SNMP MIB Search

A collection of attributes defining an auxiliary
service set ID which client stations can use for
association for the device.  Entries can be
installed on multiple radio interfaces.

Each entry specifies a pre-defined
authentication algorithms and additional
authentication procedures for clients of an
auxiliary SSID.  The three pre-defined
authentication algorithms are:
openSystem(1),
sharedKey(2), and
network-EAP(3).
The valid combination of the pre-defined
authentications and additional procedures are:
openSystem(1)  - plus EAP
- plus MAC or EAP
sharedKey(2)   - plus MAC and EAP
- plus EAP
network-EAP(3) - plus MAC.

A collection of attributes for an auxiliary
service set ID installed on a IEEE 802.11 radio
interface.  An interface can have multiple
auxiliary service set ID installed and the
current maximum for each radio interface is
16 SSIDs, and the cd11IfAuxiliarySsidLength
object specifies the configured maximum.

Each entry is a MAC address assigned to the IEEE
802.11 radio available to be used as a BSSID and
broadcasted in the radio beacon when MBSSID feature
is enabled.

Each entry defines an SSID being configured on
the radio and the corresponding BSSID.

This object configures the use of local
authentication server.  If it is 'true',
local authentication server is enabled. If it
is 'false', the local authentication server is
disabled.  If both local and network servers are
configured, the local server is used as back up
when network authentication server is not
available.

A collection of attributes defining the properties
of a VLAN name and the corresponding VLAN ID.

This object specifies a SSID defined on this
IEEE 802.11 wireless LAN device.  The SSID will
be installed on the radio interfaces for client
associations.  The radio interface shall respond
to probe requests using this SSID, but it does
not advertise this SSID in its beacons unless
the cdot11SecAuxSsidBroadcast is 'true'.

This object indicates if an auxiliary SSID
is a Broadcast SSID.  There should only be one
Broadcast SSID installed on any IEEE 802.11
radio interface if Multiple BSSID feature is
not enabled.  To enable this SSID for MBSSID
broadcast, use cdot11SecAuxSsidMbssidBroadcast.

This object indicates if an auxiliary SSID
is an infra-structure SSID.  There should only be
one infra-structure SSID installed on any IEEE
802.11 radio interface.  The infra-structure
SSID is used for uplink association while the
radio interface cd11IfStationRole is roleWgb(1),
roleRepeater(5), roleNrBridge(9), or
roleApNrBridge(10).
infraStructure(1) - infra-structure SSID,
nonInfraStructure(2) - Non infra-structure SSID,
optional(3) - use of this infra-structure SSID
is optional for uplink connection.

This object indicates if an auxiliary SSID
is enabled for Proxy Mobile-IP support.  If
Proxy Mobile-IP is not supported in VLAN
network environment, cdot11SecAuxSsidVlan should
be '0' when Proxy Mobile-IP is enabled via this
object.

This object defines the maximum number of IEEE
802.11 stations which may associate to a radio
interface through this SSID.  If the value
is '0', the maximum number is limited only by the
IEEE 802.11 standard and any hardware or radio
firmware limitations of the access point.

This object defines the VLAN trunk at which the
traffic will be used when a client is associating
with this SSID.  The default value is '0', no
VLAN is configured or used for this SSID.

This object configures Wi-Fi Protected Access
Pre-shared Key for this SSID.  This key is used
for association authentication and dynamic
encryption key generation.  The default value
is ''H if this shared key feature is not enabled.

This object defines the name of the AAA accounting
list to be used for association accounting.  The
default value is an empty string if AAA accounting
is not enabled.

This object specifies the username used for
LEAP authentication and association to an uplink
AP while this SSID is in infra-structure mode, i.e.
cdot11SecAuxSsidInfraStruct is 'true'.  The default
value is an empty string if this feature is not
enabled.

This object specifies the password used for
LEAP authentication association to an uplink
AP while this SSID is in infra-structure mode, i.e.
cdot11SecAuxSsidInfraStruct is 'true'.  The default
value is an empty string if this feature is not
enabled.

This object specifies the type of key management
employed for encryption keys defined for the VLAN
in cdot11SecAuxSsidVlan.
WPA key management should only be selected
when encryption is TKIP and authentication is
open, i.e. dot11AuthenticationAlgorithmsIndex
is openSystem(1), together either with EAP or
WPA-PSK for this SSID.
CCKM key management can be used with encryption
TKIP, WEP, CKIP, and Network-EAP authentication
for this SSID.
If none of the bits are set, there is no run-time
key management for this SSID.

This object specifies if the type of key
management, cdot11SecAuxSsidAuthKeyMgmt,
selected is optional.  If it is 'true' and
cdot11SecAuxSsidAuthKeyMgmt is not 'none',
the key management is optional.  If it is
'false' and cdot11SecAuxSsidAuthKeyMgmt
is not 'none', the key management is
mandatory.

This is used to create a new SSID entry on this
device, and modify or delete an existing SSID
entry.
Creation of rows must be done via 'createAndGo'
with or without optional objects.  This object will
become 'active' if the NMS performs a multivarbind
set including this object and successfully creates
the SSID on this device.
Modification and deletion (via 'destroy') of rows can
be done when this object is 'active'.  Any change
to an existing SSID configuration can cause clients
associating with the SSID to disassociate.  And,
depends on the implementation, changes on the
existing SSIDs may not affect installed SSID on the
radio interfaces.  Therefore, users are advised
to reset the corresponding SSID on the radio
interface via the cdot11SecInterfSsidTable.

This object sets the Wireless Network ID of this
SSID.  This ID is used for Cisco GRE tunneling in
layer 3 switching.  The valid range for the ID is
'1' to '4096' and the default value is '0' and it
indicates no ID is configured or used on this SSID.

This is the address type of for the
cdot11SecSsidRedirectDestAddr.

This is the destination address set to all packets
received from wireless clients associated to this
wireless station using the cdot11SecAuxSsid.  The
cdot11SecSsidRedirectAddrType specifies the type
of this address.  The default value  '00000000'H
of cdot11SecSsidRedirectAddrType 'ipv4' indicates
that this packet redirection feature is not
enabled.

When the packet redirection feature is enable
(i.e., cdot11SecSsidRedirectAddrType is 'ipv4'
and cdot11SecSsidRedirectDestAddr value is not
'00000000'H), this is the Cisco IP extended
access list number or name used for filtering
packets from wireless clients.  Only packets
passed by the access list will be allowed to
forward to the cdot11SecSsidRedirectDestAddr.
If packet redirection is disabled, this
access list will not be applied.
The default value is an empty string to
indicate that no access list filter will be
applied.

This is the set of Information Elements and
extended capabilities embedded in the SSID
broadcasted in beacons and probe responses.
The extended capabilities 'advertisement' and 'wps'
are allowed only if 'ssidl' is set.

This is the name of the cdot11SecAuxSsidVlan.  Either
cdot11SecAuxSsidVlan or cdot11SecAuxSsidVlanName can
be used to set the VLAN trunk for client traffic of
this SSID.  If both cdot11SecAuxSsidVlanName and
cdot11SecAuxSsidVlan are set in a query, the set query
will succeed if only if there is a matching pair of
cdot11SecVlanName and cdot11SecVlanNameId in the
cdot11SecVlanNameTable.
The default value is a blank string, no VLAN or VLAN
name is configured or used for this SSID.

This object controls if this SSID shall be
broadcasted if MBSSID is enabled at the interface
which this SSID is attached, i.e.
if both cd11IfMultipleBssidEnable and
cdot11SecAuxSsidMbssidBroadcastis are 'true', then
this SSID is broadcasted.  Otherwise, this SSID
is not broadcasted.

This is the DTIM period for this MBSSID enabled SSID.
It is the number of beacon intervals that shall elapse
between transmission of Beacons frames containing a
TIM element whose DTIM Count field is 0.
This DTIM period is only applicable if MBSSID is
enabled at the interface which this SSID is attached,
i.e. cd11IfMultipleBssidEnable is 'true'.
The default value is 0 which indicates dot11DTIMPeriod
of IEEE802dot11-MIB is used.  The current valid DTIM
period range for the radio is 1 to 100.

If the value is 'true', this device may
authenticate an association using SSID (specified
by cdot11SecAuxSsid) with the corresponding
pre-defined algorithm (identified by the
dot11AuthenticationAlgorithmsIndex).  The default
value is 'true'.

If both the values of this object and
cdot11SecAuxSsidAuthEnabled are 'true', the
association authentication must complete additional
network-level EAP authentication before client
stations will be unblocked from their association
attempts.  If the value of this object is 'false'
while cdot11SecAuxSsidAuthEnabled is 'true', client
stations will be unblocked as soon as they
complete the enabled IEEE 802.11 authentication.
The default value is 'false' for no additional
EAP authentication.

If both the values of this object and
cdot11SecAuxSsidAuthEnabled are 'true', the
association authentication must complete additional
MAC address authentication before client stations
will be unblocked from their association
attempts.  If the value of this object is 'false'
while cdot11SecAuxSsidAuthEnabled is 'true', client
stations will be unblocked as soon as they
complete the enabled IEEE 802.11 authentication.
The default value is 'false' for no additional
MAC address authentication.

If the value of cdot11SecAuxSsidAuthPlusEap
is 'true' or dot11AuthenticationAlgorithm is
Network-EAP, this is the EAP method list to use
for the EAP authentication.  The default is an
empty string if EAP is not used.

If the value of cdot11SecAuxSsidAuthPlusMac
is 'true', this is the MAC address method list to
use for the MAC authentication.  The default is
an empty string if MAC address authentication
is not used.

If the values of this object,
cdot11SecAuxSsidAuthEnabled,
cdot11SecAuxSsidAuthPlusMac, and
cdot11SecAuxSsidAuthPlusEap are all 'true' and
the dot11AuthenticationAlgorithm is 'openSystem'
the, the association authentication only need to
complete either additional MAC address or
additional EAP authentication before client
stations will be unblocked from their association
attempts.  If the value of this object is 'false',
only one of the two additional authentications
should be enabled.  The default value is 'false'
for only one additional should be configured.

This is used to install a new SSID configuration,
and modify or delete an existing SSID configuration
on a radio interface.
Creation of rows must be done via 'createAndGo' and
with an existing ifIndex of ifType ieee80211(71)
and an existing cdot11SecAuxSsid in the
cdot11SecAuxSsidTable.  This object will become
'active' if the NMS performs a multivarbind set
including this object and successfully installs
the SSID on this interface.
Modification and deletion (via 'destroy') of rows can
be done when this object is 'active'.  Any change
to an existing SSID configuration can cause clients
associating with the SSID to disassociate.

This is an unique index identifying the
MAC address assigned on the radio.  If MBSSID
is not supported on this device, the only
available index number is 1.  Currently, if MBSSID
is supported, the index numbers are 1 to 16.

This MAC address can be used as BSSID and
broadcasted in the beacon with a SSID when
cd11IfMultipleBssidEnable is 'true'.

This is the BSSID to be sent with the radio SSID.
If MBSSID feature is not enabled (i.e.
cd11IfMultipleBssidEnable is 'false'), all SSIDs
will be sent by the radio with the same BSSID and
that is the radio hardware MAC address.
If MBSSID feature is enabled (i.e.
cd11IfMultipleBssidEnable is 'true'), all SSIDs
will be sent by the radio with different BSSIDs.

If d11IfMultipleBssidEnable is 'true', MBSSID
is enabled for the radio and this SSID is a
broadcast SSID as follows
'true'  - This SSID is a broadcast SSID and
being broadcasted in the radio beacon.
'false' - This SSID is not a broadcast SSID and
is not broadcasted in the radio beacon.

This object defines the VLAN name assigned to
wireless clients by the RADIUS server serving
this wireless station.

This object defines the VLAN trunk to which
a client associating to this wireless station
will be on.  The value is '0' is not valid.

This is used to create a new VLAN name to ID
mapping entry on this device, and modify or delete
an existing mapping entry.
Creation of rows must be done via 'createAndGo'
with all other mandatory objects.  This object will
become 'active' if the NMS performs a multivarbind
set including this object and successfully creates
the VLAN name entry on this device.
Modification and deletion (via 'destroy') of rows can
be done when this object is 'active'.  Any change
to an existing VLAN name to ID mapping configuration
do not affect existing associated wireless clients.

This table contains the list of SSIDs that all
radio interfaces of this device should install
and use for client associations.

This table contains attributes to configure
authentication parameters for SSIDs listed in the
cdot11SecAuxSsidTable.  This table extends the
IEEE802dot11-MIB dot11AuthenticationAlgorithmsTable
to defines additional attributes authentication
procedures for multiple SSIDs.  Multiple
authentication algorithms can apply to a single
auxiliary SSID.
This table has an expansion dependent relationship
on the cdot11SecAuxSsidTable.  For each entry in
this table, there exists at least an entry in the
cdot11SecAuxSsidTable.

This table contains the list of SSIDs installed
on radio interfaces of this device and are used
for client association.
This table has an expansion dependent relationship
on the ifTable.  For each entry in this table,
there exists at least an entry in the ifTable of
ifType ieee80211(71).

This table contains the list of available radio MAC
addresses for supporting MBSSID on the IEEE 802.11
radio.
This table has an expansion dependent relationship
on the ifTable.  For each entry in this table, there
exists at least an entry in the ifTable of ifType
ieee80211(71).

This table displays the list of SSIDs and their
corresponding BSSIDs configured on the IEEE
802.11 radios.
This table has an expansion dependent relationship
on the ifTable.  For each entry in this table, there
exists at least an entry in the ifTable of ifType
ieee80211(71).

This table contains the mapping of VLAN names to
IDs.  A RADIUS server servering this wireless
station can assign wireless clients associating
to this station to a particular VLAN by either
a VLAN name or an ID.
When the VLAN assign of a client is via VLAN name,
this table is used to look up for the corresponding
VLAN ID and VLAN configured on this wireless
station.  Each VLAN name uniquely identifies a
VLAN on a wireless station, and  a VLAN ID can
associate to multiple VLAN names in this table.

This MIB module provides network management
support for Cisco IEEE 802.11 Wireless LAN
devices association and authentication.
ACRONYMS
AES
Advanced Encryption Standard.
AP
Access point.
AID
Association IDentifier for wireless stations.
BSS
IEEE 802.11 Basic Service Set.
BSSID
Basic SSID, a MAC address.
CCKM
Cisco Central Key Management.
CCMP
Code Mode/CBC Mac Protocol.
CKIP
Cisco per packet key hashing.
CMIC
Cisco MMH MIC.
CRC
Cyclic Redundancy Check.
DTIM
Data Traffic Indication Map
EAP
Extensible Authentication Protocol.
GRE
Generic Routing Encapsulation
IAPP
Inter-Access-Point Protocol.
ICV
Integrity Check Value.
MBSSID
Multiple Basic SSID.
MIC
Message Integrity Check.
MMH
Multi-Modal Hashing.
MMIC
Michael MIC.
RF
Radio Frequency.
SSID
Radio Service Set Id.
SSIDL IE
SSID List Information Element
STA
IEEE 802.11 wireless station.
TKIP
WPA Temporal Key encryption.
VLAN
Virtual LAN.
WEP
Wired Equivalent Privacy.
WPA
Wi-Fi Protected Access.
WPS
Wireless Provisioning System.
GLOSSARY
Access point
Transmitter/receiver (transceiver) device
that commonly connects and transports data
between a wireless network and a wired network.
Association
The service used to establish access point
or station mapping and enable STA invocation
of the distribution system services.
(Wireless clients attempt to connect to
access points.)
Basic Service Set
The IEEE 802.11 BSS of an AP comprises of the
stations directly associating with the AP.
Bridge
Device that connects two or more segments
and reduces traffic by analyzing the
destination address, filtering the frame,
and forwarding the frame to all connected
segments.
Bridge AP
It is an AP that functions as a transparent
bridge between 2 wired LAN segments.
Broadcast SSID
Clients can send out Broadcast SSID Probe
Requests to a nearby AP, and the AP will
broadcast its own SSID within its beacons
to response to clients. Clients can use this
Broadcast SSID to associate and communicate
with the AP.
Extensible Authentication Protocol
EAP acts as the interface between a wireless
client and an authentication server, such as a
RADIUS server, to which the access point
communicates over the wired network.
IEEE 802.11
Standard to encourage interoperability among
wireless networking equipment.
IEEE 802.11b
High-rate wireless LAN standard for wireless
data transfer at up to 11 Mbps.
IEEE P802.11g
Higher Speed Physical Layer (PHY) Extension to
IEEE 802.11b, will boost wireless LAN speed to 54
Mbps by using OFDM (orthogonal frequency division
multiplexing).  The IEEE 802.11g specification is
backward compatible with the widely deployed IEEE
802.11b standard.
Inter-Access-Point Protocol
The IEEE 802.11 standard does not define how
access points track moving users or how to
negotiate a handoff from one access point to the
next, a process referred to as roaming.  IAPP is
a Cisco proprietary protocol to support roaming.
However, IAPP does not address how the wireless
system tracks users moving from one subnet to
another.
Independent network
Network that provides peer-to-peer connectivity
without relying on a complete network
infrastructure.
Information Element
Optional wireless network management data element
in the beacons and probe responses generated by
wireless stations.  These elements identify the
extended capabilities supported by the stations.
Integrity Check Value
The WEP ICV shall be a 32-bit value containing
the 32-bit cyclic redundancy code designed for
verifying wireless data frame integrity.
Message Integrity Check
A MIC can, optionally, be added to WEP-encrypted
802.11 frames.  MIC prevents attacks on encrypted
packets.  MIC, implemented on both the access point
and all associated client devices, adds a few bytes
to each packet to make the packets tamper-proof.
Multiple BSS-ID
An access point radio broadcasts and advertises
multiple SSIDs in the beacons.  For clients'
prospective, it is like there are multiple access
points existing in the wireless network.
Native VLAN ID
A switch port and/or AP can be configured with a
'native VLAN ID'.  Untagged or priority-tagged
frames are implicitly associated with the native
VLAN ID.  The default native VLAN ID is '1' if
VLAN tagging is enabled.  The native VLAN ID is '0'
or 'no VLAN ID' if VLAN tagging is not enabled.
Non-Root Bridge
This wireless bridge does not connect to the main
wired LAN segment.  It connects to a remote wired
LAN segment and can associate with root bridges and
other non-root bridges that accept client
associations.  It also can accept associations from
other non-root bridges, repeater access points,
and client devices.
Primary LAN
In an AP, if the destinations of inbound unicast
frames are unknown, the frames are sent toward
the primary LAN defined on the device.
Repeater
Device that connects multiple segments,
listening to each and regenerating the signal
on one to every other connected one; so that
the signal can travel further.
Repeater or Non-root Access Point
The repeater access point is not connected
to the wired LAN.  The Repeater is a wireless
LAN transceiver that transfers data between
a client and another access point, another
repeater, or between two bridges.  The repeater
is placed within radio range of an access point
connected to the wired LAN, another repeater, or
an non-root bridge to extend the range of the
infrastructure.
Radio Frequency
Radio wave and modulation process or operation.
Root Access Point
This access point connects clients to the main
wired LAN.
Root (Wireless) Bridge
This wireless bridge connects to the main wired
LAN.  It can communicate with non-root wireless
bridges, repeater access points, and client
devices but not with another wireless root
bridge.  Only one wireless bridge in a wireless
LAN can be set as the wireless root bridge.
Service Set ID
SSID is a unique identifier that APs and clients
use to identify with each other.  SSID is a simple
means of access control and is not for security.
The SSID can be any alphanumeric entry up to 32
characters.
Virtual LAN
VLAN defined in the IEEE 802.1Q VLAN standard
supports logically segmenting of LAN
infrastructure into different subnets or
workgroups so that packets are switched only
between ports within the same VLAN.
VLAN ID
Each VLAN is identified by a 12-bit 'VLAN ID'.
A VLAN ID of '0' is used to indicate
'no VLAN ID'.  Valid VLAN IDs range from '1' to
'4095'.  VLAN of ID '4095' is the default VLAN
for Cisco VoIP Phones.
Wired Equivalent Privacy
WEP is generally used to refer to 802.11
encryption.

This group includes objects to manage SSID
on IEEE 802.11 devices and interfaces.

This group includes objects to manage the
association and authentication algorithms
for SSIDs.

This group includes objects to manage the
association and authentication of this
wireless station module.

This group includes objects to manage the
VLAN name and ID mapping table.

This group includes objects providing
MBSSID configuration information.