-- *******************************************************************
-- CISCO-LWAPP-MFP-MIB.my
-- Light Weight Access Point Management Frame Protection MIB
-- January 2006, Victor Griswold, Devesh Pujari, Prasanna Viswakumar
--
-- Copyright (c) 2006, 2007 by Cisco Systems, Inc.
-- All rights reserved.
-- *******************************************************************CISCO-LWAPP-MFP-MIB DEFINITIONS::=BEGINIMPORTSMODULE-IDENTITY,NOTIFICATION-TYPE,OBJECT-TYPE,Unsigned32,Gauge32FROM SNMPv2-SMI
MODULE-COMPLIANCE,OBJECT-GROUP,NOTIFICATION-GROUPFROM SNMPv2-CONF
TruthValue,TimeInterval,MacAddressFROM SNMPv2-TC
cLWlanConfigEntry
FROM CISCO-LWAPP-WLAN-MIB
cLApIfSmtDot11Bssid,cLApEntry,cLApIfSmtParamEntry
FROM CISCO-LWAPP-AP-MIB
cldcClientMacAddress
FROM CISCO-LWAPP-DOT11-CLIENT-MIB
CLEventFrames,
CLMfpEventType,
CLMfpVersion,
CLTimeBaseStatus
FROM CISCO-LWAPP-TC-MIB
ciscoMgmt
FROM CISCO-SMI;-- ********************************************************************
-- * MODULE IDENTITY
-- ********************************************************************ciscoLwappMfpMIB MODULE-IDENTITYLAST-UPDATED"200701201545Z"ORGANIZATION"Cisco Systems Inc."CONTACT-INFO"Cisco Systems,
Customer Service
Postal: 170 West Tasman Drive
San Jose, CA 95134
USA
Tel: +1 800 553-NETS
Email: cs-wnbu-snmp@cisco.com"DESCRIPTION"This MIB is intended to be implemented on all those
devices operating as Central Controllers (CC) that
terminate the Light Weight Access Point Protocol
tunnel from Light-weight LWAPP Access Points.
This MIB instrumentation provides the parameters used
by the controller to control and monitor the behavior
of the associated Access Points when following the
newly defined Management Frame Protocol. The
controller would pass the MFP settings configured by
the user through this MIB to the APs through LWAPP
messages. The APs then begin to validate and verify
the integrity of 802.11 Management frames and report
the anomalies found, if any, to the controller.
The relationship between CC and the LWAPP APs
can be depicted as follows.
+......+ +......+ +......+ +......+
+ + + + + + + +
+ CC + + CC + + CC + + CC +
+ + + + + + + +
+......+ +......+ +......+ +......+
.. . . .
.. . . .
. . . . .
. . . . .
. . . . .
. . . . .
+......+ +......+ +......+ +......+ +......+
+ + + + + + + + + +
+ AP + + AP + + AP + + AP + + AP +
+ + + + + + + + + +
+......+ +......+ +......+ +......+ +......+
. . . .
. . . . .
. . . . .
. . . . .
. . . . .
+......+ +......+ +......+ +......+ +......+
+ + + + + + + + + +
+ MN + + MN + + MN + + MN + + MN +
+ + + + + + + + + +
+......+ +......+ +......+ +......+ +......+
The LWAPP tunnel exists between the controller and
the APs. The MNs communicate with the APs through
the protocol defined by the 802.11 standard.
LWAPP APs, upon bootup, discover and join one of the
controllers and the controller pushes the configuration,
which includes the WLAN parameters, to the LWAPP APs.
The APs then encapsulate all the 802.11 frames from
wireless clients inside LWAPP frames and forward
the LWAPP frames to the controller. Reference [2]
explains in detail about the communication between
the controller and APs, while Reference [1] explains
the AP-MN communication.
To secure the 802.11 management traffic, the controller
and the APs perform specific roles. The controller
acts as the central entity to generate and distribute
signature keys using which the APs generate integrity
check values, also known as signatures, for individual
management frames. The APs append this signature in
the form of an Information Element to the respective
management frame to be transmitted. This is needed to
isolate those potential rogue APs whose frames may not
carry the frame signature.
The APs use the signature keys, generated and pushed
to them by the controller for each BSSID reported
as heard by the APs, to validate the integrity of the
the management traffic originating from various
802.11 sources. Any anomalies observed by the APs
are reported to the controller. The controller
makes the information about such events available
for a network management Station in the form of
notifications.
GLOSSARY
Access Point ( AP )
An entity that contains an 802.11 media access
control ( MAC ) and physical layer ( PHY ) interface
and provides access to the distribution services via
the wireless medium for associated clients.
LWAPP APs encapsulate all the 802.11 frames in
LWAPP frames and sends them to the controller to which
it is logically connected.
AP-Authentication
With this feature enabled, the Access Points sending
radio resource management neighbor packets with
different RF network names will be reported as rogues.
Basic Service Set Identifier ( BSSID )
The identifier of the Basic Service Set controlled by
a single coordination function. The identifier is
usually the MAC address of the radio interface that
hosts the BSS.
Central Controller ( CC )
The central entity that terminates the LWAPP protocol
tunnel from the LWAPP APs. Throughout this MIB,
this entity is also referred to as 'controller'.
Light Weight Access Point Protocol ( LWAPP )
This is a generic protocol that defines the
communication between the Access Points and the
Central Controller.
Management Frame Protection ( MFP )
A proprietary mechanism devised to integrity protect
the otherwise unprotected management frames of the
802.11 protocol specification.
Message Integrity Check ( MIC )
A checksum computed on a sequence of bytes and made
known to the receiving party in a data communication,
to let the receiving party make sure the bytes
received were not compromised enroute.
Mobile Node ( MN )
A roaming 802.11 wireless device in a wireless
network associated with an access point.
Network Management Station ( NMS )
The system through which the network administrator
manages the controller and the APs associated to
it.
REFERENCE
[1] Wireless LAN Medium Access Control ( MAC ) and
Physical Layer ( PHY ) Specifications, ANSI/IEEE
Std 802.11, 1999 Edition.
[2] Draft-obara-Capwap-lwapp-00.txt, IETF Light
Weight Access Point Protocol"REVISION"200701201545Z"DESCRIPTION"The objects cLClientLastSourceMacAddress,
cLMfpClientProtection and cLMfpClientMfpEnabled
have been added."REVISION"200604101545Z"DESCRIPTION"Initial version of this MIB module."::={ ciscoMgmt 518}ciscoLwappMfpMIBNotifs OBJECTIDENTIFIER::={ ciscoLwappMfpMIB 0}ciscoLwappMfpMIBNotifObjects OBJECTIDENTIFIER::={ ciscoLwappMfpMIB 1}ciscoLwappMfpMIBObjects OBJECTIDENTIFIER::={ ciscoLwappMfpMIB 2}
ciscoLwappMfpMIBConform OBJECTIDENTIFIER::={ ciscoLwappMfpMIB 3}ciscoLwappMfpConfig OBJECTIDENTIFIER::={ ciscoLwappMfpMIBObjects 1}ciscoLwappMfpStatus OBJECTIDENTIFIER::={ ciscoLwappMfpMIBObjects 2}-- ********************************************************************
-- MFP Configuration
-- ********************************************************************cLMfpProtectType OBJECT-TYPESYNTAXINTEGER{cLMfpProtectNone(1),cLMfpProtectApAuth(2),cLMfpProtectMfp(3)}MAX-ACCESSread-writeSTATUScurrent
DESCRIPTION"The authentication mechanism to be used to secure
the WLANs managed through this controller.
cLMfpProtectNone - No authentication or protection
mechanism is configured on the controller.
cLMfpProtectApAuth - AP-authentication is configured
as the authentication and protection mechanism
on the controller.
cLMfpProtectMfp - MFP is configured as the
as the authentication and protection mechanism
on the controller.
The settings configured through cLMfpProtectionEnable
and cLMfpApMfpValidationEnable for a WLAN and AP
respectively take effect only if this object is set
to 'cLMfpProtectMfp'."DEFVAL{ cLMfpProtectNone }::={ ciscoLwappMfpConfig 1}cLMfpWlanConfigTable OBJECT-TYPESYNTAXSEQUENCEOF CLMfpWlanConfigEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"This table provides the configuration needed by the
controller to enable management frame protection on a
particular WLAN.
A controller, when configured, enables the MFP on
individual WLANs. When these WLANs that have MFP
enabled are applied to the APs, the APs become part
of the MFP framework. The APs will receive the
signature keys to be used to generate MICs for
unicast and broadcast management frames upon joining
the controller. With these keys, the APs generate
the MIC for individual management frames and append
the value as an information element to the
respective frames.
The creation of a new row in cLWlanConfigTable
through an explicit network management action
results in creation of an entry in this table.
Similarly, deletion of a row in
cLWlanConfigTable through user action causes the
deletion of corresponding row in this table."::={ ciscoLwappMfpConfig 2}cLMfpWlanConfigEntry OBJECT-TYPESYNTAX CLMfpWlanConfigEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"A conceptual row in cLMfpWlanConfigTable and
represents the MFP configuration on a particular
WLAN."AUGMENTS{ cLWlanConfigEntry }::={ cLMfpWlanConfigTable 1}
CLMfpWlanConfigEntry ::=SEQUENCE{
cLMfpVersionRequired CLMfpVersion,
cLMfpProtectionEnable TruthValue,
cLMfpClientProtection INTEGER}cLMfpVersionRequired OBJECT-TYPESYNTAX CLMfpVersion
MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"The version of the Management Frame Protection
Protocol required for the MFP framework when the
MFP protection is enabled through the
cLMfpProtectionEnable object."DEFVAL{ mfpv1 }::={ cLMfpWlanConfigEntry 2}cLMfpProtectionEnable OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-writeSTATUScurrentDESCRIPTION"This object specifies whether the MFP protection
on this WLAN be enabled or not.
A value of 'true' enables management frame
protection on the WLAN and 'false' disables
management frame protection.
Note that MFP is enabled or disabled on a WLAN
through the values of 'true' and 'false' only
if MFP is configured as the protection mechanism
by setting the object cLMfpProtectType to
'cLMfpProtectMfp'. The NMS shall modify the
value of this object, but the change made will
take effect only if MFP is configured as the
protection mechanism on the controller through
the cLMfpProtectType object."DEFVAL{ true }::={ cLMfpWlanConfigEntry 3}cLMfpClientProtection OBJECT-TYPESYNTAXINTEGER{disabled(1),enabled(2),required(3)}MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"This object specifies the level of client MFP
protection for this WLAN.
disabled - client protection is disabled.
enabled - client protection is optional.
required - client protection is mandatory."DEFVAL{ enabled }::={ cLMfpWlanConfigEntry 4}
cLMfpClientTable OBJECT-TYPESYNTAXSEQUENCEOF CLMfpClientEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"This table represents the MFP information for 802.11
wireless clients that are associated with the APs
that have joined this controller."::={ ciscoLwappMfpStatus 5}cLMfpClientEntry OBJECT-TYPESYNTAX CLMfpClientEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"Each entry represents a conceptual row in this
table and provides MFP information about the
clients associated to the APs that have joined
the controller."INDEX{ cldcClientMacAddress }::={ cLMfpClientTable 1}
CLMfpClientEntry ::=SEQUENCE{
cLMfpClientMfpEnabled TruthValue}
cLMfpClientMfpEnabled OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This object indicates whether MFP protection is
enabled for a particular client. A value of 'true'
indicates that MFP protection is enabled. A value
of 'false' indicates MFP protection is disabled."::={ cLMfpClientEntry 1}-- ********************************************************************
-- * controller status
-- ********************************************************************cLMfpCtrlTimeBaseStatus OBJECT-TYPESYNTAX CLTimeBaseStatus
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The status of synchronization of the MFP-aware
LWAPP controller's timebase with that of a
central time server."::={ ciscoLwappMfpStatus 1}-- ********************************************************************
-- * Per-AP MFP status
-- ********************************************************************
cLMfpApParamTable OBJECT-TYPESYNTAXSEQUENCEOF CLMfpApParamEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"This table provides the configuration of MFP related
parameters corresponding to a particular AP.
A row is added to the table by the agent when a
a row is added to cLApTable of CISCO-LWAPP-AP-MIB.
Similarly, a row is deleted from this table when
the corresponding row is deleted from cLApTable."::={ ciscoLwappMfpStatus 2}cLMfpApParamEntry OBJECT-TYPESYNTAX CLMfpApParamEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"A conceptual row in this table and represents
the MFP parameters of a particular AP."AUGMENTS{ cLApEntry }::={ cLMfpApParamTable 1}
CLMfpApParamEntry ::=SEQUENCE{
cLMfpApMfpValidationEnable TruthValue,
cLMfpApMfpValidationActual TruthValue}cLMfpApMfpValidationEnable OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-writeSTATUScurrentDESCRIPTION"This object specifies whether the AP should
validate the management frames received by it
in accordance with the MFP version or not.
A value of 'true' indicates that the AP should
validate all the received management frames
accordance with the MFP version supported by the
respective dot11 interface on which the frame was
received.
A value of 'false' indicates that the AP won't
validate the received management frames.
Note that MFP validation is enabled or disabled
on an AP through the values of 'true' and 'false'
only if MFP is configured as the protection
mechanism by setting the object cLMfpProtectType to
'cLMfpProtectMfp'. The NMS shall modify the
value of this object, but the change made will
take effect only if MFP is configured as the
protection mechanism on the controller through
the cLMfpProtectType object."DEFVAL{ true }::={ cLMfpApParamEntry 1}cLMfpApMfpValidationActual OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This object indicates the status of MFP validation
being done as reported by the AP in response to the
controller's request to perform MFP validation.
A value of 'true' indicates that all the management
frames received by the AP will be validated in
accordance with the MFP version supported by the
respective dot11 interface on which the frame was
received.
A value of 'false' indicates that the management
frames received by this AP won't be validated."::={ cLMfpApParamEntry 2}-- ********************************************************************
-- * Dot11 Interface MFP capabilities
-- ********************************************************************cLMfpApIfSmtCapTable OBJECT-TYPESYNTAXSEQUENCEOF CLMfpApIfSmtCapEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"This table provides the MFP capabilities on a dot11
radio interface of an AP that has joined this
controller.
An AP performs the role of protecting and validating
management frames on its dot11 interfaces. It
protects the management frames transmitted out on a
dot11 interface when the signature protection
capability is enabled on that interface through
the object cLMfpApIfMfpProtectionCapability.
Similarly, it validates all the management frames
received on a dot11 interface when MFP validation
capability is enabled on the AP.
A row is added to the table by the agent
corresponding to each dot11 interface of an AP,
when it adds the row(s) to cLApIfSmtParamTable
of CISCO-LWAPP-AP-MIB. The agent deletes
the row(s) when it deletes the corresponding
rows from cLApIfSmtParamTable."::={ ciscoLwappMfpStatus 3}cLMfpApIfSmtCapEntry OBJECT-TYPESYNTAX CLMfpApIfSmtCapEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"A conceptual row in this table and represents
the MFP capabilities on the dot11 interface of
a particular LWAPP AP."AUGMENTS{ cLApIfSmtParamEntry }::={ cLMfpApIfSmtCapTable 1}
CLMfpApIfSmtCapEntry ::=SEQUENCE{
cLMfpApIfMfpVersionSupported CLMfpVersion,
cLMfpApIfMfpProtectionCapability INTEGER,
cLMfpApIfMfpValidationCapability INTEGER}cLMfpApIfMfpVersionSupported OBJECT-TYPESYNTAX CLMfpVersion
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The version of the Management Frame Protection
protocol currently supported by this radio
interface."::={ cLMfpApIfSmtCapEntry 1}cLMfpApIfMfpProtectionCapability OBJECT-TYPESYNTAXINTEGER{protectCapNone(1),protectCapNoBeacon(2),protectCapAllFrames(3)}MAX-ACCESSread-onlySTATUScurrent
DESCRIPTION"The management frame protection capability
currently exhibited by the dot11 interface.
protectCapNone - protection is not supported on this
dot11 interface.
protectCapNoBeacon - protection is supported for all
types of 802.11 management frames except for beacon
and probe rsponse frames.
protectCapAllFrames - protection is supported for all
types of 802.11 management frames."::={ cLMfpApIfSmtCapEntry 2}cLMfpApIfMfpValidationCapability OBJECT-TYPESYNTAXINTEGER{validateCapNone(1),validateCapAllFrames(2)}MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The management frame validation capability
currently exhibited by this dot11 interface.
validateCapNone - The MFP validation is not done by
this dot11 interface.
validateCapAllFrames - The MFP validation is
supported on ths dot11 interface for all types of
802.11 management frames."::={ cLMfpApIfSmtCapEntry 3}cLMfpCtrlNotifEnable OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-writeSTATUScurrentDESCRIPTION"The object to control the generation of
notifications defined in this MIB.
A value of 'true' indicates that the agent generates
the notifications defined in this MIB.
A value of 'false' indicates that the agent doesn't
generate the notifications."DEFVAL{ true }::={ ciscoLwappMfpStatus 4}-- ********************************************************************
-- * NOTIFICATION objects
-- ********************************************************************cLApMacAddress OBJECT-TYPESYNTAXMacAddressMAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION"This object specifies the radio MAC address
of a LWAPP AP."::={ ciscoLwappMfpMIBNotifObjects 1}
cLApDot11IfSlotIdx OBJECT-TYPESYNTAXUnsigned32(0..2)MAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION"This object specifies the slotId of the dot11
interface."::={ ciscoLwappMfpMIBNotifObjects 2}cLWlanIdx OBJECT-TYPESYNTAXUnsigned32MAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION"This object indicates the identifier for a
WLAN."::={ ciscoLwappMfpMIBNotifObjects 3}cLMfpApIfMfpProtectionActual OBJECT-TYPESYNTAXTruthValueMAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION
"The actual protection configuration for a
specific WLAN as applicable to a dot11
interface of a specific AP."::={ ciscoLwappMfpMIBNotifObjects 4}cLMfpEventType OBJECT-TYPESYNTAX CLMfpEventType
MAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION"The type of the MFP anomaly event."::={ ciscoLwappMfpMIBNotifObjects 5}cLMfpEventTotal OBJECT-TYPESYNTAXGauge32MAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION"The number of MFP anomaly events detected in the
prior period indicated by cLMfpEventPeriod.
cLMfpEventType indicates the type of the anomaly
event."::={ ciscoLwappMfpMIBNotifObjects 6}cLMfpEventPeriod OBJECT-TYPESYNTAXTimeIntervalMAX-ACCESSaccessible-for-notify
STATUScurrentDESCRIPTION"The time period, in hundredths of a second,
in which the reported number of events are
detected. This is the time interval at which
the controller periodically checks for the
anomaly events to be reported to the NMS
through the ciscoLwappMfpAnomalyDetected notification."::={ ciscoLwappMfpMIBNotifObjects 7}cLMfpEventFrames OBJECT-TYPESYNTAX CLEventFrames
MAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION"This object indicates which type of 802.11 management
frames contain anomalies of type cLMfpEventType.
When the controller detects anomalies using the
MFP validation test it will generate the
ciscoLwappMfpAnomalyDetected notification."::={ ciscoLwappMfpMIBNotifObjects 8}cLClientLastSourceMacAddress OBJECT-TYPESYNTAXMacAddressMAX-ACCESSaccessible-for-notifySTATUScurrent
DESCRIPTION"This object represents the MAC address of the
client that is responsible for the most recent event
related to a wireless client. This information is useful to
identify the rogue client that has staged the most recent
attack on the wireless network."::={ ciscoLwappMfpMIBNotifObjects 10}-- ********************************************************************
-- * NOTIFICATION TYPE objects
-- ********************************************************************ciscoLwappMfpProtectConfigMismatch NOTIFICATION-TYPEOBJECTS{
cLApMacAddress,
cLApDot11IfSlotIdx,
cLWlanIdx,
cLMfpProtectionEnable,
cLMfpApIfMfpProtectionActual
}STATUScurrentDESCRIPTION"This notification is sent by the agent when the
controller detects that the AP couldn't apply the
protection configuration to the specific radio
interface for the specified WLAN. The controller
detects the mismatch by matching the MFP configuration
requested to be applied with the configuration
returned in the acknowledgement as having been applied
to the radio interface. The controller also
generates this notification to indicate that
configuration mismatch is cleared when the
values of cLMfpProtectionEnable and
cLMfpApIfMfpProtectionActual are found to be the
same.
This notification is generated by the controller
only if MFP has been configured as the protection
mechanism through cLMfpProtectType."::={ ciscoLwappMfpMIBNotifs 1}ciscoLwappMfpValidationConfigMismatch NOTIFICATION-TYPEOBJECTS{
cLApMacAddress,
cLMfpApMfpValidationEnable,
cLMfpApMfpValidationActual
}STATUScurrentDESCRIPTION"This notification is sent by the agent when the
controller detects that the AP couldn't configure
itself with the MFP signature validation
configuration. The controller detects the mismatch by
matching the MFP configuration requested to be applied
with the configuration returned in the acknowledgement
as having been configured by the AP. The controller
also generates this notification to indicate that
configuration mismatch is cleared when the values
of cLMfpApMfpValidationEnable and
cLMfpApMfpValidationActual are found to be the same.
This notification is generated by the controller
only if MFP has been configured as the protection
mechanism through cLMfpProtectType."::={ ciscoLwappMfpMIBNotifs 2}ciscoLwappMfpTimebaseStatus NOTIFICATION-TYPEOBJECTS{ cLMfpCtrlTimeBaseStatus }STATUScurrentDESCRIPTION"This notification is sent by the agent to indicate
the controller's status of synchronization of its
timebase with that of a central timebase. The
notification is sent once after the controller comes
up and thereafter, it is sent everytime the
status changes."::={ ciscoLwappMfpMIBNotifs 3}-- STATUS deprecated by ciscoLwappMfpAnomalyDetected1ciscoLwappMfpAnomalyDetected NOTIFICATION-TYPEOBJECTS{
cLApMacAddress,
cLApDot11IfSlotIdx,
cLApIfSmtDot11Bssid,
cLMfpEventType,
cLMfpEventTotal,
cLMfpEventPeriod,
cLMfpEventFrames
}STATUSdeprecatedDESCRIPTION"This notification is sent by the agent when the
MFP configuration of the WLAN was violated by the
radio interface cLApIfSmtDot11Bssid and detected by
the radio interface cLApDot11IfSlotId of the AP
cLApMacAddress. The violation is indicated by
cLMfpEventType.
Through this notification, the controller reports
the NMS the occurrence of a total of cLMfpEventTotal
volation events, of type cLMfpEventType, upon
observing the management frame(s) indicated by
cLMfpEventFrames for the last cLMfpEventPeriod
time units. When cLMfpEventTotal is 0, it
indicates that no further anomalies have recently
been detected and that the NMS should clear any
alarm raised about the MFP errors.
This notification is generated by the controller
only if MFP has been configured as the protection
mechanism through cLMfpProtectType."::={ ciscoLwappMfpMIBNotifs 4}ciscoLwappMfpAnomalyDetected1 NOTIFICATION-TYPEOBJECTS{
cLApMacAddress,
cLApDot11IfSlotIdx,
cLApIfSmtDot11Bssid,
cLMfpEventType,
cLMfpEventTotal,
cLMfpEventPeriod,
cLMfpEventFrames,
cLClientLastSourceMacAddress
}STATUScurrentDESCRIPTION"This notification is sent by the agent when the
MFP configuration of the WLAN was violated by the
radio interface cLApIfSmtDot11Bssid and detected by
the radio interface cLApDot11IfSlotId of the AP
cLApMacAddress. The violation is indicated by
cLMfpEventType.
Through this notification, the controller reports
the NMS the occurrence of a total of cLMfpEventTotal
volation events, of type cLMfpEventType, upon
observing the management frame(s) indicated by
cLMfpEventFrames for the last cLMfpEventPeriod
time units. When cLMfpEventTotal is 0, it
indicates that no further anomalies have recently
been detected and that the NMS should clear any
alarm raised about the MFP errors.
cLClientLastSourceMacAddress is used only when the
controller generates notifications about client-related
attacks. The controller will populate zeros as the value
for cLClientLastSourceMacAddress when reporting anomalies
sourced by infrastructure devices.
This notification is generated by the controller
only if MFP has been configured as the protection
mechanism through cLMfpProtectType."
::={ ciscoLwappMfpMIBNotifs 5}-- ********************************************************************
-- * Compliance statements
-- ********************************************************************ciscoLwappMfpMIBCompliances OBJECTIDENTIFIER::={ ciscoLwappMfpMIBConform 1}ciscoLwappMfpMIBGroups OBJECTIDENTIFIER::={ ciscoLwappMfpMIBConform 2}-- STATUS deprecated by ciscoLwappMfpMIBComplianceRev1ciscoLwappMfpMIBCompliance MODULE-COMPLIANCESTATUSdeprecatedDESCRIPTION"The compliance statement for the SNMP entities that
implement the ciscoLwappMfpMIB module."MODULE-- this moduleMANDATORY-GROUPS{
ciscoLwappMfpConfigGroup,
ciscoLwappMfpStatusGroup,
ciscoLwappMfpNotifObjsGroup,
ciscoLwappMfpNotifsGroup
}::={ ciscoLwappMfpMIBCompliances 1}
ciscoLwappMfpMIBComplianceRev1 MODULE-COMPLIANCESTATUScurrentDESCRIPTION"The compliance statement for the SNMP entities that
implement the ciscoLwappMfpMIB module."MODULE-- this moduleMANDATORY-GROUPS{
ciscoLwappMfpConfigGroup,
ciscoLwappMfpStatusGroup,
ciscoLwappMfpNotifObjsGroup,
ciscoLwappMfpNotifsNewGroup,
ciscoLwappMfpConfigSup1Group,
ciscoLwappMfpStatusSup1Group,
ciscoLwappMfpNotifObjsSup1Group
}::={ ciscoLwappMfpMIBCompliances 2}-- ********************************************************************
-- * Units of conformance
-- ********************************************************************ciscoLwappMfpConfigGroup OBJECT-GROUPOBJECTS{
cLMfpProtectType,
cLMfpVersionRequired,
cLMfpProtectionEnable
}STATUScurrentDESCRIPTION"This collection of objects represent the
global and WLAN-specific protection capabilities
on the controller."::={ ciscoLwappMfpMIBGroups 1}ciscoLwappMfpStatusGroup OBJECT-GROUPOBJECTS{
cLMfpCtrlTimeBaseStatus,
cLMfpCtrlNotifEnable,
cLMfpApIfMfpVersionSupported,
cLMfpApIfMfpProtectionCapability,
cLMfpApIfMfpValidationCapability,
cLMfpApMfpValidationEnable
}STATUScurrentDESCRIPTION"This collection of objects provides the information
about the MFP signature protection capabilities as
observed on the dot11 interfaces of the LWAPP APs."::={ ciscoLwappMfpMIBGroups 2}ciscoLwappMfpNotifObjsGroup OBJECT-GROUPOBJECTS{
cLApMacAddress,
cLApDot11IfSlotIdx,
cLWlanIdx,
cLMfpApIfMfpProtectionActual,
cLMfpApMfpValidationActual,
cLMfpEventType,
cLMfpEventTotal,
cLMfpEventPeriod,
cLMfpEventFrames
}STATUScurrentDESCRIPTION"This collection of objects represent the information
carried by the MFP related notifications sent by
the agent to a network management station."::={ ciscoLwappMfpMIBGroups 3}-- STATUS deprecated by ciscoLwappMfpNotifsNewGroupciscoLwappMfpNotifsGroup NOTIFICATION-GROUPNOTIFICATIONS{
ciscoLwappMfpProtectConfigMismatch,
ciscoLwappMfpValidationConfigMismatch,
ciscoLwappMfpTimebaseStatus,
ciscoLwappMfpAnomalyDetected
}STATUSdeprecated
DESCRIPTION"This collection of objects represent the MFP related
notifications sent by the agent to a network
management station."::={ ciscoLwappMfpMIBGroups 4}ciscoLwappMfpConfigSup1Group OBJECT-GROUPOBJECTS{ cLMfpClientProtection }STATUScurrentDESCRIPTION"This collection of objects represent the configuration
for client protection on the controller."::={ ciscoLwappMfpMIBGroups 5}ciscoLwappMfpStatusSup1Group OBJECT-GROUPOBJECTS{ cLMfpClientMfpEnabled }STATUScurrentDESCRIPTION"This collection of objects represent the status
of client protection on the controller."::={ ciscoLwappMfpMIBGroups 6}ciscoLwappMfpNotifObjsSup1Group OBJECT-GROUPOBJECTS{ cLClientLastSourceMacAddress }
STATUScurrentDESCRIPTION"This collection of objects represent the client
related information in the MFP notifications
generated by the controller."::={ ciscoLwappMfpMIBGroups 7}ciscoLwappMfpNotifsNewGroup NOTIFICATION-GROUPNOTIFICATIONS{
ciscoLwappMfpProtectConfigMismatch,
ciscoLwappMfpValidationConfigMismatch,
ciscoLwappMfpTimebaseStatus,
ciscoLwappMfpAnomalyDetected1
}STATUScurrentDESCRIPTION"This collection of objects represent the MFP related
notifications sent by the agent to a network
management station."::={ ciscoLwappMfpMIBGroups 8}END