CISCO-LWAPP-MFP-MIB

This MIB is intended to be implemented on all those
        devices operating as Central Controllers (CC) that
        terminate the Light Weight Access Point Protocol
        tunnel from Light-weight LWAPP Access Points.
        
        This MIB instrumentation provides the parameters used
        by the controller to control and monitor the behavior
        of the associated Access Points when following the
        newly defined Management Frame Protocol.  The
        controller would pass the MFP settings configured by
        the user through this MIB to the APs through LWAPP
        messages.  The APs then begin to validate and verify
        the integrity of 802.11 Management frames and report
        the anomalies found, if any, to the controller.
        
        The relationship between CC and the LWAPP APs
        can be depicted as follows.
        
        +......+     +......+     +......+           +......+
        +      +     +      +     +      +           +      +
        +  CC  +     +  CC  +     +  CC  +           +  CC  +
        +      +     +      +     +      +           +      +
        +......+     +......+     +......+           +......+
        ..            .             .                 .
        ..            .             .                 .
        .  .            .             .                 .
        .    .            .             .                 .
        .      .            .             .                 .
        .        .            .             .                 .
        +......+ +......+     +......+      +......+          +......+
        +      + +      +     +      +      +      +          +      +
        +  AP  + +  AP  +     +  AP  +      +  AP  +          +  AP  +
        +      + +      +     +      +      +      +          +      +
        +......+ +......+     +......+      +......+          +......+
        .              .             .                 .
        .  .              .             .                 .
        .    .              .             .                 .
        .      .              .             .                 .
        .        .              .             .                 .
        +......+ +......+     +......+      +......+          +......+
        +      + +      +     +      +      +      +          +      +
        +  MN  + +  MN  +     +  MN  +      +  MN  +          +  MN  +
        +      + +      +     +      +      +      +          +      +
        +......+ +......+     +......+      +......+          +......+
        
        The LWAPP tunnel exists between the controller and
        the APs.  The MNs communicate with the APs through
        the protocol defined by the 802.11 standard.
        
        LWAPP APs, upon bootup, discover and join one of the
        controllers and the controller pushes the configuration,
        which includes the WLAN parameters, to the LWAPP APs.
        The APs then encapsulate all the 802.11 frames from
        wireless clients inside LWAPP frames and forward
        the LWAPP frames to the controller.  Reference [2]
        explains in detail about the communication between
        the controller and APs, while Reference [1] explains
        the AP-MN communication. 
        
        To secure the 802.11 management traffic, the controller
        and the APs perform specific roles.  The controller 
        acts as the central entity to generate and distribute
        signature keys using which the APs generate integrity
        check values, also known as signatures, for individual
        management frames.  The APs append this signature in
        the form of an Information Element to the respective
        management frame to be transmitted.  This is needed to
        isolate those potential rogue APs whose frames may not
        carry the frame signature.
        
        The APs use the signature keys, generated and pushed
        to them by the controller for each BSSID reported
        as heard by the APs, to validate the integrity of the
        the management traffic originating from various
        802.11 sources.  Any anomalies observed by the APs
        are reported to the controller.  The controller
        makes the information about such events available
        for a network management Station in the form of
        notifications.
                      
                           GLOSSARY
        
        Access Point ( AP )
        
        An entity that contains an 802.11 media access
        control ( MAC ) and physical layer ( PHY ) interface
        and provides access to the distribution services via
        the wireless medium for associated clients.  
        
        LWAPP APs encapsulate all the 802.11 frames in
        LWAPP frames and sends them to the controller to which
        it is logically connected.
        
        AP-Authentication
        
        With this feature enabled, the Access Points sending
        radio resource management neighbor packets with 
        different RF network names will be reported as rogues.
        
        Basic Service Set Identifier ( BSSID )
        
        The identifier of the Basic Service Set controlled by
        a single coordination function.  The identifier is
        usually the MAC address of the radio interface that
        hosts the BSS. 
        
        Central Controller ( CC )
        
        The central entity that terminates the LWAPP protocol
        tunnel from the LWAPP APs.  Throughout this MIB,
        this entity is also referred to as 'controller'.
        
        Light Weight Access Point Protocol ( LWAPP ) 
        
        This is a generic protocol that defines the 
        communication between the Access Points and the
        Central Controller. 
        
        Management Frame Protection ( MFP )
        
        A proprietary mechanism devised to integrity protect
        the otherwise unprotected management frames of the
        802.11 protocol specification.
        
        Message Integrity Check ( MIC )
        
        A checksum computed on a sequence of bytes and made
        known to the receiving party in a data communication,
        to let the receiving party make sure the bytes
        received were not compromised enroute.
        
        Mobile Node ( MN )
        
        A roaming 802.11 wireless device in a wireless
        network associated with an access point.
         
        Network Management Station ( NMS )
        
        The system through which the network administrator
        manages the controller and the APs associated to
        it.
        
        REFERENCE
        
        [1] Wireless LAN Medium Access Control ( MAC ) and
        Physical Layer ( PHY ) Specifications, ANSI/IEEE 
        Std 802.11, 1999 Edition.
        
        [2] Draft-obara-Capwap-lwapp-00.txt, IETF Light 
        Weight Access Point Protocol

Imported Objects

cLApName, cLApSysMacAddress, cLApDot11IfSlotId, cLApIfSmtDot11BssidCISCO-LWAPP-AP-MIB
cldcClientMacAddressCISCO-LWAPP-DOT11-CLIENT-MIB
CLEventFrames, CLMfpEventType, CLMfpVersion, CLTimeBaseStatusCISCO-LWAPP-TC-MIB
cLWlanIndexCISCO-LWAPP-WLAN-MIB
ciscoMgmtCISCO-SMI
MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUPSNMPv2-CONF
MODULE-IDENTITY, NOTIFICATION-TYPE, OBJECT-TYPE, Unsigned32, Gauge32SNMPv2-SMI
TruthValue, TimeInterval, MacAddressSNMPv2-TC
ciscoLwappMfpMIB .1.3.6.1.4.1.9.9.518
ciscoLwappMfpMIBNotifs .1.3.6.1.4.1.9.9.518.0
ciscoLwappMfpProtectConfigMismatch .1.3.6.1.4.1.9.9.518.0.1
ciscoLwappMfpValidationConfigMismatch .1.3.6.1.4.1.9.9.518.0.2
ciscoLwappMfpTimebaseStatus .1.3.6.1.4.1.9.9.518.0.3
ciscoLwappMfpAnomalyDetected deprecated.1.3.6.1.4.1.9.9.518.0.4
ciscoLwappMfpAnomalyDetected1 .1.3.6.1.4.1.9.9.518.0.5
ciscoLwappMfpMIBNotifObjects .1.3.6.1.4.1.9.9.518.1
cLApMacAddress .1.3.6.1.4.1.9.9.518.1.1
cLClientLastSourceMacAddress .1.3.6.1.4.1.9.9.518.1.10
cLApDot11IfSlotIdx .1.3.6.1.4.1.9.9.518.1.2
cLWlanIdx .1.3.6.1.4.1.9.9.518.1.3
cLMfpApIfMfpProtectionActual .1.3.6.1.4.1.9.9.518.1.4
cLMfpEventType .1.3.6.1.4.1.9.9.518.1.5
cLMfpEventTotal .1.3.6.1.4.1.9.9.518.1.6
cLMfpEventPeriod .1.3.6.1.4.1.9.9.518.1.7
cLMfpEventFrames .1.3.6.1.4.1.9.9.518.1.8
ciscoLwappMfpMIBObjects .1.3.6.1.4.1.9.9.518.2
ciscoLwappMfpConfig .1.3.6.1.4.1.9.9.518.2.1
cLMfpProtectType .1.3.6.1.4.1.9.9.518.2.1.1
cLMfpWlanConfigTable .1.3.6.1.4.1.9.9.518.2.1.2
cLMfpWlanConfigEntry .1.3.6.1.4.1.9.9.518.2.1.2.1
cLMfpVersionRequired .1.3.6.1.4.1.9.9.518.2.1.2.1.2
cLMfpProtectionEnable deprecated.1.3.6.1.4.1.9.9.518.2.1.2.1.3
cLMfpClientProtection .1.3.6.1.4.1.9.9.518.2.1.2.1.4
ciscoLwappMfpStatus .1.3.6.1.4.1.9.9.518.2.2
cLMfpCtrlTimeBaseStatus .1.3.6.1.4.1.9.9.518.2.2.1
cLMfpApParamTable .1.3.6.1.4.1.9.9.518.2.2.2
cLMfpApParamEntry .1.3.6.1.4.1.9.9.518.2.2.2.1
cLMfpApMfpValidationEnable .1.3.6.1.4.1.9.9.518.2.2.2.1.1
cLMfpApMfpValidationActual .1.3.6.1.4.1.9.9.518.2.2.2.1.2
cLMfpApIfSmtCapTable deprecated.1.3.6.1.4.1.9.9.518.2.2.3
cLMfpApIfSmtCapEntry deprecated.1.3.6.1.4.1.9.9.518.2.2.3.1
cLMfpApIfMfpVersionSupported deprecated.1.3.6.1.4.1.9.9.518.2.2.3.1.1
cLMfpApIfMfpProtectionCapability deprecated.1.3.6.1.4.1.9.9.518.2.2.3.1.2
cLMfpApIfMfpValidationCapability deprecated.1.3.6.1.4.1.9.9.518.2.2.3.1.3
cLMfpCtrlNotifEnable .1.3.6.1.4.1.9.9.518.2.2.4
cLMfpClientTable .1.3.6.1.4.1.9.9.518.2.2.5
cLMfpClientEntry .1.3.6.1.4.1.9.9.518.2.2.5.1
cLMfpClientMfpEnabled .1.3.6.1.4.1.9.9.518.2.2.5.1.1
ciscoLwappMfpMIBConform .1.3.6.1.4.1.9.9.518.3
ciscoLwappMfpMIBCompliances .1.3.6.1.4.1.9.9.518.3.1
ciscoLwappMfpMIBGroups .1.3.6.1.4.1.9.9.518.3.2