ENTERASYS-WIFI-PROTECTED-ACCESS-MIB: View SNMP OID List / Download MIB

This MIB module defines a portion of the SNMP enterprise MIBs under Enterasys Networks' enterprise OID pertaining to Wi-Fi Protected Access (WPA) management functionality. This implementation includes Enterasys variants of objects that appear in draft 3.0 of IEEE Std 802.11i, and are relevant to the Wi-Fi Alliance's WPA specification. Since the initial WPA implementation is TKIP-based, the initial version of this MIB does not include AES-specific objects.

The table containing WPA configuration objects.

An entry in the etsysWPAConfigTable.

Each 802.11 interface is represented by an entry in the ifTable. If this index is zero, the information in this table shall apply to all 802.11 interfaces.

This variable indicates whether the entity is WPA-capable.

When this object is set to TRUE, this shall indicate that WPA is enabled on this entity. The entity will advertise the WPA Information Element in its Beacons and Probe Responses. This object requires that dot11PrivacyInvoked also be set to TRUE. If dot11PrivacyInvoked is TRUE and etsysWPAConfigEnabled is FALSE, the security mechanism used is WEP.

Specifies the number of replay counters: (0) - 1 replay counter, (1) - 2 replay counters, (2) - 4 replay counters, (3) - 16 replay counters.

The highest WPA version this entity supports.

This object indicates how many pairwise keys the entity supports for WPA. When zero, it only supports (four) group keys.

This object indicates the multicast cipher suite selector the entity must use. The multicast cipher suite in the WPA Information Element shall take its value from this variable. It consists of an OUI (the three most significant octets) and a cipher suite identifier (the least significant octet). The network administrator can always override the automatically selected multicast cipher suite by writing this object.

This object selects a mechanism for rekeying the WPA Group Key. The default is time-based, once per day. Rekeying the Group key is only applicable to an entity acting in the Authenticator role (an AP in an ESS). Enumeration: 'disabled': 1, 'timeBased': 2, 'packetBased': 3.

The time in seconds after which the WPA group key must be refreshed. The timer shall start at the moment the group key was set using the MLME-SetKeys primitive. The fine granularity (seconds) also enables the network Administrator to 'immediately' refresh the group key.

A packet count (in 1000s of packets) after which the WPA group key shall be refreshed. The packet counter shall start at the moment the group key was set using the MLME-SetKeys primitive and it shall count all packets encrypted using the current group key.

This object signals that the WPA group key shall be refreshed whenever a Station leaves the BSS.

The Pre-Shared Key (PSK) for when WPA in PSK mode is the selected authentication suite. In that case, the PMK will obtain its value from this object. A string of all 0x00 octets has the meaning 'clear the key'. This object is logically write-only. Reading this variable shall return unsuccessful status or null or zero.

The PSK, for when WPA in PSK mode is the selected authentication suite, is configured by etsysWPAConfigPSKValue. An alternative manner of setting the PSK uses the password-to-key algorithm defined in section XXX. This variable provides a means to enter a pass phrase. When this object is written, the WPA entity shall use the password-to-key algorithm specified in section XXX to derive a pre-shared key and populate etsysWPAConfigPSKValue with this key. This object is logically write-only. Reading this variable shall return unsuccessful status or null or zero.

Indicates whether the Pre-Shared Key (etsysWPAConfigPSKValue) is set. This allows a network management system to prompt the network manager, when appropriate, to enter the initial value of the key.

Indicates whether the entity can take advantage of multiple selections in the etsysWPAConfigAuthenticationSuitesTable. On radios that allow use of only one key management suite at a time, the access point may choose among the selected suites in an arbitrary fashion.

The time in seconds after which the WPA group master key must be changed. The timer shall start at the moment the group master key was set. A group key refresh will occur on a group master key change. The fine granularity (seconds) also enables the network Administrator to 'immediately' refresh the group master key.

The time in seconds after which the WPA group update handshake will be retried. The timer shall start at the moment the group update message is sent.

The number of times the WPA Group update will be retried.

The time in seconds after which the WPA 4-way handshake will be retried. The timer shall start at the moment a 4-way message is sent.

The number of times the WPA 4-way handshake will be retried.

This object indicates whether the entity supports the 'Allow Legacy Clients' option. The answer may vary depending upon the currently-installed radio card model.

This object provides a way to indicate that an access point in WPA mode should accept associations from both WPA clients and legacy (pre-WPA, pre-RSN) clients. When this object is true(1), the etsysWPAConfigMulticastCipher must be WEP-40 or WEP-104 (a.k.a. 128-bit WEP). Using WEP Group keys and letting legacy clients associate may weaken security. To minimize this, 1. Enable legacy associations only on radios that support Pairwise keys. 2. Enable frequent Group key rekeying. With TKIP and AES, there's much less threat of key cracking than with WEP, so the default is 'once in a blue moon'. With WEP, you need to think more in terms of Rapid Rekeying. Access points implementing this feature are under no obligation to support non-802.1X clients. For instance, an access point might use one-time dynamic WEP keys when WPA Group key rotation is disabled. Static WEP clients would not know these keys.

This object applies when WPA is enabled (dot11PrivacyInvoked, etsysWPAConfigEnabled) and management has chosen to allow a mix of WPA and non-WPA clients (etsysWPAConfigAllowLegacyClients). It specifies whether the access point should tumble Pairwise WEP keys belonging to non-WPA clients. The access point uses Group key rotation as a trigger for Pairwise WEP key tumbling; if you want the latter, be sure to configure the former. See also: etsysDot1xRekeyPairwise.

This table lists the unicast ciphers supported by this entity. It allows enabling and disabling of each unicast cipher by network management. The Unicast Cipher Suite list in the WPA Information Element is formed using the information in this table.

The table entry, indexed by the interface index (or all interfaces) and the unicast cipher.

The auxiliary index into the etsysWPAConfigUnicastCiphersTable.

The selector of a supported unicast cipher. It consists of an OUI (the three most significant octets) and a cipher suite identifier (the least significant octet).

This object enables or disables the unicast cipher.

This table lists the authentication suites supported by this entity. Each authentication suite can be individually enabled and disabled. The Authentication Suite List in the WPA IE is formed using the information in this table.

An entry (row) in the etsysWPAConfigAuthenticationSuitesTable.

The auxiliary variable used as an index into the etsysWPAConfigAuthenticationSuitesTable.

The selector of an authentication suite. It consists of an OUI (the three most significant octets) and a cipher suite identifier (the least significant octet).

This variable indicates whether the corresponding authentication suite is enabled/disabled.

This table maintains per-STA statistics for SN. The entry with etsysWPAStatsSTAAddress set to FF-FF-FF-FF-FF-FF shall contain statistics for broadcast/multicast traffic.

An entry in the etsysWPAStatsTable.

An auxiliary index into the etsysWPAStatsTable.

The MAC address of the station the statistics in this conceptual row belong to.

The WPA version which the station associated with.

The Authentication Suite the station selected during association. The value consists of a three octet OUI followed by a one octet Type as follows: OUI Value Authentication Type Key Management Type -------- ----- ------------------- ------------------- 00:00:00 0 Reserved Reserved 00:00:00 1 Unspecified authentication 802.1X Key Management over 802.1X 00:00:00 2 None 802.1X Key Management using pre-shared Key 00:00:00 3-255 Reserved Reserved Vendor any Vendor Specific Vendor Specific other any Reserved Reserved

Counts the number of TKIP ICV errors encountered when decrypting packets for the station.

Counts the number of Michael MIC failure encountered when checking the integrity of packets received from the station at this entity.

Counts the number of Michael MIC failures encountered by the station identified by dot11StatsSTAAddress and reported back to this entity.

Counts the number of times a MIC failure occurred two times within 60 seconds and counter-measures were invoked. This variables counts this for both local and remote. It counts every time countermeasures are invoked.

A collection of objects providing configuration information for the WPA service.

A collection of objects providing configuration information for the WPA service.

A collection of objects providing configuration information for the WPA service.

A collection of objects providing statistics information for the WPA service.

The compliance statement for devices that support the Enterasys Wi-Fi Protected Access (WPA) MIB.