You are here:

MonitorTools.com > Technical documentation > SNMP > MIB > Cisco > CISCO-DOT11-SSID-SECURITY-MIB
ActiveXperts Network Monitor 2019##AdminFavorites

CISCO-DOT11-SSID-SECURITY-MIB by vendor Cisco

CISCO-DOT11-SSID-SECURITY-MIB file content

The SNMP protocol is used to for conveying information and commands between agents and managing entities. SNMP uses the User Datagram Protocol (UDP) as the transport protocol for passing data between managers and agents. The reasons for using UDP for SNMP are, firstly it has low overheads in comparison to TCP, which uses a 3-way hand shake for connection. Secondly, in congested networks, SNMP over TCP is a bad idea because TCP in order to maintain reliability will flood the network with retransmissions.

Management information (MIB) is represented as a collection of managed objects. These objects together form a virtual information base called MIB. An agent may implement many MIBs, but all agents must implement a particular MIB called MIB-II [16]. This standard defines variables for things such as interface statistics (interface speeds, MTU, octets sent, octets received, etc.) as well as various other things pertaining to the system itself (system location, system contact, etc.). The main goal of MIB-II is to provide general TCP/IP management information.

Use ActiveXperts Network Monitor 2019 to import vendor-specific MIB files, inclusing CISCO-DOT11-SSID-SECURITY-MIB.


Vendor: Cisco
Mib: CISCO-DOT11-SSID-SECURITY-MIB  [download]  [view objects]
Tool: ActiveXperts Network Monitor 2019 [download]    (ships with advanced SNMP/MIB tools)
-- *****************************************************************
-- CISCO-DOT11-SSID-SECURITY-MIB.my: 
-- CISCO IEEE 802.11 SSID Security MIB 
--
-- October 2003, Francis Pang 
--
-- Copyright (c) 2003-2004 by Cisco Systems, Inc.
-- All rights reserved.
-- *****************************************************************
--
CISCO-DOT11-SSID-SECURITY-MIB DEFINITIONS ::= BEGIN

IMPORTS
        MODULE-IDENTITY,
        OBJECT-TYPE,
        Integer32,
        Unsigned32
                FROM SNMPv2-SMI
        MODULE-COMPLIANCE,
        OBJECT-GROUP
                FROM SNMPv2-CONF
        TEXTUAL-CONVENTION,
        MacAddress,
        RowStatus,
        TruthValue
                FROM SNMPv2-TC
        SnmpAdminString 
                FROM SNMP-FRAMEWORK-MIB
        ifIndex
                FROM IF-MIB
        InetAddressType,
        InetAddress
                FROM INET-ADDRESS-MIB
        dot11AuthenticationAlgorithmsIndex 
                FROM IEEE802dot11-MIB
        CDot11IfVlanIdOrZero
                FROM CISCO-DOT11-IF-MIB
        ciscoMgmt
                FROM CISCO-SMI;


-- ********************************************************************
-- *  MODULE IDENTITY
-- ********************************************************************

ciscoDot11SsidSecMIB MODULE-IDENTITY
        LAST-UPDATED    "200409140000Z"
        ORGANIZATION    "Cisco System Inc."
        CONTACT-INFO
                "       Cisco Systems
                        Customer Service

                Postal: 170 West Tasman Drive,
                        San Jose CA 95134-1706.
                        USA

                   Tel: +1 800 553-NETS

                E-mail: cs-dot11@cisco.com"
        DESCRIPTION
                "This MIB module provides network management  
                support for Cisco IEEE 802.11 Wireless LAN
                devices association and authentication.

                          ACRONYMS 
                AES 
                    Advanced Encryption Standard.

                AP   
                    Access point.
                
                AID 
                    Association IDentifier for wireless stations.  

                BSS
                    IEEE 802.11 Basic Service Set.

                BSSID
                    Basic SSID, a MAC address.

                CCKM
                    Cisco Central Key Management.

                CCMP
                    Code Mode/CBC Mac Protocol.

                CKIP        
                    Cisco per packet key hashing.

                CMIC        
                    Cisco MMH MIC.

                CRC 
                    Cyclic Redundancy Check.  

                DTIM
                    Data Traffic Indication Map

                EAP
                    Extensible Authentication Protocol.  

                GRE
                    Generic Routing Encapsulation

                IAPP
                    Inter-Access-Point Protocol.  
                
                ICV
                    Integrity Check Value.  

                MBSSID
                    Multiple Basic SSID.

                MIC
                    Message Integrity Check.  

                MMH
                    Multi-Modal Hashing.

                MMIC  
                    Michael MIC.
                
                RF
                    Radio Frequency.
 
                SSID
                    Radio Service Set Id.  
                
                SSIDL IE
                    SSID List Information Element

                STA 
                    IEEE 802.11 wireless station.

                TKIP    
                    WPA Temporal Key encryption.

                VLAN 
                    Virtual LAN.
                
                WEP
                    Wired Equivalent Privacy.
                
                WPA 
                    Wi-Fi Protected Access.

                WPS
                    Wireless Provisioning System.


                          GLOSSARY 

                Access point    
                    Transmitter/receiver (transceiver) device
                    that commonly connects and transports data 
                    between a wireless network and a wired network.
                
                Association
                    The service used to establish access point
                    or station mapping and enable STA invocation
                    of the distribution system services.
                    (Wireless clients attempt to connect to 
                    access points.)
                
                Basic Service Set
                    The IEEE 802.11 BSS of an AP comprises of the 
                    stations directly associating with the AP.

                Bridge    
                    Device that connects two or more segments 
                    and reduces traffic by analyzing the 
                    destination address, filtering the frame,
                    and forwarding the frame to all connected 
                    segments.
                
                Bridge AP 
                    It is an AP that functions as a transparent 
                    bridge between 2 wired LAN segments.  

                Broadcast SSID 
                    Clients can send out Broadcast SSID Probe 
                    Requests to a nearby AP, and the AP will 
                    broadcast its own SSID within its beacons
                    to response to clients. Clients can use this 
                    Broadcast SSID to associate and communicate 
                    with the AP.  

                Extensible Authentication Protocol
                    EAP acts as the interface between a wireless 
                    client and an authentication server, such as a 
                    RADIUS server, to which the access point 
                    communicates over the wired network.

                IEEE 802.11    
                    Standard to encourage interoperability among 
                    wireless networking equipment.
                
                IEEE 802.11b    
                    High-rate wireless LAN standard for wireless 
                    data transfer at up to 11 Mbps.
                
                IEEE P802.11g 
                    Higher Speed Physical Layer (PHY) Extension to 
                    IEEE 802.11b, will boost wireless LAN speed to 54 
                    Mbps by using OFDM (orthogonal frequency division 
                    multiplexing).  The IEEE 802.11g specification is 
                    backward compatible with the widely deployed IEEE 
                    802.11b standard.

                Inter-Access-Point Protocol 
                    The IEEE 802.11 standard does not define how 
                    access points track moving users or how to 
                    negotiate a handoff from one access point to the
                    next, a process referred to as roaming.  IAPP is
                    a Cisco proprietary protocol to support roaming.  
                    However, IAPP does not address how the wireless 
                    system tracks users moving from one subnet to 
                    another.
                
                Independent network    
                    Network that provides peer-to-peer connectivity 
                    without relying on a complete network 
                    infrastructure.
                
                Information Element 
                    Optional wireless network management data element
                    in the beacons and probe responses generated by
                    wireless stations.  These elements identify the
                    extended capabilities supported by the stations.

                Integrity Check Value
                    The WEP ICV shall be a 32-bit value containing
                    the 32-bit cyclic redundancy code designed for 
                    verifying wireless data frame integrity.   

                Message Integrity Check 
                    A MIC can, optionally, be added to WEP-encrypted 
                    802.11 frames.  MIC prevents attacks on encrypted 
                    packets.  MIC, implemented on both the access point 
                    and all associated client devices, adds a few bytes
                    to each packet to make the packets tamper-proof.  
                
                Multiple BSS-ID 
                    An access point radio broadcasts and advertises
                    multiple SSIDs in the beacons.  For clients'
                    prospective, it is like there are multiple access
                    points existing in the wireless network. 

                Native VLAN ID
                    A switch port and/or AP can be configured with a 
                    'native VLAN ID'.  Untagged or priority-tagged 
                    frames are implicitly associated with the native 
                    VLAN ID.  The default native VLAN ID is '1' if 
                    VLAN tagging is enabled.  The native VLAN ID is '0' 
                    or 'no VLAN ID' if VLAN tagging is not enabled.
                
                Non-Root Bridge 
                    This wireless bridge does not connect to the main 
                    wired LAN segment.  It connects to a remote wired 
                    LAN segment and can associate with root bridges and 
                    other non-root bridges that accept client 
                    associations.  It also can accept associations from
                    other non-root bridges, repeater access points, 
                    and client devices.
                
                Primary LAN
                    In an AP, if the destinations of inbound unicast 
                    frames are unknown, the frames are sent toward 
                    the primary LAN defined on the device.
                
                Repeater    
                    Device that connects multiple segments, 
                    listening to each and regenerating the signal
                    on one to every other connected one; so that 
                    the signal can travel further.
                
                Repeater or Non-root Access Point    
                    The repeater access point is not connected 
                    to the wired LAN.  The Repeater is a wireless 
                    LAN transceiver that transfers data between 
                    a client and another access point, another 
                    repeater, or between two bridges.  The repeater 
                    is placed within radio range of an access point 
                    connected to the wired LAN, another repeater, or 
                    an non-root bridge to extend the range of the 
                    infrastructure.
                
                Radio Frequency 
                    Radio wave and modulation process or operation.
 
                Root Access Point    
                    This access point connects clients to the main 
                    wired LAN.
                
                Root (Wireless) Bridge    
                    This wireless bridge connects to the main wired 
                    LAN.  It can communicate with non-root wireless 
                    bridges, repeater access points, and client 
                    devices but not with another wireless root 
                    bridge.  Only one wireless bridge in a wireless 
                    LAN can be set as the wireless root bridge.  
                
                Service Set ID
                    SSID is a unique identifier that APs and clients 
                    use to identify with each other.  SSID is a simple 
                    means of access control and is not for security.  
                    The SSID can be any alphanumeric entry up to 32 
                    characters.
                
                Virtual LAN
                    VLAN defined in the IEEE 802.1Q VLAN standard 
                    supports logically segmenting of LAN 
                    infrastructure into different subnets or 
                    workgroups so that packets are switched only 
                    between ports within the same VLAN.  
                
                VLAN ID
                    Each VLAN is identified by a 12-bit 'VLAN ID'.   
                    A VLAN ID of '0' is used to indicate 
                    'no VLAN ID'.  Valid VLAN IDs range from '1' to 
                    '4095'.  VLAN of ID '4095' is the default VLAN 
                    for Cisco VoIP Phones.
                
                Wired Equivalent Privacy
                    WEP is generally used to refer to 802.11 
                    encryption."
 
        REVISION        "200409140000Z"
        DESCRIPTION
                "Added cdot11MbssidMacAddrSupportTable and 
                cdot11MbssidInterfaceTable to support MBSSID
                feature."
        REVISION        "200405150000Z"
        DESCRIPTION
                "This is the initial version of this MIB module."
        ::= { ciscoMgmt 413 }


ciscoDot11SsidSecMIBObjects OBJECT IDENTIFIER 
        ::= { ciscoDot11SsidSecMIB 1 }

cdot11SecSsidManagement     OBJECT IDENTIFIER 
        ::= { ciscoDot11SsidSecMIBObjects 1 }

cdot11SecAuthManagement     OBJECT IDENTIFIER
        ::= { ciscoDot11SsidSecMIBObjects 2 }

cdot11SecStatistics         OBJECT IDENTIFIER 
        ::= { ciscoDot11SsidSecMIBObjects 3 }

cdot11SecVlanManagement     OBJECT IDENTIFIER 
        ::= { ciscoDot11SsidSecMIBObjects 4 }

-- Textual Conventions

CDot11SecAuthKeyMgmtType ::= TEXTUAL-CONVENTION
        STATUS     current
        DESCRIPTION
                "This is the encryption key management type
                applied to different encryption key algorithms,
                like TKIP, WEP, and CKIP. 
                    cckm  -  Cisco Central Key Management 
                    wpa   -  Wi-Fi Protected Access"
        SYNTAX     BITS    {
                           cckm(0),
                           wpa(1)
                           }
 
CDot11WiFiPaPreSharedKey ::= TEXTUAL-CONVENTION
        STATUS     current
        DESCRIPTION
                "This is a 64-hexadecimal digit Wi-Fi Protected 
                Access Pre-shared Key.  This key is used for 
                association authentication and dynamic encryption
                key generation.  The key can also be in the form
                of a character string." 
        SYNTAX     OCTET STRING (SIZE (0..128))
   
CDot11SsidString ::= TEXTUAL-CONVENTION
        STATUS     current
        DESCRIPTION
                "This is the SSID string defined for IEEE 802.11 
                wireless LAN devices."  
        SYNTAX     OCTET STRING (SIZE(1..32))

CDot11VlanName ::= TEXTUAL-CONVENTION
        STATUS     current
        DESCRIPTION
                "This is a VLAN name string configured on RADIUS
                servers.  This should be an alpha-numeric string
                with at least one alpha." 
        SYNTAX     OCTET STRING (SIZE(1..32))

CDot11InformationElementType ::= TEXTUAL-CONVENTION
        STATUS     current
        DESCRIPTION
                "This is the set of Information Elements embedded
                in the wireless device beacons and probe response
                and the extended capabilities configurable on the
                IEs:
                    ssidl - send SSIDL IE and may advertise extended
                            capabilities, i.e., 802.1x and WPS;
                    advertisement - send SSID name and capabilities
                                    in the SSIDL IE;
                    wps - set WPS flag in the extended capabilities."
        SYNTAX     BITS    {
                           ssidl(0),
                           advertisement(1),
                           wps(2)
                           }


-- ********************************************************************
-- *  Cisco IEEE 802.11 Interface Ssid Management  
-- ********************************************************************

cdot11SecAuxSsidTable OBJECT-TYPE
        SYNTAX     SEQUENCE OF Cdot11SecAuxSsidEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION 
                "This table contains the list of SSIDs that all 
                radio interfaces of this device should install
                and use for client associations."
        ::= { cdot11SecSsidManagement 1 }

cdot11SecAuxSsidEntry OBJECT-TYPE
        SYNTAX     Cdot11SecAuxSsidEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION 
                "A collection of attributes defining an auxiliary
                service set ID which client stations can use for 
                association for the device.  Entries can be
                installed on multiple radio interfaces."
        INDEX      { 
                cdot11SecAuxSsid
                   }
        ::= { cdot11SecAuxSsidTable 1 }

Cdot11SecAuxSsidEntry ::= 
        SEQUENCE   {
                cdot11SecAuxSsid                
                        CDot11SsidString,
                cdot11SecAuxSsidBroadcast       
                        TruthValue, 
                cdot11SecAuxSsidInfraStruct     
                        INTEGER, 
                cdot11SecAuxSsidProxyMobileIp   
                        TruthValue, 
                cdot11SecAuxSsidMaxStations     
                        Unsigned32,
                cdot11SecAuxSsidVlan            
                        CDot11IfVlanIdOrZero, 
                cdot11SecAuxSsidWpaPsk          
                        CDot11WiFiPaPreSharedKey,   
                cdot11SecAuxRadiusAccounting    
                        SnmpAdminString,
                cdot11SecAuxSsidLoginUsername   
                        SnmpAdminString, 
                cdot11SecAuxSsidLoginPassword   
                        SnmpAdminString, 
                cdot11SecAuxSsidAuthKeyMgmt     
                        CDot11SecAuthKeyMgmtType,
                cdot11SecAuxSsidAuthKeyMgmtOpt  
                        TruthValue, 
                cdot11SecAuxSsidRowStatus       
                        RowStatus,
                cdot11SecAuxSsidWirelessNetId                  
                        Integer32,
                cdot11SecSsidRedirectAddrType    
                        InetAddressType,
                cdot11SecSsidRedirectDestAddr
                        InetAddress,
                cdot11SecSsidRedirectFilter
                        SnmpAdminString,
                cdot11SecSsidInformationElement
                        CDot11InformationElementType,
                cdot11SecAuxSsidVlanName            
                        CDot11VlanName, 
                cdot11SecAuxSsidMbssidBroadcast
                        TruthValue, 
                cdot11SecAuxSsidMbssidDtimPeriod
                        Integer32
                   }

cdot11SecAuxSsid OBJECT-TYPE
        SYNTAX     CDot11SsidString
        MAX-ACCESS not-accessible 
        STATUS     current
        DESCRIPTION
                "This object specifies a SSID defined on this 
                IEEE 802.11 wireless LAN device.  The SSID will
                be installed on the radio interfaces for client 
                associations.  The radio interface shall respond 
                to probe requests using this SSID, but it does
                not advertise this SSID in its beacons unless
                the cdot11SecAuxSsidBroadcast is 'true'."
        ::= { cdot11SecAuxSsidEntry 1 }

cdot11SecAuxSsidBroadcast OBJECT-TYPE
        SYNTAX     TruthValue 
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "This object indicates if an auxiliary SSID 
                is a Broadcast SSID.  There should only be one 
                Broadcast SSID installed on any IEEE 802.11 
                radio interface if Multiple BSSID feature is
                not enabled.  To enable this SSID for MBSSID  
                broadcast, use cdot11SecAuxSsidMbssidBroadcast." 
        REFERENCE  
                "IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium 
                Access Control and Physical Layer Specifications,
                LAN MAN Standards Committee of the IEEE Computer 
                Society, section 7.3.2.1." 
        DEFVAL     { false }
        ::= { cdot11SecAuxSsidEntry 2 }

cdot11SecAuxSsidInfraStruct OBJECT-TYPE
        SYNTAX     INTEGER {
                   infraStructure(1),
                   nonInfraStructure(2),
                   optional(3)
                           }
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "This object indicates if an auxiliary SSID
                is an infra-structure SSID.  There should only be 
                one infra-structure SSID installed on any IEEE 
                802.11 radio interface.  The infra-structure 
                SSID is used for uplink association while the 
                radio interface cd11IfStationRole is roleWgb(1),
                roleRepeater(5), roleNrBridge(9), or 
                roleApNrBridge(10).
                   infraStructure(1) - infra-structure SSID,
                   nonInfraStructure(2) - Non infra-structure SSID,
                   optional(3) - use of this infra-structure SSID 
                                 is optional for uplink connection."
        REFERENCE 
                "cd11IfStationRole, cd11IfStationConfigTable, 
                CISCO-DOT11-IF-MIB."
        DEFVAL     { nonInfraStructure }
        ::= { cdot11SecAuxSsidEntry 3 }
 
cdot11SecAuxSsidProxyMobileIp OBJECT-TYPE
        SYNTAX     TruthValue
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "This object indicates if an auxiliary SSID
                is enabled for Proxy Mobile-IP support.  If 
                Proxy Mobile-IP is not supported in VLAN 
                network environment, cdot11SecAuxSsidVlan should
                be '0' when Proxy Mobile-IP is enabled via this
                object."
        DEFVAL     { false }
        ::= { cdot11SecAuxSsidEntry 4 }

cdot11SecAuxSsidMaxStations OBJECT-TYPE
        SYNTAX     Unsigned32 (0..2007)
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "This object defines the maximum number of IEEE
                802.11 stations which may associate to a radio 
                interface through this SSID.  If the value 
                is '0', the maximum number is limited only by the 
                IEEE 802.11 standard and any hardware or radio 
                firmware limitations of the access point."
        REFERENCE  
                "IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium 
                Access Control and Physical Layer Specifications,
                LAN MAN Standards Committee of the IEEE Computer 
                Society, section 5.7." 
        DEFVAL     { 255 }
        ::= { cdot11SecAuxSsidEntry 5 }

cdot11SecAuxSsidVlan OBJECT-TYPE
        SYNTAX     CDot11IfVlanIdOrZero
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "This object defines the VLAN trunk at which the 
                traffic will be used when a client is associating 
                with this SSID.  The default value is '0', no 
                VLAN is configured or used for this SSID."
        DEFVAL     { 0 }
        ::= { cdot11SecAuxSsidEntry 6 }
 
cdot11SecAuxSsidWpaPsk OBJECT-TYPE
        SYNTAX     CDot11WiFiPaPreSharedKey   
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "This object configures Wi-Fi Protected Access 
                Pre-shared Key for this SSID.  This key is used
                for association authentication and dynamic
                encryption key generation.  The default value 
                is ''H if this shared key feature is not enabled."
        DEFVAL     { ''H }
        ::= { cdot11SecAuxSsidEntry 7 }

cdot11SecAuxRadiusAccounting OBJECT-TYPE
        SYNTAX     SnmpAdminString   
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "This object defines the name of the AAA accounting 
                list to be used for association accounting.  The 
                default value is an empty string if AAA accounting
                is not enabled."
        DEFVAL     { "" }
        ::= { cdot11SecAuxSsidEntry 8 }

cdot11SecAuxSsidLoginUsername OBJECT-TYPE
        SYNTAX     SnmpAdminString
        MAX-ACCESS read-create 
        STATUS     current
        DESCRIPTION
                "This object specifies the username used for 
                LEAP authentication and association to an uplink
                AP while this SSID is in infra-structure mode, i.e. 
                cdot11SecAuxSsidInfraStruct is 'true'.  The default 
                value is an empty string if this feature is not 
                enabled."
        DEFVAL     { "" }
        ::= { cdot11SecAuxSsidEntry 9 }

cdot11SecAuxSsidLoginPassword OBJECT-TYPE
        SYNTAX     SnmpAdminString
        MAX-ACCESS read-create 
        STATUS     current
        DESCRIPTION
                "This object specifies the password used for
                LEAP authentication association to an uplink
                AP while this SSID is in infra-structure mode, i.e.
                cdot11SecAuxSsidInfraStruct is 'true'.  The default
                value is an empty string if this feature is not 
                enabled."
        DEFVAL     { "" }
        ::= { cdot11SecAuxSsidEntry 10 }

cdot11SecAuxSsidAuthKeyMgmt OBJECT-TYPE
        SYNTAX     CDot11SecAuthKeyMgmtType 
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "This object specifies the type of key management
                employed for encryption keys defined for the VLAN
                in cdot11SecAuxSsidVlan.

                WPA key management should only be selected
                when encryption is TKIP and authentication is 
                open, i.e. dot11AuthenticationAlgorithmsIndex 
                is openSystem(1), together either with EAP or 
                WPA-PSK for this SSID.  

                CCKM key management can be used with encryption
                TKIP, WEP, CKIP, and Network-EAP authentication
                for this SSID.
 
                If none of the bits are set, there is no run-time
                key management for this SSID."
        ::= { cdot11SecAuxSsidEntry 11 }

cdot11SecAuxSsidAuthKeyMgmtOpt OBJECT-TYPE
        SYNTAX     TruthValue 
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "This object specifies if the type of key
                management, cdot11SecAuxSsidAuthKeyMgmt, 
                selected is optional.  If it is 'true' and
                cdot11SecAuxSsidAuthKeyMgmt is not 'none',  
                the key management is optional.  If it is
                'false' and cdot11SecAuxSsidAuthKeyMgmt
                is not 'none', the key management is 
                mandatory."
        DEFVAL     { false }
        ::= { cdot11SecAuxSsidEntry 12 }

cdot11SecAuxSsidRowStatus OBJECT-TYPE
        SYNTAX     RowStatus
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "This is used to create a new SSID entry on this
                device, and modify or delete an existing SSID  
                entry.

                Creation of rows must be done via 'createAndGo' 
                with or without optional objects.  This object will
                become 'active' if the NMS performs a multivarbind
                set including this object and successfully creates 
                the SSID on this device.

                Modification and deletion (via 'destroy') of rows can
                be done when this object is 'active'.  Any change
                to an existing SSID configuration can cause clients
                associating with the SSID to disassociate.  And, 
                depends on the implementation, changes on the 
                existing SSIDs may not affect installed SSID on the 
                radio interfaces.  Therefore, users are advised
                to reset the corresponding SSID on the radio
                interface via the cdot11SecInterfSsidTable." 
        ::= { cdot11SecAuxSsidEntry 13 }

cdot11SecAuxSsidWirelessNetId OBJECT-TYPE
        SYNTAX     Integer32 (0..4096)
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "This object sets the Wireless Network ID of this
                SSID.  This ID is used for Cisco GRE tunneling in
                layer 3 switching.  The valid range for the ID is
                '1' to '4096' and the default value is '0' and it 
                indicates no ID is configured or used on this SSID."
        DEFVAL     { 0 }
        ::= { cdot11SecAuxSsidEntry 14 }

cdot11SecSsidRedirectAddrType OBJECT-TYPE
        SYNTAX     InetAddressType
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "This is the address type of for the
                cdot11SecSsidRedirectDestAddr."
        DEFVAL     { ipv4 }
        ::= { cdot11SecAuxSsidEntry 15 }

cdot11SecSsidRedirectDestAddr OBJECT-TYPE
        SYNTAX     InetAddress
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "This is the destination address set to all packets 
                received from wireless clients associated to this 
                wireless station using the cdot11SecAuxSsid.  The
                cdot11SecSsidRedirectAddrType specifies the type 
                of this address.  The default value  '00000000'H
                of cdot11SecSsidRedirectAddrType 'ipv4' indicates
                that this packet redirection feature is not 
                enabled."
        DEFVAL     { '00000000'H }
        ::= { cdot11SecAuxSsidEntry 16 }

cdot11SecSsidRedirectFilter OBJECT-TYPE
        SYNTAX     SnmpAdminString
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "When the packet redirection feature is enable 
                (i.e., cdot11SecSsidRedirectAddrType is 'ipv4'
                and cdot11SecSsidRedirectDestAddr value is not
                '00000000'H), this is the Cisco IP extended 
                access list number or name used for filtering
                packets from wireless clients.  Only packets 
                passed by the access list will be allowed to 
                forward to the cdot11SecSsidRedirectDestAddr.  
                If packet redirection is disabled, this 
                access list will not be applied.  

                The default value is an empty string to 
                indicate that no access list filter will be
                applied."
        DEFVAL     { "" }
        ::= { cdot11SecAuxSsidEntry 17 }

cdot11SecSsidInformationElement OBJECT-TYPE
        SYNTAX     CDot11InformationElementType
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "This is the set of Information Elements and 
                extended capabilities embedded in the SSID
                broadcasted in beacons and probe responses.
                The extended capabilities 'advertisement' and 'wps'
                are allowed only if 'ssidl' is set."
        DEFVAL     { {} }
        ::= { cdot11SecAuxSsidEntry 18 }

cdot11SecAuxSsidVlanName OBJECT-TYPE
        SYNTAX     CDot11VlanName 
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "This is the name of the cdot11SecAuxSsidVlan.  Either
                cdot11SecAuxSsidVlan or cdot11SecAuxSsidVlanName can
                be used to set the VLAN trunk for client traffic of 
                this SSID.  If both cdot11SecAuxSsidVlanName and 
                cdot11SecAuxSsidVlan are set in a query, the set query
                will succeed if only if there is a matching pair of 
                cdot11SecVlanName and cdot11SecVlanNameId in the 
                cdot11SecVlanNameTable.    

                The default value is a blank string, no VLAN or VLAN
                name is configured or used for this SSID."
        DEFVAL     { " " }
        ::= { cdot11SecAuxSsidEntry 19 }

cdot11SecAuxSsidMbssidBroadcast OBJECT-TYPE
        SYNTAX     TruthValue 
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "This object controls if this SSID shall be 
                broadcasted if MBSSID is enabled at the interface
                which this SSID is attached, i.e. 
                if both cd11IfMultipleBssidEnable and 
                cdot11SecAuxSsidMbssidBroadcastis are 'true', then
                this SSID is broadcasted.  Otherwise, this SSID
                is not broadcasted."
        REFERENCE
                "CISCO-DOT11-IF-MIB, cd11IfStationConfigTable."
        DEFVAL     { false }
        ::= { cdot11SecAuxSsidEntry 20 }

cdot11SecAuxSsidMbssidDtimPeriod OBJECT-TYPE
        SYNTAX     Integer32 (0..255)
        UNITS      "beacons" 
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "This is the DTIM period for this MBSSID enabled SSID.
                It is the number of beacon intervals that shall elapse
                between transmission of Beacons frames containing a
                TIM element whose DTIM Count field is 0.

                This DTIM period is only applicable if MBSSID is 
                enabled at the interface which this SSID is attached,
                i.e. cd11IfMultipleBssidEnable is 'true'.

                The default value is 0 which indicates dot11DTIMPeriod
                of IEEE802dot11-MIB is used.  The current valid DTIM 
                period range for the radio is 1 to 100."
        REFERENCE  
                "IEEE802dot11-MIB, dot11DTIMPeriod."
        DEFVAL     { 0 }
        ::= { cdot11SecAuxSsidEntry 21 }
 

cdot11SecAuxSsidAuthTable OBJECT-TYPE
        SYNTAX     SEQUENCE OF Cdot11SecAuxSsidAuthEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "This table contains attributes to configure
                authentication parameters for SSIDs listed in the 
                cdot11SecAuxSsidTable.  This table extends the 
                IEEE802dot11-MIB dot11AuthenticationAlgorithmsTable 
                to defines additional attributes authentication
                procedures for multiple SSIDs.  Multiple 
                authentication algorithms can apply to a single 
                auxiliary SSID.

                This table has an expansion dependent relationship
                on the cdot11SecAuxSsidTable.  For each entry in 
                this table, there exists at least an entry in the  
                cdot11SecAuxSsidTable." 
        REFERENCE  
                "IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium 
                Access Control and Physical Layer Specifications,
                LAN MAN Standards Committee of the IEEE Computer 
                Society, section 5.7.6."
        ::= { cdot11SecSsidManagement 2 }

cdot11SecAuxSsidAuthEntry OBJECT-TYPE
        SYNTAX     Cdot11SecAuxSsidAuthEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "Each entry specifies a pre-defined 
                authentication algorithms and additional
                authentication procedures for clients of an 
                auxiliary SSID.  The three pre-defined 
                authentication algorithms are:
                    openSystem(1), 
                    sharedKey(2), and 
                    network-EAP(3).

                The valid combination of the pre-defined 
                authentications and additional procedures are:
                    openSystem(1)  - plus EAP 
                                   - plus MAC or EAP
                    sharedKey(2)   - plus MAC and EAP
                                   - plus EAP
                    network-EAP(3) - plus MAC." 
        REFERENCE  
                "IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium 
                Access Control and Physical Layer Specifications,
                LAN MAN Standards Committee of the IEEE Computer 
                Society, IEEE802dot11-MIB." 
        INDEX      { 
                cdot11SecAuxSsid,
                dot11AuthenticationAlgorithmsIndex 
                   }
        ::= { cdot11SecAuxSsidAuthTable 1 }

Cdot11SecAuxSsidAuthEntry ::= 
        SEQUENCE   {
            cdot11SecAuxSsidAuthEnabled       TruthValue,
            cdot11SecAuxSsidAuthPlusEap       TruthValue,
            cdot11SecAuxSsidAuthPlusMac       TruthValue,
            cdot11SecAuxSsidAuthEapMethod     SnmpAdminString,
            cdot11SecAuxSsidAuthMacMethod     SnmpAdminString,
            cdot11SecAuxSsidAuthMacAlternate  TruthValue 
                   }

cdot11SecAuxSsidAuthEnabled OBJECT-TYPE
        SYNTAX     TruthValue
        MAX-ACCESS read-write
        STATUS     current
        DESCRIPTION 
                "If the value is 'true', this device may 
                authenticate an association using SSID (specified 
                by cdot11SecAuxSsid) with the corresponding
                pre-defined algorithm (identified by the 
                dot11AuthenticationAlgorithmsIndex).  The default 
                value is 'true'."
        REFERENCE  
                "IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium 
                Access Control and Physical Layer Specifications,
                LAN MAN Standards Committee of the IEEE Computer 
                Society, IEEE802dot11-MIB." 
        ::= { cdot11SecAuxSsidAuthEntry 1 }

cdot11SecAuxSsidAuthPlusEap OBJECT-TYPE
        SYNTAX     TruthValue
        MAX-ACCESS read-write
        STATUS     current
        DESCRIPTION 
                "If both the values of this object and 
                cdot11SecAuxSsidAuthEnabled are 'true', the 
                association authentication must complete additional 
                network-level EAP authentication before client 
                stations will be unblocked from their association 
                attempts.  If the value of this object is 'false' 
                while cdot11SecAuxSsidAuthEnabled is 'true', client 
                stations will be unblocked as soon as they 
                complete the enabled IEEE 802.11 authentication.

                The default value is 'false' for no additional 
                EAP authentication."
        REFERENCE  
                "IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium 
                Access Control and Physical Layer Specifications,
                LAN MAN Standards Committee of the IEEE Computer 
                Society, IEEE802dot11-MIB." 
        ::= { cdot11SecAuxSsidAuthEntry 2 }

cdot11SecAuxSsidAuthPlusMac OBJECT-TYPE
        SYNTAX     TruthValue
        MAX-ACCESS read-write
        STATUS     current
        DESCRIPTION
                "If both the values of this object and
                cdot11SecAuxSsidAuthEnabled are 'true', the
                association authentication must complete additional
                MAC address authentication before client stations
                will be unblocked from their association
                attempts.  If the value of this object is 'false'
                while cdot11SecAuxSsidAuthEnabled is 'true', client
                stations will be unblocked as soon as they
                complete the enabled IEEE 802.11 authentication.

                The default value is 'false' for no additional 
                MAC address authentication."
        REFERENCE 
                "IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium
                Access Control and Physical Layer Specifications,
                LAN MAN Standards Committee of the IEEE Computer
                Society, IEEE802dot11-MIB."
        ::= { cdot11SecAuxSsidAuthEntry 3 }

cdot11SecAuxSsidAuthEapMethod OBJECT-TYPE
        SYNTAX     SnmpAdminString
        MAX-ACCESS read-write
        STATUS     current
        DESCRIPTION 
                "If the value of cdot11SecAuxSsidAuthPlusEap 
                is 'true' or dot11AuthenticationAlgorithm is 
                Network-EAP, this is the EAP method list to use
                for the EAP authentication.  The default is an
                empty string if EAP is not used."
        REFERENCE  
                "IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium 
                Access Control and Physical Layer Specifications,
                LAN MAN Standards Committee of the IEEE Computer 
                Society, IEEE802dot11-MIB." 
        ::= { cdot11SecAuxSsidAuthEntry 4 }

cdot11SecAuxSsidAuthMacMethod OBJECT-TYPE
        SYNTAX     SnmpAdminString  
        MAX-ACCESS read-write
        STATUS     current
        DESCRIPTION
                "If the value of cdot11SecAuxSsidAuthPlusMac 
                is 'true', this is the MAC address method list to 
                use for the MAC authentication.  The default is 
                an empty string if MAC address authentication 
                is not used."
        ::= { cdot11SecAuxSsidAuthEntry 5 }

cdot11SecAuxSsidAuthMacAlternate OBJECT-TYPE
        SYNTAX     TruthValue
        MAX-ACCESS read-write
        STATUS     current
        DESCRIPTION
                "If the values of this object, 
                cdot11SecAuxSsidAuthEnabled, 
                cdot11SecAuxSsidAuthPlusMac, and
                cdot11SecAuxSsidAuthPlusEap are all 'true' and 
                the dot11AuthenticationAlgorithm is 'openSystem' 
                the, the association authentication only need to
                complete either additional MAC address or
                additional EAP authentication before client 
                stations will be unblocked from their association
                attempts.  If the value of this object is 'false',
                only one of the two additional authentications
                should be enabled.  The default value is 'false'
                for only one additional should be configured."
        REFERENCE
                "IEEE Std 802.11-Jan 14 1999, Wireless LAN Medium
                Access Control and Physical Layer Specifications,
                LAN MAN Standards Committee of the IEEE Computer
                Society, IEEE802dot11-MIB."
        ::= { cdot11SecAuxSsidAuthEntry 6 }


cdot11SecInterfSsidTable OBJECT-TYPE
        SYNTAX     SEQUENCE OF Cdot11SecInterfSsidEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "This table contains the list of SSIDs installed 
                on radio interfaces of this device and are used 
                for client association.

                This table has an expansion dependent relationship
                on the ifTable.  For each entry in this table, 
                there exists at least an entry in the ifTable of 
                ifType ieee80211(71)."
        ::= { cdot11SecSsidManagement 3 }

cdot11SecInterfSsidEntry OBJECT-TYPE
        SYNTAX     Cdot11SecInterfSsidEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "A collection of attributes for an auxiliary
                service set ID installed on a IEEE 802.11 radio
                interface.  An interface can have multiple 
                auxiliary service set ID installed and the 
                current maximum for each radio interface is
                16 SSIDs, and the cd11IfAuxiliarySsidLength 
                object specifies the configured maximum."
        INDEX      {
                ifIndex,
                cdot11SecAuxSsid
                   }
        ::= { cdot11SecInterfSsidTable 1 }

Cdot11SecInterfSsidEntry ::=
        SEQUENCE   {
              cdot11SecInterfSsidRowStatus  RowStatus 
                   }

cdot11SecInterfSsidRowStatus OBJECT-TYPE
        SYNTAX     RowStatus
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "This is used to install a new SSID configuration,
                and modify or delete an existing SSID configuration
                on a radio interface.

                Creation of rows must be done via 'createAndGo' and
                with an existing ifIndex of ifType ieee80211(71)
                and an existing cdot11SecAuxSsid in the
                cdot11SecAuxSsidTable.  This object will become 
                'active' if the NMS performs a multivarbind set 
                including this object and successfully installs
                the SSID on this interface.

                Modification and deletion (via 'destroy') of rows can
                be done when this object is 'active'.  Any change
                to an existing SSID configuration can cause clients
                associating with the SSID to disassociate."
        ::= { cdot11SecInterfSsidEntry 1 } 


cdot11MbssidMacAddrSupportTable OBJECT-TYPE
        SYNTAX     SEQUENCE OF Cdot11MbssidMacAddrSupportEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION 
                "This table contains the list of available radio MAC
                addresses for supporting MBSSID on the IEEE 802.11 
                radio. 

                This table has an expansion dependent relationship
                on the ifTable.  For each entry in this table, there
                exists at least an entry in the ifTable of ifType
                ieee80211(71)."
        ::= { cdot11SecSsidManagement 4 }

cdot11MbssidMacAddrSupportEntry OBJECT-TYPE
        SYNTAX     Cdot11MbssidMacAddrSupportEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION 
                "Each entry is a MAC address assigned to the IEEE 
                802.11 radio available to be used as a BSSID and
                broadcasted in the radio beacon when MBSSID feature
                is enabled."
        INDEX      { 
                ifIndex,
                cdot11MbssidMacAddrIndex
                   }
        ::= { cdot11MbssidMacAddrSupportTable 1 }

Cdot11MbssidMacAddrSupportEntry ::= 
        SEQUENCE   {
                cdot11MbssidMacAddrIndex      Integer32,               
                cdot11MbssidMacAddrSupported  MacAddress
                   }

cdot11MbssidMacAddrIndex OBJECT-TYPE
        SYNTAX     Integer32 (1..256)
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "This is an unique index identifying the
                MAC address assigned on the radio.  If MBSSID
                is not supported on this device, the only 
                available index number is 1.  Currently, if MBSSID
                is supported, the index numbers are 1 to 16." 
        ::= { cdot11MbssidMacAddrSupportEntry 1 }

cdot11MbssidMacAddrSupported OBJECT-TYPE
        SYNTAX     MacAddress 
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "This MAC address can be used as BSSID and 
                broadcasted in the beacon with a SSID when
                cd11IfMultipleBssidEnable is 'true'."
        REFERENCE
                "CISCO-DOT11-IF-MIB, cd11IfStationConfigTable."
        ::= { cdot11MbssidMacAddrSupportEntry 2 }        


cdot11MbssidInterfaceTable OBJECT-TYPE
        SYNTAX     SEQUENCE OF Cdot11MbssidInterfaceEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "This table displays the list of SSIDs and their
                corresponding BSSIDs configured on the IEEE 
                802.11 radios.

                This table has an expansion dependent relationship
                on the ifTable.  For each entry in this table, there
                exists at least an entry in the ifTable of ifType
                ieee80211(71)."
        ::= { cdot11SecSsidManagement 5 }

cdot11MbssidInterfaceEntry OBJECT-TYPE
        SYNTAX     Cdot11MbssidInterfaceEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "Each entry defines an SSID being configured on
                the radio and the corresponding BSSID."
        INDEX      {
                ifIndex,
                IMPLIED cdot11SecAuxSsid
                   }
        ::= { cdot11MbssidInterfaceTable 1 }

Cdot11MbssidInterfaceEntry ::=
        SEQUENCE   {
                cdot11MbssidIfMacAddress  MacAddress,
                cdot11MbssidIfBroadcast   TruthValue 
                   }

cdot11MbssidIfMacAddress OBJECT-TYPE
        SYNTAX     MacAddress
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "This is the BSSID to be sent with the radio SSID.  
                If MBSSID feature is not enabled (i.e. 
                cd11IfMultipleBssidEnable is 'false'), all SSIDs
                will be sent by the radio with the same BSSID and
                that is the radio hardware MAC address.  

                If MBSSID feature is enabled (i.e. 
                cd11IfMultipleBssidEnable is 'true'), all SSIDs
                will be sent by the radio with different BSSIDs."
        REFERENCE
                "CISCO-DOT11-IF-MIB, cd11IfStationConfigTable."
        ::= { cdot11MbssidInterfaceEntry 1 }

cdot11MbssidIfBroadcast OBJECT-TYPE
        SYNTAX     TruthValue 
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "If d11IfMultipleBssidEnable is 'true', MBSSID
                is enabled for the radio and this SSID is a
                broadcast SSID as follows
                    'true'  - This SSID is a broadcast SSID and
                              being broadcasted in the radio beacon.
                    'false' - This SSID is not a broadcast SSID and
                              is not broadcasted in the radio beacon."
        REFERENCE
                "CISCO-DOT11-IF-MIB, cd11IfStationConfigTable."
        ::= { cdot11MbssidInterfaceEntry 2 }


cdot11SecLocalAuthServerEnabled OBJECT-TYPE
        SYNTAX     TruthValue
        MAX-ACCESS read-write
        STATUS     current
        DESCRIPTION
                "This object configures the use of local
                authentication server.  If it is 'true',
                local authentication server is enabled. If it
                is 'false', the local authentication server is
                disabled.  If both local and network servers are
                configured, the local server is used as back up
                when network authentication server is not
                available."
        ::= { cdot11SecAuthManagement 1 }


cdot11SecVlanNameTable OBJECT-TYPE
        SYNTAX     SEQUENCE OF Cdot11SecVlanNameEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION 
                "This table contains the mapping of VLAN names to 
                IDs.  A RADIUS server servering this wireless 
                station can assign wireless clients associating 
                to this station to a particular VLAN by either 
                a VLAN name or an ID.

                When the VLAN assign of a client is via VLAN name,
                this table is used to look up for the corresponding
                VLAN ID and VLAN configured on this wireless
                station.  Each VLAN name uniquely identifies a 
                VLAN on a wireless station, and  a VLAN ID can 
                associate to multiple VLAN names in this table."
        ::= { cdot11SecVlanManagement 1 }

cdot11SecVlanNameEntry OBJECT-TYPE
        SYNTAX     Cdot11SecVlanNameEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION 
                "A collection of attributes defining the properties
                of a VLAN name and the corresponding VLAN ID." 
        INDEX      { 
                cdot11SecVlanName
                   }
        ::= { cdot11SecVlanNameTable 1 }

Cdot11SecVlanNameEntry ::= 
        SEQUENCE   {
                cdot11SecVlanName           CDot11VlanName,
                cdot11SecVlanNameId         CDot11IfVlanIdOrZero,
                cdot11SecVlanNameRowStatus  RowStatus 
                   }
         
cdot11SecVlanName OBJECT-TYPE
        SYNTAX     CDot11VlanName
        MAX-ACCESS not-accessible 
        STATUS     current
        DESCRIPTION
                "This object defines the VLAN name assigned to
                wireless clients by the RADIUS server serving
                this wireless station." 
        ::= { cdot11SecVlanNameEntry 1 }

cdot11SecVlanNameId OBJECT-TYPE
        SYNTAX     CDot11IfVlanIdOrZero
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "This object defines the VLAN trunk to which
                a client associating to this wireless station 
                will be on.  The value is '0' is not valid." 
        ::= { cdot11SecVlanNameEntry 2 }

cdot11SecVlanNameRowStatus OBJECT-TYPE
        SYNTAX     RowStatus
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "This is used to create a new VLAN name to ID
                mapping entry on this device, and modify or delete
                an existing mapping entry.

                Creation of rows must be done via 'createAndGo' 
                with all other mandatory objects.  This object will
                become 'active' if the NMS performs a multivarbind
                set including this object and successfully creates 
                the VLAN name entry on this device.

                Modification and deletion (via 'destroy') of rows can
                be done when this object is 'active'.  Any change
                to an existing VLAN name to ID mapping configuration
                do not affect existing associated wireless clients."
        ::= { cdot11SecVlanNameEntry 3 }

 
-- ********************************************************************
-- *    Conformance information  
-- ********************************************************************


ciscoDot11SsidSecMIBConformance
      OBJECT IDENTIFIER ::= { ciscoDot11SsidSecMIB 2 }
ciscoDot11SsidSecMIBCompliances
      OBJECT IDENTIFIER ::= { ciscoDot11SsidSecMIBConformance 1 }
ciscoDot11SsidSecMIBGroups
      OBJECT IDENTIFIER ::= { ciscoDot11SsidSecMIBConformance 2 }


-- *****************************************************************
--   Compliance statements
-- *****************************************************************

ciscoDot11SsidSecCompliance MODULE-COMPLIANCE
        STATUS     current
        DESCRIPTION
                "This is the compliance statement for the 
                ciscoDot11SsidSecMIB module."
        MODULE  
                MANDATORY-GROUPS {
                        cdot11SecSsidManagementGroup,
                        cdot11SsidAuthenticationGroup,
                        cdot11ModuleAuthenticationGroup
                                 }

        GROUP cdot11SecVlanManagementGroup
        DESCRIPTION
                "This group is required only if VLAN by name is
                supported on the IEEE 802.11 wireless LAN
                devices."

        GROUP cdot11MbssidSupportGroup
        DESCRIPTION
                "This group is required only if MBSSID feature 
                is supported on the IEEE 802.11 wireless LAN 
                devices."

        OBJECT cdot11SecAuxSsidLoginPassword 
        DESCRIPTION
                "Due to security reasons, for SNMPv1/v2c, this
                this object will return blank spaces if a 
                password is configured." 

        OBJECT cdot11SecAuxSsidMaxStations 
        DESCRIPTION
                "The supported range of values for SET queries 
                are 1 to 255.  The supported range of values for 
                SNMP GET or GET-NEXT queries are 0 to 255." 

        OBJECT cdot11SecSsidRedirectFilter 
        DESCRIPTION
                "Only Cisco IP extend access list number 100 to
                199 are required and supported."

        OBJECT cdot11SecAuxSsidRowStatus   
        SYNTAX INTEGER {             
                active(1),
                createAndGo(4),
                destroy(6)
                        }
        DESCRIPTION 
                "Only the values 'createAndGo', 'destroy', and 
                'active' need to be supported."

        OBJECT cdot11SecInterfSsidRowStatus 
        SYNTAX INTEGER {
                active(1),
                createAndGo(4),
                destroy(6)
                        }
        DESCRIPTION
                "Only the values 'createAndGo', 'destroy', and
                'active' need to be supported."

        OBJECT cdot11SecVlanNameRowStatus
        SYNTAX INTEGER {
                active(1),
                createAndGo(4),
                destroy(6)
                        }
        DESCRIPTION
                "Only the values 'createAndGo', 'destroy', and
                'active' need to be supported."

        ::= { ciscoDot11SsidSecMIBCompliances 1 }


-- *****************************************************************
--   Units of conformance
-- *****************************************************************

cdot11SecSsidManagementGroup OBJECT-GROUP
        OBJECTS { 
                cdot11SecAuxSsidBroadcast,
                cdot11SecAuxSsidInfraStruct, 
                cdot11SecAuxSsidProxyMobileIp, 
                cdot11SecAuxSsidMaxStations,
                cdot11SecAuxSsidVlan, 
                cdot11SecAuxSsidWpaPsk,   
                cdot11SecAuxRadiusAccounting,  
                cdot11SecAuxSsidLoginUsername,
                cdot11SecAuxSsidLoginPassword,  
                cdot11SecAuxSsidAuthKeyMgmt,  
                cdot11SecAuxSsidAuthKeyMgmtOpt,
                cdot11SecAuxSsidRowStatus,   
                cdot11SecAuxSsidWirelessNetId,
                cdot11SecSsidRedirectAddrType, 
                cdot11SecSsidRedirectDestAddr, 
                cdot11SecSsidRedirectFilter, 
                cdot11SecSsidInformationElement,
                cdot11SecAuxSsidVlanName, 
                cdot11SecInterfSsidRowStatus 
                }
        STATUS     current
        DESCRIPTION
                "This group includes objects to manage SSID 
                on IEEE 802.11 devices and interfaces."
        ::= { ciscoDot11SsidSecMIBGroups 1 }

cdot11SsidAuthenticationGroup OBJECT-GROUP
        OBJECTS {
                cdot11SecAuxSsidAuthEnabled,
                cdot11SecAuxSsidAuthPlusEap,
                cdot11SecAuxSsidAuthPlusMac,
                cdot11SecAuxSsidAuthEapMethod,
                cdot11SecAuxSsidAuthMacMethod,
                cdot11SecAuxSsidAuthMacAlternate
                }
        STATUS     current
        DESCRIPTION
                "This group includes objects to manage the
                association and authentication algorithms
                for SSIDs."
        ::= { ciscoDot11SsidSecMIBGroups 2 }

cdot11ModuleAuthenticationGroup OBJECT-GROUP
        OBJECTS {
                cdot11SecLocalAuthServerEnabled
                }
        STATUS     current
        DESCRIPTION
                "This group includes objects to manage the
                association and authentication of this
                wireless station module."
        ::= { ciscoDot11SsidSecMIBGroups 3 }

cdot11SecVlanManagementGroup OBJECT-GROUP
        OBJECTS {
                cdot11SecVlanNameId,
                cdot11SecVlanNameRowStatus
                }
        STATUS     current
        DESCRIPTION
                "This group includes objects to manage the
                VLAN name and ID mapping table."
        ::= { ciscoDot11SsidSecMIBGroups 4 }


cdot11MbssidSupportGroup OBJECT-GROUP
        OBJECTS {
                cdot11SecAuxSsidMbssidBroadcast,
                cdot11SecAuxSsidMbssidDtimPeriod,
                cdot11MbssidMacAddrIndex,
                cdot11MbssidMacAddrSupported,
                cdot11MbssidIfMacAddress,
                cdot11MbssidIfBroadcast
                }
        STATUS     current
        DESCRIPTION
                "This group includes objects providing
                MBSSID configuration information."
        ::= { ciscoDot11SsidSecMIBGroups 5 }

END