CISCO-WDS-IDS-MIB

This MIB is intended to be implemented on all
        IOS based network entities that provide Wireless
        Domain Services, for the purpose of providing network
        management stations information about the various
        attempts to compromise the security in the 
        802.11-based wireless networks.  Entities that can be
        configured to provide Wireless Domain Services 
        could be an 802.11 Access Point, a Switch or any
        other IOS network device, that allows the WDS
        configuration.
        
        The MIB reports the information about the MAC
        spoofing attempts made by wireless clients to
        compromise the security of the network.
        
        MAC Spoofing is detected by the WDS when clients
        attempt to authenticate with the WDS using the MAC
        address of another client while roaming from one
        AP to another.  Upon detecting this, the WDS
        provides the information about the client and the
        username to the NMS as MIB objects.
        
        The hierarchy of the WDS, AP and MNs is as follows.
        
        +=====+       +=====+          +=====+
        |     |       |     |          |     |
        | WDS |       | WDS |          | WDS |
        |     |       |     |          |     |  
        +=====+       +=====+          +=====+  
        /  \             \                 \   
        /    \             \                 \  
        /      \             \                 \
        /        \             \                 \
        /          \             \                 \
        \/          \/            \/                \/
        +~-~-~+      +~-~-~+       +~-~-~+           +~-~-~+
        +     +      +     +       +     +           +     +
        + AP  +      + AP  +       + AP  +           + AP  +
        +     +      +     +       +     +           +     +
        +~-~-~+      +~-~-~+       +~-~-~+           +~-~-~+
        ..            .             .                 .
        ..            .             .                 .
        .  .            .             .                 .
        .    .            .             .                 .
        .      .            .             .                 .
        .        .            .             .                 .
        \/        \/           \/            \/                \/
        +.....+  +.....+      +-.-.-.+       +~-~-~+          +......+
        +     +  +     +      +      +       +     +          +      +
        + MN  +  + MN  +      + MN   +       + MN  +          +  MN  +
        +     +  +     +      +      +       +     +          +      +
        +.....+  +.....+      +-.-.-.+       +~-~-~+          +......+
        
        
        The WDS include authentication and registration
        services for the APs.  An AP provides Proxy
        Authentication and registration services for the
        MNs.
        
        The wireless connections are represented as dotted
        lines in the above diagram.
        
                           GLOSSARY
        
        Access Point ( AP )
        
        An entity that contains an 802.11 medium access
        control ( MAC ) and physical layer ( PHY ) interface
        and provides access to the distribution services via
        the wireless medium for associated clients.
        
        
        Mobile Node ( MN )
        
        A roaming 802.11 wireless device in a wireless
        network associated with an access point.
        
        
        Wireless Domain Services (WDS)
        
        The set of services being offered at a particular
        broadcast domain that may be an IP subnet or a
        particular VLAN, or across the L3 cloud.  The
        services include the following.
        
        1. MN security credential caching to provide
        seamless, secure intra-subnet roaming.
        
        2. Authenticated context transfer for roaming
        client within the subnet.
        
        Context
        
        The mobility context for an MN includes its current
        mobility bindings with the APs, IP/802 address
        bindings, cached configuration parameters, QoS state,
        IP group membership, authentication state, accounting
        statistics, and other dynamically derived protocol
        state information.

Imported Objects

ciscoMgmtCISCO-SMI
SnmpAdminStringSNMP-FRAMEWORK-MIB
MODULE-COMPLIANCE, OBJECT-GROUPSNMPv2-CONF
MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, Integer32SNMPv2-SMI
MacAddress, TimeStampSNMPv2-TC
ciscoWdsIdsMIB .1.3.6.1.4.1.9.9.457
ciscoWdsIdsMIBObjects .1.3.6.1.4.1.9.9.457.1
ciscoWdsIdsMacSpoofing .1.3.6.1.4.1.9.9.457.1.1
ciscoWdsIdsMaxMacAddresses .1.3.6.1.4.1.9.9.457.1.1.1
ciscoWdsIdsMaxEntriesPerMac .1.3.6.1.4.1.9.9.457.1.1.2
ciscoWdsIdsMacSpoofTable .1.3.6.1.4.1.9.9.457.1.1.3
ciscoWdsIdsMacSpoofEntry .1.3.6.1.4.1.9.9.457.1.1.3.1
ciscoWdsIdsMacSpoofStaMacAddress .1.3.6.1.4.1.9.9.457.1.1.3.1.1
ciscoWdsIdsMacSpoofIndex .1.3.6.1.4.1.9.9.457.1.1.3.1.2
ciscoWdsIdsMacSpoofClient .1.3.6.1.4.1.9.9.457.1.1.3.1.3
ciscoWdsIdsMacSpoofUserId .1.3.6.1.4.1.9.9.457.1.1.3.1.4
ciscoWdsIdsMacSpoofDetectTime .1.3.6.1.4.1.9.9.457.1.1.3.1.5
ciscoWdsIdsMIBConform .1.3.6.1.4.1.9.9.457.2
ciscoWdsIdsMIBCompliances .1.3.6.1.4.1.9.9.457.2.1
ciscoWdsIdsMIBGroups .1.3.6.1.4.1.9.9.457.2.2