-- *******************************************************************
-- CISCO-LWAPP-WEBAUTH-MIB.my :
-- Light Weight Access Point Web Authentication MIB
-- January 2006, Devesh Pujari, Prasanna Viswakumar
-- February 2007 , Updated by Ambika Mohanty
-- Copyright (c) 2006-2007 by Cisco Systems Inc.
-- All rights reserved.
-- ******************************************************************CISCO-LWAPP-WEBAUTH-MIB DEFINITIONS::=BEGINIMPORTSMODULE-IDENTITY,
NOTIFICATION-TYPE,OBJECT-TYPE,Unsigned32FROM SNMPv2-SMI
MODULE-COMPLIANCE,OBJECT-GROUP,NOTIFICATION-GROUPFROM SNMPv2-CONF
TruthValue,RowStatusFROM SNMPv2-TC
InetAddressType,InetAddressFROM INET-ADDRESS-MIB
SnmpAdminStringFROM SNMP-FRAMEWORK-MIB
CiscoURLString
FROM CISCO-TC
ciscoMgmt
FROM CISCO-SMI;-- ********************************************************************
-- * MODULE IDENTITY
-- ********************************************************************ciscoLwappWebAuthMIB MODULE-IDENTITYLAST-UPDATED"200703040000Z"ORGANIZATION"Cisco Systems Inc."CONTACT-INFO"Cisco Systems,
Customer Service
Postal: 170 West Tasman Drive
San Jose, CA 95134
USA
Tel: +1 800 553-NETS
Email: cs-wnbu-snmp@cisco.com"DESCRIPTION"This MIB is intended to be implemented on all those
devices operating as Central controllers, that
terminate the Light Weight Access Point Protocol
tunnel from Cisco Light-weight LWAPP Access Points.
This MIB is used to configure web authentication
parameters in the controller to manage clients'
authentication. The mobile nodes are
web-authenticated if they select the WLAN that
has web security enabled.
The relationship between CC and the LWAPP APs
can be depicted as follows:
+......+ +......+ +......+ +......+
+ + + + + + + +
+ CC + + CC + + CC + + CC +
+ + + + + + + +
+......+ +......+ +......+ +......+
.. . . .
.. . . .
. . . . .
. . . . .
. . . . .
. . . . .
+......+ +......+ +......+ +......+ +......+
+ + + + + + + + + +
+ AP + + AP + + AP + + AP + + AP +
+ + + + + + + + + +
+......+ +......+ +......+ +......+ +......+
. . . .
. . . . .
. . . . .
. . . . .
. . . . .
+......+ +......+ +......+ +......+ +......+
+ + + + + + + + + +
+ MN + + MN + + MN + + MN + + MN +
+ + + + + + + + + +
+......+ +......+ +......+ +......+ +......+
The LWAPP tunnel exists between the controller and
the APs. The MNs communicate with the APs through
the protocol defined by the 802.11 standard.
LWAPP APs, upon bootup, discover and join one of the
controllers and the controller pushes the configuration,
that includes the WLAN parameters, to the LWAPP APs.
The APs then encapsulate all the 802.11 frames from
wireless clients inside LWAPP frames and forward
the LWAPP frames to the controller.
GLOSSARY
Access Point ( AP )
An entity that contains an 802.11 medium access
control ( MAC ) and physical layer ( PHY ) interface
and provides access to the distribution services via
the wireless medium for associated clients.
LWAPP APs encapsulate all the 802.11 frames in
LWAPP frames and sends them to the controller to which
it is logically connected.
Central Controller ( CC )
The central entity that terminates the LWAPP protocol
tunnel from the LWAPP APs. Throughout this MIB,
this entity also referred to as 'controller'.
Guest User
A guest user is a temporary user with access
privileges for configuring the wireless network
for a finite life time. The wireless networks
are configured on the controller. The method of
authentication to the controller can be configured
using this MIB instrumentation.
Light Weight Access Point Protocol ( LWAPP )
This is a generic protocol that defines the
communication between the Access Points and the
Central Controller.
Mobile Node ( MN )
A roaming 802.11 wireless device in a wireless
network associated with an access point. Mobile Node,
Mobile Station(Ms) and client are used interchangeably.
Web-Authentication
Clients are web authenticated, when clients open the
web-browser and send HTTP packets. Then user is asked
to enter login and password. This is known as Web
Authentication.
REFERENCE
[1] Wireless LAN Medium Access Control ( MAC ) and
Physical Layer ( PHY ) Specifications.
[2] Draft-obara-capwap-lwapp-00.txt, IETF Light
Weight Access Point Protocol"REVISION"200703040000Z"DESCRIPTION"This is the second revision of this MIB to accomodate
enhanced guest access changes ."REVISION"200604051150Z"DESCRIPTION
"Initial version of this MIB module. "::={ ciscoMgmt 515}ciscoLwappWebAuthMIBNotifs OBJECTIDENTIFIER::={ ciscoLwappWebAuthMIB 0}ciscoLwappWebAuthMIBNotifObjs OBJECTIDENTIFIER::={ ciscoLwappWebAuthMIB 1}ciscoLwappWebAuthMIBObjects OBJECTIDENTIFIER::={ ciscoLwappWebAuthMIB 2}ciscoLwappWebAuthMIBConform OBJECTIDENTIFIER
::={ ciscoLwappWebAuthMIB 3}ciscoLwappWebAuthConfig OBJECTIDENTIFIER::={ ciscoLwappWebAuthMIBObjects 1}ciscoLwappWebAuthExtConfig OBJECTIDENTIFIER::={ ciscoLwappWebAuthMIBObjects 2}ciscoLwappLocalNetUserConfig OBJECTIDENTIFIER::={ ciscoLwappWebAuthMIBObjects 3}-- ********************************************************************
-- Web Auth config
-- Global controller level web auth configuration
-- ********************************************************************cLWAWebAuthType OBJECT-TYPESYNTAXINTEGER{internalDefault(1),internalCustom(2),external(3)}MAX-ACCESSread-writeSTATUScurrentDESCRIPTION
"The type of web authentication for the clients.
Web Authentication can be of three types;
internalDefault - The default login page will be
presented to the client for authentication.
internalCustom - The administrator has created and
uploaded a custom login page and it will be
presented to the clients for authentication.
external - This value indicates that the login page
will be served from the external web server. Note
that cLWAWebAuthType can be successfully set to this
value when the cLWAExternalWebAuthURL object has been
set to string with non-zero length."DEFVAL{ internalDefault }::={ ciscoLwappWebAuthConfig 1}cLWAManufacturerLogo OBJECT-TYPE
SYNTAXTruthValueMAX-ACCESSread-writeSTATUScurrentDESCRIPTION"This object is used to control the display of the
Manufacturer Logo on the login page.
A value of 'true' indicates that the Manufacturer
logo will be displayed on the login page.
A value of 'false' indicates that the Manufacturer
logo won't be displayed on the login page."DEFVAL{ true }::={ ciscoLwappWebAuthConfig 2}cLWACustomLogoFileName OBJECT-TYPESYNTAXSnmpAdminString
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The name of the custom logo file. The logo
in this file will appear on the login page
when the value of cLWebAuthType is
'internalDefault'."::={ ciscoLwappWebAuthConfig 3}cLWACustomWebTitle OBJECT-TYPESYNTAXSnmpAdminString(SIZE(0..128))MAX-ACCESSread-write
STATUScurrentDESCRIPTION"The title text that appears on the login page
of the clients when the value of cLWebAuthType
is 'internalDefault'."DEFVAL{""}::={ ciscoLwappWebAuthConfig 4}cLWACustomWebMessage OBJECT-TYPESYNTAXSnmpAdminStringMAX-ACCESSread-writeSTATUScurrentDESCRIPTION"The message that appears on the login page of
clients when the value of cLWebAuthType is
'internalDefault'."DEFVAL{""}::={ ciscoLwappWebAuthConfig 5}cLWACustomWebRedirectURL OBJECT-TYPESYNTAX CiscoURLString
MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"The URL used to load client web page after
successful authentication."::={ ciscoLwappWebAuthConfig 6}cLWAExternalWebAuthURL OBJECT-TYPE
SYNTAX CiscoURLString
MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"The URL to which the client web page will be
directed for authentication. This object will
be used when the cLWebAuthType object is set to
'external'. The configured URL should resolve to
one of the Web Server IP addresses configured
through cLWAExternalWebServerTable."::={ ciscoLwappWebAuthConfig 7}-- ********************************************************************
-- * External Webserver table
-- ********************************************************************cLWAExternalWebServerTable OBJECT-TYPE
SYNTAXSEQUENCEOF CLWAExternalWebServerEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"This table provides the list of external web
servers used for external web authentication.
These are the addresses from which the
controller will allow traffic before client
authentication to show the login page.
The controller is expected to use the services
of these web servers for performing the
authentication. The user is expected to provide
correct Internet addresses of those servers
available for authentication through this table.
The web authentication is done with the help of
only those Web Servers configured through this
table only when the cLWAWebAuthType is
configured as 'external'."::={ ciscoLwappWebAuthExtConfig 1}cLWAExternalWebServerEntry OBJECT-TYPESYNTAX CLWAExternalWebServerEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"A conceptual row in cLWAExternalWebServerTable. Each
entry corresponds to one external web authentication
server whose address is represented by
cLWAExternalWebServerAddr."INDEX{ cLWAExternalWebServerIndex }::={ cLWAExternalWebServerTable 1}
CLWAExternalWebServerEntry ::=SEQUENCE{
cLWAExternalWebServerIndex Unsigned32,
cLWAExternalWebServerAddrType InetAddressType,
cLWAExternalWebServerAddr InetAddress,
cLWAExternalWebServerRowStatus RowStatus}cLWAExternalWebServerIndex OBJECT-TYPESYNTAXUnsigned32(1..32)MAX-ACCESSnot-accessible
STATUScurrentDESCRIPTION"This object uniquely identifies one specific entry
in this table."::={ cLWAExternalWebServerEntry 1}cLWAExternalWebServerAddrType OBJECT-TYPESYNTAXInetAddressTypeMAX-ACCESSread-createSTATUScurrentDESCRIPTION"The type of the Web Server address as represented
by the value of the corresponding instance of
'cLWAExternalWebServerAddr'."::={ cLWAExternalWebServerEntry 2}
cLWAExternalWebServerAddr OBJECT-TYPESYNTAXInetAddressMAX-ACCESSread-createSTATUScurrentDESCRIPTION"The Internet address of the Web Server from which
traffic is allowed before client's authentication.
Please note that the row creation will be
successful only if the address of the Web Server
represented by the values of
cLWAExternalWebServerAddrType and
cLWAExternalWebServerAddr is unique across all
the entries."::={ cLWAExternalWebServerEntry 3}
cLWAExternalWebServerRowStatus OBJECT-TYPESYNTAXRowStatusMAX-ACCESSread-createSTATUScurrentDESCRIPTION"The status of the conceptual row used to create and
delete specific instances of rows in this table.
This object can not be set to 'active' unless the
values of the corresponding instances of
cLWAExternalWebServerAddr and
cLWAExternalWebServerAddrType are set."::={ cLWAExternalWebServerEntry 4}cLWALocalNetUserTable OBJECT-TYPESYNTAXSEQUENCEOF CLWALocalNetUserEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The table lists the user type for each user present
in the controller. The user type can be guest or
permanent."::={ ciscoLwappLocalNetUserConfig 1}cLWALocalNetUserEntry OBJECT-TYPESYNTAX CLWALocalNetUserEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"This is a row in the cLWALocalNetUserTable.
Each entry corresponds to a guest/permanent user present
in the controller."INDEX{ cLWALocalNetUserName }::={ cLWALocalNetUserTable 1}
CLWALocalNetUserEntry ::=SEQUENCE{
cLWALocalNetUserName SnmpAdminString,
cLWALocalNetUserIsGuest TruthValue}cLWALocalNetUserName OBJECT-TYPESYNTAXSnmpAdminString(SIZE(1..50))
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"This object identifies the user name of the guest
user or the permanent user in the controller."::={ cLWALocalNetUserEntry 1}cLWALocalNetUserIsGuest OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-writeSTATUScurrentDESCRIPTION"This object is used to specify the type of user in
the controller. A value of 'true' is used to specify
a guest user and a value of 'false' is used to specify
a permanent user."::={ cLWALocalNetUserEntry 2}-- ********************************************************************
-- * Notification objects
-- ********************************************************************cLWAGuestUserName OBJECT-TYPESYNTAXOCTETSTRING(SIZE(1..24))MAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION
"This object indicates the name of the guest user."::={ ciscoLwappWebAuthMIBNotifObjs 1}-- ********************************************************************
-- * Notifications
-- ********************************************************************cLWAGuestUserRemoved NOTIFICATION-TYPEOBJECTS{ cLWAGuestUserName }STATUScurrentDESCRIPTION"This notification is generated when the lifetime of the
guest-user expires and the guest-user's accounts are
removed."::={ ciscoLwappWebAuthMIBNotifs 1}-- ********************************************************************
-- * Compliance statements
-- ********************************************************************ciscoLwappWebAuthMIBCompliances OBJECTIDENTIFIER::={ ciscoLwappWebAuthMIBConform 1}ciscoLwappWebAuthMIBGroups OBJECTIDENTIFIER::={ ciscoLwappWebAuthMIBConform 2}cLWebAuthMIBCompliance MODULE-COMPLIANCESTATUSdeprecatedDESCRIPTION"The compliance statement for the SNMP entities that
implement the ciscoLwappWebAuthMIB module."MODULEMANDATORY-GROUPS{
cLWACustomWebAuthGroup,
cLWAExternalWebAuthGroup,
cLWAGuestAccessNotifObjGroup,
cLWAGuestAccessNotifGroup
}OBJECT cLWAExternalWebServerRowStatus
SYNTAXINTEGER{
active(1),
createAndGo(4),
destroy(6)
}DESCRIPTION"An implementation is only required to support
three of the six enumerated values of the
RowStatus textual convention, specifically,
'active', 'createAndGo' and 'destroy'."::={ ciscoLwappWebAuthMIBCompliances 1}cLWebAuthMIBComplianceRev1 MODULE-COMPLIANCESTATUScurrentDESCRIPTION"The compliance statement for the SNMP entities that
implement the ciscoLwappWebAuthMIB module."MODULEMANDATORY-GROUPS{
cLWACustomWebAuthGroup,
cLWAExternalWebAuthGroup,
cLWAGuestAccessNotifObjGroup,
cLWAGuestAccessNotifGroup,
cLWAGuestUserConfigGroup
}OBJECT cLWAExternalWebServerRowStatus
SYNTAXINTEGER{
active(1),
createAndGo(4),
destroy(6)}
DESCRIPTION"An implementation is only required to support
three of the six enumerated values of the
RowStatus textual convention, specifically,
'active', 'createAndGo' and 'destroy'."::={ ciscoLwappWebAuthMIBCompliances 2}-- ********************************************************************
-- * Units of conformance
-- ********************************************************************cLWACustomWebAuthGroup OBJECT-GROUPOBJECTS{
cLWAWebAuthType,
cLWAManufacturerLogo,
cLWACustomLogoFileName,
cLWACustomWebTitle,
cLWACustomWebMessage,
cLWACustomWebRedirectURL,
cLWAExternalWebAuthURL
}STATUScurrentDESCRIPTION"This collection of objects is used for internal-
default and internal-custom web-authentication."::={ ciscoLwappWebAuthMIBGroups 1}cLWAExternalWebAuthGroup OBJECT-GROUPOBJECTS{
cLWAExternalWebServerAddrType,
cLWAExternalWebServerAddr,
cLWAExternalWebServerRowStatus
}STATUScurrentDESCRIPTION"This collection of objects is used for configuring
Web servers for external web-authentication."::={ ciscoLwappWebAuthMIBGroups 2}cLWAGuestAccessNotifObjGroup OBJECT-GROUPOBJECTS{ cLWAGuestUserName }STATUScurrentDESCRIPTION"This collection of objects are part of the Guest
Access related notifications by the controller."
::={ ciscoLwappWebAuthMIBGroups 3}cLWAGuestAccessNotifGroup NOTIFICATION-GROUPNOTIFICATIONS{ cLWAGuestUserRemoved }STATUScurrentDESCRIPTION"These notifications are sent to the network
management station to indicate the access status
of guest users."::={ ciscoLwappWebAuthMIBGroups 4}cLWAGuestUserConfigGroup OBJECT-GROUPOBJECTS{ cLWALocalNetUserIsGuest }
STATUScurrentDESCRIPTION"This collection of objects is used for configuring
guest user parameters."::={ ciscoLwappWebAuthMIBGroups 5}END