--**********************************************
-- CISCO-LWAPP-WAPI-MIB
-- CISCO Private version for WAPI
-- Sunday, 05-23, 2010 at 00:00:00
--
--Copyright (c) 2010 by Cisco Systems Inc.
--ALL rights reserved
--*********************************************

CISCO-LWAPP-WAPI-MIB DEFINITIONS ::= BEGIN

IMPORTS
	Counter32,
	IpAddress,
    OBJECT-TYPE,
    MODULE-IDENTITY
		FROM SNMPv2-SMI
    MacAddress
		FROM SNMPv2-TC
	cLWlanIndex
		FROM CISCO-LWAPP-WLAN-MIB
	cldcClientMacAddress
		FROM CISCO-LWAPP-DOT11-CLIENT-MIB 
	ciscoMgmt
		FROM CISCO-SMI
    CLSecKeyFormat
        FROM CISCO-LWAPP-TC-MIB
    DisplayString,
    TruthValue
        FROM SNMPv2-TC 
    cLApSysMacAddress
        FROM CISCO-LWAPP-AP-MIB;	

ciscoLwappWapiMIB MODULE-IDENTITY
LAST-UPDATED	"201005230000Z"		-- MAY 23, 2010 at 00:00 GMT
ORGANIZATION	"Cisco Systems, Inc."
CONTACT-INFO
		"Cisco Systems Customer Service
		 Postal: 170 West Tasman Drive
		 San Jose, CA  95134
		 USA
		 Tel: +1 800 553-NETS
		 Email : cs-wnbu-snmp@cisco.com"
DESCRIPTION
		"cisco WiFi Controller Snmp agent support for Wapi.
		WAPI is a Chinese National Standard for Wireless LAN (GB 15629.11-2003)
		GLOSSARY:
		WAPI - WLAN Authentication and Privacy Infrastructures
		WAI  - WLAN Authentication Interface
		WLAN - Wireless Local Area Network
		WPI - Wireless Privacy Interface
		MSK - multicast session key
		AKM - authentication and key management 
		BKID - Base Key IDentification"
REVISION	"201012180000Z"
DESCRIPTION
		"cisco WiFi Controller Snmp agent support for Wapi.
	    WAPI is a Chinese National Standard for Wireless LAN (GB 15629.11-2003)"
    ::= {ciscoMgmt 9997}

ciscoLwappWapiMIBObjects	OBJECT IDENTIFIER ::={ciscoLwappWapiMIB 1}

-- wapiStatsTable
cLWapiWlanStats OBJECT-TYPE
	SYNTAX SEQUENCE OF CiscoWapiWlanStatsEntry
	MAX-ACCESS not-accessible
	STATUS current
	DESCRIPTION
		"This table maintains the WAPI statistics for each WLAN on which WAPI is configured as the security protocol."
	::= {ciscoLwappWapiMIBObjects 1}

cLWapiWlanStatsEntry OBJECT-TYPE
SYNTAX CiscoWapiWlanStatsEntry
	MAX-ACCESS not-accessible
	STATUS current
	DESCRIPTION
		"An entry in the cLWWSW Table"
	INDEX {cLWlanIndex}
	::= {cLWapiWlanStats 1}

CiscoWapiWlanStatsEntry ::=
	SEQUENCE
	{ 
	cLWWSWAISignatureErrors			Counter32,
	cLWWSWAIHMACErrors			Counter32,
	cLWWSWAIAuthResultFailures		Counter32,
	cLWWSWAIDiscardCounters		Counter32,
	cLWWSWAITimeoutCounters		Counter32,
	cLWWSWAIFormatErrors			Counter32,
	cLWWSWAICertHandshakeFailures		Counter32,
	cLWWSWAIUnicastHandshakeFailures	Counter32,
	cLWWSWAIMulticastHandshakeFailures	Counter32,
	cLWWSWPIRXReplayCounters                Counter32,
	cLWWSWPIRXMicErrorCounters    		Counter64,
	cLWWSWPIRXDecryptErrorCounters		Counter64 }
	
cLWWSWAISignatureErrors OBJECT-TYPE
	SYNTAX Counter32
	MAX-ACCESS read-only
	STATUS current
	DESCRIPTION
		"This counter shall increment when the signature in the received WAI message is incorrect"
	::= { cLWapiWlanStatsEntry 1 }

cLWWSWAIHMACErrors OBJECT-TYPE
	SYNTAX Counter32
	MAX-ACCESS read-only
	STATUS current
	DESCRIPTION
		"This counter shall increment when the message authentication code in the received WAI message is  incorrect"
	::= { cLWapiWlanStatsEntry 2 }

cLWWSWAIAuthResultFailures OBJECT-TYPE
	SYNTAX Counter32
	MAX-ACCESS read-only
	STATUS current
	DESCRIPTION
		"This counter shall increment when the WAI authentication is unsuccessful"
	::= { cLWapiWlanStatsEntry 3 }

cLWWSWAIDiscardCounters OBJECT-TYPE
	SYNTAX Counter32
	MAX-ACCESS read-only
	STATUS current
	DESCRIPTION
		"This counter shall increment when the received WAI message is discarded"
	::= { cLWapiWlanStatsEntry 4 }

cLWWSWAITimeoutCounters OBJECT-TYPE
	SYNTAX Counter32
	MAX-ACCESS read-only
	STATUS current
	DESCRIPTION
		"This counter shall increment when the WAI message is timeout"
	::= { cLWapiWlanStatsEntry 5 }

cLWWSWAIFormatErrors OBJECT-TYPE
	SYNTAX Counter32
	MAX-ACCESS read-only
	STATUS current
	DESCRIPTION
		"This counter shall increment when there exists format error in the WAI message"
	::= { cLWapiWlanStatsEntry 6 }

cLWWSWAICertHandshakeFailures OBJECT-TYPE
	SYNTAX Counter32
	MAX-ACCESS read-only
	STATUS current
	DESCRIPTION
		"This counter shall increment when the WAI Certificate Authentication is unsuccessful"
	::= { cLWapiWlanStatsEntry 7 }

cLWWSWAIUnicastHandshakeFailures OBJECT-TYPE
	SYNTAX Counter32
	MAX-ACCESS read-only
	STATUS current
	DESCRIPTION
		"This counter shall increment when the WAI Unicast Key Negotiation is unsuccessful"
	::= { cLWapiWlanStatsEntry 8 }

cLWWSWAIMulticastHandshakeFailures OBJECT-TYPE
	SYNTAX Counter32
	MAX-ACCESS read-only
	STATUS current
	DESCRIPTION
		"This counter shall increment when the WAI Multicast Key Negotiation is unsuccessful"
	::= { cLWapiWlanStatsEntry 9 }

cLWWSWPIRXReplayCounters OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
                "This counter shall increment when the WPI RX replay check is unsuccessful"
        ::= { cLWapiWlanStatsEntry 10 }

cLWWSWPIRXMicErrorCounters OBJECT-TYPE
	SYNTAX Counter64
	MAX-ACCESS read-only
	STATUS current
	DESCRIPTION
		"This counter shall increment when the WPI MIC is error"
	::= { cLWapiWlanStatsEntry 11 }

cLWWSWPIRXDecryptErrorCounters OBJECT-TYPE
	SYNTAX Counter64
	MAX-ACCESS read-only
	STATUS current
	DESCRIPTION
		"This counter shall increment when the WPI Decryption is error"
	::= { cLWapiWlanStatsEntry 12 }

-- wapiClientStatsTable
cLWapiClientStats OBJECT-TYPE
	SYNTAX SEQUENCE OF CiscoWapiClientStatsEntry
	MAX-ACCESS not-accessible
	STATUS current
	DESCRIPTION
		"This table maintains the WAPI statistics for each client connected to a WLAN on which WAPI is configured as the security protocol."
	::= {ciscoLwappWapiMIBObjects 2}

cLWapiClientStatsEntry OBJECT-TYPE
SYNTAX CiscoWapiClientStatsEntry
	MAX-ACCESS not-accessible
	STATUS current
	DESCRIPTION
		"An entry in the cLWapiClientStats Table"
	INDEX {cldcClientMacAddress}
	::= {cLWapiClientStats 1}

CiscoWapiClientStatsEntry ::=
SEQUENCE{ 
    cLWCSWapiClientVersion          Integer32,  			
	cLWCSWAISignatureErrors			Counter32,
	cLWCSWAIHMACErrors		    	Counter32,
	cLWCSWAIAuthResultFailures		Counter32,
	cLWCSWAIDiscardCounters			Counter32,
	cLWCSWAITimeoutCounters			Counter32,
	cLWCSWAIFormatErrors			Counter32,
	cLWCSWAICertHandshakeFailures		Counter32,
	cLWCSWAIUnicastHandshakeFailures	Counter32,
	cLWCSWAIMulticastHandshakeFailures	Counter32,
	cLWCSWAIUnicastCipherSuite              OCTET STRING,
 cLWCSWAIMcastCipherSuite      	        OCTET STRING,
 cLWCSWAIAuthenticationSuiteRequested	OCTET STRING, 
 cLWCSWAIBKIDUsed                    	OCTET STRING,
	cLWCSWAICtrPortState            	    TruthValue }

cLWCSWapiClientVersion OBJECT-TYPE
	SYNTAX Integer32
	MAX-ACCESS read-only
	STATUS current
	DESCRIPTION
		"This object represents the WAPI draft version used by the WAPI client"
	::= { cLWapiClientStatsEntry 1 }

cLWCSWAISignatureErrors OBJECT-TYPE
	SYNTAX Counter32
	MAX-ACCESS read-only
	STATUS current
	DESCRIPTION
		"This counter shall increment when the signature in the received WAI message is incorrect"
	::= { cLWapiClientStatsEntry 2 }

cLWCSWAIHMACErrors OBJECT-TYPE
	SYNTAX Counter32
	MAX-ACCESS read-only
	STATUS current
	DESCRIPTION
		"This counter shall increment when the message authentication code in the received WAI message is  incorrect"
	::= { cLWapiClientStatsEntry 3 }

cLWCSWAIAuthResultFailures OBJECT-TYPE
	SYNTAX Counter32
	MAX-ACCESS read-only
	STATUS current
	DESCRIPTION
		"This counter shall increment when the WAI authentication is unsuccessful"
	::= { cLWapiClientStatsEntry 4 }

cLWCSWAIDiscardCounters OBJECT-TYPE
	SYNTAX Counter32
	MAX-ACCESS read-only
	STATUS current
	DESCRIPTION
		"This counter shall increment when the received WAI message is discarded"
	::= { cLWapiClientStatsEntry 5 }

cLWCSWAITimeoutCounters OBJECT-TYPE
	SYNTAX Counter32
	MAX-ACCESS read-only
	STATUS current
	DESCRIPTION
		"This counter shall increment when the WAI message is timeout"
	::= { cLWapiClientStatsEntry 6 }

cLWCSWAIFormatErrors OBJECT-TYPE
	SYNTAX Counter32
	MAX-ACCESS read-only
	STATUS current
	DESCRIPTION
		"This counter shall increment when there exists format error in the WAI message"
	::= { cLWapiClientStatsEntry 7 }

cLWCSWAICertHandshakeFailures OBJECT-TYPE
	SYNTAX Counter32
	MAX-ACCESS read-only
	STATUS current
	DESCRIPTION
		"This counter shall increment when the WAI Certificate Authentication is unsuccessful"
	::= { cLWapiClientStatsEntry 8 }

cLWCSWAIUnicastHandshakeFailures OBJECT-TYPE
	SYNTAX Counter32
	MAX-ACCESS read-only
	STATUS current
	DESCRIPTION
		"This counter shall increment when the WAI Unicast Key Negotiation is unsuccessful"
	::= { cLWapiClientStatsEntry 9 }

cLWCSWAIMulticastHandshakeFailures OBJECT-TYPE
	SYNTAX Counter32
	MAX-ACCESS read-only
	STATUS current
	DESCRIPTION
		"This counter shall increment when the WAI Multicast Key Negotiation is unsuccessful"
	::= { cLWapiClientStatsEntry 10 }

cLWCSWAIUnicastCipherSuite OBJECT-TYPE
	SYNTAX OCTET STRING (SIZE(4))
	MAX-ACCESS read-only
	STATUS current
	DESCRIPTION
		"This value represents the Client Unicast Cipher Suite in use, of which obtained from Assoc req frame"
	::= { cLWapiClientStatsEntry 11 }

cLWCSWAIMcastCipherSuite OBJECT-TYPE
	SYNTAX OCTET STRING (SIZE(4))
	MAX-ACCESS read-only
	STATUS current
	DESCRIPTION
		"This value represents the Client Multicast Cipher Suite in use, of which obtained from Assoc req frame"
	::= { cLWapiClientStatsEntry 12}

cLWCSWAIAuthenticationSuiteRequested OBJECT-TYPE
	SYNTAX OCTET STRING (SIZE(4))
	MAX-ACCESS read-only
	STATUS current
	DESCRIPTION
        "This object specificies the last AKM suite requested from client.
            0x 00 14 72 01 : cert
            0x 00 14 72 02 : psk  "
	::= { cLWapiClientStatsEntry 13 }

cLWCSWAIBKIDUsed OBJECT-TYPE
    SYNTAX OCTET STRING (SIZE(16))
    MAX-ACCESS read-only
    STATUS current
    DESCRIPTION
        "This value represents the selector of the last BKID used in the last Unicast Key Negotiation Handshake"
    ::= { cLWapiClientStatsEntry 14 }

cLWCSWAICtrPortState OBJECT-TYPE
	SYNTAX TruthValue
	MAX-ACCESS read-only
	STATUS current
	DESCRIPTION
  "This value represents the state of client controlled port entity, 
   true means authenticated, false means not authenticated"
	::= { cLWapiClientStatsEntry 15 }

-- wapiWlanConfigTable
cLWapiWlanConfig OBJECT-TYPE
	SYNTAX SEQUENCE OF CiscoWapiWlanConfigEntry
	MAX-ACCESS not-accessible
	STATUS current
	DESCRIPTION
		"This table maintains the WAPI config entry for the WLAN."
	::= {ciscoLwappWapiMIBObjects 3}

cLWapiWlanConfigEntrty OBJECT-TYPE
SYNTAX CiscoWapiWlanConfigEntry
	MAX-ACCESS not-accessible
	STATUS current
	DESCRIPTION
		"An entry in the cLWapiWlanConfig Table"
	INDEX {cLWlanIndex}
	::= {cLWapiWlanConfig 1}

CiscoWapiWlanConfigEntry ::=
SEQUENCE{
    cLWCSWlanWapiEnable                         TruthValue,
    cLWCSWlanWapiAkmKeyMgmtMode                 INTEGER,
    cLWCSWlanWapiEncryptType                    BITS,
    cLWCSWlanWapiPskFmt                         CLSecKeyFormat,
    cLWCSWlanWapiPsk                            OCTET STRING,
    cLWCSWlanWapiConfigUnicasCiphersEntry       OCTET STRING,
    cLWCSWlanWapiConfigUnicastCipherSize        Unsigned32,
    cLWCSWlanWapiMcastCipherSize                Unsigned32,
    cLWCSWlanBKLifeTime                         Unsigned32,
    cLWCSWlanBKReauthThreshold                  Unsigned32,
    cLWCSWlanWapiConfigMulticastCipher          OCTET STRING,
    cLWCSWlanWapiAuthenticationSuiteSelected    OCTET STRING,
    cLWCSWlanWapiUnicastCipherSelected          OCTET STRING,
    cLWCSWlanWapiMulticastCipherSelected        OCTET STRING,
    cLWCSWlanWapiPreauthenticationState         TruthValue}

cLWCSWlanWapiEnable OBJECT-TYPE
	SYNTAX TruthValue
	MAX-ACCESS read-write
	STATUS current
	DESCRIPTION
		"This object is used to enable the WAPI security on the WLAN."
	::= { cLWapiWlanConfigEntrty 1 }

cLWCSWlanWapiAkmKeyMgmtMode OBJECT-TYPE
	SYNTAX INTEGER {
                 invalid(0),
                 cert (1),
                 psk  (2) }
	MAX-ACCESS read-write
	STATUS current
	DESCRIPTION
		"This object is used to enable the AKM type to be used for the WAPI WLAN."
	::= { cLWapiWlanConfigEntrty 2 }

cLWCSWlanWapiEncryptType OBJECT-TYPE
	SYNTAX BITS {
                sms4 (0) }
	MAX-ACCESS read-write
	STATUS current
	DESCRIPTION
		"This object is used to enable the encryption type for WAPI WLAN."
	::= { cLWapiWlanConfigEntrty 3 }

cLWCSWlanWapiPskFmt OBJECT-TYPE
	SYNTAX     CLSecKeyFormat
	MAX-ACCESS read-write
	STATUS     current
	DESCRIPTION
                "This object indicates the type of the authentication preshared key 
                configured through the object cLWCSWlanWapiPskSetkey.                
                Note that the key configuration is applicable only when psk is configured 
                as the key management mechanism through the cLWCSWlanWapiAkmKeyMgmtMode object." 
        DEFVAL { default }
        ::= { cLWapiWlanConfigEntrty 4 }

cLWCSWlanWapiPsk OBJECT-TYPE
    SYNTAX      OCTET STRING(SIZE(8..80))
	MAX-ACCESS  read-write
	STATUS      current
	DESCRIPTION
		"This object is used to configure the Pre-Shared Key for WAI PSK authentication for the WLAN.
         The key can be in ASCII or HEX format.
         'ascii'  8-40 characters
         'hex'    4-40 octets. "
	::= { cLWapiWlanConfigEntrty 5 }

cLWCSWlanWapiConfigUnicasCiphersEntry OBJECT-TYPE
    SYNTAX      OCTET STRING(SIZE(4))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The selector of a supported unicast cipher suite. It consists of an OUI (the first 3 octets)
        and a cipher suite identifier (the last octet)."
    ::= { cLWapiWlanConfigEntrty 6 }

cLWCSWlanWapiConfigUnicastCipherSize OBJECT-TYPE
        SYNTAX  Unsigned32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "This object indicates the length in bit of the USK. This should be 256 for SMS4.
            The first 128bits is the UEK and the last 128bits is the UCK."
        ::= { cLWapiWlanConfigEntrty 7 }

cLWCSWlanWapiMcastCipherSize OBJECT-TYPE
         SYNTAX  Unsigned32
         MAX-ACCESS read-only
         STATUS current
         DESCRIPTION
                 "This object indicates the length in bit of the MSK. This should be 256 for in SMS4.
                  The first 128bits is the MEK and the last 128bits is the MCK."
         ::= { cLWapiWlanConfigEntrty 8 }

cLWCSWlanBKLifeTime OBJECT-TYPE
        SYNTAX Unsigned32
        UNITS "seconds"
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
                "This object is used to configure the maximum lifetime of a BK in the BK cache."
    DEFVAL {43200}
        ::= { cLWapiWlanConfigEntrty 9 }

cLWCSWlanBKReauthThreshold OBJECT-TYPE
        SYNTAX Unsigned32
        UNITS "percentage"
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
                "This object is used to configure the percentage of the BK lifetime that should expire before a WAI reauthentication occurs."
    DEFVAL {70}
        ::= { cLWapiWlanConfigEntrty 10  }

cLWCSWlanWapiConfigMulticastCipher OBJECT-TYPE
    SYNTAX      OCTET STRING(SIZE(4))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
                "This object indicates the multicast cipher suite that this entity must adopt. The WAPI Parameter
                Set information element shall adopt the value of this variable, which contains a 3-octet OUI and
                a one-octet cipher suite identifier."
        ::= { cLWapiWlanConfigEntrty 11 }

cLWCSWlanWapiAuthenticationSuiteSelected OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE(4))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
            "This object represents the selector of the last AKM suite negotiated."
        ::= { cLWapiWlanConfigEntrty 12 }

cLWCSWlanWapiUnicastCipherSelected OBJECT-TYPE
    SYNTAX      OCTET STRING(SIZE(4))
    MAX-ACCESS  read-only 
    STATUS      current
    DESCRIPTION
                "This object indicates the selector of the last unicast cipher suite negotiated."
        ::= { cLWapiWlanConfigEntrty 13 }

cLWCSWlanWapiMulticastCipherSelected OBJECT-TYPE
    SYNTAX      OCTET STRING(SIZE(4))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
                "This object indicates the selector of the last multicast cipher suite negotiated."
        ::= { cLWapiWlanConfigEntrty 14 }

cLWCSWlanWapiPreauthenticationState OBJECT-TYPE
    SYNTAX TruthValue 
    MAX-ACCESS read-only
    STATUS current
    DESCRIPTION
        "This object represents the state of Preauthentication
         in WAPI and currently it is not supported."
    ::= { cLWapiWlanConfigEntrty 15 }		 

-- wapiAPTable
cLWapiAPTable OBJECT-TYPE
    SYNTAX SEQUENCE OF CiscoWapiAPEntry
    MAX-ACCESS not-accessible
    STATUS current
    DESCRIPTION
         "This table maintains the WAPI details and 
          configurations for each AP connected."
    ::= {ciscoLwappWapiMIBObjects 4}

cLWapiAPEntry OBJECT-TYPE
SYNTAX CiscoWapiAPEntry
    MAX-ACCESS not-accessible
    STATUS current
    DESCRIPTION
         "An entry in the cLWapiAPTable Table."
    INDEX {cLApSysMacAddress}
    ::= {cLWapiAPTable 1}

CiscoWapiAPEntry ::=
SEQUENCE{
          cLWCSWapiAPMaxUnicastKeysSupport          Integer32 } 

cLWCSWapiAPMaxUnicastKeysSupport OBJECT-TYPE
    SYNTAX Integer32
    MAX-ACCESS read-only
    STATUS current
    DESCRIPTION
         "This object represents the maximum number of USK's that an AP can support."
    ::= { cLWapiAPEntry 1 }

-- wapiWlanAuthenticationSuitesConfigTable
cLWapiWlanAKMSuitesConfigTable OBJECT-TYPE
	SYNTAX SEQUENCE OF CiscoWapiAuthenticationConfigEntry
	MAX-ACCESS not-accessible
	STATUS current
	DESCRIPTION
		"This table maintains the WAPI config entry for the WLAN."
	::= {ciscoLwappWapiMIBObjects 5}

cLWapiWlanAKMSuitesConfigEntry OBJECT-TYPE
SYNTAX CiscoWapiAuthenticationConfigEntry
	MAX-ACCESS not-accessible
	STATUS current
	DESCRIPTION
		"An entry in the cLWapiWlanAKMSuitesConfig Table"
	INDEX {cLWlanIndex, cLWCSWlanWapiAuthenticationSuiteIndex}
	::= {cLWapiWlanAKMSuitesConfigTable 1}

CiscoWapiAuthenticationConfigEntry ::=
SEQUENCE{
    cLWCSWlanWapiAuthenticationSuiteIndex           INTEGER,
    cLWCSWlanWapiAuthenticationSuite                OCTET STRING, 
    cLWCSWlanWapiAuthenticationSuiteEnable          TruthValue }

cLWCSWlanWapiAuthenticationSuiteIndex OBJECT-TYPE
	SYNTAX INTEGER {
                 cert (1),
                 psk  (2) }
	MAX-ACCESS not-accessible
	STATUS current
	DESCRIPTION
		"This object is used to a index for AKM suites on the WLAN."
	::= { cLWapiWlanAKMSuitesConfigEntry 1 }

cLWCSWlanWapiAuthenticationSuite OBJECT-TYPE
	SYNTAX OCTET STRING(SIZE(4))
	MAX-ACCESS read-only
	STATUS current
	DESCRIPTION
		"This object is used to indicate the AKM suite octects on the WLAN."
	::= { cLWapiWlanAKMSuitesConfigEntry 2 }

cLWCSWlanWapiAuthenticationSuiteEnable OBJECT-TYPE
	SYNTAX TruthValue
	MAX-ACCESS read-write
	STATUS current
	DESCRIPTION
		"This object is used to enable the AKM suites on the WLAN."
	::= { cLWapiWlanAKMSuitesConfigEntry 3 }

-- wapiCipherstable
cLWapiCiphers OBJECT-TYPE
       SYNTAX SEQUENCE OF CiscoWapiCiphersEntry 
       MAX-ACCESS not-accessible
       STATUS current
       DESCRIPTION
              "This table maintains the unicast cipher suites supported by this entity.
              It allows enabling and disabling of each unicast cipher suite by network management.
              The unicast cipher suite list in the WAPI Parameter Set information 
              element is formed using the information in this table."
       ::= {ciscoLwappWapiMIBObjects 6 } 

cLWapiCiphersEntry OBJECT-TYPE
        SYNTAX CiscoWapiCiphersEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "An entry in the cLWapiCiphers Table."
        INDEX { cLWlanIndex, cLWCSWlanCipherIndex }
        ::= { cLWapiCiphers 1 }

CiscoWapiCiphersEntry ::=
        SEQUENCE {
            cLWCSWlanCipherIndex Unsigned32,
            cLWCSWlanCipherEnabled TruthValue
        }

cLWCSWlanCipherIndex OBJECT-TYPE
        SYNTAX Unsigned32 
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "This object represents auxiliary index of the CiscoWapiCiphersEntry."
        ::= { cLWapiCiphersEntry 1 }

cLWCSWlanCipherEnabled OBJECT-TYPE
        SYNTAX TruthValue
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "This object represents enables or disables the unicast cipher."
        ::= { cLWapiCiphersEntry 2 }

ciscoLwappWapiConfig		OBJECT IDENTIFIER ::={ciscoLwappWapiMIB 2}

clWapiASIpAddress OBJECT-TYPE
        SYNTAX IpAddress
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
                "This object represents the IP address of the WAPI authentication server."
        ::= { ciscoLwappWapiConfig 1 }

clWapiASPortNumber OBJECT-TYPE
        SYNTAX Integer32
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
                "This object represents the UDP port number for WAPI authentication server."
        ::= { ciscoLwappWapiConfig 2 }

clWapiASRequestTimeout OBJECT-TYPE
        SYNTAX Integer32
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
                "This object represents timeout value for the packets sent to Auth Server."
        ::= { ciscoLwappWapiConfig 3 }


clWapiMulticastRekeyMethod OBJECT-TYPE
        SYNTAX INTEGER {
			disabled(1),
			timeBased(2),
			messageBased(3),
			timemessageBased(4)
		       }
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
                "This object selects a mechanism for rekeying the WAPI MSK. The default is time-based, once per day. Rekeying the MSK is only applicable to an entry acting in the AE role."
	DEFVAL {timeBased}
        ::= { ciscoLwappWapiConfig 4 }

clWapiMulticastRekeyTime OBJECT-TYPE
        SYNTAX Unsigned32
	UNITS "seconds" 
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
                "This object represents the time in seconds after which the WAPI MSK will be refreshed. The timer will start the moment the MSK was set using the MLME-SETWPIKEYS request primitive."
	DEFVAL {86400}
        ::= { ciscoLwappWapiConfig 5 }

clWapiMulticastRekeyMessages OBJECT-TYPE
        SYNTAX Unsigned32
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
                "This object represents the message count in thousands after which the WAPI MSK will be refreshed. The message counter will start the moment the MSK was set using the MLME-SETWPIKEYS request primitive."
        ::= { ciscoLwappWapiConfig 6 }

clWapiMulticastRekeyStrict OBJECT-TYPE
        SYNTAX TruthValue 
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
                "This object signals that the MSK shall be refreshed whenever a STA leaves the BSS that possesses the MSK."
        ::= { ciscoLwappWapiConfig 7 }

clWapiConfigCertificateUpdateCount OBJECT-TYPE
        SYNTAX Unsigned32
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
                "This object represents the number of times messages in the WAPI hhandshake protocol will be retried per certificate handshake attempt."
	DEFVAL {3}
        ::= { ciscoLwappWapiConfig 8 }

clWapiConfigMulticastUpdateCount OBJECT-TYPE
        SYNTAX Unsigned32
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
                "This object represents the number of times  message 1 in the WAPI muticast key announcement handshake will be retried per MSK handshake attempt." 
	DEFVAL {3}
        ::= { ciscoLwappWapiConfig 9 }

clWapiConfigUnicastUpdateCount OBJECT-TYPE
        SYNTAX Unsigned32
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
                "This object represents the number of times  message 1 and message 3 in the WAPI unicast key announcement handshake will be retried per USK handshake attempt." 
	DEFVAL {3}
        ::= { ciscoLwappWapiConfig 10 }

cLWCSWapiConfigureVersion OBJECT-TYPE
        SYNTAX Integer32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
             "This object represents the WAPI configuration version"
        ::= { ciscoLwappWapiConfig 11 }	 		 

clWapiConfigControlledPortControl OBJECT-TYPE
        SYNTAX INTEGER {
                        auto(0)
                       }
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
             "This object indicates the value of the Controlled
              port. If the value is 0 which means automatic, the 
              current behaviour. The state of the controlled port
              shall be based on the result of authentication."
        ::= { ciscoLwappWapiConfig 12 }			 

clWapiUserInvalidCertificationInbreakNetwork OBJECT-TYPE
        SYNTAX      DisplayString
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "This object represents the WAPI user with
             invalid certification."
        ::= { ciscoLwappWapiConfig 13 }			 

cLApWAPISecurityLowAttack OBJECT-TYPE
    SYNTAX      DisplayString
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "This object represents the WAPI security low attack notification
        information."
        ::= { ciscoLwappWapiConfig 14 }
    	
clWapiUnicastRekeyMethod OBJECT-TYPE
    SYNTAX INTEGER {
                    disabled(1),
                    timeBased(2),
                    messageBased(3),
                    timeMessageBased(4)
                   }
    MAX-ACCESS read-write
    STATUS current
    DESCRIPTION
         "This object selects a mechanism for rekeying the WAPI USK.
          The default is time-based, once per day. Rekeying the USK
          is only applicable to an entry acting in the AE role.
          Method 1 (disabled) will temporarily stop the unicast rekeying"
    DEFVAL {timeBased}
    ::= { ciscoLwappWapiConfig 15 }       

clWapiUnicastRekeyTime OBJECT-TYPE
    SYNTAX Unsigned32
    UNITS "seconds"
    MAX-ACCESS read-write
    STATUS current
    DESCRIPTION
         "This object represents the time in seconds after which the
          WAPI USK will be refreshed. The timer will start the
          moment the USK was set using the MLME-SETWPIKEYS
          request primitive." 
    DEFVAL {86400}
    ::= { ciscoLwappWapiConfig 16 }

clWapiUnicastRekeyMessage OBJECT-TYPE
    SYNTAX Unsigned32
    UNITS  "1000 messages"
    MAX-ACCESS read-write
    STATUS current
    DESCRIPTION
         "This object represents the message count in thousands
          after which the WAPI USK will be refreshed.
          The message counter will start the moment the USK was set
          using the MLME-SETWPIKEYS request primitive. This MIB will be
          configurable od of TIME or TIME&PACKET"
    ::= { ciscoLwappWapiConfig 17 }

clWapiConfigSATimeout OBJECT-TYPE
    SYNTAX      Unsigned32
    UNITS       "seconds"
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object represents the maximum time a security association shall take to set up."
    DEFVAL {60}
    ::= { ciscoLwappWapiConfig 18 }

cLApWAPIReplayAttack OBJECT-TYPE
    SYNTAX      DisplayString
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "This object represents the WAPI replay attack notification information."
    ::= { ciscoLwappWapiConfig 19 }

cLApWAPITamperAttack OBJECT-TYPE
    SYNTAX      DisplayString
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "This object represents the WAPI tamper attack notification information."
    ::= { ciscoLwappWapiConfig 20 }

clWapiAddressRedirectAttack OBJECT-TYPE
        SYNTAX DisplayString
        MAX-ACCESS  read-only
        STATUS current
        DESCRIPTION
            "This object represents the WAPI redirect attack notification information."
    ::= { ciscoLwappWapiConfig 21}

ciscoLwappWapiCertificateObjects        OBJECT IDENTIFIER ::={ciscoLwappWapiMIB 3}

clWapiWLCCertificateStatus OBJECT-TYPE
        SYNTAX TruthValue
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
             "This object represents the installation
              state of WLC Certificate. True means the WLC certificate
              is installed. False means it is uninstalled."
        ::= { ciscoLwappWapiCertificateObjects 1 }

clWapiCACertificateStatus OBJECT-TYPE
        SYNTAX TruthValue
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "This object represents the installation
             state of Certificate Authority Certificate. True means the CA certificate
             is installed. False means it is uninstalled"
        ::= { ciscoLwappWapiCertificateObjects 2 }

clWapiASCertificateStatus OBJECT-TYPE
        SYNTAX TruthValue
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "This object represents the installation
             state of Auth Server Certificate. True means the AS certificate
             is installed. False means it is uninstalled."
        ::= { ciscoLwappWapiCertificateObjects 3 }

ciscoLwappWapiMIBNotifObjects OBJECT IDENTIFIER ::={ciscoLwappWapiMIB 4}

--********************************************************************
-- *  Notifications
--********************************************************************
ciscoLwappWapiUserInvalidCertificateNetworkTrap NOTIFICATION-TYPE
        OBJECTS {
                  clWapiUserInvalidCertificationInbreakNetwork
                }
        STATUS      current
        DESCRIPTION
            "This notification will be sent when the WAPI
        	 Client is installed with invalid certificates."
        ::= {ciscoLwappWapiMIBNotifObjects 1 }	 		 

ciscoLwappWapiSecurityLowAttackTrap NOTIFICATION-TYPE
    OBJECTS {
                cLApWAPISecurityLowAttack
            }
    STATUS      current
    DESCRIPTION
        "This notification will be sent when AP received a fake Unicast Key
        Negotiation Response frame of which the WIE_AUSE is different with that
        of AP sent before."
    ::= {ciscoLwappWapiMIBNotifObjects 2 }

ciscoLwappWapiReplayAttackTrap NOTIFICATION-TYPE
    OBJECTS {
                cLApWAPIReplayAttack
            }
    STATUS      current
    DESCRIPTION
        "This notification will be sent when AP received an AE challenge is different with that of AP received before."
    ::= {ciscoLwappWapiMIBNotifObjects 3 }

ciscoLwappWapiTamperAttackTrap NOTIFICATION-TYPE
    OBJECTS {
                cLApWAPITamperAttack
            }
    STATUS      current
    DESCRIPTION
        "This notification will be sent when AP received an invaild Message Authentication Code."
    ::= {ciscoLwappWapiMIBNotifObjects 4 }

ciscoLwappWapiAddressRedirectAttackTrap NOTIFICATION-TYPE
       OBJECTS {
                   clWapiAddressRedirectAttack
               }
       STATUS      current
       DESCRIPTION
            "This notification will be sent when AP received an address redirect attack trap.
            Radio interface information (MAC), BSSID, SSID, Mac of station"
       ::= {ciscoLwappWapiMIBNotifObjects 5 }

END
