HUAWEI-WLAN-SECURITY-MIB: View SNMP OID List / Download MIB

huawei HUAWEI-WLAN-SECURITY-MIB.

WLAN access security profile table.

WLAN access security profile entry.

WLAN access security profile Name.

When this attribute is TRUE, WEP data will be encrypted. When this attribute is FALSE, WEP data will not be encrypted. The default value of this attribute is FALSE.

This attribute shall indicate the use of the first, second, third, or fourth element of the WEPDefaultKeys array when set to values of zero, one, two, or three. The default value of this attribute shall be 0.

The maximum number of tuples that hwWsecWEPKeyMappings can hold.

ASU IP address for WAPI certification authentication

CA certification file name

ASU certification file name

AC certification file name

AC private key file name

The highest WAPI/RSNA version this entity supports. See 7.3.2.9.

This object indicates the highest WAPI version that this entity supports.

Row status

Description.

Description. Enumeration: 'valid': 1, 'invalid': 2.

Description.

Description. Enumeration: 'valid': 1, 'invalid': 2.

Description.

Description. Enumeration: 'valid': 1, 'invalid': 2.

Description.

Description. Enumeration: 'local': 2, 'remote': 1.

Description. Enumeration: 'enable': 2, 'disable': 1.

Description. Enumeration: 'enable': 2, 'disable': 1.

Description. Enumeration: 'enable': 2, 'disable': 1.

Description.

Description.

Description.

Conceptual table for WEP default keys. This table shall contain the four WEP default secret key values corresponding to the four possible KeyID values. The WEP default secret keys are logically WRITE-ONLY. Attempts to read the entries in this table shall return unsuccessful status and values of null or zero. The default value of each WEP default key shall be null.

An Entry (conceptual row) in the WEP Default Keys Table.

The auxiliary variable used to identify instances of the columnar objects in the WEP Default Keys Table. The value of this variable is equal to the WEPDefaultKeyID + 1

A WEP default secret hexadecimal key value. 10 byte for WEP-40, 26 byte for WEP-104, 32 byte for WEP-128. Reading this variable shall return unsuccessful status or null or zero.

A WEP default secret ASCII key value. 5 byte for WEP-40, 13 byte for WEP-104, 16 byte for WEP-128. Reading this variable shall return unsuccessful status or null or zero.

Conceptual table for WEP Key Mappings. The MIB supports the ability to share a separate WEP key for each RA/TA pair. The Key Mappings Table contains zero or one entry for each MAC address and contains two fields for each entry: WEPOn and the corresponding WEP key. The WEP key mappings are logically WRITE-ONLY. Attempts to read the entries in this table shall return unsuccessful status and values of null or zero. The default value for all WEPOn fields is FALSE.

An Entry (conceptual row) in the WEP Key Mappings Table.

The auxiliary variable used to identify instances of the columnar objects in the WEP Key Mappings Table.

The MAC address of the STA for which the values from this key mapping entry are to be used.

Boolean as to whether WEP is to be used when communicating with the hwWsecWEPKeyMappingAddress STA.

A WEP secret key value.

The status column used for creating, modifying, and deleting instances of the columnar objects in the WEP key mapping Table.

This table lists the AKM suites supported by this entity. Each AKM suite can be individually enabled and disabled. The AKM suite list in the RSN information element is formed using the information in this table.

An entry (row) in the hwWsecAuthSuitesTable.

The auxiliary variable used as an index into the hwWsecAuthSuitesTable. Enumeration: 'wapiCertification': 1, 'openSystem': 8, 'shareKey': 7, 'wpa1PreShareKey': 4, 'wpa28021x': 5, 'wpa1wpa28021x': 10, 'wpa18021x': 3, 'wapiPreShareKey': 2, 'wpa2PreShareKey': 6, 'wpa1wpa2PreShareKey': 9.

The selector of an AKM suite. It consists of an OUI (the first 3 octets) and a cipher suite identifier (the last octet). 0x00147201 : WAPI certification authentication 0x00147202 : WAPI preShare key authentication 0x000FAC01 : WPA1(WPA version 1) 802.1X authentication 0x000FAC02 : WPA1(WPA version 1) preShare key authentication 0x00E0FC01 : WPA2(WPA version 2) 802.1X authentication 0x00E0FC02 : WPA2(WPA version 2) preShare key authentication 0x00E0FC03 : share key (for WEP) 0x00E0FC04 : open system (no authentication) 0x00E0FC05 : wpa-wpa2-preShareKey 0x00E0FC06 : wpa-wpa2-8021x

This variable indicates whether the corresponding AKM suite is enabled/disabled.

This variable indicates whether the entity supports WAPI pre-authentication. This cannot be TRUE unless hwWsecAuthOptionImplemented is TRUE.

When this object is set to TRUE, this shall indicate that WAPI pre-authentication is enabled on this entity. This object requires that WAPI authentication of this profile Enabled.

This object indicates the number of the unicast keys that a WAPI/RSNA of this entity supports.

The selector of a supported pairwise cipher. It consists of an OUI (the first 3 octets) and a cipher suite identifier (the last octet). 0x00147201 : WPI-SMS4 0x000FAC00 : Use group cipher suite 0x000FAC01 : WEP-40 0x000FAC02 : TKIP 0x000FAC04 : CCMP-default in an RSNA 0x000FAC05 : WEP-104 0x000FAC06 : wep-128 0x000FAC07 : tkip-ccmp 0x00E0FC01 : null (no encryption), only for open system authentication The cipher suite selector 00-0F-AC:4 (CCMP) shall be the default cipher suite value. The cipher suite selectors 00-0F-AC:1 (WEP-40) and 00-0F-AC:5 (WEP-104) are only valid as a group cipher suite in a transition security network (TSN) to allow pre-RSNA devices to join the BSS. Use of CCMP as the group cipher suite with TKIP as the pairwise cipher suite shall not be supported. NOTE?If the STAs can support CCMP, then there is no need for a weaker data confidentiality protocol. The cipher suite selector 00-0F-AC:0 (Use group cipher suite) is only valid as the pairwise cipher suite. An AP may specify the selector 00-0F-AC:0 (Use group cipher suite) for a pairwise cipher suite if it does not cipher selection, this shall be the only pairwise cipher selection the AP advertises. If CCMP is enabled, then the AP supports pairwise keys, and thus the suite selector 00-0F-AC:0 (Use group cipher suite) shall not be a valid option. Enumeration: 'wpiSms4': 1, 'wep104': 3, 'ccmp': 5, 'wep128': 8, 'tkip': 4, 'wep40': 2, 'null': 6, 'tkipCcmp': 7.

This object indicates the length in bits of the pairwise cipher key. This should be 256 for TKIP and 128 for CCMP.

This object selects a mechanism for rekeying the WAPI/RSNA USK. The default is time-based, once per day. Rekeying the USK is only applicable to an entity acting in the AE or ASUE role. Enumeration: 'disabled': 1, 'timeBased': 2, 'packetBased': 3, 'timepacketBased': 4.

The time in seconds after which the WAPI/RSNA USK shall be refreshed. The timer shall start at the moment the USK was set using the MLME-SETWPIKEYS.request primitive.

A packet count (in 1000s of packets) after which the WAPI/RSNA USK shall be refreshed. The packet counter shall start at the moment the USK was set using the MLME-SETWPIKEYS.request primitive and it shall count all packets encrypted using the current USK.

This object indicates the multicast cipher suite that this entity must adopt. The WAPI/RSNA information element shall adopt the value of this variable, which contains a 3-octet OUI and a one-octet cipher suite identifier. 0x00147201 : WPI-SMS4 0x000FAC01 : WEP-40 0x000FAC02 : TKIP 0x000FAC04 : CCMP-default in an RSNA 0x000FAC05 : WEP-104 0x000FAC06 : wep-128 0x000FAC07 : tkip-ccmp 0x00E0FC01 : null (no encryption), only for open system authentication Enumeration: 'wpiSms4': 1, 'wep104': 3, 'ccmp': 5, 'wep128': 8, 'tkip': 4, 'wep40': 2, 'null': 6, 'tkipCcmp': 7.

This object indicates the length in bit of the multicast cipher key. This should be 256 for in SMS4. The former 128bits is the encryption key and the latter 128bits is the message integrity check key. This should be 256 for in TKIP. The former 128bits is the encryption key and the latter 128bits is the message integrity check key. This should be 128 for in CCMP. The 128bits is the encryption key and the message integrity check key. This should be 40 for in WEP-40. The 40bits is the encryption key. This should be 40 for in WEP-104. The 104bits is the encryption key. This should be 40 for in WEP-128. The 128bits is the encryption key.

This object selects a mechanism for rekeying the WAPI/RSNA MSK. The default is time-based, once per day. Rekeying the MSK is only applicable to an entity acting in the Authenticator role. Enumeration: 'disabled': 1, 'timeBased': 2, 'packetBased': 3, 'timepacketBased': 4.

The time in seconds after which the WAPI/RSNA MSK shall be refreshed. The timer shall start at the moment the MSK was set using the MLME-SETWPIKEYS.request primitive.

A packet count (in 1000s of packets) after which the WAPI/RSNA MSK shall be refreshed. The packet counter shall start at the moment the MSK was set using the MLME-SETWPIKEYS.request primitive and it shall count all packets encrypted using the current MSK.

This object signals that the MSK shall be refreshed whenever a STA leaves the BSS that possesses the MSK.

The PSK for when WAPI/RSNA in PSK mode is the selected AKM suite. In that case, the BK/PMK will obtain its value from this object. This object is logically write-only. Reading this variable shall return unsuccessful status or null or zero. WAPI need 16 byte Hex, RSNA need 32 byte Hex. User should input Hex data for this node.

The PSK, for when WAPI/RSNA in PSK mode is the selected AKM suite, is configured by hwWsecAuthPSKValue. An alternative manner of setting the PSK uses the password-to-key algorithm. This variable provides a means to enter a pass-phrase. When this object is written, the WAPI/RSNA entity shall use the password-to-key algorithm to derive a pre-shared and populate hwWsecAuthPSKValue with this key. This object is logically write-only. Reading this variable shall return unsuccessful status or null or zero.

The number of times messages in the WAPI Certificate Authentication Handshake protocol will be retried per Certificate Authentication Handshake attempt.

The number of times Message 1 in the WAPI Multicast Key Announcement Handshake will be retried per MSK Handshake attempt. The number of times Message 1 in the RSNA Group Key Handshake will be retried per GTK Handshake attempt.

The number of times Message 1 and Message 3 in the WAPI Unicast Key Negotiation Handshake will be retried per USK Handshake attempt. The number of times Message 1 and Message 3 in the RSNA 4-Way Handshake will be retried per 4-Way Handshake attempt.

The maximum lifetime of a BK in the BK cache.

The percentage of the BK lifetime that should expire before a WAI/RSNA re-authentication occurs.

The maximum time a security association shall take to set up.

When this attribute is TRUE, the STA shall not indicate at the MAC service interface received MSDUs that have the Protected Frame subfield of the Frame Control field equal to zero. When this attribute is FALSE, the STA may accept MSDUs that have the Protected Frame subfield of the Frame Control field equal to zero. The default value of this attribute shall be FALSE.

Leaf don't sustain for V2R3 on 2012/11/26.

This attribute indicates whether the entity enable the authentication. If the value is '0' which means 'authentication disabled', the state of the controlled port shall be set to 'authenticated'; else the value is '1' which means 'authentication enabled', the state of the controlled port shall be based on the hwWsecAuthControlledPortControl.

This attribute, when the hwWsecAuthControlledAuthControl is set to true, shall be effective and indicate the methods by which the port is controlled. If the value is '0' which means 'auto', the state of the controlled port shall be based on the result of the authentication; else the value is '1' which means 'force unauthenticated', the state of the controlled port shall be unconditionally set to 'unauthenticated'.

This attribute, when true, shall indicate that the WAPI, WPA, RSNA option is implemented; else, this attribute shall be false.

This table maintains per-STA statistics in an RSN. The entry with hwWsecStatsSTAAddress set to FF-FF-FF-FF-FF-FF shall contain statistics for broadcast/multicast traffic.

An entry in the hwWsecStatsTable.

The MAC address of the STA to which the statistics in this conceptual row belong.

The RSNA version with which the STA associated.

The selector of the last BKID of WAPI used in the last Unicast Key Negotiation Handshake. The selector of the last PMKID of RSNA used in the last 4-Way Handshake.

The selector of the last AKM suite negotiated. Enumeration: 'wapiCertification': 1, 'openSystem': 8, 'shareKey': 7, 'wpa1PreShareKey': 4, 'wpa28021x': 5, 'wpa1wpa28021x': 10, 'wpa18021x': 3, 'wapiPreShareKey': 2, 'wpa2PreShareKey': 6, 'wpa1wpa2PreShareKey': 9.

The selector of the last unicast cipher suite negotiated. Enumeration: 'wpiSms4': 1, 'wep104': 3, 'ccmp': 5, 'wep128': 8, 'tkip': 4, 'wep40': 2, 'null': 6, 'tkipCcmp': 7.

The selector of the last multicast cipher suite negotiated Enumeration: 'wpiSms4': 1, 'wep104': 3, 'ccmp': 5, 'wep128': 8, 'tkip': 4, 'wep40': 2, 'null': 6, 'tkipCcmp': 7.

The selector of the last AKM suite requested. Enumeration: 'wapiCertification': 1, 'openSystem': 8, 'shareKey': 7, 'wpa1PreShareKey': 4, 'wpa28021x': 5, 'wpa1wpa28021x': 10, 'wpa18021x': 3, 'wapiPreShareKey': 2, 'wpa2PreShareKey': 6, 'wpa1wpa2PreShareKey': 9.

The selector of the last unicast cipher suite requested Enumeration: 'wpiSms4': 1, 'wep104': 3, 'ccmp': 5, 'wep128': 8, 'tkip': 4, 'wep40': 2, 'null': 6, 'tkipCcmp': 7.

The selector of the last multicast cipher suite requested. Enumeration: 'wpiSms4': 1, 'wep104': 3, 'ccmp': 5, 'wep128': 8, 'tkip': 4, 'wep40': 2, 'null': 6, 'tkipCcmp': 7.

This counter shall increment when a frame is received with the Protected Frame subfield of the Frame Control field set to one and the value of the ICV as received in the frame does not match the ICV value that is calculated for the contents of the received frame. ICV errors for TKIP are not counted in this variable but in hwWsecStatsTKIPICVErrors.

This counter shall increment when a frame is received with the Protected Frame subfield of the Frame Control field set to zero and the value of hwWsecProfileExcludeUnencrypted causes that frame to be discarded.

This counter shall increment when a frame is received with the Protected Frame subfield of the Frame Control field set to one and the WEPOn value for the key mapped to the transmitter's MAC address indicates that the frame should not have been encrypted or that frame is discarded due to the receiving STA not implementing the privacy option.

Counts the number of TKIP ICV errors encountered when decrypting packets for the STA.

Counts the number of MIC failures encountered when checking the integrity of packets received from the STA at this entity.

Counts the number of MIC failures encountered by the STA identified by dot11StatsSTAAddress and reported back to this entity.

Counts the number of TKIP replay errors detected.

The number of received CCMP MPDUs discarded by the replay mechanism.

The number of received MPDUs discarded by the CCMP decryption algorithm.

This counter shall increment when the signature in the received WAI packet is wrong.

This counter shall increment when the message authentication code in the received WAI packet is wrong.

This counter shall increment when the WAI authentication is unsuccessful.

This counter shall increment when the received WAI packet is discarded.

This counter shall increment when the WAI packet is timeout.

This counter shall increment when there exists format error in the WAI packet.

This counter shall increment when the WAI certificate authentication is unsuccessful.

This counter shall increment when the WAI unicast key negotiation process is unsuccessful.

This counter shall increment when the WAI multicast key announcement process is unsuccessful.

The number of received WPI MPDUs discarded by the replay mechanism.

The number of received MPDUs discarded by the WPI decryption algorithm because of no valid key.

The number of received MPDUs discarded because of the MIC check error during the WPI decryption.

This attribute indicates the state of the controlled port in a authenticator subsystem. If value is '1', the state is set to'authenticated'; else, the state is set to 'unauthenticated'.

Specifies the number of PTKSA replay counters per association: 0 ?> 1 replay counter, 1 ?> 2 replay counters, 2 ?> 4 replay counters, 3 ?> 16 replay counters

Specifies the number of GTKSA replay counters per association: 0 ?> 1 replay counter, 1 ?> 2 replay counters, 2 ?> 4 replay counters, 3 ?> 16 replay counters

Counts the number of times that a TKIP MIC failure occurred two times within 60 s and TKIP countermeasures were invoked. This attribute counts both local and remote MIC failure events reported to this STA. It increments every time TKIP countermeasures are invoked

Counts the number of 4-Way Handshake failures.

The security profile start number in batch operation. This node is used with node hwWsecBatchProfileWantNumber, for example, hwWsecBatchProfileStartNumber is set to one, and hwWsecBatchProfileWantNumber is set to three, then get the node hwWsecBatchProfileReturnNumber,hwWsecBatchProfileName, that means start from the first security profile, get three security profile's name list. if it dose not exist three security profile, the hwWsecBatchProfileReturnNumber will be the real security profile number, otherwise, it is equal to hwWsecBatchProfileWantNumber.

The security profile number that want to get in batch operation.This node is used with node hwWsecBatchProfileWantNumber, for example, hwWsecBatchProfileStartNumber is set to one, and hwWsecBatchProfileWantNumber is set to three, then get the node hwWsecBatchProfileReturnNumber,hwWsecBatchProfileName, that means start from the first security profile, get three security profile's name list. if it dose not exist three security profile, the hwWsecBatchProfileReturnNumber will be the real security profile number, otherwise, it is equal to hwWsecBatchProfileWantNumber.

The ess number get in batch operation.

The names of security profile which are determined by node hwWsecBatchProfileStratNumber and node hwWsecBatchProfileWantNumber. each hwWsecProfileName name is divided by '?'.

Description.

Description.

Description.

Description.

Description.

Description.

Description.

Description.

Description.

Description.

Description.

Description.

Description.

Description. Enumeration: 'reasonCode': 1, 'statusCode': 2.

Description.

Description.

Description.

Description.

Description.

Description.

Description.

Description.

Description.

Description.

Description.

Description.

Description.

Description.

Description.

Description.

Description.

Description.

Description.