CISCO-DOT11-SSID-SECURITY-MIB
This MIB module provides network management support for Cisco IEEE 802.11 Wireless LAN devices association and authentication. ACRONYMS AES Advanced Encryption Standard. AP Access point. AID Association IDentifier for wireless stations. BSS IEEE 802.11 Basic Service Set. BSSID Basic SSID, a MAC address. CCKM Cisco Central Key Management. CCMP Code Mode/CBC Mac Protocol. CKIP Cisco per packet key hashing. CMIC Cisco MMH MIC. CRC Cyclic Redundancy Check. DTIM Data Traffic Indication Map EAP Extensible Authentication Protocol. GRE Generic Routing Encapsulation IAPP Inter-Access-Point Protocol. ICV Integrity Check Value. MBSSID Multiple Basic SSID. MIC Message Integrity Check. MMH Multi-Modal Hashing. MMIC Michael MIC. RF Radio Frequency. SSID Radio Service Set Id. SSIDL IE SSID List Information Element STA IEEE 802.11 wireless station. TKIP WPA Temporal Key encryption. VLAN Virtual LAN. WEP Wired Equivalent Privacy. WPA Wi-Fi Protected Access. WPS Wireless Provisioning System. GLOSSARY Access point Transmitter/receiver (transceiver) device that commonly connects and transports data between a wireless network and a wired network. Association The service used to establish access point or station mapping and enable STA invocation of the distribution system services. (Wireless clients attempt to connect to access points.) Basic Service Set The IEEE 802.11 BSS of an AP comprises of the stations directly associating with the AP. Backup VLAN Wireless clients found to be running outdated/ unsupported virus software and not compliant to network admission control guidelines need to be placed on different VLANs than the intended normal VLAN. These VLANs on which the non-compliant clients are placed are termed as Backup VLANs. Backup VLANs are used to quarantine the non-compliant clients running incorrect software till they upgrade their software to the correct version. Bridge Device that connects two or more segments and reduces traffic by analyzing the destination address, filtering the frame, and forwarding the frame to all connected segments. Bridge AP It is an AP that functions as a transparent bridge between 2 wired LAN segments. Broadcast SSID Clients can send out Broadcast SSID Probe Requests to a nearby AP, and the AP will broadcast its own SSID within its beacons to response to clients. Clients can use this Broadcast SSID to associate and communicate with the AP. Extensible Authentication Protocol EAP acts as the interface between a wireless client and an authentication server, such as a RADIUS server, to which the access point communicates over the wired network. IEEE 802.11 Standard to encourage interoperability among wireless networking equipment. IEEE 802.11b High-rate wireless LAN standard for wireless data transfer at up to 11 Mbps. IEEE P802.11g Higher Speed Physical Layer (PHY) Extension to IEEE 802.11b, will boost wireless LAN speed to 54 Mbps by using OFDM (orthogonal frequency division multiplexing). The IEEE 802.11g specification is backward compatible with the widely deployed IEEE 802.11b standard. Inter-Access-Point Protocol The IEEE 802.11 standard does not define how access points track moving users or how to negotiate a handoff from one access point to the next, a process referred to as roaming. IAPP is a Cisco proprietary protocol to support roaming. However, IAPP does not address how the wireless system tracks users moving from one subnet to another. Independent network Network that provides peer-to-peer connectivity without relying on a complete network infrastructure. Information Element Optional wireless network management data element in the beacons and probe responses generated by wireless stations. These elements identify the extended capabilities supported by the stations. Integrity Check Value The WEP ICV shall be a 32-bit value containing the 32-bit cyclic redundancy code designed for verifying wireless data frame integrity. Message Integrity Check A MIC can, optionally, be added to WEP-encrypted 802.11 frames. MIC prevents attacks on encrypted packets. MIC, implemented on both the access point and all associated client devices, adds a few bytes to each packet to make the packets tamper-proof. Multiple BSS-ID An access point radio broadcasts and advertises multiple SSIDs in the beacons. For clients' prospective, it is like there are multiple access points existing in the wireless network. Native VLAN ID A switch port and/or AP can be configured with a 'native VLAN ID'. Untagged or priority-tagged frames are implicitly associated with the native VLAN ID. The default native VLAN ID is '1' if VLAN tagging is enabled. The native VLAN ID is '0' or 'no VLAN ID' if VLAN tagging is not enabled. Non-Root Bridge This wireless bridge does not connect to the main wired LAN segment. It connects to a remote wired LAN segment and can associate with root bridges and other non-root bridges that accept client associations. It also can accept associations from other non-root bridges, repeater access points, and client devices. Primary LAN In an AP, if the destinations of inbound unicast frames are unknown, the frames are sent toward the primary LAN defined on the device. Repeater Device that connects multiple segments, listening to each and regenerating the signal on one to every other connected one; so that the signal can travel further. Repeater or Non-root Access Point The repeater access point is not connected to the wired LAN. The Repeater is a wireless LAN transceiver that transfers data between a client and another access point, another repeater, or between two bridges. The repeater is placed within radio range of an access point connected to the wired LAN, another repeater, or an non-root bridge to extend the range of the infrastructure. Radio Frequency Radio wave and modulation process or operation. Root Access Point This access point connects clients to the main wired LAN. Root (Wireless) Bridge This wireless bridge connects to the main wired LAN. It can communicate with non-root wireless bridges, repeater access points, and client devices but not with another wireless root bridge. Only one wireless bridge in a wireless LAN can be set as the wireless root bridge. Service Set ID SSID is a unique identifier that APs and clients use to identify with each other. SSID is a simple means of access control and is not for security. The SSID can be any alphanumeric entry up to 32 characters. Virtual LAN VLAN defined in the IEEE 802.1Q VLAN standard supports logically segmenting of LAN infrastructure into different subnets or workgroups so that packets are switched only between ports within the same VLAN. VLAN ID Each VLAN is identified by a 12-bit 'VLAN ID'. A VLAN ID of '0' is used to indicate 'no VLAN ID'. Valid VLAN IDs range from '1' to '4095'. VLAN of ID '4095' is the default VLAN for Cisco VoIP Phones. Wired Equivalent Privacy WEP is generally used to refer to 802.11 encryption.