CISCO-LWAPP-ROGUE-MIB MIB – Observium MIB Browser

CISCO-LWAPP-ROGUE-MIB

        This MIB is intended to be implemented on all those
devices operating as Central Controllers, that
terminate the Light Weight Access Point Protocol
tunnel from Cisco Light-weight LWAPP Access Points.
        
This MIB provides information about the Rogue APs
and Clients that are detected by the controller.
        
The relationship between CC and the LWAPP APs
can be depicted as follows:
        
      +......+     +......+     +......+
      +      +     +      +     +      +
      +  CC  +     +  CC  +     +  CC  +
      +      +     +      +     +      +
      +......+     +......+     +......+
        ..            .             .
        ..            .             .
       .  .            .             .
      .    .            .             .
     .      .            .             .
    .        .            .             .
+......+ +......+     +......+      +......+
+      + +      +     +      +      +      +
+  AP  + +  AP  +     +  AP  +      +  AP  +
+      + +      +     +      +      +      +
+......+ +......+     +......+      +......+
           .              .             .
         .  .              .             .
        .    .              .             .
       .      .              .             .
      .        .              .             .
   +......+ +......+     +......+      +......+
   +      + +      +     +      +      +      +
   +  MN  + +  MN  +     +  MN  +      +  MN  +
   +      + +      +     +      +      +      +
   +......+ +......+     +......+      +......+
        
        
The LWAPP tunnel exists between the controller and
the APs.  The MNs communicate with the APs through
the protocol defined by the 802.11 standard.
        
LWAPP APs, upon bootup, discover and join one of the
controllers and the controller pushes the configuration,
that includes the WLAN parameters, to the LWAPP APs.
The APs then encapsulate all the 802.11 frames from
wireless clients inside LWAPP frames and forward
the LWAPP frames to the controller.
        
                   GLOSSARY
        
Access Point ( AP )
        
An entity that contains an 802.11 medium access
control ( MAC ) and physical layer ( PHY ) interface
and provides access to the distribution services via
the wireless medium for associated clients.  
        
LWAPP APs encapsulate all the 802.11 frames in
LWAPP frames and sends them to the controller to which
it is logically connected.
        
Light Weight Access Point Protocol ( LWAPP )
        
This is a generic protocol that defines the 
communication between the Access Points and the
Central Controller. 
        
Mobile Node ( MN )
        
A roaming 802.11 wireless device in a wireless
network associated with an access point. Mobile Node 
and client are used interchangeably. 
        
Rogue
        
Any 802.11 device which is not part of the RF network 
is a Rogue device.
        
Ad-hoc Network 
        
A set of mobile devices within direct communication 
range establishing a network among themselves for 
transmitting data, without the use of a Access point 
is called a ad-hoc network. 
        
Rogue Ad-hoc Client
        
Any 802.11 client which is part of that ad-hoc network, 
but not in the trusted list.
        
Service Set Identifier ( SSID )
        
SSID is a unique identifier that APs and clients
use to identify with each other.  SSID is a simple
means of access control and is not for security.
The SSID can be any alphanumeric entry up to 32
characters.
        
RSSI
        
Received Signal Strength Indication (RSSI), the IEEE 802.11
standard defines a mechanism by which RF energy is to be
measured by the circuitry on a wireless NIC. Its value is
measured in dBm and ranges from -128 to 0.
        
Rogue Location Detection Protocol (RLDP)
        
RLDP is a protocol to detect and automatically 
contain rogue devices. When the controller discovers 
a rogue access point, it uses the Rogue Location 
Discovery Protocol (RLDP) to determine if the 
rogue is attached to your network.
RLDP can be enabled/disabled per controller level.
        
LRAD (LWAPP RADIO)
        
Light Weight Access Point Protocol Radio 
basically ones own AP.       
REFERENCE
        
[1] Wireless LAN Medium Access Control ( MAC ) and
    Physical Layer ( PHY ) Specifications.
        
[2] Draft-obara-capwap-lwapp-00.txt, IETF Light 
    Weight Access Point Protocol.

ciscoLwappRogueMIB 1.3.6.1.4.1.9.9.610

Imported Objects

CISCO-LWAPP-AP-MIB	cLApDot11IfType cLApDot11RadioChannelNumber cLApDot11RadioMACAddress cLApIfSmtDot11Bssid cLApName cLApRogueApMacAddress cLApRogueDetectedChannel cLApRogueDot11RadioBand cLApRogueMode
CISCO-LWAPP-DOT11-CLIENT-MIB	cldcClientMacAddress
CISCO-SMI	ciscoMgmt
SNMP-FRAMEWORK-MIB	SnmpAdminString
SNMPv2-CONF	MODULE-COMPLIANCE NOTIFICATION-GROUP OBJECT-GROUP
SNMPv2-SMI	Integer32 MODULE-IDENTITY NOTIFICATION-TYPE OBJECT-TYPE Unsigned32
SNMPv2-TC	MacAddress RowStatus StorageType TEXTUAL-CONVENTION TruthValue

Type Definitions (1)

CLAutoContainActions	Enumeration	`alarmOnly(1)` `contain(2)`

Objects (115)

ciscoLwappRogueMIB		`.1.3.6.1.4.1.9.9.610`
ciscoLwappRogueMIBNotifs		`.1.3.6.1.4.1.9.9.610.0`
ciscoLwappRogueMIBObjects		`.1.3.6.1.4.1.9.9.610.1`
cLRogueConfig		`.1.3.6.1.4.1.9.9.610.1.1`
cLRoguePolicyConfig		`.1.3.6.1.4.1.9.9.610.1.1.1`
cLRogueAdhocRogueReportEnable r/w	SNMPv2-TCTruthValue	`.1.3.6.1.4.1.9.9.610.1.1.1.1`
cLRogueContainAutoRateEnable r/w	SNMPv2-TCTruthValue	`.1.3.6.1.4.1.9.9.610.1.1.1.10`
cLRogueReportInterval r/w	secondsUnsigned32	`.1.3.6.1.4.1.9.9.610.1.1.1.2`
cLRogueMinimumRssi r/w	dBmInteger32	`.1.3.6.1.4.1.9.9.610.1.1.1.3`
cLRogueTransientInterval r/w	secondsUnsigned32	`.1.3.6.1.4.1.9.9.610.1.1.1.4`
cLRogueClientNumThreshold r/w	Unsigned32	`.1.3.6.1.4.1.9.9.610.1.1.1.5`
cLRogueDetectionSecurityLevel r/w	Enumeration	`.1.3.6.1.4.1.9.9.610.1.1.1.6`
cLRogueValidateRogueClientsAgainstMse r/w	Enumeration	`.1.3.6.1.4.1.9.9.610.1.1.1.7`
cLRogueValidateRogueApsAgainstAAA r/w	Enumeration	`.1.3.6.1.4.1.9.9.610.1.1.1.8`
cLRogueApPollingInterval r/w	secondsUnsigned32	`.1.3.6.1.4.1.9.9.610.1.1.1.9`
cLRogueAdhocRogueNotifEnabled r/w	SNMPv2-TCTruthValue	`.1.3.6.1.4.1.9.9.610.1.1.2`
cLRogueRuleConfig		`.1.3.6.1.4.1.9.9.610.1.1.3`
cLRuleConfigTable		`.1.3.6.1.4.1.9.9.610.1.1.3.1`
cLRuleConfigEntry	cLRuleName	`.1.3.6.1.4.1.9.9.610.1.1.3.1.1`
cLRuleName	OctetString	`.1.3.6.1.4.1.9.9.610.1.1.3.1.1.1`
cLRuleNotifyType r/w	Enumeration	`.1.3.6.1.4.1.9.9.610.1.1.3.1.1.10`
cLRuleStateType r/w	Enumeration	`.1.3.6.1.4.1.9.9.610.1.1.3.1.1.11`
cLRuleRogueType r/w	Enumeration	`.1.3.6.1.4.1.9.9.610.1.1.3.1.1.2`
cLRuleConditionsMatch r/w	Enumeration	`.1.3.6.1.4.1.9.9.610.1.1.3.1.1.3`
cLRulePriority r/w	Unsigned32	`.1.3.6.1.4.1.9.9.610.1.1.3.1.1.4`
cLRuleEnable r/w	SNMPv2-TCTruthValue	`.1.3.6.1.4.1.9.9.610.1.1.3.1.1.5`
cLRuleStorageType r/w	SNMPv2-TCStorageType	`.1.3.6.1.4.1.9.9.610.1.1.3.1.1.6`
cLRuleRowStatus r/w	SNMPv2-TCRowStatus	`.1.3.6.1.4.1.9.9.610.1.1.3.1.1.7`
cLRuleSeverityScore r/w	Unsigned32	`.1.3.6.1.4.1.9.9.610.1.1.3.1.1.8`
cLRuleClassificationName r/w	SNMP-FRAMEWORK-MIBSnmpAdminString	`.1.3.6.1.4.1.9.9.610.1.1.3.1.1.9`
cLConditionConfigTable		`.1.3.6.1.4.1.9.9.610.1.1.3.2`
cLConditionConfigEntry	cLRuleNamecLConditionName	`.1.3.6.1.4.1.9.9.610.1.1.3.2.1`
cLConditionName	OctetString	`.1.3.6.1.4.1.9.9.610.1.1.3.2.1.1`
cLConditionManagedSsidEnabled r/w	SNMPv2-TCTruthValue	`.1.3.6.1.4.1.9.9.610.1.1.3.2.1.10`
cLConditionDuration r/w	secondsUnsigned32	`.1.3.6.1.4.1.9.9.610.1.1.3.2.1.11`
cLConditionType r/w	Enumeration	`.1.3.6.1.4.1.9.9.610.1.1.3.2.1.2`
cLConditionValue r/w	Integer32	`.1.3.6.1.4.1.9.9.610.1.1.3.2.1.3`
cLConditionEnable r/w	SNMPv2-TCTruthValue	`.1.3.6.1.4.1.9.9.610.1.1.3.2.1.4`
cLConditionStorageType r/w	SNMPv2-TCStorageType	`.1.3.6.1.4.1.9.9.610.1.1.3.2.1.5`
cLConditionRowStatus r/w	SNMPv2-TCRowStatus	`.1.3.6.1.4.1.9.9.610.1.1.3.2.1.6`
cLConditionRssi r/w	Integer32	`.1.3.6.1.4.1.9.9.610.1.1.3.2.1.7`
cLConditionClientCount r/w	Unsigned32	`.1.3.6.1.4.1.9.9.610.1.1.3.2.1.8`
cLConditionNoEncryptionEnabled r/w	SNMPv2-TCTruthValue	`.1.3.6.1.4.1.9.9.610.1.1.3.2.1.9`
cLConditionSsidConfigTable		`.1.3.6.1.4.1.9.9.610.1.1.3.3`
cLConditionSsidConfigEntry	cLRuleNamecLConditionNamecLConditionSsidValue	`.1.3.6.1.4.1.9.9.610.1.1.3.3.1`
cLConditionSsidValue	OctetString	`.1.3.6.1.4.1.9.9.610.1.1.3.3.1.1`
cLConditionSsidStorageType r/w	SNMPv2-TCStorageType	`.1.3.6.1.4.1.9.9.610.1.1.3.3.1.2`
cLConditionSsidRowStatus r/w	SNMPv2-TCRowStatus	`.1.3.6.1.4.1.9.9.610.1.1.3.3.1.3`
cLConditionSsidType r/w	Enumeration	`.1.3.6.1.4.1.9.9.610.1.1.3.3.1.4`
cLRogueIgnoreListConfig		`.1.3.6.1.4.1.9.9.610.1.1.4`
cLRogueIgnoreListTable		`.1.3.6.1.4.1.9.9.610.1.1.4.1`
cLRogueIgnoreListEntry	cLRogueIgnoreListMACAddress	`.1.3.6.1.4.1.9.9.610.1.1.4.1.1`
cLRogueIgnoreListMACAddress	SNMPv2-TCMacAddress	`.1.3.6.1.4.1.9.9.610.1.1.4.1.1.1`
cLRogueIgnoreListStorageType r/w	SNMPv2-TCStorageType	`.1.3.6.1.4.1.9.9.610.1.1.4.1.1.2`
cLRogueIgnoreListRowStatus r/w	SNMPv2-TCRowStatus	`.1.3.6.1.4.1.9.9.610.1.1.4.1.1.3`
cLRldpAutoContainConfig		`.1.3.6.1.4.1.9.9.610.1.1.5`
cLRldpAutoContainFeatureOnWiredNetwork r/w	Enumeration	`.1.3.6.1.4.1.9.9.610.1.1.5.1`
cLRldpAutoContainRoguesAdvertisingSsid r/w	CLAutoContainActions	`.1.3.6.1.4.1.9.9.610.1.1.5.2`
cLRldpAutoContainAdhocNetworks r/w	CLAutoContainActions	`.1.3.6.1.4.1.9.9.610.1.1.5.3`
cLRldpAutoContainTrustedClientsOnRogueAps r/w	CLAutoContainActions	`.1.3.6.1.4.1.9.9.610.1.1.5.4`
cLRldpAutoContainLevel r/w	Integer32	`.1.3.6.1.4.1.9.9.610.1.1.5.5`
cLRldpAutoContainOnlyforMonitorModeAps r/w	Enumeration	`.1.3.6.1.4.1.9.9.610.1.1.5.6`
cLRldpAutoContainFlexStandaloneAp r/w	Enumeration	`.1.3.6.1.4.1.9.9.610.1.1.5.7`
cLRogueApConfig		`.1.3.6.1.4.1.9.9.610.1.1.6`
cLRogueApTable deprecated		`.1.3.6.1.4.1.9.9.610.1.1.6.1`
cLRogueApEntry deprecated	cLRogueApMACAddress	`.1.3.6.1.4.1.9.9.610.1.1.6.1.1`
cLRogueApMACAddress deprecated	SNMPv2-TCMacAddress	`.1.3.6.1.4.1.9.9.610.1.1.6.1.1.1`
cLRogueApClassType deprecated r/w	Enumeration	`.1.3.6.1.4.1.9.9.610.1.1.6.1.1.2`
cLRogueApState deprecated r/w	Enumeration	`.1.3.6.1.4.1.9.9.610.1.1.6.1.1.3`
cLRogueApStorageType deprecated r/w	SNMPv2-TCStorageType	`.1.3.6.1.4.1.9.9.610.1.1.6.1.1.4`
cLRogueApRowStatus deprecated r/w	SNMPv2-TCRowStatus	`.1.3.6.1.4.1.9.9.610.1.1.6.1.1.5`
cLRogueApListTable		`.1.3.6.1.4.1.9.9.610.1.1.6.2`
cLRogueApListEntry	cLRogueApMacAddr	`.1.3.6.1.4.1.9.9.610.1.1.6.2.1`
cLRogueApMacAddr	SNMPv2-TCMacAddress	`.1.3.6.1.4.1.9.9.610.1.1.6.2.1.1`
cLRogueApSeverityScore	Unsigned32	`.1.3.6.1.4.1.9.9.610.1.1.6.2.1.2`
cLRogueApRuleName	SNMP-FRAMEWORK-MIBSnmpAdminString	`.1.3.6.1.4.1.9.9.610.1.1.6.2.1.3`
cLRogueApClassName	SNMP-FRAMEWORK-MIBSnmpAdminString	`.1.3.6.1.4.1.9.9.610.1.1.6.2.1.4`
cLRogueClientConfig		`.1.3.6.1.4.1.9.9.610.1.1.7`
cLRogueClientTable		`.1.3.6.1.4.1.9.9.610.1.1.7.1`
cLRogueClientEntry	cLRogueClientMacAddress	`.1.3.6.1.4.1.9.9.610.1.1.7.1.1`
cLRogueClientMacAddress	SNMPv2-TCMacAddress	`.1.3.6.1.4.1.9.9.610.1.1.7.1.1.1`
cLRogueClientGatewayMacAddress	SNMPv2-TCMacAddress	`.1.3.6.1.4.1.9.9.610.1.1.7.1.1.2`
cLRogueApDetectingApDetails		`.1.3.6.1.4.1.9.9.610.1.1.8`
cLRogueAPDetectingAPTable		`.1.3.6.1.4.1.9.9.610.1.1.8.1`
cLRogueAPDetectingAPEntry	cLRogueApMacAddrcLRogueAPDetectingAPMacAddresscLRogueAPDetectingAPSlotId	`.1.3.6.1.4.1.9.9.610.1.1.8.1.1`
cLRogueAPDetectingAPMacAddress	SNMPv2-TCMacAddress	`.1.3.6.1.4.1.9.9.610.1.1.8.1.1.1`
cLRogueAPContainmentChannelCount	Unsigned32	`.1.3.6.1.4.1.9.9.610.1.1.8.1.1.10`
cLRogueAPContainmentChannels	SNMP-FRAMEWORK-MIBSnmpAdminString	`.1.3.6.1.4.1.9.9.610.1.1.8.1.1.11`
cLRogueAPDetectingAPLastHeard	SNMPv2-SMICounter32	`.1.3.6.1.4.1.9.9.610.1.1.8.1.1.12`
cLRogueAPDetectingAPWepMode	Enumeration	`.1.3.6.1.4.1.9.9.610.1.1.8.1.1.13`
cLRogueAPDetectingAPPreamble	Enumeration	`.1.3.6.1.4.1.9.9.610.1.1.8.1.1.14`
cLRogueAPDetectingAPWpaMode	Enumeration	`.1.3.6.1.4.1.9.9.610.1.1.8.1.1.15`
cLRogueAPDetectingAPWpa2Mode	Enumeration	`.1.3.6.1.4.1.9.9.610.1.1.8.1.1.16`
cLRogueAPDetectingAPFTMode	Enumeration	`.1.3.6.1.4.1.9.9.610.1.1.8.1.1.17`
cLRogueAPDetectingAPSNR	Integer32	`.1.3.6.1.4.1.9.9.610.1.1.8.1.1.18`
cLRogueAPChannelWidth	Enumeration	`.1.3.6.1.4.1.9.9.610.1.1.8.1.1.19`
cLRogueAPDetectingAPSlotId	Unsigned32	`.1.3.6.1.4.1.9.9.610.1.1.8.1.1.2`
cLRogueAPPhysicalAPSlot	Integer32	`.1.3.6.1.4.1.9.9.610.1.1.8.1.1.20`
cLRogueAPRadioType	Enumeration	`.1.3.6.1.4.1.9.9.610.1.1.8.1.1.3`
cLRogueAPDetectingAPName	SNMP-FRAMEWORK-MIBSnmpAdminString	`.1.3.6.1.4.1.9.9.610.1.1.8.1.1.4`
cLRogueAPChannelNumber	Integer32	`.1.3.6.1.4.1.9.9.610.1.1.8.1.1.5`
cLRogueAPSsid	SNMP-FRAMEWORK-MIBSnmpAdminString	`.1.3.6.1.4.1.9.9.610.1.1.8.1.1.6`
cLRogueAPHiddenSsid	Enumeration	`.1.3.6.1.4.1.9.9.610.1.1.8.1.1.7`
cLRogueAPDetectingAPRSSI	Integer32	`.1.3.6.1.4.1.9.9.610.1.1.8.1.1.8`
cLRogueAPContainmentMode	Enumeration	`.1.3.6.1.4.1.9.9.610.1.1.8.1.1.9`
ciscoLwappRogueMIBConform		`.1.3.6.1.4.1.9.9.610.2`
ciscoLwappRogueMIBCompliances		`.1.3.6.1.4.1.9.9.610.2.1`
ciscoLwappRogueMIBGroups		`.1.3.6.1.4.1.9.9.610.2.2`
ciscoLwappRogueMIBNotifObjects		`.1.3.6.1.4.1.9.9.610.3`
cLRogueApContainmentLevel	Enumeration	`.1.3.6.1.4.1.9.9.610.3.1`
cLRogueClientTotalDetectingAPs	Integer32	`.1.3.6.1.4.1.9.9.610.3.2`
cLRogueClientFirstReported	SNMP-FRAMEWORK-MIBSnmpAdminString	`.1.3.6.1.4.1.9.9.610.3.3`
cLRogueClientLastReported	SNMP-FRAMEWORK-MIBSnmpAdminString	`.1.3.6.1.4.1.9.9.610.3.4`
cLRogueClientGatewayMac	SNMPv2-TCMacAddress	`.1.3.6.1.4.1.9.9.610.3.5`
cLLastDetectingRadioMACAddress	SNMPv2-TCMacAddress	`.1.3.6.1.4.1.9.9.610.3.6`

Notifications / Traps (5)

Name	OID	Description
cLRogueAdhocRogueDetected CISCO-LWAPP-AP-MIBcLApName	`.1.3.6.1.4.1.9.9.610.0.1`	This notification is generated by the controller when a a rogue is detected. The name of the AP that detected this rogue is sent in the notification.
cLRogueClientExceededThreshold CISCO-LWAPP-AP-MIBcLApDot11RadioMACAddress CISCO-LWAPP-AP-MIBcLApDot11RadioChannelNumber CISCO-LWAPP-AP-MIBcLApRogueApMacAddress CISCO-LWAPP-DOT11-CLIENT-MIBcldcClientMacAddress CISCO-LWAPP-AP-MIBcLApDot11IfType CISCO-LWAPP-AP-MIBcLApIfSmtDot11Bssid cLRuleStateType CISCO-LWAPP-AP-MIBcLApRogueDetectedChannel CISCO-LWAPP-AP-MIBcLApRogueDot11RadioBand	`.1.3.6.1.4.1.9.9.610.0.2`	This notification is generated by the controller when a rogue client exceeds its maximum threshold configured. The details of Rogue AP and Rogue Clients is sent in the notification.
cLRogueExceededClientRemovedThreshold CISCO-LWAPP-AP-MIBcLApDot11RadioMACAddress CISCO-LWAPP-AP-MIBcLApDot11RadioChannelNumber CISCO-LWAPP-AP-MIBcLApRogueApMacAddress CISCO-LWAPP-DOT11-CLIENT-MIBcldcClientMacAddress CISCO-LWAPP-AP-MIBcLApDot11IfType CISCO-LWAPP-AP-MIBcLApIfSmtDot11Bssid cLRuleStateType CISCO-LWAPP-AP-MIBcLApRogueDetectedChannel CISCO-LWAPP-AP-MIBcLApRogueDot11RadioBand	`.1.3.6.1.4.1.9.9.610.0.3`	This notification is generated by the controller when a rogue client is removed from the rogue AP and still the client count of the rogue AP is greater than the maximum threshold configured. The details of Rogue AP and Rogue Clients is sent in the notification.
cLRogueApRuleContained CISCO-LWAPP-AP-MIBcLApRogueApMacAddress cLRogueApContainmentLevel	`.1.3.6.1.4.1.9.9.610.0.4`	This notification is generated by the controller when a rogue AP is contained due to Rogue Rule.
cLRogueClientDetected CISCO-LWAPP-DOT11-CLIENT-MIBcldcClientMacAddress cLLastDetectingRadioMACAddress CISCO-LWAPP-AP-MIBcLApRogueApMacAddress CISCO-LWAPP-AP-MIBcLApRogueMode cLRogueClientTotalDetectingAPs cLRogueClientFirstReported cLRogueClientLastReported cLRogueClientGatewayMac	`.1.3.6.1.4.1.9.9.610.0.5`	This notification is generated by the controller when a rogue client is detected.