CISCO-LWAPP-ROGUE-MIB: View SNMP OID List / Download MIB

VENDOR: CISCO


 Home MIB: CISCO-LWAPP-ROGUE-MIB
Download as:   

Download standard MIB format if you are planning to load a MIB file into some system (OS, Zabbix, PRTG ...) or view it with a MIB browser. CSV is more suitable for analyzing and viewing OID' and other MIB objects in excel. JSON and YAML formats are usually used in programing even though some systems can use MIB in YAML format (like Logstash).
Keep in mind that standard MIB files can be successfully loaded by systems and programs only if all the required MIB's from the "Imports" section are already loaded.
The tree-like SNMP object navigator requires no explanations because it is very simple to use. And if you stumbled on this MIB from Google note that you can always go back to the home page if you need to perform another MIB or OID lookup.


Object Name OID Type Access Info
 ciscoLwappRogueMIB 1.3.6.1.4.1.9.9.610
This MIB is intended to be implemented on all those devices operating as Central Controllers, that terminate the Light Weight Access Point Protocol tunnel from Cisco Light-weight LWAPP Access Points. This MIB provides information about the Rogue APs and Clients that are detected by the controller. The relationship between CC and the LWAPP APs can be depicted as follows: +......+ +......+ +......+ + + + + + + + CC + + CC + + CC + + + + + + + +......+ +......+ +......+ .. . . .. . . . . . . . . . . . . . . . . . . +......+ +......+ +......+ +......+ + + + + + + + + + AP + + AP + + AP + + AP + + + + + + + + + +......+ +......+ +......+ +......+ . . . . . . . . . . . . . . . . . . . +......+ +......+ +......+ +......+ + + + + + + + + + MN + + MN + + MN + + MN + + + + + + + + + +......+ +......+ +......+ +......+ The LWAPP tunnel exists between the controller and the APs. The MNs communicate with the APs through the protocol defined by the 802.11 standard. LWAPP APs, upon bootup, discover and join one of the controllers and the controller pushes the configuration, that includes the WLAN parameters, to the LWAPP APs. The APs then encapsulate all the 802.11 frames from wireless clients inside LWAPP frames and forward the LWAPP frames to the controller. GLOSSARY Access Point ( AP ) An entity that contains an 802.11 medium access control ( MAC ) and physical layer ( PHY ) interface and provides access to the distribution services via the wireless medium for associated clients. LWAPP APs encapsulate all the 802.11 frames in LWAPP frames and sends them to the controller to which it is logically connected. Light Weight Access Point Protocol ( LWAPP ) This is a generic protocol that defines the communication between the Access Points and the Central Controller. Mobile Node ( MN ) A roaming 802.11 wireless device in a wireless network associated with an access point. Mobile Node and client are used interchangeably. Rogue Any 802.11 device which is not part of the RF network is a Rogue device. Ad-hoc Network A set of mobile devices within direct communication range establishing a network among themselves for transmitting data, without the use of a Access point is called a ad-hoc network. Rogue Ad-hoc Client Any 802.11 client which is part of that ad-hoc network, but not in the trusted list. Service Set Identifier ( SSID ) SSID is a unique identifier that APs and clients use to identify with each other. SSID is a simple means of access control and is not for security. The SSID can be any alphanumeric entry up to 32 characters. RSSI Received Signal Strength Indication (RSSI), the IEEE 802.11 standard defines a mechanism by which RF energy is to be measured by the circuitry on a wireless NIC. Its value is measured in dBm and ranges from -128 to 0. Rogue Location Detection Protocol (RLDP) RLDP is a protocol to detect and automatically contain rogue devices. When the controller discovers a rogue access point, it uses the Rogue Location Discovery Protocol (RLDP) to determine if the rogue is attached to your network. RLDP can be enabled/disabled per controller level. LRAD (LWAPP RADIO) Light Weight Access Point Protocol Radio basically ones own AP. REFERENCE [1] Wireless LAN Medium Access Control ( MAC ) and Physical Layer ( PHY ) Specifications. [2] Draft-obara-capwap-lwapp-00.txt, IETF Light Weight Access Point Protocol.
         ciscoLwappRogueMIBNotifs 1.3.6.1.4.1.9.9.610.0
             cLRogueAdhocRogueDetected 1.3.6.1.4.1.9.9.610.0.1
This notification is generated by the controller when a a rogue is detected. The name of the AP that detected this rogue is sent in the notification.
         ciscoLwappRogueMIBObjects 1.3.6.1.4.1.9.9.610.1
             cLRogueConfig 1.3.6.1.4.1.9.9.610.1.1
                 cLRoguePolicyConfig 1.3.6.1.4.1.9.9.610.1.1.1
                     cLRogueAdhocRogueReportEnable 1.3.6.1.4.1.9.9.610.1.1.1.1 truthvalue read-write
This object is used to turn on and off ad-hoc rogue reporting. Setting this object to 'true' will enable ad-hoc rogue reporting. Setting to 'false' will disable ad-hoc rogue reporting.
                     cLRogueReportInterval 1.3.6.1.4.1.9.9.610.1.1.1.2 unsigned32 read-write
This object specifies the rogue report interval, which is the interval that monitor mode APs send rogue detection details to the controller.
                     cLRogueMinimumRssi 1.3.6.1.4.1.9.9.610.1.1.1.3 integer32 read-write
This object specifies the minimum value of RSSI considered for detection of rogues.
                     cLRogueTransientInterval 1.3.6.1.4.1.9.9.610.1.1.1.4 unsigned32 read-write
This object specifies the rogue transient interval. A value of '0' specifies that an AP sends rogue detection details to the controller as soon as it detects a rogue. A non-zero value specifies that an AP sends rogue detection details to the controller if it hears the rogue more than once in the specified interval.
                     cLRogueClientNumThreshold 1.3.6.1.4.1.9.9.610.1.1.1.5 unsigned32 read-write
This object specifies the number of clients the Rogue AP can have. A value of zero indicates no limitation on the number of clients the Rogue AP can have.
                     cLRogueDetectionSecurityLevel 1.3.6.1.4.1.9.9.610.1.1.1.6 integer read-write
This object specifies the rogue detection security level. When the object has value of 'low', 'high' or 'critical', controller uses pre-defined rogue detection parameters for the specified security level. When the object has value of 'custom', controller uses the user configured rogue detection parameters. low - security level is low high - security level is high critical - security level is critical custom - customized security level Enumeration: 'high': 2, 'critical': 3, 'low': 1, 'custom': 4.
                     cLRogueValidateRogueClientsAgainstMse 1.3.6.1.4.1.9.9.610.1.1.1.7 integer read-write
The object specifies whether the controller validates 'valid' clients which are associating with rogue AP, against MSE. A value of 'enable' indicates that the controller does validates 'valid'clients which are associating with rogue AP, against MSE. A value of 'disable' indicates that the controller does not validates 'valid' clients which are associating with rogue AP, against MSE. Enumeration: 'enable': 2, 'disable': 1.
                 cLRogueAdhocRogueNotifEnabled 1.3.6.1.4.1.9.9.610.1.1.2 truthvalue read-write
The object to control the generation of cLRogueAdhocDetected notification. A value of 'true' indicates that the agent generates cLRogueAdhocDetected notification. A value of 'false' indicates that the agent doesn't generate cLRogueAdhocDetected notification.
                 cLRogueRuleConfig 1.3.6.1.4.1.9.9.610.1.1.3
                     cLRuleConfigTable 1.3.6.1.4.1.9.9.610.1.1.3.1 no-access
This table provides the configuration needed by the controller for classifying rogue APs. The user defines the custom rules which are used to classify the APs under different classification types. When a new rule is created priority will be assigned automatically by controller, highest priority given to rule which are created first. Also if user is changing the priority of a rule manually, the new priority should not be used by any other existing rule.
                         cLRuleConfigEntry 1.3.6.1.4.1.9.9.610.1.1.3.1.1 no-access
Each entry represents a conceptual row (as identified by a rule name)in cLRuleConfigTable.
                             cLRuleName 1.3.6.1.4.1.9.9.610.1.1.3.1.1.1 snmpadminstring no-access
This object represents the rule name to identify this entry.
                             cLRuleRogueType 1.3.6.1.4.1.9.9.610.1.1.3.1.1.2 integer read-only
This object determines the classification applied to the rogue AP that matches this rule. friendly - known and acknowledged rogue AP. malicious - unknown AP that matches user defined malicious rules. unclassified - an unknown AP that did not match malicious or friendly rules. custom - user can configure rogue detection parameters. Enumeration: 'unclassified': 3, 'malicious': 2, 'friendly': 1, 'custom': 4.
                             cLRuleConditionsMatch 1.3.6.1.4.1.9.9.610.1.1.3.1.1.3 integer read-only
This object represents how the conditions defined by corresponding instances of cLConditionType, are matched under each rule. all - all the conditions defined per rule should be matched any - any conditions defined per rule can be matched. Enumeration: 'all': 1, 'any': 2.
                             cLRulePriority 1.3.6.1.4.1.9.9.610.1.1.3.1.1.4 unsigned32 read-only
This object is used to define the order in which the rules will be applied. The rules will be applied from lowest to highest and gaps are allowed. Each rule must have and unique value for this object.
                             cLRuleEnable 1.3.6.1.4.1.9.9.610.1.1.3.1.1.5 truthvalue read-only
This object specifies whether this rule is enabled or not. A value of 'true' specifies this rule is enabled. A value of 'false' specifies this rule is disabled.
                             cLRuleStorageType 1.3.6.1.4.1.9.9.610.1.1.3.1.1.6 storagetype read-only
This object represents the storage type for this conceptual row.
                             cLRuleRowStatus 1.3.6.1.4.1.9.9.610.1.1.3.1.1.7 rowstatus read-only
This object represents the status column for a conceptual row in this table. All writable objects in this row may be modified when the row is active.
                     cLConditionConfigTable 1.3.6.1.4.1.9.9.610.1.1.3.2 no-access
This table represents the configuration of conditions that can be applied to a rule.
                         cLConditionConfigEntry 1.3.6.1.4.1.9.9.610.1.1.3.2.1 no-access
Each entry represents a conceptual row in cLConditionConfigTable, as identified by a specific condition name to be applied on a specific rule name.
                             cLConditionName 1.3.6.1.4.1.9.9.610.1.1.3.2.1.1 snmpadminstring no-access
This object represents the condition name.
                             cLConditionType 1.3.6.1.4.1.9.9.610.1.1.3.2.1.2 integer read-only
This object represents the condition type for this condition associated with a rule. managedSsid - matches managed SSID rssi - required minimum RSSI duration - limited to this time duration clientCount - number of associated clients noEncryption - no encryption rule userConfigSsid - matches user configured SSID Enumeration: 'userConfigSsid': 6, 'noEncryption': 5, 'managedSsid': 1, 'clientCount': 4, 'duration': 3, 'rssi': 2.
                             cLConditionValue 1.3.6.1.4.1.9.9.610.1.1.3.2.1.3 integer32 read-only
This object represents the value associated with the condition type as specified by the corresponding cLConditionType instance. If cLConditionType is 'userConfigSsid', then corresponding 'cLConditionValue' can only take on the value of zero.
                             cLConditionEnable 1.3.6.1.4.1.9.9.610.1.1.3.2.1.4 truthvalue read-only
This object indicates whether matching against this condition is enabled or not. A value of 'true' indicates matching against this condition is enabled. A value of 'false' indicates matching against this condition is disabled.
                             cLConditionStorageType 1.3.6.1.4.1.9.9.610.1.1.3.2.1.5 storagetype read-only
This object represents the storage type for this conceptual row.
                             cLConditionRowStatus 1.3.6.1.4.1.9.9.610.1.1.3.2.1.6 rowstatus read-only
This object represents the status column for a conceptual row in this table. All writable objects except cLConditionType in this row may be modified when the row is active.
                             cLConditionRssi 1.3.6.1.4.1.9.9.610.1.1.3.2.1.7 integer32 read-only
This object specifies the minimum value of RSSI that a rogue AP must have in order to match cLConditionType of 'rssi'.
                             cLConditionClientCount 1.3.6.1.4.1.9.9.610.1.1.3.2.1.8 unsigned32 read-only
This object specifies the minimum value of client count that a rogue AP must have in order to match cLConditionType of 'clientCount'.
                             cLConditionNoEncryptionEnabled 1.3.6.1.4.1.9.9.610.1.1.3.2.1.9 truthvalue read-only
This object specifies whether or not encryption is enabled. A value of 'true' indicates that encryption is not enabled. A value of 'false' indicates that encryption is enabled for this condition.
                             cLConditionManagedSsidEnabled 1.3.6.1.4.1.9.9.610.1.1.3.2.1.10 truthvalue read-only
This object specifies whether or not managed SSID is enabled. A value of 'true' indicates managed SSID is enabled. A value of 'false' indicates managed SSID is not enabled for this condition.
                             cLConditionDuration 1.3.6.1.4.1.9.9.610.1.1.3.2.1.11 unsigned32 read-only
This object specifies the minimum value of duration, in seconds, a rogue AP must be present in order to match cLConditionType of 'duration'.
                     cLConditionSsidConfigTable 1.3.6.1.4.1.9.9.610.1.1.3.3 no-access
This table represents the configuration of SSID for a rule. This is applicable to conditions within a rule which has the corresponding cLConditionType taking on the value of 'userConfigSsid'.
                         cLConditionSsidConfigEntry 1.3.6.1.4.1.9.9.610.1.1.3.3.1 no-access
Each entry represents a conceptual row in cLConditionSsidConfigTable.
                             cLConditionSsidValue 1.3.6.1.4.1.9.9.610.1.1.3.3.1.1 snmpadminstring no-access
This object represents the SSID value for this condition associated with a rule.
                             cLConditionSsidStorageType 1.3.6.1.4.1.9.9.610.1.1.3.3.1.2 storagetype read-only
This object represents the storage type for this conceptual row.
                             cLConditionSsidRowStatus 1.3.6.1.4.1.9.9.610.1.1.3.3.1.3 rowstatus read-only
This object represents the status column for a conceptual row in this table. All writable objects in this row may not be modified when the row is active.
                 cLRogueIgnoreListConfig 1.3.6.1.4.1.9.9.610.1.1.4
                     cLRogueIgnoreListTable 1.3.6.1.4.1.9.9.610.1.1.4.1 no-access
The table lists the APs, as identified by the AP's mac address, which should not be treated as rogue by the controller. These APs are the autonomous access points that have been manually added to WCS.
                         cLRogueIgnoreListEntry 1.3.6.1.4.1.9.9.610.1.1.4.1.1 no-access
Each entry represents a conceptual row in this table. There will be a row for each entry of the autonomous APs which are manually added to WCS. When the autonomous AP is no longer managed by WCS, the corresponding row entry will be removed.
                             cLRogueIgnoreListMACAddress 1.3.6.1.4.1.9.9.610.1.1.4.1.1.1 macaddress no-access
This is the MAC Address of the AP to be put in the rogue ignore list.
                             cLRogueIgnoreListStorageType 1.3.6.1.4.1.9.9.610.1.1.4.1.1.2 storagetype read-only
This object represents the storage type for this conceptual row.
                             cLRogueIgnoreListRowStatus 1.3.6.1.4.1.9.9.610.1.1.4.1.1.3 rowstatus read-only
This is the status of the conceptual row. All writable objects in this row may not be modified when the row is active.
                 cLRldpAutoContainConfig 1.3.6.1.4.1.9.9.610.1.1.5
                     cLRldpAutoContainFeatureOnWiredNetwork 1.3.6.1.4.1.9.9.610.1.1.5.1 integer read-write
This object represents the RLDP Auto contain feature status. disable - automatic containment of rogues on wired network is disabled enable - automatic containment of rogues on wired network is enabled NOTE: Using this feature may have legal consequences!!! Enumeration: 'enable': 2, 'disable': 1.
                     cLRldpAutoContainRoguesAdvertisingSsid 1.3.6.1.4.1.9.9.610.1.1.5.2 clautocontainactions read-write
This is the action with respect to auto containment feature, that should be taken when switch detects rogues that are advertising our SSID. NOTE: Using this feature may have legal consequences!!!
                     cLRldpAutoContainAdhocNetworks 1.3.6.1.4.1.9.9.610.1.1.5.3 clautocontainactions read-write
This is the action with respect to auto containment feature, that should be taken when adhoc networks are detected by the switch. NOTE: Using this feature may have legal consequences!!!
                     cLRldpAutoContainTrustedClientsOnRogueAps 1.3.6.1.4.1.9.9.610.1.1.5.4 clautocontainactions read-write
This is the action with respect to auto containment feature, that should be taken when trusted clients that are associated to rogue APs are detected by the switch. NOTE: Using this feature may have legal consequences!!!
                     cLRldpAutoContainLevel 1.3.6.1.4.1.9.9.610.1.1.5.5 integer32 read-write
This object is used to specify the level of auto containment. The level actually denotes the number of APs that should be used by the controller for auto containment.
                     cLRldpAutoContainOnlyforMonitorModeAps 1.3.6.1.4.1.9.9.610.1.1.5.6 integer read-write
This object is used to specify if auto containment should be done only using monitor mode APs or not. disable - auto containment will be done using all APs irrespective of the mode enable - auto containment will be done only using monitor mode APs. Enumeration: 'enable': 2, 'disable': 1.
                 cLRogueApConfig 1.3.6.1.4.1.9.9.610.1.1.6
                     cLRogueApTable 1.3.6.1.4.1.9.9.610.1.1.6.1 no-access
The table lists the configured rogue APs in the system.
                         cLRogueApEntry 1.3.6.1.4.1.9.9.610.1.1.6.1.1 no-access
An entry containing contains management information of a particular rogue AP. An entry can be created, or deleted by using cLRogueApRowStatus.
                             cLRogueApMACAddress 1.3.6.1.4.1.9.9.610.1.1.6.1.1.1 macaddress no-access
MAC Address of a rogue AP.
                             cLRogueApClassType 1.3.6.1.4.1.9.9.610.1.1.6.1.1.2 integer read-only
This object specifies the type of a rogue AP. friendly - existing known, Acknowledge, and Trust missing rogue states are classified as Friendly. malicious - unknown AP that could be a threat. unclassified - an unknown AP or rogue AP is identified but it does not belong to Friendly or Malicious rogue types. custom - AP that matches user defined custom rules. Enumeration: 'unclassified': 3, 'malicious': 2, 'friendly': 1, 'custom': 4.
                             cLRogueApState 1.3.6.1.4.1.9.9.610.1.1.6.1.1.3 integer read-only
This objects specifies the state in which the rogue AP is. pending - a read-only value indicates that rogue AP can not be state to any of the following type. alert - rogue AP can be a potential threat. Trap will be sent out to trap recipients. detectedLrad - a read-only value indicates that a LRAD that got detected as rogue. known - a read-only value indicates that an internal AP which is not on the same switch. acknowledge - a read-only value indicates that an external AP whose existence is acceptable and not a threat(probably from vendor other than cisco). contained - containment is initiated and ongoing. threat - rogue AP is found on wired network. containedPending - a read-only value indicates that no AP resources available for containment. knownContained - a read-only value indicates that no longer used. trustedMissing - rogue AP is friendly but there is no slot for friendly AP. initializing - a read-only value indicates that rogue AP is being initialized. For a friendly rogue AP, only two states are valid: 'known' and 'acknowledge'. 'known', 'knownContained' and 'trustedMissing' can appear in known rogue list. Known rogues can be pre-provisioned and known rogues state can be changed to 'alert'. Enumeration: 'acknowledge': 5, 'trustedMissing': 10, 'alert': 2, 'containedPending': 8, 'contained': 6, 'knownContained': 9, 'threat': 7, 'initializing': 11, 'known': 4, 'pending': 1, 'detectedLrad': 3.
                             cLRogueApStorageType 1.3.6.1.4.1.9.9.610.1.1.6.1.1.4 storagetype read-only
This object represents the storage type for this conceptual row.
                             cLRogueApRowStatus 1.3.6.1.4.1.9.9.610.1.1.6.1.1.5 rowstatus read-only
The status of the conceptual row. All writable objects in this row may be modified when the row is active.
         ciscoLwappRogueMIBConform 1.3.6.1.4.1.9.9.610.2
             ciscoLwappRogueMIBCompliances 1.3.6.1.4.1.9.9.610.2.1
                 ciscoLwappRogueMIBCompliance 1.3.6.1.4.1.9.9.610.2.1.1
The compliance statement for the SNMP entities that implement the ciscoLwappRogueMIB module.
                 ciscoLwappRogueMIBComplianceRev1 1.3.6.1.4.1.9.9.610.2.1.2
The compliance statement for the SNMP entities that implement the ciscoLwappRogueMIB module.
                 ciscoLwappRogueMIBComplianceRev2 1.3.6.1.4.1.9.9.610.2.1.3
The compliance statement for the SNMP entities that implement the ciscoLwappRogueMIB module.
                 ciscoLwappRogueMIBComplianceRev3 1.3.6.1.4.1.9.9.610.2.1.4
The compliance statement for the SNMP entities that implement the ciscoLwappRogueMIB module.
                 ciscoLwappRogueMIBComplianceRev4 1.3.6.1.4.1.9.9.610.2.1.5
The compliance statement for the SNMP entities that implement the ciscoLwappRogueMIB module.
             ciscoLwappRogueMIBGroups 1.3.6.1.4.1.9.9.610.2.2
                 ciscoLwappRogueConfigGroup 1.3.6.1.4.1.9.9.610.2.2.1
This collection of objects represent the rogue configuration on the controller.
                 ciscoLwappRogueNotifsGroup 1.3.6.1.4.1.9.9.610.2.2.2
This collection of objects specifies the notifications for rogue detection.
                 ciscoLwappRogueConfigSup1Group 1.3.6.1.4.1.9.9.610.2.2.3
This collection of objects represent the rogue configuration on the controller. ciscoLwappRogueConfigSup1Group object is superseded by ciscoLwappRogueConfigSup2Group.
                 ciscoLwappRogueConfigSup2Group 1.3.6.1.4.1.9.9.610.2.2.4
This collection of objects represent the rogue configuration on the controller. ciscoLwappRogueConfigSup2Group object is superseded by ciscoLwappRogueConfigSup3Group.
                 ciscoLwappRogueConfigSup3Group 1.3.6.1.4.1.9.9.610.2.2.5
This collection of objects represent the rogue configuration on the controller.
                 ciscoLwappRogueConfigSup4Group 1.3.6.1.4.1.9.9.610.2.2.6
This collection of objects represent the rogue configuration on the controller.