WCWP/4/CAPWAP_SECURITY_PARA_NOTSET:OID [oid] CAPWAP security parameters are not set. (Parameter=[STRING])
The CAPWAP security parameters are not set.
| Alarm ID | Alarm Severity | Alarm Type |
|---|---|---|
1.3.6.1.4.1.2011.6.139.9.5.1.7 |
Warning |
securityServiceOrMechanismViolation (10) |
| Name | Meaning |
|---|---|
OID |
Indicates the ID of a MIB object. |
Parameter |
Indicates the CAPWAP security parameters. undo capwap dtls no-auth enable: The function of establishing CAPWAP DTLS sessions in none authentication mode is disabled. capwap dtls cert-mandatory-match disable: The function of establishing CAPWAP DTLS sessions through the preset certificate is disabled. |
If the function of establishing CAPWAP DTLS sessions in none authentication mode is enabled (using the capwap dtls no-auth enable command), new APs are allowed to set up CAPWAP links with the AC, which poses security risks.
If the function of establishing CAPWAP DTLS sessions through the preset certificate is enabled (using the undo capwap dtls cert-mandatory-match disable command), new APs can use the preset certificate for DTLS authentication and then set up CAPWAP links with the AC, which poses security risks.
In CAPWAP DTLS authentication scenarios, the function of establishing CAPWAP DTLS sessions in none authentication mode or through the preset certificate may be enabled during AP deployment or capacity expansion. If the enabled function is not disabled after 1 hour, this alarm is triggered.