE-- this moduleMANDATORY-GROUPS{ ciscoLwappDot11LdapMIBConfigGroup }::={ ciscoLwappDot11LdapMIBCompliances 1}-- ********************************************************************
-- * Units of conformance
-- ********************************************************************ciscoLwappDot11LdapMIBConfigGroup OBJECT-GROUPOBJECTS{
cldlServerAddressType,
cldlServerAddress,
cldlServerPortNum,
cldlServerState,
cldlServerTimeout,
cldlServerUserBase,
cldlServerUserNameAttribute,
cldlServerUserName,
cldlServerSecurityEnable,
cldlServerRowStatus,
cldlServerStorageType,
cldlWlanLdapPrimaryServerIndex,
cldlWlanLdapSecondaryServerIndex,
cldlWlanLdapTertiaryServerIndex
}STATUScurrentDESCRIPTION"This collection of objects specifies the LDAP
configuration on the controller."::={ ciscoLwappDot11LdapMIBGroups 1}END