CISCO-DOT11-WIDS-MIB Table View

Table-centric layout grouping table, row, and column objects.

Standard view Table view

Tables

Rows

Columns

cDot11WidsEapolFloodTable

table

.1.3.6.1.4.1.9.9.456.1.1.7 · 1 row entry · 6 columns

Open in standard view

This table gives the statistics on the EAPOL flood
attacks observed at this radio interface.
          
An entry in this table is created by the agent when
this 802.11 station detects an EAPOL flood attack.
All the columns in the entries except the
cDot11WidsEapolFloodStopTime are populated when
the attack is observed first.  The object
cDot11WidsEapolFloodStopTime is populated when no
flood conditions are observed following the initial
observation at the time indicated by
cDot11WidsEapolFloodStartTime.
          
This can be illustrated by the following example.
          
Assume that the monitoring interval is configured 
to 1 minute through the
cDot11WidsEapolFloodInterval object and the number
of attempts is set to 5.
          
At the end of the first minute after this
configuration is made,  client c1 is found to
have made 4 attempts and another client c2 have
made 3.  Hence, in total, the attempt count
exceeds 7 and the agent adds a new row to this
table.  The cDot11WidsFloodStopTime carries a
value of 0 at this point in the newly added row.
The MIB object cDot11WidsEapolFloodClientMac
at this point holds the MAC address of c1
and cDot11WidsEapolFloodClientCount holds the
value of 4.
          
At the end of the second interval,  assume that
the clients are found to have made only 4
attempts in total with c1 and c2 making 3 and 1
attempt(s) respectively.  Now the total count
is not found to exceed the threshold.  Hence
the flood is observed to be stopped.  The
object cDot11WidsEapolFloodStopTime is now
populated with this time at which the flood is
observed to be stopped.  The MIB object
cDot11WidsEapolFloodClientMac at this point
holds c1's MAC address and 
cDot11WidsEapolFloodClientCount would hold a
value of 7. If the count is found to exceed in
the next interval, it will be treated as a
beginning of a new flood event and hence a new
entry will be created for the same.
          
Assume the case where, at the end of the second
interval, the total count continues at the
rate above the threshold, with c1 making 5 and
c2 making 2 attempts respectively.  Since the
flood is not observed to be stopped,  the
object cDot11WidsFloodStopTime continues to
hold a value of zero.
          
The agent at anytime will retain only the most
recent and maximum number of entries, as given
by cDot11WidsFloodMaxEntriesPerIntf,  for a
particular value of ifIndex.  The older entries
are purged automatically when the number of
entries for a particular ifIndex reaches its
maximum.
          
This table has a expansion dependent relationship
with ifTable defined in IF-MIB.  There exists a
row in this table corresponding to the row for each
interface of iftype ieee80211(71) found in ifTable.
cDot11WidsEapolFloodIndex acts as the
expansion index.

cDot11WidsEapolFloodEntry entry .1.3.6.1.4.1.9.9.456.1.1.7.1

An entry holds the statistics about one instance of
EAPOL flood attack observed at this particular
radio interface.

Indexes

IF-MIBifIndex cDot11WidsEapolFloodIndex

Column	Syntax	OID
cDot11WidsEapolFloodIndex This object identifies the set of information about one instance of an EAPOL flood event observed at this radio interface between the start and stop times indicated by cDot11WidsEapolFloodStartTime and cDot11WidsEapolFl…	Unsigned32 Constraints: `range: 1-100`	`.1.3.6.1.4.1.9.9.456.1.1.7.1.1`
cDot11WidsEapolFloodClientMac This object identifies the MAC address of the wireless client that has made the maximum number of authentication attempts in the duration specified by the cDot11WidsEapolFloodInterval object. At the end …	SNMPv2-TCMacAddress Textual Convention: SNMPv2-TCMacAddress `OctetString` Type Constraints: `range: 6`	`.1.3.6.1.4.1.9.9.456.1.1.7.1.2`
cDot11WidsEapolFloodClientCount This object provides the count associated with the client with largest number of attempts in the last interval. When the flood event is observed to be stopped, as indicated by a non-zero value for the cDo…	SNMPv2-SMIUnsigned32 Textual Convention: SNMPv2-SMIUnsigned32 `Unsigned32` Type Constraints: `range: 0..4294967295`	`.1.3.6.1.4.1.9.9.456.1.1.7.1.3`
cDot11WidsEapolFloodStartTime This object indicates the time at which the EAPOL flood event identified by one entry of this table was observed first at this radio interface.	SNMPv2-TCTimeStamp Textual Convention: SNMPv2-TCTimeStamp `Unsigned32`	`.1.3.6.1.4.1.9.9.456.1.1.7.1.4`
cDot11WidsEapolFloodStopTime This object indicates the time at which the the EAPOL flood event observed first at the time indicated by cDot11WidsEapolFloodStartTime has stopped. If this 802.11 station finds that the flood conditions…	SNMPv2-TCTimeStamp Textual Convention: SNMPv2-TCTimeStamp `Unsigned32`	`.1.3.6.1.4.1.9.9.456.1.1.7.1.5`
cDot11WidsEapolFloodTotalCount This object gives the accumulated count of the number of authentication attempts made by all the clients at the time of query.	SNMPv2-SMICounter32 Textual Convention: SNMPv2-SMICounter32 `Unsigned32` Type Constraints: `range: 0..4294967295`	`.1.3.6.1.4.1.9.9.456.1.1.7.1.6`

cDot11WidsBlackListTable

table

.1.3.6.1.4.1.9.9.456.1.1.8 · 1 row entry · 3 columns

Open in standard view

This table gives the information about the
802.11 wireless clients that have been blacklisted
while attempting to get authenticated with this
802.11 station at this radio interface.
          
An entry is added to this table when the number
of consecutive failed authentication attempts
made by a client equals the value configured
through cDot11WidsBlackListThreshold.  The
client will then be blocked from getting
authenticated for a time period equal to the
value configured through
cDot11WidsBlackListDuration.  After this time
elapses, the client is taken off from the list
and the agent automatically removes the entry
corresponding to that client from this table.
          
This table has a expansion dependent relationship on
the ifTable.  For each entry in this table, there
exists at least an entry in the ifTable of ifType
ieee80211(71).  cDot11BlackListIndex acts as the
expansion index.

cDot11WidsBlackListEntry entry .1.3.6.1.4.1.9.9.456.1.1.8.1

Each entry holds the information about one
802.11 wireless client that has been blacklisted
when attempting to get authenticated with
this 802.11 station at this radio interface.

Indexes

IF-MIBifIndex cDot11WidsBlackListClientMac

Column	Syntax	OID
cDot11WidsBlackListClientMac This object indicates the Mac Address of the blacklisted client.	SNMPv2-TCMacAddress Textual Convention: SNMPv2-TCMacAddress `OctetString` Type Constraints: `range: 6`	`.1.3.6.1.4.1.9.9.456.1.1.8.1.1`
cDot11WidsBlackListAttemptCount This object counts the total number of attempts made by the client identified by cDot11WidsBlackListClientMac to get authenticated with the 802.11 station through this radio interface.	SNMPv2-SMICounter32 Textual Convention: SNMPv2-SMICounter32 `Unsigned32` Type Constraints: `range: 0..4294967295`	`.1.3.6.1.4.1.9.9.456.1.1.8.1.2`
cDot11WidsBlackListTime This object indicates the time at which the client was blacklisted after failing in its attempt to get authenticated with this 802.11 station at this radio interface.	SNMPv2-TCTimeStamp Textual Convention: SNMPv2-TCTimeStamp `Unsigned32`	`.1.3.6.1.4.1.9.9.456.1.1.8.1.3`

cDot11WidsProtectFailClientTable

table

.1.3.6.1.4.1.9.9.456.1.2.1 · 1 row entry · 13 columns

Open in standard view

This table gives the statistics on the various
protection failures occurred during the data
communication of this 802.11 station with a
particular client currently associated at this
dot11 interface.
          
Note that the agent populates this table with an
entry for an associated client if and only if 
at least one of the error statistics, as reported
by the counter-type objects of this table, has a
non-zero value.
          
This table has a expansion dependent relationship on
the ifTable.  For each entry in this table, there
exists at least an entry in the ifTable of ifType
ieee80211(71).  cDot11WidsSsid and 
cDot11WidsClientMacAddress act as the
expansion indices.

cDot11WidsProtectFailClientEntry entry .1.3.6.1.4.1.9.9.456.1.2.1.1

Each entry holds the information about the
protection failures observed at this radio
interface when this 802.11 station communicates with
its associated client identified by
cDot11WidsClientMacAddress at the interface
…

Indexes

IF-MIBifIndex cDot11WidsSsid cDot11WidsClientMacAddress

Column	Syntax	OID
cDot11WidsSsid This object specifies one of the SSIDs of this radio interface using which the client has associated with the 802.11 station.	OctetString Constraints: `range: 1-32`	`.1.3.6.1.4.1.9.9.456.1.2.1.1.1`
cDot11WidsClientMacAddress This object identifies the MAC address of the associated client to which this set of statistics are applicable.	SNMPv2-TCMacAddress Textual Convention: SNMPv2-TCMacAddress `OctetString` Type Constraints: `range: 6`	`.1.3.6.1.4.1.9.9.456.1.2.1.1.2`
cDot11WidsSelPairWiseCipher This object identifies the pairwise cipher used by the client identified by cDot11WidsClientMacAddress during its association with this 802.11 station at the interface identified by ifIndex.	OctetString Constraints: `range: 4-4`	`.1.3.6.1.4.1.9.9.456.1.2.1.1.3`
cDot11WidsTkipIcvErrors This object counts the total number of TKIP ICV Errors observed in the data communication between this 802.11 station and the client indicated by cDot11WidsClientMacAddress since the client's association with this 802.1…	SNMPv2-SMICounter32 Textual Convention: SNMPv2-SMICounter32 `Unsigned32` Type Constraints: `range: 0..4294967295`	`.1.3.6.1.4.1.9.9.456.1.2.1.1.4`
cDot11WidsTkipLocalMicFailures This object counts the total number of TKIP local MIC failures observed in the data communication between this 802.11 station and the client indicated by cDot11WidsClientMacAddress since the client's association with t…	SNMPv2-SMICounter32 Textual Convention: SNMPv2-SMICounter32 `Unsigned32` Type Constraints: `range: 0..4294967295`	`.1.3.6.1.4.1.9.9.456.1.2.1.1.5`
cDot11WidsTkipRemoteMicFailures This object counts the total number of TKIP remote MIC failures observed in the data communication between this 802.11 station and the client indicated by cDot11WidsClientMacAddress since the client's association with t…	SNMPv2-SMICounter32 Textual Convention: SNMPv2-SMICounter32 `Unsigned32` Type Constraints: `range: 0..4294967295`	`.1.3.6.1.4.1.9.9.456.1.2.1.1.6`
cDot11WidsCcmpReplays This object counts the total number of CCMP replay failures observed in the data communication between this 802.11 station and the client indicated by cDot11WidsClientMacAddress since the client's association with this …	SNMPv2-SMICounter32 Textual Convention: SNMPv2-SMICounter32 `Unsigned32` Type Constraints: `range: 0..4294967295`	`.1.3.6.1.4.1.9.9.456.1.2.1.1.7`
cDot11WidsCcmpDecryptErrors This object counts the total number of CCMP decryption failures observed in the data communication between this 802.11 station and the client indicated by cDot11WidsClientMacAddress since the client's association with t…	SNMPv2-SMICounter32 Textual Convention: SNMPv2-SMICounter32 `Unsigned32` Type Constraints: `range: 0..4294967295`	`.1.3.6.1.4.1.9.9.456.1.2.1.1.8`
cDot11WidsTkipReplays This object counts the total number of TKIP replay failures observed in the data communication between this 802.11 station and the client indicated by cDot11WidsClientMacAddress since the client's association with this …	SNMPv2-SMICounter32 Textual Convention: SNMPv2-SMICounter32 `Unsigned32` Type Constraints: `range: 0..4294967295`	`.1.3.6.1.4.1.9.9.456.1.2.1.1.9`
cDot11WidsWepReplays This object counts the total number of WEP Replay errors observed in the data communication between this 802.11 station and the client indicated by cDot11WidsClientMacAddress since the client's association with this 802…	SNMPv2-SMICounter32 Textual Convention: SNMPv2-SMICounter32 `Unsigned32` Type Constraints: `range: 0..4294967295`	`.1.3.6.1.4.1.9.9.456.1.2.1.1.10`
cDot11WidsWepIcvErrors This object counts the total number of WEP ICV errors observed in the data communication between this 802.11 station and the client indicated by cDot11WidsClientMacAddress since the client's association with this 802.11…	SNMPv2-SMICounter32 Textual Convention: SNMPv2-SMICounter32 `Unsigned32` Type Constraints: `range: 0..4294967295`	`.1.3.6.1.4.1.9.9.456.1.2.1.1.11`
cDot11WidsCkipReplays This object counts the total number of CKIP replay errors observed in the data communication between this 802.11 station and the client indicated by cDot11WidsClientMacAddress since the client's association with this 80…	SNMPv2-SMICounter32 Textual Convention: SNMPv2-SMICounter32 `Unsigned32` Type Constraints: `range: 0..4294967295`	`.1.3.6.1.4.1.9.9.456.1.2.1.1.12`
cDot11WidsCkipCmicErrors This object counts the total number of CKIP-CMIC errors observed in the data communication between this 802.11 station and the client indicated by cDot11WidsClientMacAddress since the client's association with this 802…	SNMPv2-SMICounter32 Textual Convention: SNMPv2-SMICounter32 `Unsigned32` Type Constraints: `range: 0..4294967295`	`.1.3.6.1.4.1.9.9.456.1.2.1.1.13`