This MIB is intended to be implemented on all those
devices operating as Central Controllers (CC) that
terminate the Light Weight Access Point Protocol
tunnel from Light-weight LWAPP Access Points.
This MIB provides configuration and status information
for 802.11 Access Points, LAN configuration, AAA,
Mobility, IpSec, Radio Rescouce Management and 802.11
global parameters.
The relationship between controller and the LWAPP
APs can be depicted as follows:
+......+ +......+ +......+ +......+
+ + + + + + + +
+ CC + + CC + + CC + + CC +
+ + + + + + + +
+......+ +......+ +......+ +......+
.. . . .
.. . . .
. . . . .
. . . . .
. . . . .
. . . . .
+......+ +......+ +......+ +......+ +......+
+ + + + + + + + + +
+ AP + + AP + + AP + + AP + + AP +
+ + + + + + + + + +
+......+ +......+ +......+ +......+ +......+
. . . .
. . . . .
. . . . .
. . . . .
. . . . .
+......+ +......+ +......+ +......+ +......+
+ + + + + + + + + +
+ MN + + MN + + MN + + MN + + MN +
+ + + + + + + + + +
+......+ +......+ +......+ +......+ +......+
The LWAPP tunnel exists between the controller and
the APs. The MNs communicate with the APs through
the protocol defined by the 802.11 standard.
LWAPP APs, upon bootup, discover and join one of the
controllers and the controller pushes the configuration,
that includes the WLAN parameters, to the LWAPP APs.
The APs then encapsulate all the 802.11 frames from
wireless clients inside LWAPP frames and forward
the LWAPP frames to the controller.
GLOSSARY
Access Point ( AP )
An entity that contains an 802.11 medium access
control ( MAC ) and physical layer ( PHY ) interface
and provides access to the distribution services via
the wireless medium for associated clients.
LWAPP APs encapsulate all the 802.11 frames in
LWAPP frames and sends it to the controller to which
it is logically connected.
Basic Service Set Identifier (BSSID)
The identifier for the service set comprising of
all the 802.11 stations under the control of
one coordinating Access Point. This identifier
happens to be the MAC address of the dot11 radio
interface of the Access Point. The wireless
clients that associate with the Access Point
get the wired uplink through this particular
dot11 interface.
Central Controller ( CC )
The central entity that terminates the LWAPP protocol
tunnel from the LWAPP APs. Throughout this MIB,
this entity also referred to as 'controller'.
Light Weight Access Point Protocol ( LWAPP )
This is a generic protocol that defines the
communication between the Access Points and the
Central Controller.
Mobile Node ( MN )
A roaming 802.11 wireless device in a wireless
network associated with an access point.
Station Management (SMT)
This term refers to the internal management of the
802.11 protocol operations by the AP to work
cooperatively with the other APs and 802.11
devices in the network.
REFERENCE
[1] Part 11 Wireless LAN Medium Access Control ( MAC )
and Physical Layer ( PHY ) Specifications.
[2] Draft-obara-capwap-lwapp-00.txt, IETF Light
Weight Access Point Protocol.
The disassociate notification shall be sent when the Station
sends a Disassociation frame. The value of the notification
shall include the MAC address of the MAC to which the
Disassociation frame was sent and the reason for the
disassociation
bsnAPIfDown
.1.3.6.1.4.1.14179.2.6.3.10
When Airespace AP's interface's operation status goes down
this trap will be sent.
bsnAPLoadProfileFailed
.1.3.6.1.4.1.14179.2.6.3.11
When LOAD Profile state changes from PASS to FAIL,
notification will be sent with Dot3 MAC address of Airespace
AP and slot ID of Airespace AP IF. This trap sending can be
enable/disable using bsnRrmProfileTrapControlFlag
bsnAPNoiseProfileFailed
.1.3.6.1.4.1.14179.2.6.3.12
When Noise Profile state changes from PASS to FAIL,
notification will be sent with Dot3 MAC address of Airespace
AP and slot ID of Airespace AP IF. This trap sending can be
enable/disable using bsnRrmProfileTrapControlFlag
bsnAPInterferenceProfileFailed
.1.3.6.1.4.1.14179.2.6.3.13
When Interference Profile state changes from PASS to FAIL,
notification will be sent with Dot3 MAC address of Airespace
AP and slot ID of Airespace AP IF. This trap sending can be
enable/disable using bsnRrmProfileTrapControlFlag
bsnAPCoverageProfileFailed
.1.3.6.1.4.1.14179.2.6.3.14
When Coverage Profile state changes from PASS to FAIL,
notification will be sent with Dot3 MAC address of Airespace
AP and slot ID of Airespace AP IF. This trap sending can be
enable/disable using bsnRrmProfileTrapControlFlag
bsnAPCurrentTxPowerChanged
.1.3.6.1.4.1.14179.2.6.3.15
Whenever dynamic algorithms are running and
bsnAPIfPhyPowerAutomaticOn is true, Airespace AP Interface's
CurrentTxPower might get updated by algorithm. When
this occurs notification will be sent with Dot3 MAC address of
Airespace AP and slot ID of Airespace AP IF along with the
currentTxPower for this Airespace AP IF
bsnAPCurrentChannelChanged
.1.3.6.1.4.1.14179.2.6.3.16
Whenever dynamic algorithms are running and
bsnAPIfPhyChannelAutomaticOn is true, Airespace AP
Interface's CurrentChannel might get updated by algorithm.
When this occurs notification will be sent with Dot3 MAC
address of Airespace AP and slot ID of Airespace AP IF along
with the currentChannel for this Airespace AP IF
bsnDot11StationDeauthenticate
.1.3.6.1.4.1.14179.2.6.3.2
The deauthenticate notification shall be sent when the Station
sends a Deauthentication frame. The value of the notification
shall include the MAC address of the MAC to which the
Deauthentication frame was sent and the reason for the
deauthentication.
bsnRrmDot11aGroupingDone
.1.3.6.1.4.1.14179.2.6.3.21
When Grouping is done, this notification will be sent from the
previous Group Leader where grouping algorithm was run. It has
MAC address of the new Group Leader.
bsnRrmDot11bGroupingDone
.1.3.6.1.4.1.14179.2.6.3.22
When Grouping is done, this notification will be sent from the
previous Group Leader where grouping algorithm was run. It has
MAC address of the new Group Leader.
bsnConfigSaved
.1.3.6.1.4.1.14179.2.6.3.23
When configuration is save either from CLI or web interface
This trap will be sent to inform NMS to do refresh
bsnDot11EssCreated
.1.3.6.1.4.1.14179.2.6.3.24
Whenever a new Ess (WLAN) is created, this notification will
be sent along with EssIndex
bsnDot11EssDeleted
.1.3.6.1.4.1.14179.2.6.3.25
Whenever a Ess (WLAN)is deleted, this notification will be
sent along with EssIndex
bsnRADIUSServerNotResponding
.1.3.6.1.4.1.14179.2.6.3.26
This trap is to indicate that no RADIUS server(s) are responding
to authentication requests sent by the RADIUS client within the
MWAR device(Switch).
bsnAuthenticationFailure
.1.3.6.1.4.1.14179.2.6.3.27
This trap is to inform that client authentication failure has
occured at MWAR(Switch). This could be cli/web user, wlan user,
or Mac Authorized user. ServiceType will indicate which type of
user it is and userName will be cli/web/wlan userName or
MacAddress of Mac Authorized User
bsnIpsecEspAuthFailureTrap
.1.3.6.1.4.1.14179.2.6.3.28
IPsec packets with invalid hashes were found in an inbound
ESP SA. The total number of authentication errors
accumulated is sent for the specific row of the
ipsecSaEspInTable table for the SA; this provides the
identity of the SA in which the error occurred.
Implementations SHOULD send one trap per SA (within a
reasonable time period), rather than sending one trap per
packet.
bsnIpsecEspReplayFailureTrap
.1.3.6.1.4.1.14179.2.6.3.29
IPsec packets with invalid sequence numbers were found in
an inbound ESP SA. The total number of replay errors
accumulated is sent for the specific row of the
ipsecSaEspInTable table for the SA; this provides the
identity of the SA in which the error occurred.
Implementations SHOULD send one trap per SA (within a
reasonable time period), rather than sending one trap per
packet.
bsnDot11StationAuthenticateFail
.1.3.6.1.4.1.14179.2.6.3.3
The authenticate failure notification shall be sent when the
Station sends an Authentication frame with a status code other
than 'successful'. The value of the notification shall include
the MAC address of the MAC to which the Authentication
frame was sent and the reason for the authentication failure.
bsnIpsecEspInvalidSpiTrap
.1.3.6.1.4.1.14179.2.6.3.31
A packet with an unknown SPI was detected from the
specified peer with the specified SPI using the specified
protocol. The destination address of the received packet is
specified by ipsecLocalAddress.
The value ifIndex may be 0 if this optional linkage is
unsupported.
If the object ipsecSecurityProtocol has the value for
IPcomp, then the ipsecSPI object is the CPI of the packet.
Implementations SHOULD send one trap per peer (within a
reasonable time period), rather than sending one trap per
packet.
bsnIpsecIkeNegFailure
.1.3.6.1.4.1.14179.2.6.3.33
An attempt to negotiate a phase 1 IKE SA failed.
The notification counts are also sent as part of the trap,
along with the current value of the total negotiation error
counters for ISAKMP.
bsnIpsecSuiteNegFailure
.1.3.6.1.4.1.14179.2.6.3.34
An attempt to negotiate a phase 2 SA suite for the
specified selector failed.
The current total failure counts are passed as well as the
notification type counts for the notify involved in the
failure.
bsnIpsecInvalidCookieTrap
.1.3.6.1.4.1.14179.2.6.3.35
ISAKMP packets with invalid cookies were detected from the
specified source, intended for the specified destination.
The initiator and responder cookies are also sent with the
trap.
The current count is sent to allow the trap to accurately
relfect dropped and throttled traps.
Implementations SHOULD send one trap per peer (within a
reasonable time period, rather than sending one trap per
packet.
bsnRogueAPDetected
.1.3.6.1.4.1.14179.2.6.3.36
When a Rogue AP is detected this Trap will be sent out along
with APMacAddress on which its detected
bsnAPLoadProfileUpdatedToPass
.1.3.6.1.4.1.14179.2.6.3.37
When LOAD Profile state changes from FAIL to PASSt this
notification will be sent with Dot3 MAC address of Airespace
AP and slot ID of Airespace AP IF. This trap sending can be
enable/disable using bsnRrmProfileTrapControlFlag
bsnAPNoiseProfileUpdatedToPass
.1.3.6.1.4.1.14179.2.6.3.38
When Noise Profile state changes from FAIL tp PASS,
notification will be sent with Dot3 MAC address of Airespace
AP and slot ID of Airespace AP IF. This trap sending can be
enable/disable using bsnRrmProfileTrapControlFlag
bsnAPInterferenceProfileUpdatedToPass
.1.3.6.1.4.1.14179.2.6.3.39
When Interference Profile state changes from FAIL tp PASS,
notification will be sent with Dot3 MAC address of Airespace
AP and slot ID of Airespace AP IF. This trap sending can be
enable /disable using bsnRrmProfileTrapControlFlag
bsnDot11StationAssociateFail
.1.3.6.1.4.1.14179.2.6.3.4
The associate failure notification shall be sent when the
Station sends an Association frame with a status code other
than 'successful'. The value of the notification
shall include the MAC address of the MAC to which the
Authentication frame was sent and the reason for the
authentication failure.
bsnAPCoverageProfileUpdatedToPass
.1.3.6.1.4.1.14179.2.6.3.40
When Coverage Profile state changes from FAIL tp PASS,
notification will be sent with Dot3 MAC address of Airespace
AP and slot ID of Airespace AP IF. This trap sending can be
enable/disable using bsnRrmProfileTrapControlFlag
bsnRogueAPRemoved
.1.3.6.1.4.1.14179.2.6.3.41
When a Rogue AP that was detected earlier no longer exists
this Trap will be sent out along
with APMacAddress on which its detected
bsnRadiosExceedLicenseCount
.1.3.6.1.4.1.14179.2.6.3.42
Whenever the currently associated Radios exceed the License Count
This trap will be sent to annoy the Customer
bsnSensedTemperatureTooHigh
.1.3.6.1.4.1.14179.2.6.3.43
Temperature sensor temp too High - temp is too high on the unit.
Immediate action should be taken
bsnSensedTemperatureTooLow
.1.3.6.1.4.1.14179.2.6.3.44
Temperature sensor temp too Low - temp is too high on the unit.
Immediate action should be taken
bsnTemperatureSensorFailure
.1.3.6.1.4.1.14179.2.6.3.45
Temperature sensor hw failure - temp sensor has failed.
Temperature is unknown
bsnTemperatureSensorClear
.1.3.6.1.4.1.14179.2.6.3.46
Temperature sensor clear -- temp sensor alarm condition is over.
sensor is operating within proper temp range
bsnPOEControllerFailure
.1.3.6.1.4.1.14179.2.6.3.47
POE Controller has failed. Its a very critical trap.
User intervention is required.
bsnMaxRogueCountExceeded
.1.3.6.1.4.1.14179.2.6.3.48
The number of rogues has exceeded the maximum Rogues allowed
bsnMaxRogueCountClear
.1.3.6.1.4.1.14179.2.6.3.49
The number of rogues is within the maximum Rogues allowed
bsnAPUp
.1.3.6.1.4.1.14179.2.6.3.5
When Airespace AP operation status goes up this trap will be
sent
bsnApMaxRogueCountExceeded
.1.3.6.1.4.1.14179.2.6.3.50
The number of rogues has exceeded the maximum Rogues allowed on
the AP
bsnApMaxRogueCountClear
.1.3.6.1.4.1.14179.2.6.3.51
The number of rogues is within the maximum Rogues allowed on the
AP
bsnDot11StationBlacklisted
.1.3.6.1.4.1.14179.2.6.3.52
The station exclusion notification shall be sent when the
client is excluded. The reason could be repeated auth or
association failures or IP Address theft.
The value of the notification shall include the MAC address
of the MAC to which the Authentication frame was sent, the
MAC and Slot Id of AP that client was associated to and the
reason for exclusion listing.
bsnDot11StationAssociate
.1.3.6.1.4.1.14179.2.6.3.53
The associate notification shall be sent when any of the
watchlisted clients(present on at least one watch list)
associates with an AP. The value of the notification
shall include the MAC address and the Slot ID of the radio
to which the station Associated.
bsnApBigNavDosAttack
.1.3.6.1.4.1.14179.2.6.3.55
The AP sent a string of messages with large NAV field. This is most
likely a malicious denial of service attack.
bsnTooManyUnsuccessLoginAttempts
.1.3.6.1.4.1.14179.2.6.3.56
The Management User made too many unsuccessful login attempts.
bsnWepKeyDecryptError
.1.3.6.1.4.1.14179.2.6.3.57
Issued when a decrypt error occurrs. The WEP Key configured at
the station may be wrong.
bsnWpaMicErrorCounterActivated
.1.3.6.1.4.1.14179.2.6.3.58
Issued when a WPA MIC error occurs and a counter measure is
activated at the AP.
bsnRogueAPDetectedOnWiredNetwork
.1.3.6.1.4.1.14179.2.6.3.59
When a Rogue is detected on the wired network this trap will
be sent out.
The same trap with bsnRogueAPOnWiredNetwork set to no will
clear the previous trap.
bsnAPDown
.1.3.6.1.4.1.14179.2.6.3.6
When Airespace AP operation status goes down this trap will be
sent
bsnApHasNoRadioCards
.1.3.6.1.4.1.14179.2.6.3.60
When an AP has no radio cards present on it, the switch
sends this trap.
bsnDuplicateIpAddressReported
.1.3.6.1.4.1.14179.2.6.3.61
This trap is issued when the switch or an AP detects another
machine using its IP Address. The first variable has value
yes if the duplicate IP is reported by an AP. In that case,
the second attribute will carry the AP MAC Address. The third
variable is the duplicate IP address in question and the last
attribute is the MAC Address of the machine that is found to
be using the duplicate IP.
bsnAPContainedAsARogue
.1.3.6.1.4.1.14179.2.6.3.62
When our AP detects that it is being contained by another AP,
this trap is issued. The clear flag is true if the AP is no
longer being contained.
bsnTrustedApHasInvalidSsid
.1.3.6.1.4.1.14179.2.6.3.63
Issued when a Trusted Rogue AP is auto contained for advertising
invalid SSID.
If the clear variable has value true, then the trap clears the
earlier alert.
bsnTrustedApIsMissing
.1.3.6.1.4.1.14179.2.6.3.64
Issued when a Trusted Rogue AP is missing or has failed.
If the clear variable has value true, then the trap clears the
earlier alert.
bsnAdhocRogueAutoContained
.1.3.6.1.4.1.14179.2.6.3.65
Issued when an Adhoc Rogue is auto contained.
If the clear variable has value true, then the trap clears the
earlier alert.
bsnRogueApAutoContained
.1.3.6.1.4.1.14179.2.6.3.66
Issued when a Rogue AP is auto contained for advertising our SSID.
If the clear variable has value true, then the trap clears the
earlier alert.
bsnTrustedApHasInvalidEncryption
.1.3.6.1.4.1.14179.2.6.3.67
Issued when a Trusted Rogue AP is auto contained for using
invalid encryption. The second param is for the encryption used
and the third param is for encryption required.
If the clear variable has value true, then the trap clears the
earlier alert.
bsnTrustedApHasInvalidRadioPolicy
.1.3.6.1.4.1.14179.2.6.3.68
Issued when a Trusted Rogue AP is auto contained for using
invalid radio policy. The second param is for the radio policy
used and the third param is for radio policy required.
If the clear variable has value true, then the trap clears the
earlier alert.
bsnNetworkStateChanged
.1.3.6.1.4.1.14179.2.6.3.69
When the 802.11a or b/g network state is changed this trap
is issued.
bsnAPAssociated
.1.3.6.1.4.1.14179.2.6.3.7
When Airespace AP Associates to a Airespace Switch, AP
associated notification will be sent with dot3 MAC address of
Airespace AP.This will help management system to discover
Airespace AP and add to system.
bsnSignatureAttackDetected
.1.3.6.1.4.1.14179.2.6.3.70
This trap is sent out when a signature attack is detected by
the switch. The standard and custom signatures are predefined
on the switch (see bsnSignatureConfig group). The signatures
also defines if its detection should be reported. The trap
variables bsnSignatureName and bsnSignatureDescription are
retrieved from the detected signature definition. Clear Trap
Variable is turned on when the signature attack stops. The
signature's quiet time configuration speicifes the time after
which the clear trap would be sent. bsnSignatureMacInfo
indicates whether the signature is used to track
pattern matches for all source MAC addresses together or
seperately for individual source MAC addresses.
bsnSignatureAttackFrequency will carry the value for a
specific MAC address or for all MAC addresses depending on
bsnSignatureMacInfo.
bsnAPRadioCardTxFailure
.1.3.6.1.4.1.14179.2.6.3.71
This trap is sent by the switch when a radio card on an AP
stops transmitting.
bsnAPRadioCardTxFailureClear
.1.3.6.1.4.1.14179.2.6.3.72
This trap is sent by the switch when a radio card on an AP
starts transmitting again after a prior failure.
bsnAPRadioCardRxFailure
.1.3.6.1.4.1.14179.2.6.3.73
This trap is sent by the switch when a radio card on an AP
stops receiving.
bsnAPRadioCardRxFailureClear
.1.3.6.1.4.1.14179.2.6.3.74
This trap is sent by the switch when a radio card on an AP
starts receiving again after a prior failure.
bsnAPImpersonationDetected
.1.3.6.1.4.1.14179.2.6.3.75
This trap is sent by the switch when a radio of an
authenticated AP hears from another AP whose MAC Address
neither matches that of a rogue's and nor is it an
authenticated neighbor of the detecting AP.
bsnTrustedApHasInvalidPreamble
.1.3.6.1.4.1.14179.2.6.3.76
Issued when a Trusted Rogue AP is auto contained for using invalid
preamble. The second param is for the preamble used and the third
param is for preamble required. If the clear variable has value
true, then the trap clears the earlier alert.
bsnAPIPAddressFallback
.1.3.6.1.4.1.14179.2.6.3.77
This trap is sent out when an AP, with the configured static
ip-address, fails to establish connection with outside world
and starts using DHCP as a fallback option.
bsnAPFunctionalityDisabled
.1.3.6.1.4.1.14179.2.6.3.78
This trap is sent out when AP functionality on the switch is
disabled because the License key has expired
or has been deleted or doesn't match the switch image.
bsnAPRegulatoryDomainMismatch
.1.3.6.1.4.1.14179.2.6.3.79
This trap is generated if an AP's regulatory domain doesn't
match the country the switch is configured for. Due to the
mismatch, the AP will fail to associate with the Switch.
bsnAPDisassociated
.1.3.6.1.4.1.14179.2.6.3.8
When Airespace AP disassociates from Airespace Switch, AP
disassociated notification will be sent with dot3 MAC address
of Airespace AP management system to remove Airespace AP from
this Airespace Switch
bsnRxMulticastQueueFull
.1.3.6.1.4.1.14179.2.6.3.80
This trap indicates that the CPU's Receive Multicast Queue is
Full.
bsnRadarChannelDetected
.1.3.6.1.4.1.14179.2.6.3.81
This trap is sent when radar signals are detected on the
current channel
bsnRadarChannelCleared
.1.3.6.1.4.1.14179.2.6.3.82
This trap will be generated, if a radar trap has been
generated earlier, after the expiry of Non-Occupancy Period.
bsnAPAuthorizationFailure
.1.3.6.1.4.1.14179.2.6.3.83
This trap is sent out in case of authorization failure while
attempting to associate the AP to the controller.
bsnAPDot3MacAddress represents the mac-address of that AP.
bsnAPName is name of AP
radioCoreDumpTrap
.1.3.6.1.4.1.14179.2.6.3.84
When radio module in AP dumps core, it informs controller and
controller generates this trap. The core file can be retrieved
on demand.
invalidRadioTrap
.1.3.6.1.4.1.14179.2.6.3.85
This trap will be generated when an AP has joined is using
unsupported radio or a radio slot not currently not being
used.
countryChangeTrap
.1.3.6.1.4.1.14179.2.6.3.86
This trap will be generated when an operator changes the
country of operation. New country code will be sent in trap.
unsupportedAPTrap
.1.3.6.1.4.1.14179.2.6.3.87
This trap will be generated when unsupported AP try to join
40xx/410x or 3500 with 64MB flash.
heartbeatLossTrap
.1.3.6.1.4.1.14179.2.6.3.88
This trap will be generated when controller loses
connection with the Supervisor Switch in which it
is physically embedded and doesn't hear the
heartbeat keepalives from the Supervisor.
locationNotifyTrap
.1.3.6.1.4.1.14179.2.6.3.89
This trap will be generated by the location server
for notifications of location events.
bsnAPIfUp
.1.3.6.1.4.1.14179.2.6.3.9
When Airespace AP's interface's operation status goes up this
trap will be sent
BsnSignaturePatternOffSetStart
bsnWireless 
bsnDot11EssTable 
bsnDot11EssEntry 
bsnDot11EssIndex 
bsnAPGroupsVlanFeature 
bsnDot11StationDisassociate