Network Working Group P. Calhoun, Ed.
Request for Comments: 5415 Cisco Systems, Inc.
Category: Standards Track M. Montemurro, Ed.
Research In Motion
D. Stanley, Ed.
Aruba Networks
March 2009
Control And Provisioning of Wireless Access Points (CAPWAP)
Protocol Specification
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
This document may contain material from IETF Documents or IETF
Contributions published or made publicly available before November
10, 2008. The person(s) controlling the copyright in some of this
material may not have granted the IETF Trust the right to allow
modifications of such material outside the IETF Standards Process.
Without obtaining an adequate license from the person(s) controlling
the copyright in such materials, this document may not be modified
outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other
than English.
Calhoun, et al. Standards Track [Page 1]
RFC 5415 CAPWAP Protocol Specification March 2009
Abstract
This specification defines the Control And Provisioning of Wireless
Access Points (CAPWAP) Protocol, meeting the objectives defined by
the CAPWAP Working Group in RFC 4564. The CAPWAP protocol is
designed to be flexible, allowing it to be used for a variety of
wireless technologies. This document describes the base CAPWAP
protocol, while separate binding extensions will enable its use with
additional wireless technologies.
Table of Contents
1. Introduction ....................................................7
1.1. Goals ......................................................8
1.2. Conventions Used in This Document ..........................9
1.3. Contributing Authors .......................................9
1.4. Terminology ...............................................10
2. Protocol Overview ..............................................11
2.1. Wireless Binding Definition ...............................12
2.2. CAPWAP Session Establishment Overview .....................13
2.3. CAPWAP State Machine Definition ...........................15
2.3.1. CAPWAP Protocol State Transitions ..................17
2.3.2. CAPWAP/DTLS Interface ..............................31
2.4. Use of DTLS in the CAPWAP Protocol ........................33
2.4.1. DTLS Handshake Processing ..........................33
2.4.2. DTLS Session Establishment .........................35
2.4.3. DTLS Error Handling ................................35
2.4.4. DTLS Endpoint Authentication and Authorization .....36
3. CAPWAP Transport ...............................................40
3.1. UDP Transport .............................................40
3.2. UDP-Lite Transport ........................................41
3.3. AC Discovery ..............................................41
3.4. Fragmentation/Reassembly ..................................42
3.5. MTU Discovery .............................................43
4. CAPWAP Packet Formats ..........................................43
4.1. CAPWAP Preamble ...........................................46
4.2. CAPWAP DTLS Header ........................................46
4.3. CAPWAP Header .............................................47
4.4. CAPWAP Data Messages ......................................50
4.4.1. CAPWAP Data Channel Keep-Alive .....................51
4.4.2. Data Payload .......................................52
4.4.3. Establishment of a DTLS Data Channel ...............52
4.5. CAPWAP Control Messages ...................................52
4.5.1. Control Message Format .............................53
4.5.2. Quality of Service .................................56
4.5.3. Retransmissions ....................................57
4.6. CAPWAP Protocol Message Elements ..........................58
4.6.1. AC Descriptor ......................................61
Calhoun, et al. Standards Track [Page 2]
RFC 5415 CAPWAP Protocol Specification March 2009
4.6.2. AC IPv4 List .......................................64
4.6.3. AC IPv6 List .......................................64
4.6.4. AC Name ............................................65
4.6.5. AC Name with Priority ..............................65
4.6.6. AC Timestamp .......................................66
4.6.7. Add MAC ACL Entry ..................................66
4.6.8. Add Station ........................................67
4.6.9. CAPWAP Control IPv4 Address ........................68
4.6.10. CAPWAP Control IPv6 Address .......................68
4.6.11. CAPWAP Local IPv4 Address .........................69
4.6.12. CAPWAP Local IPv6 Address .........................69
4.6.13. CAPWAP Timers .....................................70
4.6.14. CAPWAP Transport Protocol .........................71
4.6.15. Data Transfer Data ................................72
4.6.16. Data Transfer Mode ................................73
4.6.17. Decryption Error Report ...........................73
4.6.18. Decryption Error Report Period ....................74
4.6.19. Delete MAC ACL Entry ..............................74
4.6.20. Delete Station ....................................75
4.6.21. Discovery Type ....................................75
4.6.22. Duplicate IPv4 Address ............................76
4.6.23. Duplicate IPv6 Address ............................77
4.6.24. Idle Timeout ......................................78
4.6.25. ECN Support .......................................78
4.6.26. Image Data ........................................79
4.6.27. Image Identifier ..................................79
4.6.28. Image Information .................................80
4.6.29. Initiate Download .................................81
4.6.30. Location Data .....................................81
4.6.31. Maximum Message Length ............................81
4.6.32. MTU Discovery Padding .............................82
4.6.33. Radio Administrative State ........................82
4.6.34. Radio Operational State ...........................83
4.6.35. Result Code .......................................84
4.6.36. Returned Message Element ..........................85
4.6.37. Session ID ........................................86
4.6.38. Statistics Timer ..................................87
4.6.39. Vendor Specific Payload ...........................87
4.6.40. WTP Board Data ....................................88
4.6.41. WTP Descriptor ....................................89
4.6.42. WTP Fallback ......................................92
4.6.43. WTP Frame Tunnel Mode .............................92
4.6.44. WTP MAC Type ......................................93
4.6.45. WTP Name ..........................................94
4.6.46. WTP Radio Statistics ..............................94
4.6.47. WTP Reboot Statistics .............................96
4.6.48. WTP Static IP Address Information .................97
4.7. CAPWAP Protocol Timers ....................................98
Calhoun, et al. Standards Track [Page 3]
RFC 5415 CAPWAP Protocol Specification March 2009
4.7.1. ChangeStatePendingTimer ............................98
4.7.2. DataChannelKeepAlive ...............................98
4.7.3. DataChannelDeadInterval ............................99
4.7.4. DataCheckTimer .....................................99
4.7.5. DiscoveryInterval ..................................99
4.7.6. DTLSSessionDelete ..................................99
4.7.7. EchoInterval .......................................99
4.7.8. IdleTimeout ........................................99
4.7.9. ImageDataStartTimer ...............................100
4.7.10. MaxDiscoveryInterval .............................100
4.7.11. ReportInterval ...................................100
4.7.12. RetransmitInterval ...............................100
4.7.13. SilentInterval ...................................100
4.7.14. StatisticsTimer ..................................100
4.7.15. WaitDTLS .........................................101
4.7.16. WaitJoin .........................................101
4.8. CAPWAP Protocol Variables ................................101
4.8.1. AdminState ........................................101
4.8.2. DiscoveryCount ....................................101
4.8.3. FailedDTLSAuthFailCount ...........................101
4.8.4. FailedDTLSSessionCount ............................101
4.8.5. MaxDiscoveries ....................................102
4.8.6. MaxFailedDTLSSessionRetry .........................102
4.8.7. MaxRetransmit .....................................102
4.8.8. RetransmitCount ...................................102
4.8.9. WTPFallBack .......................................102
4.9. WTP Saved Variables ......................................102
4.9.1. AdminRebootCount ..................................102
4.9.2. FrameEncapType ....................................102
4.9.3. LastRebootReason ..................................103
4.9.4. MacType ...........................................103
4.9.5. PreferredACs ......................................103
4.9.6. RebootCount .......................................103
4.9.7. Static IP Address .................................103
4.9.8. WTPLinkFailureCount ...............................103
4.9.9. WTPLocation .......................................103
4.9.10. WTPName ..........................................103
5. CAPWAP Discovery Operations ...................................103
5.1. Discovery Request Message ................................103
5.2. Discovery Response Message ...............................105
5.3. Primary Discovery Request Message ........................106
5.4. Primary Discovery Response ...............................107
6. CAPWAP Join Operations ........................................108
6.1. Join Request .............................................108
6.2. Join Response ............................................110
7. Control Channel Management ....................................111
7.1. Echo Request .............................................111
7.2. Echo Response ............................................112
Calhoun, et al. Standards Track [Page 4]
RFC 5415 CAPWAP Protocol Specification March 2009
8. WTP Configuration Management ..................................112
8.1. Configuration Consistency ................................112
8.1.1. Configuration Flexibility .........................113
8.2. Configuration Status Request .............................114
8.3. Configuration Status Response ............................115
8.4. Configuration Update Request .............................116
8.5. Configuration Update Response ............................117
8.6. Change State Event Request ...............................117
8.7. Change State Event Response ..............................118
8.8. Clear Configuration Request ..............................119
8.9. Clear Configuration Response .............................119
9. Device Management Operations ..................................120
9.1. Firmware Management ......................................120
9.1.1. Image Data Request ................................124
9.1.2. Image Data Response ...............................125
9.2. Reset Request ............................................126
9.3. Reset Response ...........................................127
9.4. WTP Event Request ........................................127
9.5. WTP Event Response .......................................128
9.6. Data Transfer ............................................128
9.6.1. Data Transfer Request .............................130
9.6.2. Data Transfer Response ............................131
10. Station Session Management ...................................131
10.1. Station Configuration Request ...........................131
10.2. Station Configuration Response ..........................132
11. NAT Considerations ...........................................132
12. Security Considerations ......................................134
12.1. CAPWAP Security .........................................134
12.1.1. Converting Protected Data into Unprotected Data ..135
12.1.2. Converting Unprotected Data into
Protected Data (Insertion) .......................135
12.1.3. Deletion of Protected Records ....................135
12.1.4. Insertion of Unprotected Records .................135
12.1.5. Use of MD5 .......................................136
12.1.6. CAPWAP Fragmentation .............................136
12.2. Session ID Security .....................................136
12.3. Discovery or DTLS Setup Attacks .........................137
12.4. Interference with a DTLS Session ........................137
12.5. CAPWAP Pre-Provisioning .................................138
12.6. Use of Pre-Shared Keys in CAPWAP ........................139
12.7. Use of Certificates in CAPWAP ...........................140
12.8. Use of MAC Address in CN Field ..........................140
12.9. AAA Security ............................................141
12.10. WTP Firmware ...........................................141
13. Operational Considerations ...................................141
14. Transport Considerations .....................................142
15. IANA Considerations ..........................................143
15.1. IPv4 Multicast Address ..................................143
Calhoun, et al. Standards Track [Page 5]
RFC 5415 CAPWAP Protocol Specification March 2009
15.2. IPv6 Multicast Address ..................................144
15.3. UDP Port ................................................144
15.4. CAPWAP Message Types ....................................144
15.5. CAPWAP Header Flags .....................................144
15.6. CAPWAP Control Message Flags ............................145
15.7. CAPWAP Message Element Type .............................145
15.8. CAPWAP Wireless Binding Identifiers .....................145
15.9. AC Security Types .......................................146
15.10. AC DTLS Policy .........................................146
15.11. AC Information Type ....................................146
15.12. CAPWAP Transport Protocol Types ........................146
15.13. Data Transfer Type .....................................147
15.14. Data Transfer Mode .....................................147
15.15. Discovery Types ........................................147
15.16. ECN Support ............................................148
15.17. Radio Admin State ......................................148
15.18. Radio Operational State ................................148
15.19. Radio Failure Causes ...................................148
15.20. Result Code ............................................149
15.21. Returned Message Element Reason ........................149
15.22. WTP Board Data Type ....................................149
15.23. WTP Descriptor Type ....................................149
15.24. WTP Fallback Mode ......................................150
15.25. WTP Frame Tunnel Mode ..................................150
15.26. WTP MAC Type ...........................................150
15.27. WTP Radio Stats Failure Type ...........................151
15.28. WTP Reboot Stats Failure Type ..........................151
16. Acknowledgments ..............................................151
17. References ...................................................151
17.1. Normative References ....................................151
17.2. Informative References ..................................153
Calhoun, et al. Standards Track [Page 6]
RFC 5415 CAPWAP Protocol Specification March 2009
1. Introduction
This document describes the CAPWAP protocol, a standard,
interoperable protocol that enables an Access Controller (AC) to
manage a collection of Wireless Termination Points (WTPs). The
CAPWAP protocol is defined to be independent of Layer 2 (L2)
technology, and meets the objectives in "Objectives for Control and
Provisioning of Wireless Access Points (CAPWAP)" [RFC4564].
The emergence of centralized IEEE 802.11 Wireless Local Area Network
(WLAN) architectures, in which simple IEEE 802.11 WTPs are managed by
an Access Controller (AC), suggested that a standards-based,
interoperable protocol could radically simplify the deployment and
management of wireless networks. WTPs require a set of dynamic
management and control functions related to their primary task of
connecting the wireless and wired mediums. Traditional protocols for
managing WTPs are either manual static configuration via HTTP,
proprietary Layer 2-specific or non-existent (if the WTPs are self-
contained). An IEEE 802.11 binding is defined in [RFC5416] to
support use of the CAPWAP protocol with IEEE 802.11 WLAN networks.
CAPWAP assumes a network configuration consisting of multiple WTPs
communicating via the Internet Protocol (IP) to an AC. WTPs are
viewed as remote radio frequency (RF) interfaces controlled by the
AC. The CAPWAP protocol supports two modes of operation: Split and
Local MAC (medium access control). In Split MAC mode, all L2
wireless data and management frames are encapsulated via the CAPWAP
protocol and exchanged between the AC and the WTP. As shown in
Figure 1, the wireless frames received from a mobile device, which is
referred to in this specification as a Station (STA), are directly
encapsulated by the WTP and forwarded to the AC.
+-+ wireless frames +-+
| |--------------------------------| |
| | +-+ | |
| |--------------| |---------------| |
| |wireless PHY/ | | CAPWAP | |
| | MAC sublayer | | | |
+-+ +-+ +-+
STA WTP AC
Figure 1: Representative CAPWAP Architecture for Split MAC
The Local MAC mode of operation allows for the data frames to be
either locally bridged or tunneled as 802.3 frames. The latter
implies that the WTP performs the 802.11 Integration function. In
either case, the L2 wireless management frames are processed locally
Calhoun, et al. Standards Track [Page 7]
RFC 5415 CAPWAP Protocol Specification March 2009
by the WTP and then forwarded to the AC. Figure 2 shows the Local
MAC mode, in which a station transmits a wireless frame that is
encapsulated in an 802.3 frame and forwarded to the AC.
+-+wireless frames +-+ 802.3 frames +-+
| |----------------| |--------------| |
| | | | | |
| |----------------| |--------------| |
| |wireless PHY/ | | CAPWAP | |
| | MAC sublayer | | | |
+-+ +-+ +-+
STA WTP AC
Figure 2: Representative CAPWAP Architecture for Local MAC
Provisioning WTPs with security credentials and managing which WTPs
are authorized to provide service are traditionally handled by
proprietary solutions. Allowing these functions to be performed from
a centralized AC in an interoperable fashion increases manageability
and allows network operators to more tightly control their wireless
network infrastructure.
1.1. Goals
The goals for the CAPWAP protocol are listed below:
1. To centralize the authentication and policy enforcement functions
for a wireless network. The AC may also provide centralized
bridging, forwarding, and encryption of user traffic.
Centralization of these functions will enable reduced cost and
higher efficiency by applying the capabilities of network
processing silicon to the wireless network, as in wired LANs.
2. To enable shifting of the higher-level protocol processing from
the WTP. This leaves the time-critical applications of wireless
control and access in the WTP, making efficient use of the
computing power available in WTPs, which are subject to severe
cost pressure.
3. To provide an extensible protocol that is not bound to a specific
wireless technology. Extensibility is provided via a generic
encapsulation and transport mechanism, enabling the CAPWAP
protocol to be applied to many access point types in the future,
via a specific wireless binding.
The CAPWAP protocol concerns itself solely with the interface between
the WTP and the AC. Inter-AC and station-to-AC communication are
strictly outside the scope of this document.
Calhoun, et al. Standards Track [Page 8]
RFC 5415 CAPWAP Protocol Specification March 2009
1.2. Conventions Used in This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
1.3. Contributing Authors
This section lists and acknowledges the authors of significant text
and concepts included in this specification.
The CAPWAP Working Group selected the Lightweight Access Point
Protocol (LWAPP) [LWAPP] to be used as the basis of the CAPWAP
protocol specification. The following people are authors of the
LWAPP document:
Bob O'Hara
Email: bob.ohara@computer.org
Pat Calhoun, Cisco Systems, Inc.
170 West Tasman Drive, San Jose, CA 95134
Phone: +1 408-902-3240, Email: pcalhoun@cisco.com
Rohit Suri, Cisco Systems, Inc.
170 West Tasman Drive, San Jose, CA 95134
Phone: +1 408-853-5548, Email: rsuri@cisco.com
Nancy Cam Winget, Cisco Systems, Inc.
170 West Tasman Drive, San Jose, CA 95134
Phone: +1 408-853-0532, Email: ncamwing@cisco.com
Scott Kelly, Aruba Networks
1322 Crossman Ave, Sunnyvale, CA 94089
Phone: +1 408-754-8408, Email: skelly@arubanetworks.com
Michael Glenn Williams, Nokia, Inc.
313 Fairchild Drive, Mountain View, CA 94043
Phone: +1 650-714-7758, Email: Michael.G.Williams@Nokia.com
Sue Hares, Green Hills Software
825 Victors Way, Suite 100, Ann Arbor, MI 48108
Phone: +1 734 222 1610, Email: shares@ndzh.com
Datagram Transport Layer Security (DTLS) [RFC4347] is used as the
security solution for the CAPWAP protocol. The following people are
authors of significant DTLS-related text included in this document:
Calhoun, et al. Standards Track [Page 9]
RFC 5415 CAPWAP Protocol Specification March 2009
Scott Kelly, Aruba Networks
1322 Crossman Ave, Sunnyvale, CA 94089
Phone: +1 408-754-8408
Email: skelly@arubanetworks.com
Eric Rescorla, Network Resonance
2483 El Camino Real, #212,Palo Alto CA, 94303
Email: ekr@networkresonance.com
The concept of using DTLS to secure the CAPWAP protocol was part of
the Secure Light Access Point Protocol (SLAPP) proposal [SLAPP]. The
following people are authors of the SLAPP proposal:
Partha Narasimhan, Aruba Networks
1322 Crossman Ave, Sunnyvale, CA 94089
Phone: +1 408-480-4716
Email: partha@arubanetworks.com
Dan Harkins
Trapeze Networks
5753 W. Las Positas Blvd, Pleasanton, CA 94588
Phone: +1-925-474-2212
EMail: dharkins@trpz.com
Subbu Ponnuswamy, Aruba Networks
1322 Crossman Ave, Sunnyvale, CA 94089
Phone: +1 408-754-1213
Email: subbu@arubanetworks.com
The following individuals contributed significant security-related
text to the document [RFC5418]:
T. Charles Clancy, Laboratory for Telecommunications Sciences,
8080 Greenmead Drive, College Park, MD 20740
Phone: +1 240-373-5069, Email: clancy@ltsnet.net
Scott Kelly, Aruba Networks
1322 Crossman Ave, Sunnyvale, CA 94089
Phone: +1 408-754-8408, Email: scott@hyperthought.com
1.4. Terminology
Access Controller (AC): The network entity that provides WTP access
to the network infrastructure in the data plane, control plane,
management plane, or a combination therein.
Calhoun, et al. Standards Track [Page 10]
RFC 5415 CAPWAP Protocol Specification March 2009
CAPWAP Control Channel: A bi-directional flow defined by the AC IP
Address, WTP IP Address, AC control port, WTP control port, and the
transport-layer protocol (UDP or UDP-Lite) over which CAPWAP Control
packets are sent and received.
CAPWAP Data Channel: A bi-directional flow defined by the AC IP
Address, WTP IP Address, AC data port, WTP data port, and the
transport-layer protocol (UDP or UDP-Lite) over which CAPWAP Data
packets are sent and received.
Station (STA): A device that contains an interface to a wireless
medium (WM).
Wireless Termination Point (WTP): The physical or network entity that
contains an RF antenna and wireless Physical Layer (PHY) to transmit
and receive station traffic for wireless access networks.
This document uses additional terminology defined in [RFC3753].
2. Protocol Overview
The CAPWAP protocol is a generic protocol defining AC and WTP control
and data plane communication via a CAPWAP protocol transport
mechanism. CAPWAP Control messages, and optionally CAPWAP Data
messages, are secured using Datagram Transport Layer Security (DTLS)
[RFC4347]. DTLS is a standards-track IETF protocol based upon TLS.
The underlying security-related protocol mechanisms of TLS have been
successfully deployed for many years.
The CAPWAP protocol transport layer carries two types of payload,
CAPWAP Data messages and CAPWAP Control messages. CAPWAP Data
messages encapsulate forwarded wireless frames. CAPWAP protocol
Control messages are management messages exchanged between a WTP and
an AC. The CAPWAP Data and Control packets are sent over separate
UDP ports. Since both data and control packets can exceed the
Maximum Transmission Unit (MTU) length, the payload of a CAPWAP Data
or Control message can be fragmented. The fragmentation behavior is
defined in Section 3.
The CAPWAP Protocol begins with a Discovery phase. The WTPs send a
Discovery Request message, causing any Access Controller (AC)
receiving the message to respond with a Discovery Response message.
From the Discovery Response messages received, a WTP selects an AC
with which to establish a secure DTLS session. In order to establish
the secure DTLS connection, the WTP will need some amount of pre-
provisioning, which is specified in Section 12.5. CAPWAP protocol
messages will be fragmented to the maximum length discovered to be
supported by the network.
Calhoun, et al. Standards Track [Page 11]
RFC 5415 CAPWAP Protocol Specification March 2009
Once the WTP and the AC have completed DTLS session establishment, a
configuration exchange occurs in which both devices agree on version
information. During this exchange, the WTP may receive provisioning
settings. The WTP is then enabled for operation.
When the WTP and AC have completed the version and provision exchange
and the WTP is enabled, the CAPWAP protocol is used to encapsulate
the wireless data frames sent between the WTP and AC. The CAPWAP
protocol will fragment the L2 frames if the size of the encapsulated
wireless user data (Data) or protocol control (Management) frames
causes the resulting CAPWAP protocol packet to exceed the MTU
supported between the WTP and AC. Fragmented CAPWAP packets are
reassembled to reconstitute the original encapsulated payload. MTU
Discovery and Fragmentation are described in Section 3.
The CAPWAP protocol provides for the delivery of commands from the AC
to the WTP for the management of stations that are communicating with
the WTP. This may include the creation of local data structures in
the WTP for the stations and the collection of statistical
information about the communication between the WTP and the stations.
The CAPWAP protocol provides a mechanism for the AC to obtain
statistical information collected by the WTP.
The CAPWAP protocol provides for a keep-alive feature that preserves
the communication channel between the WTP and AC. If the AC fails to
appear alive, the WTP will try to discover a new AC.
2.1. Wireless Binding Definition
The CAPWAP protocol is independent of a specific WTP radio
technology, as well its associated wireless link layer protocol.
Elements of the CAPWAP protocol are designed to accommodate the
specific needs of each wireless technology in a standard way.
Implementation of the CAPWAP protocol for a particular wireless
technology MUST follow the binding requirements defined for that
technology.
When defining a binding for wireless technologies, the authors MUST
include any necessary definitions for technology-specific messages
and all technology-specific message elements for those messages. At
a minimum, a binding MUST provide:
1. The definition for a binding-specific Statistics message element,
carried in the WTP Event Request message.
2. A message element carried in the Station Configuration Request
message to configure station information on the WTP.
Calhoun, et al. Standards Track [Page 12]
RFC 5415 CAPWAP Protocol Specification March 2009
3. A WTP Radio Information message element carried in the Discovery,
Primary Discovery, and Join Request and Response messages,
indicating the binding-specific radio types supported at the WTP
and AC.
If technology-specific message elements are required for any of the
existing CAPWAP messages defined in this specification, they MUST
also be defined in the technology binding document.
The naming of binding-specific message elements MUST begin with the
name of the technology type, e.g., the binding for IEEE 802.11,
provided in [RFC5416], begins with "IEEE 802.11".
The CAPWAP binding concept MUST also be used in any future
specifications that add functionality to either the base CAPWAP
protocol specification, or any published CAPWAP binding
specification. A separate WTP Radio Information message element MUST
be created to properly advertise support for the specification. This
mechanism allows for future protocol extensibility, while providing
the necessary capabilities advertisement, through the WTP Radio
Information message element, to ensure WTP/AC interoperability.
2.2. CAPWAP Session Establishment Overview
This section describes the session establishment process message
exchanges between a CAPWAP WTP and AC. The annotated ladder diagram
shows the AC on the right, the WTP on the left, and assumes the use
of certificates for DTLS authentication. The CAPWAP protocol state
machine is described in detail in Section 2.3. Note that DTLS allows
certain messages to be aggregated into a single frame, which is
denoted via an asterisk in Figure 3.
============ ============
WTP AC
============ ============
[----------- begin optional discovery ------------]
Discover Request
------------------------------------>
Discover Response
<------------------------------------
[----------- end optional discovery ------------]
(-- begin DTLS handshake --)
ClientHello
------------------------------------>
Calhoun, et al. Standards Track [Page 13]
RFC 5415 CAPWAP Protocol Specification March 2009
HelloVerifyRequest (with cookie)
<------------------------------------
ClientHello (with cookie)
------------------------------------>
ServerHello,
Certificate,
ServerHelloDone*
<------------------------------------
(-- WTP callout for AC authorization --)
Certificate (optional),
ClientKeyExchange,
CertificateVerify (optional),
ChangeCipherSpec,
Finished*
------------------------------------>
(-- AC callout for WTP authorization --)
ChangeCipherSpec,
Finished*
<------------------------------------
(-- DTLS session is established now --)
Join Request
------------------------------------>
Join Response
<------------------------------------
[-- Join State Complete --]
(-- assume image is up to date --)
Configuration Status Request
------------------------------------>
Configuration Status Response
<------------------------------------
[-- Configure State Complete --]
Change State Event Request
------------------------------------>
Change State Event Response
<------------------------------------
[-- Data Check State Complete --]
Calhoun, et al. Standards Track [Page 14]
RFC 5415 CAPWAP Protocol Specification March 2009
(-- enter RUN state --)
:
:
Echo Request
------------------------------------>
Echo Response
<------------------------------------
:
:
Event Request
------------------------------------>
Event Response
<------------------------------------
:
:
Figure 3: CAPWAP Control Protocol Exchange
At the end of the illustrated CAPWAP message exchange, the AC and WTP
are securely exchanging CAPWAP Control messages. This illustration
is provided to clarify protocol operation, and does not include any
possible error conditions. Section 2.3 provides a detailed
description of the corresponding state machine.
2.3. CAPWAP State Machine Definition
The following state diagram represents the lifecycle of a WTP-AC
session. Use of DTLS by the CAPWAP protocol results in the
juxtaposition of two nominally separate yet tightly bound state
machines. The DTLS and CAPWAP state machines are coupled through an
API consisting of commands (see Section 2.3.2.1) and notifications
(see Section 2.3.2.2). Certain transitions in the DTLS state machine
are triggered by commands from the CAPWAP state machine, while
certain transitions in the CAPWAP state machine are triggered by
notifications from the DTLS state machine.
Calhoun, et al. Standards Track [Page 15]
RFC 5415 CAPWAP Protocol Specification March 2009
/-------------------------------------\
| /-------------------------\|
| p| ||
| q+----------+ r +------------+ ||
| | Run |-->| Reset |-\||
| +----------+ +------------+ |||
n| o ^ ^ ^ s|||
+------------+--------/ | | |||
| Data Check | /-------/ | |||
+------------+<-------\ | | |||
| | | |||
/------------------+--------\ | |||
f| m| h| j v k| |||
+--------+ +-----------+ +--------------+|||
| Join |---->| Configure | | Image Data ||||
+--------+ n +-----------+ +--------------+|||
^ |g i| l| |||
| | \-------------------\ | |||
| \--------------------------------------\| | |||
\------------------------\ || | |||
/--------------<----------------+---------------\ || | |||
| /------------<----------------+-------------\ | || | |||
| | 4 |d t| | vv v vvv
| | +----------------+ +--------------+ +-----------+
| | | DTLS Setup | | DTLS Connect |-->| DTLS TD |
/-|-|---+----------------+ +--------------+ e +-----------+
| | | |$ ^ ^ |5 ^6 ^ ^ |w
v v v | | | | \-------\ | | |
| | | | | | \---------\ | | /-----------/ |
| | | | | \--\ | | | | |
| | | | | | | | | | |
| | | v 3| 1 |% # v | |a |b v
| | \->+------+-->+------+ +-----------+ +--------+
| | | Idle | | Disc | | Authorize | | Dead |
| | +------+<--+------+ +-----------+ +--------+
| | ^ 0^ 2 |!
| | | | | +-------+
*| |u | \---------+---| Start |
| | |@ | +-------+
| \->+---------+<------/
\--->| Sulking |
+---------+&
Figure 4: CAPWAP Integrated State Machine
The CAPWAP protocol state machine, depicted above, is used by both
the AC and the WTP. In cases where states are not shared (i.e., not
implemented in one or the other of the AC or WTP), this is explicitly
Calhoun, et al. Standards Track [Page 16]
RFC 5415 CAPWAP Protocol Specification March 2009
called out in the transition descriptions below. For every state
defined, only certain messages are permitted to be sent and received.
The CAPWAP Control message definitions specify the state(s) in which
each message is valid.
Since the WTP only communicates with a single AC, it only has a
single instance of the CAPWAP state machine. The state machine works
differently on the AC since it communicates with many WTPs. The AC
uses the concept of three threads. Note that the term thread used
here does not necessarily imply that implementers must use threads,
but it is one possible way of implementing the AC's state machine.
Listener Thread: The AC's Listener thread handles inbound DTLS
session establishment requests, through the DTLSListen command.
Upon creation, the Listener thread starts in the DTLS Setup state.
Once a DTLS session has been validated, which occurs when the
state machine enters the "Authorize" state, the Listener thread
creates a WTP session-specific Service thread and state context.
The state machine transitions in Figure 4 are represented by
numerals. It is necessary for the AC to protect itself against
various attacks that exist with non-authenticated frames. See
Section 12 for more information.
Discovery Thread: The AC's Discovery thread is responsible for
receiving, and responding to, Discovery Request messages. The
state machine transitions in Figure 4 are represented by numerals.
Note that the Discovery thread does not maintain any per-WTP-
specific context information, and a single state context exists.
It is necessary for the AC to protect itself against various
attacks that exist with non-authenticated frames. See Section 12
for more information.
Service Thread: The AC's Service thread handles the per-WTP states,
and one such thread exists per-WTP connection. This thread is
created by the Listener thread when the Authorize state is
reached. When created, the Service thread inherits a copy of the
state machine context from the Listener thread. When
communication with the WTP is complete, the Service thread is
terminated and all associated resources are released. The state
machine transitions in Figure 4 are represented by alphabetic and
punctuation characters.
2.3.1. CAPWAP Protocol State Transitions
This section describes the various state transitions, and the events
that cause them. This section does not discuss interactions between
DTLS- and CAPWAP-specific states. Those interactions, and DTLS-
specific states and transitions, are discussed in Section 2.3.2.
Calhoun, et al. Standards Track [Page 17]
RFC 5415 CAPWAP Protocol Specification March 2009
Start to Idle (0): This transition occurs once device initialization
is complete.
WTP: This state transition is used to start the WTP's CAPWAP
state machine.
AC: The AC creates the Discovery and Listener threads and starts
the CAPWAP state machine.
Idle to Discovery (1): This transition occurs to support the CAPWAP
discovery process.
WTP: The WTP enters the Discovery state prior to transmitting the
first Discovery Request message (see Section 5.1). Upon
entering this state, the WTP sets the DiscoveryInterval
timer (see Section 4.7). The WTP resets the DiscoveryCount
counter to zero (0) (see Section 4.8). The WTP also clears
all information from ACs it may have received during a
previous Discovery phase.
AC: This state transition is executed by the AC's Discovery
thread, and occurs when a Discovery Request message is
received. The AC SHOULD respond with a Discovery Response
message (see Section 5.2).
Discovery to Discovery (#): In the Discovery state, the WTP
determines to which AC to connect.
WTP: This transition occurs when the DiscoveryInterval timer
expires. If the WTP is configured with a list of ACs, it
transmits a Discovery Request message to every AC from which
it has not received a Discovery Response message. For every
transition to this event, the WTP increments the
DiscoveryCount counter. See Section 5.1 for more
information on how the WTP knows the ACs to which it should
transmit the Discovery Request messages. The WTP restarts
the DiscoveryInterval timer whenever it transmits Discovery
Request messages.
AC: This is an invalid state transition for the AC.
Discovery to Idle (2): This transition occurs on the AC's Discovery
thread when the Discovery processing is complete.
WTP: This is an invalid state transition for the WTP.
Calhoun, et al. Standards Track [Page 18]
RFC 5415 CAPWAP Protocol Specification March 2009
AC: This state transition is executed by the AC's Discovery
thread when it has transmitted the Discovery Response, in
response to a Discovery Request.
Discovery to Sulking (!): This transition occurs on a WTP when AC
Discovery fails.
WTP: The WTP enters this state when the DiscoveryInterval timer
expires and the DiscoveryCount variable is equal to the
MaxDiscoveries variable (see Section 4.8). Upon entering
this state, the WTP MUST start the SilentInterval timer.
While in the Sulking state, all received CAPWAP protocol
messages MUST be ignored.
AC: This is an invalid state transition for the AC.
Sulking to Idle (@): This transition occurs on a WTP when it must
restart the Discovery phase.
WTP: The WTP enters this state when the SilentInterval timer (see
Section 4.7) expires. The FailedDTLSSessionCount,
DiscoveryCount, and FailedDTLSAuthFailCount counters are
reset to zero.
AC: This is an invalid state transition for the AC.
Sulking to Sulking (&): The Sulking state provides the silent
period, minimizing the possibility for Denial-of-Service (DoS)
attacks.
WTP: All packets received from the AC while in the sulking state
are ignored.
AC: This is an invalid state transition for the AC.
Idle to DTLS Setup (3): This transition occurs to establish a secure
DTLS session with the peer.
WTP: The WTP initiates this transition by invoking the DTLSStart
command (see Section 2.3.2.1), which starts the DTLS session
establishment with the chosen AC and the WaitDTLS timer is
started (see Section 4.7). When the Discovery phase is
bypassed, it is assumed the WTP has locally configured ACs.
Calhoun, et al. Standards Track [Page 19]
RFC 5415 CAPWAP Protocol Specification March 2009
AC: Upon entering the Idle state from the Start state, the newly
created Listener thread automatically transitions to the
DTLS Setup and invokes the DTLSListen command (see
Section 2.3.2.1), and the WaitDTLS timer is started (see
Section 4.7).
Discovery to DTLS Setup (%): This transition occurs to establish a
secure DTLS session with the peer.
WTP: The WTP initiates this transition by invoking the DTLSStart
command (see Section 2.3.2.1), which starts the DTLS session
establishment with the chosen AC. The decision of to which
AC to connect is the result of the Discovery phase, which is
described in Section 3.3.
AC: This is an invalid state transition for the AC.
DTLS Setup to Idle ($): This transition occurs when the DTLS
connection setup fails.
WTP: The WTP initiates this state transition when it receives a
DTLSEstablishFail notification from DTLS (see
Section 2.3.2.2), and the FailedDTLSSessionCount or the
FailedDTLSAuthFailCount counter have not reached the value
of the MaxFailedDTLSSessionRetry variable (see Section 4.8).
This error notification aborts the secure DTLS session
establishment. When this notification is received, the
FailedDTLSSessionCount counter is incremented. This state
transition also occurs if the WaitDTLS timer has expired.
AC: This is an invalid state transition for the AC.
DTLS Setup to Sulking (*): This transition occurs when repeated
attempts to set up the DTLS connection have failed.
WTP: The WTP enters this state when the FailedDTLSSessionCount or
the FailedDTLSAuthFailCount counter reaches the value of the
MaxFailedDTLSSessionRetry variable (see Section 4.8). Upon
entering this state, the WTP MUST start the SilentInterval
timer. While in the Sulking state, all received CAPWAP and
DTLS protocol messages received MUST be ignored.
AC: This is an invalid state transition for the AC.
DTLS Setup to DTLS Setup (4): This transition occurs when the DTLS
Session failed to be established.
WTP: This is an invalid state transition for the WTP.
Calhoun, et al. Standards Track [Page 20]
RFC 5415 CAPWAP Protocol Specification March 2009
AC: The AC's Listener initiates this state transition when it
receives a DTLSEstablishFail notification from DTLS (see
Section 2.3.2.2). This error notification aborts the secure
DTLS session establishment. When this notification is
received, the FailedDTLSSessionCount counter is incremented.
The Listener thread then invokes the DTLSListen command (see
Section 2.3.2.1).
DTLS Setup to Authorize (5): This transition occurs when an incoming
DTLS session is being established, and the DTLS stack needs
authorization to proceed with the session establishment.
WTP: This state transition occurs when the WTP receives the
DTLSPeerAuthorize notification (see Section 2.3.2.2). Upon
entering this state, the WTP performs an authorization check
against the AC credentials. See Section 2.4.4 for more
information on AC authorization.
AC: This state transition is handled by the AC's Listener thread
when the DTLS module initiates the DTLSPeerAuthorize
notification (see Section 2.3.2.2). The Listener thread
forks an instance of the Service thread, along with a copy
of the state context. Once created, the Service thread
performs an authorization check against the WTP credentials.
See Section 2.4.4 for more information on WTP authorization.
Authorize to DTLS Setup (6): This transition is executed by the
Listener thread to enable it to listen for new incoming sessions.
WTP: This is an invalid state transition for the WTP.
AC: This state transition occurs when the AC's Listener thread
has created the WTP context and the Service thread. The
Listener thread then invokes the DTLSListen command (see
Section 2.3.2.1).
Authorize to DTLS Connect (a): This transition occurs to notify the
DTLS stack that the session should be established.
WTP: This state transition occurs when the WTP has successfully
authorized the AC's credentials (see Section 2.4.4). This
is done by invoking the DTLSAccept DTLS command (see
Section 2.3.2.1).
AC: This state transition occurs when the AC has successfully
authorized the WTP's credentials (see Section 2.4.4). This
is done by invoking the DTLSAccept DTLS command (see
Section 2.3.2.1).
Calhoun, et al. Standards Track [Page 21]
RFC 5415 CAPWAP Protocol Specification March 2009
Authorize to DTLS Teardown (b): This transition occurs to notify the
DTLS stack that the session should be aborted.
WTP: This state transition occurs when the WTP has been unable to
authorize the AC, using the AC credentials. The WTP then
aborts the DTLS session by invoking the DTLSAbortSession
command (see Section 2.3.2.1). This state transition also
occurs if the WaitDTLS timer has expired. The WTP starts
the DTLSSessionDelete timer (see Section 4.7.6).
AC: This state transition occurs when the AC has been unable to
authorize the WTP, using the WTP credentials. The AC then
aborts the DTLS session by invoking the DTLSAbortSession
command (see Section 2.3.2.1). This state transition also
occurs if the WaitDTLS timer has expired. The AC starts the
DTLSSessionDelete timer (see Section 4.7.6).
DTLS Connect to DTLS Teardown (c): This transition occurs when the
DTLS Session failed to be established.
WTP: This state transition occurs when the WTP receives either a
DTLSAborted or DTLSAuthenticateFail notification (see
Section 2.3.2.2), indicating that the DTLS session was not
successfully established. When this transition occurs due
to the DTLSAuthenticateFail notification, the
FailedDTLSAuthFailCount is incremented; otherwise, the
FailedDTLSSessionCount counter is incremented. This state
transition also occurs if the WaitDTLS timer has expired.
The WTP starts the DTLSSessionDelete timer (see
Section 4.7.6).
AC: This state transition occurs when the AC receives either a
DTLSAborted or DTLSAuthenticateFail notification (see
Section 2.3.2.2), indicating that the DTLS session was not
successfully established, and both of the
FailedDTLSAuthFailCount and FailedDTLSSessionCount counters
have not reached the value of the MaxFailedDTLSSessionRetry
variable (see Section 4.8). This state transition also
occurs if the WaitDTLS timer has expired. The AC starts the
DTLSSessionDelete timer (see Section 4.7.6).
DTLS Connect to Join (d): This transition occurs when the DTLS
Session is successfully established.
WTP: This state transition occurs when the WTP receives the
DTLSEstablished notification (see Section 2.3.2.2),
indicating that the DTLS session was successfully
established. When this notification is received, the
Calhoun, et al. Standards Track [Page 22]
RFC 5415 CAPWAP Protocol Specification March 2009
FailedDTLSSessionCount counter is set to zero. The WTP
enters the Join state by transmitting the Join Request to
the AC. The WTP stops the WaitDTLS timer.
AC: This state transition occurs when the AC receives the
DTLSEstablished notification (see Section 2.3.2.2),
indicating that the DTLS session was successfully
established. When this notification is received, the
FailedDTLSSessionCount counter is set to zero. The AC stops
the WaitDTLS timer, and starts the WaitJoin timer.
Join to DTLS Teardown (e): This transition occurs when the join
process has failed.
WTP: This state transition occurs when the WTP receives a Join
Response message with a Result Code message element
containing an error, or if the Image Identifier provided by
the AC in the Join Response message differs from the WTP's
currently running firmware version and the WTP has the
requested image in its non-volatile memory. This causes the
WTP to initiate the DTLSShutdown command (see
Section 2.3.2.1). This transition also occurs if the WTP
receives one of the following DTLS notifications:
DTLSAborted, DTLSReassemblyFailure, or DTLSPeerDisconnect.
The WTP starts the DTLSSessionDelete timer (see
Section 4.7.6).
AC: This state transition occurs either if the WaitJoin timer
expires or if the AC transmits a Join Response message with
a Result Code message element containing an error. This
causes the AC to initiate the DTLSShutdown command (see
Section 2.3.2.1). This transition also occurs if the AC
receives one of the following DTLS notifications:
DTLSAborted, DTLSReassemblyFailure, or DTLSPeerDisconnect.
The AC starts the DTLSSessionDelete timer (see
Section 4.7.6).
Join to Image Data (f): This state transition is used by the WTP and
the AC to download executable firmware.
WTP: The WTP enters the Image Data state when it receives a
successful Join Response message and determines that the
software version in the Image Identifier message element is
not the same as its currently running image. The WTP also
detects that the requested image version is not currently
available in the WTP's non-volatile storage (see Section 9.1
for a full description of the firmware download process).
The WTP initializes the EchoInterval timer (see
Calhoun, et al. Standards Track [Page 23]
RFC 5415 CAPWAP Protocol Specification March 2009
Section 4.7), and transmits the Image Data Request message
(see Section 9.1.1) requesting the start of the firmware
download.
AC: This state transition occurs when the AC receives the Image
Data Request message from the WTP, after having sent its
Join Response to the WTP. The AC stops the WaitJoin timer.
The AC MUST transmit an Image Data Response message (see
Section 9.1.2) to the WTP, which includes a portion of the
firmware.
Join to Configure (g): This state transition is used by the WTP and
the AC to exchange configuration information.
WTP: The WTP enters the Configure state when it receives a
successful Join Response message, and determines that the
included Image Identifier message element is the same as its
currently running image. The WTP transmits the
Configuration Status Request message (see Section 8.2) to
the AC with message elements describing its current
configuration.
AC: This state transition occurs when it receives the
Configuration Status Request message from the WTP (see
Section 8.2), which MAY include specific message elements to
override the WTP's configuration. The AC stops the WaitJoin
timer. The AC transmits the Configuration Status Response
message (see Section 8.3) and starts the
ChangeStatePendingTimer timer (see Section 4.7).
Configure to Reset (h): This state transition is used to reset the
connection either due to an error during the configuration phase,
or when the WTP determines it needs to reset in order for the new
configuration to take effect. The CAPWAP Reset command is used to
indicate to the peer that it will initiate a DTLS teardown.
WTP: The WTP enters the Reset state when it receives a
Configuration Status Response message indicating an error or
when it determines that a reset of the WTP is required, due
to the characteristics of a new configuration.
AC: The AC transitions to the Reset state when it receives a
Change State Event message from the WTP that contains an
error for which AC policy does not permit the WTP to provide
service. This state transition also occurs when the AC
ChangeStatePendingTimer timer expires.
Calhoun, et al. Standards Track [Page 24]
RFC 5415 CAPWAP Protocol Specification March 2009
Configure to DTLS Teardown (i): This transition occurs when the
configuration process aborts due to a DTLS error.
WTP: The WTP enters this state when it receives one of the
following DTLS notifications: DTLSAborted,
DTLSReassemblyFailure, or DTLSPeerDisconnect (see
Section 2.3.2.2). The WTP MAY tear down the DTLS session if
it receives frequent DTLSDecapFailure notifications. The
WTP starts the DTLSSessionDelete timer (see Section 4.7.6).
AC: The AC enters this state when it receives one of the
following DTLS notifications: DTLSAborted,
DTLSReassemblyFailure, or DTLSPeerDisconnect (see
Section 2.3.2.2). The AC MAY tear down the DTLS session if
it receives frequent DTLSDecapFailure notifications. The AC
starts the DTLSSessionDelete timer (see Section 4.7.6).
Image Data to Image Data (j): The Image Data state is used by the
WTP and the AC during the firmware download phase.
WTP: The WTP enters the Image Data state when it receives an
Image Data Response message indicating that the AC has more
data to send. This state transition also occurs when the
WTP receives the subsequent Image Data Requests, at which
time it resets the ImageDataStartTimer time to ensure it
receives the next expected Image Data Request from the AC.
This state transition can also occur when the WTP's
EchoInterval timer (see Section 4.7.7) expires, in which
case the WTP transmits an Echo Request message (see
Section 7.1), and resets its EchoInterval timer. The state
transition also occurs when the WTP receives an Echo
Response from the AC (see Section 7.2).
AC: This state transition occurs when the AC receives the Image
Data Response message from the WTP while already in the
Image Data state. This state transition also occurs when
the AC receives an Echo Request (see Section 7.1) from the
WTP, in which case it responds with an Echo Response (see
Section 7.2), and resets its EchoInterval timer (see
Section 4.7.7).
Calhoun, et al. Standards Track [Page 25]
RFC 5415 CAPWAP Protocol Specification March 2009
Image Data to Reset (k): This state transition is used to reset the
DTLS connection prior to restarting the WTP after an image
download.
WTP: When an image download completes, or if the
ImageDataStartTimer timer expires, the WTP enters the Reset
state. The WTP MAY also transition to this state upon
receiving an Image Data Response message from the AC (see
Section 9.1.2) indicating a failure.
AC: The AC enters the Reset state either when the image transfer
has successfully completed or an error occurs during the
image download process.
Image Data to DTLS Teardown (l): This transition occurs when the
firmware download process aborts due to a DTLS error.
WTP: The WTP enters this state when it receives one of the
following DTLS notifications: DTLSAborted,
DTLSReassemblyFailure, or DTLSPeerDisconnect (see
Section 2.3.2.2). The WTP MAY tear down the DTLS session if
it receives frequent DTLSDecapFailure notifications. The
WTP starts the DTLSSessionDelete timer (see Section 4.7.6).
AC: The AC enters this state when it receives one of the
following DTLS notifications: DTLSAborted,
DTLSReassemblyFailure, or DTLSPeerDisconnect (see
Section 2.3.2.2). The AC MAY tear down the DTLS session if
it receives frequent DTLSDecapFailure notifications. The AC
starts the DTLSSessionDelete timer (see Section 4.7.6).
Configure to Data Check (m): This state transition occurs when the
WTP and AC confirm the configuration.
WTP: The WTP enters this state when it receives a successful
Configuration Status Response message from the AC. The WTP
transmits the Change State Event Request message (see
Section 8.6).
AC: This state transition occurs when the AC receives the Change
State Event Request message (see Section 8.6) from the WTP.
The AC responds with a Change State Event Response message
(see Section 8.7). The AC MUST start the DataCheckTimer
timer and stops the ChangeStatePendingTimer timer (see
Section 4.7).
Data Check to DTLS Teardown (n): This transition occurs when the WTP
does not complete the Data Check exchange.
Calhoun, et al. Standards Track [Page 26]
RFC 5415 CAPWAP Protocol Specification March 2009
WTP: This state transition occurs if the WTP does not receive the
Change State Event Response message before a CAPWAP
retransmission timeout occurs. The WTP also transitions to
this state if the underlying reliable transport's
RetransmitCount counter has reached the MaxRetransmit
variable (see Section 4.7). The WTP starts the
DTLSSessionDelete timer (see Section 4.7.6).
AC: The AC enters this state when the DataCheckTimer timer
expires (see Section 4.7). The AC starts the
DTLSSessionDelete timer (see Section 4.7.6).
Data Check to Run (o): This state transition occurs when the linkage
between the control and data channels is established, causing the
WTP and AC to enter their normal state of operation.
WTP: The WTP enters this state when it receives a successful
Change State Event Response message from the AC. The WTP
initiates the data channel, which MAY require the
establishment of a DTLS session, starts the
DataChannelKeepAlive timer (see Section 4.7.2) and transmits
a Data Channel Keep-Alive packet (see Section 4.4.1). The
WTP then starts the EchoInterval timer and
DataChannelDeadInterval timer (see Section 4.7).
AC: This state transition occurs when the AC receives the Data
Channel Keep-Alive packet (see Section 4.4.1), with a
Session ID message element matching that included by the WTP
in the Join Request message. The AC disables the
DataCheckTimer timer. Note that if AC policy is to require
the data channel to be encrypted, this process would also
require the establishment of a data channel DTLS session.
Upon receiving the Data Channel Keep-Alive packet, the AC
transmits its own Data Channel Keep Alive packet.
Run to DTLS Teardown (p): This state transition occurs when an error
has occurred in the DTLS stack, causing the DTLS session to be
torn down.
WTP: The WTP enters this state when it receives one of the
following DTLS notifications: DTLSAborted,
DTLSReassemblyFailure, or DTLSPeerDisconnect (see
Section 2.3.2.2). The WTP MAY tear down the DTLS session if
it receives frequent DTLSDecapFailure notifications. The
WTP also transitions to this state if the underlying
reliable transport's RetransmitCount counter has reached the
MaxRetransmit variable (see Section 4.7). The WTP starts
the DTLSSessionDelete timer (see Section 4.7.6).
Calhoun, et al. Standards Track [Page 27]
RFC 5415 CAPWAP Protocol Specification March 2009
AC: The AC enters this state when it receives one of the
following DTLS notifications: DTLSAborted,
DTLSReassemblyFailure, or DTLSPeerDisconnect (see
Section 2.3.2.2). The AC MAY tear down the DTLS session if
it receives frequent DTLSDecapFailure notifications. The AC
transitions to this state if the underlying reliable
transport's RetransmitCount counter has reached the
MaxRetransmit variable (see Section 4.7). This state
transition also occurs when the AC's EchoInterval timer (see
Section 4.7.7) expires. The AC starts the DTLSSessionDelete
timer (see Section 4.7.6).
Run to Run (q): This is the normal state of operation.
WTP: This is the WTP's normal state of operation. The WTP resets
its EchoInterval timer whenever it transmits a request to
the AC. There are many events that result in this state
transition:
Configuration Update: The WTP receives a Configuration
Update Request message (see Section 8.4). The WTP
MUST respond with a Configuration Update Response
message (see Section 8.5).
Change State Event: The WTP receives a Change State Event
Response message, or determines that it must initiate
a Change State Event Request message, as a result of a
failure or change in the state of a radio.
Echo Request: The WTP sends an Echo Request message
(Section 7.1) or receives the corresponding Echo
Response message, (see Section 7.2) from the AC. When
the WTP receives the Echo Response, it resets its
EchoInterval timer (see Section 4.7.7).
Clear Config Request: The WTP receives a Clear
Configuration Request message (see Section 8.8) and
MUST generate a corresponding Clear Configuration
Response message (see Section 8.9). The WTP MUST
reset its configuration back to manufacturer defaults.
WTP Event: The WTP sends a WTP Event Request message,
delivering information to the AC (see Section 9.4).
The WTP receives a WTP Event Response message from the
AC (see Section 9.5).
Calhoun, et al. Standards Track [Page 28]
RFC 5415 CAPWAP Protocol Specification March 2009
Data Transfer: The WTP sends a Data Transfer Request or
Data Transfer Response message to the AC (see
Section 9.6). The WTP receives a Data Transfer
Request or Data Transfer Response message from the AC
(see Section 9.6). Upon receipt of a Data Transfer
Request, the WTP transmits a Data Transfer Response to
the AC.
Station Configuration Request: The WTP receives a Station
Configuration Request message (see Section 10.1), to
which it MUST respond with a Station Configuration
Response message (see Section 10.2).
AC: This is the AC's normal state of operation. Note that the
receipt of any Request from the WTP causes the AC to reset
its EchoInterval timer (see Section 4.7.7).
Configuration Update: The AC sends a Configuration Update
Request message (see Section 8.4) to the WTP to update
its configuration. The AC receives a Configuration
Update Response message (see Section 8.5) from the
WTP.
Change State Event: The AC receives a Change State Event
Request message (see Section 8.6), to which it MUST
respond with the Change State Event Response message
(see Section 8.7).
Echo Request: The AC receives an Echo Request message (see
Section 7.1), to which it MUST respond with an Echo
Response message (see Section 7.2).
Clear Config Response: The AC sends a Clear Configuration
Request message (see Section 8.8) to the WTP to clear
its configuration. The AC receives a Clear
Configuration Response message from the WTP (see
Section 8.9).
WTP Event: The AC receives a WTP Event Request message from
the WTP (see Section 9.4) and MUST generate a
corresponding WTP Event Response message (see
Section 9.5).
Data Transfer: The AC sends a Data Transfer Request or Data
Transfer Response message to the WTP (see
Section 9.6). The AC receives a Data Transfer Request
Calhoun, et al. Standards Track [Page 29]
RFC 5415 CAPWAP Protocol Specification March 2009
or Data Transfer Response message from the WTP (see
Section 9.6). Upon receipt of a Data Transfer
Request, the AC transmits a Data Transfer Response to
the WTP.
Station Configuration Request: The AC sends a Station
Configuration Request message (see Section 10.1) or
receives the corresponding Station Configuration
Response message (see Section 10.2) from the WTP.
Run to Reset (r): This state transition is used when either the AC
or WTP tears down the connection. This may occur as part of
normal operation, or due to error conditions.
WTP: The WTP enters the Reset state when it receives a Reset
Request message from the AC.
AC: The AC enters the Reset state when it transmits a Reset
Request message to the WTP.
Reset to DTLS Teardown (s): This transition occurs when the CAPWAP
reset is complete to terminate the DTLS session.
WTP: This state transition occurs when the WTP transmits a Reset
Response message. The WTP does not invoke the DTLSShutdown
command (see Section 2.3.2.1). The WTP starts the
DTLSSessionDelete timer (see Section 4.7.6).
AC: This state transition occurs when the AC receives a Reset
Response message. This causes the AC to initiate the
DTLSShutdown command (see Section 2.3.2.1). The AC starts
the DTLSSessionDelete timer (see Section 4.7.6).
DTLS Teardown to Idle (t): This transition occurs when the DTLS
session has been shut down.
WTP: This state transition occurs when the WTP has successfully
cleaned up all resources associated with the control plane
DTLS session, or if the DTLSSessionDelete timer (see
Section 4.7.6) expires. The data plane DTLS session is also
shut down, and all resources released, if a DTLS session was
established for the data plane. Any timers set for the
current instance of the state machine are also cleared.
AC: This is an invalid state transition for the AC.
Calhoun, et al. Standards Track [Page 30]
RFC 5415 CAPWAP Protocol Specification March 2009
DTLS Teardown to Sulking (u): This transition occurs when repeated
attempts to setup the DTLS connection have failed.
WTP: The WTP enters this state when the FailedDTLSSessionCount or
the FailedDTLSAuthFailCount counter reaches the value of the
MaxFailedDTLSSessionRetry variable (see Section 4.8). Upon
entering this state, the WTP MUST start the SilentInterval
timer. While in the Sulking state, all received CAPWAP and
DTLS protocol messages received MUST be ignored.
AC: This is an invalid state transition for the AC.
DTLS Teardown to Dead (w): This transition occurs when the DTLS
session has been shut down.
WTP: This is an invalid state transition for the WTP.
AC: This state transition occurs when the AC has successfully
cleaned up all resources associated with the control plane
DTLS session , or if the DTLSSessionDelete timer (see
Section 4.7.6) expires. The data plane DTLS session is also
shut down, and all resources released, if a DTLS session was
established for the data plane. Any timers set for the
current instance of the state machine are also cleared. The
AC's Service thread is terminated.
2.3.2. CAPWAP/DTLS Interface
This section describes the DTLS Commands used by CAPWAP, and the
notifications received from DTLS to the CAPWAP protocol stack.
2.3.2.1. CAPWAP to DTLS Commands
Six commands are defined for the CAPWAP to DTLS API. These
"commands" are conceptual, and may be implemented as one or more
function calls. This API definition is provided to clarify
interactions between the DTLS and CAPWAP components of the integrated
CAPWAP state machine.
Below is a list of the minimal command APIs:
o DTLSStart is sent to the DTLS component to cause a DTLS session to
be established. Upon invoking the DTLSStart command, the WaitDTLS
timer is started. The WTP initiates this DTLS command, as the AC
does not initiate DTLS sessions.
o DTLSListen is sent to the DTLS component to allow the DTLS
component to listen for incoming DTLS session requests.
Calhoun, et al. Standards Track [Page 31]
RFC 5415 CAPWAP Protocol Specification March 2009
o DTLSAccept is sent to the DTLS component to allow the DTLS session
establishment to continue successfully.
o DTLSAbortSession is sent to the DTLS component to cause the
session that is in the process of being established to be aborted.
This command is also sent when the WaitDTLS timer expires. When
this command is executed, the FailedDTLSSessionCount counter is
incremented.
o DTLSShutdown is sent to the DTLS component to cause session
teardown.
o DTLSMtuUpdate is sent by the CAPWAP component to modify the MTU
size used by the DTLS component. See Section 3.5 for more
information on MTU Discovery. The default size is 1468 bytes.
2.3.2.2. DTLS to CAPWAP Notifications
DTLS notifications are defined for the DTLS to CAPWAP API. These
"notifications" are conceptual and may be implemented in numerous
ways (e.g., as function return values). This API definition is
provided to clarify interactions between the DTLS and CAPWAP
components of the integrated CAPWAP state machine. It is important
to note that the notifications listed below MAY cause the CAPWAP
state machine to jump from one state to another using a state
transition not listed in Section 2.3.1. When a notification listed
below occurs, the target CAPWAP state shown in Figure 4 becomes the
current state.
Below is a list of the API notifications:
o DTLSPeerAuthorize is sent to the CAPWAP component during DTLS
session establishment once the peer's identity has been received.
This notification MAY be used by the CAPWAP component to authorize
the session, based on the peer's identity. The authorization
process will lead to the CAPWAP component initiating either the
DTLSAccept or DTLSAbortSession commands.
o DTLSEstablished is sent to the CAPWAP component to indicate that a
secure channel now exists, using the parameters provided during
the DTLS initialization process. When this notification is
received, the FailedDTLSSessionCount counter is reset to zero.
When this notification is received, the WaitDTLS timer is stopped.
o DTLSEstablishFail is sent when the DTLS session establishment has
failed, either due to a local error or due to the peer rejecting
the session establishment. When this notification is received,
the FailedDTLSSessionCount counter is incremented.
Calhoun, et al. Standards Track [Page 32]
RFC 5415 CAPWAP Protocol Specification March 2009
o DTLSAuthenticateFail is sent when DTLS session establishment has
failed due to an authentication error. When this notification is
received, the FailedDTLSAuthFailCount counter is incremented.
o DTLSAborted is sent to the CAPWAP component to indicate that
session abort (as requested by CAPWAP) is complete; this occurs to
confirm a DTLS session abort or when the WaitDTLS timer expires.
When this notification is received, the WaitDTLS timer is stopped.
o DTLSReassemblyFailure MAY be sent to the CAPWAP component to
indicate DTLS fragment reassembly failure.
o DTLSDecapFailure MAY be sent to the CAPWAP module to indicate a
decapsulation failure. DTLSDecapFailure MAY be sent to the CAPWAP
module to indicate an encryption/authentication failure. This
notification is intended for informative purposes only, and is not
intended to cause a change in the CAPWAP state machine (see
Section 12.4).
o DTLSPeerDisconnect is sent to the CAPWAP component to indicate the
DTLS session has been torn down. Note that this notification is
only received if the DTLS session has been established.
2.4. Use of DTLS in the CAPWAP Protocol
DTLS is used as a tightly integrated, secure wrapper for the CAPWAP
protocol. In this document, DTLS and CAPWAP are discussed as
nominally distinct entities; however, they are very closely coupled,
and may even be implemented inseparably. Since there are DTLS
library implementations currently available, and since security
protocols (e.g., IPsec, TLS) are often implemented in widely
available acceleration hardware, it is both convenient and forward-
looking to maintain a modular distinction in this document.
This section describes a detailed walk-through of the interactions
between the DTLS module and the CAPWAP module, via 'commands' (CAPWAP
to DTLS) and 'notifications' (DTLS to CAPWAP) as they would be
encountered during the normal course of operation.
2.4.1. DTLS Handshake Processing
Details of the DTLS handshake process are specified in [RFC4347].
This section describes the interactions between the DTLS session
establishment process and the CAPWAP protocol. Note that the
conceptual DTLS state is shown below to help understand the point at
which the DTLS states transition. In the normal case, the DTLS
handshake will proceed as shown in Figure 5. (NOTE: this example
uses certificates, but pre-shared keys are also supported.)
Calhoun, et al. Standards Track [Page 33]
RFC 5415 CAPWAP Protocol Specification March 2009
============ ============
WTP AC
============ ============
ClientHello ------>
<------ HelloVerifyRequest
(with cookie)
ClientHello ------>
(with cookie)
<------ ServerHello
<------ Certificate
<------ ServerHelloDone
(WTP callout for AC authorization
occurs in CAPWAP Auth state)
Certificate*
ClientKeyExchange
CertificateVerify*
ChangeCipherSpec
Finished ------>
(AC callout for WTP authorization
occurs in CAPWAP Auth state)
ChangeCipherSpec
<------ Finished
Figure 5: DTLS Handshake
DTLS, as specified, provides its own retransmit timers with an
exponential back-off. [RFC4347] does not specify how long
retransmissions should continue. Consequently, timing out incomplete
DTLS handshakes is entirely the responsibility of the CAPWAP module.
The DTLS implementation used by CAPWAP MUST support TLS Session
Resumption. Session resumption is typically used to establish the
DTLS session used for the data channel. Since the data channel uses
different port numbers than the control channel, the DTLS
implementation on the WTP MUST provide an interface that allows the
CAPWAP module to request session resumption despite the use of the
different port numbers (TLS implementations usually attempt session
resumption only when connecting to the same IP address and port
number). Note that session resumption is not guaranteed to occur,
and a full DTLS handshake may occur instead.
Calhoun, et al. Standards Track [Page 34]
RFC 5415 CAPWAP Protocol Specification March 2009
The DTLS implementation used by CAPWAP MUST use replay detection, per
Section 3.3 of [RFC4347]. Since the CAPWAP protocol handles
retransmissions by re-encrypting lost frames, any duplicate DTLS
frames are either unintentional or malicious and should be silently
discarded.
2.4.2. DTLS Session Establishment
The WTP, either through the Discovery process or through pre-
configuration, determines to which AC to connect. The WTP uses the
DTLSStart command to request that a secure connection be established
to the selected AC. Prior to initiation of the DTLS handshake, the
WTP sets the WaitDTLS timer. Upon invoking the DTLSStart or
DTLSListen commands, the WTP and AC, respectively, set the WaitDTLS
timer. If the DTLSEstablished notification is not received prior to
timer expiration, the DTLS session is aborted by issuing the
DTLSAbortSession DTLS command. This notification causes the CAPWAP
module to transition to the Idle state. Upon receiving a
DTLSEstablished notification, the WaitDTLS timer is deactivated.
2.4.3. DTLS Error Handling
If the AC or WTP does not respond to any DTLS handshake messages sent
by its peer, the DTLS specification calls for the message to be
retransmitted. Note that during the handshake, when both the AC and
the WTP are expecting additional handshake messages, they both
retransmit if an expected message has not been received (note that
retransmissions for CAPWAP Control messages work differently: all
CAPWAP Control messages are either requests or responses, and the
peer who sent the request is responsible for retransmissions).
If the WTP or the AC does not receive an expected DTLS handshake
message despite of retransmissions, the WaitDTLS timer will
eventually expire, and the session will be terminated. This can
happen if communication between the peers has completely failed, or
if one of the peers sent a DTLS Alert message that was lost in
transit (DTLS does not retransmit Alert messages).
If a cookie fails to validate, this could represent a WTP error, or
it could represent a DoS attack. Hence, AC resource utilization
SHOULD be minimized. The AC MAY log a message indicating the
failure, and SHOULD treat the message as though no cookie were
present.
Since DTLS Handshake messages are potentially larger than the maximum
record size, DTLS supports fragmenting of Handshake messages across
multiple records. There are several potential causes of re-assembly
Calhoun, et al. Standards Track [Page 35]
RFC 5415 CAPWAP Protocol Specification March 2009
errors, including overlapping and/or lost fragments. The DTLS
component MUST send a DTLSReassemblyFailure notification to the
CAPWAP component. Whether precise information is given along with
notification is an implementation issue, and hence is beyond the
scope of this document. Upon receipt of such an error, the CAPWAP
component SHOULD log an appropriate error message. Whether
processing continues or the DTLS session is terminated is
implementation dependent.
DTLS decapsulation errors consist of three types: decryption errors,
authentication errors, and malformed DTLS record headers. Since DTLS
authenticates the data prior to encapsulation, if decryption fails,
it is difficult to detect this without first attempting to
authenticate the packet. If authentication fails, a decryption error
is also likely, but not guaranteed. Rather than attempt to derive
(and require the implementation of) algorithms for detecting
decryption failures, decryption failures are reported as
authentication failures. The DTLS component MUST provide a
DTLSDecapFailure notification to the CAPWAP component when such
errors occur. If a malformed DTLS record header is detected, the
packets SHOULD be silently discarded, and the receiver MAY log an
error message.
There is currently only one encapsulation error defined: MTU
exceeded. As part of DTLS session establishment, the CAPWAP
component informs the DTLS component of the MTU size. This may be
dynamically modified at any time when the CAPWAP component sends the
DTLSMtuUpdate command to the DTLS component (see Section 2.3.2.1).
The value provided to the DTLS stack is the result of the MTU
Discovery process, which is described in Section 3.5. The DTLS
component returns this notification to the CAPWAP component whenever
a transmission request will result in a packet that exceeds the MTU.
2.4.4. DTLS Endpoint Authentication and Authorization
DTLS supports endpoint authentication with certificates or pre-shared
keys. The TLS algorithm suites for each endpoint authentication
method are described below.
2.4.4.1. Authenticating with Certificates
CAPWAP implementations only use cipher suites that are recommended
for use with DTLS, see [DTLS-DESIGN]. At present, the following
algorithms MUST be supported when using certificates for CAPWAP
authentication:
o TLS_RSA_WITH_AES_128_CBC_SHA [RFC5246]
Calhoun, et al. Standards Track [Page 36]
RFC 5415 CAPWAP Protocol Specification March 2009
The following algorithms SHOULD be supported when using certificates:
o TLS_DHE_RSA_WITH_AES_128_CBC_SHA [RFC5246]
The following algorithms MAY be supported when using certificates:
o TLS_RSA_WITH_AES_256_CBC_SHA [RFC5246]
o TLS_DHE_RSA_WITH_AES_256_CBC_SHA [RFC5246]
Additional ciphers MAY be defined in subsequent CAPWAP
specifications.
2.4.4.2. Authenticating with Pre-Shared Keys
Pre-shared keys present significant challenges from a security
perspective, and for that reason, their use is strongly discouraged.
Several methods for authenticating with pre-shared keys are defined
[RFC4279], and we focus on the following two:
o Pre-Shared Key (PSK) key exchange algorithm - simplest method,
ciphersuites use only symmetric key algorithms.
o DHE_PSK key exchange algorithm - use a PSK to authenticate a
Diffie-Hellman exchange. These ciphersuites give some additional
protection against dictionary attacks and also provide Perfect
Forward Secrecy (PFS).
The first approach (plain PSK) is susceptible to passive dictionary
attacks; hence, while this algorithm MUST be supported, special care
should be taken when choosing that method. In particular, user-
readable passphrases SHOULD NOT be used, and use of short PSKs SHOULD
be strongly discouraged.
The following cryptographic algorithms MUST be supported when using
pre-shared keys:
o TLS_PSK_WITH_AES_128_CBC_SHA [RFC5246]
o TLS_DHE_PSK_WITH_AES_128_CBC_SHA [RFC5246]
The following algorithms MAY be supported when using pre-shared keys:
o TLS_PSK_WITH_AES_256_CBC_SHA [RFC5246]
o TLS_DHE_PSK_WITH_AES_256_CBC_SHA [RFC5246]
Additional ciphers MAY be defined in following CAPWAP specifications.
Calhoun, et al. Standards Track [Page 37]
RFC 5415 CAPWAP Protocol Specification March 2009
2.4.4.3. Certificate Usage
Certificate authorization by the AC and WTP is required so that only
an AC may perform the functions of an AC and that only a WTP may
perform the functions of a WTP. This restriction of functions to the
AC or WTP requires that the certificates used by the AC MUST be
distinguishable from the certificate used by the WTP. To accomplish
this differentiation, the x.509 certificates MUST include the
Extended Key Usage (EKU) certificate extension [RFC5280].
The EKU field indicates one or more purposes for which a certificate
may be used. It is an essential part in authorization. Its syntax
is described in [RFC5280] and [ISO.9834-1.1993] and is as follows:
ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
KeyPurposeId ::= OBJECT IDENTIFIER
Here we define two KeyPurposeId values, one for the WTP and one for
the AC. Inclusion of one of these two values indicates a certificate
is authorized for use by a WTP or AC, respectively. These values are
formatted as id-kp fields.
id-kp OBJECT IDENTIFIER ::=
{ iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) 3 }
id-kp-capwapAC OBJECT IDENTIFIER ::= { id-kp 18 }
id-kp-capwapWTP OBJECT IDENTIFIER ::= { id-kp 19 }
All capwap devices MUST support the ExtendedKeyUsage certificate
extension if it is present in a certificate. If the extension is
present, then the certificate MUST have either the id-kp-capwapAC or
the id-kp-anyExtendedKeyUsage keyPurposeID to act as an AC.
Similarly, if the extension is present, a device MUST have the id-kp-
capwapWTP or id-kp-anyExtendedKeyUsage keyPurposeID to act as a WTP.
Part of the CAPWAP certificate validation process includes ensuring
that the proper EKU is included and allowing the CAPWAP session to be
established only if the extension properly represents the device.
For instance, an AC SHOULD NOT accept a connection request from
another AC, and therefore MUST verify that the id-kp-capwapWTP EKU is
present in the certificate.
CAPWAP implementations MUST support certificates where the common
name (CN) for both the WTP and AC is the MAC address of that device.
Calhoun, et al. Standards Track [Page 38]
RFC 5415 CAPWAP Protocol Specification March 2009
The MAC address MUST be encoded in the PrintableString format, using
the well-recognized MAC address format of 01:23:45:67:89:ab. The CN
field MAY contain either of the EUI-48 [EUI-48] or EUI-64 [EUI-64]
MAC Address formats. This seemingly unconventional use of the CN
field is consistent with other standards that rely on device
certificates that are provisioned during the manufacturing process,
such as Packet Cable [PacketCable], Cable Labs [CableLabs], and WiMAX
[WiMAX]. See Section 12.8 for more information on the use of the MAC
address in the CN field.
ACs and WTPs MUST authorize (e.g., through access control lists)
certificates of devices to which they are connecting, e.g., based on
the issuer, MAC address, or organizational information specified in
the certificate. The identities specified in the certificates bind a
particular DTLS session to a specific pair of mutually authenticated
and authorized MAC addresses. The particulars of authorization
filter construction are implementation details which are, for the
most part, not within the scope of this specification. However, at
minimum, all devices MUST verify that the appropriate EKU bit is set
according to the role of the peer device (AC versus WTP), and that
the issuer of the certificate is appropriate for the domain in
question.
2.4.4.4. PSK Usage
When DTLS uses PSK Ciphersuites, the ServerKeyExchange message MUST
contain the "PSK identity hint" field and the ClientKeyExchange
message MUST contain the "PSK identity" field. These fields are used
to help the WTP select the appropriate PSK for use with the AC, and
then indicate to the AC which key is being used. When PSKs are
provisioned to WTPs and ACs, both the PSK Hint and PSK Identity for
the key MUST be specified.
The PSK Hint SHOULD uniquely identify the AC and the PSK Identity
SHOULD uniquely identify the WTP. It is RECOMMENDED that these hints
and identities be the ASCII HEX-formatted MAC addresses of the
respective devices, since each pairwise combination of WTP and AC
SHOULD have a unique PSK. The PSK Hint and Identity SHOULD be
sufficient to perform authorization, as simply having knowledge of a
PSK does not necessarily imply authorization.
If a single PSK is being used for multiple devices on a CAPWAP
network, which is NOT RECOMMENDED, the PSK Hint and Identity can no
longer be a MAC address, so appropriate hints and identities SHOULD
be selected to identify the group of devices to which the PSK is
provisioned.
Calhoun, et al. Standards Track [Page 39]
RFC 5415 CAPWAP Protocol Specification March 2009
3. CAPWAP Transport
Communication between a WTP and an AC is established using the
standard UDP client/server model. The CAPWAP protocol supports both
UDP and UDP-Lite [RFC3828] transport protocols. When run over IPv4,
UDP is used for the CAPWAP Control and Data channels.
When run over IPv6, the CAPWAP Control channel always uses UDP, while
the CAPWAP Data channel may use either UDP or UDP-Lite. UDP-Lite is
the default transport protocol for the CAPWAP Data channel. However,
if a middlebox or IPv4 to IPv6 gateway has been discovered, UDP is
used for the CAPWAP Data channel.
This section describes how the CAPWAP protocol is carried over IP and
UDP/UDP-Lite transport protocols. The CAPWAP Transport Protocol
message element, Section 4.6.14, describes the rules to use in
determining which transport protocol is to be used.
In order for CAPWAP to be compatible with potential middleboxes in
the network, CAPWAP implementations MUST send return traffic from the
same port on which they received traffic from a given peer. Further,
any unsolicited requests generated by a CAPWAP node MUST be sent on
the same port.
3.1. UDP Transport
One of the CAPWAP protocol requirements is to allow a WTP to reside
behind a middlebox, firewall, and/or Network Address Translation
(NAT) device. Since a CAPWAP session is initiated by the WTP
(client) to the well-known UDP port of the AC (server), the use of
UDP is a logical choice. When CAPWAP is run over IPv4, the UDP
checksum field in CAPWAP packets MUST be set to zero.
CAPWAP protocol control packets sent from the WTP to the AC use the
CAPWAP Control channel, as defined in Section 1.4. The CAPWAP
control port at the AC is the well-known UDP port 5246. The CAPWAP
control port at the WTP can be any port selected by the WTP.
CAPWAP protocol data packets sent from the WTP to the AC use the
CAPWAP Data channel, as defined in Section 1.4. The CAPWAP data port
at the AC is the well-known UDP port 5247. If an AC permits the
administrator to change the CAPWAP control port, the CAPWAP data port
MUST be the next consecutive port number. The CAPWAP data port at
the WTP can be any port selected by the WTP.
Calhoun, et al. Standards Track [Page 40]
RFC 5415 CAPWAP Protocol Specification March 2009
3.2. UDP-Lite Transport
When CAPWAP is run over IPv6, UDP-Lite is the default transport
protocol, which reduces the checksum processing required for each
packet (compared to the use of UDP over IPv6 [RFC2460]). When UDP-
Lite is used, the checksum field MUST have a coverage of 8 [RFC3828].
UDP-Lite uses the same port assignments as UDP.
3.3. AC Discovery
The AC Discovery phase allows the WTP to determine which ACs are
available and choose the best AC with which to establish a CAPWAP
session. The Discovery phase occurs when the WTP enters the optional
Discovery state. A WTP does not need to complete the AC Discovery
phase if it uses a pre-configured AC. This section details the
mechanism used by a WTP to dynamically discover candidate ACs.
A WTP and an AC will frequently not reside in the same IP subnet
(broadcast domain). When this occurs, the WTP must be capable of
discovering the AC, without requiring that multicast services are
enabled in the network.
When the WTP attempts to establish communication with an AC, it sends
the Discovery Request message and receives the Discovery Response
message from the AC(s). The WTP MUST send the Discovery Request
message to either the limited broadcast IP address (255.255.255.255),
the well-known CAPWAP multicast address (224.0.1.140), or to the
unicast IP address of the AC. For IPv6 networks, since broadcast
does not exist, the use of "All ACs multicast address" (FF0X:0:0:0:0:
0:0:18C) is used instead. Upon receipt of the Discovery Request
message, the AC sends a Discovery Response message to the unicast IP
address of the WTP, regardless of whether the Discovery Request
message was sent as a broadcast, multicast, or unicast message.
WTP use of a limited IP broadcast, multicast, or unicast IP address
is implementation dependent. ACs, on the other hand, MUST support
broadcast, multicast, and unicast discovery.
When a WTP transmits a Discovery Request message to a unicast
address, the WTP must first obtain the IP address of the AC. Any
static configuration of an AC's IP address on the WTP non-volatile
storage is implementation dependent. However, additional dynamic
schemes are possible, for example:
Calhoun, et al. Standards Track [Page 41]
RFC 5415 CAPWAP Protocol Specification March 2009
DHCP: See [RFC5417] for more information on the use of DHCP to
discover AC IP addresses.
DNS: The WTP MAY support use of DNS Service Records (SRVs) [RFC2782]
to discover the AC address(es). In this case, the WTP first
obtains (e.g., from local configuration) the correct domain name
suffix (e.g., "example.com") and performs an SRV lookup with
Service name "capwap-control" and Proto "udp". Thus, the name
resolved in DNS would be, e.g., "_capwap-
control._udp.example.com". Note that the SRV record MAY specify a
non-default port number for the control channel; the port number
for the data channel is the next port number (control channel port
+ 1).
An AC MAY also communicate alternative ACs to the WTP within the
Discovery Response message through the AC IPv4 List (see
Section 4.6.2) and AC IPv6 List (see Section 4.6.2). The addresses
provided in these two message elements are intended to help the WTP
discover additional ACs through means other than those listed above.
The AC Name with Priority message element (see Section 4.6.5) is used
to communicate a list of preferred ACs to the WTP. The WTP SHOULD
attempt to utilize the ACs listed in the order provided by the AC.
The Name-to-IP Address mapping is handled via the Discovery message
exchange, in which the ACs provide their identity in the AC Name (see
Section 4.6.4) message element in the Discovery Response message.
Once the WTP has received Discovery Response messages from the
candidate ACs, it MAY use other factors to determine the preferred
AC. For instance, each binding defines a WTP Radio Information
message element (see Section 2.1), which the AC includes in Discovery
Response messages. The presence of one or more of these message
elements is used to identify the CAPWAP bindings supported by the AC.
A WTP MAY connect to an AC based on the supported bindings
advertised.
3.4. Fragmentation/Reassembly
While fragmentation and reassembly services are provided by IP, the
CAPWAP protocol also provides such services. Environments where the
CAPWAP protocol is used involve firewall, NAT, and "middlebox"
devices, which tend to drop IP fragments to minimize possible DoS
attacks. By providing fragmentation and reassembly at the
application layer, any fragmentation required due to the tunneling
component of the CAPWAP protocol becomes transparent to these
intermediate devices. Consequently, the CAPWAP protocol can be used
in any network topology including firewall, NAT, and middlebox
devices.
Calhoun, et al. Standards Track [Page 42]
RFC 5415 CAPWAP Protocol Specification March 2009
It is important to note that the fragmentation mechanism employed by
CAPWAP has known limitations and deficiencies, which are similar to
those described in [RFC4963]. The limited size of the Fragment ID
field (see Section 4.3) can cause wrapping of the field, and hence
cause fragments from different datagrams to be incorrectly spliced
together (known as "mis-associated"). For example, a 100Mpbs link
with an MTU of 1500 (causing fragmentation at 1450 bytes) would cause
the Fragment ID field wrap in 8 seconds. Consequently, CAPWAP
implementers are warned to properly size their buffers for reassembly
purposes based on the expected wireless technology throughput.
CAPWAP implementations SHOULD perform MTU Discovery (see
Section 3.5), which can avoid the need for fragmentation. At the
time of writing of this specification, most enterprise switching and
routing infrastructure were capable of supporting "mini-jumbo" frames
(1800 bytes), which eliminates the need for fragmentation (assuming
the station's MTU is 1500 bytes). The need for fragmentation
typically continues to exist when the WTP communicates with the AC
over a Wide Area Network (WAN). Therefore, future versions of the
CAPWAP protocol SHOULD consider either increasing the size of the
Fragment ID field or providing alternative extensions.
3.5. MTU Discovery
Once a WTP has discovered the AC with which it wishes to establish a
CAPWAP session, it SHOULD perform a Path MTU (PMTU) discovery. One
recommendation for performing PMTU discovery is to have the WTP
transmit Discovery Request (see Section 5.1) messages, and include
the MTU Discovery Padding message element (see Section 4.6.32). The
actual procedures used for PMTU discovery are described in [RFC1191]
for IPv4; for IPv6, [RFC1981] SHOULD be used. Alternatively,
implementers MAY use the procedures defined in [RFC4821]. The WTP
SHOULD also periodically re-evaluate the PMTU using the guidelines
provided in these two RFCs, using the Primary Discovery Request (see
Section 5.3) along with the MTU Discovery Padding message element
(see Section 4.6.32). When the MTU is initially known, or updated in
the case where an existing session already exists, the discovered
PMTU is used to configure the DTLS component (see Section 2.3.2.1),
while non-DTLS frames need to be fragmented to fit the MTU, defined
in Section 3.4.
4. CAPWAP Packet Formats
This section contains the CAPWAP protocol packet formats. A CAPWAP
protocol packet consists of one or more CAPWAP Transport Layer packet
headers followed by a CAPWAP message. The CAPWAP message can be
either of type Control or Data, where Control packets carry
Calhoun, et al. Standards Track [Page 43]
RFC 5415 CAPWAP Protocol Specification March 2009
signaling, and Data packets carry user payloads. The CAPWAP frame
formats for CAPWAP Data packets, and for DTLS encapsulated CAPWAP
Data and Control packets are defined below.
The CAPWAP Control protocol includes two messages that are never
protected by DTLS: the Discovery Request message and the Discovery
Response message. These messages need to be in the clear to allow
the CAPWAP protocol to properly identify and process them. The
format of these packets are as follows:
CAPWAP Control Packet (Discovery Request/Response):
+-------------------------------------------+
| IP | UDP | CAPWAP | Control | Message |
| Hdr | Hdr | Header | Header | Element(s) |
+-------------------------------------------+
All other CAPWAP Control protocol messages MUST be protected via the
DTLS protocol, which ensures that the packets are both authenticated
and encrypted. These packets include the CAPWAP DTLS Header, which
is described in Section 4.2. The format of these packets is as
follows:
CAPWAP Control Packet (DTLS Security Required):
+------------------------------------------------------------------+
| IP | UDP | CAPWAP | DTLS | CAPWAP | Control| Message | DTLS |
| Hdr | Hdr | DTLS Hdr | Hdr | Header | Header | Element(s)| Trlr |
+------------------------------------------------------------------+
\---------- authenticated -----------/
\------------- encrypted ------------/
The CAPWAP protocol allows optional protection of data packets, using
DTLS. Use of data packet protection is determined by AC policy.
When DTLS is utilized, the optional CAPWAP DTLS Header is present,
which is described in Section 4.2. The format of CAPWAP Data packets
is shown below:
Calhoun, et al. Standards Track [Page 44]
RFC 5415 CAPWAP Protocol Specification March 2009
CAPWAP Plain Text Data Packet :
+-------------------------------+
| IP | UDP | CAPWAP | Wireless |
| Hdr | Hdr | Header | Payload |
+-------------------------------+
DTLS Secured CAPWAP Data Packet:
+--------------------------------------------------------+
| IP | UDP | CAPWAP | DTLS | CAPWAP | Wireless | DTLS |
| Hdr | Hdr | DTLS Hdr | Hdr | Hdr | Payload | Trlr |
+--------------------------------------------------------+
\------ authenticated -----/
\------- encrypted --------/
UDP Header: All CAPWAP packets are encapsulated within either UDP,
or UDP-Lite when used over IPv6. Section 3 defines the specific
UDP or UDP-Lite usage.
CAPWAP DTLS Header: All DTLS encrypted CAPWAP protocol packets are
prefixed with the CAPWAP DTLS Header (see Section 4.2).
DTLS Header: The DTLS Header provides authentication and encryption
services to the CAPWAP payload it encapsulates. This protocol is
defined in [RFC4347].
CAPWAP Header: All CAPWAP protocol packets use a common header that
immediately follows the CAPWAP preamble or DTLS Header. The
CAPWAP Header is defined in Section 4.3.
Wireless Payload: A CAPWAP protocol packet that contains a wireless
payload is a CAPWAP Data packet. The CAPWAP protocol does not
specify the format of the wireless payload, which is defined by
the appropriate wireless standard. Additional information is in
Section 4.4.
Control Header: The CAPWAP protocol includes a signaling component,
known as the CAPWAP Control protocol. All CAPWAP Control packets
include a Control Header, which is defined in Section 4.5.1.
CAPWAP Data packets do not contain a Control Header field.
Message Elements: A CAPWAP Control packet includes one or more
message elements, which are found immediately following the
Control Header. These message elements are in a Type/Length/Value
style header, defined in Section 4.6.
A CAPWAP implementation MUST be capable of receiving a reassembled
CAPWAP message of length 4096 bytes. A CAPWAP implementation MAY
indicate that it supports a higher maximum message length, by
Calhoun, et al. Standards Track [Page 45]
RFC 5415 CAPWAP Protocol Specification March 2009
including the Maximum Message Length message element, see
Section 4.6.31, in the Join Request message or the Join Response
message.
4.1. CAPWAP Preamble
The CAPWAP preamble is common to all CAPWAP transport headers and is
used to identify the header type that immediately follows. The
reason for this preamble is to avoid needing to perform byte
comparisons in order to guess whether or not the frame is DTLS
encrypted. It also provides an extensibility framework that can be
used to support additional transport types. The format of the
preamble is as follows:
0
0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+
|Version| Type |
+-+-+-+-+-+-+-+-+
Version: A 4-bit field that contains the version of CAPWAP used in
this packet. The value for this specification is zero (0).
Type: A 4-bit field that specifies the payload type that follows the
UDP header. The following values are supported:
0 - CAPWAP Header. The CAPWAP Header (see Section 4.3)
immediately follows the UDP header. If the packet is
received on the CAPWAP Data channel, the CAPWAP stack MUST
treat the packet as a clear text CAPWAP Data packet. If
received on the CAPWAP Control channel, the CAPWAP stack
MUST treat the packet as a clear text CAPWAP Control packet.
If the control packet is not a Discovery Request or
Discovery Response packet, the packet MUST be dropped.
1 - CAPWAP DTLS Header. The CAPWAP DTLS Header (and DTLS
packet) immediately follows the UDP header (see
Section 4.2).
4.2. CAPWAP DTLS Header
The CAPWAP DTLS Header is used to identify the packet as a DTLS
encrypted packet. The first eight bits include the common CAPWAP
Preamble. The remaining 24 bits are padding to ensure 4-byte
alignment, and MAY be used in a future version of the protocol. The
DTLS packet [RFC4347] always immediately follows this header. The
format of the CAPWAP DTLS Header is as follows:
Calhoun, et al. Standards Track [Page 46]
RFC 5415 CAPWAP Protocol Specification March 2009
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|CAPWAP Preamble| Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
CAPWAP Preamble: The CAPWAP Preamble is defined in Section 4.1. The
CAPWAP Preamble's Payload Type field MUST be set to one (1).
Reserved: The 24-bit field is reserved for future use. All
implementations complying with this protocol MUST set to zero any
bits that are reserved in the version of the protocol supported by
that implementation. Receivers MUST ignore all bits not defined
for the version of the protocol they support.
4.3. CAPWAP Header
All CAPWAP protocol messages are encapsulated using a common header
format, regardless of the CAPWAP Control or CAPWAP Data transport
used to carry the messages. However, certain flags are not
applicable for a given transport. Refer to the specific transport
section in order to determine which flags are valid.
Note that the optional fields defined in this section MUST be present
in the precise order shown below.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|CAPWAP Preamble| HLEN | RID | WBID |T|F|L|W|M|K|Flags|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Fragment ID | Frag Offset |Rsvd |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| (optional) Radio MAC Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| (optional) Wireless Specific Information |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Payload .... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
CAPWAP Preamble: The CAPWAP Preamble is defined in Section 4.1. The
CAPWAP Preamble's Payload Type field MUST be set to zero (0). If
the CAPWAP DTLS Header is present, the version number in both
CAPWAP Preambles MUST match. The reason for this duplicate field
is to avoid any possible tampering of the version field in the
preamble that is not encrypted or authenticated.
Calhoun, et al. Standards Track [Page 47]
RFC 5415 CAPWAP Protocol Specification March 2009
HLEN: A 5-bit field containing the length of the CAPWAP transport
header in 4-byte words (similar to IP header length). This length
includes the optional headers.
RID: A 5-bit field that contains the Radio ID number for this
packet, whose value is between one (1) and 31. Given that MAC
Addresses are not necessarily unique across physical radios in a
WTP, the Radio Identifier (RID) field is used to indicate with
which physical radio the message is associated.
WBID: A 5-bit field that is the wireless binding identifier. The
identifier will indicate the type of wireless packet associated
with the radio. The following values are defined:
0 - Reserved
1 - IEEE 802.11
2 - Reserved
3 - EPCGlobal [EPCGlobal]
T: The Type 'T' bit indicates the format of the frame being
transported in the payload. When this bit is set to one (1), the
payload has the native frame format indicated by the WBID field.
When this bit is zero (0), the payload is an IEEE 802.3 frame.
F: The Fragment 'F' bit indicates whether this packet is a fragment.
When this bit is one (1), the packet is a fragment and MUST be
combined with the other corresponding fragments to reassemble the
complete information exchanged between the WTP and AC.
L: The Last 'L' bit is valid only if the 'F' bit is set and indicates
whether the packet contains the last fragment of a fragmented
exchange between WTP and AC. When this bit is one (1), the packet
is the last fragment. When this bit is (zero) 0, the packet is
not the last fragment.
W: The Wireless 'W' bit is used to specify whether the optional
Wireless Specific Information field is present in the header. A
value of one (1) is used to represent the fact that the optional
header is present.
M: The Radio MAC 'M' bit is used to indicate that the Radio MAC
Address optional header is present. This is used to communicate
the MAC address of the receiving radio.
Calhoun, et al. Standards Track [Page 48]
RFC 5415 CAPWAP Protocol Specification March 2009
K: The Keep-Alive 'K' bit indicates the packet is a Data Channel
Keep-Alive packet. This packet is used to map the data channel to
the control channel for the specified Session ID and to maintain
freshness of the data channel. The 'K' bit MUST NOT be set for
data packets containing user data.
Flags: A set of reserved bits for future flags in the CAPWAP Header.
All implementations complying with this protocol MUST set to zero
any bits that are reserved in the version of the protocol
supported by that implementation. Receivers MUST ignore all bits
not defined for the version of the protocol they support.
Fragment ID: A 16-bit field whose value is assigned to each group of
fragments making up a complete set. The Fragment ID space is
managed individually for each direction for every WTP/AC pair.
The value of Fragment ID is incremented with each new set of
fragments. The Fragment ID wraps to zero after the maximum value
has been used to identify a set of fragments.
Fragment Offset: A 13-bit field that indicates where in the payload
this fragment belongs during re-assembly. This field is valid
when the 'F' bit is set to 1. The fragment offset is measured in
units of 8 octets (64 bits). The first fragment has offset zero.
Note that the CAPWAP protocol does not allow for overlapping
fragments.
Reserved: The 3-bit field is reserved for future use. All
implementations complying with this protocol MUST set to zero any
bits that are reserved in the version of the protocol supported by
that implementation. Receivers MUST ignore all bits not defined
for the version of the protocol they support.
Radio MAC Address: This optional field contains the MAC address of
the radio receiving the packet. Because the native wireless frame
format to IEEE 802.3 format causes the MAC address of the WTP's
radio to be lost, this field allows the address to be communicated
to the AC. This field is only present if the 'M' bit is set. The
HLEN field assumes 4-byte alignment, and this field MUST be padded
with zeroes (0x00) if it is not 4-byte aligned.
Calhoun, et al. Standards Track [Page 49]
RFC 5415 CAPWAP Protocol Specification March 2009
The field contains the basic format:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Length | MAC Address
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Length: The length of the MAC address field. The formats and
lengths specified in [EUI-48] and [EUI-64] are supported.
MAC Address: The MAC address of the receiving radio.
Wireless Specific Information: This optional field contains
technology-specific information that may be used to carry per-
packet wireless information. This field is only present if the
'W' bit is set. The WBID field in the CAPWAP Header is used to
identify the format of the Wireless-Specific Information optional
field. The HLEN field assumes 4-byte alignment, and this field
MUST be padded with zeroes (0x00) if it is not 4-byte aligned.
The Wireless-Specific Information field uses the following format:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Length | Data...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Length: The 8-bit field contains the length of the data field,
with a maximum size of 255.
Data: Wireless-specific information, defined by the wireless-
specific binding specified in the CAPWAP Header's WBID field.
Payload: This field contains the header for a CAPWAP Data Message or
CAPWAP Control Message, followed by the data contained in the
message.
4.4. CAPWAP Data Messages
There are two different types of CAPWAP Data packets: CAPWAP Data
Channel Keep-Alive packets and Data Payload packets. The first is
used by the WTP to synchronize the control and data channels and to
maintain freshness of the data channel. The second is used to
transmit user payloads between the AC and WTP. This section
describes both types of CAPWAP Data packet formats.
Calhoun, et al. Standards Track [Page 50]
RFC 5415 CAPWAP Protocol Specification March 2009
Both CAPWAP Data messages are transmitted on the CAPWAP Data channel.
4.4.1. CAPWAP Data Channel Keep-Alive
The CAPWAP Data Channel Keep-Alive packet is used to bind the CAPWAP
control channel with the data channel, and to maintain freshness of
the data channel, ensuring that the channel is still functioning.
The CAPWAP Data Channel Keep-Alive packet is transmitted by the WTP
when the DataChannelKeepAlive timer expires (see Section 4.7.2).
When the CAPWAP Data Channel Keep-Alive packet is transmitted, the
WTP sets the DataChannelDeadInterval timer.
In the CAPWAP Data Channel Keep-Alive packet, all of the fields in
the CAPWAP Header, except the HLEN field and the 'K' bit, are set to
zero upon transmission. Upon receiving a CAPWAP Data Channel Keep-
Alive packet, the AC transmits a CAPWAP Data Channel Keep-Alive
packet back to the WTP. The contents of the transmitted packet are
identical to the contents of the received packet.
Upon receiving a CAPWAP Data Channel Keep-Alive packet, the WTP
cancels the DataChannelDeadInterval timer and resets the
DataChannelKeepAlive timer. The CAPWAP Data Channel Keep-Alive
packet is retransmitted by the WTP in the same manner as the CAPWAP
Control messages. If the DataChannelDeadInterval timer expires, the
WTP tears down the control DTLS session, and the data DTLS session if
one existed.
The CAPWAP Data Channel Keep-Alive packet contains the following
payload immediately following the CAPWAP Header (see Section 4.3).
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Message Element Length | Message Element [0..N] ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Message Element Length: The 16-bit Length field indicates the
number of bytes following the CAPWAP Header, with a maximum size
of 65535.
Message Element[0..N]: The message element(s) carry the information
pertinent to each of the CAPWAP Data Channel Keep-Alive message.
The following message elements MUST be present in this CAPWAP
message:
Session ID, see Section 4.6.37.
Calhoun, et al. Standards Track [Page 51]
RFC 5415 CAPWAP Protocol Specification March 2009
4.4.2. Data Payload
A CAPWAP protocol Data Payload packet encapsulates a forwarded
wireless frame. The CAPWAP protocol defines two different modes of
encapsulation: IEEE 802.3 and native wireless. IEEE 802.3
encapsulation requires that for 802.11 frames, the 802.11
*Integration* function be performed in the WTP. An IEEE 802.3-
encapsulated user payload frame has the following format:
+------------------------------------------------------+
| IP Header | UDP Header | CAPWAP Header | 802.3 Frame |
+------------------------------------------------------+
The CAPWAP protocol also defines the native wireless encapsulation
mode. The format of the encapsulated CAPWAP Data frame is subject to
the rules defined by the specific wireless technology binding. Each
wireless technology binding MUST contain a section entitled "Payload
Encapsulation", which defines the format of the wireless payload that
is encapsulated within CAPWAP Data packets.
For 802.3 payload frames, the 802.3 frame is encapsulated (excluding
the IEEE 802.3 Preamble, Start Frame Delimiter (SFD), and Frame Check
Sequence (FCS) fields). If the encapsulated frame would exceed the
transport layer's MTU, the sender is responsible for the
fragmentation of the frame, as specified in Section 3.4. The CAPWAP
protocol can support IEEE 802.3 frames whose length is defined in the
IEEE 802.3as specification [FRAME-EXT].
4.4.3. Establishment of a DTLS Data Channel
If the AC and WTP are configured to tunnel the data channel over
DTLS, the proper DTLS session must be initiated. To avoid having to
reauthenticate and reauthorize an AC and WTP, the DTLS data channel
SHOULD be initiated using the TLS session resumption feature
[RFC5246].
The AC DTLS implementation MUST NOT initiate a data channel session
for a DTLS session for which there is no active control channel
session.
4.5. CAPWAP Control Messages
The CAPWAP Control protocol provides a control channel between the
WTP and the AC. Control messages are divided into the following
message types:
Discovery: CAPWAP Discovery messages are used to identify potential
ACs, their load and capabilities.
Calhoun, et al. Standards Track [Page 52]
RFC 5415 CAPWAP Protocol Specification March 2009
Join: CAPWAP Join messages are used by a WTP to request service from
an AC, and for the AC to respond to the WTP.
Control Channel Management: CAPWAP Control channel management
messages are used to maintain the control channel.
WTP Configuration Management: The WTP Configuration messages are
used by the AC to deliver a specific configuration to the WTP.
Messages that retrieve statistics from a WTP are also included in
WTP Configuration Management.
Station Session Management: Station Session Management messages are
used by the AC to deliver specific station policies to the WTP.
Device Management Operations: Device management operations are used
to request and deliver a firmware image to the WTP.
Binding-Specific CAPWAP Management Messages: Messages in this
category are used by the AC and the WTP to exchange protocol-
specific CAPWAP management messages. These messages may or may
not be used to change the link state of a station.
Discovery, Join, Control Channel Management, WTP Configuration
Management, and Station Session Management CAPWAP Control messages
MUST be implemented. Device Management Operations messages MAY be
implemented.
CAPWAP Control messages sent from the WTP to the AC indicate that the
WTP is operational, providing an implicit keep-alive mechanism for
the WTP. The Control Channel Management Echo Request and Echo
Response messages provide an explicit keep-alive mechanism when other
CAPWAP Control messages are not exchanged.
4.5.1. Control Message Format
All CAPWAP Control messages are sent encapsulated within the CAPWAP
Header (see Section 4.3). Immediately following the CAPWAP Header is
the control header, which has the following format:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Message Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Seq Num | Msg Element Length | Flags |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Msg Element [0..N] ...
+-+-+-+-+-+-+-+-+-+-+-+-+
Calhoun, et al. Standards Track [Page 53]
RFC 5415 CAPWAP Protocol Specification March 2009
4.5.1.1. Message Type
The Message Type field identifies the function of the CAPWAP Control
message. To provide extensibility, the Message Type field is
comprised of an IANA Enterprise Number [RFC3232] and an enterprise-
specific message type number. The first three octets contain the
IANA Enterprise Number in network byte order, with zero used for
CAPWAP base protocol (this specification) defined message types. The
last octet is the enterprise-specific message type number, which has
a range from 0 to 255.
The Message Type field is defined as:
Message Type =
IANA Enterprise Number * 256 +
Enterprise Specific Message Type Number
The CAPWAP protocol reliability mechanism requires that messages be
defined in pairs, consisting of both a Request and a Response
message. The Response message MUST acknowledge the Request message.
The assignment of CAPWAP Control Message Type Values always occurs in
pairs. All Request messages have odd numbered Message Type Values,
and all Response messages have even numbered Message Type Values.
The Request value MUST be assigned first. As an example, assigning a
Message Type Value of 3 for a Request message and 4 for a Response
message is valid, while assigning a Message Type Value of 4 for a
Response message and 5 for the corresponding Request message is
invalid.
When a WTP or AC receives a message with a Message Type Value field
that is not recognized and is an odd number, the number in the
Message Type Value Field is incremented by one, and a Response
message with a Message Type Value field containing the incremented
value and containing the Result Code message element with the value
(Unrecognized Request) is returned to the sender of the received
message. If the unknown message type is even, the message is
ignored.
Calhoun, et al. Standards Track [Page 54]
RFC 5415 CAPWAP Protocol Specification March 2009
The valid values for CAPWAP Control Message Types are specified in
the table below:
CAPWAP Control Message Message Type
Value
Discovery Request 1
Discovery Response 2
Join Request 3
Join Response 4
Configuration Status Request 5
Configuration Status Response 6
Configuration Update Request 7
Configuration Update Response 8
WTP Event Request 9
WTP Event Response 10
Change State Event Request 11
Change State Event Response 12
Echo Request 13
Echo Response 14
Image Data Request 15
Image Data Response 16
Reset Request 17
Reset Response 18
Primary Discovery Request 19
Primary Discovery Response 20
Data Transfer Request 21
Data Transfer Response 22
Clear Configuration Request 23
Clear Configuration Response 24
Station Configuration Request 25
Station Configuration Response 26
4.5.1.2. Sequence Number
The Sequence Number field is an identifier value used to match
Request and Response packets. When a CAPWAP packet with a Request
Message Type Value is received, the value of the Sequence Number
field is copied into the corresponding Response message.
When a CAPWAP Control message is sent, the sender's internal sequence
number counter is monotonically incremented, ensuring that no two
pending Request messages have the same sequence number. The Sequence
Number field wraps back to zero.
4.5.1.3. Message Element Length
The Length field indicates the number of bytes following the Sequence
Number field.
Calhoun, et al. Standards Track [Page 55]
RFC 5415 CAPWAP Protocol Specification March 2009
4.5.1.4. Flags
The Flags field MUST be set to zero.
4.5.1.5. Message Element [0..N]
The message element(s) carry the information pertinent to each of the
control message types. Every control message in this specification
specifies which message elements are permitted.
When a WTP or AC receives a CAPWAP message without a message element
that is specified as mandatory for the CAPWAP message, then the
CAPWAP message is discarded. If the received message was a Request
message for which the corresponding Response message carries message
elements, then a corresponding Response message with a Result Code
message element indicating "Failure - Missing Mandatory Message
Element" is returned to the sender.
When a WTP or AC receives a CAPWAP message with a message element
that the WTP or AC does not recognize, the CAPWAP message is
discarded. If the received message was a Request message for which
the corresponding Response message carries message elements, then a
corresponding Response message with a Result Code message element
indicating "Failure - Unrecognized Message Element" and one or more
Returned Message Element message elements is included, containing the
unrecognized message element(s).
4.5.2. Quality of Service
The CAPWAP base protocol does not provide any Quality of Service
(QoS) recommendations for use with the CAPWAP Data messages. Any
wireless-specific CAPWAP binding specification that has QoS
requirements MUST define the application of QoS to the CAPWAP Data
messages.
The IP header also includes the Explicit Congestion Notification
(ECN) bits [RFC3168]. Section 9.1.1 of [RFC3168] describes two
levels of ECN functionality: full functionality and limited
functionality. CAPWAP ACs and WTPs SHALL implement the limited
functionality and are RECOMMENDED to implement the full functionality
described in [RFC3168].
Calhoun, et al. Standards Track [Page 56]
RFC 5415 CAPWAP Protocol Specification March 2009
4.5.2.1. Applying QoS to CAPWAP Control Message
It is recommended that CAPWAP Control messages be sent by both the AC
and the WTP with an appropriate Quality-of-Service precedence value,
ensuring that congestion in the network minimizes occurrences of
CAPWAP Control channel disconnects. Therefore, a QoS-enabled CAPWAP
device SHOULD use the following values:
802.1Q: The priority tag of 7 SHOULD be used.
DSCP: The CS6 per-hop behavior Service Class SHOULD be used, which
is described in [RFC2474]).
4.5.3. Retransmissions
The CAPWAP Control protocol operates as a reliable transport. For
each Request message, a Response message is defined, which is used to
acknowledge receipt of the Request message. In addition, the control
header Sequence Number field is used to pair the Request and Response
messages (see Section 4.5.1).
Response messages are not explicitly acknowledged; therefore, if a
Response message is not received, the original Request message is
retransmitted.
Implementations MUST keep track of the sequence number of the last
received Request message, and MUST cache the corresponding Response
message. If a retransmission with the same sequence number is
received, the cached Response message MUST be retransmitted without
re-processing the Request. If an older Request message is received,
meaning one where the sequence number is smaller, it MUST be ignored.
A newer Request message, meaning one whose sequence number is larger,
is processed as usual.
Note: A sequence number is considered "smaller" when s1 is smaller
than s2 modulo 256 if and only if (s1<s2 and (s2-s1)<128) or
(s1>s2 and (s1-s2)>128).
Both the WTP and the AC can only have a single request outstanding at
any given time. Retransmitted Request messages MUST NOT be altered
by the sender.
After transmitting a Request message, the RetransmitInterval (see
Section 4.7) timer and MaxRetransmit (see Section 4.8) variable are
used to determine if the original Request message needs to be
retransmitted. The RetransmitInterval timer is used the first time
the Request is retransmitted. The timer is then doubled every
Calhoun, et al. Standards Track [Page 57]
RFC 5415 CAPWAP Protocol Specification March 2009
subsequent time the same Request message is retransmitted, up to
MaxRetransmit but no more than half the EchoInterval timer (see
Section 4.7.7). Response messages are not subject to these timers.
If the sender stops retransmitting a Request message before reaching
MaxRetransmit retransmissions (which leads to transition to DTLS
Teardown, as described in Section 2.3.1), it cannot know whether the
recipient received and processed the Request or not. In most
situations, the sender SHOULD NOT do this, and instead continue
retransmitting until a Response message is received, or transition to
DTLS Teardown occurs. However, if the sender does decide to continue
the connection with a new or modified Request message, the new
message MUST have a new sequence number, and be treated as a new
Request message by the receiver. Note that there is a high chance
that both the WTP and the AC's sequence numbers will become out of
sync.
When a Request message is retransmitted, it MUST be re-encrypted via
the DTLS stack. If the peer had received the Request message, and
the corresponding Response message was lost, it is necessary to
ensure that retransmitted Request messages are not identified as
replays by the DTLS stack. Similarly, any cached Response messages
that are retransmitted as a result of receiving a retransmitted
Request message MUST be re-encrypted via DTLS.
Duplicate Response messages, identified by the Sequence Number field
in the CAPWAP Control message header, SHOULD be discarded upon
receipt.
4.6. CAPWAP Protocol Message Elements
This section defines the CAPWAP Protocol message elements that are
included in CAPWAP protocol control messages.
Message elements are used to carry information needed in control
messages. Every message element is identified by the Type Value
field, defined below. The total length of the message elements is
indicated in the message element's length field.
All of the message element definitions in this document use a diagram
similar to the one below in order to depict its format. Note that to
simplify this specification, these diagrams do not include the header
fields (Type and Length). The header field values are defined in the
message element descriptions.
Calhoun, et al. Standards Track [Page 58]
RFC 5415 CAPWAP Protocol Specification March 2009
Unless otherwise specified, a control message that lists a set of
supported (or expected) message elements MUST NOT expect the message
elements to be in any specific order. The sender MAY include the
message elements in any order. Unless otherwise noted, one message
element of each type is present in a given control message.
Unless otherwise specified, any configuration information sent by the
AC to the WTP MAY be saved to non-volatile storage (see Section 8.1)
for more information).
Additional message elements may be defined in separate IETF
documents.
The format of a message element uses the TLV format shown here:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Value ... |
+-+-+-+-+-+-+-+-+
The 16-bit Type field identifies the information carried in the Value
field and Length (16 bits) indicates the number of bytes in the Value
field. The value of zero (0) is reserved and MUST NOT be used. The
rest of the Type field values are allocated as follows:
Usage Type Values
CAPWAP Protocol Message Elements 1 - 1023
IEEE 802.11 Message Elements 1024 - 2047
Reserved for Future Use 2048 - 3071
EPCGlobal Message Elements 3072 - 4095
Reserved for Future Use 4096 - 65535
The table below lists the CAPWAP protocol Message Elements and their
Type values.
Calhoun, et al. Standards Track [Page 59]
RFC 5415 CAPWAP Protocol Specification March 2009
CAPWAP Message Element Type Value
AC Descriptor 1
AC IPv4 List 2
AC IPv6 List 3
AC Name 4
AC Name with Priority 5
AC Timestamp 6
Add MAC ACL Entry 7
Add Station 8
Reserved 9
CAPWAP Control IPV4 Address 10
CAPWAP Control IPV6 Address 11
CAPWAP Local IPV4 Address 30
CAPWAP Local IPV6 Address 50
CAPWAP Timers 12
CAPWAP Transport Protocol 51
Data Transfer Data 13
Data Transfer Mode 14
Decryption Error Report 15
Decryption Error Report Period 16
Delete MAC ACL Entry 17
Delete Station 18
Reserved 19
Discovery Type 20
Duplicate IPv4 Address 21
Duplicate IPv6 Address 22
ECN Support 53
Idle Timeout 23
Image Data 24
Image Identifier 25
Image Information 26
Initiate Download 27
Location Data 28
Maximum Message Length 29
MTU Discovery Padding 52
Radio Administrative State 31
Radio Operational State 32
Result Code 33
Returned Message Element 34
Session ID 35
Statistics Timer 36
Vendor Specific Payload 37
WTP Board Data 38
WTP Descriptor 39
WTP Fallback 40
WTP Frame Tunnel Mode 41
Reserved 42
Calhoun, et al. Standards Track [Page 60]
RFC 5415 CAPWAP Protocol Specification March 2009
Reserved 43
WTP MAC Type 44
WTP Name 45
Unused/Reserved 46
WTP Radio Statistics 47
WTP Reboot Statistics 48
WTP Static IP Address Information 49
4.6.1. AC Descriptor
The AC Descriptor message element is used by the AC to communicate
its current state. The value contains the following fields.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Stations | Limit |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Active WTPs | Max WTPs |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Security | R-MAC Field | Reserved1 | DTLS Policy |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| AC Information Sub-Element...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 1 for AC Descriptor
Length: >= 12
Stations: The number of stations currently served by the AC
Limit: The maximum number of stations supported by the AC
Active WTPs: The number of WTPs currently attached to the AC
Max WTPs: The maximum number of WTPs supported by the AC
Security: An 8-bit mask specifying the authentication credential
type supported by the AC (see Section 2.4.4). The field has the
following format:
0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+
|Reserved |S|X|R|
+-+-+-+-+-+-+-+-+
Calhoun, et al. Standards Track [Page 61]
RFC 5415 CAPWAP Protocol Specification March 2009
Reserved: A set of reserved bits for future use. All
implementations complying with this protocol MUST set to zero
any bits that are reserved in the version of the protocol
supported by that implementation. Receivers MUST ignore all
bits not defined for the version of the protocol they support.
S: The AC supports the pre-shared secret authentication, as
described in Section 12.6.
X: The AC supports X.509 Certificate authentication, as
described in Section 12.7.
R: A reserved bit for future use. All implementations
complying with this protocol MUST set to zero any bits that
are reserved in the version of the protocol supported by
that implementation. Receivers MUST ignore all bits not
defined for the version of the protocol they support.
R-MAC Field: The AC supports the optional Radio MAC Address field
in the CAPWAP transport header (see Section 4.3). The following
enumerated values are supported:
0 - Reserved
1 - Supported
2 - Not Supported
Reserved: A set of reserved bits for future use. All
implementations complying with this protocol MUST set to zero any
bits that are reserved in the version of the protocol supported by
that implementation. Receivers MUST ignore all bits not defined
for the version of the protocol they support.
DTLS Policy: The AC communicates its policy on the use of DTLS for
the CAPWAP data channel. The AC MAY communicate more than one
supported option, represented by the bit field below. The WTP
MUST abide by one of the options communicated by AC. The field
has the following format:
0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+
|Reserved |D|C|R|
+-+-+-+-+-+-+-+-+
Calhoun, et al. Standards Track [Page 62]
RFC 5415 CAPWAP Protocol Specification March 2009
Reserved: A set of reserved bits for future use. All
implementations complying with this protocol MUST set to zero
any bits that are reserved in the version of the protocol
supported by that implementation. Receivers MUST ignore all
bits not defined for the version of the protocol they support.
D: DTLS-Enabled Data Channel Supported
C: Clear Text Data Channel Supported
R: A reserved bit for future use. All implementations
complying with this protocol MUST set to zero any bits that
are reserved in the version of the protocol supported by
that implementation. Receivers MUST ignore all bits not
defined for the version of the protocol they support.
AC Information Sub-Element: The AC Descriptor message element
contains multiple AC Information sub-elements, and defines two
sub-types, each of which MUST be present. The AC Information sub-
element has the following format:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| AC Information Vendor Identifier |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| AC Information Type | AC Information Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| AC Information Data...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
AC Information Vendor Identifier: A 32-bit value containing the
IANA-assigned "Structure of Management Information (SMI)
Network Management Private Enterprise Codes".
AC Information Type: Vendor-specific encoding of AC information
in the UTF-8 format [RFC3629]. The following enumerated values
are supported. Both the Hardware and Software Version sub-
elements MUST be included in the AC Descriptor message element.
The values listed below are used in conjunction with the AC
Information Vendor Identifier field, whose value MUST be set to
zero (0). This field, combined with the AC Information Vendor
Identifier set to a non-zero (0) value, allows vendors to use a
private namespace.
Calhoun, et al. Standards Track [Page 63]
RFC 5415 CAPWAP Protocol Specification March 2009
4 - Hardware Version: The AC's hardware version number.
5 - Software Version: The AC's Software (firmware) version
number.
AC Information Length: Length of vendor-specific encoding of AC
information, with a maximum size of 1024.
AC Information Data: Vendor-specific encoding of AC information.
4.6.2. AC IPv4 List
The AC IPv4 List message element is used to configure a WTP with the
latest list of ACs available for the WTP to join.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| AC IP Address[] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 2 for AC IPv4 List
Length: >= 4
AC IP Address: An array of 32-bit integers containing AC IPv4
Addresses, containing no more than 1024 addresses.
4.6.3. AC IPv6 List
The AC IPv6 List message element is used to configure a WTP with the
latest list of ACs available for the WTP to join.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| AC IP Address[] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| AC IP Address[] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| AC IP Address[] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| AC IP Address[] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Calhoun, et al. Standards Track [Page 64]
RFC 5415 CAPWAP Protocol Specification March 2009
Type: 3 for AC IPV6 List
Length: >= 16
AC IP Address: An array of 128-bit integers containing AC IPv6
Addresses, containing no more than 1024 addresses.
4.6.4. AC Name
The AC Name message element contains an UTF-8 [RFC3629]
representation of the AC identity. The value is a variable-length
byte string. The string is NOT zero terminated.
0
0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+
| Name ...
+-+-+-+-+-+-+-+-+
Type: 4 for AC Name
Length: >= 1
Name: A variable-length UTF-8 encoded string [RFC3629] containing
the AC's name, whose maximum size MUST NOT exceed 512 bytes.
4.6.5. AC Name with Priority
The AC Name with Priority message element is sent by the AC to the
WTP to configure preferred ACs. The number of instances of this
message element is equal to the number of ACs configured on the WTP.
The WTP also uses this message element to send its configuration to
the AC.
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Priority | AC Name...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 5 for AC Name with Priority
Length: >= 2
Priority: A value between 1 and 255 specifying the priority order
of the preferred AC. For instance, the value of one (1) is used
to set the primary AC, the value of two (2) is used to set the
secondary, etc.
Calhoun, et al. Standards Track [Page 65]
RFC 5415 CAPWAP Protocol Specification March 2009
AC Name: A variable-length UTF-8 encoded string [RFC3629]
containing the AC name, whose maximum size MUST NOT exceed 512
bytes.
4.6.6. AC Timestamp
The AC Timestamp message element is sent by the AC to synchronize the
WTP clock.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Timestamp |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 6 for AC Timestamp
Length: 4
Timestamp: The AC's current time, allowing all of the WTPs to be
time synchronized in the format defined by Network Time Protocol
(NTP) in RFC 1305 [RFC1305]. Only the most significant 32 bits of
the NTP time are included in this field.
4.6.7. Add MAC ACL Entry
The Add MAC Access Control List (ACL) Entry message element is used
by an AC to add a MAC ACL list entry on a WTP, ensuring that the WTP
no longer provides service to the MAC addresses provided in the
message. The MAC addresses provided in this message element are not
expected to be saved in non-volatile memory on the WTP. The MAC ACL
table on the WTP is cleared every time the WTP establishes a new
session with an AC.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Num of Entries| Length | MAC Address ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 7 for Add MAC ACL Entry
Length: >= 8
Num of Entries: The number of instances of the Length/MAC Address
fields in the array. This value MUST NOT exceed 255.
Calhoun, et al. Standards Track [Page 66]
RFC 5415 CAPWAP Protocol Specification March 2009
Length: The length of the MAC Address field. The formats and
lengths specified in [EUI-48] and [EUI-64] are supported.
MAC Address: MAC addresses to add to the ACL.
4.6.8. Add Station
The Add Station message element is used by the AC to inform a WTP
that it should forward traffic for a station. The Add Station
message element is accompanied by technology-specific binding
information element(s), which may include security parameters.
Consequently, the security parameters MUST be applied by the WTP for
the station.
After station policy has been delivered to the WTP through the Add
Station message element, an AC MAY change any policies by sending a
modified Add Station message element. When a WTP receives an Add
Station message element for an existing station, it MUST override any
existing state for the station.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | Length | MAC Address ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| VLAN Name...
+-+-+-+-+-+-+-+-+
Type: 8 for Add Station
Length: >= 8
Radio ID: An 8-bit value representing the radio, whose value is
between one (1) and 31.
Length: The length of the MAC Address field. The formats and
lengths specified in [EUI-48] and [EUI-64] are supported.
MAC Address: The station's MAC address.
VLAN Name: An optional variable-length UTF-8 encoded string
[RFC3629], with a maximum length of 512 octets, containing the
VLAN Name on which the WTP is to locally bridge user data. Note
this field is only valid with WTPs configured in Local MAC mode.
Calhoun, et al. Standards Track [Page 67]
RFC 5415 CAPWAP Protocol Specification March 2009
4.6.9. CAPWAP Control IPv4 Address
The CAPWAP Control IPv4 Address message element is sent by the AC to
the WTP during the Discovery process and is used by the AC to provide
the interfaces available on the AC, and the current number of WTPs
connected. When multiple CAPWAP Control IPV4 Address message
elements are returned, the WTP SHOULD perform load balancing across
the multiple interfaces (see Section 6.1).
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| WTP Count |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 10 for CAPWAP Control IPv4 Address
Length: 6
IP Address: The IP address of an interface.
WTP Count: The number of WTPs currently connected to the interface,
with a maximum value of 65535.
4.6.10. CAPWAP Control IPv6 Address
The CAPWAP Control IPv6 Address message element is sent by the AC to
the WTP during the Discovery process and is used by the AC to provide
the interfaces available on the AC, and the current number of WTPs
connected. This message element is useful for the WTP to perform
load balancing across multiple interfaces (see Section 6.1).
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| WTP Count |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Calhoun, et al. Standards Track [Page 68]
RFC 5415 CAPWAP Protocol Specification March 2009
Type: 11 for CAPWAP Control IPv6 Address
Length: 18
IP Address: The IP address of an interface.
WTP Count: The number of WTPs currently connected to the interface,
with a maximum value of 65535.
4.6.11. CAPWAP Local IPv4 Address
The CAPWAP Local IPv4 Address message element is sent by either the
WTP, in the Join Request, or by the AC, in the Join Response. The
CAPWAP Local IPv4 Address message element is used to communicate the
IP Address of the transmitter. The receiver uses this to determine
whether a middlebox exists between the two peers, by comparing the
source IP address of the packet against the value of the message
element.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 30 for CAPWAP Local IPv4 Address
Length: 4
IP Address: The IP address of the sender.
4.6.12. CAPWAP Local IPv6 Address
The CAPWAP Local IPv6 Address message element is sent by either the
WTP, in the Join Request, or by the AC, in the Join Response. The
CAPWAP Local IPv6 Address message element is used to communicate the
IP Address of the transmitter. The receiver uses this to determine
whether a middlebox exists between the two peers, by comparing the
source IP address of the packet against the value of the message
element.
Calhoun, et al. Standards Track [Page 69]
RFC 5415 CAPWAP Protocol Specification March 2009
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 50 for CAPWAP Local IPv6 Address
Length: 16
IP Address: The IP address of the sender.
4.6.13. CAPWAP Timers
The CAPWAP Timers message element is used by an AC to configure
CAPWAP timers on a WTP.
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Discovery | Echo Request |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 12 for CAPWAP Timers
Length: 2
Discovery: The number of seconds between CAPWAP Discovery messages,
when the WTP is in the Discovery phase. This value is used to
configure the MaxDiscoveryInterval timer (see Section 4.7.10).
Echo Request: The number of seconds between WTP Echo Request CAPWAP
messages. This value is used to configure the EchoInterval timer
(see Section 4.7.7). The AC sets its EchoInterval timer to this
value, plus the maximum retransmission time as described in
Section 4.5.3.
Calhoun, et al. Standards Track [Page 70]
RFC 5415 CAPWAP Protocol Specification March 2009
4.6.14. CAPWAP Transport Protocol
When CAPWAP is run over IPv6, the UDP-Lite or UDP transports MAY be
used (see Section 3). The CAPWAP IPv6 Transport Protocol message
element is used by either the WTP or the AC to signal which transport
protocol is to be used for the CAPWAP data channel.
Upon receiving the Join Request, the AC MAY set the CAPWAP Transport
Protocol to UDP-Lite in the Join Response message if the CAPWAP
message was received over IPv6, and the CAPWAP Local IPv6 Address
message element (see Section 4.6.12) is present and no middlebox was
detected (see Section 11).
Upon receiving the Join Response, the WTP MAY set the CAPWAP
Transport Protocol to UDP-Lite in the Configuration Status Request or
Image Data Request message if the AC advertised support for UDP-Lite,
the message was received over IPv6, the CAPWAP Local IPv6 Address
message element (see Section 4.6.12) and no middlebox was detected
(see Section 11). Upon receiving either the Configuration Status
Request or the Image Data Request, the AC MUST observe the preference
indicated by the WTP in the CAPWAP Transport Protocol, as long as it
is consistent with what the AC advertised in the Join Response.
For any other condition, the CAPWAP Transport Protocol MUST be set to
UDP.
0
0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+
| Transport |
+-+-+-+-+-+-+-+-+
Type: 51 for CAPWAP Transport Protocol
Length: 1
Transport: The transport to use for the CAPWAP Data channel. The
following enumerated values are supported:
1 - UDP-Lite: The UDP-Lite transport protocol is to be used for
the CAPWAP Data channel. Note that this option MUST NOT be
used if the CAPWAP Control channel is being used over IPv4.
2 - UDP: The UDP transport protocol is to be used for the CAPWAP
Data channel.
Calhoun, et al. Standards Track [Page 71]
RFC 5415 CAPWAP Protocol Specification March 2009
4.6.15. Data Transfer Data
The Data Transfer Data message element is used by the WTP to provide
information to the AC for debugging purposes.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data Type | Data Mode | Data Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data ....
+-+-+-+-+-+-+-+-+
Type: 13 for Data Transfer Data
Length: >= 5
Data Type: An 8-bit value representing the transfer Data Type. The
following enumerated values are supported:
1 - Transfer data is included.
2 - Last Transfer Data Block is included (End of File (EOF)).
5 - An error occurred. Transfer is aborted.
Data Mode: An 8-bit value describing the type of information being
transmitted. The following enumerated values are supported:
0 - Reserved
1 - WTP Crash Data
2 - WTP Memory Dump
Data Length: Length of data field, with a maximum size of 65535.
Data: Data being transferred from the WTP to the AC, whose type is
identified via the Data Mode field.
Calhoun, et al. Standards Track [Page 72]
RFC 5415 CAPWAP Protocol Specification March 2009
4.6.16. Data Transfer Mode
The Data Transfer Mode message element is used by the WTP to indicate
the type of data transfer information it is sending to the AC for
debugging purposes.
0
0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+
| Data Mode |
+-+-+-+-+-+-+-+-+
Type: 14 for Data Transfer Mode
Length: 1
Data Mode: An 8-bit value describing the type of information being
requested. The following enumerated values are supported:
0 - Reserved
1 - WTP Crash Data
2 - WTP Memory Dump
4.6.17. Decryption Error Report
The Decryption Error Report message element value is used by the WTP
to inform the AC of decryption errors that have occurred since the
last report. Note that this error reporting mechanism is not used if
encryption and decryption services are provided in the AC.
0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID |Num Of Entries | Length | MAC Address...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 15 for Decryption Error Report
Length: >= 9
Radio ID: The Radio Identifier refers to an interface index on the
WTP, whose value is between one (1) and 31.
Num of Entries: The number of instances of the Length/MAC Address
fields in the array. This field MUST NOT exceed the value of 255.
Calhoun, et al. Standards Track [Page 73]
RFC 5415 CAPWAP Protocol Specification March 2009
Length: The length of the MAC Address field. The formats and
lengths specified in [EUI-48] and [EUI-64] are supported.
MAC Address: MAC address of the station that has caused decryption
errors.
4.6.18. Decryption Error Report Period
The Decryption Error Report Period message element value is used by
the AC to inform the WTP how frequently it should send decryption
error report messages. Note that this error reporting mechanism is
not used if encryption and decryption services are provided in the
AC.
0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | Report Interval |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 16 for Decryption Error Report Period
Length: 3
Radio ID: The Radio Identifier refers to an interface index on the
WTP, whose value is between one (1) and 31.
Report Interval: A 16-bit unsigned integer indicating the time, in
seconds. The default value for this message element can be found
in Section 4.7.11.
4.6.19. Delete MAC ACL Entry
The Delete MAC ACL Entry message element is used by an AC to delete a
MAC ACL entry on a WTP, ensuring that the WTP provides service to the
MAC addresses provided in the message.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Num of Entries| Length | MAC Address ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 17 for Delete MAC ACL Entry
Length: >= 8
Calhoun, et al. Standards Track [Page 74]
RFC 5415 CAPWAP Protocol Specification March 2009
Num of Entries: The number of instances of the Length/MAC Address
fields in the array. This field MUST NOT exceed the value of 255.
Length: The length of the MAC Address field. The formats and
lengths specified in [EUI-48] and [EUI-64] are supported.
MAC Address: An array of MAC addresses to delete from the ACL.
4.6.20. Delete Station
The Delete Station message element is used by the AC to inform a WTP
that it should no longer provide service to a particular station.
The WTP MUST terminate service to the station immediately upon
receiving this message element.
The transmission of a Delete Station message element could occur for
various reasons, including for administrative reasons, or if the
station has roamed to another WTP.
The Delete Station message element MAY be sent by the WTP, in the WTP
Event Request message, to inform the AC that a particular station is
no longer being provided service. This could occur as a result of an
Idle Timeout (see section 4.4.43), due to internal resource shortages
or for some other reason.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | Length | MAC Address...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 18 for Delete Station
Length: >= 8
Radio ID: An 8-bit value representing the radio, whose value is
between one (1) and 31.
Length: The length of the MAC Address field. The formats and
lengths specified in [EUI-48] and [EUI-64] are supported.
MAC Address: The station's MAC address.
4.6.21. Discovery Type
The Discovery Type message element is used by the WTP to indicate how
it has come to know about the existence of the AC to which it is
sending the Discovery Request message.
Calhoun, et al. Standards Track [Page 75]
RFC 5415 CAPWAP Protocol Specification March 2009
0
0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+
| Discovery Type|
+-+-+-+-+-+-+-+-+
Type: 20 for Discovery Type
Length: 1
Discovery Type: An 8-bit value indicating how the WTP discovered
the AC. The following enumerated values are supported:
0 - Unknown
1 - Static Configuration
2 - DHCP
3 - DNS
4 - AC Referral (used when the AC was configured either through
the AC IPv4 List or AC IPv6 List message element)
4.6.22. Duplicate IPv4 Address
The Duplicate IPv4 Address message element is used by a WTP to inform
an AC that it has detected another IP device using the same IP
address that the WTP is currently using.
The WTP MUST transmit this message element with the status set to 1
after it has detected a duplicate IP address. When the WTP detects
that the duplicate IP address has been cleared, it MUST send this
message element with the status set to 0.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Status | Length | MAC Address ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 21 for Duplicate IPv4 Address
Length: >= 12
IP Address: The IP address currently used by the WTP.
Calhoun, et al. Standards Track [Page 76]
RFC 5415 CAPWAP Protocol Specification March 2009
Status: The status of the duplicate IP address. The value MUST be
set to 1 when a duplicate address is detected, and 0 when the
duplicate address has been cleared.
Length: The length of the MAC Address field. The formats and
lengths specified in [EUI-48] and [EUI-64] are supported.
MAC Address: The MAC address of the offending device.
4.6.23. Duplicate IPv6 Address
The Duplicate IPv6 Address message element is used by a WTP to inform
an AC that it has detected another host using the same IP address
that the WTP is currently using.
The WTP MUST transmit this message element with the status set to 1
after it has detected a duplicate IP address. When the WTP detects
that the duplicate IP address has been cleared, it MUST send this
message element with the status set to 0.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Status | Length | MAC Address ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 22 for Duplicate IPv6 Address
Length: >= 24
IP Address: The IP address currently used by the WTP.
Status: The status of the duplicate IP address. The value MUST be
set to 1 when a duplicate address is detected, and 0 when the
duplicate address has been cleared.
Length: The length of the MAC Address field. The formats and
lengths specified in [EUI-48] and [EUI-64] are supported.
MAC Address: The MAC address of the offending device.
Calhoun, et al. Standards Track [Page 77]
RFC 5415 CAPWAP Protocol Specification March 2009
4.6.24. Idle Timeout
The Idle Timeout message element is sent by the AC to the WTP to
provide the Idle Timeout value that the WTP SHOULD enforce for its
active stations. The value applies to all radios on the WTP.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Timeout |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 23 for Idle Timeout
Length: 4
Timeout: The current Idle Timeout, in seconds, to be enforced by
the WTP. The default value for this message element is specified
in Section 4.7.8.
4.6.25. ECN Support
The ECN Support message element is sent by both the WTP and the AC to
indicate their support for the Explicit Congestion Notification (ECN)
bits, as defined in [RFC3168].
0
0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+
| ECN Support |
+-+-+-+-+-+-+-+-+
Type: 53 for ECN Support
Length: 1
ECN Support: An 8-bit value representing the sender's support for
ECN, as defined in [RFC3168]. All CAPWAP Implementations MUST
support the Limited ECN Support mode. Full ECN Support is used if
both the WTP and AC advertise the capability for "Full and Limited
ECN" Support; otherwise, Limited ECN Support is used.
0 - Limited ECN Support
1 - Full and Limited ECN Support
Calhoun, et al. Standards Track [Page 78]
RFC 5415 CAPWAP Protocol Specification March 2009
4.6.26. Image Data
The Image Data message element is present in the Image Data Request
message sent by the AC and contains the following fields.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data Type | Data ....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 24 for Image Data
Length: >= 1
Data Type: An 8-bit value representing the image Data Type. The
following enumerated values are supported:
1 - Image data is included.
2 - Last Image Data Block is included (EOF).
5 - An error occurred. Transfer is aborted.
Data: The Image Data field contains up to 1024 characters, and its
length is inferred from this message element's length field. If
the block being sent is the last one, the Data Type field is set
to 2. The AC MAY opt to abort the data transfer by setting the
Data Type field to 5. When the Data Type field is 5, the Value
field has a zero length.
4.6.27. Image Identifier
The Image Identifier message element is sent by the AC to the WTP to
indicate the expected active software version that is to be run on
the WTP. The WTP sends the Image Identifier message element in order
to request a specific software version from the AC. The actual
download process is defined in Section 9.1. The value is a variable-
length UTF-8 encoded string [RFC3629], which is NOT zero terminated.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Vendor Identifier |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Calhoun, et al. Standards Track [Page 79]
RFC 5415 CAPWAP Protocol Specification March 2009
Type: 25 for Image Identifier
Length: >= 5
Vendor Identifier: A 32-bit value containing the IANA-assigned "SMI
Network Management Private Enterprise Codes".
Data: A variable-length UTF-8 encoded string [RFC3629] containing
the firmware identifier to be run on the WTP, whose length MUST
NOT exceed 1024 octets. The length of this field is inferred from
this message element's length field.
4.6.28. Image Information
The Image Information message element is present in the Image Data
Response message sent by the AC to the WTP and contains the following
fields.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| File Size |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Hash |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Hash |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Hash |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Hash |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 26 for Image Information
Length: 20
File Size: A 32-bit value containing the size of the file, in
bytes, that will be transferred by the AC to the WTP.
Hash: A 16-octet MD5 hash of the image using the procedures defined
in [RFC1321].
Calhoun, et al. Standards Track [Page 80]
RFC 5415 CAPWAP Protocol Specification March 2009
4.6.29. Initiate Download
The Initiate Download message element is used by the WTP to inform
the AC that the AC SHOULD initiate a firmware upgrade. The AC
subsequently transmits an Image Data Request message, which includes
the Image Data message element. This message element does not
contain any data.
Type: 27 for Initiate Download
Length: 0
4.6.30. Location Data
The Location Data message element is a variable-length byte UTF-8
encoded string [RFC3629] containing user-defined location information
(e.g., "Next to Fridge"). This information is configurable by the
network administrator, and allows the WTP location to be determined.
The string is not zero terminated.
0
0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+-
| Location ...
+-+-+-+-+-+-+-+-+-
Type: 28 for Location Data
Length: >= 1
Location: A non-zero-terminated UTF-8 encoded string [RFC3629]
containing the WTP location, whose maximum size MUST NOT exceed
1024.
4.6.31. Maximum Message Length
The Maximum Message Length message element is included in the Join
Request message by the WTP to indicate the maximum CAPWAP message
length that it supports to the AC. The Maximum Message Length
message element is optionally included in Join Response message by
the AC to indicate the maximum CAPWAP message length that it supports
to the WTP.
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Maximum Message Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Calhoun, et al. Standards Track [Page 81]
RFC 5415 CAPWAP Protocol Specification March 2009
Type: 29 for Maximum Message Length
Length: 2
Maximum Message Length A 16-bit unsigned integer indicating the
maximum message length.
4.6.32. MTU Discovery Padding
The MTU Discovery Padding message element is used as padding to
perform MTU discovery, and MUST contain octets of value 0xFF, of any
length.
0
0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+
| Padding...
+-+-+-+-+-+-+-+-
Type: 52 for MTU Discovery Padding
Length: Variable
Pad: A variable-length pad, filled with the value 0xFF.
4.6.33. Radio Administrative State
The Radio Administrative State message element is used to communicate
the state of a particular radio. The Radio Administrative State
message element is sent by the AC to change the state of the WTP.
The WTP saves the value, to ensure that it remains across WTP resets.
The WTP communicates this message element during the configuration
phase, in the Configuration Status Request message, to ensure that
the AC has the WTP radio current administrative state settings. The
message element contains the following fields:
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | Admin State |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 31 for Radio Administrative State
Length: 2
Calhoun, et al. Standards Track [Page 82]
RFC 5415 CAPWAP Protocol Specification March 2009
Radio ID: An 8-bit value representing the radio to configure, whose
value is between one (1) and 31. The Radio ID field MAY also
include the value of 0xff, which is used to identify the WTP. If
an AC wishes to change the administrative state of a WTP, it
includes 0xff in the Radio ID field.
Admin State: An 8-bit value representing the administrative state
of the radio. The default value for the Admin State field is
listed in Section 4.8.1. The following enumerated values are
supported:
0 - Reserved
1 - Enabled
2 - Disabled
4.6.34. Radio Operational State
The Radio Operational State message element is sent by the WTP to the
AC to communicate a radio's operational state. This message element
is included in the Configuration Update Response message by the WTP
if it was requested to change the state of its radio, via the Radio
Administrative State message element, but was unable to comply to the
request. This message element is included in the Change State Event
message when a WTP radio state was changed unexpectedly. This could
occur due to a hardware failure. Note that the operational state
setting is not saved on the WTP, and therefore does not remain across
WTP resets. The value contains three fields, as shown below.
0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | State | Cause |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 32 for Radio Operational State
Length: 3
Radio ID: The Radio Identifier refers to an interface index on the
WTP, whose value is between one (1) and 31. A value of 0xFF is
invalid, as it is not possible to change the WTP's operational
state.
State: An 8-bit Boolean value representing the state of the radio.
The following enumerated values are supported:
Calhoun, et al. Standards Track [Page 83]
RFC 5415 CAPWAP Protocol Specification March 2009
0 - Reserved
1 - Enabled
2 - Disabled
Cause: When a radio is inoperable, the cause field contains the
reason the radio is out of service. The following enumerated
values are supported:
0 - Normal
1 - Radio Failure
2 - Software Failure
3 - Administratively Set
4.6.35. Result Code
The Result Code message element value is a 32-bit integer value,
indicating the result of the Request message corresponding to the
sequence number included in the Response message.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Result Code |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 33 for Result Code
Length: 4
Result Code: The following enumerated values are defined:
0 Success
1 Failure (AC List Message Element MUST Be Present)
2 Success (NAT Detected)
3 Join Failure (Unspecified)
4 Join Failure (Resource Depletion)
5 Join Failure (Unknown Source)
Calhoun, et al. Standards Track [Page 84]
RFC 5415 CAPWAP Protocol Specification March 2009
6 Join Failure (Incorrect Data)
7 Join Failure (Session ID Already in Use)
8 Join Failure (WTP Hardware Not Supported)
9 Join Failure (Binding Not Supported)
10 Reset Failure (Unable to Reset)
11 Reset Failure (Firmware Write Error)
12 Configuration Failure (Unable to Apply Requested Configuration
- Service Provided Anyhow)
13 Configuration Failure (Unable to Apply Requested Configuration
- Service Not Provided)
14 Image Data Error (Invalid Checksum)
15 Image Data Error (Invalid Data Length)
16 Image Data Error (Other Error)
17 Image Data Error (Image Already Present)
18 Message Unexpected (Invalid in Current State)
19 Message Unexpected (Unrecognized Request)
20 Failure - Missing Mandatory Message Element
21 Failure - Unrecognized Message Element
22 Data Transfer Error (No Information to Transfer)
4.6.36. Returned Message Element
The Returned Message Element is sent by the WTP in the Change State
Event Request message to communicate to the AC which message elements
in the Configuration Status Response it was unable to apply locally.
The Returned Message Element message element contains a result code
indicating the reason that the configuration could not be applied,
and encapsulates the failed message element.
Calhoun, et al. Standards Track [Page 85]
RFC 5415 CAPWAP Protocol Specification March 2009
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reason | Length | Message Element...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 34 for Returned Message Element
Length: >= 6
Reason: The reason the configuration in the offending message
element could not be applied by the WTP. The following enumerated
values are supported:
0 - Reserved
1 - Unknown Message Element
2 - Unsupported Message Element
3 - Unknown Message Element Value
4 - Unsupported Message Element Value
Length: The length of the Message Element field, which MUST NOT
exceed 255 octets.
Message Element: The Message Element field encapsulates the message
element sent by the AC in the Configuration Status Response
message that caused the error.
4.6.37. Session ID
The Session ID message element value contains a randomly generated
unsigned 128-bit integer.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Session ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Session ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Session ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Session ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Calhoun, et al. Standards Track [Page 86]
RFC 5415 CAPWAP Protocol Specification March 2009
Type: 35 for Session ID
Length: 16
Session ID: A 128-bit unsigned integer used as a random session
identifier
4.6.38. Statistics Timer
The Statistics Timer message element value is used by the AC to
inform the WTP of the frequency with which it expects to receive
updated statistics.
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Statistics Timer |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 36 for Statistics Timer
Length: 2
Statistics Timer: A 16-bit unsigned integer indicating the time, in
seconds. The default value for this timer is specified in
Section 4.7.14.
4.6.39. Vendor Specific Payload
The Vendor Specific Payload message element is used to communicate
vendor-specific information between the WTP and the AC. The Vendor
Specific Payload message element MAY be present in any CAPWAP
message. The exchange of vendor-specific data between the MUST NOT
modify the behavior of the base CAPWAP protocol and state machine.
The message element uses the following format:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Vendor Identifier |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Element ID | Data...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 37 for Vendor Specific Payload
Length: >= 7
Calhoun, et al. Standards Track [Page 87]
RFC 5415 CAPWAP Protocol Specification March 2009
Vendor Identifier: A 32-bit value containing the IANA-assigned "SMI
Network Management Private Enterprise Codes" [RFC3232].
Element ID: A 16-bit Element Identifier that is managed by the
vendor.
Data: Variable-length vendor-specific information, whose contents
and format are proprietary and understood based on the Element ID
field. This field MUST NOT exceed 2048 octets.
4.6.40. WTP Board Data
The WTP Board Data message element is sent by the WTP to the AC and
contains information about the hardware present.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Vendor Identifier |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Board Data Sub-Element...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 38 for WTP Board Data
Length: >=14
Vendor Identifier: A 32-bit value containing the IANA-assigned "SMI
Network Management Private Enterprise Codes", identifying the WTP
hardware manufacturer. The Vendor Identifier field MUST NOT be
set to zero.
Board Data Sub-Element: The WTP Board Data message element contains
multiple Board Data sub-elements, some of which are mandatory and
some are optional, as described below. The Board Data Type values
are not extensible by vendors, and are therefore not coupled along
with the Vendor Identifier field. The Board Data sub-element has
the following format:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Board Data Type | Board Data Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Board Data Value...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Calhoun, et al. Standards Track [Page 88]
RFC 5415 CAPWAP Protocol Specification March 2009
Board Data Type: The Board Data Type field identifies the data
being encoded. The CAPWAP protocol defines the following
values, and each of these types identify whether their presence
is mandatory or optional:
0 - WTP Model Number: The WTP Model Number MUST be included in
the WTP Board Data message element.
1 - WTP Serial Number: The WTP Serial Number MUST be included in
the WTP Board Data message element.
2 - Board ID: A hardware identifier, which MAY be included in
the WTP Board Data message element.
3 - Board Revision: A revision number of the board, which MAY be
included in the WTP Board Data message element.
4 - Base MAC Address: The WTP's Base MAC address, which MAY be
assigned to the primary Ethernet interface.
Board Data Length: The length of the data in the Board Data Value
field, whose length MUST NOT exceed 1024 octets.
Board Data Value: The data associated with the Board Data Type
field for this Board Data sub-element.
4.6.41. WTP Descriptor
The WTP Descriptor message element is used by a WTP to communicate
its current hardware and software (firmware) configuration. The
value contains the following fields:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Max Radios | Radios in use | Num Encrypt |Encryp Sub-Elmt|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Encryption Sub-Element | Descriptor Sub-Element...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 39 for WTP Descriptor
Length: >= 33
Calhoun, et al. Standards Track [Page 89]
RFC 5415 CAPWAP Protocol Specification March 2009
Max Radios: An 8-bit value representing the number of radios (where
each radio is identified via the Radio ID field) supported by the
WTP.
Radios in use: An 8-bit value representing the number of radios in
use in the WTP.
Num Encrypt: The number of 3-byte Encryption sub-elements that
follow this field. The value of the Num Encrypt field MUST be
between one (1) and 255.
Encryption Sub-Element: The WTP Descriptor message element MUST
contain at least one Encryption sub-element. One sub-element is
present for each binding supported by the WTP. The Encryption
sub-element has the following format:
0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Resvd| WBID | Encryption Capabilities |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Resvd: The 3-bit field is reserved for future use. All
implementations complying with this protocol MUST set to zero
any bits that are reserved in the version of the protocol
supported by that implementation. Receivers MUST ignore all
bits not defined for the version of the protocol they support.
WBID: A 5-bit field that is the wireless binding identifier.
The identifier will indicate the type of wireless packet
associated with the radio. The WBIDs defined in this
specification can be found in Section 4.3.
Encryption Capabilities: This 16-bit field is used by the WTP to
communicate its capabilities to the AC. A WTP that does not
have any encryption capabilities sets this field to zero (0).
Refer to the specific wireless binding for further
specification of the Encryption Capabilities field.
Descriptor Sub-Element: The WTP Descriptor message element contains
multiple Descriptor sub-elements, some of which are mandatory and
some are optional, as described below. The Descriptor sub-element
has the following format:
Calhoun, et al. Standards Track [Page 90]
RFC 5415 CAPWAP Protocol Specification March 2009
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Descriptor Vendor Identifier |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Descriptor Type | Descriptor Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Descriptor Data...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Descriptor Vendor Identifier: A 32-bit value containing the
IANA-assigned "SMI Network Management Private Enterprise
Codes".
Descriptor Type: The Descriptor Type field identifies the data
being encoded. The format of the data is vendor-specific
encoded in the UTF-8 format [RFC3629]. The CAPWAP protocol
defines the following values, and each of these types identify
whether their presence is mandatory or optional. The values
listed below are used in conjunction with the Descriptor Vendor
Identifier field, whose value MUST be set to zero (0). This
field, combined with the Descriptor Vendor Identifier set to a
non-zero (0) value, allows vendors to use a private namespace.
0 - Hardware Version: The WTP hardware version number MUST be
present.
1 - Active Software Version: The WTP running software version
number MUST be present.
2 - Boot Version: The WTP boot loader version number MUST be
present.
3 - Other Software Version: The WTP non-running software
(firmware) version number MAY be present. This type is
used to communicate alternate software versions that are
available on the WTP's non-volatile storage.
Descriptor Length: Length of the vendor-specific encoding of the
Descriptor Data field, whose length MUST NOT exceed 1024
octets.
Descriptor Data: Vendor-specific data of WTP information encoded
in the UTF-8 format [RFC3629].
Calhoun, et al. Standards Track [Page 91]
RFC 5415 CAPWAP Protocol Specification March 2009
4.6.42. WTP Fallback
The WTP Fallback message element is sent by the AC to the WTP to
enable or disable automatic CAPWAP fallback in the event that a WTP
detects its preferred AC to which it is not currently connected.
0
0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+
| Mode |
+-+-+-+-+-+-+-+-+
Type: 40 for WTP Fallback
Length: 1
Mode: The 8-bit value indicates the status of automatic CAPWAP
fallback on the WTP. When enabled, if the WTP detects that its
primary AC is available, and that the WTP is not connected to the
primary AC, the WTP SHOULD automatically disconnect from its
current AC and reconnect to its primary AC. If disabled, the WTP
will only reconnect to its primary AC through manual intervention
(e.g., through the Reset Request message). The default value for
this field is specified in Section 4.8.9. The following
enumerated values are supported:
0 - Reserved
1 - Enabled
2 - Disabled
4.6.43. WTP Frame Tunnel Mode
The WTP Frame Tunnel Mode message element allows the WTP to
communicate the tunneling modes of operation that it supports to the
AC. A WTP that advertises support for all types allows the AC to
select which type will be used, based on its local policy.
0
0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+
|Reservd|N|E|L|U|
+-+-+-+-+-+-+-+-+
Calhoun, et al. Standards Track [Page 92]
RFC 5415 CAPWAP Protocol Specification March 2009
Type: 41 for WTP Frame Tunnel Mode
Length: 1
Reservd: A set of reserved bits for future use. All
implementations complying with this protocol MUST set to zero any
bits that are reserved in the version of the protocol supported by
that implementation. Receivers MUST ignore all bits not defined
for the version of the protocol they support.
N: Native Frame Tunnel mode requires the WTP and AC to encapsulate
all user payloads as native wireless frames, as defined by the
wireless binding (see for example Section 4.4)
E: The 802.3 Frame Tunnel Mode requires the WTP and AC to
encapsulate all user payload as native IEEE 802.3 frames (see
Section 4.4). All user traffic is tunneled to the AC. This
value MUST NOT be used when the WTP MAC Type is set to Split
MAC.
L: When Local Bridging is used, the WTP does not tunnel user
traffic to the AC; all user traffic is locally bridged. This
value MUST NOT be used when the WTP MAC Type is set to Split
MAC.
R: A reserved bit for future use. All implementations complying
with this protocol MUST set to zero any bits that are reserved
in the version of the protocol supported by that
implementation. Receivers MUST ignore all bits not defined for
the version of the protocol they support.
4.6.44. WTP MAC Type
The WTP MAC-Type message element allows the WTP to communicate its
mode of operation to the AC. A WTP that advertises support for both
modes allows the AC to select the mode to use, based on local policy.
0
0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+
| MAC Type |
+-+-+-+-+-+-+-+-+
Type: 44 for WTP MAC Type
Calhoun, et al. Standards Track [Page 93]
RFC 5415 CAPWAP Protocol Specification March 2009
Length: 1
MAC Type: The MAC mode of operation supported by the WTP. The
following enumerated values are supported:
0 - Local MAC: Local MAC is the default mode that MUST be
supported by all WTPs. When tunneling is enabled (see
Section 4.6.43), the encapsulated frames MUST be in the
802.3 format (see Section 4.4.2), unless a wireless
management or control frame which MAY be in its native
format. Any CAPWAP binding needs to specify the format of
management and control wireless frames.
1 - Split MAC: Split MAC support is optional, and allows the AC
to receive and process native wireless frames.
2 - Both: WTP is capable of supporting both Local MAC and Split
MAC.
4.6.45. WTP Name
The WTP Name message element is a variable-length byte UTF-8 encoded
string [RFC3629]. The string is not zero terminated.
0
0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+-
| WTP Name ...
+-+-+-+-+-+-+-+-+-
Type: 45 for WTP Name
Length: >= 1
WTP Name: A non-zero-terminated UTF-8 encoded string [RFC3629]
containing the WTP name, whose maximum size MUST NOT exceed 512
bytes.
4.6.46. WTP Radio Statistics
The WTP Radio Statistics message element is sent by the WTP to the AC
to communicate statistics on radio behavior and reasons why the WTP
radio has been reset. These counters are never reset on the WTP, and
will therefore roll over to zero when the maximum size has been
reached.
Calhoun, et al. Standards Track [Page 94]
RFC 5415 CAPWAP Protocol Specification March 2009
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | Last Fail Type| Reset Count |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SW Failure Count | HW Failure Count |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Other Failure Count | Unknown Failure Count |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Config Update Count | Channel Change Count |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Band Change Count | Current Noise Floor |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 47 for WTP Radio Statistics
Length: 20
Radio ID: The radio ID of the radio to which the statistics apply,
whose value is between one (1) and 31.
Last Failure Type: The last WTP failure. The following enumerated
values are supported:
0 - Statistic Not Supported
1 - Software Failure
2 - Hardware Failure
3 - Other Failure
255 - Unknown (e.g., WTP doesn't keep track of info)
Reset Count: The number of times that the radio has been reset.
SW Failure Count: The number of times that the radio has failed due
to software-related reasons.
HW Failure Count: The number of times that the radio has failed due
to hardware-related reasons.
Other Failure Count: The number of times that the radio has failed
due to known reasons, other than software or hardware failure.
Calhoun, et al. Standards Track [Page 95]
RFC 5415 CAPWAP Protocol Specification March 2009
Unknown Failure Count: The number of times that the radio has
failed for unknown reasons.
Config Update Count: The number of times that the radio
configuration has been updated.
Channel Change Count: The number of times that the radio channel
has been changed.
Band Change Count: The number of times that the radio has changed
frequency bands.
Current Noise Floor: A signed integer that indicates the noise
floor of the radio receiver in units of dBm.
4.6.47. WTP Reboot Statistics
The WTP Reboot Statistics message element is sent by the WTP to the
AC to communicate reasons why WTP reboots have occurred. These
counters are never reset on the WTP, and will therefore roll over to
zero when the maximum size has been reached.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reboot Count | AC Initiated Count |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Link Failure Count | SW Failure Count |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| HW Failure Count | Other Failure Count |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Unknown Failure Count |Last Failure Type|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 48 for WTP Reboot Statistics
Length: 15
Reboot Count: The number of reboots that have occurred due to a WTP
crash. A value of 65535 implies that this information is not
available on the WTP.
AC Initiated Count: The number of reboots that have occurred at the
request of a CAPWAP protocol message, such as a change in
configuration that required a reboot or an explicit CAPWAP
protocol reset request. A value of 65535 implies that this
information is not available on the WTP.
Calhoun, et al. Standards Track [Page 96]
RFC 5415 CAPWAP Protocol Specification March 2009
Link Failure Count: The number of times that a CAPWAP protocol
connection with an AC has failed due to link failure.
SW Failure Count: The number of times that a CAPWAP protocol
connection with an AC has failed due to software-related reasons.
HW Failure Count: The number of times that a CAPWAP protocol
connection with an AC has failed due to hardware-related reasons.
Other Failure Count: The number of times that a CAPWAP protocol
connection with an AC has failed due to known reasons, other than
AC initiated, link, SW or HW failure.
Unknown Failure Count: The number of times that a CAPWAP protocol
connection with an AC has failed for unknown reasons.
Last Failure Type: The failure type of the most recent WTP failure.
The following enumerated values are supported:
0 - Not Supported
1 - AC Initiated (see Section 9.2)
2 - Link Failure
3 - Software Failure
4 - Hardware Failure
5 - Other Failure
255 - Unknown (e.g., WTP doesn't keep track of info)
4.6.48. WTP Static IP Address Information
The WTP Static IP Address Information message element is used by an
AC to configure or clear a previously configured static IP address on
a WTP. IPv6 WTPs are expected to use dynamic addresses.
Calhoun, et al. Standards Track [Page 97]
RFC 5415 CAPWAP Protocol Specification March 2009
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Netmask |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Gateway |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Static |
+-+-+-+-+-+-+-+-+
Type: 49 for WTP Static IP Address Information
Length: 13
IP Address: The IP address to assign to the WTP. This field is
only valid if the static field is set to one.
Netmask: The IP Netmask. This field is only valid if the static
field is set to one.
Gateway: The IP address of the gateway. This field is only valid
if the static field is set to one.
Static: An 8-bit Boolean stating whether or not the WTP should use
a static IP address. A value of zero disables the static IP
address, while a value of one enables it.
4.7. CAPWAP Protocol Timers
This section contains the definition of the CAPWAP timers.
4.7.1. ChangeStatePendingTimer
The maximum time, in seconds, the AC will wait for the Change State
Event Request from the WTP after having transmitted a successful
Configuration Status Response message.
Default: 25 seconds
4.7.2. DataChannelKeepAlive
The DataChannelKeepAlive timer is used by the WTP to determine the
next opportunity when it must transmit the Data Channel Keep-Alive,
in seconds.
Default: 30 seconds
Calhoun, et al. Standards Track [Page 98]
RFC 5415 CAPWAP Protocol Specification March 2009
4.7.3. DataChannelDeadInterval
The minimum time, in seconds, a WTP MUST wait without having received
a Data Channel Keep-Alive packet before the destination for the Data
Channel Keep-Alive packets may be considered dead. The value of this
timer MUST be no less than 2*DataChannelKeepAlive seconds and no
greater that 240 seconds.
Default: 60
4.7.4. DataCheckTimer
The number of seconds the AC will wait for the Data Channel Keep
Alive, which is required by the CAPWAP state machine's Data Check
state. The AC resets the state machine if this timer expires prior
to transitioning to the next state.
Default: 30
4.7.5. DiscoveryInterval
The minimum time, in seconds, that a WTP MUST wait after receiving a
Discovery Response message, before initiating a DTLS handshake.
Default: 5
4.7.6. DTLSSessionDelete
The minimum time, in seconds, a WTP MUST wait for DTLS session
deletion.
Default: 5
4.7.7. EchoInterval
The minimum time, in seconds, between sending Echo Request messages
to the AC with which the WTP has joined.
Default: 30
4.7.8. IdleTimeout
The default Idle Timeout is 300 seconds.
Calhoun, et al. Standards Track [Page 99]
RFC 5415 CAPWAP Protocol Specification March 2009
4.7.9. ImageDataStartTimer
The number of seconds the WTP will wait for its peer to transmit the
Image Data Request.
Default: 30
4.7.10. MaxDiscoveryInterval
The maximum time allowed between sending Discovery Request messages,
in seconds. This value MUST be no less than 2 seconds and no greater
than 180 seconds.
Default: 20 seconds.
4.7.11. ReportInterval
The ReportInterval is used by the WTP to determine the interval the
WTP uses between sending the Decryption Error message elements to
inform the AC of decryption errors, in seconds.
The default Report Interval is 120 seconds.
4.7.12. RetransmitInterval
The minimum time, in seconds, in which a non-acknowledged CAPWAP
packet will be retransmitted.
Default: 3
4.7.13. SilentInterval
For a WTP, this is the minimum time, in seconds, a WTP MUST wait
before it MAY again send Discovery Request messages or attempt to
establish a DTLS session. For an AC, this is the minimum time, in
seconds, during which the AC SHOULD ignore all CAPWAP and DTLS
packets received from the WTP that is in the Sulking state.
Default: 30 seconds
4.7.14. StatisticsTimer
The StatisticsTimer is used by the WTP to determine the interval the
WTP uses between the WTP Events Requests it transmits to the AC to
communicate its statistics, in seconds.
Default: 120 seconds
Calhoun, et al. Standards Track [Page 100]
RFC 5415 CAPWAP Protocol Specification March 2009
4.7.15. WaitDTLS
The maximum time, in seconds, a WTP MUST wait without having received
a DTLS Handshake message from an AC. This timer MUST be greater than
30 seconds.
Default: 60
4.7.16. WaitJoin
The maximum time, in seconds, an AC will wait after the DTLS session
has been established until it receives the Join Request from the WTP.
This timer MUST be greater than 20 seconds.
Default: 60
4.8. CAPWAP Protocol Variables
This section defines the CAPWAP protocol variables, which are used
for various protocol functions. Some of these variables are
configurable, while others are counters or have a fixed value. For
non-counter-related variables, default values are specified.
However, when a WTP's variable configuration is explicitly overridden
by an AC, the WTP MUST save the new value.
4.8.1. AdminState
The default Administrative State value is enabled (1).
4.8.2. DiscoveryCount
The number of Discovery Request messages transmitted by a WTP to a
single AC. This is a monotonically increasing counter.
4.8.3. FailedDTLSAuthFailCount
The number of failed DTLS session establishment attempts due to
authentication failures.
4.8.4. FailedDTLSSessionCount
The number of failed DTLS session establishment attempts.
Calhoun, et al. Standards Track [Page 101]
RFC 5415 CAPWAP Protocol Specification March 2009
4.8.5. MaxDiscoveries
The maximum number of Discovery Request messages that will be sent
after a WTP boots.
Default: 10
4.8.6. MaxFailedDTLSSessionRetry
The maximum number of failed DTLS session establishment attempts
before the CAPWAP device enters a silent period.
Default: 3
4.8.7. MaxRetransmit
The maximum number of retransmissions for a given CAPWAP packet
before the link layer considers the peer dead.
Default: 5
4.8.8. RetransmitCount
The number of retransmissions for a given CAPWAP packet. This is a
monotonically increasing counter.
4.8.9. WTPFallBack
The default WTP Fallback value is enabled (1).
4.9. WTP Saved Variables
In addition to the values defined in Section 4.8, the following
values SHOULD be saved on the WTP in non-volatile memory. CAPWAP
wireless bindings MAY define additional values that SHOULD be stored
on the WTP.
4.9.1. AdminRebootCount
The number of times the WTP has rebooted administratively, defined in
Section 4.6.47.
4.9.2. FrameEncapType
For WTPs that support multiple Frame Encapsulation Types, it is
useful to save the value configured by the AC. The Frame
Encapsulation Type is defined in Section 4.6.43.
Calhoun, et al. Standards Track [Page 102]
RFC 5415 CAPWAP Protocol Specification March 2009
4.9.3. LastRebootReason
The reason why the WTP last rebooted, defined in Section 4.6.47.
4.9.4. MacType
For WTPs that support multiple MAC-Types, it is useful to save the
value configured by the AC. The MAC-Type is defined in
Section 4.6.44.
4.9.5. PreferredACs
The preferred ACs, with the index, defined in Section 4.6.5.
4.9.6. RebootCount
The number of times the WTP has rebooted, defined in Section 4.6.47.
4.9.7. Static IP Address
The static IP address assigned to the WTP, as configured by the WTP
Static IP address Information message element (see Section 4.6.48).
4.9.8. WTPLinkFailureCount
The number of times the link to the AC has failed, see
Section 4.6.47.
4.9.9. WTPLocation
The WTP Location, defined in Section 4.6.30.
4.9.10. WTPName
The WTP Name, defined in Section 4.6.45.
5. CAPWAP Discovery Operations
The Discovery messages are used by a WTP to determine which ACs are
available to provide service, and the capabilities and load of the
ACs.
5.1. Discovery Request Message
The Discovery Request message is used by the WTP to automatically
discover potential ACs available in the network. The Discovery
Request message provides ACs with the primary capabilities of the
Calhoun, et al. Standards Track [Page 103]
RFC 5415 CAPWAP Protocol Specification March 2009
WTP. A WTP must exchange this information to ensure subsequent
exchanges with the ACs are consistent with the WTP's functional
characteristics.
Discovery Request messages MUST be sent by a WTP in the Discover
state after waiting for a random delay less than
MaxDiscoveryInterval, after a WTP first comes up or is
(re)initialized. A WTP MUST send no more than the maximum of
MaxDiscoveries Discovery Request messages, waiting for a random delay
less than MaxDiscoveryInterval between each successive message.
This is to prevent an explosion of WTP Discovery Request messages.
An example of this occurring is when many WTPs are powered on at the
same time.
If a Discovery Response message is not received after sending the
maximum number of Discovery Request messages, the WTP enters the
Sulking state and MUST wait for an interval equal to SilentInterval
before sending further Discovery Request messages.
Upon receiving a Discovery Request message, the AC will respond with
a Discovery Response message sent to the address in the source
address of the received Discovery Request message. Once a Discovery
Response has been received, if the WTP decides to establish a session
with the responding AC, it SHOULD perform an MTU discovery, using the
process described in Section 3.5.
It is possible for the AC to receive a clear text Discovery Request
message while a DTLS session is already active with the WTP. This is
most likely the case if the WTP has rebooted, perhaps due to a
software or power failure, but could also be caused by a DoS attack.
In such cases, any WTP state, including the state machine instance,
MUST NOT be cleared until another DTLS session has been successfully
established, communicated via the DTLSSessionEstablished DTLS
notification (see Section 2.3.2.2).
The binding specific WTP Radio Information message element (see
Section 2.1) is included in the Discovery Request message to
advertise WTP support for one or more CAPWAP bindings.
The Discovery Request message is sent by the WTP when in the
Discovery state. The AC does not transmit this message.
The following message elements MUST be included in the Discovery
Request message:
o Discovery Type, see Section 4.6.21
Calhoun, et al. Standards Track [Page 104]
RFC 5415 CAPWAP Protocol Specification March 2009
o WTP Board Data, see Section 4.6.40
o WTP Descriptor, see Section 4.6.41
o WTP Frame Tunnel Mode, see Section 4.6.43
o WTP MAC Type, see Section 4.6.44
o WTP Radio Information message element(s) that the WTP supports;
These are defined by the individual link layer CAPWAP Binding
Protocols (see Section 2.1).
The following message elements MAY be included in the Discovery
Request message:
o MTU Discovery Padding, see Section 4.6.32
o Vendor Specific Payload, see Section 4.6.39
5.2. Discovery Response Message
The Discovery Response message provides a mechanism for an AC to
advertise its services to requesting WTPs.
When a WTP receives a Discovery Response message, it MUST wait for an
interval not less than DiscoveryInterval for receipt of additional
Discovery Response messages. After the DiscoveryInterval elapses,
the WTP enters the DTLS-Init state and selects one of the ACs that
sent a Discovery Response message and send a DTLS Handshake to that
AC.
One or more binding-specific WTP Radio Information message elements
(see Section 2.1) are included in the Discovery Request message to
advertise AC support for the CAPWAP bindings. The AC MAY include
only the bindings it shares in common with the WTP, known through the
WTP Radio Information message elements received in the Discovery
Request message, or it MAY include all of the bindings supported.
The WTP MAY use the supported bindings in its AC decision process.
Note that if the WTP joins an AC that does not support a specific
CAPWAP binding, service for that binding MUST NOT be provided by the
WTP.
The Discovery Response message is sent by the AC when in the Idle
state. The WTP does not transmit this message.
The following message elements MUST be included in the Discovery
Response Message:
Calhoun, et al. Standards Track [Page 105]
RFC 5415 CAPWAP Protocol Specification March 2009
o AC Descriptor, see Section 4.6.1
o AC Name, see Section 4.6.4
o WTP Radio Information message element(s) that the AC supports;
these are defined by the individual link layer CAPWAP Binding
Protocols (see Section 2.1 for more information).
o One of the following message elements MUST be included in the
Discovery Response Message:
* CAPWAP Control IPv4 Address, see Section 4.6.9
* CAPWAP Control IPv6 Address, see Section 4.6.10
The following message elements MAY be included in the Discovery
Response message:
o Vendor Specific Payload, see Section 4.6.39
5.3. Primary Discovery Request Message
The Primary Discovery Request message is sent by the WTP to:
o determine whether its preferred (or primary) AC is available, or
o perform a Path MTU Discovery (see Section 3.5).
A Primary Discovery Request message is sent by a WTP when it has a
primary AC configured, and is connected to another AC. This
generally occurs as a result of a failover, and is used by the WTP as
a means to discover when its primary AC becomes available. Since the
WTP only has a single instance of the CAPWAP state machine, the
Primary Discovery Request is sent by the WTP when in the Run state.
The AC does not transmit this message.
The frequency of the Primary Discovery Request messages should be no
more often than the sending of the Echo Request message.
Upon receipt of a Primary Discovery Request message, the AC responds
with a Primary Discovery Response message sent to the address in the
source address of the received Primary Discovery Request message.
The following message elements MUST be included in the Primary
Discovery Request message.
o Discovery Type, see Section 4.6.21
Calhoun, et al. Standards Track [Page 106]
RFC 5415 CAPWAP Protocol Specification March 2009
o WTP Board Data, see Section 4.6.40
o WTP Descriptor, see Section 4.6.41
o WTP Frame Tunnel Mode, see Section 4.6.43
o WTP MAC Type, see Section 4.6.44
o WTP Radio Information message element(s) that the WTP supports;
these are defined by the individual link layer CAPWAP Binding
Protocols (see Section 2.1 for more information).
The following message elements MAY be included in the Primary
Discovery Request message:
o MTU Discovery Padding, see Section 4.6.32
o Vendor Specific Payload, see Section 4.6.39
5.4. Primary Discovery Response
The Primary Discovery Response message enables an AC to advertise its
availability and services to requesting WTPs that are configured to
have the AC as its primary AC.
The Primary Discovery Response message is sent by an AC after
receiving a Primary Discovery Request message.
When a WTP receives a Primary Discovery Response message, it may
establish a CAPWAP protocol connection to its primary AC, based on
the configuration of the WTP Fallback Status message element on the
WTP.
The Primary Discovery Response message is sent by the AC when in the
Idle state. The WTP does not transmit this message.
The following message elements MUST be included in the Primary
Discovery Response message.
o AC Descriptor, see Section 4.6.1
o AC Name, see Section 4.6.4
o WTP Radio Information message element(s) that the AC supports;
These are defined by the individual link layer CAPWAP Binding
Protocols (see Section 2.1 for more information).
Calhoun, et al. Standards Track [Page 107]
RFC 5415 CAPWAP Protocol Specification March 2009
One of the following message elements MUST be included in the
Discovery Response Message:
o CAPWAP Control IPv4 Address, see Section 4.6.9
o CAPWAP Control IPv6 Address, see Section 4.6.10
The following message elements MAY be included in the Primary
Discovery Response message:
o Vendor Specific Payload, see Section 4.6.39
6. CAPWAP Join Operations
The Join Request message is used by a WTP to request service from an
AC after a DTLS connection is established to that AC. The Join
Response message is used by the AC to indicate that it will or will
not provide service.
6.1. Join Request
The Join Request message is used by a WTP to request service through
the AC. If the WTP is performing the optional AC Discovery process
(see Section 3.3), the join process occurs after the WTP has received
one or more Discovery Response messages. During the Discovery
process, an AC MAY return more than one CAPWAP Control IPv4 Address
or CAPWAP Control IPv6 Address message elements. When more than one
such message element is returned, the WTP SHOULD perform "load
balancing" by choosing the interface that is servicing the least
number of WTPs (known through the WTP Count field of the message
element). Note, however, that other load balancing algorithms are
also permitted. Once the WTP has determined its preferred AC, and
its associated interface, to which to connect, it establishes the
DTLS session, and transmits the Join Request over the secured control
channel. When an AC receives a Join Request message it responds with
a Join Response message.
Upon completion of the DTLS handshake and receipt of the
DTLSEstablished notification, the WTP sends the Join Request message
to the AC. When the AC is notified of the DTLS session
establishment, it does not clear the WaitDTLS timer until it has
received the Join Request message, at which time it sends a Join
Response message to the WTP, indicating success or failure.
One or more WTP Radio Information message elements (see Section 2.1)
are included in the Join Request to request service for the CAPWAP
bindings by the AC. Including a binding that is unsupported by the
AC will result in a failed Join Response.
Calhoun, et al. Standards Track [Page 108]
RFC 5415 CAPWAP Protocol Specification March 2009
If the AC rejects the Join Request, it sends a Join Response message
with a failure indication and initiates an abort of the DTLS session
via the DTLSAbort command.
If an invalid (i.e., malformed) Join Request message is received, the
message MUST be silently discarded by the AC. No response is sent to
the WTP. The AC SHOULD log this event.
The Join Request is sent by the WTP when in the Join State. The AC
does not transmit this message.
The following message elements MUST be included in the Join Request
message.
o Location Data, see Section 4.6.30
o WTP Board Data, see Section 4.6.40
o WTP Descriptor, see Section 4.6.41
o WTP Name, see Section 4.6.45
o Session ID, see Section 4.6.37
o WTP Frame Tunnel Mode, see Section 4.6.43
o WTP MAC Type, see Section 4.6.44
o WTP Radio Information message element(s) that the WTP supports;
these are defined by the individual link layer CAPWAP Binding
Protocols (see Section 2.1 for more information).
o ECN Support, see Section 4.6.25
At least one of the following message element MUST be included in the
Join Request message.
o CAPWAP Local IPv4 Address, see Section 4.6.11
o CAPWAP Local IPv6 Address, see Section 4.6.12
The following message element MAY be included in the Join Request
message.
o CAPWAP Transport Protocol, see Section 4.6.14
o Maximum Message Length, see Section 4.6.31
Calhoun, et al. Standards Track [Page 109]
RFC 5415 CAPWAP Protocol Specification March 2009
o WTP Reboot Statistics, see Section 4.6.47
o Vendor Specific Payload, see Section 4.6.39
6.2. Join Response
The Join Response message is sent by the AC to indicate to a WTP that
it is capable and willing to provide service to the WTP.
The WTP, receiving a Join Response message, checks for success or
failure. If the message indicates success, the WTP clears the
WaitDTLS timer for the session and proceeds to the Configure state.
If the WaitDTLS Timer expires prior to reception of the Join Response
message, the WTP MUST terminate the handshake, deallocate session
state and initiate the DTLSAbort command.
If an invalid (malformed) Join Response message is received, the WTP
SHOULD log an informative message detailing the error. This error
MUST be treated in the same manner as AC non-responsiveness. The
WaitDTLS timer will eventually expire, and the WTP MAY (if it is so
configured) attempt to join a new AC.
If one of the WTP Radio Information message elements (see
Section 2.1) in the Join Request message requested support for a
CAPWAP binding that the AC does not support, the AC sets the Result
Code message element to "Binding Not Supported".
The AC includes the Image Identifier message element to indicate the
software version it expects the WTP to run. This information is used
to determine whether the WTP MUST change its currently running
firmware image or download a new version (see Section 9.1.1).
The Join Response message is sent by the AC when in the Join State.
The WTP does not transmit this message.
The following message elements MUST be included in the Join Response
message.
o Result Code, see Section 4.6.35
o AC Descriptor, see Section 4.6.1
o AC Name, see Section 4.6.4
o WTP Radio Information message element(s) that the AC supports;
these are defined by the individual link layer CAPWAP Binding
Protocols (see Section 2.1).
Calhoun, et al. Standards Track [Page 110]
RFC 5415 CAPWAP Protocol Specification March 2009
o ECN Support, see Section 4.6.25
One of the following message elements MUST be included in the Join
Response Message:
o CAPWAP Control IPv4 Address, see Section 4.6.9
o CAPWAP Control IPv6 Address, see Section 4.6.10
One of the following message elements MUST be included in the Join
Response Message:
o CAPWAP Local IPv4 Address, see Section 4.6.11
o CAPWAP Local IPv6 Address, see Section 4.6.12
The following message elements MAY be included in the Join Response
message.
o AC IPv4 List, see Section 4.6.2
o AC IPv6 List, see Section 4.6.3
o CAPWAP Transport Protocol, see Section 4.6.14
o Image Identifier, see Section 4.6.27
o Maximum Message Length, see Section 4.6.31
o Vendor Specific Payload, see Section 4.6.39
7. Control Channel Management
The Control Channel Management messages are used by the WTP and AC to
maintain a control communication channel. CAPWAP Control messages,
such as the WTP Event Request message sent from the WTP to the AC
indicate to the AC that the WTP is operational. When such control
messages are not being sent, the Echo Request and Echo Response
messages are used to maintain the control communication channel.
7.1. Echo Request
The Echo Request message is a keep-alive mechanism for CAPWAP control
messages.
Calhoun, et al. Standards Track [Page 111]
RFC 5415 CAPWAP Protocol Specification March 2009
Echo Request messages are sent periodically by a WTP in the Image
Data or Run state (see Section 2.3) to determine the state of the
control connection between the WTP and the AC. The Echo Request
message is sent by the WTP when the EchoInterval timer expires.
The Echo Request message is sent by the WTP when in the Run state.
The AC does not transmit this message.
The following message elements MAY be included in the Echo Request
message:
o Vendor Specific Payload, see Section 4.6.39
When an AC receives an Echo Request message it responds with an Echo
Response message.
7.2. Echo Response
The Echo Response message acknowledges the Echo Request message.
An Echo Response message is sent by an AC after receiving an Echo
Request message. After transmitting the Echo Response message, the
AC SHOULD reset its EchoInterval timer (see Section 4.7.7). If
another Echo Request message or other control message is not received
by the AC when the timer expires, the AC SHOULD consider the WTP to
be no longer reachable.
The Echo Response message is sent by the AC when in the Run state.
The WTP does not transmit this message.
The following message elements MAY be included in the Echo Response
message:
o Vendor Specific Payload, see Section 4.6.39
When a WTP receives an Echo Response message it initializes the
EchoInterval to the configured value.
8. WTP Configuration Management
WTP Configuration messages are used to exchange configuration
information between the AC and the WTP.
8.1. Configuration Consistency
The CAPWAP protocol provides flexibility in how WTP configuration is
managed. A WTP can behave in one of two ways, which is
implementation specific:
Calhoun, et al. Standards Track [Page 112]
RFC 5415 CAPWAP Protocol Specification March 2009
1. The WTP retains no configuration and accepts the configuration
provided by the AC.
2. The WTP saves the configuration of parameters provided by the AC
that are non-default values into local non-volatile memory, and
are enforced during the WTP's power up initialization phase.
If the WTP opts to save configuration locally, the CAPWAP protocol
state machine defines the Configure state, which allows for
configuration exchange. In the Configure state, the WTP sends its
current configuration overrides to the AC via the Configuration
Status Request message. A configuration override is a non-default
parameter. As an example, in the CAPWAP protocol, the default
antenna configuration is internal omni antenna. A WTP that either
has no internal antennas, or has been explicitly configured by the AC
to use external antennas, sends its antenna configuration during the
configure phase, allowing the AC to become aware of the WTP's current
configuration.
Once the WTP has provided its configuration to the AC, the AC sends
its configuration to the WTP. This allows the WTP to receive
configuration and policies from the AC.
The AC maintains a copy of each active WTP configuration. There is
no need for versioning or other means to identify configuration
changes. If a WTP becomes inactive, the AC MAY delete the inactive
WTP configuration. If a WTP fails, and connects to a new AC, the WTP
provides its overridden configuration parameters, allowing the new AC
to be aware of the WTP configuration.
This model allows for resiliency in case of an AC failure, ensuring
another AC can provide service to the WTP. A new AC would be
automatically updated with WTP configuration changes, eliminating the
need for inter-AC communication and the need for all ACs to be aware
of the configuration of all WTPs in the network.
Once the CAPWAP protocol enters the Run state, the WTPs begin to
provide service. It is common for administrators to require that
configuration changes be made while the network is operational.
Therefore, the Configuration Update Request is sent by the AC to the
WTP to make these changes at run-time.
8.1.1. Configuration Flexibility
The CAPWAP protocol provides the flexibility to configure and manage
WTPs of varying design and functional characteristics. When a WTP
first discovers an AC, it provides primary functional information
Calhoun, et al. Standards Track [Page 113]
RFC 5415 CAPWAP Protocol Specification March 2009
relating to its type of MAC and to the nature of frames to be
exchanged. The AC configures the WTP appropriately. The AC also
establishes corresponding internal state for the WTP.
8.2. Configuration Status Request
The Configuration Status Request message is sent by a WTP to deliver
its current configuration to the AC.
The Configuration Status Request message carries binding-specific
message elements. Refer to the appropriate binding for the
definition of this structure.
When an AC receives a Configuration Status Request message, it acts
upon the content of the message and responds to the WTP with a
Configuration Status Response message.
The Configuration Status Request message includes multiple Radio
Administrative State message elements, one for the WTP, and one for
each radio in the WTP.
The Configuration Status Request message is sent by the WTP when in
the Configure State. The AC does not transmit this message.
The following message elements MUST be included in the Configuration
Status Request message.
o AC Name, see Section 4.6.4
o Radio Administrative State, see Section 4.6.33
o Statistics Timer, see Section 4.6.38
o WTP Reboot Statistics, see Section 4.6.47
The following message elements MAY be included in the Configuration
Status Request message.
o AC Name with Priority, see Section 4.6.5
o CAPWAP Transport Protocol, see Section 4.6.14
o WTP Static IP Address Information, see Section 4.6.48
o Vendor Specific Payload, see Section 4.6.39
Calhoun, et al. Standards Track [Page 114]
RFC 5415 CAPWAP Protocol Specification March 2009
8.3. Configuration Status Response
The Configuration Status Response message is sent by an AC and
provides a mechanism for the AC to override a WTP's requested
configuration.
A Configuration Status Response message is sent by an AC after
receiving a Configuration Status Request message.
The Configuration Status Response message carries binding-specific
message elements. Refer to the appropriate binding for the
definition of this structure.
When a WTP receives a Configuration Status Response message, it acts
upon the content of the message, as appropriate. If the
Configuration Status Response message includes a Radio Operational
State message element that causes a change in the operational state
of one of the radios, the WTP transmits a Change State Event to the
AC, as an acknowledgement of the change in state.
The Configuration Status Response message is sent by the AC when in
the Configure state. The WTP does not transmit this message.
The following message elements MUST be included in the Configuration
Status Response message.
o CAPWAP Timers, see Section 4.6.13
o Decryption Error Report Period, see Section 4.6.18
o Idle Timeout, see Section 4.6.24
o WTP Fallback, see Section 4.6.42
One or both of the following message elements MUST be included in the
Configuration Status Response message:
o AC IPv4 List, see Section 4.6.2
o AC IPv6 List, see Section 4.6.3
The following message element MAY be included in the Configuration
Status Response message.
o WTP Static IP Address Information, see Section 4.6.48
o Vendor Specific Payload, see Section 4.6.39
Calhoun, et al. Standards Track [Page 115]
RFC 5415 CAPWAP Protocol Specification March 2009
8.4. Configuration Update Request
Configuration Update Request messages are sent by the AC to provision
the WTP while in the Run state. This is used to modify the
configuration of the WTP while it is operational.
When a WTP receives a Configuration Update Request message, it
responds with a Configuration Update Response message, with a Result
Code message element indicating the result of the configuration
request.
The AC includes the Image Identifier message element (see
Section 4.6.27) to force the WTP to update its firmware while in the
Run state. The WTP MAY proceed to download the requested firmware if
it determines the version specified in the Image Identifier message
element is not in its non-volatile storage by transmitting an Image
Data Request (see Section 9.1.1) that includes the Initiate Download
message element (see Section 4.6.29).
The Configuration Update Request is sent by the AC when in the Run
state. The WTP does not transmit this message.
One or more of the following message elements MAY be included in the
Configuration Update message:
o AC Name with Priority, see Section 4.6.5
o AC Timestamp, see Section 4.6.6
o Add MAC ACL Entry, see Section 4.6.7
o CAPWAP Timers, see Section 4.6.13
o Decryption Error Report Period, see Section 4.6.18
o Delete MAC ACL Entry, see Section 4.6.19
o Idle Timeout, see Section 4.6.24
o Location Data, see Section 4.6.30
o Radio Administrative State, see Section 4.6.33
o Statistics Timer, see Section 4.6.38
o WTP Fallback, see Section 4.6.42
o WTP Name, see Section 4.6.45
Calhoun, et al. Standards Track [Page 116]
RFC 5415 CAPWAP Protocol Specification March 2009
o WTP Static IP Address Information, see Section 4.6.48
o Image Identifier, see Section 4.6.27
o Vendor Specific Payload, see Section 4.6.39
8.5. Configuration Update Response
The Configuration Update Response message is the acknowledgement
message for the Configuration Update Request message.
The Configuration Update Response message is sent by a WTP after
receiving a Configuration Update Request message.
When an AC receives a Configuration Update Response message, the
result code indicates if the WTP successfully accepted the
configuration.
The Configuration Update Response message is sent by the WTP when in
the Run state. The AC does not transmit this message.
The following message element MUST be present in the Configuration
Update message.
Result Code, see Section 4.6.35
The following message elements MAY be present in the Configuration
Update Response message.
o Radio Operational State, see Section 4.6.34
o Vendor Specific Payload, see Section 4.6.39
8.6. Change State Event Request
The Change State Event Request message is used by the WTP for two
main purposes:
o When sent by the WTP following the reception of a Configuration
Status Response message from the AC, the WTP uses the Change State
Event Request message to provide an update on the WTP radio's
operational state and to confirm that the configuration provided
by the AC was successfully applied.
o When sent during the Run state, the WTP uses the Change State
Event Request message to notify the AC of an unexpected change in
the WTP's radio operational state.
Calhoun, et al. Standards Track [Page 117]
RFC 5415 CAPWAP Protocol Specification March 2009
When an AC receives a Change State Event Request message it responds
with a Change State Event Response message and modifies its data
structures for the WTP as needed. The AC MAY decide not to provide
service to the WTP if it receives an error, based on local policy,
and to transition to the Reset state.
The Change State Event Request message is sent by a WTP to
acknowledge or report an error condition to the AC for a requested
configuration in the Configuration Status Response message. The
Change State Event Request message includes the Result Code message
element, which indicates whether the configuration was successfully
applied. If the WTP is unable to apply a specific configuration
request, it indicates the failure by including one or more Returned
Message Element message elements (see Section 4.6.36).
The Change State Event Request message is sent by the WTP in the
Configure or Run state. The AC does not transmit this message.
The WTP MAY save its configuration to persistent storage prior to
transmitting the response. However, this is implementation specific
and is not required.
The following message elements MUST be present in the Change State
Event Request message.
o Radio Operational State, see Section 4.6.34
o Result Code, see Section 4.6.35
One or more of the following message elements MAY be present in the
Change State Event Request message:
o Returned Message Element(s), see Section 4.6.36
o Vendor Specific Payload, see Section 4.6.39
8.7. Change State Event Response
The Change State Event Response message acknowledges the Change State
Event Request message.
A Change State Event Response message is sent by an AC in response to
a Change State Event Request message.
The Change State Event Response message is sent by the AC when in the
Configure or Run state. The WTP does not transmit this message.
Calhoun, et al. Standards Track [Page 118]
RFC 5415 CAPWAP Protocol Specification March 2009
The following message element MAY be included in the Change State
Event Response message:
o Vendor Specific Payload, see Section 4.6.39
The WTP does not take any action upon receipt of the Change State
Event Response message.
8.8. Clear Configuration Request
The Clear Configuration Request message is used to reset the WTP
configuration.
The Clear Configuration Request message is sent by an AC to request
that a WTP reset its configuration to the manufacturing default
configuration. The Clear Config Request message is sent while in the
Run state.
The Clear Configuration Request is sent by the AC when in the Run
state. The WTP does not transmit this message.
The following message element MAY be included in the Clear
Configuration Request message:
o Vendor Specific Payload, see Section 4.6.39
When a WTP receives a Clear Configuration Request message, it resets
its configuration to the manufacturing default configuration.
8.9. Clear Configuration Response
The Clear Configuration Response message is sent by the WTP after
receiving a Clear Configuration Request message and resetting its
configuration parameters to the manufacturing default values.
The Clear Configuration Response is sent by the WTP when in the Run
state. The AC does not transmit this message.
The Clear Configuration Response message MUST include the following
message element:
o Result Code, see Section 4.6.35
The following message element MAY be included in the Clear
Configuration Request message:
o Vendor Specific Payload, see Section 4.6.39
Calhoun, et al. Standards Track [Page 119]
RFC 5415 CAPWAP Protocol Specification March 2009
9. Device Management Operations
This section defines CAPWAP operations responsible for debugging,
gathering statistics, logging, and firmware management. The
management operations defined in this section are used by the AC to
either push/pull information to/from the WTP, or request that the WTP
reboot. This section does not deal with the management of the AC per
se, and assumes that the AC is operational and configured.
9.1. Firmware Management
This section describes the firmware download procedures used by the
CAPWAP protocol. Firmware download can occur during the Image Data
or Run state. The former allows the download to occur at boot time,
while the latter is used to trigger the download while an active
CAPWAP session exists. It is important to note that the CAPWAP
protocol does not provide the ability for the AC to identify whether
the firmware information provided by the WTP is correct or whether
the WTP is properly storing the firmware (see Section 12.10 for more
information).
Figure 6 provides an example of a WTP that performs a firmware
upgrade while in the Image Data state. In this example, the WTP does
not already have the requested firmware (Image Identifier = x), and
downloads the image from the AC.
Calhoun, et al. Standards Track [Page 120]
RFC 5415 CAPWAP Protocol Specification March 2009
WTP AC
Join Request
-------------------------------------------------------->
Join Response (Image Identifier = x)
<------------------------------------------------------
Image Data Request (Image Identifier = x,
Initiate Download)
-------------------------------------------------------->
Image Data Response (Result Code = Success,
Image Information = {size,hash})
<------------------------------------------------------
Image Data Request (Image Data = Data)
<------------------------------------------------------
Image Data Response (Result Code = Success)
-------------------------------------------------------->
.....
Image Data Request (Image Data = EOF)
<------------------------------------------------------
Image Data Response (Result Code = Success)
-------------------------------------------------------->
(WTP enters the Reset State)
Figure 6: WTP Firmware Download Case 1
Figure 7 provides an example in which the WTP has the image specified
by the AC in its non-volatile storage, but is not its current running
image. In this case, the WTP opts to NOT download the firmware and
immediately reset to the requested image.
Calhoun, et al. Standards Track [Page 121]
RFC 5415 CAPWAP Protocol Specification March 2009
WTP AC
Join Request
-------------------------------------------------------->
Join Response (Image Identifier = x)
<------------------------------------------------------
(WTP enters the Reset State)
Figure 7: WTP Firmware Download Case 2
Figure 8 provides an example of a WTP that performs a firmware
upgrade while in the Run state. This mode of firmware upgrade allows
the WTP to download its image while continuing to provide service.
The WTP will not automatically reset until it is notified by the AC,
with a Reset Request message.
Calhoun, et al. Standards Track [Page 122]
RFC 5415 CAPWAP Protocol Specification March 2009
WTP AC
Configuration Update Request (Image Identifier = x)
<------------------------------------------------------
Configuration Update Response (Result Code = Success)
-------------------------------------------------------->
Image Data Request (Image Identifier = x,
Initiate Download)
-------------------------------------------------------->
Image Data Response (Result Code = Success,
Image Information = {size,hash})
<------------------------------------------------------
Image Data Request (Image Data = Data)
<------------------------------------------------------
Image Data Response (Result Code = Success)
-------------------------------------------------------->
.....
Image Data Request (Image Data = EOF)
<------------------------------------------------------
Image Data Response (Result Code = Success)
-------------------------------------------------------->
.....
(administratively requested reboot request)
Reset Request (Image Identifier = x)
<------------------------------------------------------
Reset Response (Result Code = Success)
-------------------------------------------------------->
Figure 8: WTP Firmware Download Case 3
Figure 9 provides another example of the firmware download while in
the Run state. In this example, the WTP already has the image
specified by the AC in its non-volatile storage. The WTP opts to NOT
download the firmware. The WTP resets upon receipt of a Reset
Request message from the AC.
Calhoun, et al. Standards Track [Page 123]
RFC 5415 CAPWAP Protocol Specification March 2009
WTP AC
Configuration Update Request (Image Identifier = x)
<------------------------------------------------------
Configuration Update Response (Result Code = Already Have Image)
-------------------------------------------------------->
.....
(administratively requested reboot request)
Reset Request (Image Identifier = x)
<------------------------------------------------------
Reset Response (Result Code = Success)
-------------------------------------------------------->
Figure 9: WTP Firmware Download Case 4
9.1.1. Image Data Request
The Image Data Request message is used to update firmware on the WTP.
This message and its companion Response message are used by the AC to
ensure that the image being run on each WTP is appropriate.
Image Data Request messages are exchanged between the WTP and the AC
to download a new firmware image to the WTP. When a WTP or AC
receives an Image Data Request message, it responds with an Image
Data Response message. The message elements contained within the
Image Data Request message are required to determine the intent of
the request.
The decision that new firmware is to be downloaded to the WTP can
occur in one of two ways:
When the WTP joins the AC, the Join Response message includes the
Image Identifier message element, which informs the WTP of the
firmware it is expected to run. If the WTP does not currently
have the requested firmware version, it transmits an Image Data
Request message, with the appropriate Image Identifier message
element. If the WTP already has the requested firmware in its
non-volatile flash, but is not its currently running image, it
simply resets to run the proper firmware.
Once the WTP is in the Run state, it is possible for the AC to
cause the WTP to initiate a firmware download by sending a
Configuration Update Request message with the Image Identifier
message elements. This will cause the WTP to transmit an Image
Calhoun, et al. Standards Track [Page 124]
RFC 5415 CAPWAP Protocol Specification March 2009
Data Request with the Image Identifier and the Initiate Download
message elements. Note that when the firmware is downloaded in
this way, the WTP does not automatically reset after the download
is complete. The WTP will only reset when it receives a Reset
Request message from the AC. If the WTP already had the requested
firmware version in its non-volatile storage, the WTP does not
transmit the Image Data Request message and responds with a
Configuration Update Response message with the Result Code set to
Image Already Present.
Regardless of how the download was initiated, once the AC receives an
Image Data Request message with the Image Identifier message element,
it begins the transfer process by transmitting an Image Data Request
message that includes the Image Data message element. This continues
until the firmware image has been transferred.
The Image Data Request message is sent by the WTP or the AC when in
the Image Data or Run state.
The following message elements MAY be included in the Image Data
Request message:
o CAPWAP Transport Protocol, see Section 4.6.14
o Image Data, see Section 4.6.26
o Vendor Specific Payload, see Section 4.6.39
The following message elements MAY be included in the Image Data
Request message when sent by the WTP:
o Image Identifier, see Section 4.6.27
o Initiate Download, see Section 4.6.29
9.1.2. Image Data Response
The Image Data Response message acknowledges the Image Data Request
message.
An Image Data Response message is sent in response to a received
Image Data Request message. Its purpose is to acknowledge the
receipt of the Image Data Request message. The Result Code is
included to indicate whether a previously sent Image Data Request
message was invalid.
The Image Data Response message is sent by the WTP or the AC when in
the Image Data or Run state.
Calhoun, et al. Standards Track [Page 125]
RFC 5415 CAPWAP Protocol Specification March 2009
The following message element MUST be included in the Image Data
Response message:
o Result Code, see Section 4.6.35
The following message element MAY be included in the Image Data
Response message:
o Vendor Specific Payload, see Section 4.6.39
The following message element MAY be included in the Image Data
Response message when sent by the AC:
o Image Information, see Section 4.6.28
Upon receiving an Image Data Response message indicating an error,
the WTP MAY retransmit a previous Image Data Request message, or
abandon the firmware download to the WTP by transitioning to the
Reset state.
9.2. Reset Request
The Reset Request message is used to cause a WTP to reboot.
A Reset Request message is sent by an AC to cause a WTP to
reinitialize its operation. If the AC includes the Image Identifier
message element (see Section 4.6.27), it indicates to the WTP that it
SHOULD use that version of software upon reboot.
The Reset Request is sent by the AC when in the Run state. The WTP
does not transmit this message.
The following message element MUST be included in the Reset Request
message:
o Image Identifier, see Section 4.6.27
The following message element MAY be included in the Reset Request
message:
o Vendor Specific Payload, see Section 4.6.39
When a WTP receives a Reset Request message, it responds with a Reset
Response message indicating success and then reinitializes itself.
If the WTP is unable to write to its non-volatile storage, to ensure
that it runs the requested software version indicated in the Image
Identifier message element, it MAY send the appropriate Result Code
message element, but MUST reboot. If the WTP is unable to reset,
Calhoun, et al. Standards Track [Page 126]
RFC 5415 CAPWAP Protocol Specification March 2009
including a hardware reset, it sends a Reset Response message to the
AC with a Result Code message element indicating failure. The AC no
longer provides service to the WTP.
9.3. Reset Response
The Reset Response message acknowledges the Reset Request message.
A Reset Response message is sent by the WTP after receiving a Reset
Request message.
The Reset Response is sent by the WTP when in the Run state. The AC
does not transmit this message.
The following message elements MAY be included in the Reset Response
message.
o Result Code, see Section 4.6.35
o Vendor Specific Payload, see Section 4.6.39
When an AC receives a successful Reset Response message, it is
notified that the WTP will reinitialize its operation. An AC that
receives a Reset Response message indicating failure may opt to no
longer provide service to the WTP.
9.4. WTP Event Request
The WTP Event Request message is used by a WTP to send information to
its AC. The WTP Event Request message MAY be sent periodically, or
sent in response to an asynchronous event on the WTP. For example, a
WTP MAY collect statistics and use the WTP Event Request message to
transmit the statistics to the AC.
When an AC receives a WTP Event Request message it will respond with
a WTP Event Response message.
The presence of the Delete Station message element is used by the WTP
to inform the AC that it is no longer providing service to the
station. This could be the result of an Idle Timeout (see
Section 4.6.24), due to resource shortages, or some other reason.
The WTP Event Request message is sent by the WTP when in the Run
state. The AC does not transmit this message.
Calhoun, et al. Standards Track [Page 127]
RFC 5415 CAPWAP Protocol Specification March 2009
The WTP Event Request message MUST contain one of the message
elements listed below, or a message element that is defined for a
specific wireless technology. More than one of each message element
listed MAY be included in the WTP Event Request message.
o Decryption Error Report, see Section 4.6.17
o Duplicate IPv4 Address, see Section 4.6.22
o Duplicate IPv6 Address, see Section 4.6.23
o WTP Radio Statistics, see Section 4.6.46
o WTP Reboot Statistics, see Section 4.6.47
o Delete Station, see Section 4.6.20
o Vendor Specific Payload, see Section 4.6.39
9.5. WTP Event Response
The WTP Event Response message acknowledges receipt of the WTP Event
Request message.
A WTP Event Response message is sent by an AC after receiving a WTP
Event Request message.
The WTP Event Response message is sent by the AC when in the Run
state. The WTP does not transmit this message.
The following message element MAY be included in the WTP Event
Response message:
o Vendor Specific Payload, see Section 4.6.39
9.6. Data Transfer
This section describes the data transfer procedures used by the
CAPWAP protocol. The data transfer mechanism is used to upload
information available at the WTP to the AC, such as crash or debug
information. The data transfer messages can only be exchanged while
in the Run state.
Figure 10 provides an example of an AC that requests that the WTP
transfer its latest crash file. Once the WTP acknowledges that it
has information to send, via the Data Transfer Response, it transmits
its own Data Transfer Request. Upon receipt, the AC responds with a
Calhoun, et al. Standards Track [Page 128]
RFC 5415 CAPWAP Protocol Specification March 2009
Data Transfer Response, and the exchange continues until the WTP
transmits a Data Transfer Data message element that indicates an End
of File (EOF).
WTP AC
Data Transfer Request (Data Transfer Mode = Crash Data)
<------------------------------------------------------
Data Transfer Response (Result Code = Success)
-------------------------------------------------------->
Data Transfer Request (Data Transfer Data = Data)
-------------------------------------------------------->
Data Transfer Response (Result Code = Success)
<------------------------------------------------------
.....
Data Transfer Request (Data Transfer Data = EOF)
-------------------------------------------------------->
Data Transfer Response (Result Code = Success)
<------------------------------------------------------
Figure 10: WTP Data Transfer Case 1
Figure 11 provides an example of an AC that requests that the WTP
transfer its latest crash file. However, in this example, the WTP
does not have any crash information to send, and therefore sends a
Data Transfer Response with a Result Code indicating the error.
WTP AC
Data Transfer Request (Data Transfer Mode = Crash Data)
<------------------------------------------------------
Data Transfer Response (Result Code = Data Transfer
Error (No Information to Transfer))
-------------------------------------------------------->
Figure 11: WTP Data Transfer Case 2
Calhoun, et al. Standards Track [Page 129]
RFC 5415 CAPWAP Protocol Specification March 2009
9.6.1. Data Transfer Request
The Data Transfer Request message is used to deliver debug
information from the WTP to the AC.
The Data Transfer Request messages can be sent either by the AC or
the WTP. When sent by the AC, it is used to request that data be
transmitted from the WTP to the AC, and includes the Data Transfer
Mode message element, which specifies the information desired by the
AC. The Data Transfer Request is sent by the WTP in order to
transfer actual data to the AC, through the Data Transfer Data
message element.
Given that the CAPWAP protocol minimizes the need for WTPs to be
directly managed, the Data Transfer Request is an important
troubleshooting tool used by the AC to retrieve information that may
be available on the WTP. For instance, some WTP implementations may
store crash information to help manufacturers identify software
faults. The Data Transfer Request message can be used to send such
information from the WTP to the AC. Another possible use would be to
allow a remote debugger function in the WTP to use the Data Transfer
Request message to send console output to the AC for debugging
purposes.
When the WTP or AC receives a Data Transfer Request message, it
responds to the WTP with a Data Transfer Response message. The AC
MAY log the information received through the Data Transfer Data
message element.
The Data Transfer Request message is sent by the WTP or AC when in
the Run state.
When sent by the AC, the Data Transfer Request message MUST contain
the following message element:
o Data Transfer Mode, see Section 4.6.16
When sent by the WTP, the Data Transfer Request message MUST contain
the following message element:
o Data Transfer Data, see Section 4.6.15
Regardless of whether the Data Transfer Request is sent by the AC or
WTP, the following message element MAY be included in the Data
Transfer Request message:
o Vendor Specific Payload, see Section 4.6.39
Calhoun, et al. Standards Track [Page 130]
RFC 5415 CAPWAP Protocol Specification March 2009
9.6.2. Data Transfer Response
The Data Transfer Response message acknowledges the Data Transfer
Request message.
A Data Transfer Response message is sent in response to a received
Data Transfer Request message. Its purpose is to acknowledge receipt
of the Data Transfer Request message. When sent by the WTP, the
Result Code message element is used to indicate whether the data
transfer requested by the AC can be completed. When sent by the AC,
the Result Code message element is used to indicate receipt of the
data transferred in the Data Transfer Request message.
The Data Transfer Response message is sent by the WTP or AC when in
the Run state.
The following message element MUST be included in the Data Transfer
Response message:
o Result Code, see Section 4.6.35
The following message element MAY be included in the Data Transfer
Response message:
o Vendor Specific Payload, see Section 4.6.39
Upon receipt of a Data Transfer Response message, the WTP transmits
more information, if more information is available.
10. Station Session Management
Messages in this section are used by the AC to create, modify, or
delete station session state on the WTPs.
10.1. Station Configuration Request
The Station Configuration Request message is used to create, modify,
or delete station session state on a WTP. The message is sent by the
AC to the WTP, and MAY contain one or more message elements. The
message elements for this CAPWAP Control message include information
that is generally highly technology specific. Refer to the
appropriate binding document for definitions of the messages elements
that are included in this control message.
The Station Configuration Request message is sent by the AC when in
the Run state. The WTP does not transmit this message.
Calhoun, et al. Standards Track [Page 131]
RFC 5415 CAPWAP Protocol Specification March 2009
The following CAPWAP Control message elements MAY be included in the
Station Configuration Request message. More than one of each message
element listed MAY be included in the Station Configuration Request
message:
o Add Station, see Section 4.6.8
o Delete Station, see Section 4.6.20
o Vendor Specific Payload, see Section 4.6.39
10.2. Station Configuration Response
The Station Configuration Response message is used to acknowledge a
previously received Station Configuration Request message.
The Station Configuration Response message is sent by the WTP when in
the Run state. The AC does not transmit this message.
The following message element MUST be present in the Station
Configuration Response message:
o Result Code, see Section 4.6.35
The following message element MAY be included in the Station
Configuration Response message:
o Vendor Specific Payload, see Section 4.6.39
The Result Code message element indicates that the requested
configuration was successfully applied, or that an error related to
processing of the Station Configuration Request message occurred on
the WTP.
11. NAT Considerations
There are three specific situations in which a NAT deployment may be
used in conjunction with a CAPWAP-enabled deployment. The first
consists of a configuration in which a single WTP is behind a NAT
system. Since all communication is initiated by the WTP, and all
communication is performed over IP using two UDP ports, the protocol
easily traverses NAT systems in this configuration.
In the second case, two or more WTPs are deployed behind the same NAT
system. Here, the AC would receive multiple connection requests from
the same IP address, and therefore cannot use the WTP's IP address
alone to bind the CAPWAP Control and Data channel. The CAPWAP Data
Check state, which establishes the data plane connection and
Calhoun, et al. Standards Track [Page 132]
RFC 5415 CAPWAP Protocol Specification March 2009
communicates the CAPWAP Data Channel Keep-Alive, includes the Session
Identifier message element, which is used to bind the control and
data plane. Use of the Session Identifier message element enables
the AC to match the control and data plane flows from multiple WTPs
behind the same NAT system (multiple WTPs sharing the same IP
address). CAPWAP implementations MUST also use DTLS session
information on any encrypted CAPWAP channel to validate the source of
both the control and data plane, as described in Section 12.2.
In the third configuration, the AC is deployed behind a NAT. In this
case, the AC is not reachable by the WTP unless a specific rule has
been configured on the NAT to translate the address and redirect
CAPWAP messages to the AC. This deployment presents two issues.
First, an AC communicates its interfaces and corresponding WTP load
using the CAPWAP Control IPv4 Address and CAPWAP Control IPv6 Address
message elements. This message element is mandatory, but contains IP
addresses that are only valid in the private address space used by
the AC, which is not reachable by the WTP. The WTP MUST NOT utilize
the information in these message elements if it detects a NAT (as
described in the CAPWAP Transport Protocol message element in
Section 4.6.14). Second, since the addresses cannot be used by the
WTP, this effectively disables the load-balancing capabilities (see
Section 6.1) of the CAPWAP protocol. Alternatively, the AC could
have a configured NAT'ed address, which it would include in either of
the two control address message elements, and the NAT would need to
be configured accordingly.
In order for a CAPWAP WTP or AC to detect whether a middlebox is
present, both the Join Request (see Section 6.1) and the Join
Response (see Section 6.2) include either the CAPWAP Local IPv4
Address (see Section 4.6.11) or the CAPWAP Local IPv6 Address (see
Section 4.6.12) message element. Upon receiving one of these
messages, if the packet's source IP address differs from the address
found in either one of these message elements, it indicates that a
middlebox is present.
In order for CAPWAP to be compatible with potential middleboxes in
the network, CAPWAP implementations MUST send return traffic from the
same port on which it received traffic from a given peer. Further,
any unsolicited requests generated by a CAPWAP node MUST be sent on
the same port.
Note that this middlebox detection technique is not foolproof. If
the public IP address assigned to the NAT is identical to the private
IP address used by the AC, detection by the WTP would fail. This
failure can lead to various protocol errors, so it is therefore
necessary for deployments to ensure that the NAT's IP address is not
the same as the ACs.
Calhoun, et al. Standards Track [Page 133]
RFC 5415 CAPWAP Protocol Specification March 2009
The CAPWAP protocol allows for all of the AC identities supporting a
group of WTPs to be communicated through the AC List message element.
This feature MUST be ignored by the WTP when it detects the AC is
behind a middlebox.
The CAPWAP protocol allows an AC to configure a static IP address on
a WTP using the WTP Static IP Address Information message element.
This message element SHOULD NOT be used in NAT'ed environments,
unless the administrator is familiar with the internal IP addressing
scheme within the WTP's private network, and does not rely on the
public address seen by the AC.
When a WTP detects the duplicate address condition, it generates a
message to the AC, which includes the Duplicate IP Address message
element. The IP address embedded within this message element is
different from the public IP address seen by the AC.
12. Security Considerations
This section describes security considerations for the CAPWAP
protocol. It also provides security recommendations for protocols
used in conjunction with CAPWAP.
12.1. CAPWAP Security
As it is currently specified, the CAPWAP protocol sits between the
security mechanisms specified by the wireless link layer protocol
(e.g., IEEE 802.11i) and Authentication, Authorization, and
Accounting (AAA). One goal of CAPWAP is to bootstrap trust between
the STA and WTP using a series of preestablished trust relationships:
STA WTP AC AAA
==============================================
DTLS Cred AAA Cred
<------------><------------->
EAP Credential
<------------------------------------------>
wireless link layer
(e.g., 802.11 PTK)
<--------------> or
<--------------------------->
(derived)
Figure 12: STA Session Setup
Calhoun, et al. Standards Track [Page 134]
RFC 5415 CAPWAP Protocol Specification March 2009
Within CAPWAP, DTLS is used to secure the link between the WTP and
AC. In addition to securing control messages, it's also a link in
this chain of trust for establishing link layer keys. Consequently,
much rests on the security of DTLS.
In some CAPWAP deployment scenarios, there are two channels between
the WTP and AC: the control channel, carrying CAPWAP Control
messages, and the data channel, over which client data packets are
tunneled between the AC and WTP. Typically, the control channel is
secured by DTLS, while the data channel is not.
The use of parallel protected and unprotected channels deserves
special consideration, but does not create a threat. There are two
potential concerns: attempting to convert protected data into
unprotected data and attempting to convert un-protected data into
protected data. These concerns are addressed below.
12.1.1. Converting Protected Data into Unprotected Data
Since CAPWAP does not support authentication-only ciphers (i.e., all
supported ciphersuites include encryption and authentication), it is
not possible to convert protected data into unprotected data. Since
encrypted data is (ideally) indistinguishable from random data, the
probability of an encrypted packet passing for a well-formed packet
is effectively zero.
12.1.2. Converting Unprotected Data into Protected Data (Insertion)
The use of message authentication makes it impossible for the
attacker to forge protected records. This makes conversion of
unprotected records to protected records impossible.
12.1.3. Deletion of Protected Records
An attacker could remove protected records from the stream, though
not undetectably so, due the built-in reliability of the underlying
CAPWAP protocol. In the worst case, the attacker would remove the
same record repeatedly, resulting in a CAPWAP session timeout and
restart. This is effectively a DoS attack, and could be accomplished
by a man in the middle regardless of the CAPWAP protocol security
mechanisms chosen.
12.1.4. Insertion of Unprotected Records
An attacker could inject packets into the unprotected channel, but
this may become evident if sequence number desynchronization occurs
as a result. Only if the attacker is a man in the middle (MITM) can
Calhoun, et al. Standards Track [Page 135]
RFC 5415 CAPWAP Protocol Specification March 2009
packets be inserted undetectably. This is a consequence of that
channel's lack of protection, and not a new threat resulting from the
CAPWAP security mechanism.
12.1.5. Use of MD5
The Image Information message element (Section 4.6.28) makes use of
MD5 to compute the hash field. The authenticity and integrity of the
image file is protected by DTLS, and in this context, MD5 is not used
as a cryptographically secure hash, but just as a basic checksum.
Therefore, the use of MD5 is not considered a security vulnerability,
and no mechanisms for algorithm agility are provided.
12.1.6. CAPWAP Fragmentation
RFC 4963 [RFC4963] describes a possible security vulnerability where
a malicious entity can "corrupt" a flow by injecting fragments. By
sending "high" fragments (those with offset greater than zero) with a
forged source address, the attacker can deliberately cause
corruption. The use of DTLS on the CAPWAP Data channel can be used
to avoid this possible vulnerability.
12.2. Session ID Security
Since DTLS does not export a unique session identifier, there can be
no explicit protocol binding between the DTLS layer and CAPWAP layer.
As a result, implementations MUST provide a mechanism for performing
this binding. For example, an AC MUST NOT associate decrypted DTLS
control packets with a particular WTP session based solely on the
Session ID in the packet header. Instead, identification should be
done based on which DTLS session decrypted the packet. Otherwise,
one authenticated WTP could spoof another authenticated WTP by
altering the Session ID in the encrypted CAPWAP Header.
It should be noted that when the CAPWAP Data channel is unencrypted,
the WTP Session ID is exposed and possibly known to adversaries and
other WTPs. This would allow the forgery of the source of data-
channel traffic. This, however, should not be a surprise for
unencrypted data channels. When the data channel is encrypted, the
Session ID is not exposed, and therefore can safely be used to
associate a data and control channel. The 128-bit length of the
Session ID mitigates online guessing attacks where an adversarial,
authenticated WTP tries to correlate his own data channel with
another WTP's control channel. Note that for encrypted data
channels, the Session ID should only be used for correlation for the
first packet immediately after the initial DTLS handshake. Future
correlation should instead be done via identification of a packet's
DTLS session.
Calhoun, et al. Standards Track [Page 136]
RFC 5415 CAPWAP Protocol Specification March 2009
12.3. Discovery or DTLS Setup Attacks
Since the Discovery Request messages are sent in the clear, it is
important that AC implementations NOT assume that receiving a
Discovery Request message from a WTP implies that the WTP has
rebooted, and consequently tear down any active DTLS sessions.
Discovery Request messages can easily be spoofed by malicious
devices, so it is important that the AC maintain two separate sets of
states for the WTP until the DTLSSessionEstablished notification is
received, indicating that the WTP was authenticated. Once a new DTLS
session is successfully established, any state referring to the old
session can be cleared.
Similarly, when the AC is entering the DTLS Setup phase, it SHOULD
NOT assume that the WTP has reset, and therefore should not discard
active state until the DTLS session has been successfully
established. While the HelloVerifyRequest provides some protection
against denial-of-service (DoS) attacks on the AC, an adversary
capable of receiving packets at a valid address (or a malfunctioning
or misconfigured WTP) may repeatedly attempt DTLS handshakes with the
AC, potentially creating a resource shortage. If either the
FailedDTLSSessionCount or the FailedDTLSAuthFailCount counter reaches
the value of MaxFailedDTLSSessionRetry variable (see Section 4.8),
implementations MAY choose to rate-limit new DTLS handshakes for some
period of time. It is RECOMMENDED that implementations choosing to
implement rate-limiting use a random discard technique, rather than
mimicking the WTP's sulking behavior. This will ensure that messages
from valid WTPs will have some probability of eliciting a response,
even in the face of a significant DoS attack.
Some CAPWAP implementations may wish to restrict the DTLS setup
process to only those peers that have been configured in the access
control list, authorizing only those clients to initiate a DTLS
handshake. Note that the impact of this on mitigating denial-of-
service attacks against the DTLS layer is minimal, because DTLS
already uses client-side cookies to minimize processor consumption
attacks.
12.4. Interference with a DTLS Session
If a WTP or AC repeatedly receives packets that fail DTLS
authentication or decryption, this could indicate a DTLS
desynchronization between the AC and WTP, a link prone to
undetectable bit errors, or an attacker trying to disrupt a DTLS
session.
Calhoun, et al. Standards Track [Page 137]
RFC 5415 CAPWAP Protocol Specification March 2009
In the state machine (section 2.3), transitions to the DTLS Tear Down
(TD) state can be triggered by frequently receiving DTLS packets with
authentication or decryption errors. The threshold or technique for
deciding when to move to the tear down state should be chosen
carefully. Being able to easily transition to DTLS TD allows easy
detection of malfunctioning devices, but allows for denial-of-service
attacks. Making it difficult to transition to DTLS TD prevents
denial-of-service attacks, but makes it more difficult to detect and
reset a malfunctioning session. Implementers should set this policy
with care.
12.5. CAPWAP Pre-Provisioning
In order for CAPWAP to establish a secure communication with a peer,
some level of pre-provisioning on both the WTP and AC is necessary.
This section will detail the minimal number of configuration
parameters.
When using pre-shared keys, it is necessary to configure the pre-
shared key for each possible peer with which a DTLS session may be
established. To support this mode of operation, one or more entries
of the following table may be configured on either the AC or WTP:
o Identity: The identity of the peering AC or WTP. This format MAY
be in the form of either an IP address or host name (the latter of
which needs to be resolved to an IP address using DNS).
o Key: The pre-shared key for use with the peer when establishing
the DTLS session (see Section 12.6 for more information).
o PSK Identity: Identity hint associated with the provisioned key
(see Section 2.4.4.4 for more information).
When using certificates, the following items need to be pre-
provisioned:
o Device Certificate: The local device's certificate (see
Section 12.7 for more information).
o Trust Anchor: Trusted root certificate chain used to validate any
certificate received from CAPWAP peers. Note that one or more
root certificates MAY be configured on a given device.
Regardless of the authentication method, the following item needs to
be pre-provisioned:
Calhoun, et al. Standards Track [Page 138]
RFC 5415 CAPWAP Protocol Specification March 2009
o Access Control List: The access control list table contains the
identities of one or more CAPWAP peers, along with a rule. The
rule is used to determine whether communication with the peer is
permitted (see Section 2.4.4.3 for more information).
12.6. Use of Pre-Shared Keys in CAPWAP
While use of pre-shared keys may provide deployment and provisioning
advantages not found in public-key-based deployments, it also
introduces a number of operational and security concerns. In
particular, because the keys must typically be entered manually, it
is common for people to base them on memorable words or phrases.
These are referred to as "low entropy passwords/passphrases".
Use of low-entropy pre-shared keys, coupled with the fact that the
keys are often not frequently updated, tends to significantly
increase exposure. For these reasons, the following recommendations
are made:
o When DTLS is used with a pre-shared key (PSK) ciphersuite, each
WTP SHOULD have a unique PSK. Since WTPs will likely be widely
deployed, their physical security is not guaranteed. If PSKs are
not unique for each WTP, key reuse would allow the compromise of
one WTP to result in the compromise of others.
o Generating PSKs from low entropy passwords is NOT RECOMMENDED.
o It is RECOMMENDED that implementations that allow the
administrator to manually configure the PSK also provide a
capability for generation of new random PSKs, taking RFC 4086
[RFC4086] into account.
o Pre-shared keys SHOULD be periodically updated. Implementations
MAY facilitate this by providing an administrative interface for
automatic key generation and periodic update, or it MAY be
accomplished manually instead.
Every pairwise combination of WTP and AC on the network SHOULD have a
unique PSK. This prevents the domino effect (see "Guidance for
Authentication, Authorization, and Accounting (AAA) Key Management"
[RFC4962]). If PSKs are tied to specific WTPs, then knowledge of the
PSK implies a binding to a specified identity that can be authorized.
If PSKs are shared, this binding between device and identity is no
longer possible. Compromise of one WTP can yield compromise of
another WTP, violating the CAPWAP security hierarchy. Consequently,
sharing keys between WTPs is NOT RECOMMENDED.
Calhoun, et al. Standards Track [Page 139]
RFC 5415 CAPWAP Protocol Specification March 2009
12.7. Use of Certificates in CAPWAP
For public-key-based DTLS deployments, each device SHOULD have unique
credentials, with an extended key usage authorizing the device to act
as either a WTP or AC. If devices do not have unique credentials, it
is possible that by compromising one device, any other device using
the same credential may also be considered to be compromised.
Certificate validation involves checking a large variety of things.
Since the necessary things to validate are often environment-
specific, many are beyond the scope of this document. In this
section, we provide some basic guidance on certificate validation.
Each device is responsible for authenticating and authorizing devices
with which they communicate. Authentication entails validation of
the chain of trust leading to the peer certificate, followed by the
peer certificate itself. Implementations SHOULD also provide a
secure method for verifying that the credential in question has not
been revoked.
Note that if the WTP relies on the AC for network connectivity (e.g.,
the AC is a Layer 2 switch to which the WTP is directly connected),
the WTP may not be able to contact an Online Certificate Status
Protocol (OCSP) server or otherwise obtain an up-to-date Certificate
Revocation List (CRL) if a compromised AC doesn't explicitly permit
this. This cannot be avoided, except through effective physical
security and monitoring measures at the AC.
Proper validation of certificates typically requires checking to
ensure the certificate has not yet expired. If devices have a real-
time clock, they SHOULD verify the certificate validity dates. If no
real-time clock is available, the device SHOULD make a best-effort
attempt to validate the certificate validity dates through other
means. Failure to check a certificate's temporal validity can make a
device vulnerable to man-in-the-middle attacks launched using
compromised, expired certificates, and therefore devices should make
every effort to perform this validation.
12.8. Use of MAC Address in CN Field
The CAPWAP protocol is an evolution of an existing protocol [LWAPP],
which is implemented on a large number of already deployed ACs and
WTPs. Every one of these devices has an existing X.509 certificate,
which is provisioned at the time of manufacturing. These X.509
certificates use the device's MAC address in the Common Name (CN)
field. It is well understood that encoding the MAC address in the CN
field is less than optimal, and using the SubjectAltName field would
be preferable. However, at the time of publication, there is no URN
Calhoun, et al. Standards Track [Page 140]
RFC 5415 CAPWAP Protocol Specification March 2009
specification that allows for the MAC address to be used in the
SubjectAltName field. As such a specification is published by the
IETF, future versions of the CAPWAP protocol MAY require support for
the new URN scheme.
12.9. AAA Security
The AAA protocol is used to distribute Extensible Authentication
Protocol (EAP) keys to the ACs, and consequently its security is
important to the overall system security. When used with Transport
Layer Security (TLS) or IPsec, security guidelines specified in RFC
3539 [RFC3539] SHOULD be followed.
In general, the link between the AC and AAA server SHOULD be secured
using a strong ciphersuite keyed with mutually authenticated session
keys. Implementations SHOULD NOT rely solely on Basic RADIUS shared
secret authentication as it is often vulnerable to dictionary
attacks, but rather SHOULD use stronger underlying security
mechanisms.
12.10. WTP Firmware
The CAPWAP protocol defines a mechanism by which the AC downloads new
firmware to the WTP. During the session establishment process, the
WTP provides information about its current firmware to the AC. The
AC then decides whether the WTP's firmware needs to be updated. It
is important to note that the CAPWAP specification makes the explicit
assumption that the WTP is providing the correct firmware version to
the AC, and is therefore not lying. Further, during the firmware
download process, the CAPWAP protocol does not provide any mechanisms
to recognize whether the WTP is actually storing the firmware for
future use.
13. Operational Considerations
The CAPWAP protocol assumes that it is the only configuration
interface to the WTP to configure parameters that are specified in
the CAPWAP specifications. While the use of a separate management
protocol MAY be used for the purposes of monitoring the WTP directly,
configuring the WTP through a separate management interface is not
recommended. Configuring the WTP through a separate protocol, such
as via a command line interface (CLI) or Simple Network Management
Protocol (SNMP), could lead to the AC state being out of sync with
the WTP.
Calhoun, et al. Standards Track [Page 141]
RFC 5415 CAPWAP Protocol Specification March 2009
The CAPWAP protocol does not deal with the management of the ACs.
The AC is assumed to be configured through some separate management
interface, which could be via a proprietary CLI, SNMP, Network
Configuration Protocol (NETCONF), or some other management protocol.
The CAPWAP protocol's control channel is fairly lightweight from a
traffic perspective. Once the WTP has been configured, the WTP sends
periodic statistics. Further, the specification calls for a keep-
alive packet to be sent on the protocol's data channel to make sure
that any possible middleboxes (e.g., NAT) maintain their UDP state.
The overhead associated with the control and data channel is not
expected to impact network traffic. That said, the CAPWAP protocol
does allow for the frequency of these packets to be modified through
the DataChannelKeepAlive and StatisticsTimer (see Section 4.7.2 and
Section 4.7.14, respectively).
14. Transport Considerations
The CAPWAP WG carefully considered the congestion control
requirements of the CAPWAP protocol, both for the CAPWAP Control and
Data channels.
CAPWAP specifies a single-threaded command/response protocol to be
used on the control channel, and we have specified that an
exponential back-off algorithm should be used when commands are
retransmitted. When CAPWAP runs in its default mode (Local MAC), the
control channel is the only CAPWAP channel.
However, CAPWAP can also be run in Split MAC mode, in which case
there will be a DTLS-encrypted data channel between each WTP and the
AC. The WG discussed various options for providing congestion
control on this channel. However, due to performance problems with
TCP when it is run over another congestion control mechanism and the
fact that the vast majority of traffic run over the CAPWAP Data
channel is likely to be congestion-controlled IP traffic, the CAPWAP
WG felt that specifying a congestion control mechanism for the CAPWAP
Data channel would be more likely to cause problems than to resolve
any.
Because there is no congestion control mechanism specified for the
CAPWAP Data channel, it is RECOMMENDED that non-congestion-controlled
traffic not be tunneled over CAPWAP. When a significant amount of
non-congestion-controlled traffic is expected to be present on a
WLAN, the CAPWAP connection between the AC and the WTP for that LAN
should be configured to remain in Local MAC mode with Distribution
function at the WTP.
Calhoun, et al. Standards Track [Page 142]
RFC 5415 CAPWAP Protocol Specification March 2009
The lock step nature of the CAPWAP protocol's control channel can
cause the firmware download process to take some time, depending upon
the round-trip time (RTT). This is not expected to be a problem
since the CAPWAP protocol allows firmware to be downloaded while the
WTP provides service to wireless clients/devices.
It is necessary for the WTP and AC to configure their MTU based on
the capabilities of the path. See Section 3.5 for more information.
The CAPWAP protocol mandates support of the Explicit Congestion
Notification (ECN) through a mode of operation named "limited
functionality option", detailed in section 9.1.1 of [RFC3168].
Future versions of the CAPWAP protocol should consider mandating
support for the "full functionality option".
15. IANA Considerations
This section details the actions that IANA has taken in preparation
for publication of the specification. Numerous registries have been
created, and the contents, document action (see [RFC5226], and
registry format are all included below. Note that in cases where bit
fields are referred to, the bit numbering is left to right, where the
leftmost bit is labeled as bit zero (0).
For future registration requests where an Expert Review is required,
a Designated Expert should be consulted, which is appointed by the
responsible IESG Area Director. The intention is that any allocation
will be accompanied by a published RFC, but given that other SDOs may
want to create standards built on top of CAPWAP, a document the
Designated Expert can review is also acceptable. IANA should allow
for allocation of values prior to documents being approved for
publication, so the Designated Expert can approve allocations once it
seems clear that publication will occur. The Designated Expert will
post a request to the CAPWAP WG mailing list (or a successor
designated by the Area Director) for comment and review. Before a
period of 30 days has passed, the Designated Expert will either
approve or deny the registration request and publish a notice of the
decision to the CAPWAP WG mailing list or its successor, as well as
informing IANA. A denial notice must be justified by an explanation,
and in the cases where it is possible, concrete suggestions on how
the request can be modified so as to become acceptable should be
provided.
15.1. IPv4 Multicast Address
IANA has registered a new IPv4 multicast address called "capwap-ac"
from the Internetwork Control Block IPv4 multicast address registry;
see Section 3.3.
Calhoun, et al. Standards Track [Page 143]
RFC 5415 CAPWAP Protocol Specification March 2009
15.2. IPv6 Multicast Address
IANA has registered a new organization local multicast address called
the "All ACs multicast address" in the Variable Scope IPv6 multicast
address registry; see Section 3.3.
15.3. UDP Port
IANA registered two new UDP Ports, which are organization-local
multicast addresses, in the registered port numbers registry; see
Section 3.1. The following values have been registered:
Keyword Decimal Description References
------- ------- ----------- ----------
capwap-control 5246/udp CAPWAP Control Protocol This Document
capwap-data 5247/udp CAPWAP Data Protocol This Document
15.4. CAPWAP Message Types
The Message Type field in the CAPWAP Header (see Section 4.5.1.1) is
used to identify the operation performed by the message. There are
multiple namespaces, which are identified via the first three octets
of the field containing the IANA Enterprise Number [RFC5226].
IANA maintains the CAPWAP Message Types registry for all message
types whose Enterprise Number is set to zero (0). The namespace is 8
bits (0-255), where the value of zero (0) is reserved and must not be
assigned. The values one (1) through 26 are allocated in this
specification, and can be found in Section 4.5.1.1. Any new
assignments of a CAPWAP Message Type whose Enterprise Number is set
to zero (0) requires an Expert Review. The registry maintained by
IANA has the following format:
CAPWAP Control Message Message Type Reference
Value
15.5. CAPWAP Header Flags
The Flags field in the CAPWAP Header (see Section 4.3) is 9 bits in
length and is used to identify any special treatment related to the
message. This specification defines bits zero (0) through five (5),
while bits six (6) through eight (8) are reserved. There are
currently three unused, reserved bits that are managed by IANA and
whose assignment require an Expert Review. IANA created the CAPWAP
Header Flags registry, whose format is:
Flag Field Name Bit Position Reference
Calhoun, et al. Standards Track [Page 144]
RFC 5415 CAPWAP Protocol Specification March 2009
15.6. CAPWAP Control Message Flags
The Flags field in the CAPWAP Control Message header (see
Section 4.5.1.4) is used to identify any special treatment related to
the control message. There are currently eight (8) unused, reserved
bits. The assignment of these bits is managed by IANA and requires
an Expert Review. IANA created the CAPWAP Control Message Flags
registry, whose format is:
Flag Field Name Bit Position Reference
15.7. CAPWAP Message Element Type
The Type field in the CAPWAP Message Element header (see Section 4.6)
is used to identify the data being transported. The namespace is 16
bits (0-65535), where the value of zero (0) is reserved and must not
be assigned. The values one (1) through 53 are allocated in this
specification, and can be found in Section 4.5.1.1.
The 16-bit namespace is further divided into blocks of addresses that
are reserved for specific CAPWAP wireless bindings. The following
blocks are reserved:
CAPWAP Protocol Message Elements 1 - 1023
IEEE 802.11 Message Elements 1024 - 2047
EPCGlobal Message Elements 3072 - 4095
This namespace is managed by IANA and assignments require an Expert
Review. IANA created the CAPWAP Message Element Type registry, whose
format is:
CAPWAP Message Element Type Value Reference
15.8. CAPWAP Wireless Binding Identifiers
The Wireless Binding Identifier (WBID) field in the CAPWAP Header
(see Section 4.3) is used to identify the wireless technology
associated with the packet. This specification allocates the values
one (1) and three (3). Due to the limited address space available, a
new WBID request requires Expert Review. IANA created the CAPWAP
Wireless Binding Identifier registry, whose format is:
CAPWAP Wireless Binding Identifier Type Value Reference
Calhoun, et al. Standards Track [Page 145]
RFC 5415 CAPWAP Protocol Specification March 2009
15.9. AC Security Types
The Security field in the AC Descriptor message element (see
Section 4.6.1) is 8 bits in length and is used to identify the
authentication methods available on the AC. This specification
defines bits five (5) and six (6), while bits zero (0) through four
(4) as well as bit seven (7) are reserved and unused. These reserved
bits are managed by IANA and assignment requires Standards Action.
IANA created the AC Security Types registry, whose format is:
AC Security Type Bit Position Reference
15.10. AC DTLS Policy
The DTLS Policy field in the AC Descriptor message element (see
Section 4.6.1) is 8 bits in length and is used to identify whether
the CAPWAP Data Channel is to be secured. This specification defines
bits five (5) and six (6), while bits zero (0) through four (4) as
well as bit seven (7) are reserved and unused. These reserved bits
are managed by IANA and assignment requires Standards Action. IANA
created the AC DTLS Policy registry, whose format is:
AC DTLS Policy Bit Position Reference
15.11. AC Information Type
The Information Type field in the AC Descriptor message element (see
Section 4.6.1) is used to represent information about the AC. The
namespace is 16 bits (0-65535), where the value of zero (0) is
reserved and must not be assigned. This field, combined with the AC
Information Vendor ID, allows vendors to use a private namespace.
This specification defines the AC Information Type namespace when the
AC Information Vendor ID is set to zero (0), for which the values
four (4) and five (5) are allocated in this specification, and can be
found in Section 4.6.1. This namespace is managed by IANA and
assignments require an Expert Review. IANA created the AC
Information Type registry, whose format is:
AC Information Type Type Value Reference
15.12. CAPWAP Transport Protocol Types
The Transport field in the CAPWAP Transport Protocol message element
(see Section 4.6.14) is used to identify the transport to use for the
CAPWAP Data Channel. The namespace is 8 bits (0-255), where the
value of zero (0) is reserved and must not be assigned. The values
one (1) and two (2) are allocated in this specification, and can be
Calhoun, et al. Standards Track [Page 146]
RFC 5415 CAPWAP Protocol Specification March 2009
found in Section 4.6.14. This namespace is managed by IANA and
assignments require an Expert Review. IANA created the CAPWAP
Transport Protocol Types registry, whose format is:
CAPWAP Transport Protocol Type Type Value Reference
15.13. Data Transfer Type
The Data Type field in the Data Transfer Data message element (see
Section 4.6.15) and Image Data message element (see Section 4.6.26)
is used to provide information about the data being carried. The
namespace is 8 bits (0-255), where the value of zero (0) is reserved
and must not be assigned. The values one (1), two (2), and five (5)
are allocated in this specification, and can be found in
Section 4.6.15. This namespace is managed by IANA and assignments
require an Expert Review. IANA created the Data Transfer Type
registry, whose format is:
Data Transfer Type Type Value Reference
15.14. Data Transfer Mode
The Data Mode field in the Data Transfer Data message element (see
Section 4.6.15) and Data Transfer Mode message element (see
Section 15.14) is used to provide information about the data being
carried. The namespace is 8 bits (0-255), where the value of zero
(0) is reserved and must not be assigned. The values one (1) and two
(2) are allocated in this specification, and can be found in
Section 15.14. This namespace is managed by IANA and assignments
require an Expert Review. IANA created the Data Transfer Mode
registry, whose format is:
Data Transfer Mode Type Value Reference
15.15. Discovery Types
The Discovery Type field in the Discovery Type message element (see
Section 4.6.21) is used by the WTP to indicate to the AC how it was
discovered. The namespace is 8 bits (0-255). The values zero (0)
through four (4) are allocated in this specification and can be found
in Section 4.6.21. This namespace is managed by IANA and assignments
require an Expert Review. IANA created the Discovery Types registry,
whose format is:
Discovery Types Type Value Reference
Calhoun, et al. Standards Track [Page 147]
RFC 5415 CAPWAP Protocol Specification March 2009
15.16. ECN Support
The ECN Support field in the ECN Support message element (see
Section 4.6.25) is used by the WTP to represent its ECN Support. The
namespace is 8 bits (0-255). The values zero (0) and one (1) are
allocated in this specification, and can be found in Section 4.6.25.
This namespace is managed by IANA and assignments require an Expert
Review. IANA created the ECN Support registry, whose format is:
ECN Support Type Value Reference
15.17. Radio Admin State
The Radio Admin field in the Radio Administrative State message
element (see Section 4.6.33) is used by the WTP to represent the
state of its radios. The namespace is 8 bits (0-255), where the
value of zero (0) is reserved and must not be assigned. The values
one (1) and two (2) are allocated in this specification, and can be
found in Section 4.6.33. This namespace is managed by IANA and
assignments require an Expert Review. IANA created the Radio Admin
State registry, whose format is:
Radio Admin State Type Value Reference
15.18. Radio Operational State
The State field in the Radio Operational State message element (see
Section 4.6.34) is used by the WTP to represent the operational state
of its radios. The namespace is 8 bits (0-255), where the value of
zero (0) is reserved and must not be assigned. The values one (1)
and two (2) are allocated in this specification, and can be found in
Section 4.6.34. This namespace is managed by IANA and assignments
require an Expert Review. IANA created the Radio Operational State
registry, whose format is:
Radio Operational State Type Value Reference
15.19. Radio Failure Causes
The Cause field in the Radio Operational State message element (see
Section 4.6.34) is used by the WTP to represent the reason a radio
may have failed. The namespace is 8 bits (0-255), where the value of
zero (0) through three (3) are allocated in this specification, and
can be found in Section 4.6.34. This namespace is managed by IANA
and assignments require an Expert Review. IANA created the Radio
Failure Causes registry, whose format is:
Radio Failure Causes Type Value Reference
Calhoun, et al. Standards Track [Page 148]
RFC 5415 CAPWAP Protocol Specification March 2009
15.20. Result Code
The Result Code field in the Result Code message element (see
Section 4.6.35) is used to indicate the success or failure of a
CAPWAP Control message. The namespace is 32 bits (0-4294967295),
where the value of zero (0) through 22 are allocated in this
specification, and can be found in Section 4.6.35. This namespace is
managed by IANA and assignments require an Expert Review. IANA
created the Result Code registry, whose format is:
Result Code Type Value Reference
15.21. Returned Message Element Reason
The Reason field in the Returned Message Element message element (see
Section 4.6.36) is used to indicate the reason why a message element
was not processed successfully. The namespace is 8 bits (0-255),
where the value of zero (0) is reserved and must not be assigned.
The values one (1) through four (4) are allocated in this
specification, and can be found in Section 4.6.36. This namespace is
managed by IANA and assignments require an Expert Review. IANA
created the Returned Message Element Reason registry, whose format
is:
Returned Message Element Reason Type Value Reference
15.22. WTP Board Data Type
The Board Data Type field in the WTP Board Data message element (see
Section 4.6.40) is used to represent information about the WTP
hardware. The namespace is 16 bits (0-65535). The WTP Board Data
Type values zero (0) through four (4) are allocated in this
specification, and can be found in Section 4.6.40. This namespace is
managed by IANA and assignments require an Expert Review. IANA
created the WTP Board Data Type registry, whose format is:
WTP Board Data Type Type Value Reference
15.23. WTP Descriptor Type
The Descriptor Type field in the WTP Descriptor message element (see
Section 4.6.41) is used to represent information about the WTP
software. The namespace is 16 bits (0-65535). This field, combined
with the Descriptor Vendor ID, allows vendors to use a private
namespace. This specification defines the WTP Descriptor Type
namespace when the Descriptor Vendor ID is set to zero (0), for which
the values zero (0) through three (3) are allocated in this
Calhoun, et al. Standards Track [Page 149]
RFC 5415 CAPWAP Protocol Specification March 2009
specification, and can be found in Section 4.6.41. This namespace is
managed by IANA and assignments require an Expert Review. IANA
created the WTP Board Data Type registry, whose format is:
WTP Descriptor Type Type Value Reference
15.24. WTP Fallback Mode
The Mode field in the WTP Fallback message element (see
Section 4.6.42) is used to indicate the type of AC fallback mechanism
the WTP should employ. The namespace is 8 bits (0-255), where the
value of zero (0) is reserved and must not be assigned. The values
one (1) and two (2) are allocated in this specification, and can be
found in Section 4.6.42. This namespace is managed by IANA and
assignments require an Expert Review. IANA created the WTP Fallback
Mode registry, whose format is:
WTP Fallback Mode Type Value Reference
15.25. WTP Frame Tunnel Mode
The Tunnel Type field in the WTP Frame Tunnel Mode message element
(see Section 4.6.43) is 8 bits and is used to indicate the type of
tunneling to use between the WTP and the AC. This specification
defines bits four (4) through six (6), while bits zero (0) through
three (3) as well as bit seven (7) are reserved and unused. These
reserved bits are managed by IANA and assignment requires an Expert
Review. IANA created the WTP Frame Tunnel Mode registry, whose
format is:
WTP Frame Tunnel Mode Bit Position Reference
15.26. WTP MAC Type
The MAC Type field in the WTP MAC Type message element (see
Section 4.6.44) is used to indicate the type of MAC to use in
tunneled frames between the WTP and the AC. The namespace is 8 bits
(0-255), where the value of zero (0) through two (2) are allocated in
this specification, and can be found in Section 4.6.44. This
namespace is managed by IANA and assignments require an Expert
Review. IANA created the WTP MAC Type registry, whose format is:
WTP MAC Type Type Value Reference
Calhoun, et al. Standards Track [Page 150]
RFC 5415 CAPWAP Protocol Specification March 2009
15.27. WTP Radio Stats Failure Type
The Last Failure Type field in the WTP Radio Statistics message
element (see Section 4.6.46) is used to indicate the last WTP
failure. The namespace is 8 bits (0-255), where the value of zero
(0) through three (3) as well as the value 255 are allocated in this
specification, and can be found in Section 4.6.46. This namespace is
managed by IANA and assignments require an Expert Review. IANA
created the WTP Radio Stats Failure Type registry, whose format is:
WTP Radio Stats Failure Type Type Value Reference
15.28. WTP Reboot Stats Failure Type
The Last Failure Type field in the WTP Reboot Statistics message
element (see Section 4.6.47) is used to indicate the last reboot
reason. The namespace is 8 bits (0-255), where the value of zero (0)
through five (5) as well as the value 255 are allocated in this
specification, and can be found in Section 4.6.47. This namespace is
managed by IANA and assignments require an Expert Review. IANA
created the WTP Reboot Stats Failure Type registry, whose format is:
WTP Reboot Stats Failure Type Type Value Reference
16. Acknowledgments
The following individuals are acknowledged for their contributions to
this protocol specification: Puneet Agarwal, Abhijit Choudhury, Pasi
Eronen, Saravanan Govindan, Peter Nilsson, David Perkins, and Yong
Zhang.
Michael Vakulenko contributed text to describe how CAPWAP can be used
over Layer 3 (IP/UDP) networks.
17. References
17.1. Normative References
[RFC1191] Mogul, J. and S. Deering, "Path MTU discovery",
RFC 1191, November 1990.
[RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm",
RFC 1321, April 1992.
[RFC1305] Mills, D., "Network Time Protocol (Version 3)
Specification, Implementation", RFC 1305,
March 1992.
Calhoun, et al. Standards Track [Page 151]
RFC 5415 CAPWAP Protocol Specification March 2009
[RFC1981] McCann, J., Deering, S., and J. Mogul, "Path MTU
Discovery for IP version 6", RFC 1981,
August 1996.
[RFC2119] Bradner, S., "Key words for use in RFCs to
Indicate Requirement Levels", BCP 14, RFC 2119,
March 1997.
[RFC2460] Deering, S. and R. Hinden, "Internet Protocol,
Version 6 (IPv6) Specification", RFC 2460,
December 1998.
[RFC2474] Nichols, K., Blake, S., Baker, F., and D. Black,
"Definition of the Differentiated Services Field
(DS Field) in the IPv4 and IPv6 Headers",
RFC 2474, December 1998.
[RFC2782] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS
RR for specifying the location of services (DNS
SRV)", RFC 2782, February 2000.
[RFC3168] Ramakrishnan, K., Floyd, S., and D. Black, "The
Addition of Explicit Congestion Notification (ECN)
to IP", RFC 3168, September 2001.
[RFC3539] Aboba, B. and J. Wood, "Authentication,
Authorization and Accounting (AAA) Transport
Profile", RFC 3539, June 2003.
[RFC3629] Yergeau, F., "UTF-8, a transformation format of
ISO 10646", STD 63, RFC 3629, November 2003.
[RFC3828] Larzon, L-A., Degermark, M., Pink, S., Jonsson,
L-E., and G. Fairhurst, "The Lightweight User
Datagram Protocol (UDP-Lite)", RFC 3828,
July 2004.
[RFC4086] Eastlake, D., Schiller, J., and S. Crocker,
"Randomness Requirements for Security", BCP 106,
RFC 4086, June 2005.
[RFC4279] Eronen, P. and H. Tschofenig, "Pre-Shared Key
Ciphersuites for Transport Layer Security (TLS)",
RFC 4279, December 2005.
[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer
Security (TLS) Protocol Version 1.2", RFC 5246,
August 2008.
Calhoun, et al. Standards Track [Page 152]
RFC 5415 CAPWAP Protocol Specification March 2009
[RFC4347] Rescorla, E. and N. Modadugu, "Datagram Transport
Layer Security", RFC 4347, April 2006.
[RFC4821] Mathis, M. and J. Heffner, "Packetization Layer
Path MTU Discovery", RFC 4821, March 2007.
[RFC4963] Heffner, J., Mathis, M., and B. Chandler, "IPv4
Reassembly Errors at High Data Rates", RFC 4963,
July 2007.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for
Writing an IANA Considerations Section in RFCs",
BCP 26, RFC 5226, May 2008.
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen,
S., Housley, R., and W. Polk, "Internet X.509
Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile",
RFC 5280, May 2008.
[ISO.9834-1.1993] International Organization for Standardization,
"Procedures for the operation of OSI registration
authorities - part 1: general procedures",
ISO Standard 9834-1, 1993.
[RFC5416] Calhoun, P., Ed., Montemurro, M., Ed., and D.
Stanley, Ed., "Control And Provisioning of
Wireless Access Points (CAPWAP) Protocol Binding
for IEEE 802.11", RFC 5416, March 2009.
[RFC5417] Calhoun, P., "Control And Provisioning of Wireless
Access Points (CAPWAP) Access Controller DHCP
Option", RFC 5417, March 2009.
[FRAME-EXT] IEEE, "IEEE Standard 802.3as-2006", 2005.
17.2. Informative References
[RFC3232] Reynolds, J., "Assigned Numbers: RFC 1700 is
Replaced by an On-line Database", RFC 3232,
January 2002.
[RFC3753] Manner, J. and M. Kojo, "Mobility Related
Terminology", RFC 3753, June 2004.
Calhoun, et al. Standards Track [Page 153]
RFC 5415 CAPWAP Protocol Specification March 2009
[RFC4564] Govindan, S., Cheng, H., Yao, ZH., Zhou, WH., and
L. Yang, "Objectives for Control and Provisioning
of Wireless Access Points (CAPWAP)", RFC 4564,
July 2006.
[RFC4962] Housley, R. and B. Aboba, "Guidance for
Authentication, Authorization, and Accounting
(AAA) Key Management", BCP 132, RFC 4962,
July 2007.
[LWAPP] Calhoun, P., O'Hara, B., Suri, R., Cam Winget, N.,
Kelly, S., Williams, M., and S. Hares,
"Lightweight Access Point Protocol", Work in
Progress, March 2007.
[SLAPP] Narasimhan, P., Harkins, D., and S. Ponnuswamy,
"SLAPP: Secure Light Access Point Protocol", Work
in Progress, May 2005.
[DTLS-DESIGN] Modadugu, et al., N., "The Design and
Implementation of Datagram TLS", Feb 2004.
[EUI-48] IEEE, "Guidelines for use of a 48-bit Extended
Unique Identifier", Dec 2005.
[EUI-64] IEEE, "GUIDELINES FOR 64-BIT GLOBAL IDENTIFIER
(EUI-64) REGISTRATION AUTHORITY".
[EPCGlobal] "See http://www.epcglobalinc.org/home".
[PacketCable] "PacketCable Security Specification PKT-SP-SEC-
I12-050812", August 2005, <PacketCable>.
[CableLabs] "OpenCable System Security Specification OC-SP-
SEC-I07-061031", October 2006, <CableLabs>.
[WiMAX] "WiMAX Forum X.509 Device Certificate Profile
Approved Specification V1.0.1", April 2008,
<WiMAX>.
[RFC5418] Kelly, S. and C. Clancy, "Control And Provisioning
for Wireless Access Points (CAPWAP) Threat
Analysis for IEEE 802.11 Deployments", RFC 5418,
March 2009.
Calhoun, et al. Standards Track [Page 154]
RFC 5415 CAPWAP Protocol Specification March 2009
Editors' Addresses
Pat R. Calhoun (editor)
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
Phone: +1 408-902-3240
EMail: pcalhoun@cisco.com
Michael P. Montemurro (editor)
Research In Motion
5090 Commerce Blvd
Mississauga, ON L4W 5M4
Canada
Phone: +1 905-629-4746 x4999
EMail: mmontemurro@rim.com
Dorothy Stanley (editor)
Aruba Networks
1322 Crossman Ave
Sunnyvale, CA 94089
Phone: +1 630-363-1389
EMail: dstanley@arubanetworks.com
Calhoun, et al. Standards Track [Page 155]