CISCO-LWAPP-AAA-MIB

This MIB is intended to be implemented on all those
devices operating as Central Controllers (CC), that
terminate the Light Weight Access Point Protocol
tunnel from Cisco Light-weight LWAPP Access Points.
        
Information provided by this MIB is used to manage
AAA information on the controller.
        
The relationship between CC and the LWAPP APs
can be depicted as follows:
        
      +......+     +......+     +......+
      +      +     +      +     +      +
      +  CC  +     +  CC  +     +  CC  +
      +      +     +      +     +      +
      +......+     +......+     +......+
        ..            .             .
        ..            .             .
       .  .            .             .
      .    .            .             .
     .      .            .             .
    .        .            .             .
+......+ +......+     +......+      +......+
+      + +      +     +      +      +      +
+  AP  + +  AP  +     +  AP  +      +  AP  +
+      + +      +     +      +      +      +
+......+ +......+     +......+      +......+
           .              .             .
         .  .              .             .
        .    .              .             .
       .      .              .             .
      .        .              .             .
   +......+ +......+     +......+      +......+
   +      + +      +     +      +      +      +
   +  MN  + +  MN  +     +  MN  +      +  MN  +
   +      + +      +     +      +      +      +
   +......+ +......+     +......+      +......+
        
        
The LWAPP tunnel exists between the controller and
the APs.  The MNs communicate with the APs through
the protocol defined by the 802.11 standard.
        
LWAPP APs, upon bootup, discover and join one of the
controllers and the controller pushes the configuration,
that includes the WLAN parameters, to the LWAPP APs.
The APs then encapsulate all the 802.11 frames from
wireless clients inside LWAPP frames and forward
the LWAPP frames to the controller.
        
                   GLOSSARY
        
Access Point ( AP )
        
An entity that contains an 802.11 medium access
control ( MAC ) and physical layer ( PHY ) interface
and provides access to the distribution services via
the wireless medium for associated clients.  
        
LWAPP APs encapsulate all the 802.11 frames in
LWAPP frames and sends them to the controller to which
it is logically connected.
        
Light Weight Access Point Protocol ( LWAPP )
        
This is a generic protocol that defines the 
communication between the Access Points and the
Central Controller. 
        
Mobile Node ( MN )
        
A roaming 802.11 wireless device in a wireless
network associated with an access point. Mobile Node 
and client are used interchangeably. 
        
Terminal Access Controller Access-Control System 
( TACACS ) 
        
A remote authentication protocol that is used to 
communicate with an authentication server. 
TACACS allows a remote access server to communicate 
with an authentication server in order to determine 
if the user has access to the network.
        
Remote Authentication Dial In User Service (RADIUS) 
        
It is an AAA (authentication, authorization and accounting) 
protocol for applications such as network access or 
IP mobility. It is intended to work in both local and 
roaming situations.
        
Wireless LAN ( WLAN ) 
        
It is a wireless local area network, which is the 
linking of two or more computers without using wires. 
It uses radio communication to accomplish the same 
functionality of a wired LAN.
        
PAP - Password Authentication Protocol
CHAP - Challenge Handshake Authentication Protocol
MD5-CHAP - Message Digest 5 Challenge Handshake Authentication
           Protocol
        
LSC - Local Significant Certificate
        
LSC can be used if we want our own public key 
infrastructure (PKI) to provide better security, 
to have control of our certificate authority (CA), 
and to define policies, restrictions, and usages 
on the generated certificates.
        
REFERENCE
        
[1] Wireless LAN Medium Access Control ( MAC ) and
Physical Layer ( PHY ) Specifications
        
[2] Draft-obara-capwap-lwapp-00.txt, IETF Light 
Weight Access Point Protocol

Imported Objects

CLSecKeyFormat	CISCO-LWAPP-TC-MIB
cLWlanIndex	CISCO-LWAPP-WLAN-MIB
ciscoMgmt	CISCO-SMI
CiscoURLString	CISCO-TC
InetPortNumber, InetAddress, InetAddressType	INET-ADDRESS-MIB
SnmpAdminString	SNMP-FRAMEWORK-MIB
MODULE-COMPLIANCE, NOTIFICATION-GROUP, OBJECT-GROUP	SNMPv2-CONF
OBJECT-TYPE, Counter32, Gauge32, Integer32, Unsigned32, NOTIFICATION-TYPE, MODULE-IDENTITY	SNMPv2-SMI
StorageType, RowStatus, TimeInterval, TruthValue, MacAddress	SNMPv2-TC

Objects

ciscoLwappAAAMIB		.1.3.6.1.4.1.9.9.598
ciscoLwappAAAMIBNotifs		.1.3.6.1.4.1.9.9.598.0
ciscoLwappAAAMIBObjects		.1.3.6.1.4.1.9.9.598.1
claConfigObjects		.1.3.6.1.4.1.9.9.598.1.1
claPriorityTable		.1.3.6.1.4.1.9.9.598.1.1.1
claPriorityEntry	claPriorityAuth	.1.3.6.1.4.1.9.9.598.1.1.1.1
claPriorityAuth	Enumeration	.1.3.6.1.4.1.9.9.598.1.1.1.1.1
claPriorityOrder	Unsigned32	.1.3.6.1.4.1.9.9.598.1.1.1.1.2
claWebRadiusAuthentication	Enumeration	.1.3.6.1.4.1.9.9.598.1.1.10
claRadiusFallbackMode	Enumeration	.1.3.6.1.4.1.9.9.598.1.1.11
claRadiusFallbackUsername	SNMP-FRAMEWORK-MIBSnmpAdminString	.1.3.6.1.4.1.9.9.598.1.1.12
claRadiusFallbackInterval	seconds Integer32	.1.3.6.1.4.1.9.9.598.1.1.13
claRadiusAuthMacDelimiter	Enumeration	.1.3.6.1.4.1.9.9.598.1.1.14
claRadiusAcctMacDelimiter	Enumeration	.1.3.6.1.4.1.9.9.598.1.1.15
claAcceptMICertificate	SNMPv2-TCTruthValue	.1.3.6.1.4.1.9.9.598.1.1.16
claAcceptLSCertificate	SNMPv2-TCTruthValue	.1.3.6.1.4.1.9.9.598.1.1.17
claAllowAuthorizeLscApAgainstAAA	SNMPv2-TCTruthValue	.1.3.6.1.4.1.9.9.598.1.1.18
claSscHashValidationEnabled	SNMPv2-TCTruthValue	.1.3.6.1.4.1.9.9.598.1.1.19
claTacacsServerTable		.1.3.6.1.4.1.9.9.598.1.1.2
claTacacsServerEntry	claTacacsServerType claTacacsServerPriority	.1.3.6.1.4.1.9.9.598.1.1.2.1
claTacacsServerType	Enumeration	.1.3.6.1.4.1.9.9.598.1.1.2.1.1
claTacacsServerStorageType	SNMPv2-TCStorageType	.1.3.6.1.4.1.9.9.598.1.1.2.1.10
claTacacsServerRowStatus	SNMPv2-TCRowStatus	.1.3.6.1.4.1.9.9.598.1.1.2.1.11
claTacacsServerPriority	Unsigned32	.1.3.6.1.4.1.9.9.598.1.1.2.1.2
claTacacsServerAddressType	INET-ADDRESS-MIBInetAddressType	.1.3.6.1.4.1.9.9.598.1.1.2.1.3
claTacacsServerAddress	INET-ADDRESS-MIBInetAddress	.1.3.6.1.4.1.9.9.598.1.1.2.1.4
claTacacsServerPortNum	INET-ADDRESS-MIBInetPortNumber	.1.3.6.1.4.1.9.9.598.1.1.2.1.5
claTacacsServerEnabled	SNMPv2-TCTruthValue	.1.3.6.1.4.1.9.9.598.1.1.2.1.6
claTacacsServerSecretType	CISCO-LWAPP-TC-MIBCLSecKeyFormat	.1.3.6.1.4.1.9.9.598.1.1.2.1.7
claTacacsServerSecret	SNMP-FRAMEWORK-MIBSnmpAdminString	.1.3.6.1.4.1.9.9.598.1.1.2.1.8
claTacacsServerTimeout	seconds Unsigned32	.1.3.6.1.4.1.9.9.598.1.1.2.1.9
claSscCertificateSubject	OctetString	.1.3.6.1.4.1.9.9.598.1.1.20
claSscCertificateValidity	OctetString	.1.3.6.1.4.1.9.9.598.1.1.21
claSscCertificateHashKey	OctetString	.1.3.6.1.4.1.9.9.598.1.1.22
claRadiusAuthServerTable		.1.3.6.1.4.1.9.9.598.1.1.23
claRadiusAuthServerEntry	claRadiusAuthServerIndex	.1.3.6.1.4.1.9.9.598.1.1.23.1
claRadiusAuthServerIndex	Integer32	.1.3.6.1.4.1.9.9.598.1.1.23.1.1
claRadiusAuthServerIPSecAuthMethod	Enumeration	.1.3.6.1.4.1.9.9.598.1.1.23.1.2
claRadiusAuthServerKey	OctetString	.1.3.6.1.4.1.9.9.598.1.1.23.1.3
claRadiusAuthServerKeyFormat	Enumeration	.1.3.6.1.4.1.9.9.598.1.1.23.1.4
claRadiusAuthServerIsActive	Enumeration	.1.3.6.1.4.1.9.9.598.1.1.23.1.5
claRadiusAuthServerTunnelProxy	SNMPv2-TCTruthValue	.1.3.6.1.4.1.9.9.598.1.1.23.1.6
claRadiusAuthServerPacState	SNMPv2-TCTruthValue	.1.3.6.1.4.1.9.9.598.1.1.23.1.7
claRadiusAccServerTable		.1.3.6.1.4.1.9.9.598.1.1.24
claRadiusAccServerEntry	claRadiusAccServerIndex	.1.3.6.1.4.1.9.9.598.1.1.24.1
claRadiusAccServerIndex	Integer32	.1.3.6.1.4.1.9.9.598.1.1.24.1.1
claRadiusAccServerIPSecAuthMethod	Enumeration	.1.3.6.1.4.1.9.9.598.1.1.24.1.2
claRadiusAccServerKey	OctetString	.1.3.6.1.4.1.9.9.598.1.1.24.1.3
claRadiusAccServerKeyFormat	Enumeration	.1.3.6.1.4.1.9.9.598.1.1.24.1.4
claRadiusAccServerIsActive	Enumeration	.1.3.6.1.4.1.9.9.598.1.1.24.1.5
claRadiusAccServerTunnelProxy	SNMPv2-TCTruthValue	.1.3.6.1.4.1.9.9.598.1.1.24.1.6
claRadiusAccServerPacState	SNMPv2-TCTruthValue	.1.3.6.1.4.1.9.9.598.1.1.24.1.7
claRadiusAuthServerRealmTable		.1.3.6.1.4.1.9.9.598.1.1.25
claRadiusAuthServerRealmEntry	claRadiusAuthServerIndex claRadiusAuthServerRealm	.1.3.6.1.4.1.9.9.598.1.1.25.1
claRadiusAuthServerRealm	SNMP-FRAMEWORK-MIBSnmpAdminString	.1.3.6.1.4.1.9.9.598.1.1.25.1.1
claRadiusAuthRealmRowStatus	SNMPv2-TCRowStatus	.1.3.6.1.4.1.9.9.598.1.1.25.1.2
claRadiusAcctServerRealmTable		.1.3.6.1.4.1.9.9.598.1.1.26
claRadiusAcctServerRealmEntry	claRadiusAccServerIndex claRadiusAcctServerRealm	.1.3.6.1.4.1.9.9.598.1.1.26.1
claRadiusAcctServerRealm	SNMP-FRAMEWORK-MIBSnmpAdminString	.1.3.6.1.4.1.9.9.598.1.1.26.1.1
claRadiusAcctRealmRowStatus	SNMPv2-TCRowStatus	.1.3.6.1.4.1.9.9.598.1.1.26.1.2
claTacacsFallbackTestInterval	seconds Unsigned32	.1.3.6.1.4.1.9.9.598.1.1.27
claWlanTable		.1.3.6.1.4.1.9.9.598.1.1.3
claWlanEntry	CISCO-LWAPP-WLAN-MIBcLWlanIndex	.1.3.6.1.4.1.9.9.598.1.1.3.1
claWlanAcctServerEnabled	SNMPv2-TCTruthValue	.1.3.6.1.4.1.9.9.598.1.1.3.1.1
claWlanAuthServerEnabled	SNMPv2-TCTruthValue	.1.3.6.1.4.1.9.9.598.1.1.3.1.2
claWlanOverwriteInterface	SNMPv2-TCTruthValue	.1.3.6.1.4.1.9.9.598.1.1.3.1.3
claWlanInterimUpdate	SNMPv2-TCTruthValue	.1.3.6.1.4.1.9.9.598.1.1.3.1.4
claWlanInterimUpdateInterval	seconds Integer32	.1.3.6.1.4.1.9.9.598.1.1.3.1.5
claRadiusServerGlobalActivatedEnabled	SNMPv2-TCTruthValue	.1.3.6.1.4.1.9.9.598.1.1.4
claRadiusServerGlobalDeactivatedEnabled	SNMPv2-TCTruthValue	.1.3.6.1.4.1.9.9.598.1.1.5
claRadiusServerWlanActivatedEnabled	SNMPv2-TCTruthValue	.1.3.6.1.4.1.9.9.598.1.1.6
claRadiusServerWlanDeactivatedEnabled	SNMPv2-TCTruthValue	.1.3.6.1.4.1.9.9.598.1.1.7
claRadiusReqTimedOutEnabled	SNMPv2-TCTruthValue	.1.3.6.1.4.1.9.9.598.1.1.8
claSaveUserData	SNMPv2-TCTruthValue	.1.3.6.1.4.1.9.9.598.1.1.9
claStatusObjects		.1.3.6.1.4.1.9.9.598.1.2
claRadiusServerTable		.1.3.6.1.4.1.9.9.598.1.2.1
claRadiusServerEntry	claRadiusReqId	.1.3.6.1.4.1.9.9.598.1.2.1.1
claRadiusReqId	Unsigned32	.1.3.6.1.4.1.9.9.598.1.2.1.1.1
claRadiusAddressType	INET-ADDRESS-MIBInetAddressType	.1.3.6.1.4.1.9.9.598.1.2.1.1.2
claRadiusAddress	INET-ADDRESS-MIBInetAddress	.1.3.6.1.4.1.9.9.598.1.2.1.1.3
claRadiusPortNum	INET-ADDRESS-MIBInetPortNumber	.1.3.6.1.4.1.9.9.598.1.2.1.1.4
claRadiusWlanIdx	Unsigned32	.1.3.6.1.4.1.9.9.598.1.2.1.1.5
claRadiusClientMacAddress	SNMPv2-TCMacAddress	.1.3.6.1.4.1.9.9.598.1.2.1.1.6
claRadiusUserName	SNMP-FRAMEWORK-MIBSnmpAdminString	.1.3.6.1.4.1.9.9.598.1.2.1.1.7
claDBCurrentUsedEntries	SNMPv2-SMIGauge32	.1.3.6.1.4.1.9.9.598.1.2.2
claRadiusAuthClientAccessRequestsTotal	SNMPv2-SMICounter32	.1.3.6.1.4.1.9.9.598.1.2.3
claRadiusAuthClientAccessResponseTotal	SNMPv2-SMICounter32	.1.3.6.1.4.1.9.9.598.1.2.4
claRadiusAuthClientAccessAcceptsTotal	SNMPv2-SMICounter32	.1.3.6.1.4.1.9.9.598.1.2.5
claRadiusServerAvpTable		.1.3.6.1.4.1.9.9.598.1.2.6
claRadiusServerAvpEntry	claWlanId claRadiusType claAvpEntryId	.1.3.6.1.4.1.9.9.598.1.2.6.1
claWlanId	Unsigned32	.1.3.6.1.4.1.9.9.598.1.2.6.1.1
claRadiusType	Unsigned32	.1.3.6.1.4.1.9.9.598.1.2.6.1.2
claAvpEntryId	Unsigned32	.1.3.6.1.4.1.9.9.598.1.2.6.1.3
claAvpVendorId	Unsigned32	.1.3.6.1.4.1.9.9.598.1.2.6.1.4
claAvpAttribute	Unsigned32	.1.3.6.1.4.1.9.9.598.1.2.6.1.5
claAvpType	Enumeration	.1.3.6.1.4.1.9.9.598.1.2.6.1.6
claAvpValue	SNMP-FRAMEWORK-MIBSnmpAdminString	.1.3.6.1.4.1.9.9.598.1.2.6.1.7
claGlobalObjects		.1.3.6.1.4.1.9.9.598.1.3
claTacacsDnsServerEnabled	SNMPv2-TCTruthValue	.1.3.6.1.4.1.9.9.598.1.3.1
claRadiusDnsServerAddressType	INET-ADDRESS-MIBInetAddressType	.1.3.6.1.4.1.9.9.598.1.3.10
claRadiusDnsServerAddress	INET-ADDRESS-MIBInetAddress	.1.3.6.1.4.1.9.9.598.1.3.11
claRadiusDnsServerPort	INET-ADDRESS-MIBInetPortNumber	.1.3.6.1.4.1.9.9.598.1.3.12
claRadiusDnsServerSecretType	CISCO-LWAPP-TC-MIBCLSecKeyFormat	.1.3.6.1.4.1.9.9.598.1.3.13
claRadiusDnsServerSecret	SNMP-FRAMEWORK-MIBSnmpAdminString	.1.3.6.1.4.1.9.9.598.1.3.14
claRadiusDnsServerURL	CISCO-TCCiscoURLString	.1.3.6.1.4.1.9.9.598.1.3.15
claRadiusDnsServerTimeout	days Unsigned32	.1.3.6.1.4.1.9.9.598.1.3.16
claAAARadiusAuthCallStationIdType	Enumeration	.1.3.6.1.4.1.9.9.598.1.3.17
claRadiusDnsAuthnetworkState	SNMPv2-TCTruthValue	.1.3.6.1.4.1.9.9.598.1.3.18
claRadiusDnsAuthmgmtState	SNMPv2-TCTruthValue	.1.3.6.1.4.1.9.9.598.1.3.19
claTacacsDnsServerAddressType	INET-ADDRESS-MIBInetAddressType	.1.3.6.1.4.1.9.9.598.1.3.2
claRadiusDnsAcctnetworkState	SNMPv2-TCTruthValue	.1.3.6.1.4.1.9.9.598.1.3.20
claRadiusDnsAuthRetransmitTimeout	Unsigned32	.1.3.6.1.4.1.9.9.598.1.3.21
claRadiusDnsAcctRetransmitTimeout	Unsigned32	.1.3.6.1.4.1.9.9.598.1.3.22
claRadiusDnsAuthRfc3576State	SNMPv2-TCTruthValue	.1.3.6.1.4.1.9.9.598.1.3.23
claRadiusFramedMtu	Unsigned32	.1.3.6.1.4.1.9.9.598.1.3.24
claRadiusDnsAuthMgmtRetransmitTimeout	Unsigned32	.1.3.6.1.4.1.9.9.598.1.3.25
claMgmtUserReauthInterval	Unsigned32	.1.3.6.1.4.1.9.9.598.1.3.26
claTacacsDnsServerAddress	INET-ADDRESS-MIBInetAddress	.1.3.6.1.4.1.9.9.598.1.3.3
claTacacsDnsServerPort	INET-ADDRESS-MIBInetPortNumber	.1.3.6.1.4.1.9.9.598.1.3.4
claTacacsDnsServerSecretType	CISCO-LWAPP-TC-MIBCLSecKeyFormat	.1.3.6.1.4.1.9.9.598.1.3.5
claTacacsDnsServerSecret	SNMP-FRAMEWORK-MIBSnmpAdminString	.1.3.6.1.4.1.9.9.598.1.3.6
claTacacsDnsServerURL	CISCO-TCCiscoURLString	.1.3.6.1.4.1.9.9.598.1.3.7
claTacacsDnsServerTimeout	days Unsigned32	.1.3.6.1.4.1.9.9.598.1.3.8
claRadiusDnsServerEnabled	SNMPv2-TCTruthValue	.1.3.6.1.4.1.9.9.598.1.3.9
ciscoLwappAAAMIBConform		.1.3.6.1.4.1.9.9.598.2
ciscoLwappAAAMIBCompliances		.1.3.6.1.4.1.9.9.598.2.1
ciscoLwappAAAMIBGroups		.1.3.6.1.4.1.9.9.598.2.2

Notifications/Traps

Name	OID	Description
ciscoLwappAAARadiusServerGlobalActivated claRadiusAddressType claRadiusAddress claRadiusPortNum	.1.3.6.1.4.1.9.9.598.0.1	ication is sent by the agent when the controller detects that the RADIUS server is activated in the global list. The RADIUS server is identified by the address (claRadiusAddress) and port number (claRadiusPortNum).
ciscoLwappAAARadiusServerGlobalDeactivated claRadiusAddressType claRadiusAddress claRadiusPortNum	.1.3.6.1.4.1.9.9.598.0.2	ication is sent by the agent when the controller detects that the RADIUS server is deactivated in the global list. The RADIUS server is identified by the address (claRadiusAddress) and port number (claRadiusPortNum).
ciscoLwappAAARadiusServerWlanActivated claRadiusAddressType claRadiusAddress claRadiusPortNum claRadiusWlanIdx	.1.3.6.1.4.1.9.9.598.0.3	ication is sent by the agent when the controller detects that the RADIUS server is activated on the WLAN. The RADIUS server is identified by the address (claRadiusAddress) and port number (claRadiusPortNum).
ciscoLwappAAARadiusServerWlanDeactivated claRadiusAddressType claRadiusAddress claRadiusPortNum claRadiusWlanIdx	.1.3.6.1.4.1.9.9.598.0.4	ication is sent by the agent when the controller detects that the RADIUS server is deactivated on the WLAN. The RADIUS server is identified by the address (claRadiusAddress) and port number (claRadiusPortNum).
ciscoLwappAAARadiusReqTimedOut claRadiusAddressType claRadiusAddress claRadiusPortNum claRadiusClientMacAddress claRadiusUserName	.1.3.6.1.4.1.9.9.598.0.5	ication is sent by the agent when the controller detects that the RADIUS server failed to respond to request from a client/user. The RADIUS server is identified by the address (claRadiusAddress) and port number (claRadiusPortNum).
ciscoLwappAAARadiusAuthServerAvailable claRadiusAddressType claRadiusAddress claRadiusPortNum	.1.3.6.1.4.1.9.9.598.0.6	ication is sent by the agent when the controller detects that the RADIUS authenticating server is available/responsive when it was previously unavailable/unresponsive. The state change triggers this notification. The RADIUS server is identified by the address (claRadiusAddress) and port number (claRadiusPortNum).
ciscoLwappAAARadiusAuthServerUnavailable claRadiusAddressType claRadiusAddress claRadiusPortNum	.1.3.6.1.4.1.9.9.598.0.7	ication is sent by the agent when the controller detects that the RADIUS authenticating server is unavailable/unresponsive when it was previously available/responsive. The state change triggers this notification. The RADIUS server is identified by the address (claRadiusAddress) and port number (claRadiusPortNum).
ciscoLwappAAARadiusAcctServerAvailable claRadiusAddressType claRadiusAddress claRadiusPortNum	.1.3.6.1.4.1.9.9.598.0.8	ication is sent by the agent when the controller detects that the RADIUS accounting server is available/responsive when it was previously unavailable/unresponsive. The state change triggers this notification. The RADIUS server is identified by the address (claRadiusAddress) and port number (claRadiusPortNum).
ciscoLwappAAARadiusAcctServerUnavailable claRadiusAddressType claRadiusAddress claRadiusPortNum	.1.3.6.1.4.1.9.9.598.0.9	ication is sent by the agent when the controller detects that the RADIUS accounting server is unavailable/unresponsive when it was previously available/responsive. The state change triggers this notification. The RADIUS server is identified by the address (claRadiusAddress) and port number (claRadiusPortNum).