-- ******************************************************************* -- CISCO-LWAPP-MFP-MIB.my -- Light Weight Access Point Management Frame Protection MIB -- January 2006, Victor Griswold, Devesh Pujari, Prasanna Viswakumar -- -- Copyright (c) 2006, 2007 by Cisco Systems, Inc. -- All rights reserved. -- ******************************************************************* CISCO-LWAPP-MFP-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, NOTIFICATION-TYPE, OBJECT-TYPE, Unsigned32, Gauge32 FROM SNMPv2-SMI MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF TruthValue, TimeInterval, MacAddress FROM SNMPv2-TC cLWlanConfigEntry FROM CISCO-LWAPP-WLAN-MIB cLApIfSmtDot11Bssid, cLApEntry, cLApIfSmtParamEntry FROM CISCO-LWAPP-AP-MIB cldcClientMacAddress FROM CISCO-LWAPP-DOT11-CLIENT-MIB CLEventFrames, CLMfpEventType, CLMfpVersion, CLTimeBaseStatus FROM CISCO-LWAPP-TC-MIB ciscoMgmt FROM CISCO-SMI; -- ******************************************************************** -- * MODULE IDENTITY -- ******************************************************************** ciscoLwappMfpMIB MODULE-IDENTITY LAST-UPDATED "200701201545Z" ORGANIZATION "Cisco Systems Inc." CONTACT-INFO "Cisco Systems, Customer Service Postal: 170 West Tasman Drive San Jose, CA 95134 USA Tel: +1 800 553-NETS Email: cs-wnbu-snmp@cisco.com" DESCRIPTION "This MIB is intended to be implemented on all those devices operating as Central Controllers (CC) that terminate the Light Weight Access Point Protocol tunnel from Light-weight LWAPP Access Points. This MIB instrumentation provides the parameters used by the controller to control and monitor the behavior of the associated Access Points when following the newly defined Management Frame Protocol. The controller would pass the MFP settings configured by the user through this MIB to the APs through LWAPP messages. The APs then begin to validate and verify the integrity of 802.11 Management frames and report the anomalies found, if any, to the controller. The relationship between CC and the LWAPP APs can be depicted as follows. +......+ +......+ +......+ +......+ + + + + + + + + + CC + + CC + + CC + + CC + + + + + + + + + +......+ +......+ +......+ +......+ .. . . . .. . . . . . . . . . . . . . . . . . . . . . . . +......+ +......+ +......+ +......+ +......+ + + + + + + + + + + + AP + + AP + + AP + + AP + + AP + + + + + + + + + + + +......+ +......+ +......+ +......+ +......+ . . . . . . . . . . . . . . . . . . . . . . . . +......+ +......+ +......+ +......+ +......+ + + + + + + + + + + + MN + + MN + + MN + + MN + + MN + + + + + + + + + + + +......+ +......+ +......+ +......+ +......+ The LWAPP tunnel exists between the controller and the APs. The MNs communicate with the APs through the protocol defined by the 802.11 standard. LWAPP APs, upon bootup, discover and join one of the controllers and the controller pushes the configuration, which includes the WLAN parameters, to the LWAPP APs. The APs then encapsulate all the 802.11 frames from wireless clients inside LWAPP frames and forward the LWAPP frames to the controller. Reference [2] explains in detail about the communication between the controller and APs, while Reference [1] explains the AP-MN communication. To secure the 802.11 management traffic, the controller and the APs perform specific roles. The controller acts as the central entity to generate and distribute signature keys using which the APs generate integrity check values, also known as signatures, for individual management frames. The APs append this signature in the form of an Information Element to the respective management frame to be transmitted. This is needed to isolate those potential rogue APs whose frames may not carry the frame signature. The APs use the signature keys, generated and pushed to them by the controller for each BSSID reported as heard by the APs, to validate the integrity of the the management traffic originating from various 802.11 sources. Any anomalies observed by the APs are reported to the controller. The controller makes the information about such events available for a network management Station in the form of notifications. GLOSSARY Access Point ( AP ) An entity that contains an 802.11 media access control ( MAC ) and physical layer ( PHY ) interface and provides access to the distribution services via the wireless medium for associated clients. LWAPP APs encapsulate all the 802.11 frames in LWAPP frames and sends them to the controller to which it is logically connected. AP-Authentication With this feature enabled, the Access Points sending radio resource management neighbor packets with different RF network names will be reported as rogues. Basic Service Set Identifier ( BSSID ) The identifier of the Basic Service Set controlled by a single coordination function. The identifier is usually the MAC address of the radio interface that hosts the BSS. Central Controller ( CC ) The central entity that terminates the LWAPP protocol tunnel from the LWAPP APs. Throughout this MIB, this entity is also referred to as 'controller'. Light Weight Access Point Protocol ( LWAPP ) This is a generic protocol that defines the communication between the Access Points and the Central Controller. Management Frame Protection ( MFP ) A proprietary mechanism devised to integrity protect the otherwise unprotected management frames of the 802.11 protocol specification. Message Integrity Check ( MIC ) A checksum computed on a sequence of bytes and made known to the receiving party in a data communication, to let the receiving party make sure the bytes received were not compromised enroute. Mobile Node ( MN ) A roaming 802.11 wireless device in a wireless network associated with an access point. Network Management Station ( NMS ) The system through which the network administrator manages the controller and the APs associated to it. REFERENCE [1] Wireless LAN Medium Access Control ( MAC ) and Physical Layer ( PHY ) Specifications, ANSI/IEEE Std 802.11, 1999 Edition. [2] Draft-obara-Capwap-lwapp-00.txt, IETF Light Weight Access Point Protocol" REVISION "200701201545Z" DESCRIPTION "The objects cLClientLastSourceMacAddress, cLMfpClientProtection and cLMfpClientMfpEnabled have been added." REVISION "200604101545Z" DESCRIPTION "Initial version of this MIB module." ::= { ciscoMgmt 518 } ciscoLwappMfpMIBNotifs OBJECT IDENTIFIER ::= { ciscoLwappMfpMIB 0 } ciscoLwappMfpMIBNotifObjects OBJECT IDENTIFIER ::= { ciscoLwappMfpMIB 1 } ciscoLwappMfpMIBObjects OBJECT IDENTIFIER ::= { ciscoLwappMfpMIB 2 } ciscoLwappMfpMIBConform OBJECT IDENTIFIER ::= { ciscoLwappMfpMIB 3 } ciscoLwappMfpConfig OBJECT IDENTIFIER ::= { ciscoLwappMfpMIBObjects 1 } ciscoLwappMfpStatus OBJECT IDENTIFIER ::= { ciscoLwappMfpMIBObjects 2 } -- ******************************************************************** -- MFP Configuration -- ******************************************************************** cLMfpProtectType OBJECT-TYPE SYNTAX INTEGER { cLMfpProtectNone(1), cLMfpProtectApAuth(2), cLMfpProtectMfp(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "The authentication mechanism to be used to secure the WLANs managed through this controller. cLMfpProtectNone - No authentication or protection mechanism is configured on the controller. cLMfpProtectApAuth - AP-authentication is configured as the authentication and protection mechanism on the controller. cLMfpProtectMfp - MFP is configured as the as the authentication and protection mechanism on the controller. The settings configured through cLMfpProtectionEnable and cLMfpApMfpValidationEnable for a WLAN and AP respectively take effect only if this object is set to 'cLMfpProtectMfp'." DEFVAL { cLMfpProtectNone } ::= { ciscoLwappMfpConfig 1 } cLMfpWlanConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF CLMfpWlanConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table provides the configuration needed by the controller to enable management frame protection on a particular WLAN. A controller, when configured, enables the MFP on individual WLANs. When these WLANs that have MFP enabled are applied to the APs, the APs become part of the MFP framework. The APs will receive the signature keys to be used to generate MICs for unicast and broadcast management frames upon joining the controller. With these keys, the APs generate the MIC for individual management frames and append the value as an information element to the respective frames. The creation of a new row in cLWlanConfigTable through an explicit network management action results in creation of an entry in this table. Similarly, deletion of a row in cLWlanConfigTable through user action causes the deletion of corresponding row in this table." ::= { ciscoLwappMfpConfig 2 } cLMfpWlanConfigEntry OBJECT-TYPE SYNTAX CLMfpWlanConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A conceptual row in cLMfpWlanConfigTable and represents the MFP configuration on a particular WLAN." AUGMENTS { cLWlanConfigEntry } ::= { cLMfpWlanConfigTable 1 } CLMfpWlanConfigEntry ::= SEQUENCE { cLMfpVersionRequired CLMfpVersion, cLMfpProtectionEnable TruthValue, cLMfpClientProtection INTEGER } cLMfpVersionRequired OBJECT-TYPE SYNTAX CLMfpVersion MAX-ACCESS read-write STATUS current DESCRIPTION "The version of the Management Frame Protection Protocol required for the MFP framework when the MFP protection is enabled through the cLMfpProtectionEnable object." DEFVAL { mfpv1 } ::= { cLMfpWlanConfigEntry 2 } cLMfpProtectionEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies whether the MFP protection on this WLAN be enabled or not. A value of 'true' enables management frame protection on the WLAN and 'false' disables management frame protection. Note that MFP is enabled or disabled on a WLAN through the values of 'true' and 'false' only if MFP is configured as the protection mechanism by setting the object cLMfpProtectType to 'cLMfpProtectMfp'. The NMS shall modify the value of this object, but the change made will take effect only if MFP is configured as the protection mechanism on the controller through the cLMfpProtectType object." DEFVAL { true } ::= { cLMfpWlanConfigEntry 3 } cLMfpClientProtection OBJECT-TYPE SYNTAX INTEGER { disabled(1), enabled(2), required(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the level of client MFP protection for this WLAN. disabled - client protection is disabled. enabled - client protection is optional. required - client protection is mandatory." DEFVAL { enabled } ::= { cLMfpWlanConfigEntry 4 } cLMfpClientTable OBJECT-TYPE SYNTAX SEQUENCE OF CLMfpClientEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table represents the MFP information for 802.11 wireless clients that are associated with the APs that have joined this controller." ::= { ciscoLwappMfpStatus 5 } cLMfpClientEntry OBJECT-TYPE SYNTAX CLMfpClientEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry represents a conceptual row in this table and provides MFP information about the clients associated to the APs that have joined the controller." INDEX { cldcClientMacAddress } ::= { cLMfpClientTable 1 } CLMfpClientEntry ::= SEQUENCE { cLMfpClientMfpEnabled TruthValue } cLMfpClientMfpEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates whether MFP protection is enabled for a particular client. A value of 'true' indicates that MFP protection is enabled. A value of 'false' indicates MFP protection is disabled." ::= { cLMfpClientEntry 1 } -- ******************************************************************** -- * controller status -- ******************************************************************** cLMfpCtrlTimeBaseStatus OBJECT-TYPE SYNTAX CLTimeBaseStatus MAX-ACCESS read-only STATUS current DESCRIPTION "The status of synchronization of the MFP-aware LWAPP controller's timebase with that of a central time server." ::= { ciscoLwappMfpStatus 1 } -- ******************************************************************** -- * Per-AP MFP status -- ******************************************************************** cLMfpApParamTable OBJECT-TYPE SYNTAX SEQUENCE OF CLMfpApParamEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table provides the configuration of MFP related parameters corresponding to a particular AP. A row is added to the table by the agent when a a row is added to cLApTable of CISCO-LWAPP-AP-MIB. Similarly, a row is deleted from this table when the corresponding row is deleted from cLApTable." ::= { ciscoLwappMfpStatus 2 } cLMfpApParamEntry OBJECT-TYPE SYNTAX CLMfpApParamEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A conceptual row in this table and represents the MFP parameters of a particular AP." AUGMENTS { cLApEntry } ::= { cLMfpApParamTable 1 } CLMfpApParamEntry ::= SEQUENCE { cLMfpApMfpValidationEnable TruthValue, cLMfpApMfpValidationActual TruthValue } cLMfpApMfpValidationEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies whether the AP should validate the management frames received by it in accordance with the MFP version or not. A value of 'true' indicates that the AP should validate all the received management frames accordance with the MFP version supported by the respective dot11 interface on which the frame was received. A value of 'false' indicates that the AP won't validate the received management frames. Note that MFP validation is enabled or disabled on an AP through the values of 'true' and 'false' only if MFP is configured as the protection mechanism by setting the object cLMfpProtectType to 'cLMfpProtectMfp'. The NMS shall modify the value of this object, but the change made will take effect only if MFP is configured as the protection mechanism on the controller through the cLMfpProtectType object." DEFVAL { true } ::= { cLMfpApParamEntry 1 } cLMfpApMfpValidationActual OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the status of MFP validation being done as reported by the AP in response to the controller's request to perform MFP validation. A value of 'true' indicates that all the management frames received by the AP will be validated in accordance with the MFP version supported by the respective dot11 interface on which the frame was received. A value of 'false' indicates that the management frames received by this AP won't be validated." ::= { cLMfpApParamEntry 2 } -- ******************************************************************** -- * Dot11 Interface MFP capabilities -- ******************************************************************** cLMfpApIfSmtCapTable OBJECT-TYPE SYNTAX SEQUENCE OF CLMfpApIfSmtCapEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table provides the MFP capabilities on a dot11 radio interface of an AP that has joined this controller. An AP performs the role of protecting and validating management frames on its dot11 interfaces. It protects the management frames transmitted out on a dot11 interface when the signature protection capability is enabled on that interface through the object cLMfpApIfMfpProtectionCapability. Similarly, it validates all the management frames received on a dot11 interface when MFP validation capability is enabled on the AP. A row is added to the table by the agent corresponding to each dot11 interface of an AP, when it adds the row(s) to cLApIfSmtParamTable of CISCO-LWAPP-AP-MIB. The agent deletes the row(s) when it deletes the corresponding rows from cLApIfSmtParamTable." ::= { ciscoLwappMfpStatus 3 } cLMfpApIfSmtCapEntry OBJECT-TYPE SYNTAX CLMfpApIfSmtCapEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A conceptual row in this table and represents the MFP capabilities on the dot11 interface of a particular LWAPP AP." AUGMENTS { cLApIfSmtParamEntry } ::= { cLMfpApIfSmtCapTable 1 } CLMfpApIfSmtCapEntry ::= SEQUENCE { cLMfpApIfMfpVersionSupported CLMfpVersion, cLMfpApIfMfpProtectionCapability INTEGER , cLMfpApIfMfpValidationCapability INTEGER } cLMfpApIfMfpVersionSupported OBJECT-TYPE SYNTAX CLMfpVersion MAX-ACCESS read-only STATUS current DESCRIPTION "The version of the Management Frame Protection protocol currently supported by this radio interface." ::= { cLMfpApIfSmtCapEntry 1 } cLMfpApIfMfpProtectionCapability OBJECT-TYPE SYNTAX INTEGER { protectCapNone(1), protectCapNoBeacon(2), protectCapAllFrames(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "The management frame protection capability currently exhibited by the dot11 interface. protectCapNone - protection is not supported on this dot11 interface. protectCapNoBeacon - protection is supported for all types of 802.11 management frames except for beacon and probe rsponse frames. protectCapAllFrames - protection is supported for all types of 802.11 management frames." ::= { cLMfpApIfSmtCapEntry 2 } cLMfpApIfMfpValidationCapability OBJECT-TYPE SYNTAX INTEGER { validateCapNone(1), validateCapAllFrames(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The management frame validation capability currently exhibited by this dot11 interface. validateCapNone - The MFP validation is not done by this dot11 interface. validateCapAllFrames - The MFP validation is supported on ths dot11 interface for all types of 802.11 management frames." ::= { cLMfpApIfSmtCapEntry 3 } cLMfpCtrlNotifEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The object to control the generation of notifications defined in this MIB. A value of 'true' indicates that the agent generates the notifications defined in this MIB. A value of 'false' indicates that the agent doesn't generate the notifications." DEFVAL { true } ::= { ciscoLwappMfpStatus 4 } -- ******************************************************************** -- * NOTIFICATION objects -- ******************************************************************** cLApMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "This object specifies the radio MAC address of a LWAPP AP." ::= { ciscoLwappMfpMIBNotifObjects 1 } cLApDot11IfSlotIdx OBJECT-TYPE SYNTAX Unsigned32 (0..2 ) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "This object specifies the slotId of the dot11 interface." ::= { ciscoLwappMfpMIBNotifObjects 2 } cLWlanIdx OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "This object indicates the identifier for a WLAN." ::= { ciscoLwappMfpMIBNotifObjects 3 } cLMfpApIfMfpProtectionActual OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The actual protection configuration for a specific WLAN as applicable to a dot11 interface of a specific AP." ::= { ciscoLwappMfpMIBNotifObjects 4 } cLMfpEventType OBJECT-TYPE SYNTAX CLMfpEventType MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The type of the MFP anomaly event." ::= { ciscoLwappMfpMIBNotifObjects 5 } cLMfpEventTotal OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The number of MFP anomaly events detected in the prior period indicated by cLMfpEventPeriod. cLMfpEventType indicates the type of the anomaly event." ::= { ciscoLwappMfpMIBNotifObjects 6 } cLMfpEventPeriod OBJECT-TYPE SYNTAX TimeInterval MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The time period, in hundredths of a second, in which the reported number of events are detected. This is the time interval at which the controller periodically checks for the anomaly events to be reported to the NMS through the ciscoLwappMfpAnomalyDetected notification." ::= { ciscoLwappMfpMIBNotifObjects 7 } cLMfpEventFrames OBJECT-TYPE SYNTAX CLEventFrames MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "This object indicates which type of 802.11 management frames contain anomalies of type cLMfpEventType. When the controller detects anomalies using the MFP validation test it will generate the ciscoLwappMfpAnomalyDetected notification." ::= { ciscoLwappMfpMIBNotifObjects 8 } cLClientLastSourceMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "This object represents the MAC address of the client that is responsible for the most recent event related to a wireless client. This information is useful to identify the rogue client that has staged the most recent attack on the wireless network." ::= { ciscoLwappMfpMIBNotifObjects 10 } -- ******************************************************************** -- * NOTIFICATION TYPE objects -- ******************************************************************** ciscoLwappMfpProtectConfigMismatch NOTIFICATION-TYPE OBJECTS { cLApMacAddress, cLApDot11IfSlotIdx, cLWlanIdx, cLMfpProtectionEnable, cLMfpApIfMfpProtectionActual } STATUS current DESCRIPTION "This notification is sent by the agent when the controller detects that the AP couldn't apply the protection configuration to the specific radio interface for the specified WLAN. The controller detects the mismatch by matching the MFP configuration requested to be applied with the configuration returned in the acknowledgement as having been applied to the radio interface. The controller also generates this notification to indicate that configuration mismatch is cleared when the values of cLMfpProtectionEnable and cLMfpApIfMfpProtectionActual are found to be the same. This notification is generated by the controller only if MFP has been configured as the protection mechanism through cLMfpProtectType." ::= { ciscoLwappMfpMIBNotifs 1 } ciscoLwappMfpValidationConfigMismatch NOTIFICATION-TYPE OBJECTS { cLApMacAddress, cLMfpApMfpValidationEnable, cLMfpApMfpValidationActual } STATUS current DESCRIPTION "This notification is sent by the agent when the controller detects that the AP couldn't configure itself with the MFP signature validation configuration. The controller detects the mismatch by matching the MFP configuration requested to be applied with the configuration returned in the acknowledgement as having been configured by the AP. The controller also generates this notification to indicate that configuration mismatch is cleared when the values of cLMfpApMfpValidationEnable and cLMfpApMfpValidationActual are found to be the same. This notification is generated by the controller only if MFP has been configured as the protection mechanism through cLMfpProtectType." ::= { ciscoLwappMfpMIBNotifs 2 } ciscoLwappMfpTimebaseStatus NOTIFICATION-TYPE OBJECTS { cLMfpCtrlTimeBaseStatus } STATUS current DESCRIPTION "This notification is sent by the agent to indicate the controller's status of synchronization of its timebase with that of a central timebase. The notification is sent once after the controller comes up and thereafter, it is sent everytime the status changes." ::= { ciscoLwappMfpMIBNotifs 3 } -- STATUS deprecated by ciscoLwappMfpAnomalyDetected1 ciscoLwappMfpAnomalyDetected NOTIFICATION-TYPE OBJECTS { cLApMacAddress, cLApDot11IfSlotIdx, cLApIfSmtDot11Bssid, cLMfpEventType, cLMfpEventTotal, cLMfpEventPeriod, cLMfpEventFrames } STATUS deprecated DESCRIPTION "This notification is sent by the agent when the MFP configuration of the WLAN was violated by the radio interface cLApIfSmtDot11Bssid and detected by the radio interface cLApDot11IfSlotId of the AP cLApMacAddress. The violation is indicated by cLMfpEventType. Through this notification, the controller reports the NMS the occurrence of a total of cLMfpEventTotal volation events, of type cLMfpEventType, upon observing the management frame(s) indicated by cLMfpEventFrames for the last cLMfpEventPeriod time units. When cLMfpEventTotal is 0, it indicates that no further anomalies have recently been detected and that the NMS should clear any alarm raised about the MFP errors. This notification is generated by the controller only if MFP has been configured as the protection mechanism through cLMfpProtectType." ::= { ciscoLwappMfpMIBNotifs 4 } ciscoLwappMfpAnomalyDetected1 NOTIFICATION-TYPE OBJECTS { cLApMacAddress, cLApDot11IfSlotIdx, cLApIfSmtDot11Bssid, cLMfpEventType, cLMfpEventTotal, cLMfpEventPeriod, cLMfpEventFrames, cLClientLastSourceMacAddress } STATUS current DESCRIPTION "This notification is sent by the agent when the MFP configuration of the WLAN was violated by the radio interface cLApIfSmtDot11Bssid and detected by the radio interface cLApDot11IfSlotId of the AP cLApMacAddress. The violation is indicated by cLMfpEventType. Through this notification, the controller reports the NMS the occurrence of a total of cLMfpEventTotal volation events, of type cLMfpEventType, upon observing the management frame(s) indicated by cLMfpEventFrames for the last cLMfpEventPeriod time units. When cLMfpEventTotal is 0, it indicates that no further anomalies have recently been detected and that the NMS should clear any alarm raised about the MFP errors. cLClientLastSourceMacAddress is used only when the controller generates notifications about client-related attacks. The controller will populate zeros as the value for cLClientLastSourceMacAddress when reporting anomalies sourced by infrastructure devices. This notification is generated by the controller only if MFP has been configured as the protection mechanism through cLMfpProtectType." ::= { ciscoLwappMfpMIBNotifs 5 } -- ******************************************************************** -- * Compliance statements -- ******************************************************************** ciscoLwappMfpMIBCompliances OBJECT IDENTIFIER ::= { ciscoLwappMfpMIBConform 1 } ciscoLwappMfpMIBGroups OBJECT IDENTIFIER ::= { ciscoLwappMfpMIBConform 2 } -- STATUS deprecated by ciscoLwappMfpMIBComplianceRev1 ciscoLwappMfpMIBCompliance MODULE-COMPLIANCE STATUS deprecated DESCRIPTION "The compliance statement for the SNMP entities that implement the ciscoLwappMfpMIB module." MODULE -- this module MANDATORY-GROUPS { ciscoLwappMfpConfigGroup, ciscoLwappMfpStatusGroup, ciscoLwappMfpNotifObjsGroup, ciscoLwappMfpNotifsGroup } ::= { ciscoLwappMfpMIBCompliances 1 } ciscoLwappMfpMIBComplianceRev1 MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for the SNMP entities that implement the ciscoLwappMfpMIB module." MODULE -- this module MANDATORY-GROUPS { ciscoLwappMfpConfigGroup, ciscoLwappMfpStatusGroup, ciscoLwappMfpNotifObjsGroup, ciscoLwappMfpNotifsNewGroup, ciscoLwappMfpConfigSup1Group, ciscoLwappMfpStatusSup1Group, ciscoLwappMfpNotifObjsSup1Group } ::= { ciscoLwappMfpMIBCompliances 2 } -- ******************************************************************** -- * Units of conformance -- ******************************************************************** ciscoLwappMfpConfigGroup OBJECT-GROUP OBJECTS { cLMfpProtectType, cLMfpVersionRequired, cLMfpProtectionEnable } STATUS current DESCRIPTION "This collection of objects represent the global and WLAN-specific protection capabilities on the controller." ::= { ciscoLwappMfpMIBGroups 1 } ciscoLwappMfpStatusGroup OBJECT-GROUP OBJECTS { cLMfpCtrlTimeBaseStatus, cLMfpCtrlNotifEnable, cLMfpApIfMfpVersionSupported, cLMfpApIfMfpProtectionCapability, cLMfpApIfMfpValidationCapability, cLMfpApMfpValidationEnable } STATUS current DESCRIPTION "This collection of objects provides the information about the MFP signature protection capabilities as observed on the dot11 interfaces of the LWAPP APs." ::= { ciscoLwappMfpMIBGroups 2 } ciscoLwappMfpNotifObjsGroup OBJECT-GROUP OBJECTS { cLApMacAddress, cLApDot11IfSlotIdx, cLWlanIdx, cLMfpApIfMfpProtectionActual, cLMfpApMfpValidationActual, cLMfpEventType, cLMfpEventTotal, cLMfpEventPeriod, cLMfpEventFrames } STATUS current DESCRIPTION "This collection of objects represent the information carried by the MFP related notifications sent by the agent to a network management station." ::= { ciscoLwappMfpMIBGroups 3 } -- STATUS deprecated by ciscoLwappMfpNotifsNewGroup ciscoLwappMfpNotifsGroup NOTIFICATION-GROUP NOTIFICATIONS { ciscoLwappMfpProtectConfigMismatch, ciscoLwappMfpValidationConfigMismatch, ciscoLwappMfpTimebaseStatus, ciscoLwappMfpAnomalyDetected } STATUS deprecated DESCRIPTION "This collection of objects represent the MFP related notifications sent by the agent to a network management station." ::= { ciscoLwappMfpMIBGroups 4 } ciscoLwappMfpConfigSup1Group OBJECT-GROUP OBJECTS { cLMfpClientProtection } STATUS current DESCRIPTION "This collection of objects represent the configuration for client protection on the controller." ::= { ciscoLwappMfpMIBGroups 5 } ciscoLwappMfpStatusSup1Group OBJECT-GROUP OBJECTS { cLMfpClientMfpEnabled } STATUS current DESCRIPTION "This collection of objects represent the status of client protection on the controller." ::= { ciscoLwappMfpMIBGroups 6 } ciscoLwappMfpNotifObjsSup1Group OBJECT-GROUP OBJECTS { cLClientLastSourceMacAddress } STATUS current DESCRIPTION "This collection of objects represent the client related information in the MFP notifications generated by the controller." ::= { ciscoLwappMfpMIBGroups 7 } ciscoLwappMfpNotifsNewGroup NOTIFICATION-GROUP NOTIFICATIONS { ciscoLwappMfpProtectConfigMismatch, ciscoLwappMfpValidationConfigMismatch, ciscoLwappMfpTimebaseStatus, ciscoLwappMfpAnomalyDetected1 } STATUS current DESCRIPTION "This collection of objects represent the MFP related notifications sent by the agent to a network management station." ::= { ciscoLwappMfpMIBGroups 8 } END