This MIB is intended to be implemented on all those
devices operating as Central Controllers (CC) that
terminate the Light Weight Access Point Protocol
tunnel from Light-weight LWAPP Access Points.
This MIB provides configuration and status information
for 802.11 Access Points, LAN configuration, AAA,
Mobility, IpSec, Radio Rescouce Management and 802.11
global parameters.
The relationship between controller and the LWAPP
APs can be depicted as follows:
+......+ +......+ +......+ +......+
+ + + + + + + +
+ CC + + CC + + CC + + CC +
+ + + + + + + +
+......+ +......+ +......+ +......+
.. . . .
.. . . .
. . . . .
. . . . .
. . . . .
. . . . .
+......+ +......+ +......+ +......+ +......+
+ + + + + + + + + +
+ AP + + AP + + AP + + AP + + AP +
+ + + + + + + + + +
+......+ +......+ +......+ +......+ +......+
. . . .
. . . . .
. . . . .
. . . . .
. . . . .
+......+ +......+ +......+ +......+ +......+
+ + + + + + + + + +
+ MN + + MN + + MN + + MN + + MN +
+ + + + + + + + + +
+......+ +......+ +......+ +......+ +......+
The LWAPP tunnel exists between the controller and
the APs. The MNs communicate with the APs through
the protocol defined by the 802.11 standard.
LWAPP APs, upon bootup, discover and join one of the
controllers and the controller pushes the configuration,
that includes the WLAN parameters, to the LWAPP APs.
The APs then encapsulate all the 802.11 frames from
wireless clients inside LWAPP frames and forward
the LWAPP frames to the controller.
GLOSSARY
Access Point ( AP )
An entity that contains an 802.11 medium access
control ( MAC ) and physical layer ( PHY ) interface
and provides access to the distribution services via
the wireless medium for associated clients.
LWAPP APs encapsulate all the 802.11 frames in
LWAPP frames and sends it to the controller to which
it is logically connected.
Basic Service Set Identifier (BSSID)
The identifier for the service set comprising of
all the 802.11 stations under the control of
one coordinating Access Point. This identifier
happens to be the MAC address of the dot11 radio
interface of the Access Point. The wireless
clients that associate with the Access Point
get the wired uplink through this particular
dot11 interface.
Central Controller ( CC )
The central entity that terminates the LWAPP protocol
tunnel from the LWAPP APs. Throughout this MIB,
this entity also referred to as 'controller'.
Light Weight Access Point Protocol ( LWAPP )
This is a generic protocol that defines the
communication between the Access Points and the
Central Controller.
Mobile Node ( MN )
A roaming 802.11 wireless device in a wireless
network associated with an access point.
Station Management (SMT)
This term refers to the internal management of the
802.11 protocol operations by the AP to work
cooperatively with the other APs and 802.11
devices in the network.
REFERENCE
[1] Part 11 Wireless LAN Medium Access Control ( MAC )
and Physical Layer ( PHY ) Specifications.
[2] Draft-obara-capwap-lwapp-00.txt, IETF Light
Weight Access Point Protocol.
ociate notification shall be sent when the Station
sends a Disassociation frame. The value of the notification
shall include the MAC address of the MAC to which the
Disassociation frame was sent and the reason for the
disassociation
bsnAPIfDown
.1.3.6.1.4.1.14179.2.6.3.10
pace AP's interface's operation status goes down
this trap will be sent.
bsnAPLoadProfileFailed
.1.3.6.1.4.1.14179.2.6.3.11
Profile state changes from PASS to FAIL,
notification will be sent with Dot3 MAC address of Airespace
AP and slot ID of Airespace AP IF. This trap sending can be
enable/disable using bsnRrmProfileTrapControlFlag
bsnAPNoiseProfileFailed
.1.3.6.1.4.1.14179.2.6.3.12
Profile state changes from PASS to FAIL,
notification will be sent with Dot3 MAC address of Airespace
AP and slot ID of Airespace AP IF. This trap sending can be
enable/disable using bsnRrmProfileTrapControlFlag
bsnAPInterferenceProfileFailed
.1.3.6.1.4.1.14179.2.6.3.13
ference Profile state changes from PASS to FAIL,
notification will be sent with Dot3 MAC address of Airespace
AP and slot ID of Airespace AP IF. This trap sending can be
enable/disable using bsnRrmProfileTrapControlFlag
bsnAPCoverageProfileFailed
.1.3.6.1.4.1.14179.2.6.3.14
age Profile state changes from PASS to FAIL,
notification will be sent with Dot3 MAC address of Airespace
AP and slot ID of Airespace AP IF. This trap sending can be
enable/disable using bsnRrmProfileTrapControlFlag
bsnAPCurrentTxPowerChanged
.1.3.6.1.4.1.14179.2.6.3.15
ynamic algorithms are running and
bsnAPIfPhyPowerAutomaticOn is true, Airespace AP Interface's
CurrentTxPower might get updated by algorithm. When
this occurs notification will be sent with Dot3 MAC address of
Airespace AP and slot ID of Airespace AP IF along with the
currentTxPower for this Airespace AP IF
bsnAPCurrentChannelChanged
.1.3.6.1.4.1.14179.2.6.3.16
ynamic algorithms are running and
bsnAPIfPhyChannelAutomaticOn is true, Airespace AP
Interface's CurrentChannel might get updated by algorithm.
When this occurs notification will be sent with Dot3 MAC
address of Airespace AP and slot ID of Airespace AP IF along
with the currentChannel for this Airespace AP IF
bsnDot11StationDeauthenticate
.1.3.6.1.4.1.14179.2.6.3.2
enticate notification shall be sent when the Station
sends a Deauthentication frame. The value of the notification
shall include the MAC address of the MAC to which the
Deauthentication frame was sent and the reason for the
deauthentication.
bsnRrmDot11aGroupingDone
.1.3.6.1.4.1.14179.2.6.3.21
ing is done, this notification will be sent from the
previous Group Leader where grouping algorithm was run. It has
MAC address of the new Group Leader.
bsnRrmDot11bGroupingDone
.1.3.6.1.4.1.14179.2.6.3.22
ing is done, this notification will be sent from the
previous Group Leader where grouping algorithm was run. It has
MAC address of the new Group Leader.
bsnConfigSaved
.1.3.6.1.4.1.14179.2.6.3.23
guration is save either from CLI or web interface
This trap will be sent to inform NMS to do refresh
bsnDot11EssCreated
.1.3.6.1.4.1.14179.2.6.3.24
new Ess (WLAN) is created, this notification will
be sent along with EssIndex
bsnDot11EssDeleted
.1.3.6.1.4.1.14179.2.6.3.25
Ess (WLAN)is deleted, this notification will be
sent along with EssIndex
bsnRADIUSServerNotResponding
.1.3.6.1.4.1.14179.2.6.3.26
is to indicate that no RADIUS server(s) are responding
to authentication requests sent by the RADIUS client within the
MWAR device(Switch).
bsnAuthenticationFailure
.1.3.6.1.4.1.14179.2.6.3.27
is to inform that client authentication failure has
occured at MWAR(Switch). This could be cli/web user, wlan user,
or Mac Authorized user. ServiceType will indicate which type of
user it is and userName will be cli/web/wlan userName or
MacAddress of Mac Authorized User
bsnIpsecEspAuthFailureTrap
.1.3.6.1.4.1.14179.2.6.3.28
ets with invalid hashes were found in an inbound
ESP SA. The total number of authentication errors
accumulated is sent for the specific row of the
ipsecSaEspInTable table for the SA; this provides the
identity of the SA in which the error occurred.
Implementations SHOULD send one trap per SA (within a
reasonable time period), rather than sending one trap per
packet.
bsnIpsecEspReplayFailureTrap
.1.3.6.1.4.1.14179.2.6.3.29
ets with invalid sequence numbers were found in
an inbound ESP SA. The total number of replay errors
accumulated is sent for the specific row of the
ipsecSaEspInTable table for the SA; this provides the
identity of the SA in which the error occurred.
Implementations SHOULD send one trap per SA (within a
reasonable time period), rather than sending one trap per
packet.
bsnDot11StationAuthenticateFail
.1.3.6.1.4.1.14179.2.6.3.3
ticate failure notification shall be sent when the
Station sends an Authentication frame with a status code other
than 'successful'. The value of the notification shall include
the MAC address of the MAC to which the Authentication
frame was sent and the reason for the authentication failure.
bsnIpsecEspInvalidSpiTrap
.1.3.6.1.4.1.14179.2.6.3.31
ith an unknown SPI was detected from the
specified peer with the specified SPI using the specified
protocol. The destination address of the received packet is
specified by ipsecLocalAddress.
The value ifIndex may be 0 if this optional linkage is
unsupported.
If the object ipsecSecurityProtocol has the value for
IPcomp, then the ipsecSPI object is the CPI of the packet.
Implementations SHOULD send one trap per peer (within a
reasonable time period), rather than sending one trap per
packet.
bsnIpsecIkeNegFailure
.1.3.6.1.4.1.14179.2.6.3.33
to negotiate a phase 1 IKE SA failed.
The notification counts are also sent as part of the trap,
along with the current value of the total negotiation error
counters for ISAKMP.
bsnIpsecSuiteNegFailure
.1.3.6.1.4.1.14179.2.6.3.34
to negotiate a phase 2 SA suite for the
specified selector failed.
The current total failure counts are passed as well as the
notification type counts for the notify involved in the
failure.
bsnIpsecInvalidCookieTrap
.1.3.6.1.4.1.14179.2.6.3.35
kets with invalid cookies were detected from the
specified source, intended for the specified destination.
The initiator and responder cookies are also sent with the
trap.
The current count is sent to allow the trap to accurately
relfect dropped and throttled traps.
Implementations SHOULD send one trap per peer (within a
reasonable time period, rather than sending one trap per
packet.
bsnRogueAPDetected
.1.3.6.1.4.1.14179.2.6.3.36
ue AP is detected this Trap will be sent out along
with APMacAddress on which its detected
bsnAPLoadProfileUpdatedToPass
.1.3.6.1.4.1.14179.2.6.3.37
Profile state changes from FAIL to PASSt this
notification will be sent with Dot3 MAC address of Airespace
AP and slot ID of Airespace AP IF. This trap sending can be
enable/disable using bsnRrmProfileTrapControlFlag
bsnAPNoiseProfileUpdatedToPass
.1.3.6.1.4.1.14179.2.6.3.38
Profile state changes from FAIL tp PASS,
notification will be sent with Dot3 MAC address of Airespace
AP and slot ID of Airespace AP IF. This trap sending can be
enable/disable using bsnRrmProfileTrapControlFlag
bsnAPInterferenceProfileUpdatedToPass
.1.3.6.1.4.1.14179.2.6.3.39
ference Profile state changes from FAIL tp PASS,
notification will be sent with Dot3 MAC address of Airespace
AP and slot ID of Airespace AP IF. This trap sending can be
enable /disable using bsnRrmProfileTrapControlFlag
bsnDot11StationAssociateFail
.1.3.6.1.4.1.14179.2.6.3.4
ate failure notification shall be sent when the
Station sends an Association frame with a status code other
than 'successful'. The value of the notification
shall include the MAC address of the MAC to which the
Authentication frame was sent and the reason for the
authentication failure.
bsnAPCoverageProfileUpdatedToPass
.1.3.6.1.4.1.14179.2.6.3.40
age Profile state changes from FAIL tp PASS,
notification will be sent with Dot3 MAC address of Airespace
AP and slot ID of Airespace AP IF. This trap sending can be
enable/disable using bsnRrmProfileTrapControlFlag
bsnRogueAPRemoved
.1.3.6.1.4.1.14179.2.6.3.41
ue AP that was detected earlier no longer exists
this Trap will be sent out along
with APMacAddress on which its detected
bsnRadiosExceedLicenseCount
.1.3.6.1.4.1.14179.2.6.3.42
he currently associated Radios exceed the License Count
This trap will be sent to annoy the Customer
bsnSensedTemperatureTooHigh
.1.3.6.1.4.1.14179.2.6.3.43
e sensor temp too High - temp is too high on the unit.
Immediate action should be taken
bsnSensedTemperatureTooLow
.1.3.6.1.4.1.14179.2.6.3.44
e sensor temp too Low - temp is too high on the unit.
Immediate action should be taken
bsnTemperatureSensorFailure
.1.3.6.1.4.1.14179.2.6.3.45
e sensor hw failure - temp sensor has failed.
Temperature is unknown
bsnTemperatureSensorClear
.1.3.6.1.4.1.14179.2.6.3.46
e sensor clear -- temp sensor alarm condition is over.
sensor is operating within proper temp range
bsnPOEControllerFailure
.1.3.6.1.4.1.14179.2.6.3.47
ller has failed. Its a very critical trap.
User intervention is required.
bsnMaxRogueCountExceeded
.1.3.6.1.4.1.14179.2.6.3.48
The number of rogues has exceeded the maximum Rogues allowed
bsnMaxRogueCountClear
.1.3.6.1.4.1.14179.2.6.3.49
The number of rogues is within the maximum Rogues allowed
bsnAPUp
.1.3.6.1.4.1.14179.2.6.3.5
pace AP operation status goes up this trap will be
sent
bsnApMaxRogueCountExceeded
.1.3.6.1.4.1.14179.2.6.3.50
of rogues has exceeded the maximum Rogues allowed on
the AP
bsnApMaxRogueCountClear
.1.3.6.1.4.1.14179.2.6.3.51
of rogues is within the maximum Rogues allowed on the
AP
bsnDot11StationBlacklisted
.1.3.6.1.4.1.14179.2.6.3.52
n exclusion notification shall be sent when the
client is excluded. The reason could be repeated auth or
association failures or IP Address theft.
The value of the notification shall include the MAC address
of the MAC to which the Authentication frame was sent, the
MAC and Slot Id of AP that client was associated to and the
reason for exclusion listing.
bsnDot11StationAssociate
.1.3.6.1.4.1.14179.2.6.3.53
ate notification shall be sent when any of the
watchlisted clients(present on at least one watch list)
associates with an AP. The value of the notification
shall include the MAC address and the Slot ID of the radio
to which the station Associated.
bsnApBigNavDosAttack
.1.3.6.1.4.1.14179.2.6.3.55
t a string of messages with large NAV field. This is most
likely a malicious denial of service attack.
bsnTooManyUnsuccessLoginAttempts
.1.3.6.1.4.1.14179.2.6.3.56
The Management User made too many unsuccessful login attempts.
bsnWepKeyDecryptError
.1.3.6.1.4.1.14179.2.6.3.57
n a decrypt error occurrs. The WEP Key configured at
the station may be wrong.
bsnWpaMicErrorCounterActivated
.1.3.6.1.4.1.14179.2.6.3.58
n a WPA MIC error occurs and a counter measure is
activated at the AP.
bsnRogueAPDetectedOnWiredNetwork
.1.3.6.1.4.1.14179.2.6.3.59
ue is detected on the wired network this trap will
be sent out.
The same trap with bsnRogueAPOnWiredNetwork set to no will
clear the previous trap.
bsnAPDown
.1.3.6.1.4.1.14179.2.6.3.6
pace AP operation status goes down this trap will be
sent
bsnApHasNoRadioCards
.1.3.6.1.4.1.14179.2.6.3.60
has no radio cards present on it, the switch
sends this trap.
bsnDuplicateIpAddressReported
.1.3.6.1.4.1.14179.2.6.3.61
is issued when the switch or an AP detects another
machine using its IP Address. The first variable has value
yes if the duplicate IP is reported by an AP. In that case,
the second attribute will carry the AP MAC Address. The third
variable is the duplicate IP address in question and the last
attribute is the MAC Address of the machine that is found to
be using the duplicate IP.
bsnAPContainedAsARogue
.1.3.6.1.4.1.14179.2.6.3.62
P detects that it is being contained by another AP,
this trap is issued. The clear flag is true if the AP is no
longer being contained.
bsnTrustedApHasInvalidSsid
.1.3.6.1.4.1.14179.2.6.3.63
n a Trusted Rogue AP is auto contained for advertising
invalid SSID.
If the clear variable has value true, then the trap clears the
earlier alert.
bsnTrustedApIsMissing
.1.3.6.1.4.1.14179.2.6.3.64
n a Trusted Rogue AP is missing or has failed.
If the clear variable has value true, then the trap clears the
earlier alert.
bsnAdhocRogueAutoContained
.1.3.6.1.4.1.14179.2.6.3.65
n an Adhoc Rogue is auto contained.
If the clear variable has value true, then the trap clears the
earlier alert.
bsnRogueApAutoContained
.1.3.6.1.4.1.14179.2.6.3.66
n a Rogue AP is auto contained for advertising our SSID.
If the clear variable has value true, then the trap clears the
earlier alert.
bsnTrustedApHasInvalidEncryption
.1.3.6.1.4.1.14179.2.6.3.67
n a Trusted Rogue AP is auto contained for using
invalid encryption. The second param is for the encryption used
and the third param is for encryption required.
If the clear variable has value true, then the trap clears the
earlier alert.
bsnTrustedApHasInvalidRadioPolicy
.1.3.6.1.4.1.14179.2.6.3.68
n a Trusted Rogue AP is auto contained for using
invalid radio policy. The second param is for the radio policy
used and the third param is for radio policy required.
If the clear variable has value true, then the trap clears the
earlier alert.
bsnNetworkStateChanged
.1.3.6.1.4.1.14179.2.6.3.69
02.11a or b/g network state is changed this trap
is issued.
bsnAPAssociated
.1.3.6.1.4.1.14179.2.6.3.7
pace AP Associates to a Airespace Switch, AP
associated notification will be sent with dot3 MAC address of
Airespace AP.This will help management system to discover
Airespace AP and add to system.
bsnSignatureAttackDetected
.1.3.6.1.4.1.14179.2.6.3.70
is sent out when a signature attack is detected by
the switch. The standard and custom signatures are predefined
on the switch (see bsnSignatureConfig group). The signatures
also defines if its detection should be reported. The trap
variables bsnSignatureName and bsnSignatureDescription are
retrieved from the detected signature definition. Clear Trap
Variable is turned on when the signature attack stops. The
signature's quiet time configuration speicifes the time after
which the clear trap would be sent. bsnSignatureMacInfo
indicates whether the signature is used to track
pattern matches for all source MAC addresses together or
seperately for individual source MAC addresses.
bsnSignatureAttackFrequency will carry the value for a
specific MAC address or for all MAC addresses depending on
bsnSignatureMacInfo.
bsnAPRadioCardTxFailure
.1.3.6.1.4.1.14179.2.6.3.71
is sent by the switch when a radio card on an AP
stops transmitting.
bsnAPRadioCardTxFailureClear
.1.3.6.1.4.1.14179.2.6.3.72
is sent by the switch when a radio card on an AP
starts transmitting again after a prior failure.
bsnAPRadioCardRxFailure
.1.3.6.1.4.1.14179.2.6.3.73
is sent by the switch when a radio card on an AP
stops receiving.
bsnAPRadioCardRxFailureClear
.1.3.6.1.4.1.14179.2.6.3.74
is sent by the switch when a radio card on an AP
starts receiving again after a prior failure.
bsnAPImpersonationDetected
.1.3.6.1.4.1.14179.2.6.3.75
is sent by the switch when a radio of an
authenticated AP hears from another AP whose MAC Address
neither matches that of a rogue's and nor is it an
authenticated neighbor of the detecting AP.
bsnTrustedApHasInvalidPreamble
.1.3.6.1.4.1.14179.2.6.3.76
n a Trusted Rogue AP is auto contained for using invalid
preamble. The second param is for the preamble used and the third
param is for preamble required. If the clear variable has value
true, then the trap clears the earlier alert.
bsnAPIPAddressFallback
.1.3.6.1.4.1.14179.2.6.3.77
is sent out when an AP, with the configured static
ip-address, fails to establish connection with outside world
and starts using DHCP as a fallback option.
bsnAPFunctionalityDisabled
.1.3.6.1.4.1.14179.2.6.3.78
is sent out when AP functionality on the switch is
disabled because the License key has expired
or has been deleted or doesn't match the switch image.
bsnAPRegulatoryDomainMismatch
.1.3.6.1.4.1.14179.2.6.3.79
is generated if an AP's regulatory domain doesn't
match the country the switch is configured for. Due to the
mismatch, the AP will fail to associate with the Switch.
bsnAPDisassociated
.1.3.6.1.4.1.14179.2.6.3.8
pace AP disassociates from Airespace Switch, AP
disassociated notification will be sent with dot3 MAC address
of Airespace AP management system to remove Airespace AP from
this Airespace Switch
bsnRxMulticastQueueFull
.1.3.6.1.4.1.14179.2.6.3.80
indicates that the CPU's Receive Multicast Queue is
Full.
bsnRadarChannelDetected
.1.3.6.1.4.1.14179.2.6.3.81
is sent when radar signals are detected on the
current channel
bsnRadarChannelCleared
.1.3.6.1.4.1.14179.2.6.3.82
will be generated, if a radar trap has been
generated earlier, after the expiry of Non-Occupancy Period.
bsnAPAuthorizationFailure
.1.3.6.1.4.1.14179.2.6.3.83
is sent out in case of authorization failure while
attempting to associate the AP to the controller.
bsnAPDot3MacAddress represents the mac-address of that AP.
bsnAPName is name of AP
radioCoreDumpTrap
.1.3.6.1.4.1.14179.2.6.3.84
module in AP dumps core, it informs controller and
controller generates this trap. The core file can be retrieved
on demand.
invalidRadioTrap
.1.3.6.1.4.1.14179.2.6.3.85
will be generated when an AP has joined is using
unsupported radio or a radio slot not currently not being
used.
countryChangeTrap
.1.3.6.1.4.1.14179.2.6.3.86
will be generated when an operator changes the
country of operation. New country code will be sent in trap.
unsupportedAPTrap
.1.3.6.1.4.1.14179.2.6.3.87
will be generated when unsupported AP try to join
40xx/410x or 3500 with 64MB flash.
heartbeatLossTrap
.1.3.6.1.4.1.14179.2.6.3.88
will be generated when controller loses
connection with the Supervisor Switch in which it
is physically embedded and doesn't hear the
heartbeat keepalives from the Supervisor.
locationNotifyTrap
.1.3.6.1.4.1.14179.2.6.3.89
will be generated by the location server
for notifications of location events.
bsnAPIfUp
.1.3.6.1.4.1.14179.2.6.3.9
pace AP's interface's operation status goes up this
trap will be sent
BsnSignaturePatternOffSetStart
bsnWireless 
bsnDot11EssTable 
bsnDot11EssEntry 
bsnDot11EssIndex 
bsnAPGroupsVlanFeature 
bsnDot11StationDisassociate