-- ******************************************************************* -- CISCO-LWAPP-WEBAUTH-MIB.my : -- Light Weight Access Point Web Authentication MIB -- January 2006, Devesh Pujari, Prasanna Viswakumar -- February 2007 , Updated by Ambika Mohanty -- Copyright (c) 2006-2007 by Cisco Systems Inc. -- All rights reserved. -- ****************************************************************** CISCO-LWAPP-WEBAUTH-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, NOTIFICATION-TYPE, OBJECT-TYPE, Unsigned32 FROM SNMPv2-SMI MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF TruthValue, RowStatus FROM SNMPv2-TC InetAddressType, InetAddress FROM INET-ADDRESS-MIB SnmpAdminString FROM SNMP-FRAMEWORK-MIB CiscoURLString FROM CISCO-TC ciscoMgmt FROM CISCO-SMI; -- ******************************************************************** -- * MODULE IDENTITY -- ******************************************************************** ciscoLwappWebAuthMIB MODULE-IDENTITY LAST-UPDATED "200703040000Z" ORGANIZATION "Cisco Systems Inc." CONTACT-INFO "Cisco Systems, Customer Service Postal: 170 West Tasman Drive San Jose, CA 95134 USA Tel: +1 800 553-NETS Email: cs-wnbu-snmp@cisco.com" DESCRIPTION "This MIB is intended to be implemented on all those devices operating as Central controllers, that terminate the Light Weight Access Point Protocol tunnel from Cisco Light-weight LWAPP Access Points. This MIB is used to configure web authentication parameters in the controller to manage clients' authentication. The mobile nodes are web-authenticated if they select the WLAN that has web security enabled. The relationship between CC and the LWAPP APs can be depicted as follows: +......+ +......+ +......+ +......+ + + + + + + + + + CC + + CC + + CC + + CC + + + + + + + + + +......+ +......+ +......+ +......+ .. . . . .. . . . . . . . . . . . . . . . . . . . . . . . +......+ +......+ +......+ +......+ +......+ + + + + + + + + + + + AP + + AP + + AP + + AP + + AP + + + + + + + + + + + +......+ +......+ +......+ +......+ +......+ . . . . . . . . . . . . . . . . . . . . . . . . +......+ +......+ +......+ +......+ +......+ + + + + + + + + + + + MN + + MN + + MN + + MN + + MN + + + + + + + + + + + +......+ +......+ +......+ +......+ +......+ The LWAPP tunnel exists between the controller and the APs. The MNs communicate with the APs through the protocol defined by the 802.11 standard. LWAPP APs, upon bootup, discover and join one of the controllers and the controller pushes the configuration, that includes the WLAN parameters, to the LWAPP APs. The APs then encapsulate all the 802.11 frames from wireless clients inside LWAPP frames and forward the LWAPP frames to the controller. GLOSSARY Access Point ( AP ) An entity that contains an 802.11 medium access control ( MAC ) and physical layer ( PHY ) interface and provides access to the distribution services via the wireless medium for associated clients. LWAPP APs encapsulate all the 802.11 frames in LWAPP frames and sends them to the controller to which it is logically connected. Central Controller ( CC ) The central entity that terminates the LWAPP protocol tunnel from the LWAPP APs. Throughout this MIB, this entity also referred to as 'controller'. Guest User A guest user is a temporary user with access privileges for configuring the wireless network for a finite life time. The wireless networks are configured on the controller. The method of authentication to the controller can be configured using this MIB instrumentation. Light Weight Access Point Protocol ( LWAPP ) This is a generic protocol that defines the communication between the Access Points and the Central Controller. Mobile Node ( MN ) A roaming 802.11 wireless device in a wireless network associated with an access point. Mobile Node, Mobile Station(Ms) and client are used interchangeably. Web-Authentication Clients are web authenticated, when clients open the web-browser and send HTTP packets. Then user is asked to enter login and password. This is known as Web Authentication. REFERENCE [1] Wireless LAN Medium Access Control ( MAC ) and Physical Layer ( PHY ) Specifications. [2] Draft-obara-capwap-lwapp-00.txt, IETF Light Weight Access Point Protocol" REVISION "200703040000Z" DESCRIPTION "This is the second revision of this MIB to accomodate enhanced guest access changes ." REVISION "200604051150Z" DESCRIPTION "Initial version of this MIB module. " ::= { ciscoMgmt 515 } ciscoLwappWebAuthMIBNotifs OBJECT IDENTIFIER ::= { ciscoLwappWebAuthMIB 0 } ciscoLwappWebAuthMIBNotifObjs OBJECT IDENTIFIER ::= { ciscoLwappWebAuthMIB 1 } ciscoLwappWebAuthMIBObjects OBJECT IDENTIFIER ::= { ciscoLwappWebAuthMIB 2 } ciscoLwappWebAuthMIBConform OBJECT IDENTIFIER ::= { ciscoLwappWebAuthMIB 3 } ciscoLwappWebAuthConfig OBJECT IDENTIFIER ::= { ciscoLwappWebAuthMIBObjects 1 } ciscoLwappWebAuthExtConfig OBJECT IDENTIFIER ::= { ciscoLwappWebAuthMIBObjects 2 } ciscoLwappLocalNetUserConfig OBJECT IDENTIFIER ::= { ciscoLwappWebAuthMIBObjects 3 } -- ******************************************************************** -- Web Auth config -- Global controller level web auth configuration -- ******************************************************************** cLWAWebAuthType OBJECT-TYPE SYNTAX INTEGER { internalDefault(1), internalCustom(2), external(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "The type of web authentication for the clients. Web Authentication can be of three types; internalDefault - The default login page will be presented to the client for authentication. internalCustom - The administrator has created and uploaded a custom login page and it will be presented to the clients for authentication. external - This value indicates that the login page will be served from the external web server. Note that cLWAWebAuthType can be successfully set to this value when the cLWAExternalWebAuthURL object has been set to string with non-zero length." DEFVAL { internalDefault } ::= { ciscoLwappWebAuthConfig 1 } cLWAManufacturerLogo OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to control the display of the Manufacturer Logo on the login page. A value of 'true' indicates that the Manufacturer logo will be displayed on the login page. A value of 'false' indicates that the Manufacturer logo won't be displayed on the login page." DEFVAL { true } ::= { ciscoLwappWebAuthConfig 2 } cLWACustomLogoFileName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "The name of the custom logo file. The logo in this file will appear on the login page when the value of cLWebAuthType is 'internalDefault'." ::= { ciscoLwappWebAuthConfig 3 } cLWACustomWebTitle OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "The title text that appears on the login page of the clients when the value of cLWebAuthType is 'internalDefault'." DEFVAL { "" } ::= { ciscoLwappWebAuthConfig 4 } cLWACustomWebMessage OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-write STATUS current DESCRIPTION "The message that appears on the login page of clients when the value of cLWebAuthType is 'internalDefault'." DEFVAL { "" } ::= { ciscoLwappWebAuthConfig 5 } cLWACustomWebRedirectURL OBJECT-TYPE SYNTAX CiscoURLString MAX-ACCESS read-write STATUS current DESCRIPTION "The URL used to load client web page after successful authentication." ::= { ciscoLwappWebAuthConfig 6 } cLWAExternalWebAuthURL OBJECT-TYPE SYNTAX CiscoURLString MAX-ACCESS read-write STATUS current DESCRIPTION "The URL to which the client web page will be directed for authentication. This object will be used when the cLWebAuthType object is set to 'external'. The configured URL should resolve to one of the Web Server IP addresses configured through cLWAExternalWebServerTable." ::= { ciscoLwappWebAuthConfig 7 } -- ******************************************************************** -- * External Webserver table -- ******************************************************************** cLWAExternalWebServerTable OBJECT-TYPE SYNTAX SEQUENCE OF CLWAExternalWebServerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table provides the list of external web servers used for external web authentication. These are the addresses from which the controller will allow traffic before client authentication to show the login page. The controller is expected to use the services of these web servers for performing the authentication. The user is expected to provide correct Internet addresses of those servers available for authentication through this table. The web authentication is done with the help of only those Web Servers configured through this table only when the cLWAWebAuthType is configured as 'external'." ::= { ciscoLwappWebAuthExtConfig 1 } cLWAExternalWebServerEntry OBJECT-TYPE SYNTAX CLWAExternalWebServerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A conceptual row in cLWAExternalWebServerTable. Each entry corresponds to one external web authentication server whose address is represented by cLWAExternalWebServerAddr." INDEX { cLWAExternalWebServerIndex } ::= { cLWAExternalWebServerTable 1 } CLWAExternalWebServerEntry ::= SEQUENCE { cLWAExternalWebServerIndex Unsigned32, cLWAExternalWebServerAddrType InetAddressType, cLWAExternalWebServerAddr InetAddress, cLWAExternalWebServerRowStatus RowStatus } cLWAExternalWebServerIndex OBJECT-TYPE SYNTAX Unsigned32 (1..32 ) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object uniquely identifies one specific entry in this table." ::= { cLWAExternalWebServerEntry 1 } cLWAExternalWebServerAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The type of the Web Server address as represented by the value of the corresponding instance of 'cLWAExternalWebServerAddr'." ::= { cLWAExternalWebServerEntry 2 } cLWAExternalWebServerAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The Internet address of the Web Server from which traffic is allowed before client's authentication. Please note that the row creation will be successful only if the address of the Web Server represented by the values of cLWAExternalWebServerAddrType and cLWAExternalWebServerAddr is unique across all the entries." ::= { cLWAExternalWebServerEntry 3 } cLWAExternalWebServerRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of the conceptual row used to create and delete specific instances of rows in this table. This object can not be set to 'active' unless the values of the corresponding instances of cLWAExternalWebServerAddr and cLWAExternalWebServerAddrType are set." ::= { cLWAExternalWebServerEntry 4 } cLWALocalNetUserTable OBJECT-TYPE SYNTAX SEQUENCE OF CLWALocalNetUserEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table lists the user type for each user present in the controller. The user type can be guest or permanent." ::= { ciscoLwappLocalNetUserConfig 1 } cLWALocalNetUserEntry OBJECT-TYPE SYNTAX CLWALocalNetUserEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This is a row in the cLWALocalNetUserTable. Each entry corresponds to a guest/permanent user present in the controller." INDEX { cLWALocalNetUserName } ::= { cLWALocalNetUserTable 1 } CLWALocalNetUserEntry ::= SEQUENCE { cLWALocalNetUserName SnmpAdminString, cLWALocalNetUserIsGuest TruthValue } cLWALocalNetUserName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (1..50)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object identifies the user name of the guest user or the permanent user in the controller." ::= { cLWALocalNetUserEntry 1 } cLWALocalNetUserIsGuest OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to specify the type of user in the controller. A value of 'true' is used to specify a guest user and a value of 'false' is used to specify a permanent user." ::= { cLWALocalNetUserEntry 2 } -- ******************************************************************** -- * Notification objects -- ******************************************************************** cLWAGuestUserName OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..24)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "This object indicates the name of the guest user." ::= { ciscoLwappWebAuthMIBNotifObjs 1 } -- ******************************************************************** -- * Notifications -- ******************************************************************** cLWAGuestUserRemoved NOTIFICATION-TYPE OBJECTS { cLWAGuestUserName } STATUS current DESCRIPTION "This notification is generated when the lifetime of the guest-user expires and the guest-user's accounts are removed." ::= { ciscoLwappWebAuthMIBNotifs 1 } -- ******************************************************************** -- * Compliance statements -- ******************************************************************** ciscoLwappWebAuthMIBCompliances OBJECT IDENTIFIER ::= { ciscoLwappWebAuthMIBConform 1 } ciscoLwappWebAuthMIBGroups OBJECT IDENTIFIER ::= { ciscoLwappWebAuthMIBConform 2 } cLWebAuthMIBCompliance MODULE-COMPLIANCE STATUS deprecated DESCRIPTION "The compliance statement for the SNMP entities that implement the ciscoLwappWebAuthMIB module." MODULE MANDATORY-GROUPS { cLWACustomWebAuthGroup, cLWAExternalWebAuthGroup, cLWAGuestAccessNotifObjGroup, cLWAGuestAccessNotifGroup } OBJECT cLWAExternalWebServerRowStatus SYNTAX INTEGER { active(1), createAndGo(4), destroy(6) } DESCRIPTION "An implementation is only required to support three of the six enumerated values of the RowStatus textual convention, specifically, 'active', 'createAndGo' and 'destroy'." ::= { ciscoLwappWebAuthMIBCompliances 1 } cLWebAuthMIBComplianceRev1 MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for the SNMP entities that implement the ciscoLwappWebAuthMIB module." MODULE MANDATORY-GROUPS { cLWACustomWebAuthGroup, cLWAExternalWebAuthGroup, cLWAGuestAccessNotifObjGroup, cLWAGuestAccessNotifGroup, cLWAGuestUserConfigGroup } OBJECT cLWAExternalWebServerRowStatus SYNTAX INTEGER { active(1), createAndGo(4), destroy(6) } DESCRIPTION "An implementation is only required to support three of the six enumerated values of the RowStatus textual convention, specifically, 'active', 'createAndGo' and 'destroy'." ::= { ciscoLwappWebAuthMIBCompliances 2 } -- ******************************************************************** -- * Units of conformance -- ******************************************************************** cLWACustomWebAuthGroup OBJECT-GROUP OBJECTS { cLWAWebAuthType, cLWAManufacturerLogo, cLWACustomLogoFileName, cLWACustomWebTitle, cLWACustomWebMessage, cLWACustomWebRedirectURL, cLWAExternalWebAuthURL } STATUS current DESCRIPTION "This collection of objects is used for internal- default and internal-custom web-authentication." ::= { ciscoLwappWebAuthMIBGroups 1 } cLWAExternalWebAuthGroup OBJECT-GROUP OBJECTS { cLWAExternalWebServerAddrType, cLWAExternalWebServerAddr, cLWAExternalWebServerRowStatus } STATUS current DESCRIPTION "This collection of objects is used for configuring Web servers for external web-authentication." ::= { ciscoLwappWebAuthMIBGroups 2 } cLWAGuestAccessNotifObjGroup OBJECT-GROUP OBJECTS { cLWAGuestUserName } STATUS current DESCRIPTION "This collection of objects are part of the Guest Access related notifications by the controller." ::= { ciscoLwappWebAuthMIBGroups 3 } cLWAGuestAccessNotifGroup NOTIFICATION-GROUP NOTIFICATIONS { cLWAGuestUserRemoved } STATUS current DESCRIPTION "These notifications are sent to the network management station to indicate the access status of guest users." ::= { ciscoLwappWebAuthMIBGroups 4 } cLWAGuestUserConfigGroup OBJECT-GROUP OBJECTS { cLWALocalNetUserIsGuest } STATUS current DESCRIPTION "This collection of objects is used for configuring guest user parameters." ::= { ciscoLwappWebAuthMIBGroups 5 } END