Reference record for OID 1.3.6.1.4.1.9.9.456


parent
1.3.6.1.4.1.9.9 (ciscoMgmt)
node code
456
node name
ciscoDot11WidsMIB
dot oid
1.3.6.1.4.1.9.9.456
type
OBJECT IDENTIFIER
asn1 oid
  • {iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) cisco(9) ciscoMgmt(9) ciscoDot11WidsMIB(456)}
  • {iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprises(1) cisco(9) ciscoMgmt(9) ciscoDot11WidsMIB(456)}
  • {iso(1) org(3) dod(6) internet(1) private(4) enterprise(1) cisco(9) ciscoMgmt(9) ciscoDot11WidsMIB(456)}
  • {iso(1) org(3) dod(6) internet(1) private(4) enterprises(1) cisco(9) ciscoMgmt(9) ciscoDot11WidsMIB(456)}
  • {iso(1) iso-identified-organization(3) dod(6) internet(1) private(4) enterprise(1) cisco(9) ciscoMgmt(9) ciscoDot11WidsMIB(456)}
  • {iso(1) iso-identified-organization(3) dod(6) internet(1) private(4) enterprises(1) cisco(9) ciscoMgmt(9) ciscoDot11WidsMIB(456)}
  • iri oid
  • /iso/identified-organization/dod/internet/private/enterprise/cisco/ciscoMgmt/ciscoDot11WidsMIB
  • /iso/identified-organization/dod/internet/private/enterprises/cisco/ciscoMgmt/ciscoDot11WidsMIB
  • /iso/org/dod/internet/private/enterprise/cisco/ciscoMgmt/ciscoDot11WidsMIB
  • /iso/org/dod/internet/private/enterprises/cisco/ciscoMgmt/ciscoDot11WidsMIB
  • /iso/iso-identified-organization/dod/internet/private/enterprise/cisco/ciscoMgmt/ciscoDot11WidsMIB
  • /iso/iso-identified-organization/dod/internet/private/enterprises/cisco/ciscoMgmt/ciscoDot11WidsMIB
  • iri by oid_info
    /ISO/Identified-Organization/6/1/4/1/9/9/456

    Description by circitor

    This MIB is intended to be implemented on the
    following IOS based network entities for the purpose
    of providing network management stations information
    about the various attempts to compromise the security
    in the 802.11-based wireless networks.

    (i) 802.11 Access Points that accept wireless client
    associations.

    The MIB reports the information about the following
    attacks that can happen either at the initial
    authentication phase or during normal data
    communication between the client and the AP.

    EAPOL flooding - This is an attempt made by an
    invalid 802.11 client to send too many EAPOL-Start
    messages and bring the authentication services
    on the Authenticator, typically the AP, down.

    BlackListing - This is the process of marking
    a client as invalid when its authentication
    attempts fail. The client is put in a list
    when its authentication attempt fails for the
    first time. If the number of consecutive
    failed authentication attempts reach a threshold,
    any subsequent authentication requests made by
    the client will be rejected from that point for
    a configurable period of time.

    Protection Failures - These kind of failures
    happen when the attacker injects invalid packets
    onto the wireless network thereby corrupting the
    802.11 data traffic between an AP and its
    associated wireless clients.

    The administrator, through the NMS, can configure
    the thresholds on the AP using this MIB to enable
    the AP detect the EAPOL flood attacks and provide
    related statistics to the NMS.

    To detect protection failures, the AP provides the
    relevant statistics about the protection errors in
    the form of MIB objects, which are compared against
    the thresholds configured on the NMS and appropriate
    events are raised by the NMS, if thresholds are
    found to be exceeded.

    The hierarchy of the AP and MNs is as follows.

    +~-~-~+ +~-~-~+ +~-~-~+ +~-~-~+
    + + + + + + + +
    + AP + + AP + + AP + + AP +
    + + + + + + + +
    +~-~-~+ +~-~-~+ +~-~-~+ +~-~-~+
    .. . . .
    .. . . .
    . . . . .
    . . . . .
    . . . . .
    . . . . .
    \/ \/ \/ \/ \/
    +.....+ +.....+ +-.-.-.+ +~-~-~+ +......+
    + + + + + + + + + +
    + MN + + MN + + MN + + MN + + MN +
    + + + + + + + + + +
    +.....+ +.....+ +-.-.-.+ +~-~-~+ +......+


    The wireless connections are represented as dotted
    lines in the above diagram.

    GLOSSARY

    Access Point ( AP )

    An entity that contains an 802.11 medium access
    control ( MAC ) and physical layer ( PHY ) interface
    and provides access to the distribution services via
    the wireless medium for associated clients.


    Mobile Node ( MN )

    A roaming 802.11 wireless device in a wireless
    network associated with an access point.

    Service Set Identifier (SSID)

    The Radio Service Set ID that is used by the mobile
    wireless clients for identification during the
    association with the APs.

    Temporal Key Integrity Protocol (TKIP)

    A security protocol defined to enhance the limitations
    of WEP. Message Integrity Check and per-packet keying
    on all WEP-encrypted frames are two significant
    enhancements provided by TKIP to WEP.


    Counter mode with CBC-MAC Protocol (CCMP)

    A security protocol that uses the counter mode in
    conjunction with cipher block chaining. This method
    divides the data into blocks, encrypts the first
    block, XORs the results with the second block,
    encrypts the result, XORs the result with the next
    block and continues till all the blocks are
    processed. This way, this protocol derives a
    64-bit MIC which is appended to the plaintext data
    which is again encrypted using the counter mode.


    Message Integrity Check (MIC)

    The Message Integrity Check is an improvement over the
    Integrity Check Function (ICV) of the 802.11 standard.
    MIC adds two new fields to the wireless frames - a
    sequence number field for detecting out-of-order
    frames and a MIC field to provide a frame integrity
    check to overcome the mathematical shortcomings of
    the ICV.


    802.1x

    The IEEE ratified standard for enforcing port based
    access control. This was originally intended for
    use on wired LANs and later extended for use in
    802.11 WLAN environments. This defines an
    architecture with three main parts - a supplicant
    (Ex. an 802.11 wireless client), an authenticator
    (the AP) and an authentication server(a Radius
    server). The authenticator passes messages back
    and forth between the supplicant and the
    authentication server to enable the supplicant
    get authenticated to the network.


    Extensible Authentication Protocol Over LAN (EAPOL)

    This is an encapsulation method defined by 802.1x
    passing EAP packets over Ethernet frames.

    Parsed from file CISCO-DOT11-WIDS-MIB.mib
    Module: CISCO-DOT11-WIDS-MIB

    Description by mibdepot

    This MIB is intended to be implemented on the
    following IOS based network entities for the purpose
    of providing network management stations information
    about the various attempts to compromise the security
    in the 802.11-based wireless networks.

    (i) 802.11 Access Points that accept wireless client
    associations.

    The MIB reports the information about the following
    attacks that can happen either at the initial
    authentication phase or during normal data
    communication between the client and the AP.

    EAPOL flooding - This is an attempt made by an
    invalid 802.11 client to send too many EAPOL-Start
    messages and bring the authentication services
    on the Authenticator, typically the AP, down.

    BlackListing - This is the process of marking
    a client as invalid when its authentication
    attempts fail. The client is put in a list
    when its authentication attempt fails for the
    first time. If the number of consecutive
    failed authentication attempts reach a threshold,
    any subsequent authentication requests made by
    the client will be rejected from that point for
    a configurable period of time.

    Protection Failures - These kind of failures
    happen when the attacker injects invalid packets
    onto the wireless network thereby corrupting the
    802.11 data traffic between an AP and its
    associated wireless clients.

    The administrator, through the NMS, can configure
    the thresholds on the AP using this MIB to enable
    the AP detect the EAPOL flood attacks and provide
    related statistics to the NMS.

    To detect protection failures, the AP provides the
    relevant statistics about the protection errors in
    the form of MIB objects, which are compared against
    the thresholds configured on the NMS and appropriate
    events are raised by the NMS, if thresholds are
    found to be exceeded.

    The hierarchy of the AP and MNs is as follows.

    +~-~-~+ +~-~-~+ +~-~-~+ +~-~-~+
    + + + + + + + +
    + AP + + AP + + AP + + AP +
    + + + + + + + +
    +~-~-~+ +~-~-~+ +~-~-~+ +~-~-~+
    .. . . .
    .. . . .
    . . . . .
    . . . . .
    . . . . .
    . . . . .
    \/ \/ \/ \/ \/
    +.....+ +.....+ +-.-.-.+ +~-~-~+ +......+
    + + + + + + + + + +
    + MN + + MN + + MN + + MN + + MN +
    + + + + + + + + + +
    +.....+ +.....+ +-.-.-.+ +~-~-~+ +......+


    The wireless connections are represented as dotted
    lines in the above diagram.

    GLOSSARY

    Access Point ( AP )

    An entity that contains an 802.11 medium access
    control ( MAC ) and physical layer ( PHY ) interface
    and provides access to the distribution services via
    the wireless medium for associated clients.


    Mobile Node ( MN )

    A roaming 802.11 wireless device in a wireless
    network associated with an access point.

    Service Set Identifier (SSID)

    The Radio Service Set ID that is used by the mobile
    wireless clients for identification during the
    association with the APs.

    Temporal Key Integrity Protocol (TKIP)

    A security protocol defined to enhance the limitations
    of WEP. Message Integrity Check and per-packet keying
    on all WEP-encrypted frames are two significant
    enhancements provided by TKIP to WEP.


    Counter mode with CBC-MAC Protocol (CCMP)

    A security protocol that uses the counter mode in
    conjunction with cipher block chaining. This method
    divides the data into blocks, encrypts the first
    block, XORs the results with the second block,
    encrypts the result, XORs the result with the next
    block and continues till all the blocks are
    processed. This way, this protocol derives a
    64-bit MIC which is appended to the plaintext data
    which is again encrypted using the counter mode.


    Message Integrity Check (MIC)

    The Message Integrity Check is an improvement over the
    Integrity Check Function (ICV) of the 802.11 standard.
    MIC adds two new fields to the wireless frames - a
    sequence number field for detecting out-of-order
    frames and a MIC field to provide a frame integrity
    check to overcome the mathematical shortcomings of
    the ICV.


    802.1x

    The IEEE ratified standard for enforcing port based
    access control. This was originally intended for
    use on wired LANs and later extended for use in
    802.11 WLAN environments. This defines an
    architecture with three main parts - a supplicant
    (Ex. an 802.11 wireless client), an authenticator
    (the AP) and an authentication server(a Radius
    server). The authenticator passes messages back
    and forth between the supplicant and the
    authentication server to enable the supplicant
    get authenticated to the network.


    Extensible Authentication Protocol Over LAN (EAPOL)

    This is an encapsulation method defined by 802.1x
    passing EAP packets over Ethernet frames.

    Parsed from file CISCO-DOT11-WIDS-MIB.my.txt
    Company: None
    Module: CISCO-DOT11-WIDS-MIB

    Description by cisco

    This MIB is intended to be implemented on the
    following IOS based network entities for the purpose
    of providing network management stations information
    about the various attempts to compromise the security
    in the 802.11-based wireless networks.

    (i) 802.11 Access Points that accept wireless client
    associations.

    The MIB reports the information about the following
    attacks that can happen either at the initial
    authentication phase or during normal data
    communication between the client and the AP.

    EAPOL flooding - This is an attempt made by an
    invalid 802.11 client to send too many EAPOL-Start
    messages and bring the authentication services
    on the Authenticator, typically the AP, down.

    BlackListing - This is the process of marking
    a client as invalid when its authentication
    attempts fail. The client is put in a list
    when its authentication attempt fails for the
    first time. If the number of consecutive
    failed authentication attempts reach a threshold,
    any subsequent authentication requests made by
    the client will be rejected from that point for
    a configurable period of time.

    Protection Failures - These kind of failures
    happen when the attacker injects invalid packets
    onto the wireless network thereby corrupting the
    802.11 data traffic between an AP and its
    associated wireless clients.

    The administrator, through the NMS, can configure
    the thresholds on the AP using this MIB to enable
    the AP detect the EAPOL flood attacks and provide
    related statistics to the NMS.

    To detect protection failures, the AP provides the
    relevant statistics about the protection errors in
    the form of MIB objects, which are compared against
    the thresholds configured on the NMS and appropriate
    events are raised by the NMS, if thresholds are
    found to be exceeded.

    The hierarchy of the AP and MNs is as follows.

    +~-~-~+ +~-~-~+ +~-~-~+ +~-~-~+
    + + + + + + + +
    + AP + + AP + + AP + + AP +
    + + + + + + + +
    +~-~-~+ +~-~-~+ +~-~-~+ +~-~-~+
    .. . . .
    .. . . .
    . . . . .
    . . . . .
    . . . . .
    . . . . .
    \/ \/ \/ \/ \/
    +.....+ +.....+ +-.-.-.+ +~-~-~+ +......+
    + + + + + + + + + +
    + MN + + MN + + MN + + MN + + MN +
    + + + + + + + + + +
    +.....+ +.....+ +-.-.-.+ +~-~-~+ +......+


    The wireless connections are represented as dotted
    lines in the above diagram.

    GLOSSARY

    Access Point ( AP )

    An entity that contains an 802.11 medium access
    control ( MAC ) and physical layer ( PHY ) interface
    and provides access to the distribution services via
    the wireless medium for associated clients.


    Mobile Node ( MN )

    A roaming 802.11 wireless device in a wireless
    network associated with an access point.

    Service Set Identifier (SSID)

    The Radio Service Set ID that is used by the mobile
    wireless clients for identification during the
    association with the APs.

    Temporal Key Integrity Protocol (TKIP)

    A security protocol defined to enhance the limitations
    of WEP. Message Integrity Check and per-packet keying
    on all WEP-encrypted frames are two significant
    enhancements provided by TKIP to WEP.


    Counter mode with CBC-MAC Protocol (CCMP)

    A security protocol that uses the counter mode in
    conjunction with cipher block chaining. This method
    divides the data into blocks, encrypts the first
    block, XORs the results with the second block,
    encrypts the result, XORs the result with the next
    block and continues till all the blocks are
    processed. This way, this protocol derives a
    64-bit MIC which is appended to the plaintext data
    which is again encrypted using the counter mode.


    Message Integrity Check (MIC)

    The Message Integrity Check is an improvement over the
    Integrity Check Function (ICV) of the 802.11 standard.
    MIC adds two new fields to the wireless frames - a
    sequence number field for detecting out-of-order
    frames and a MIC field to provide a frame integrity
    check to overcome the mathematical shortcomings of
    the ICV.


    802.1x

    The IEEE ratified standard for enforcing port based
    access control. This was originally intended for
    use on wired LANs and later extended for use in
    802.11 WLAN environments. This defines an
    architecture with three main parts - a supplicant
    (Ex. an 802.11 wireless client), an authenticator
    (the AP) and an authentication server(a Radius
    server). The authenticator passes messages back
    and forth between the supplicant and the
    authentication server to enable the supplicant
    get authenticated to the network.


    Extensible Authentication Protocol Over LAN (EAPOL)

    This is an encapsulation method defined by 802.1x
    passing EAP packets over Ethernet frames.

    Information by circitor

    ciscoDot11WidsMIB MODULE-IDENTITY LAST-UPDATED "200411300000Z" ORGANIZATION "Cisco System Inc." CONTACT-INFO " Cisco Systems, Customer Service Postal: 170 West Tasman Drive San Jose, CA 95134 USA Tel: +1 800 553-NETS E-mail: [email protected]" DESCRIPTION "This MIB is intended to be implemented on the following IOS based network entities for the purpose of providing network management stations information about the various attempts to compromise the security in the 802.11-based wireless networks. (i) 802.11 Access Points that accept wireless client associations. The MIB reports the information about the following attacks that can happen either at the initial authentication phase or during normal data communication between the client and the AP. EAPOL flooding - This is an attempt made by an invalid 802.11 client to send too many EAPOL-Start messages and bring the authentication services on the Authenticator, typically the AP, down. BlackListing - This is the process of marking a client as invalid when its authentication attempts fail. The client is put in a list when its authentication attempt fails for the first time. If the number of consecutive failed authentication attempts reach a threshold, any subsequent authentication requests made by the client will be rejected from that point for a configurable period of time. Protection Failures - These kind of failures happen when the attacker injects invalid packets onto the wireless network thereby corrupting the 802.11 data traffic between an AP and its associated wireless clients. The administrator, through the NMS, can configure the thresholds on the AP using this MIB to enable the AP detect the EAPOL flood attacks and provide related statistics to the NMS. To detect protection failures, the AP provides the relevant statistics about the protection errors in the form of MIB objects, which are compared against the thresholds configured on the NMS and appropriate events are raised by the NMS, if thresholds are found to be exceeded. The hierarchy of the AP and MNs is as follows. +~-~-~+ +~-~-~+ +~-~-~+ +~-~-~+ + + + + + + + + + AP + + AP + + AP + + AP + + + + + + + + + +~-~-~+ +~-~-~+ +~-~-~+ +~-~-~+ .. . . . .. . . . . . . . . . . . . . . . . . . . . . . . \/ \/ \/ \/ \/ +.....+ +.....+ +-.-.-.+ +~-~-~+ +......+ + + + + + + + + + + + MN + + MN + + MN + + MN + + MN + + + + + + + + + + + +.....+ +.....+ +-.-.-.+ +~-~-~+ +......+ The wireless connections are represented as dotted lines in the above diagram. GLOSSARY Access Point ( AP ) An entity that contains an 802.11 medium access control ( MAC ) and physical layer ( PHY ) interface and provides access to the distribution services via the wireless medium for associated clients. Mobile Node ( MN ) A roaming 802.11 wireless device in a wireless network associated with an access point. Service Set Identifier (SSID) The Radio Service Set ID that is used by the mobile wireless clients for identification during the association with the APs. Temporal Key Integrity Protocol (TKIP) A security protocol defined to enhance the limitations of WEP. Message Integrity Check and per-packet keying on all WEP-encrypted frames are two significant enhancements provided by TKIP to WEP. Counter mode with CBC-MAC Protocol (CCMP) A security protocol that uses the counter mode in conjunction with cipher block chaining. This method divides the data into blocks, encrypts the first block, XORs the results with the second block, encrypts the result, XORs the result with the next block and continues till all the blocks are processed. This way, this protocol derives a 64-bit MIC which is appended to the plaintext data which is again encrypted using the counter mode. Message Integrity Check (MIC) The Message Integrity Check is an improvement over the Integrity Check Function (ICV) of the 802.11 standard. MIC adds two new fields to the wireless frames - a sequence number field for detecting out-of-order frames and a MIC field to provide a frame integrity check to overcome the mathematical shortcomings of the ICV. 802.1x The IEEE ratified standard for enforcing port based access control. This was originally intended for use on wired LANs and later extended for use in 802.11 WLAN environments. This defines an architecture with three main parts - a supplicant (Ex. an 802.11 wireless client), an authenticator (the AP) and an authentication server(a Radius server). The authenticator passes messages back and forth between the supplicant and the authentication server to enable the supplicant get authenticated to the network. Extensible Authentication Protocol Over LAN (EAPOL) This is an encapsulation method defined by 802.1x passing EAP packets over Ethernet frames. " REVISION "200411300000Z" DESCRIPTION "Initial version of this MIB module. " ::= { ciscoMgmt 456 }

    Information by cisco_v1

    ciscoDot11WidsMIB OBJECT IDENTIFIER ::= { ciscoMgmt 456 }

    Information by oid_info

    Vendor: Cisco
    Module: CISCO-DOT11-WIDS-MIB

    [Automatically extracted from oidview.com]

    Information by mibdepot

    ciscoDot11WidsMIB MODULE-IDENTITY LAST-UPDATED "200411300000Z" ORGANIZATION "Cisco System Inc." CONTACT-INFO " Cisco Systems, Customer Service Postal: 170 West Tasman Drive San Jose, CA 95134 USA Tel: +1 800 553-NETS E-mail: [email protected]" DESCRIPTION "This MIB is intended to be implemented on the following IOS based network entities for the purpose of providing network management stations information about the various attempts to compromise the security in the 802.11-based wireless networks. (i) 802.11 Access Points that accept wireless client associations. The MIB reports the information about the following attacks that can happen either at the initial authentication phase or during normal data communication between the client and the AP. EAPOL flooding - This is an attempt made by an invalid 802.11 client to send too many EAPOL-Start messages and bring the authentication services on the Authenticator, typically the AP, down. BlackListing - This is the process of marking a client as invalid when its authentication attempts fail. The client is put in a list when its authentication attempt fails for the first time. If the number of consecutive failed authentication attempts reach a threshold, any subsequent authentication requests made by the client will be rejected from that point for a configurable period of time. Protection Failures - These kind of failures happen when the attacker injects invalid packets onto the wireless network thereby corrupting the 802.11 data traffic between an AP and its associated wireless clients. The administrator, through the NMS, can configure the thresholds on the AP using this MIB to enable the AP detect the EAPOL flood attacks and provide related statistics to the NMS. To detect protection failures, the AP provides the relevant statistics about the protection errors in the form of MIB objects, which are compared against the thresholds configured on the NMS and appropriate events are raised by the NMS, if thresholds are found to be exceeded. The hierarchy of the AP and MNs is as follows. +~-~-~+ +~-~-~+ +~-~-~+ +~-~-~+ + + + + + + + + + AP + + AP + + AP + + AP + + + + + + + + + +~-~-~+ +~-~-~+ +~-~-~+ +~-~-~+ .. . . . .. . . . . . . . . . . . . . . . . . . . . . . . \/ \/ \/ \/ \/ +.....+ +.....+ +-.-.-.+ +~-~-~+ +......+ + + + + + + + + + + + MN + + MN + + MN + + MN + + MN + + + + + + + + + + + +.....+ +.....+ +-.-.-.+ +~-~-~+ +......+ The wireless connections are represented as dotted lines in the above diagram. GLOSSARY Access Point ( AP ) An entity that contains an 802.11 medium access control ( MAC ) and physical layer ( PHY ) interface and provides access to the distribution services via the wireless medium for associated clients. Mobile Node ( MN ) A roaming 802.11 wireless device in a wireless network associated with an access point. Service Set Identifier (SSID) The Radio Service Set ID that is used by the mobile wireless clients for identification during the association with the APs. Temporal Key Integrity Protocol (TKIP) A security protocol defined to enhance the limitations of WEP. Message Integrity Check and per-packet keying on all WEP-encrypted frames are two significant enhancements provided by TKIP to WEP. Counter mode with CBC-MAC Protocol (CCMP) A security protocol that uses the counter mode in conjunction with cipher block chaining. This method divides the data into blocks, encrypts the first block, XORs the results with the second block, encrypts the result, XORs the result with the next block and continues till all the blocks are processed. This way, this protocol derives a 64-bit MIC which is appended to the plaintext data which is again encrypted using the counter mode. Message Integrity Check (MIC) The Message Integrity Check is an improvement over the Integrity Check Function (ICV) of the 802.11 standard. MIC adds two new fields to the wireless frames - a sequence number field for detecting out-of-order frames and a MIC field to provide a frame integrity check to overcome the mathematical shortcomings of the ICV. 802.1x The IEEE ratified standard for enforcing port based access control. This was originally intended for use on wired LANs and later extended for use in 802.11 WLAN environments. This defines an architecture with three main parts - a supplicant (Ex. an 802.11 wireless client), an authenticator (the AP) and an authentication server(a Radius server). The authenticator passes messages back and forth between the supplicant and the authentication server to enable the supplicant get authenticated to the network. Extensible Authentication Protocol Over LAN (EAPOL) This is an encapsulation method defined by 802.1x passing EAP packets over Ethernet frames. " REVISION "200411300000Z" DESCRIPTION "Initial version of this MIB module. " ::= { ciscoMgmt 456 }

    Information by cisco

    ciscoDot11WidsMIB MODULE-IDENTITY LAST-UPDATED "200411300000Z" ORGANIZATION "Cisco System Inc." CONTACT-INFO " Cisco Systems, Customer Service Postal: 170 West Tasman Drive San Jose, CA 95134 USA Tel: +1 800 553-NETS E-mail: [email protected]" DESCRIPTION "This MIB is intended to be implemented on the following IOS based network entities for the purpose of providing network management stations information about the various attempts to compromise the security in the 802.11-based wireless networks. (i) 802.11 Access Points that accept wireless client associations. The MIB reports the information about the following attacks that can happen either at the initial authentication phase or during normal data communication between the client and the AP. EAPOL flooding - This is an attempt made by an invalid 802.11 client to send too many EAPOL-Start messages and bring the authentication services on the Authenticator, typically the AP, down. BlackListing - This is the process of marking a client as invalid when its authentication attempts fail. The client is put in a list when its authentication attempt fails for the first time. If the number of consecutive failed authentication attempts reach a threshold, any subsequent authentication requests made by the client will be rejected from that point for a configurable period of time. Protection Failures - These kind of failures happen when the attacker injects invalid packets onto the wireless network thereby corrupting the 802.11 data traffic between an AP and its associated wireless clients. The administrator, through the NMS, can configure the thresholds on the AP using this MIB to enable the AP detect the EAPOL flood attacks and provide related statistics to the NMS. To detect protection failures, the AP provides the relevant statistics about the protection errors in the form of MIB objects, which are compared against the thresholds configured on the NMS and appropriate events are raised by the NMS, if thresholds are found to be exceeded. The hierarchy of the AP and MNs is as follows. +~-~-~+ +~-~-~+ +~-~-~+ +~-~-~+ + + + + + + + + + AP + + AP + + AP + + AP + + + + + + + + + +~-~-~+ +~-~-~+ +~-~-~+ +~-~-~+ .. . . . .. . . . . . . . . . . . . . . . . . . . . . . . \/ \/ \/ \/ \/ +.....+ +.....+ +-.-.-.+ +~-~-~+ +......+ + + + + + + + + + + + MN + + MN + + MN + + MN + + MN + + + + + + + + + + + +.....+ +.....+ +-.-.-.+ +~-~-~+ +......+ The wireless connections are represented as dotted lines in the above diagram. GLOSSARY Access Point ( AP ) An entity that contains an 802.11 medium access control ( MAC ) and physical layer ( PHY ) interface and provides access to the distribution services via the wireless medium for associated clients. Mobile Node ( MN ) A roaming 802.11 wireless device in a wireless network associated with an access point. Service Set Identifier (SSID) The Radio Service Set ID that is used by the mobile wireless clients for identification during the association with the APs. Temporal Key Integrity Protocol (TKIP) A security protocol defined to enhance the limitations of WEP. Message Integrity Check and per-packet keying on all WEP-encrypted frames are two significant enhancements provided by TKIP to WEP. Counter mode with CBC-MAC Protocol (CCMP) A security protocol that uses the counter mode in conjunction with cipher block chaining. This method divides the data into blocks, encrypts the first block, XORs the results with the second block, encrypts the result, XORs the result with the next block and continues till all the blocks are processed. This way, this protocol derives a 64-bit MIC which is appended to the plaintext data which is again encrypted using the counter mode. Message Integrity Check (MIC) The Message Integrity Check is an improvement over the Integrity Check Function (ICV) of the 802.11 standard. MIC adds two new fields to the wireless frames - a sequence number field for detecting out-of-order frames and a MIC field to provide a frame integrity check to overcome the mathematical shortcomings of the ICV. 802.1x The IEEE ratified standard for enforcing port based access control. This was originally intended for use on wired LANs and later extended for use in 802.11 WLAN environments. This defines an architecture with three main parts - a supplicant (Ex. an 802.11 wireless client), an authenticator (the AP) and an authentication server(a Radius server). The authenticator passes messages back and forth between the supplicant and the authentication server to enable the supplicant get authenticated to the network. Extensible Authentication Protocol Over LAN (EAPOL) This is an encapsulation method defined by 802.1x passing EAP packets over Ethernet frames. " REVISION "200411300000Z" DESCRIPTION "Initial version of this MIB module. " ::= { ciscoMgmt 456 }

    First Registration Authority (recovered by parent 1.3.6.1.4.1.9)

    Greg Satz

    Current Registration Authority (recovered by parent 1.3.6.1.4.1.9)

    Cisco Systems, Inc.

    Children (3)

    OIDNameSub childrenSub Nodes TotalDescription
    1.3.6.1.4.1.9.9.456.0 ciscoDot11WidsMIBNotifs 0 0 None
    1.3.6.1.4.1.9.9.456.1 ciscoDot11WidsMIBObjects 2 42 None
    1.3.6.1.4.1.9.9.456.2 ciscoDot11WidsMIBConform 2 5 None

    Brothers (645)

    To many brothers! Only 100 nearest brothers are shown.

    OIDNameSub childrenSub Nodes TotalDescription
    ...
    1.3.6.1.4.1.9.9.407 ciscoAtmTrunkStatMIB 3 101 The MIB module contains ATM Trunk statistics.

    TERMINOLOGY

    PVC: Permanent Virtual Circuit
    OAM: Operation and Management
    CRC: Cyclic…
    1.3.6.1.4.1.9.9.408 ciscoSnmpNotificationExtMIB 3 13 This MIB extends the functionality provided
    by SNMP-NOTIFICATION-MIB.
    This MIB provides for the aging of the
    notification filters …
    1.3.6.1.4.1.9.9.409 ciscoSnmpVacmExtMIB 2 11 The management information definitions to extend
    the View-based Access Control Model (RFC3415) for
    SNMP.

    This MIB extends the 'SN…
    1.3.6.1.4.1.9.9.411 ciscoVlanTranslationMIB 3 27 The MIB module for the management of VLAN translations.

    VLAN translation refers to the ability of the device
    to translate between…
    1.3.6.1.4.1.9.9.412 ciscoSnmpTargetExtMIB 2 30 This MIB is an extension of the SNMP-TARGET-MIB
    specified in RFC3413.

    This MIB module contains Cisco-defined extension
    to the sn…
    1.3.6.1.4.1.9.9.413 ciscoDot11SsidSecMIB 2 71 This MIB module provides network management
    support for Cisco IEEE 802.11 Wireless LAN
    devices association and authentication.

    ACR…
    1.3.6.1.4.1.9.9.414 ciscoPoePdMIB 3 17 This MIB is intended for devices powered by
    external power sources, in particular Power
    Over Ethernet (PoE or formerly called inl…
    1.3.6.1.4.1.9.9.415 ciscoWlanManMIB 3 13 This MIB module provides network management
    and configuration support for IEEE 802.11
    Wireless LAN devices.

    ACRONYMS

    HTTP
    Hypertext …
    1.3.6.1.4.1.9.9.416 ciscoDot11QosMIB 3 49 This MIB module provides network management
    support for QoS on wireless LAN devices. The
    objects defined in this MIB provide equ…
    1.3.6.1.4.1.9.9.420 ciscoUnityExpressMIB 3 179 The MIB Module for the management of the Cisco Unity
    Express (CUE) service. CUE is a voicemail service that
    runs in a Cisco rout…
    1.3.6.1.4.1.9.9.421 ciscoDpvmMIB 3 55 The MIB module for the management of the
    Dynamic Port Vsan Membership (DPVM) module.
    DPVM provides the ability to assign (virtual…
    1.3.6.1.4.1.9.9.422 ciscoIPsecTc 0 0 This MIB module defines the textual conventions
    used in the IPsec suite of MIBs. This includes
    Internet DOI numbers defined in RF…
    1.3.6.1.4.1.9.9.423 ciscoIkeConfigMIB 3 93 This is a MIB Module for configuring and viewing IKE
    parameters and policies.

    Acronyms
    The following acronyms are used in this do…
    1.3.6.1.4.1.9.9.424 ciscoCableMeteringMIB 3 53 This is the MIB module for Usage Based Metering for the
    DOCSIS-compliant Cable Modem Termination Systems (CMTS).

    Usage Based Mete…
    1.3.6.1.4.1.9.9.426 ciscoLinkErrorMonitorMIB 3 34 The MIB module for managing Link Error Monitoring
    Feature on devices.

    Link Error Monitoring Feature provides a mechanism
    to monito…
    1.3.6.1.4.1.9.9.427 ciscoZsExtMIB 3 33 The MIB module for the management of zoning within
    the framework of Cisco's Zoning Server (ZS) Archi-
    tecture which realizes the …
    1.3.6.1.4.1.9.9.428 ciscoIkeFlowExtMIB 3 18 This MIB module is an extension to
    CISCO-IKE-FLOW-MIB and contains Cisco Specific
    extensions for monitoring IKE.

    It is for monito…
    1.3.6.1.4.1.9.9.429 ciscoIkeFlowMIB 3 80 This is a MIB module for monitoring the structures
    and status of IPsec control flows based on Internet
    Key Exchange protocol. The…
    1.3.6.1.4.1.9.9.430 ciscoFcDeviceAliasMIB 3 14 The MIB module for the management of Device
    Aliases in a Fibre Channel Fabric. A Fibre
    Channel fabric consists of devices such as…
    1.3.6.1.4.1.9.9.431 ciscoIPsecProvisioningMIB 3 98 IPSec is the next-generation network layer crypto
    framework described in RFC2401-2411.
    This MIB defines the IPsec configurations.…
    1.3.6.1.4.1.9.9.432 ciscoEnhancedIpsecFlowMIB 3 330 This is a MIB Module for monitoring the structures
    and status of IPSec-based networks. The MIB has been
    designed to be adopted as…
    1.3.6.1.4.1.9.9.433 ciscoCFSMIB 3 102 This MIB applies to one or more of a set of devices
    which have connectivity through some kind of 'fabric'.
    Many features which ru…
    1.3.6.1.4.1.9.9.434 ciscoIpNetworkDiscoveryMIB, ciscoIsnsIpNetDiscoveryMIB 3 58 MIB to provide the information about the disjoint
    IP networks connected to the various gigabit ethernet
    interfaces in the 'Fabric…
    1.3.6.1.4.1.9.9.435 ciscoFcMulticastMIB 3 14 MIB module for monitoring and configuring
    Fibre Channel Multicast feature.
    1.3.6.1.4.1.9.9.436 ciscoDNSClientMIB 3 28 The MIB module for entities implementing the client
    side of the Domain Name System (DNS) protocol.
    1.3.6.1.4.1.9.9.437 ciscoPortTrackMIB 2 18 A MIB to configure the Port-Track feature.

    When a link goes down, all the services which depend
    on the link are notified of the o…
    1.3.6.1.4.1.9.9.438 ciscoIPsecSignalingMIB 3 140 This MIB Module models status, performance and failures
    of a protocol with the generic characteristics of signalling
    protocols us…
    1.3.6.1.4.1.9.9.439 ciscoCcmeMIB 3 338 This MIB allows management of Cisco CallManager Express
    (CCME) feature in Cisco IOS. CCME is optional software
    feature that enabl…
    1.3.6.1.4.1.9.9.441 ciscoSrstMIB 3 149 This MIB allows management of Cisco Survivable Remote
    Site Telephony (SRST) feature in Cisco IOS. SRST is
    an optional software fe…
    1.3.6.1.4.1.9.9.443 ciscoCommonMgmtMIB 3 37 MIB module for integrating different elements of
    managing a device. For example, different device access
    methods like SNMP, CLI, …
    1.3.6.1.4.1.9.9.445 ciscoQinqVlanMIB 3 25 This MIB defines configuration and monitoring capabilities
    relating to 802.1QinQ interfaces. QinQ interfaces are capable
    of term…
    1.3.6.1.4.1.9.9.447 ciscoScsiFlowMIB 3 99 A SCSI Flow is described as a SCSI Initiator
    SCSI Target combination. This MIB is used to
    configure and monitor SCSI Flows.

    Gloss…
    1.3.6.1.4.1.9.9.448 ciscoSsmProvMIB 2 26 This MIB is used to provision features
    on a Data Path Processor (DPP) of a Storage Service
    Module (SSM). A DPP is assigned to a c…
    1.3.6.1.4.1.9.9.449 ciscoEigrpMIB 3 103 Enhanced Interior Gateway Protocol (EIGRP) is a Cisco
    proprietary distance vector routing protocol. It is based on
    the Diffusin…
    1.3.6.1.4.1.9.9.450 ciscoCableAdmCtrlMIB 3 123 This MIB module defines the managed objects enabling
    the management of Cable Modem Termination System
    (CMTS) admission control.

    CM…
    1.3.6.1.4.1.9.9.451 ciscoIpUrpfMIB 3 47 Unicast Reverse Path Forwarding (URPF) is a function that
    checks the validity of the source address of IP packets
    received on an …
    1.3.6.1.4.1.9.9.454 ciscoDot11LbsMIB 3 23 This MIB module supports network management
    for Location Based Services on IEEE 802.11 wireless
    LAN devices. Location Based Serv…
    1.3.6.1.4.1.9.9.455 ciscoImageTc 0 0 This MIB module defines the textual conventions
    used in the enhanced image MIB.

    Glossary:

    Base Image
    Essential part of the operatin…
    1.3.6.1.4.1.9.9.457 ciscoWdsIdsMIB 2 18 This MIB is intended to be implemented on all
    IOS based network entities that provide Wireless
    Domain Services, for the purpose o…
    1.3.6.1.4.1.9.9.458 ciscoApplianceRedundancyMIB 3 47 This mib defines the SNMP objects to report the status of
    High Availability (HA) functionality in Cisco network
    management applia…
    1.3.6.1.4.1.9.9.459 ciscoBitsClockMIB 3 21 This MIB provides information on Building Integrated
    Timing Supply(BITS) clocking sources and modes of
    operations. It is used to…
    1.3.6.1.4.1.9.9.460 ciscoTpcMIB 3 24 The MIB module for Third Party Copy(TPC):
    Third Party Copy derives its name from the fact
    that there are three entities involved …
    1.3.6.1.4.1.9.9.461 ciscoEtherCfmMIB 3 39 This MIB module defines the managed objects
    and notifications for Ethernet Connectivity
    Fault Management (CFM).

    CFM is an end-to-e…
    1.3.6.1.4.1.9.9.463 ciscoSanTapMIB 3 30 MIB module to provide information about the SanTap
    service configuration.

    SanTap is a fibre channel switch based capability that
    p…
    1.3.6.1.4.1.9.9.466 ciscoEthernetAccessMIB 2 20 The tables defined by this MIB module contain a collection
    of managed objects that are general in nature and apply to
    an edge dev…
    1.3.6.1.4.1.9.9.467 ciscoCryptoAcceleratorMIB 3 107 The MIB module for monitoring the identity, status,
    activity and faults of crypto accelerator (CA) modules
    used in devices implem…
    1.3.6.1.4.1.9.9.468 ciscoContextMappingMIB 2 35 A single SNMP agent sometimes needs to support multiple
    instances of the same MIB module, and does so through the
    use of multiple…
    1.3.6.1.4.1.9.9.470 ciscoEnhancedSlbMIB 3 106 The MIB for managing Server Load Balancing
    Manager(s), and products supporting Server
    Load Balancing(SLB) features.

    This MIB exten…
    1.3.6.1.4.1.9.9.471 ciscoFlexLinksMIB 3 36 This MIB module is for configuration and status query
    of Flex Links feature on the Cisco device.

    Flex Links are a pair of Layer 2…
    1.3.6.1.4.1.9.9.472 ciscoModuleVirtualizationMIB 3 35 This MIB provides a way to create virtual contexts,
    and managing them. A virtual context is logical
    partition of a physical devi…
    1.3.6.1.4.1.9.9.473 ciscoCcaMIB 3 200 The Cisco Contact Center Applications (CCCA) Management
    Information Base (MIB) module defines management
    instrumentation for appl…
    1.3.6.1.4.1.9.9.474 ciscoFilterGroupMIB 3 55 The MIB module is for creating and configuring
    object groups to support packet filtering and
    access control on IP and other proto…
    1.3.6.1.4.1.9.9.479 ciscoCableWidebandMIB 3 77 This is the MIB module for the support of Channel Bonding
    Protocol for the Cable Modem Termination System (CMTS).

    Wideband DOCSIS…
    1.3.6.1.4.1.9.9.480 ciscoL4L7moduleResourceLimitMIB 4 100 The MIB module for managing resource classes
    and configuring limits(max/min) to different
    resources. The resource referenced in …
    1.3.6.1.4.1.9.9.482 ciscoInterfaceTopNExtMIB 3 16 This MIB module is an extension to INTERFACETOPN-MIB.
    It provides additional management information for
    sorting device interfaces.
    1.3.6.1.4.1.9.9.483 ciscoIpRanBackHaulMIB 3 248 This MIB provides information on the IP-RAN traffic
    from cell site to aggregation site in the following
    situations. In an GSM en…
    1.3.6.1.4.1.9.9.484 ciscoNacNadMIB 3 157 This MIB module is for the configuration of a Network
    Access Device (NAD) on the Cisco Network Admission
    Control (NAC) system.

    End…
    1.3.6.1.4.1.9.9.485 ciscoRttMonTCMIB 0 0 This MIB contains textual conventions used by
    CISCO-RTTMON-MIB, CISCO-RTTMON-RTP-MIB and
    CISCO-RTTMON-ICMP-MIB, but they are not …
    1.3.6.1.4.1.9.9.486 ciscoRttMonIcmpMIB 3 7 An extension to the CISCO-RTTMON-MIB for ICMP
    operations. The ICMP Jitter operation provides capability
    to measure metrics such a…
    1.3.6.1.4.1.9.9.487 ciscoRttMonRtpMIB 3 8 An extension to the CISCO-RTTMON-MIB for Cisco IP SLA
    RTP operation, Real-Time Transport Protocol(RFC 1889). This
    operation provi…
    1.3.6.1.4.1.9.9.488 ciscoFirewallTc 0 0 This MIB module defines textual conventions that
    are commonly used in modeling management information
    pertaining to configuration…
    1.3.6.1.4.1.9.9.490 ciscoNetintMIB 3 11 This MIB module is for Network Interrupt information
    on Cisco device.
    1.3.6.1.4.1.9.9.491 ciscoUnifiedFirewallMIB 3 235 Overview of Cisco Firewall MIB
    ==============================
    This MIB Module models status and performance
    statistics pertaining …
    1.3.6.1.4.1.9.9.492 ciscoCefMIB 3 192 Cisco Express Forwarding (CEF) describes a high speed
    switching mechanism that a router uses to forward packets
    from the inbound …
    1.3.6.1.4.1.9.9.493 ciscoCefTextualConventions 0 0 ciscoCeftextualConventions
    1.3.6.1.4.1.9.9.494 ciscoEntityRedunTcMIB 0 0 This module defines the textual conventions used within
    Cisco Entity Redundancy MIBs.
    1.3.6.1.4.1.9.9.495 ciscoPsdClientMIB 3 44 This MIB module manages the client side
    functionality of the Persistent Storage Device(PSD).

    This MIB instrumentation is for conf…
    1.3.6.1.4.1.9.9.497 cGgsnSAMIB 3 247 This MIB module manages the service-aware feature of
    Gateway GPRS Support Node (GGSN).

    This MIB is an enhancement of the CISCO-GG…
    1.3.6.1.4.1.9.9.498 ciscoEntityRedunMIB 3 93 This management information module supports
    configuration, control and monitoring of redundancy
    protection for various kinds of c…
    1.3.6.1.4.1.9.9.500 ciscoStackWiseMIB 3 111 This MIB module contain a collection of managed objects
    that apply to network devices supporting the Cisco
    StackWise(TM) technolo…
    1.3.6.1.4.1.9.9.504 ciscoSwitchMulticastMIB 3 108 This MIB module defines management objects for the
    Multicast Switching features on Cisco Layer 2/3
    devices.

    Definition of some of …
    1.3.6.1.4.1.9.9.505 cpkiMIB 3 44 A networking device may provide several security services
    and protocols like SSL, SSH, IPSec/IKE etc. which need
    identities …
    ...