8684 lines
337 KiB
Plaintext
8684 lines
337 KiB
Plaintext
|
||
|
||
|
||
|
||
|
||
|
||
Network Working Group P. Calhoun, Ed.
|
||
Request for Comments: 5415 Cisco Systems, Inc.
|
||
Category: Standards Track M. Montemurro, Ed.
|
||
Research In Motion
|
||
D. Stanley, Ed.
|
||
Aruba Networks
|
||
March 2009
|
||
|
||
|
||
Control And Provisioning of Wireless Access Points (CAPWAP)
|
||
Protocol Specification
|
||
|
||
Status of This Memo
|
||
|
||
This document specifies an Internet standards track protocol for the
|
||
Internet community, and requests discussion and suggestions for
|
||
improvements. Please refer to the current edition of the "Internet
|
||
Official Protocol Standards" (STD 1) for the standardization state
|
||
and status of this protocol. Distribution of this memo is unlimited.
|
||
|
||
Copyright Notice
|
||
|
||
Copyright (c) 2009 IETF Trust and the persons identified as the
|
||
document authors. All rights reserved.
|
||
|
||
This document is subject to BCP 78 and the IETF Trust's Legal
|
||
Provisions Relating to IETF Documents in effect on the date of
|
||
publication of this document (http://trustee.ietf.org/license-info).
|
||
Please review these documents carefully, as they describe your rights
|
||
and restrictions with respect to this document.
|
||
|
||
This document may contain material from IETF Documents or IETF
|
||
Contributions published or made publicly available before November
|
||
10, 2008. The person(s) controlling the copyright in some of this
|
||
material may not have granted the IETF Trust the right to allow
|
||
modifications of such material outside the IETF Standards Process.
|
||
Without obtaining an adequate license from the person(s) controlling
|
||
the copyright in such materials, this document may not be modified
|
||
outside the IETF Standards Process, and derivative works of it may
|
||
not be created outside the IETF Standards Process, except to format
|
||
it for publication as an RFC or to translate it into languages other
|
||
than English.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 1]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
Abstract
|
||
|
||
This specification defines the Control And Provisioning of Wireless
|
||
Access Points (CAPWAP) Protocol, meeting the objectives defined by
|
||
the CAPWAP Working Group in RFC 4564. The CAPWAP protocol is
|
||
designed to be flexible, allowing it to be used for a variety of
|
||
wireless technologies. This document describes the base CAPWAP
|
||
protocol, while separate binding extensions will enable its use with
|
||
additional wireless technologies.
|
||
|
||
Table of Contents
|
||
|
||
1. Introduction ....................................................7
|
||
1.1. Goals ......................................................8
|
||
1.2. Conventions Used in This Document ..........................9
|
||
1.3. Contributing Authors .......................................9
|
||
1.4. Terminology ...............................................10
|
||
2. Protocol Overview ..............................................11
|
||
2.1. Wireless Binding Definition ...............................12
|
||
2.2. CAPWAP Session Establishment Overview .....................13
|
||
2.3. CAPWAP State Machine Definition ...........................15
|
||
2.3.1. CAPWAP Protocol State Transitions ..................17
|
||
2.3.2. CAPWAP/DTLS Interface ..............................31
|
||
2.4. Use of DTLS in the CAPWAP Protocol ........................33
|
||
2.4.1. DTLS Handshake Processing ..........................33
|
||
2.4.2. DTLS Session Establishment .........................35
|
||
2.4.3. DTLS Error Handling ................................35
|
||
2.4.4. DTLS Endpoint Authentication and Authorization .....36
|
||
3. CAPWAP Transport ...............................................40
|
||
3.1. UDP Transport .............................................40
|
||
3.2. UDP-Lite Transport ........................................41
|
||
3.3. AC Discovery ..............................................41
|
||
3.4. Fragmentation/Reassembly ..................................42
|
||
3.5. MTU Discovery .............................................43
|
||
4. CAPWAP Packet Formats ..........................................43
|
||
4.1. CAPWAP Preamble ...........................................46
|
||
4.2. CAPWAP DTLS Header ........................................46
|
||
4.3. CAPWAP Header .............................................47
|
||
4.4. CAPWAP Data Messages ......................................50
|
||
4.4.1. CAPWAP Data Channel Keep-Alive .....................51
|
||
4.4.2. Data Payload .......................................52
|
||
4.4.3. Establishment of a DTLS Data Channel ...............52
|
||
4.5. CAPWAP Control Messages ...................................52
|
||
4.5.1. Control Message Format .............................53
|
||
4.5.2. Quality of Service .................................56
|
||
4.5.3. Retransmissions ....................................57
|
||
4.6. CAPWAP Protocol Message Elements ..........................58
|
||
4.6.1. AC Descriptor ......................................61
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 2]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
4.6.2. AC IPv4 List .......................................64
|
||
4.6.3. AC IPv6 List .......................................64
|
||
4.6.4. AC Name ............................................65
|
||
4.6.5. AC Name with Priority ..............................65
|
||
4.6.6. AC Timestamp .......................................66
|
||
4.6.7. Add MAC ACL Entry ..................................66
|
||
4.6.8. Add Station ........................................67
|
||
4.6.9. CAPWAP Control IPv4 Address ........................68
|
||
4.6.10. CAPWAP Control IPv6 Address .......................68
|
||
4.6.11. CAPWAP Local IPv4 Address .........................69
|
||
4.6.12. CAPWAP Local IPv6 Address .........................69
|
||
4.6.13. CAPWAP Timers .....................................70
|
||
4.6.14. CAPWAP Transport Protocol .........................71
|
||
4.6.15. Data Transfer Data ................................72
|
||
4.6.16. Data Transfer Mode ................................73
|
||
4.6.17. Decryption Error Report ...........................73
|
||
4.6.18. Decryption Error Report Period ....................74
|
||
4.6.19. Delete MAC ACL Entry ..............................74
|
||
4.6.20. Delete Station ....................................75
|
||
4.6.21. Discovery Type ....................................75
|
||
4.6.22. Duplicate IPv4 Address ............................76
|
||
4.6.23. Duplicate IPv6 Address ............................77
|
||
4.6.24. Idle Timeout ......................................78
|
||
4.6.25. ECN Support .......................................78
|
||
4.6.26. Image Data ........................................79
|
||
4.6.27. Image Identifier ..................................79
|
||
4.6.28. Image Information .................................80
|
||
4.6.29. Initiate Download .................................81
|
||
4.6.30. Location Data .....................................81
|
||
4.6.31. Maximum Message Length ............................81
|
||
4.6.32. MTU Discovery Padding .............................82
|
||
4.6.33. Radio Administrative State ........................82
|
||
4.6.34. Radio Operational State ...........................83
|
||
4.6.35. Result Code .......................................84
|
||
4.6.36. Returned Message Element ..........................85
|
||
4.6.37. Session ID ........................................86
|
||
4.6.38. Statistics Timer ..................................87
|
||
4.6.39. Vendor Specific Payload ...........................87
|
||
4.6.40. WTP Board Data ....................................88
|
||
4.6.41. WTP Descriptor ....................................89
|
||
4.6.42. WTP Fallback ......................................92
|
||
4.6.43. WTP Frame Tunnel Mode .............................92
|
||
4.6.44. WTP MAC Type ......................................93
|
||
4.6.45. WTP Name ..........................................94
|
||
4.6.46. WTP Radio Statistics ..............................94
|
||
4.6.47. WTP Reboot Statistics .............................96
|
||
4.6.48. WTP Static IP Address Information .................97
|
||
4.7. CAPWAP Protocol Timers ....................................98
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 3]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
4.7.1. ChangeStatePendingTimer ............................98
|
||
4.7.2. DataChannelKeepAlive ...............................98
|
||
4.7.3. DataChannelDeadInterval ............................99
|
||
4.7.4. DataCheckTimer .....................................99
|
||
4.7.5. DiscoveryInterval ..................................99
|
||
4.7.6. DTLSSessionDelete ..................................99
|
||
4.7.7. EchoInterval .......................................99
|
||
4.7.8. IdleTimeout ........................................99
|
||
4.7.9. ImageDataStartTimer ...............................100
|
||
4.7.10. MaxDiscoveryInterval .............................100
|
||
4.7.11. ReportInterval ...................................100
|
||
4.7.12. RetransmitInterval ...............................100
|
||
4.7.13. SilentInterval ...................................100
|
||
4.7.14. StatisticsTimer ..................................100
|
||
4.7.15. WaitDTLS .........................................101
|
||
4.7.16. WaitJoin .........................................101
|
||
4.8. CAPWAP Protocol Variables ................................101
|
||
4.8.1. AdminState ........................................101
|
||
4.8.2. DiscoveryCount ....................................101
|
||
4.8.3. FailedDTLSAuthFailCount ...........................101
|
||
4.8.4. FailedDTLSSessionCount ............................101
|
||
4.8.5. MaxDiscoveries ....................................102
|
||
4.8.6. MaxFailedDTLSSessionRetry .........................102
|
||
4.8.7. MaxRetransmit .....................................102
|
||
4.8.8. RetransmitCount ...................................102
|
||
4.8.9. WTPFallBack .......................................102
|
||
4.9. WTP Saved Variables ......................................102
|
||
4.9.1. AdminRebootCount ..................................102
|
||
4.9.2. FrameEncapType ....................................102
|
||
4.9.3. LastRebootReason ..................................103
|
||
4.9.4. MacType ...........................................103
|
||
4.9.5. PreferredACs ......................................103
|
||
4.9.6. RebootCount .......................................103
|
||
4.9.7. Static IP Address .................................103
|
||
4.9.8. WTPLinkFailureCount ...............................103
|
||
4.9.9. WTPLocation .......................................103
|
||
4.9.10. WTPName ..........................................103
|
||
5. CAPWAP Discovery Operations ...................................103
|
||
5.1. Discovery Request Message ................................103
|
||
5.2. Discovery Response Message ...............................105
|
||
5.3. Primary Discovery Request Message ........................106
|
||
5.4. Primary Discovery Response ...............................107
|
||
6. CAPWAP Join Operations ........................................108
|
||
6.1. Join Request .............................................108
|
||
6.2. Join Response ............................................110
|
||
7. Control Channel Management ....................................111
|
||
7.1. Echo Request .............................................111
|
||
7.2. Echo Response ............................................112
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 4]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
8. WTP Configuration Management ..................................112
|
||
8.1. Configuration Consistency ................................112
|
||
8.1.1. Configuration Flexibility .........................113
|
||
8.2. Configuration Status Request .............................114
|
||
8.3. Configuration Status Response ............................115
|
||
8.4. Configuration Update Request .............................116
|
||
8.5. Configuration Update Response ............................117
|
||
8.6. Change State Event Request ...............................117
|
||
8.7. Change State Event Response ..............................118
|
||
8.8. Clear Configuration Request ..............................119
|
||
8.9. Clear Configuration Response .............................119
|
||
9. Device Management Operations ..................................120
|
||
9.1. Firmware Management ......................................120
|
||
9.1.1. Image Data Request ................................124
|
||
9.1.2. Image Data Response ...............................125
|
||
9.2. Reset Request ............................................126
|
||
9.3. Reset Response ...........................................127
|
||
9.4. WTP Event Request ........................................127
|
||
9.5. WTP Event Response .......................................128
|
||
9.6. Data Transfer ............................................128
|
||
9.6.1. Data Transfer Request .............................130
|
||
9.6.2. Data Transfer Response ............................131
|
||
10. Station Session Management ...................................131
|
||
10.1. Station Configuration Request ...........................131
|
||
10.2. Station Configuration Response ..........................132
|
||
11. NAT Considerations ...........................................132
|
||
12. Security Considerations ......................................134
|
||
12.1. CAPWAP Security .........................................134
|
||
12.1.1. Converting Protected Data into Unprotected Data ..135
|
||
12.1.2. Converting Unprotected Data into
|
||
Protected Data (Insertion) .......................135
|
||
12.1.3. Deletion of Protected Records ....................135
|
||
12.1.4. Insertion of Unprotected Records .................135
|
||
12.1.5. Use of MD5 .......................................136
|
||
12.1.6. CAPWAP Fragmentation .............................136
|
||
12.2. Session ID Security .....................................136
|
||
12.3. Discovery or DTLS Setup Attacks .........................137
|
||
12.4. Interference with a DTLS Session ........................137
|
||
12.5. CAPWAP Pre-Provisioning .................................138
|
||
12.6. Use of Pre-Shared Keys in CAPWAP ........................139
|
||
12.7. Use of Certificates in CAPWAP ...........................140
|
||
12.8. Use of MAC Address in CN Field ..........................140
|
||
12.9. AAA Security ............................................141
|
||
12.10. WTP Firmware ...........................................141
|
||
13. Operational Considerations ...................................141
|
||
14. Transport Considerations .....................................142
|
||
15. IANA Considerations ..........................................143
|
||
15.1. IPv4 Multicast Address ..................................143
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 5]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
15.2. IPv6 Multicast Address ..................................144
|
||
15.3. UDP Port ................................................144
|
||
15.4. CAPWAP Message Types ....................................144
|
||
15.5. CAPWAP Header Flags .....................................144
|
||
15.6. CAPWAP Control Message Flags ............................145
|
||
15.7. CAPWAP Message Element Type .............................145
|
||
15.8. CAPWAP Wireless Binding Identifiers .....................145
|
||
15.9. AC Security Types .......................................146
|
||
15.10. AC DTLS Policy .........................................146
|
||
15.11. AC Information Type ....................................146
|
||
15.12. CAPWAP Transport Protocol Types ........................146
|
||
15.13. Data Transfer Type .....................................147
|
||
15.14. Data Transfer Mode .....................................147
|
||
15.15. Discovery Types ........................................147
|
||
15.16. ECN Support ............................................148
|
||
15.17. Radio Admin State ......................................148
|
||
15.18. Radio Operational State ................................148
|
||
15.19. Radio Failure Causes ...................................148
|
||
15.20. Result Code ............................................149
|
||
15.21. Returned Message Element Reason ........................149
|
||
15.22. WTP Board Data Type ....................................149
|
||
15.23. WTP Descriptor Type ....................................149
|
||
15.24. WTP Fallback Mode ......................................150
|
||
15.25. WTP Frame Tunnel Mode ..................................150
|
||
15.26. WTP MAC Type ...........................................150
|
||
15.27. WTP Radio Stats Failure Type ...........................151
|
||
15.28. WTP Reboot Stats Failure Type ..........................151
|
||
16. Acknowledgments ..............................................151
|
||
17. References ...................................................151
|
||
17.1. Normative References ....................................151
|
||
17.2. Informative References ..................................153
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 6]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
1. Introduction
|
||
|
||
This document describes the CAPWAP protocol, a standard,
|
||
interoperable protocol that enables an Access Controller (AC) to
|
||
manage a collection of Wireless Termination Points (WTPs). The
|
||
CAPWAP protocol is defined to be independent of Layer 2 (L2)
|
||
technology, and meets the objectives in "Objectives for Control and
|
||
Provisioning of Wireless Access Points (CAPWAP)" [RFC4564].
|
||
|
||
The emergence of centralized IEEE 802.11 Wireless Local Area Network
|
||
(WLAN) architectures, in which simple IEEE 802.11 WTPs are managed by
|
||
an Access Controller (AC), suggested that a standards-based,
|
||
interoperable protocol could radically simplify the deployment and
|
||
management of wireless networks. WTPs require a set of dynamic
|
||
management and control functions related to their primary task of
|
||
connecting the wireless and wired mediums. Traditional protocols for
|
||
managing WTPs are either manual static configuration via HTTP,
|
||
proprietary Layer 2-specific or non-existent (if the WTPs are self-
|
||
contained). An IEEE 802.11 binding is defined in [RFC5416] to
|
||
support use of the CAPWAP protocol with IEEE 802.11 WLAN networks.
|
||
|
||
CAPWAP assumes a network configuration consisting of multiple WTPs
|
||
communicating via the Internet Protocol (IP) to an AC. WTPs are
|
||
viewed as remote radio frequency (RF) interfaces controlled by the
|
||
AC. The CAPWAP protocol supports two modes of operation: Split and
|
||
Local MAC (medium access control). In Split MAC mode, all L2
|
||
wireless data and management frames are encapsulated via the CAPWAP
|
||
protocol and exchanged between the AC and the WTP. As shown in
|
||
Figure 1, the wireless frames received from a mobile device, which is
|
||
referred to in this specification as a Station (STA), are directly
|
||
encapsulated by the WTP and forwarded to the AC.
|
||
|
||
+-+ wireless frames +-+
|
||
| |--------------------------------| |
|
||
| | +-+ | |
|
||
| |--------------| |---------------| |
|
||
| |wireless PHY/ | | CAPWAP | |
|
||
| | MAC sublayer | | | |
|
||
+-+ +-+ +-+
|
||
STA WTP AC
|
||
|
||
Figure 1: Representative CAPWAP Architecture for Split MAC
|
||
|
||
The Local MAC mode of operation allows for the data frames to be
|
||
either locally bridged or tunneled as 802.3 frames. The latter
|
||
implies that the WTP performs the 802.11 Integration function. In
|
||
either case, the L2 wireless management frames are processed locally
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 7]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
by the WTP and then forwarded to the AC. Figure 2 shows the Local
|
||
MAC mode, in which a station transmits a wireless frame that is
|
||
encapsulated in an 802.3 frame and forwarded to the AC.
|
||
|
||
+-+wireless frames +-+ 802.3 frames +-+
|
||
| |----------------| |--------------| |
|
||
| | | | | |
|
||
| |----------------| |--------------| |
|
||
| |wireless PHY/ | | CAPWAP | |
|
||
| | MAC sublayer | | | |
|
||
+-+ +-+ +-+
|
||
STA WTP AC
|
||
|
||
Figure 2: Representative CAPWAP Architecture for Local MAC
|
||
|
||
Provisioning WTPs with security credentials and managing which WTPs
|
||
are authorized to provide service are traditionally handled by
|
||
proprietary solutions. Allowing these functions to be performed from
|
||
a centralized AC in an interoperable fashion increases manageability
|
||
and allows network operators to more tightly control their wireless
|
||
network infrastructure.
|
||
|
||
1.1. Goals
|
||
|
||
The goals for the CAPWAP protocol are listed below:
|
||
|
||
1. To centralize the authentication and policy enforcement functions
|
||
for a wireless network. The AC may also provide centralized
|
||
bridging, forwarding, and encryption of user traffic.
|
||
Centralization of these functions will enable reduced cost and
|
||
higher efficiency by applying the capabilities of network
|
||
processing silicon to the wireless network, as in wired LANs.
|
||
|
||
2. To enable shifting of the higher-level protocol processing from
|
||
the WTP. This leaves the time-critical applications of wireless
|
||
control and access in the WTP, making efficient use of the
|
||
computing power available in WTPs, which are subject to severe
|
||
cost pressure.
|
||
|
||
3. To provide an extensible protocol that is not bound to a specific
|
||
wireless technology. Extensibility is provided via a generic
|
||
encapsulation and transport mechanism, enabling the CAPWAP
|
||
protocol to be applied to many access point types in the future,
|
||
via a specific wireless binding.
|
||
|
||
The CAPWAP protocol concerns itself solely with the interface between
|
||
the WTP and the AC. Inter-AC and station-to-AC communication are
|
||
strictly outside the scope of this document.
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 8]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
1.2. Conventions Used in This Document
|
||
|
||
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
|
||
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
|
||
document are to be interpreted as described in RFC 2119 [RFC2119].
|
||
|
||
1.3. Contributing Authors
|
||
|
||
This section lists and acknowledges the authors of significant text
|
||
and concepts included in this specification.
|
||
|
||
The CAPWAP Working Group selected the Lightweight Access Point
|
||
Protocol (LWAPP) [LWAPP] to be used as the basis of the CAPWAP
|
||
protocol specification. The following people are authors of the
|
||
LWAPP document:
|
||
|
||
Bob O'Hara
|
||
Email: bob.ohara@computer.org
|
||
|
||
Pat Calhoun, Cisco Systems, Inc.
|
||
170 West Tasman Drive, San Jose, CA 95134
|
||
Phone: +1 408-902-3240, Email: pcalhoun@cisco.com
|
||
|
||
Rohit Suri, Cisco Systems, Inc.
|
||
170 West Tasman Drive, San Jose, CA 95134
|
||
Phone: +1 408-853-5548, Email: rsuri@cisco.com
|
||
|
||
Nancy Cam Winget, Cisco Systems, Inc.
|
||
170 West Tasman Drive, San Jose, CA 95134
|
||
Phone: +1 408-853-0532, Email: ncamwing@cisco.com
|
||
|
||
Scott Kelly, Aruba Networks
|
||
1322 Crossman Ave, Sunnyvale, CA 94089
|
||
Phone: +1 408-754-8408, Email: skelly@arubanetworks.com
|
||
|
||
Michael Glenn Williams, Nokia, Inc.
|
||
313 Fairchild Drive, Mountain View, CA 94043
|
||
Phone: +1 650-714-7758, Email: Michael.G.Williams@Nokia.com
|
||
|
||
Sue Hares, Green Hills Software
|
||
825 Victors Way, Suite 100, Ann Arbor, MI 48108
|
||
Phone: +1 734 222 1610, Email: shares@ndzh.com
|
||
|
||
Datagram Transport Layer Security (DTLS) [RFC4347] is used as the
|
||
security solution for the CAPWAP protocol. The following people are
|
||
authors of significant DTLS-related text included in this document:
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 9]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
Scott Kelly, Aruba Networks
|
||
1322 Crossman Ave, Sunnyvale, CA 94089
|
||
Phone: +1 408-754-8408
|
||
Email: skelly@arubanetworks.com
|
||
|
||
Eric Rescorla, Network Resonance
|
||
2483 El Camino Real, #212,Palo Alto CA, 94303
|
||
Email: ekr@networkresonance.com
|
||
|
||
The concept of using DTLS to secure the CAPWAP protocol was part of
|
||
the Secure Light Access Point Protocol (SLAPP) proposal [SLAPP]. The
|
||
following people are authors of the SLAPP proposal:
|
||
|
||
Partha Narasimhan, Aruba Networks
|
||
1322 Crossman Ave, Sunnyvale, CA 94089
|
||
Phone: +1 408-480-4716
|
||
Email: partha@arubanetworks.com
|
||
|
||
Dan Harkins
|
||
Trapeze Networks
|
||
5753 W. Las Positas Blvd, Pleasanton, CA 94588
|
||
Phone: +1-925-474-2212
|
||
EMail: dharkins@trpz.com
|
||
|
||
Subbu Ponnuswamy, Aruba Networks
|
||
1322 Crossman Ave, Sunnyvale, CA 94089
|
||
Phone: +1 408-754-1213
|
||
Email: subbu@arubanetworks.com
|
||
|
||
The following individuals contributed significant security-related
|
||
text to the document [RFC5418]:
|
||
|
||
T. Charles Clancy, Laboratory for Telecommunications Sciences,
|
||
8080 Greenmead Drive, College Park, MD 20740
|
||
Phone: +1 240-373-5069, Email: clancy@ltsnet.net
|
||
|
||
Scott Kelly, Aruba Networks
|
||
1322 Crossman Ave, Sunnyvale, CA 94089
|
||
Phone: +1 408-754-8408, Email: scott@hyperthought.com
|
||
|
||
1.4. Terminology
|
||
|
||
Access Controller (AC): The network entity that provides WTP access
|
||
to the network infrastructure in the data plane, control plane,
|
||
management plane, or a combination therein.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 10]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
CAPWAP Control Channel: A bi-directional flow defined by the AC IP
|
||
Address, WTP IP Address, AC control port, WTP control port, and the
|
||
transport-layer protocol (UDP or UDP-Lite) over which CAPWAP Control
|
||
packets are sent and received.
|
||
|
||
CAPWAP Data Channel: A bi-directional flow defined by the AC IP
|
||
Address, WTP IP Address, AC data port, WTP data port, and the
|
||
transport-layer protocol (UDP or UDP-Lite) over which CAPWAP Data
|
||
packets are sent and received.
|
||
|
||
Station (STA): A device that contains an interface to a wireless
|
||
medium (WM).
|
||
|
||
Wireless Termination Point (WTP): The physical or network entity that
|
||
contains an RF antenna and wireless Physical Layer (PHY) to transmit
|
||
and receive station traffic for wireless access networks.
|
||
|
||
This document uses additional terminology defined in [RFC3753].
|
||
|
||
2. Protocol Overview
|
||
|
||
The CAPWAP protocol is a generic protocol defining AC and WTP control
|
||
and data plane communication via a CAPWAP protocol transport
|
||
mechanism. CAPWAP Control messages, and optionally CAPWAP Data
|
||
messages, are secured using Datagram Transport Layer Security (DTLS)
|
||
[RFC4347]. DTLS is a standards-track IETF protocol based upon TLS.
|
||
The underlying security-related protocol mechanisms of TLS have been
|
||
successfully deployed for many years.
|
||
|
||
The CAPWAP protocol transport layer carries two types of payload,
|
||
CAPWAP Data messages and CAPWAP Control messages. CAPWAP Data
|
||
messages encapsulate forwarded wireless frames. CAPWAP protocol
|
||
Control messages are management messages exchanged between a WTP and
|
||
an AC. The CAPWAP Data and Control packets are sent over separate
|
||
UDP ports. Since both data and control packets can exceed the
|
||
Maximum Transmission Unit (MTU) length, the payload of a CAPWAP Data
|
||
or Control message can be fragmented. The fragmentation behavior is
|
||
defined in Section 3.
|
||
|
||
The CAPWAP Protocol begins with a Discovery phase. The WTPs send a
|
||
Discovery Request message, causing any Access Controller (AC)
|
||
receiving the message to respond with a Discovery Response message.
|
||
From the Discovery Response messages received, a WTP selects an AC
|
||
with which to establish a secure DTLS session. In order to establish
|
||
the secure DTLS connection, the WTP will need some amount of pre-
|
||
provisioning, which is specified in Section 12.5. CAPWAP protocol
|
||
messages will be fragmented to the maximum length discovered to be
|
||
supported by the network.
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 11]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
Once the WTP and the AC have completed DTLS session establishment, a
|
||
configuration exchange occurs in which both devices agree on version
|
||
information. During this exchange, the WTP may receive provisioning
|
||
settings. The WTP is then enabled for operation.
|
||
|
||
When the WTP and AC have completed the version and provision exchange
|
||
and the WTP is enabled, the CAPWAP protocol is used to encapsulate
|
||
the wireless data frames sent between the WTP and AC. The CAPWAP
|
||
protocol will fragment the L2 frames if the size of the encapsulated
|
||
wireless user data (Data) or protocol control (Management) frames
|
||
causes the resulting CAPWAP protocol packet to exceed the MTU
|
||
supported between the WTP and AC. Fragmented CAPWAP packets are
|
||
reassembled to reconstitute the original encapsulated payload. MTU
|
||
Discovery and Fragmentation are described in Section 3.
|
||
|
||
The CAPWAP protocol provides for the delivery of commands from the AC
|
||
to the WTP for the management of stations that are communicating with
|
||
the WTP. This may include the creation of local data structures in
|
||
the WTP for the stations and the collection of statistical
|
||
information about the communication between the WTP and the stations.
|
||
The CAPWAP protocol provides a mechanism for the AC to obtain
|
||
statistical information collected by the WTP.
|
||
|
||
The CAPWAP protocol provides for a keep-alive feature that preserves
|
||
the communication channel between the WTP and AC. If the AC fails to
|
||
appear alive, the WTP will try to discover a new AC.
|
||
|
||
2.1. Wireless Binding Definition
|
||
|
||
The CAPWAP protocol is independent of a specific WTP radio
|
||
technology, as well its associated wireless link layer protocol.
|
||
Elements of the CAPWAP protocol are designed to accommodate the
|
||
specific needs of each wireless technology in a standard way.
|
||
Implementation of the CAPWAP protocol for a particular wireless
|
||
technology MUST follow the binding requirements defined for that
|
||
technology.
|
||
|
||
When defining a binding for wireless technologies, the authors MUST
|
||
include any necessary definitions for technology-specific messages
|
||
and all technology-specific message elements for those messages. At
|
||
a minimum, a binding MUST provide:
|
||
|
||
1. The definition for a binding-specific Statistics message element,
|
||
carried in the WTP Event Request message.
|
||
|
||
2. A message element carried in the Station Configuration Request
|
||
message to configure station information on the WTP.
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 12]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
3. A WTP Radio Information message element carried in the Discovery,
|
||
Primary Discovery, and Join Request and Response messages,
|
||
indicating the binding-specific radio types supported at the WTP
|
||
and AC.
|
||
|
||
If technology-specific message elements are required for any of the
|
||
existing CAPWAP messages defined in this specification, they MUST
|
||
also be defined in the technology binding document.
|
||
|
||
The naming of binding-specific message elements MUST begin with the
|
||
name of the technology type, e.g., the binding for IEEE 802.11,
|
||
provided in [RFC5416], begins with "IEEE 802.11".
|
||
|
||
The CAPWAP binding concept MUST also be used in any future
|
||
specifications that add functionality to either the base CAPWAP
|
||
protocol specification, or any published CAPWAP binding
|
||
specification. A separate WTP Radio Information message element MUST
|
||
be created to properly advertise support for the specification. This
|
||
mechanism allows for future protocol extensibility, while providing
|
||
the necessary capabilities advertisement, through the WTP Radio
|
||
Information message element, to ensure WTP/AC interoperability.
|
||
|
||
2.2. CAPWAP Session Establishment Overview
|
||
|
||
This section describes the session establishment process message
|
||
exchanges between a CAPWAP WTP and AC. The annotated ladder diagram
|
||
shows the AC on the right, the WTP on the left, and assumes the use
|
||
of certificates for DTLS authentication. The CAPWAP protocol state
|
||
machine is described in detail in Section 2.3. Note that DTLS allows
|
||
certain messages to be aggregated into a single frame, which is
|
||
denoted via an asterisk in Figure 3.
|
||
|
||
============ ============
|
||
WTP AC
|
||
============ ============
|
||
[----------- begin optional discovery ------------]
|
||
|
||
Discover Request
|
||
------------------------------------>
|
||
Discover Response
|
||
<------------------------------------
|
||
|
||
[----------- end optional discovery ------------]
|
||
|
||
(-- begin DTLS handshake --)
|
||
|
||
ClientHello
|
||
------------------------------------>
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 13]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
HelloVerifyRequest (with cookie)
|
||
<------------------------------------
|
||
|
||
|
||
ClientHello (with cookie)
|
||
------------------------------------>
|
||
ServerHello,
|
||
Certificate,
|
||
ServerHelloDone*
|
||
<------------------------------------
|
||
|
||
(-- WTP callout for AC authorization --)
|
||
|
||
Certificate (optional),
|
||
ClientKeyExchange,
|
||
CertificateVerify (optional),
|
||
ChangeCipherSpec,
|
||
Finished*
|
||
------------------------------------>
|
||
|
||
(-- AC callout for WTP authorization --)
|
||
|
||
ChangeCipherSpec,
|
||
Finished*
|
||
<------------------------------------
|
||
|
||
(-- DTLS session is established now --)
|
||
|
||
Join Request
|
||
------------------------------------>
|
||
Join Response
|
||
<------------------------------------
|
||
[-- Join State Complete --]
|
||
|
||
(-- assume image is up to date --)
|
||
|
||
Configuration Status Request
|
||
------------------------------------>
|
||
Configuration Status Response
|
||
<------------------------------------
|
||
[-- Configure State Complete --]
|
||
|
||
Change State Event Request
|
||
------------------------------------>
|
||
Change State Event Response
|
||
<------------------------------------
|
||
[-- Data Check State Complete --]
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 14]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
(-- enter RUN state --)
|
||
|
||
:
|
||
:
|
||
|
||
Echo Request
|
||
------------------------------------>
|
||
Echo Response
|
||
<------------------------------------
|
||
|
||
:
|
||
:
|
||
|
||
Event Request
|
||
------------------------------------>
|
||
Event Response
|
||
<------------------------------------
|
||
|
||
:
|
||
:
|
||
|
||
Figure 3: CAPWAP Control Protocol Exchange
|
||
|
||
At the end of the illustrated CAPWAP message exchange, the AC and WTP
|
||
are securely exchanging CAPWAP Control messages. This illustration
|
||
is provided to clarify protocol operation, and does not include any
|
||
possible error conditions. Section 2.3 provides a detailed
|
||
description of the corresponding state machine.
|
||
|
||
2.3. CAPWAP State Machine Definition
|
||
|
||
The following state diagram represents the lifecycle of a WTP-AC
|
||
session. Use of DTLS by the CAPWAP protocol results in the
|
||
juxtaposition of two nominally separate yet tightly bound state
|
||
machines. The DTLS and CAPWAP state machines are coupled through an
|
||
API consisting of commands (see Section 2.3.2.1) and notifications
|
||
(see Section 2.3.2.2). Certain transitions in the DTLS state machine
|
||
are triggered by commands from the CAPWAP state machine, while
|
||
certain transitions in the CAPWAP state machine are triggered by
|
||
notifications from the DTLS state machine.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 15]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
/-------------------------------------\
|
||
| /-------------------------\|
|
||
| p| ||
|
||
| q+----------+ r +------------+ ||
|
||
| | Run |-->| Reset |-\||
|
||
| +----------+ +------------+ |||
|
||
n| o ^ ^ ^ s|||
|
||
+------------+--------/ | | |||
|
||
| Data Check | /-------/ | |||
|
||
+------------+<-------\ | | |||
|
||
| | | |||
|
||
/------------------+--------\ | |||
|
||
f| m| h| j v k| |||
|
||
+--------+ +-----------+ +--------------+|||
|
||
| Join |---->| Configure | | Image Data ||||
|
||
+--------+ n +-----------+ +--------------+|||
|
||
^ |g i| l| |||
|
||
| | \-------------------\ | |||
|
||
| \--------------------------------------\| | |||
|
||
\------------------------\ || | |||
|
||
/--------------<----------------+---------------\ || | |||
|
||
| /------------<----------------+-------------\ | || | |||
|
||
| | 4 |d t| | vv v vvv
|
||
| | +----------------+ +--------------+ +-----------+
|
||
| | | DTLS Setup | | DTLS Connect |-->| DTLS TD |
|
||
/-|-|---+----------------+ +--------------+ e +-----------+
|
||
| | | |$ ^ ^ |5 ^6 ^ ^ |w
|
||
v v v | | | | \-------\ | | |
|
||
| | | | | | \---------\ | | /-----------/ |
|
||
| | | | | \--\ | | | | |
|
||
| | | | | | | | | | |
|
||
| | | v 3| 1 |% # v | |a |b v
|
||
| | \->+------+-->+------+ +-----------+ +--------+
|
||
| | | Idle | | Disc | | Authorize | | Dead |
|
||
| | +------+<--+------+ +-----------+ +--------+
|
||
| | ^ 0^ 2 |!
|
||
| | | | | +-------+
|
||
*| |u | \---------+---| Start |
|
||
| | |@ | +-------+
|
||
| \->+---------+<------/
|
||
\--->| Sulking |
|
||
+---------+&
|
||
|
||
Figure 4: CAPWAP Integrated State Machine
|
||
|
||
The CAPWAP protocol state machine, depicted above, is used by both
|
||
the AC and the WTP. In cases where states are not shared (i.e., not
|
||
implemented in one or the other of the AC or WTP), this is explicitly
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 16]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
called out in the transition descriptions below. For every state
|
||
defined, only certain messages are permitted to be sent and received.
|
||
The CAPWAP Control message definitions specify the state(s) in which
|
||
each message is valid.
|
||
|
||
Since the WTP only communicates with a single AC, it only has a
|
||
single instance of the CAPWAP state machine. The state machine works
|
||
differently on the AC since it communicates with many WTPs. The AC
|
||
uses the concept of three threads. Note that the term thread used
|
||
here does not necessarily imply that implementers must use threads,
|
||
but it is one possible way of implementing the AC's state machine.
|
||
|
||
Listener Thread: The AC's Listener thread handles inbound DTLS
|
||
session establishment requests, through the DTLSListen command.
|
||
Upon creation, the Listener thread starts in the DTLS Setup state.
|
||
Once a DTLS session has been validated, which occurs when the
|
||
state machine enters the "Authorize" state, the Listener thread
|
||
creates a WTP session-specific Service thread and state context.
|
||
The state machine transitions in Figure 4 are represented by
|
||
numerals. It is necessary for the AC to protect itself against
|
||
various attacks that exist with non-authenticated frames. See
|
||
Section 12 for more information.
|
||
|
||
Discovery Thread: The AC's Discovery thread is responsible for
|
||
receiving, and responding to, Discovery Request messages. The
|
||
state machine transitions in Figure 4 are represented by numerals.
|
||
Note that the Discovery thread does not maintain any per-WTP-
|
||
specific context information, and a single state context exists.
|
||
It is necessary for the AC to protect itself against various
|
||
attacks that exist with non-authenticated frames. See Section 12
|
||
for more information.
|
||
|
||
Service Thread: The AC's Service thread handles the per-WTP states,
|
||
and one such thread exists per-WTP connection. This thread is
|
||
created by the Listener thread when the Authorize state is
|
||
reached. When created, the Service thread inherits a copy of the
|
||
state machine context from the Listener thread. When
|
||
communication with the WTP is complete, the Service thread is
|
||
terminated and all associated resources are released. The state
|
||
machine transitions in Figure 4 are represented by alphabetic and
|
||
punctuation characters.
|
||
|
||
2.3.1. CAPWAP Protocol State Transitions
|
||
|
||
This section describes the various state transitions, and the events
|
||
that cause them. This section does not discuss interactions between
|
||
DTLS- and CAPWAP-specific states. Those interactions, and DTLS-
|
||
specific states and transitions, are discussed in Section 2.3.2.
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 17]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
Start to Idle (0): This transition occurs once device initialization
|
||
is complete.
|
||
|
||
WTP: This state transition is used to start the WTP's CAPWAP
|
||
state machine.
|
||
|
||
AC: The AC creates the Discovery and Listener threads and starts
|
||
the CAPWAP state machine.
|
||
|
||
Idle to Discovery (1): This transition occurs to support the CAPWAP
|
||
discovery process.
|
||
|
||
WTP: The WTP enters the Discovery state prior to transmitting the
|
||
first Discovery Request message (see Section 5.1). Upon
|
||
entering this state, the WTP sets the DiscoveryInterval
|
||
timer (see Section 4.7). The WTP resets the DiscoveryCount
|
||
counter to zero (0) (see Section 4.8). The WTP also clears
|
||
all information from ACs it may have received during a
|
||
previous Discovery phase.
|
||
|
||
AC: This state transition is executed by the AC's Discovery
|
||
thread, and occurs when a Discovery Request message is
|
||
received. The AC SHOULD respond with a Discovery Response
|
||
message (see Section 5.2).
|
||
|
||
Discovery to Discovery (#): In the Discovery state, the WTP
|
||
determines to which AC to connect.
|
||
|
||
WTP: This transition occurs when the DiscoveryInterval timer
|
||
expires. If the WTP is configured with a list of ACs, it
|
||
transmits a Discovery Request message to every AC from which
|
||
it has not received a Discovery Response message. For every
|
||
transition to this event, the WTP increments the
|
||
DiscoveryCount counter. See Section 5.1 for more
|
||
information on how the WTP knows the ACs to which it should
|
||
transmit the Discovery Request messages. The WTP restarts
|
||
the DiscoveryInterval timer whenever it transmits Discovery
|
||
Request messages.
|
||
|
||
AC: This is an invalid state transition for the AC.
|
||
|
||
Discovery to Idle (2): This transition occurs on the AC's Discovery
|
||
thread when the Discovery processing is complete.
|
||
|
||
WTP: This is an invalid state transition for the WTP.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 18]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
AC: This state transition is executed by the AC's Discovery
|
||
thread when it has transmitted the Discovery Response, in
|
||
response to a Discovery Request.
|
||
|
||
Discovery to Sulking (!): This transition occurs on a WTP when AC
|
||
Discovery fails.
|
||
|
||
WTP: The WTP enters this state when the DiscoveryInterval timer
|
||
expires and the DiscoveryCount variable is equal to the
|
||
MaxDiscoveries variable (see Section 4.8). Upon entering
|
||
this state, the WTP MUST start the SilentInterval timer.
|
||
While in the Sulking state, all received CAPWAP protocol
|
||
messages MUST be ignored.
|
||
|
||
AC: This is an invalid state transition for the AC.
|
||
|
||
Sulking to Idle (@): This transition occurs on a WTP when it must
|
||
restart the Discovery phase.
|
||
|
||
WTP: The WTP enters this state when the SilentInterval timer (see
|
||
Section 4.7) expires. The FailedDTLSSessionCount,
|
||
DiscoveryCount, and FailedDTLSAuthFailCount counters are
|
||
reset to zero.
|
||
|
||
AC: This is an invalid state transition for the AC.
|
||
|
||
Sulking to Sulking (&): The Sulking state provides the silent
|
||
period, minimizing the possibility for Denial-of-Service (DoS)
|
||
attacks.
|
||
|
||
WTP: All packets received from the AC while in the sulking state
|
||
are ignored.
|
||
|
||
AC: This is an invalid state transition for the AC.
|
||
|
||
Idle to DTLS Setup (3): This transition occurs to establish a secure
|
||
DTLS session with the peer.
|
||
|
||
WTP: The WTP initiates this transition by invoking the DTLSStart
|
||
command (see Section 2.3.2.1), which starts the DTLS session
|
||
establishment with the chosen AC and the WaitDTLS timer is
|
||
started (see Section 4.7). When the Discovery phase is
|
||
bypassed, it is assumed the WTP has locally configured ACs.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 19]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
AC: Upon entering the Idle state from the Start state, the newly
|
||
created Listener thread automatically transitions to the
|
||
DTLS Setup and invokes the DTLSListen command (see
|
||
Section 2.3.2.1), and the WaitDTLS timer is started (see
|
||
Section 4.7).
|
||
|
||
Discovery to DTLS Setup (%): This transition occurs to establish a
|
||
secure DTLS session with the peer.
|
||
|
||
WTP: The WTP initiates this transition by invoking the DTLSStart
|
||
command (see Section 2.3.2.1), which starts the DTLS session
|
||
establishment with the chosen AC. The decision of to which
|
||
AC to connect is the result of the Discovery phase, which is
|
||
described in Section 3.3.
|
||
|
||
AC: This is an invalid state transition for the AC.
|
||
|
||
DTLS Setup to Idle ($): This transition occurs when the DTLS
|
||
connection setup fails.
|
||
|
||
WTP: The WTP initiates this state transition when it receives a
|
||
DTLSEstablishFail notification from DTLS (see
|
||
Section 2.3.2.2), and the FailedDTLSSessionCount or the
|
||
FailedDTLSAuthFailCount counter have not reached the value
|
||
of the MaxFailedDTLSSessionRetry variable (see Section 4.8).
|
||
This error notification aborts the secure DTLS session
|
||
establishment. When this notification is received, the
|
||
FailedDTLSSessionCount counter is incremented. This state
|
||
transition also occurs if the WaitDTLS timer has expired.
|
||
|
||
AC: This is an invalid state transition for the AC.
|
||
|
||
DTLS Setup to Sulking (*): This transition occurs when repeated
|
||
attempts to set up the DTLS connection have failed.
|
||
|
||
WTP: The WTP enters this state when the FailedDTLSSessionCount or
|
||
the FailedDTLSAuthFailCount counter reaches the value of the
|
||
MaxFailedDTLSSessionRetry variable (see Section 4.8). Upon
|
||
entering this state, the WTP MUST start the SilentInterval
|
||
timer. While in the Sulking state, all received CAPWAP and
|
||
DTLS protocol messages received MUST be ignored.
|
||
|
||
AC: This is an invalid state transition for the AC.
|
||
|
||
DTLS Setup to DTLS Setup (4): This transition occurs when the DTLS
|
||
Session failed to be established.
|
||
|
||
WTP: This is an invalid state transition for the WTP.
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 20]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
AC: The AC's Listener initiates this state transition when it
|
||
receives a DTLSEstablishFail notification from DTLS (see
|
||
Section 2.3.2.2). This error notification aborts the secure
|
||
DTLS session establishment. When this notification is
|
||
received, the FailedDTLSSessionCount counter is incremented.
|
||
The Listener thread then invokes the DTLSListen command (see
|
||
Section 2.3.2.1).
|
||
|
||
DTLS Setup to Authorize (5): This transition occurs when an incoming
|
||
DTLS session is being established, and the DTLS stack needs
|
||
authorization to proceed with the session establishment.
|
||
|
||
WTP: This state transition occurs when the WTP receives the
|
||
DTLSPeerAuthorize notification (see Section 2.3.2.2). Upon
|
||
entering this state, the WTP performs an authorization check
|
||
against the AC credentials. See Section 2.4.4 for more
|
||
information on AC authorization.
|
||
|
||
AC: This state transition is handled by the AC's Listener thread
|
||
when the DTLS module initiates the DTLSPeerAuthorize
|
||
notification (see Section 2.3.2.2). The Listener thread
|
||
forks an instance of the Service thread, along with a copy
|
||
of the state context. Once created, the Service thread
|
||
performs an authorization check against the WTP credentials.
|
||
See Section 2.4.4 for more information on WTP authorization.
|
||
|
||
Authorize to DTLS Setup (6): This transition is executed by the
|
||
Listener thread to enable it to listen for new incoming sessions.
|
||
|
||
WTP: This is an invalid state transition for the WTP.
|
||
|
||
AC: This state transition occurs when the AC's Listener thread
|
||
has created the WTP context and the Service thread. The
|
||
Listener thread then invokes the DTLSListen command (see
|
||
Section 2.3.2.1).
|
||
|
||
Authorize to DTLS Connect (a): This transition occurs to notify the
|
||
DTLS stack that the session should be established.
|
||
|
||
WTP: This state transition occurs when the WTP has successfully
|
||
authorized the AC's credentials (see Section 2.4.4). This
|
||
is done by invoking the DTLSAccept DTLS command (see
|
||
Section 2.3.2.1).
|
||
|
||
AC: This state transition occurs when the AC has successfully
|
||
authorized the WTP's credentials (see Section 2.4.4). This
|
||
is done by invoking the DTLSAccept DTLS command (see
|
||
Section 2.3.2.1).
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 21]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
Authorize to DTLS Teardown (b): This transition occurs to notify the
|
||
DTLS stack that the session should be aborted.
|
||
|
||
WTP: This state transition occurs when the WTP has been unable to
|
||
authorize the AC, using the AC credentials. The WTP then
|
||
aborts the DTLS session by invoking the DTLSAbortSession
|
||
command (see Section 2.3.2.1). This state transition also
|
||
occurs if the WaitDTLS timer has expired. The WTP starts
|
||
the DTLSSessionDelete timer (see Section 4.7.6).
|
||
|
||
AC: This state transition occurs when the AC has been unable to
|
||
authorize the WTP, using the WTP credentials. The AC then
|
||
aborts the DTLS session by invoking the DTLSAbortSession
|
||
command (see Section 2.3.2.1). This state transition also
|
||
occurs if the WaitDTLS timer has expired. The AC starts the
|
||
DTLSSessionDelete timer (see Section 4.7.6).
|
||
|
||
DTLS Connect to DTLS Teardown (c): This transition occurs when the
|
||
DTLS Session failed to be established.
|
||
|
||
WTP: This state transition occurs when the WTP receives either a
|
||
DTLSAborted or DTLSAuthenticateFail notification (see
|
||
Section 2.3.2.2), indicating that the DTLS session was not
|
||
successfully established. When this transition occurs due
|
||
to the DTLSAuthenticateFail notification, the
|
||
FailedDTLSAuthFailCount is incremented; otherwise, the
|
||
FailedDTLSSessionCount counter is incremented. This state
|
||
transition also occurs if the WaitDTLS timer has expired.
|
||
The WTP starts the DTLSSessionDelete timer (see
|
||
Section 4.7.6).
|
||
|
||
AC: This state transition occurs when the AC receives either a
|
||
DTLSAborted or DTLSAuthenticateFail notification (see
|
||
Section 2.3.2.2), indicating that the DTLS session was not
|
||
successfully established, and both of the
|
||
FailedDTLSAuthFailCount and FailedDTLSSessionCount counters
|
||
have not reached the value of the MaxFailedDTLSSessionRetry
|
||
variable (see Section 4.8). This state transition also
|
||
occurs if the WaitDTLS timer has expired. The AC starts the
|
||
DTLSSessionDelete timer (see Section 4.7.6).
|
||
|
||
DTLS Connect to Join (d): This transition occurs when the DTLS
|
||
Session is successfully established.
|
||
|
||
WTP: This state transition occurs when the WTP receives the
|
||
DTLSEstablished notification (see Section 2.3.2.2),
|
||
indicating that the DTLS session was successfully
|
||
established. When this notification is received, the
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 22]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
FailedDTLSSessionCount counter is set to zero. The WTP
|
||
enters the Join state by transmitting the Join Request to
|
||
the AC. The WTP stops the WaitDTLS timer.
|
||
|
||
AC: This state transition occurs when the AC receives the
|
||
DTLSEstablished notification (see Section 2.3.2.2),
|
||
indicating that the DTLS session was successfully
|
||
established. When this notification is received, the
|
||
FailedDTLSSessionCount counter is set to zero. The AC stops
|
||
the WaitDTLS timer, and starts the WaitJoin timer.
|
||
|
||
Join to DTLS Teardown (e): This transition occurs when the join
|
||
process has failed.
|
||
|
||
WTP: This state transition occurs when the WTP receives a Join
|
||
Response message with a Result Code message element
|
||
containing an error, or if the Image Identifier provided by
|
||
the AC in the Join Response message differs from the WTP's
|
||
currently running firmware version and the WTP has the
|
||
requested image in its non-volatile memory. This causes the
|
||
WTP to initiate the DTLSShutdown command (see
|
||
Section 2.3.2.1). This transition also occurs if the WTP
|
||
receives one of the following DTLS notifications:
|
||
DTLSAborted, DTLSReassemblyFailure, or DTLSPeerDisconnect.
|
||
The WTP starts the DTLSSessionDelete timer (see
|
||
Section 4.7.6).
|
||
|
||
AC: This state transition occurs either if the WaitJoin timer
|
||
expires or if the AC transmits a Join Response message with
|
||
a Result Code message element containing an error. This
|
||
causes the AC to initiate the DTLSShutdown command (see
|
||
Section 2.3.2.1). This transition also occurs if the AC
|
||
receives one of the following DTLS notifications:
|
||
DTLSAborted, DTLSReassemblyFailure, or DTLSPeerDisconnect.
|
||
The AC starts the DTLSSessionDelete timer (see
|
||
Section 4.7.6).
|
||
|
||
Join to Image Data (f): This state transition is used by the WTP and
|
||
the AC to download executable firmware.
|
||
|
||
WTP: The WTP enters the Image Data state when it receives a
|
||
successful Join Response message and determines that the
|
||
software version in the Image Identifier message element is
|
||
not the same as its currently running image. The WTP also
|
||
detects that the requested image version is not currently
|
||
available in the WTP's non-volatile storage (see Section 9.1
|
||
for a full description of the firmware download process).
|
||
The WTP initializes the EchoInterval timer (see
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 23]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
Section 4.7), and transmits the Image Data Request message
|
||
(see Section 9.1.1) requesting the start of the firmware
|
||
download.
|
||
|
||
AC: This state transition occurs when the AC receives the Image
|
||
Data Request message from the WTP, after having sent its
|
||
Join Response to the WTP. The AC stops the WaitJoin timer.
|
||
The AC MUST transmit an Image Data Response message (see
|
||
Section 9.1.2) to the WTP, which includes a portion of the
|
||
firmware.
|
||
|
||
Join to Configure (g): This state transition is used by the WTP and
|
||
the AC to exchange configuration information.
|
||
|
||
WTP: The WTP enters the Configure state when it receives a
|
||
successful Join Response message, and determines that the
|
||
included Image Identifier message element is the same as its
|
||
currently running image. The WTP transmits the
|
||
Configuration Status Request message (see Section 8.2) to
|
||
the AC with message elements describing its current
|
||
configuration.
|
||
|
||
AC: This state transition occurs when it receives the
|
||
Configuration Status Request message from the WTP (see
|
||
Section 8.2), which MAY include specific message elements to
|
||
override the WTP's configuration. The AC stops the WaitJoin
|
||
timer. The AC transmits the Configuration Status Response
|
||
message (see Section 8.3) and starts the
|
||
ChangeStatePendingTimer timer (see Section 4.7).
|
||
|
||
Configure to Reset (h): This state transition is used to reset the
|
||
connection either due to an error during the configuration phase,
|
||
or when the WTP determines it needs to reset in order for the new
|
||
configuration to take effect. The CAPWAP Reset command is used to
|
||
indicate to the peer that it will initiate a DTLS teardown.
|
||
|
||
WTP: The WTP enters the Reset state when it receives a
|
||
Configuration Status Response message indicating an error or
|
||
when it determines that a reset of the WTP is required, due
|
||
to the characteristics of a new configuration.
|
||
|
||
AC: The AC transitions to the Reset state when it receives a
|
||
Change State Event message from the WTP that contains an
|
||
error for which AC policy does not permit the WTP to provide
|
||
service. This state transition also occurs when the AC
|
||
ChangeStatePendingTimer timer expires.
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 24]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
Configure to DTLS Teardown (i): This transition occurs when the
|
||
configuration process aborts due to a DTLS error.
|
||
|
||
WTP: The WTP enters this state when it receives one of the
|
||
following DTLS notifications: DTLSAborted,
|
||
DTLSReassemblyFailure, or DTLSPeerDisconnect (see
|
||
Section 2.3.2.2). The WTP MAY tear down the DTLS session if
|
||
it receives frequent DTLSDecapFailure notifications. The
|
||
WTP starts the DTLSSessionDelete timer (see Section 4.7.6).
|
||
|
||
AC: The AC enters this state when it receives one of the
|
||
following DTLS notifications: DTLSAborted,
|
||
DTLSReassemblyFailure, or DTLSPeerDisconnect (see
|
||
Section 2.3.2.2). The AC MAY tear down the DTLS session if
|
||
it receives frequent DTLSDecapFailure notifications. The AC
|
||
starts the DTLSSessionDelete timer (see Section 4.7.6).
|
||
|
||
Image Data to Image Data (j): The Image Data state is used by the
|
||
WTP and the AC during the firmware download phase.
|
||
|
||
WTP: The WTP enters the Image Data state when it receives an
|
||
Image Data Response message indicating that the AC has more
|
||
data to send. This state transition also occurs when the
|
||
WTP receives the subsequent Image Data Requests, at which
|
||
time it resets the ImageDataStartTimer time to ensure it
|
||
receives the next expected Image Data Request from the AC.
|
||
This state transition can also occur when the WTP's
|
||
EchoInterval timer (see Section 4.7.7) expires, in which
|
||
case the WTP transmits an Echo Request message (see
|
||
Section 7.1), and resets its EchoInterval timer. The state
|
||
transition also occurs when the WTP receives an Echo
|
||
Response from the AC (see Section 7.2).
|
||
|
||
AC: This state transition occurs when the AC receives the Image
|
||
Data Response message from the WTP while already in the
|
||
Image Data state. This state transition also occurs when
|
||
the AC receives an Echo Request (see Section 7.1) from the
|
||
WTP, in which case it responds with an Echo Response (see
|
||
Section 7.2), and resets its EchoInterval timer (see
|
||
Section 4.7.7).
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 25]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
Image Data to Reset (k): This state transition is used to reset the
|
||
DTLS connection prior to restarting the WTP after an image
|
||
download.
|
||
|
||
WTP: When an image download completes, or if the
|
||
ImageDataStartTimer timer expires, the WTP enters the Reset
|
||
state. The WTP MAY also transition to this state upon
|
||
receiving an Image Data Response message from the AC (see
|
||
Section 9.1.2) indicating a failure.
|
||
|
||
AC: The AC enters the Reset state either when the image transfer
|
||
has successfully completed or an error occurs during the
|
||
image download process.
|
||
|
||
Image Data to DTLS Teardown (l): This transition occurs when the
|
||
firmware download process aborts due to a DTLS error.
|
||
|
||
WTP: The WTP enters this state when it receives one of the
|
||
following DTLS notifications: DTLSAborted,
|
||
DTLSReassemblyFailure, or DTLSPeerDisconnect (see
|
||
Section 2.3.2.2). The WTP MAY tear down the DTLS session if
|
||
it receives frequent DTLSDecapFailure notifications. The
|
||
WTP starts the DTLSSessionDelete timer (see Section 4.7.6).
|
||
|
||
AC: The AC enters this state when it receives one of the
|
||
following DTLS notifications: DTLSAborted,
|
||
DTLSReassemblyFailure, or DTLSPeerDisconnect (see
|
||
Section 2.3.2.2). The AC MAY tear down the DTLS session if
|
||
it receives frequent DTLSDecapFailure notifications. The AC
|
||
starts the DTLSSessionDelete timer (see Section 4.7.6).
|
||
|
||
Configure to Data Check (m): This state transition occurs when the
|
||
WTP and AC confirm the configuration.
|
||
|
||
WTP: The WTP enters this state when it receives a successful
|
||
Configuration Status Response message from the AC. The WTP
|
||
transmits the Change State Event Request message (see
|
||
Section 8.6).
|
||
|
||
AC: This state transition occurs when the AC receives the Change
|
||
State Event Request message (see Section 8.6) from the WTP.
|
||
The AC responds with a Change State Event Response message
|
||
(see Section 8.7). The AC MUST start the DataCheckTimer
|
||
timer and stops the ChangeStatePendingTimer timer (see
|
||
Section 4.7).
|
||
|
||
Data Check to DTLS Teardown (n): This transition occurs when the WTP
|
||
does not complete the Data Check exchange.
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 26]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
WTP: This state transition occurs if the WTP does not receive the
|
||
Change State Event Response message before a CAPWAP
|
||
retransmission timeout occurs. The WTP also transitions to
|
||
this state if the underlying reliable transport's
|
||
RetransmitCount counter has reached the MaxRetransmit
|
||
variable (see Section 4.7). The WTP starts the
|
||
DTLSSessionDelete timer (see Section 4.7.6).
|
||
|
||
AC: The AC enters this state when the DataCheckTimer timer
|
||
expires (see Section 4.7). The AC starts the
|
||
DTLSSessionDelete timer (see Section 4.7.6).
|
||
|
||
Data Check to Run (o): This state transition occurs when the linkage
|
||
between the control and data channels is established, causing the
|
||
WTP and AC to enter their normal state of operation.
|
||
|
||
WTP: The WTP enters this state when it receives a successful
|
||
Change State Event Response message from the AC. The WTP
|
||
initiates the data channel, which MAY require the
|
||
establishment of a DTLS session, starts the
|
||
DataChannelKeepAlive timer (see Section 4.7.2) and transmits
|
||
a Data Channel Keep-Alive packet (see Section 4.4.1). The
|
||
WTP then starts the EchoInterval timer and
|
||
DataChannelDeadInterval timer (see Section 4.7).
|
||
|
||
AC: This state transition occurs when the AC receives the Data
|
||
Channel Keep-Alive packet (see Section 4.4.1), with a
|
||
Session ID message element matching that included by the WTP
|
||
in the Join Request message. The AC disables the
|
||
DataCheckTimer timer. Note that if AC policy is to require
|
||
the data channel to be encrypted, this process would also
|
||
require the establishment of a data channel DTLS session.
|
||
Upon receiving the Data Channel Keep-Alive packet, the AC
|
||
transmits its own Data Channel Keep Alive packet.
|
||
|
||
Run to DTLS Teardown (p): This state transition occurs when an error
|
||
has occurred in the DTLS stack, causing the DTLS session to be
|
||
torn down.
|
||
|
||
WTP: The WTP enters this state when it receives one of the
|
||
following DTLS notifications: DTLSAborted,
|
||
DTLSReassemblyFailure, or DTLSPeerDisconnect (see
|
||
Section 2.3.2.2). The WTP MAY tear down the DTLS session if
|
||
it receives frequent DTLSDecapFailure notifications. The
|
||
WTP also transitions to this state if the underlying
|
||
reliable transport's RetransmitCount counter has reached the
|
||
MaxRetransmit variable (see Section 4.7). The WTP starts
|
||
the DTLSSessionDelete timer (see Section 4.7.6).
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 27]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
AC: The AC enters this state when it receives one of the
|
||
following DTLS notifications: DTLSAborted,
|
||
DTLSReassemblyFailure, or DTLSPeerDisconnect (see
|
||
Section 2.3.2.2). The AC MAY tear down the DTLS session if
|
||
it receives frequent DTLSDecapFailure notifications. The AC
|
||
transitions to this state if the underlying reliable
|
||
transport's RetransmitCount counter has reached the
|
||
MaxRetransmit variable (see Section 4.7). This state
|
||
transition also occurs when the AC's EchoInterval timer (see
|
||
Section 4.7.7) expires. The AC starts the DTLSSessionDelete
|
||
timer (see Section 4.7.6).
|
||
|
||
Run to Run (q): This is the normal state of operation.
|
||
|
||
WTP: This is the WTP's normal state of operation. The WTP resets
|
||
its EchoInterval timer whenever it transmits a request to
|
||
the AC. There are many events that result in this state
|
||
transition:
|
||
|
||
Configuration Update: The WTP receives a Configuration
|
||
Update Request message (see Section 8.4). The WTP
|
||
MUST respond with a Configuration Update Response
|
||
message (see Section 8.5).
|
||
|
||
Change State Event: The WTP receives a Change State Event
|
||
Response message, or determines that it must initiate
|
||
a Change State Event Request message, as a result of a
|
||
failure or change in the state of a radio.
|
||
|
||
Echo Request: The WTP sends an Echo Request message
|
||
(Section 7.1) or receives the corresponding Echo
|
||
Response message, (see Section 7.2) from the AC. When
|
||
the WTP receives the Echo Response, it resets its
|
||
EchoInterval timer (see Section 4.7.7).
|
||
|
||
Clear Config Request: The WTP receives a Clear
|
||
Configuration Request message (see Section 8.8) and
|
||
MUST generate a corresponding Clear Configuration
|
||
Response message (see Section 8.9). The WTP MUST
|
||
reset its configuration back to manufacturer defaults.
|
||
|
||
WTP Event: The WTP sends a WTP Event Request message,
|
||
delivering information to the AC (see Section 9.4).
|
||
The WTP receives a WTP Event Response message from the
|
||
AC (see Section 9.5).
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 28]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
Data Transfer: The WTP sends a Data Transfer Request or
|
||
Data Transfer Response message to the AC (see
|
||
Section 9.6). The WTP receives a Data Transfer
|
||
Request or Data Transfer Response message from the AC
|
||
(see Section 9.6). Upon receipt of a Data Transfer
|
||
Request, the WTP transmits a Data Transfer Response to
|
||
the AC.
|
||
|
||
Station Configuration Request: The WTP receives a Station
|
||
Configuration Request message (see Section 10.1), to
|
||
which it MUST respond with a Station Configuration
|
||
Response message (see Section 10.2).
|
||
|
||
AC: This is the AC's normal state of operation. Note that the
|
||
receipt of any Request from the WTP causes the AC to reset
|
||
its EchoInterval timer (see Section 4.7.7).
|
||
|
||
Configuration Update: The AC sends a Configuration Update
|
||
Request message (see Section 8.4) to the WTP to update
|
||
its configuration. The AC receives a Configuration
|
||
Update Response message (see Section 8.5) from the
|
||
WTP.
|
||
|
||
Change State Event: The AC receives a Change State Event
|
||
Request message (see Section 8.6), to which it MUST
|
||
respond with the Change State Event Response message
|
||
(see Section 8.7).
|
||
|
||
Echo Request: The AC receives an Echo Request message (see
|
||
Section 7.1), to which it MUST respond with an Echo
|
||
Response message (see Section 7.2).
|
||
|
||
Clear Config Response: The AC sends a Clear Configuration
|
||
Request message (see Section 8.8) to the WTP to clear
|
||
its configuration. The AC receives a Clear
|
||
Configuration Response message from the WTP (see
|
||
Section 8.9).
|
||
|
||
WTP Event: The AC receives a WTP Event Request message from
|
||
the WTP (see Section 9.4) and MUST generate a
|
||
corresponding WTP Event Response message (see
|
||
Section 9.5).
|
||
|
||
Data Transfer: The AC sends a Data Transfer Request or Data
|
||
Transfer Response message to the WTP (see
|
||
Section 9.6). The AC receives a Data Transfer Request
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 29]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
or Data Transfer Response message from the WTP (see
|
||
Section 9.6). Upon receipt of a Data Transfer
|
||
Request, the AC transmits a Data Transfer Response to
|
||
the WTP.
|
||
|
||
Station Configuration Request: The AC sends a Station
|
||
Configuration Request message (see Section 10.1) or
|
||
receives the corresponding Station Configuration
|
||
Response message (see Section 10.2) from the WTP.
|
||
|
||
Run to Reset (r): This state transition is used when either the AC
|
||
or WTP tears down the connection. This may occur as part of
|
||
normal operation, or due to error conditions.
|
||
|
||
WTP: The WTP enters the Reset state when it receives a Reset
|
||
Request message from the AC.
|
||
|
||
AC: The AC enters the Reset state when it transmits a Reset
|
||
Request message to the WTP.
|
||
|
||
Reset to DTLS Teardown (s): This transition occurs when the CAPWAP
|
||
reset is complete to terminate the DTLS session.
|
||
|
||
WTP: This state transition occurs when the WTP transmits a Reset
|
||
Response message. The WTP does not invoke the DTLSShutdown
|
||
command (see Section 2.3.2.1). The WTP starts the
|
||
DTLSSessionDelete timer (see Section 4.7.6).
|
||
|
||
AC: This state transition occurs when the AC receives a Reset
|
||
Response message. This causes the AC to initiate the
|
||
DTLSShutdown command (see Section 2.3.2.1). The AC starts
|
||
the DTLSSessionDelete timer (see Section 4.7.6).
|
||
|
||
DTLS Teardown to Idle (t): This transition occurs when the DTLS
|
||
session has been shut down.
|
||
|
||
WTP: This state transition occurs when the WTP has successfully
|
||
cleaned up all resources associated with the control plane
|
||
DTLS session, or if the DTLSSessionDelete timer (see
|
||
Section 4.7.6) expires. The data plane DTLS session is also
|
||
shut down, and all resources released, if a DTLS session was
|
||
established for the data plane. Any timers set for the
|
||
current instance of the state machine are also cleared.
|
||
|
||
AC: This is an invalid state transition for the AC.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 30]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
DTLS Teardown to Sulking (u): This transition occurs when repeated
|
||
attempts to setup the DTLS connection have failed.
|
||
|
||
WTP: The WTP enters this state when the FailedDTLSSessionCount or
|
||
the FailedDTLSAuthFailCount counter reaches the value of the
|
||
MaxFailedDTLSSessionRetry variable (see Section 4.8). Upon
|
||
entering this state, the WTP MUST start the SilentInterval
|
||
timer. While in the Sulking state, all received CAPWAP and
|
||
DTLS protocol messages received MUST be ignored.
|
||
|
||
AC: This is an invalid state transition for the AC.
|
||
|
||
DTLS Teardown to Dead (w): This transition occurs when the DTLS
|
||
session has been shut down.
|
||
|
||
WTP: This is an invalid state transition for the WTP.
|
||
|
||
AC: This state transition occurs when the AC has successfully
|
||
cleaned up all resources associated with the control plane
|
||
DTLS session , or if the DTLSSessionDelete timer (see
|
||
Section 4.7.6) expires. The data plane DTLS session is also
|
||
shut down, and all resources released, if a DTLS session was
|
||
established for the data plane. Any timers set for the
|
||
current instance of the state machine are also cleared. The
|
||
AC's Service thread is terminated.
|
||
|
||
2.3.2. CAPWAP/DTLS Interface
|
||
|
||
This section describes the DTLS Commands used by CAPWAP, and the
|
||
notifications received from DTLS to the CAPWAP protocol stack.
|
||
|
||
2.3.2.1. CAPWAP to DTLS Commands
|
||
|
||
Six commands are defined for the CAPWAP to DTLS API. These
|
||
"commands" are conceptual, and may be implemented as one or more
|
||
function calls. This API definition is provided to clarify
|
||
interactions between the DTLS and CAPWAP components of the integrated
|
||
CAPWAP state machine.
|
||
|
||
Below is a list of the minimal command APIs:
|
||
|
||
o DTLSStart is sent to the DTLS component to cause a DTLS session to
|
||
be established. Upon invoking the DTLSStart command, the WaitDTLS
|
||
timer is started. The WTP initiates this DTLS command, as the AC
|
||
does not initiate DTLS sessions.
|
||
|
||
o DTLSListen is sent to the DTLS component to allow the DTLS
|
||
component to listen for incoming DTLS session requests.
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 31]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
o DTLSAccept is sent to the DTLS component to allow the DTLS session
|
||
establishment to continue successfully.
|
||
|
||
o DTLSAbortSession is sent to the DTLS component to cause the
|
||
session that is in the process of being established to be aborted.
|
||
This command is also sent when the WaitDTLS timer expires. When
|
||
this command is executed, the FailedDTLSSessionCount counter is
|
||
incremented.
|
||
|
||
o DTLSShutdown is sent to the DTLS component to cause session
|
||
teardown.
|
||
|
||
o DTLSMtuUpdate is sent by the CAPWAP component to modify the MTU
|
||
size used by the DTLS component. See Section 3.5 for more
|
||
information on MTU Discovery. The default size is 1468 bytes.
|
||
|
||
2.3.2.2. DTLS to CAPWAP Notifications
|
||
|
||
DTLS notifications are defined for the DTLS to CAPWAP API. These
|
||
"notifications" are conceptual and may be implemented in numerous
|
||
ways (e.g., as function return values). This API definition is
|
||
provided to clarify interactions between the DTLS and CAPWAP
|
||
components of the integrated CAPWAP state machine. It is important
|
||
to note that the notifications listed below MAY cause the CAPWAP
|
||
state machine to jump from one state to another using a state
|
||
transition not listed in Section 2.3.1. When a notification listed
|
||
below occurs, the target CAPWAP state shown in Figure 4 becomes the
|
||
current state.
|
||
|
||
Below is a list of the API notifications:
|
||
|
||
o DTLSPeerAuthorize is sent to the CAPWAP component during DTLS
|
||
session establishment once the peer's identity has been received.
|
||
This notification MAY be used by the CAPWAP component to authorize
|
||
the session, based on the peer's identity. The authorization
|
||
process will lead to the CAPWAP component initiating either the
|
||
DTLSAccept or DTLSAbortSession commands.
|
||
|
||
o DTLSEstablished is sent to the CAPWAP component to indicate that a
|
||
secure channel now exists, using the parameters provided during
|
||
the DTLS initialization process. When this notification is
|
||
received, the FailedDTLSSessionCount counter is reset to zero.
|
||
When this notification is received, the WaitDTLS timer is stopped.
|
||
|
||
o DTLSEstablishFail is sent when the DTLS session establishment has
|
||
failed, either due to a local error or due to the peer rejecting
|
||
the session establishment. When this notification is received,
|
||
the FailedDTLSSessionCount counter is incremented.
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 32]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
o DTLSAuthenticateFail is sent when DTLS session establishment has
|
||
failed due to an authentication error. When this notification is
|
||
received, the FailedDTLSAuthFailCount counter is incremented.
|
||
|
||
o DTLSAborted is sent to the CAPWAP component to indicate that
|
||
session abort (as requested by CAPWAP) is complete; this occurs to
|
||
confirm a DTLS session abort or when the WaitDTLS timer expires.
|
||
When this notification is received, the WaitDTLS timer is stopped.
|
||
|
||
o DTLSReassemblyFailure MAY be sent to the CAPWAP component to
|
||
indicate DTLS fragment reassembly failure.
|
||
|
||
o DTLSDecapFailure MAY be sent to the CAPWAP module to indicate a
|
||
decapsulation failure. DTLSDecapFailure MAY be sent to the CAPWAP
|
||
module to indicate an encryption/authentication failure. This
|
||
notification is intended for informative purposes only, and is not
|
||
intended to cause a change in the CAPWAP state machine (see
|
||
Section 12.4).
|
||
|
||
o DTLSPeerDisconnect is sent to the CAPWAP component to indicate the
|
||
DTLS session has been torn down. Note that this notification is
|
||
only received if the DTLS session has been established.
|
||
|
||
2.4. Use of DTLS in the CAPWAP Protocol
|
||
|
||
DTLS is used as a tightly integrated, secure wrapper for the CAPWAP
|
||
protocol. In this document, DTLS and CAPWAP are discussed as
|
||
nominally distinct entities; however, they are very closely coupled,
|
||
and may even be implemented inseparably. Since there are DTLS
|
||
library implementations currently available, and since security
|
||
protocols (e.g., IPsec, TLS) are often implemented in widely
|
||
available acceleration hardware, it is both convenient and forward-
|
||
looking to maintain a modular distinction in this document.
|
||
|
||
This section describes a detailed walk-through of the interactions
|
||
between the DTLS module and the CAPWAP module, via 'commands' (CAPWAP
|
||
to DTLS) and 'notifications' (DTLS to CAPWAP) as they would be
|
||
encountered during the normal course of operation.
|
||
|
||
2.4.1. DTLS Handshake Processing
|
||
|
||
Details of the DTLS handshake process are specified in [RFC4347].
|
||
This section describes the interactions between the DTLS session
|
||
establishment process and the CAPWAP protocol. Note that the
|
||
conceptual DTLS state is shown below to help understand the point at
|
||
which the DTLS states transition. In the normal case, the DTLS
|
||
handshake will proceed as shown in Figure 5. (NOTE: this example
|
||
uses certificates, but pre-shared keys are also supported.)
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 33]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
============ ============
|
||
WTP AC
|
||
============ ============
|
||
ClientHello ------>
|
||
<------ HelloVerifyRequest
|
||
(with cookie)
|
||
|
||
ClientHello ------>
|
||
(with cookie)
|
||
<------ ServerHello
|
||
<------ Certificate
|
||
<------ ServerHelloDone
|
||
|
||
(WTP callout for AC authorization
|
||
occurs in CAPWAP Auth state)
|
||
|
||
Certificate*
|
||
ClientKeyExchange
|
||
CertificateVerify*
|
||
ChangeCipherSpec
|
||
Finished ------>
|
||
|
||
(AC callout for WTP authorization
|
||
occurs in CAPWAP Auth state)
|
||
|
||
ChangeCipherSpec
|
||
<------ Finished
|
||
|
||
Figure 5: DTLS Handshake
|
||
|
||
DTLS, as specified, provides its own retransmit timers with an
|
||
exponential back-off. [RFC4347] does not specify how long
|
||
retransmissions should continue. Consequently, timing out incomplete
|
||
DTLS handshakes is entirely the responsibility of the CAPWAP module.
|
||
|
||
The DTLS implementation used by CAPWAP MUST support TLS Session
|
||
Resumption. Session resumption is typically used to establish the
|
||
DTLS session used for the data channel. Since the data channel uses
|
||
different port numbers than the control channel, the DTLS
|
||
implementation on the WTP MUST provide an interface that allows the
|
||
CAPWAP module to request session resumption despite the use of the
|
||
different port numbers (TLS implementations usually attempt session
|
||
resumption only when connecting to the same IP address and port
|
||
number). Note that session resumption is not guaranteed to occur,
|
||
and a full DTLS handshake may occur instead.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 34]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
The DTLS implementation used by CAPWAP MUST use replay detection, per
|
||
Section 3.3 of [RFC4347]. Since the CAPWAP protocol handles
|
||
retransmissions by re-encrypting lost frames, any duplicate DTLS
|
||
frames are either unintentional or malicious and should be silently
|
||
discarded.
|
||
|
||
2.4.2. DTLS Session Establishment
|
||
|
||
The WTP, either through the Discovery process or through pre-
|
||
configuration, determines to which AC to connect. The WTP uses the
|
||
DTLSStart command to request that a secure connection be established
|
||
to the selected AC. Prior to initiation of the DTLS handshake, the
|
||
WTP sets the WaitDTLS timer. Upon invoking the DTLSStart or
|
||
DTLSListen commands, the WTP and AC, respectively, set the WaitDTLS
|
||
timer. If the DTLSEstablished notification is not received prior to
|
||
timer expiration, the DTLS session is aborted by issuing the
|
||
DTLSAbortSession DTLS command. This notification causes the CAPWAP
|
||
module to transition to the Idle state. Upon receiving a
|
||
DTLSEstablished notification, the WaitDTLS timer is deactivated.
|
||
|
||
2.4.3. DTLS Error Handling
|
||
|
||
If the AC or WTP does not respond to any DTLS handshake messages sent
|
||
by its peer, the DTLS specification calls for the message to be
|
||
retransmitted. Note that during the handshake, when both the AC and
|
||
the WTP are expecting additional handshake messages, they both
|
||
retransmit if an expected message has not been received (note that
|
||
retransmissions for CAPWAP Control messages work differently: all
|
||
CAPWAP Control messages are either requests or responses, and the
|
||
peer who sent the request is responsible for retransmissions).
|
||
|
||
If the WTP or the AC does not receive an expected DTLS handshake
|
||
message despite of retransmissions, the WaitDTLS timer will
|
||
eventually expire, and the session will be terminated. This can
|
||
happen if communication between the peers has completely failed, or
|
||
if one of the peers sent a DTLS Alert message that was lost in
|
||
transit (DTLS does not retransmit Alert messages).
|
||
|
||
If a cookie fails to validate, this could represent a WTP error, or
|
||
it could represent a DoS attack. Hence, AC resource utilization
|
||
SHOULD be minimized. The AC MAY log a message indicating the
|
||
failure, and SHOULD treat the message as though no cookie were
|
||
present.
|
||
|
||
Since DTLS Handshake messages are potentially larger than the maximum
|
||
record size, DTLS supports fragmenting of Handshake messages across
|
||
multiple records. There are several potential causes of re-assembly
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 35]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
errors, including overlapping and/or lost fragments. The DTLS
|
||
component MUST send a DTLSReassemblyFailure notification to the
|
||
CAPWAP component. Whether precise information is given along with
|
||
notification is an implementation issue, and hence is beyond the
|
||
scope of this document. Upon receipt of such an error, the CAPWAP
|
||
component SHOULD log an appropriate error message. Whether
|
||
processing continues or the DTLS session is terminated is
|
||
implementation dependent.
|
||
|
||
DTLS decapsulation errors consist of three types: decryption errors,
|
||
authentication errors, and malformed DTLS record headers. Since DTLS
|
||
authenticates the data prior to encapsulation, if decryption fails,
|
||
it is difficult to detect this without first attempting to
|
||
authenticate the packet. If authentication fails, a decryption error
|
||
is also likely, but not guaranteed. Rather than attempt to derive
|
||
(and require the implementation of) algorithms for detecting
|
||
decryption failures, decryption failures are reported as
|
||
authentication failures. The DTLS component MUST provide a
|
||
DTLSDecapFailure notification to the CAPWAP component when such
|
||
errors occur. If a malformed DTLS record header is detected, the
|
||
packets SHOULD be silently discarded, and the receiver MAY log an
|
||
error message.
|
||
|
||
There is currently only one encapsulation error defined: MTU
|
||
exceeded. As part of DTLS session establishment, the CAPWAP
|
||
component informs the DTLS component of the MTU size. This may be
|
||
dynamically modified at any time when the CAPWAP component sends the
|
||
DTLSMtuUpdate command to the DTLS component (see Section 2.3.2.1).
|
||
The value provided to the DTLS stack is the result of the MTU
|
||
Discovery process, which is described in Section 3.5. The DTLS
|
||
component returns this notification to the CAPWAP component whenever
|
||
a transmission request will result in a packet that exceeds the MTU.
|
||
|
||
2.4.4. DTLS Endpoint Authentication and Authorization
|
||
|
||
DTLS supports endpoint authentication with certificates or pre-shared
|
||
keys. The TLS algorithm suites for each endpoint authentication
|
||
method are described below.
|
||
|
||
2.4.4.1. Authenticating with Certificates
|
||
|
||
CAPWAP implementations only use cipher suites that are recommended
|
||
for use with DTLS, see [DTLS-DESIGN]. At present, the following
|
||
algorithms MUST be supported when using certificates for CAPWAP
|
||
authentication:
|
||
|
||
o TLS_RSA_WITH_AES_128_CBC_SHA [RFC5246]
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 36]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
The following algorithms SHOULD be supported when using certificates:
|
||
|
||
o TLS_DHE_RSA_WITH_AES_128_CBC_SHA [RFC5246]
|
||
|
||
The following algorithms MAY be supported when using certificates:
|
||
|
||
o TLS_RSA_WITH_AES_256_CBC_SHA [RFC5246]
|
||
|
||
o TLS_DHE_RSA_WITH_AES_256_CBC_SHA [RFC5246]
|
||
|
||
Additional ciphers MAY be defined in subsequent CAPWAP
|
||
specifications.
|
||
|
||
2.4.4.2. Authenticating with Pre-Shared Keys
|
||
|
||
Pre-shared keys present significant challenges from a security
|
||
perspective, and for that reason, their use is strongly discouraged.
|
||
Several methods for authenticating with pre-shared keys are defined
|
||
[RFC4279], and we focus on the following two:
|
||
|
||
o Pre-Shared Key (PSK) key exchange algorithm - simplest method,
|
||
ciphersuites use only symmetric key algorithms.
|
||
|
||
o DHE_PSK key exchange algorithm - use a PSK to authenticate a
|
||
Diffie-Hellman exchange. These ciphersuites give some additional
|
||
protection against dictionary attacks and also provide Perfect
|
||
Forward Secrecy (PFS).
|
||
|
||
The first approach (plain PSK) is susceptible to passive dictionary
|
||
attacks; hence, while this algorithm MUST be supported, special care
|
||
should be taken when choosing that method. In particular, user-
|
||
readable passphrases SHOULD NOT be used, and use of short PSKs SHOULD
|
||
be strongly discouraged.
|
||
|
||
The following cryptographic algorithms MUST be supported when using
|
||
pre-shared keys:
|
||
|
||
o TLS_PSK_WITH_AES_128_CBC_SHA [RFC5246]
|
||
|
||
o TLS_DHE_PSK_WITH_AES_128_CBC_SHA [RFC5246]
|
||
|
||
The following algorithms MAY be supported when using pre-shared keys:
|
||
|
||
o TLS_PSK_WITH_AES_256_CBC_SHA [RFC5246]
|
||
|
||
o TLS_DHE_PSK_WITH_AES_256_CBC_SHA [RFC5246]
|
||
|
||
Additional ciphers MAY be defined in following CAPWAP specifications.
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 37]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
2.4.4.3. Certificate Usage
|
||
|
||
Certificate authorization by the AC and WTP is required so that only
|
||
an AC may perform the functions of an AC and that only a WTP may
|
||
perform the functions of a WTP. This restriction of functions to the
|
||
AC or WTP requires that the certificates used by the AC MUST be
|
||
distinguishable from the certificate used by the WTP. To accomplish
|
||
this differentiation, the x.509 certificates MUST include the
|
||
Extended Key Usage (EKU) certificate extension [RFC5280].
|
||
|
||
The EKU field indicates one or more purposes for which a certificate
|
||
may be used. It is an essential part in authorization. Its syntax
|
||
is described in [RFC5280] and [ISO.9834-1.1993] and is as follows:
|
||
|
||
ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
|
||
|
||
KeyPurposeId ::= OBJECT IDENTIFIER
|
||
|
||
Here we define two KeyPurposeId values, one for the WTP and one for
|
||
the AC. Inclusion of one of these two values indicates a certificate
|
||
is authorized for use by a WTP or AC, respectively. These values are
|
||
formatted as id-kp fields.
|
||
|
||
id-kp OBJECT IDENTIFIER ::=
|
||
{ iso(1) identified-organization(3) dod(6) internet(1)
|
||
security(5) mechanisms(5) pkix(7) 3 }
|
||
|
||
id-kp-capwapAC OBJECT IDENTIFIER ::= { id-kp 18 }
|
||
|
||
id-kp-capwapWTP OBJECT IDENTIFIER ::= { id-kp 19 }
|
||
|
||
All capwap devices MUST support the ExtendedKeyUsage certificate
|
||
extension if it is present in a certificate. If the extension is
|
||
present, then the certificate MUST have either the id-kp-capwapAC or
|
||
the id-kp-anyExtendedKeyUsage keyPurposeID to act as an AC.
|
||
Similarly, if the extension is present, a device MUST have the id-kp-
|
||
capwapWTP or id-kp-anyExtendedKeyUsage keyPurposeID to act as a WTP.
|
||
|
||
Part of the CAPWAP certificate validation process includes ensuring
|
||
that the proper EKU is included and allowing the CAPWAP session to be
|
||
established only if the extension properly represents the device.
|
||
For instance, an AC SHOULD NOT accept a connection request from
|
||
another AC, and therefore MUST verify that the id-kp-capwapWTP EKU is
|
||
present in the certificate.
|
||
|
||
CAPWAP implementations MUST support certificates where the common
|
||
name (CN) for both the WTP and AC is the MAC address of that device.
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 38]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
The MAC address MUST be encoded in the PrintableString format, using
|
||
the well-recognized MAC address format of 01:23:45:67:89:ab. The CN
|
||
field MAY contain either of the EUI-48 [EUI-48] or EUI-64 [EUI-64]
|
||
MAC Address formats. This seemingly unconventional use of the CN
|
||
field is consistent with other standards that rely on device
|
||
certificates that are provisioned during the manufacturing process,
|
||
such as Packet Cable [PacketCable], Cable Labs [CableLabs], and WiMAX
|
||
[WiMAX]. See Section 12.8 for more information on the use of the MAC
|
||
address in the CN field.
|
||
|
||
ACs and WTPs MUST authorize (e.g., through access control lists)
|
||
certificates of devices to which they are connecting, e.g., based on
|
||
the issuer, MAC address, or organizational information specified in
|
||
the certificate. The identities specified in the certificates bind a
|
||
particular DTLS session to a specific pair of mutually authenticated
|
||
and authorized MAC addresses. The particulars of authorization
|
||
filter construction are implementation details which are, for the
|
||
most part, not within the scope of this specification. However, at
|
||
minimum, all devices MUST verify that the appropriate EKU bit is set
|
||
according to the role of the peer device (AC versus WTP), and that
|
||
the issuer of the certificate is appropriate for the domain in
|
||
question.
|
||
|
||
2.4.4.4. PSK Usage
|
||
|
||
When DTLS uses PSK Ciphersuites, the ServerKeyExchange message MUST
|
||
contain the "PSK identity hint" field and the ClientKeyExchange
|
||
message MUST contain the "PSK identity" field. These fields are used
|
||
to help the WTP select the appropriate PSK for use with the AC, and
|
||
then indicate to the AC which key is being used. When PSKs are
|
||
provisioned to WTPs and ACs, both the PSK Hint and PSK Identity for
|
||
the key MUST be specified.
|
||
|
||
The PSK Hint SHOULD uniquely identify the AC and the PSK Identity
|
||
SHOULD uniquely identify the WTP. It is RECOMMENDED that these hints
|
||
and identities be the ASCII HEX-formatted MAC addresses of the
|
||
respective devices, since each pairwise combination of WTP and AC
|
||
SHOULD have a unique PSK. The PSK Hint and Identity SHOULD be
|
||
sufficient to perform authorization, as simply having knowledge of a
|
||
PSK does not necessarily imply authorization.
|
||
|
||
If a single PSK is being used for multiple devices on a CAPWAP
|
||
network, which is NOT RECOMMENDED, the PSK Hint and Identity can no
|
||
longer be a MAC address, so appropriate hints and identities SHOULD
|
||
be selected to identify the group of devices to which the PSK is
|
||
provisioned.
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 39]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
3. CAPWAP Transport
|
||
|
||
Communication between a WTP and an AC is established using the
|
||
standard UDP client/server model. The CAPWAP protocol supports both
|
||
UDP and UDP-Lite [RFC3828] transport protocols. When run over IPv4,
|
||
UDP is used for the CAPWAP Control and Data channels.
|
||
|
||
When run over IPv6, the CAPWAP Control channel always uses UDP, while
|
||
the CAPWAP Data channel may use either UDP or UDP-Lite. UDP-Lite is
|
||
the default transport protocol for the CAPWAP Data channel. However,
|
||
if a middlebox or IPv4 to IPv6 gateway has been discovered, UDP is
|
||
used for the CAPWAP Data channel.
|
||
|
||
This section describes how the CAPWAP protocol is carried over IP and
|
||
UDP/UDP-Lite transport protocols. The CAPWAP Transport Protocol
|
||
message element, Section 4.6.14, describes the rules to use in
|
||
determining which transport protocol is to be used.
|
||
|
||
In order for CAPWAP to be compatible with potential middleboxes in
|
||
the network, CAPWAP implementations MUST send return traffic from the
|
||
same port on which they received traffic from a given peer. Further,
|
||
any unsolicited requests generated by a CAPWAP node MUST be sent on
|
||
the same port.
|
||
|
||
3.1. UDP Transport
|
||
|
||
One of the CAPWAP protocol requirements is to allow a WTP to reside
|
||
behind a middlebox, firewall, and/or Network Address Translation
|
||
(NAT) device. Since a CAPWAP session is initiated by the WTP
|
||
(client) to the well-known UDP port of the AC (server), the use of
|
||
UDP is a logical choice. When CAPWAP is run over IPv4, the UDP
|
||
checksum field in CAPWAP packets MUST be set to zero.
|
||
|
||
CAPWAP protocol control packets sent from the WTP to the AC use the
|
||
CAPWAP Control channel, as defined in Section 1.4. The CAPWAP
|
||
control port at the AC is the well-known UDP port 5246. The CAPWAP
|
||
control port at the WTP can be any port selected by the WTP.
|
||
|
||
CAPWAP protocol data packets sent from the WTP to the AC use the
|
||
CAPWAP Data channel, as defined in Section 1.4. The CAPWAP data port
|
||
at the AC is the well-known UDP port 5247. If an AC permits the
|
||
administrator to change the CAPWAP control port, the CAPWAP data port
|
||
MUST be the next consecutive port number. The CAPWAP data port at
|
||
the WTP can be any port selected by the WTP.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 40]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
3.2. UDP-Lite Transport
|
||
|
||
When CAPWAP is run over IPv6, UDP-Lite is the default transport
|
||
protocol, which reduces the checksum processing required for each
|
||
packet (compared to the use of UDP over IPv6 [RFC2460]). When UDP-
|
||
Lite is used, the checksum field MUST have a coverage of 8 [RFC3828].
|
||
|
||
UDP-Lite uses the same port assignments as UDP.
|
||
|
||
3.3. AC Discovery
|
||
|
||
The AC Discovery phase allows the WTP to determine which ACs are
|
||
available and choose the best AC with which to establish a CAPWAP
|
||
session. The Discovery phase occurs when the WTP enters the optional
|
||
Discovery state. A WTP does not need to complete the AC Discovery
|
||
phase if it uses a pre-configured AC. This section details the
|
||
mechanism used by a WTP to dynamically discover candidate ACs.
|
||
|
||
A WTP and an AC will frequently not reside in the same IP subnet
|
||
(broadcast domain). When this occurs, the WTP must be capable of
|
||
discovering the AC, without requiring that multicast services are
|
||
enabled in the network.
|
||
|
||
When the WTP attempts to establish communication with an AC, it sends
|
||
the Discovery Request message and receives the Discovery Response
|
||
message from the AC(s). The WTP MUST send the Discovery Request
|
||
message to either the limited broadcast IP address (255.255.255.255),
|
||
the well-known CAPWAP multicast address (224.0.1.140), or to the
|
||
unicast IP address of the AC. For IPv6 networks, since broadcast
|
||
does not exist, the use of "All ACs multicast address" (FF0X:0:0:0:0:
|
||
0:0:18C) is used instead. Upon receipt of the Discovery Request
|
||
message, the AC sends a Discovery Response message to the unicast IP
|
||
address of the WTP, regardless of whether the Discovery Request
|
||
message was sent as a broadcast, multicast, or unicast message.
|
||
|
||
WTP use of a limited IP broadcast, multicast, or unicast IP address
|
||
is implementation dependent. ACs, on the other hand, MUST support
|
||
broadcast, multicast, and unicast discovery.
|
||
|
||
When a WTP transmits a Discovery Request message to a unicast
|
||
address, the WTP must first obtain the IP address of the AC. Any
|
||
static configuration of an AC's IP address on the WTP non-volatile
|
||
storage is implementation dependent. However, additional dynamic
|
||
schemes are possible, for example:
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 41]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
DHCP: See [RFC5417] for more information on the use of DHCP to
|
||
discover AC IP addresses.
|
||
|
||
DNS: The WTP MAY support use of DNS Service Records (SRVs) [RFC2782]
|
||
to discover the AC address(es). In this case, the WTP first
|
||
obtains (e.g., from local configuration) the correct domain name
|
||
suffix (e.g., "example.com") and performs an SRV lookup with
|
||
Service name "capwap-control" and Proto "udp". Thus, the name
|
||
resolved in DNS would be, e.g., "_capwap-
|
||
control._udp.example.com". Note that the SRV record MAY specify a
|
||
non-default port number for the control channel; the port number
|
||
for the data channel is the next port number (control channel port
|
||
+ 1).
|
||
|
||
An AC MAY also communicate alternative ACs to the WTP within the
|
||
Discovery Response message through the AC IPv4 List (see
|
||
Section 4.6.2) and AC IPv6 List (see Section 4.6.2). The addresses
|
||
provided in these two message elements are intended to help the WTP
|
||
discover additional ACs through means other than those listed above.
|
||
|
||
The AC Name with Priority message element (see Section 4.6.5) is used
|
||
to communicate a list of preferred ACs to the WTP. The WTP SHOULD
|
||
attempt to utilize the ACs listed in the order provided by the AC.
|
||
The Name-to-IP Address mapping is handled via the Discovery message
|
||
exchange, in which the ACs provide their identity in the AC Name (see
|
||
Section 4.6.4) message element in the Discovery Response message.
|
||
|
||
Once the WTP has received Discovery Response messages from the
|
||
candidate ACs, it MAY use other factors to determine the preferred
|
||
AC. For instance, each binding defines a WTP Radio Information
|
||
message element (see Section 2.1), which the AC includes in Discovery
|
||
Response messages. The presence of one or more of these message
|
||
elements is used to identify the CAPWAP bindings supported by the AC.
|
||
A WTP MAY connect to an AC based on the supported bindings
|
||
advertised.
|
||
|
||
3.4. Fragmentation/Reassembly
|
||
|
||
While fragmentation and reassembly services are provided by IP, the
|
||
CAPWAP protocol also provides such services. Environments where the
|
||
CAPWAP protocol is used involve firewall, NAT, and "middlebox"
|
||
devices, which tend to drop IP fragments to minimize possible DoS
|
||
attacks. By providing fragmentation and reassembly at the
|
||
application layer, any fragmentation required due to the tunneling
|
||
component of the CAPWAP protocol becomes transparent to these
|
||
intermediate devices. Consequently, the CAPWAP protocol can be used
|
||
in any network topology including firewall, NAT, and middlebox
|
||
devices.
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 42]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
It is important to note that the fragmentation mechanism employed by
|
||
CAPWAP has known limitations and deficiencies, which are similar to
|
||
those described in [RFC4963]. The limited size of the Fragment ID
|
||
field (see Section 4.3) can cause wrapping of the field, and hence
|
||
cause fragments from different datagrams to be incorrectly spliced
|
||
together (known as "mis-associated"). For example, a 100Mpbs link
|
||
with an MTU of 1500 (causing fragmentation at 1450 bytes) would cause
|
||
the Fragment ID field wrap in 8 seconds. Consequently, CAPWAP
|
||
implementers are warned to properly size their buffers for reassembly
|
||
purposes based on the expected wireless technology throughput.
|
||
|
||
CAPWAP implementations SHOULD perform MTU Discovery (see
|
||
Section 3.5), which can avoid the need for fragmentation. At the
|
||
time of writing of this specification, most enterprise switching and
|
||
routing infrastructure were capable of supporting "mini-jumbo" frames
|
||
(1800 bytes), which eliminates the need for fragmentation (assuming
|
||
the station's MTU is 1500 bytes). The need for fragmentation
|
||
typically continues to exist when the WTP communicates with the AC
|
||
over a Wide Area Network (WAN). Therefore, future versions of the
|
||
CAPWAP protocol SHOULD consider either increasing the size of the
|
||
Fragment ID field or providing alternative extensions.
|
||
|
||
3.5. MTU Discovery
|
||
|
||
Once a WTP has discovered the AC with which it wishes to establish a
|
||
CAPWAP session, it SHOULD perform a Path MTU (PMTU) discovery. One
|
||
recommendation for performing PMTU discovery is to have the WTP
|
||
transmit Discovery Request (see Section 5.1) messages, and include
|
||
the MTU Discovery Padding message element (see Section 4.6.32). The
|
||
actual procedures used for PMTU discovery are described in [RFC1191]
|
||
for IPv4; for IPv6, [RFC1981] SHOULD be used. Alternatively,
|
||
implementers MAY use the procedures defined in [RFC4821]. The WTP
|
||
SHOULD also periodically re-evaluate the PMTU using the guidelines
|
||
provided in these two RFCs, using the Primary Discovery Request (see
|
||
Section 5.3) along with the MTU Discovery Padding message element
|
||
(see Section 4.6.32). When the MTU is initially known, or updated in
|
||
the case where an existing session already exists, the discovered
|
||
PMTU is used to configure the DTLS component (see Section 2.3.2.1),
|
||
while non-DTLS frames need to be fragmented to fit the MTU, defined
|
||
in Section 3.4.
|
||
|
||
4. CAPWAP Packet Formats
|
||
|
||
This section contains the CAPWAP protocol packet formats. A CAPWAP
|
||
protocol packet consists of one or more CAPWAP Transport Layer packet
|
||
headers followed by a CAPWAP message. The CAPWAP message can be
|
||
either of type Control or Data, where Control packets carry
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 43]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
signaling, and Data packets carry user payloads. The CAPWAP frame
|
||
formats for CAPWAP Data packets, and for DTLS encapsulated CAPWAP
|
||
Data and Control packets are defined below.
|
||
|
||
The CAPWAP Control protocol includes two messages that are never
|
||
protected by DTLS: the Discovery Request message and the Discovery
|
||
Response message. These messages need to be in the clear to allow
|
||
the CAPWAP protocol to properly identify and process them. The
|
||
format of these packets are as follows:
|
||
|
||
CAPWAP Control Packet (Discovery Request/Response):
|
||
+-------------------------------------------+
|
||
| IP | UDP | CAPWAP | Control | Message |
|
||
| Hdr | Hdr | Header | Header | Element(s) |
|
||
+-------------------------------------------+
|
||
|
||
All other CAPWAP Control protocol messages MUST be protected via the
|
||
DTLS protocol, which ensures that the packets are both authenticated
|
||
and encrypted. These packets include the CAPWAP DTLS Header, which
|
||
is described in Section 4.2. The format of these packets is as
|
||
follows:
|
||
|
||
CAPWAP Control Packet (DTLS Security Required):
|
||
+------------------------------------------------------------------+
|
||
| IP | UDP | CAPWAP | DTLS | CAPWAP | Control| Message | DTLS |
|
||
| Hdr | Hdr | DTLS Hdr | Hdr | Header | Header | Element(s)| Trlr |
|
||
+------------------------------------------------------------------+
|
||
\---------- authenticated -----------/
|
||
\------------- encrypted ------------/
|
||
|
||
The CAPWAP protocol allows optional protection of data packets, using
|
||
DTLS. Use of data packet protection is determined by AC policy.
|
||
When DTLS is utilized, the optional CAPWAP DTLS Header is present,
|
||
which is described in Section 4.2. The format of CAPWAP Data packets
|
||
is shown below:
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 44]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
CAPWAP Plain Text Data Packet :
|
||
+-------------------------------+
|
||
| IP | UDP | CAPWAP | Wireless |
|
||
| Hdr | Hdr | Header | Payload |
|
||
+-------------------------------+
|
||
|
||
DTLS Secured CAPWAP Data Packet:
|
||
+--------------------------------------------------------+
|
||
| IP | UDP | CAPWAP | DTLS | CAPWAP | Wireless | DTLS |
|
||
| Hdr | Hdr | DTLS Hdr | Hdr | Hdr | Payload | Trlr |
|
||
+--------------------------------------------------------+
|
||
\------ authenticated -----/
|
||
\------- encrypted --------/
|
||
|
||
UDP Header: All CAPWAP packets are encapsulated within either UDP,
|
||
or UDP-Lite when used over IPv6. Section 3 defines the specific
|
||
UDP or UDP-Lite usage.
|
||
|
||
CAPWAP DTLS Header: All DTLS encrypted CAPWAP protocol packets are
|
||
prefixed with the CAPWAP DTLS Header (see Section 4.2).
|
||
|
||
DTLS Header: The DTLS Header provides authentication and encryption
|
||
services to the CAPWAP payload it encapsulates. This protocol is
|
||
defined in [RFC4347].
|
||
|
||
CAPWAP Header: All CAPWAP protocol packets use a common header that
|
||
immediately follows the CAPWAP preamble or DTLS Header. The
|
||
CAPWAP Header is defined in Section 4.3.
|
||
|
||
Wireless Payload: A CAPWAP protocol packet that contains a wireless
|
||
payload is a CAPWAP Data packet. The CAPWAP protocol does not
|
||
specify the format of the wireless payload, which is defined by
|
||
the appropriate wireless standard. Additional information is in
|
||
Section 4.4.
|
||
|
||
Control Header: The CAPWAP protocol includes a signaling component,
|
||
known as the CAPWAP Control protocol. All CAPWAP Control packets
|
||
include a Control Header, which is defined in Section 4.5.1.
|
||
CAPWAP Data packets do not contain a Control Header field.
|
||
|
||
Message Elements: A CAPWAP Control packet includes one or more
|
||
message elements, which are found immediately following the
|
||
Control Header. These message elements are in a Type/Length/Value
|
||
style header, defined in Section 4.6.
|
||
|
||
A CAPWAP implementation MUST be capable of receiving a reassembled
|
||
CAPWAP message of length 4096 bytes. A CAPWAP implementation MAY
|
||
indicate that it supports a higher maximum message length, by
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 45]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
including the Maximum Message Length message element, see
|
||
Section 4.6.31, in the Join Request message or the Join Response
|
||
message.
|
||
|
||
4.1. CAPWAP Preamble
|
||
|
||
The CAPWAP preamble is common to all CAPWAP transport headers and is
|
||
used to identify the header type that immediately follows. The
|
||
reason for this preamble is to avoid needing to perform byte
|
||
comparisons in order to guess whether or not the frame is DTLS
|
||
encrypted. It also provides an extensibility framework that can be
|
||
used to support additional transport types. The format of the
|
||
preamble is as follows:
|
||
|
||
0
|
||
0 1 2 3 4 5 6 7
|
||
+-+-+-+-+-+-+-+-+
|
||
|Version| Type |
|
||
+-+-+-+-+-+-+-+-+
|
||
|
||
Version: A 4-bit field that contains the version of CAPWAP used in
|
||
this packet. The value for this specification is zero (0).
|
||
|
||
Type: A 4-bit field that specifies the payload type that follows the
|
||
UDP header. The following values are supported:
|
||
|
||
0 - CAPWAP Header. The CAPWAP Header (see Section 4.3)
|
||
immediately follows the UDP header. If the packet is
|
||
received on the CAPWAP Data channel, the CAPWAP stack MUST
|
||
treat the packet as a clear text CAPWAP Data packet. If
|
||
received on the CAPWAP Control channel, the CAPWAP stack
|
||
MUST treat the packet as a clear text CAPWAP Control packet.
|
||
If the control packet is not a Discovery Request or
|
||
Discovery Response packet, the packet MUST be dropped.
|
||
|
||
1 - CAPWAP DTLS Header. The CAPWAP DTLS Header (and DTLS
|
||
packet) immediately follows the UDP header (see
|
||
Section 4.2).
|
||
|
||
4.2. CAPWAP DTLS Header
|
||
|
||
The CAPWAP DTLS Header is used to identify the packet as a DTLS
|
||
encrypted packet. The first eight bits include the common CAPWAP
|
||
Preamble. The remaining 24 bits are padding to ensure 4-byte
|
||
alignment, and MAY be used in a future version of the protocol. The
|
||
DTLS packet [RFC4347] always immediately follows this header. The
|
||
format of the CAPWAP DTLS Header is as follows:
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 46]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
0 1 2 3
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|CAPWAP Preamble| Reserved |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
CAPWAP Preamble: The CAPWAP Preamble is defined in Section 4.1. The
|
||
CAPWAP Preamble's Payload Type field MUST be set to one (1).
|
||
|
||
Reserved: The 24-bit field is reserved for future use. All
|
||
implementations complying with this protocol MUST set to zero any
|
||
bits that are reserved in the version of the protocol supported by
|
||
that implementation. Receivers MUST ignore all bits not defined
|
||
for the version of the protocol they support.
|
||
|
||
4.3. CAPWAP Header
|
||
|
||
All CAPWAP protocol messages are encapsulated using a common header
|
||
format, regardless of the CAPWAP Control or CAPWAP Data transport
|
||
used to carry the messages. However, certain flags are not
|
||
applicable for a given transport. Refer to the specific transport
|
||
section in order to determine which flags are valid.
|
||
|
||
Note that the optional fields defined in this section MUST be present
|
||
in the precise order shown below.
|
||
|
||
0 1 2 3
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|CAPWAP Preamble| HLEN | RID | WBID |T|F|L|W|M|K|Flags|
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Fragment ID | Frag Offset |Rsvd |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| (optional) Radio MAC Address |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| (optional) Wireless Specific Information |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Payload .... |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
CAPWAP Preamble: The CAPWAP Preamble is defined in Section 4.1. The
|
||
CAPWAP Preamble's Payload Type field MUST be set to zero (0). If
|
||
the CAPWAP DTLS Header is present, the version number in both
|
||
CAPWAP Preambles MUST match. The reason for this duplicate field
|
||
is to avoid any possible tampering of the version field in the
|
||
preamble that is not encrypted or authenticated.
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 47]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
HLEN: A 5-bit field containing the length of the CAPWAP transport
|
||
header in 4-byte words (similar to IP header length). This length
|
||
includes the optional headers.
|
||
|
||
RID: A 5-bit field that contains the Radio ID number for this
|
||
packet, whose value is between one (1) and 31. Given that MAC
|
||
Addresses are not necessarily unique across physical radios in a
|
||
WTP, the Radio Identifier (RID) field is used to indicate with
|
||
which physical radio the message is associated.
|
||
|
||
WBID: A 5-bit field that is the wireless binding identifier. The
|
||
identifier will indicate the type of wireless packet associated
|
||
with the radio. The following values are defined:
|
||
|
||
0 - Reserved
|
||
|
||
1 - IEEE 802.11
|
||
|
||
2 - Reserved
|
||
|
||
3 - EPCGlobal [EPCGlobal]
|
||
|
||
T: The Type 'T' bit indicates the format of the frame being
|
||
transported in the payload. When this bit is set to one (1), the
|
||
payload has the native frame format indicated by the WBID field.
|
||
When this bit is zero (0), the payload is an IEEE 802.3 frame.
|
||
|
||
F: The Fragment 'F' bit indicates whether this packet is a fragment.
|
||
When this bit is one (1), the packet is a fragment and MUST be
|
||
combined with the other corresponding fragments to reassemble the
|
||
complete information exchanged between the WTP and AC.
|
||
|
||
L: The Last 'L' bit is valid only if the 'F' bit is set and indicates
|
||
whether the packet contains the last fragment of a fragmented
|
||
exchange between WTP and AC. When this bit is one (1), the packet
|
||
is the last fragment. When this bit is (zero) 0, the packet is
|
||
not the last fragment.
|
||
|
||
W: The Wireless 'W' bit is used to specify whether the optional
|
||
Wireless Specific Information field is present in the header. A
|
||
value of one (1) is used to represent the fact that the optional
|
||
header is present.
|
||
|
||
M: The Radio MAC 'M' bit is used to indicate that the Radio MAC
|
||
Address optional header is present. This is used to communicate
|
||
the MAC address of the receiving radio.
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 48]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
K: The Keep-Alive 'K' bit indicates the packet is a Data Channel
|
||
Keep-Alive packet. This packet is used to map the data channel to
|
||
the control channel for the specified Session ID and to maintain
|
||
freshness of the data channel. The 'K' bit MUST NOT be set for
|
||
data packets containing user data.
|
||
|
||
Flags: A set of reserved bits for future flags in the CAPWAP Header.
|
||
All implementations complying with this protocol MUST set to zero
|
||
any bits that are reserved in the version of the protocol
|
||
supported by that implementation. Receivers MUST ignore all bits
|
||
not defined for the version of the protocol they support.
|
||
|
||
Fragment ID: A 16-bit field whose value is assigned to each group of
|
||
fragments making up a complete set. The Fragment ID space is
|
||
managed individually for each direction for every WTP/AC pair.
|
||
The value of Fragment ID is incremented with each new set of
|
||
fragments. The Fragment ID wraps to zero after the maximum value
|
||
has been used to identify a set of fragments.
|
||
|
||
Fragment Offset: A 13-bit field that indicates where in the payload
|
||
this fragment belongs during re-assembly. This field is valid
|
||
when the 'F' bit is set to 1. The fragment offset is measured in
|
||
units of 8 octets (64 bits). The first fragment has offset zero.
|
||
Note that the CAPWAP protocol does not allow for overlapping
|
||
fragments.
|
||
|
||
Reserved: The 3-bit field is reserved for future use. All
|
||
implementations complying with this protocol MUST set to zero any
|
||
bits that are reserved in the version of the protocol supported by
|
||
that implementation. Receivers MUST ignore all bits not defined
|
||
for the version of the protocol they support.
|
||
|
||
Radio MAC Address: This optional field contains the MAC address of
|
||
the radio receiving the packet. Because the native wireless frame
|
||
format to IEEE 802.3 format causes the MAC address of the WTP's
|
||
radio to be lost, this field allows the address to be communicated
|
||
to the AC. This field is only present if the 'M' bit is set. The
|
||
HLEN field assumes 4-byte alignment, and this field MUST be padded
|
||
with zeroes (0x00) if it is not 4-byte aligned.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 49]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
The field contains the basic format:
|
||
|
||
0 1 2 3
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Length | MAC Address
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
Length: The length of the MAC address field. The formats and
|
||
lengths specified in [EUI-48] and [EUI-64] are supported.
|
||
|
||
MAC Address: The MAC address of the receiving radio.
|
||
|
||
Wireless Specific Information: This optional field contains
|
||
technology-specific information that may be used to carry per-
|
||
packet wireless information. This field is only present if the
|
||
'W' bit is set. The WBID field in the CAPWAP Header is used to
|
||
identify the format of the Wireless-Specific Information optional
|
||
field. The HLEN field assumes 4-byte alignment, and this field
|
||
MUST be padded with zeroes (0x00) if it is not 4-byte aligned.
|
||
|
||
The Wireless-Specific Information field uses the following format:
|
||
|
||
0 1 2 3
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Length | Data...
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
Length: The 8-bit field contains the length of the data field,
|
||
with a maximum size of 255.
|
||
|
||
Data: Wireless-specific information, defined by the wireless-
|
||
specific binding specified in the CAPWAP Header's WBID field.
|
||
|
||
Payload: This field contains the header for a CAPWAP Data Message or
|
||
CAPWAP Control Message, followed by the data contained in the
|
||
message.
|
||
|
||
4.4. CAPWAP Data Messages
|
||
|
||
There are two different types of CAPWAP Data packets: CAPWAP Data
|
||
Channel Keep-Alive packets and Data Payload packets. The first is
|
||
used by the WTP to synchronize the control and data channels and to
|
||
maintain freshness of the data channel. The second is used to
|
||
transmit user payloads between the AC and WTP. This section
|
||
describes both types of CAPWAP Data packet formats.
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 50]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
Both CAPWAP Data messages are transmitted on the CAPWAP Data channel.
|
||
|
||
4.4.1. CAPWAP Data Channel Keep-Alive
|
||
|
||
The CAPWAP Data Channel Keep-Alive packet is used to bind the CAPWAP
|
||
control channel with the data channel, and to maintain freshness of
|
||
the data channel, ensuring that the channel is still functioning.
|
||
The CAPWAP Data Channel Keep-Alive packet is transmitted by the WTP
|
||
when the DataChannelKeepAlive timer expires (see Section 4.7.2).
|
||
When the CAPWAP Data Channel Keep-Alive packet is transmitted, the
|
||
WTP sets the DataChannelDeadInterval timer.
|
||
|
||
In the CAPWAP Data Channel Keep-Alive packet, all of the fields in
|
||
the CAPWAP Header, except the HLEN field and the 'K' bit, are set to
|
||
zero upon transmission. Upon receiving a CAPWAP Data Channel Keep-
|
||
Alive packet, the AC transmits a CAPWAP Data Channel Keep-Alive
|
||
packet back to the WTP. The contents of the transmitted packet are
|
||
identical to the contents of the received packet.
|
||
|
||
Upon receiving a CAPWAP Data Channel Keep-Alive packet, the WTP
|
||
cancels the DataChannelDeadInterval timer and resets the
|
||
DataChannelKeepAlive timer. The CAPWAP Data Channel Keep-Alive
|
||
packet is retransmitted by the WTP in the same manner as the CAPWAP
|
||
Control messages. If the DataChannelDeadInterval timer expires, the
|
||
WTP tears down the control DTLS session, and the data DTLS session if
|
||
one existed.
|
||
|
||
The CAPWAP Data Channel Keep-Alive packet contains the following
|
||
payload immediately following the CAPWAP Header (see Section 4.3).
|
||
|
||
0 1 2 3
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Message Element Length | Message Element [0..N] ...
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
Message Element Length: The 16-bit Length field indicates the
|
||
number of bytes following the CAPWAP Header, with a maximum size
|
||
of 65535.
|
||
|
||
Message Element[0..N]: The message element(s) carry the information
|
||
pertinent to each of the CAPWAP Data Channel Keep-Alive message.
|
||
The following message elements MUST be present in this CAPWAP
|
||
message:
|
||
|
||
Session ID, see Section 4.6.37.
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 51]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
4.4.2. Data Payload
|
||
|
||
A CAPWAP protocol Data Payload packet encapsulates a forwarded
|
||
wireless frame. The CAPWAP protocol defines two different modes of
|
||
encapsulation: IEEE 802.3 and native wireless. IEEE 802.3
|
||
encapsulation requires that for 802.11 frames, the 802.11
|
||
*Integration* function be performed in the WTP. An IEEE 802.3-
|
||
encapsulated user payload frame has the following format:
|
||
|
||
+------------------------------------------------------+
|
||
| IP Header | UDP Header | CAPWAP Header | 802.3 Frame |
|
||
+------------------------------------------------------+
|
||
|
||
The CAPWAP protocol also defines the native wireless encapsulation
|
||
mode. The format of the encapsulated CAPWAP Data frame is subject to
|
||
the rules defined by the specific wireless technology binding. Each
|
||
wireless technology binding MUST contain a section entitled "Payload
|
||
Encapsulation", which defines the format of the wireless payload that
|
||
is encapsulated within CAPWAP Data packets.
|
||
|
||
For 802.3 payload frames, the 802.3 frame is encapsulated (excluding
|
||
the IEEE 802.3 Preamble, Start Frame Delimiter (SFD), and Frame Check
|
||
Sequence (FCS) fields). If the encapsulated frame would exceed the
|
||
transport layer's MTU, the sender is responsible for the
|
||
fragmentation of the frame, as specified in Section 3.4. The CAPWAP
|
||
protocol can support IEEE 802.3 frames whose length is defined in the
|
||
IEEE 802.3as specification [FRAME-EXT].
|
||
|
||
4.4.3. Establishment of a DTLS Data Channel
|
||
|
||
If the AC and WTP are configured to tunnel the data channel over
|
||
DTLS, the proper DTLS session must be initiated. To avoid having to
|
||
reauthenticate and reauthorize an AC and WTP, the DTLS data channel
|
||
SHOULD be initiated using the TLS session resumption feature
|
||
[RFC5246].
|
||
|
||
The AC DTLS implementation MUST NOT initiate a data channel session
|
||
for a DTLS session for which there is no active control channel
|
||
session.
|
||
|
||
4.5. CAPWAP Control Messages
|
||
|
||
The CAPWAP Control protocol provides a control channel between the
|
||
WTP and the AC. Control messages are divided into the following
|
||
message types:
|
||
|
||
Discovery: CAPWAP Discovery messages are used to identify potential
|
||
ACs, their load and capabilities.
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 52]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
Join: CAPWAP Join messages are used by a WTP to request service from
|
||
an AC, and for the AC to respond to the WTP.
|
||
|
||
Control Channel Management: CAPWAP Control channel management
|
||
messages are used to maintain the control channel.
|
||
|
||
WTP Configuration Management: The WTP Configuration messages are
|
||
used by the AC to deliver a specific configuration to the WTP.
|
||
Messages that retrieve statistics from a WTP are also included in
|
||
WTP Configuration Management.
|
||
|
||
Station Session Management: Station Session Management messages are
|
||
used by the AC to deliver specific station policies to the WTP.
|
||
|
||
Device Management Operations: Device management operations are used
|
||
to request and deliver a firmware image to the WTP.
|
||
|
||
Binding-Specific CAPWAP Management Messages: Messages in this
|
||
category are used by the AC and the WTP to exchange protocol-
|
||
specific CAPWAP management messages. These messages may or may
|
||
not be used to change the link state of a station.
|
||
|
||
Discovery, Join, Control Channel Management, WTP Configuration
|
||
Management, and Station Session Management CAPWAP Control messages
|
||
MUST be implemented. Device Management Operations messages MAY be
|
||
implemented.
|
||
|
||
CAPWAP Control messages sent from the WTP to the AC indicate that the
|
||
WTP is operational, providing an implicit keep-alive mechanism for
|
||
the WTP. The Control Channel Management Echo Request and Echo
|
||
Response messages provide an explicit keep-alive mechanism when other
|
||
CAPWAP Control messages are not exchanged.
|
||
|
||
4.5.1. Control Message Format
|
||
|
||
All CAPWAP Control messages are sent encapsulated within the CAPWAP
|
||
Header (see Section 4.3). Immediately following the CAPWAP Header is
|
||
the control header, which has the following format:
|
||
|
||
0 1 2 3
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Message Type |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Seq Num | Msg Element Length | Flags |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Msg Element [0..N] ...
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 53]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
4.5.1.1. Message Type
|
||
|
||
The Message Type field identifies the function of the CAPWAP Control
|
||
message. To provide extensibility, the Message Type field is
|
||
comprised of an IANA Enterprise Number [RFC3232] and an enterprise-
|
||
specific message type number. The first three octets contain the
|
||
IANA Enterprise Number in network byte order, with zero used for
|
||
CAPWAP base protocol (this specification) defined message types. The
|
||
last octet is the enterprise-specific message type number, which has
|
||
a range from 0 to 255.
|
||
|
||
The Message Type field is defined as:
|
||
|
||
Message Type =
|
||
IANA Enterprise Number * 256 +
|
||
Enterprise Specific Message Type Number
|
||
|
||
The CAPWAP protocol reliability mechanism requires that messages be
|
||
defined in pairs, consisting of both a Request and a Response
|
||
message. The Response message MUST acknowledge the Request message.
|
||
The assignment of CAPWAP Control Message Type Values always occurs in
|
||
pairs. All Request messages have odd numbered Message Type Values,
|
||
and all Response messages have even numbered Message Type Values.
|
||
The Request value MUST be assigned first. As an example, assigning a
|
||
Message Type Value of 3 for a Request message and 4 for a Response
|
||
message is valid, while assigning a Message Type Value of 4 for a
|
||
Response message and 5 for the corresponding Request message is
|
||
invalid.
|
||
|
||
When a WTP or AC receives a message with a Message Type Value field
|
||
that is not recognized and is an odd number, the number in the
|
||
Message Type Value Field is incremented by one, and a Response
|
||
message with a Message Type Value field containing the incremented
|
||
value and containing the Result Code message element with the value
|
||
(Unrecognized Request) is returned to the sender of the received
|
||
message. If the unknown message type is even, the message is
|
||
ignored.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 54]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
The valid values for CAPWAP Control Message Types are specified in
|
||
the table below:
|
||
|
||
CAPWAP Control Message Message Type
|
||
Value
|
||
Discovery Request 1
|
||
Discovery Response 2
|
||
Join Request 3
|
||
Join Response 4
|
||
Configuration Status Request 5
|
||
Configuration Status Response 6
|
||
Configuration Update Request 7
|
||
Configuration Update Response 8
|
||
WTP Event Request 9
|
||
WTP Event Response 10
|
||
Change State Event Request 11
|
||
Change State Event Response 12
|
||
Echo Request 13
|
||
Echo Response 14
|
||
Image Data Request 15
|
||
Image Data Response 16
|
||
Reset Request 17
|
||
Reset Response 18
|
||
Primary Discovery Request 19
|
||
Primary Discovery Response 20
|
||
Data Transfer Request 21
|
||
Data Transfer Response 22
|
||
Clear Configuration Request 23
|
||
Clear Configuration Response 24
|
||
Station Configuration Request 25
|
||
Station Configuration Response 26
|
||
|
||
4.5.1.2. Sequence Number
|
||
|
||
The Sequence Number field is an identifier value used to match
|
||
Request and Response packets. When a CAPWAP packet with a Request
|
||
Message Type Value is received, the value of the Sequence Number
|
||
field is copied into the corresponding Response message.
|
||
|
||
When a CAPWAP Control message is sent, the sender's internal sequence
|
||
number counter is monotonically incremented, ensuring that no two
|
||
pending Request messages have the same sequence number. The Sequence
|
||
Number field wraps back to zero.
|
||
|
||
4.5.1.3. Message Element Length
|
||
|
||
The Length field indicates the number of bytes following the Sequence
|
||
Number field.
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 55]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
4.5.1.4. Flags
|
||
|
||
The Flags field MUST be set to zero.
|
||
|
||
4.5.1.5. Message Element [0..N]
|
||
|
||
The message element(s) carry the information pertinent to each of the
|
||
control message types. Every control message in this specification
|
||
specifies which message elements are permitted.
|
||
|
||
When a WTP or AC receives a CAPWAP message without a message element
|
||
that is specified as mandatory for the CAPWAP message, then the
|
||
CAPWAP message is discarded. If the received message was a Request
|
||
message for which the corresponding Response message carries message
|
||
elements, then a corresponding Response message with a Result Code
|
||
message element indicating "Failure - Missing Mandatory Message
|
||
Element" is returned to the sender.
|
||
|
||
When a WTP or AC receives a CAPWAP message with a message element
|
||
that the WTP or AC does not recognize, the CAPWAP message is
|
||
discarded. If the received message was a Request message for which
|
||
the corresponding Response message carries message elements, then a
|
||
corresponding Response message with a Result Code message element
|
||
indicating "Failure - Unrecognized Message Element" and one or more
|
||
Returned Message Element message elements is included, containing the
|
||
unrecognized message element(s).
|
||
|
||
4.5.2. Quality of Service
|
||
|
||
The CAPWAP base protocol does not provide any Quality of Service
|
||
(QoS) recommendations for use with the CAPWAP Data messages. Any
|
||
wireless-specific CAPWAP binding specification that has QoS
|
||
requirements MUST define the application of QoS to the CAPWAP Data
|
||
messages.
|
||
|
||
The IP header also includes the Explicit Congestion Notification
|
||
(ECN) bits [RFC3168]. Section 9.1.1 of [RFC3168] describes two
|
||
levels of ECN functionality: full functionality and limited
|
||
functionality. CAPWAP ACs and WTPs SHALL implement the limited
|
||
functionality and are RECOMMENDED to implement the full functionality
|
||
described in [RFC3168].
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 56]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
4.5.2.1. Applying QoS to CAPWAP Control Message
|
||
|
||
It is recommended that CAPWAP Control messages be sent by both the AC
|
||
and the WTP with an appropriate Quality-of-Service precedence value,
|
||
ensuring that congestion in the network minimizes occurrences of
|
||
CAPWAP Control channel disconnects. Therefore, a QoS-enabled CAPWAP
|
||
device SHOULD use the following values:
|
||
|
||
802.1Q: The priority tag of 7 SHOULD be used.
|
||
|
||
DSCP: The CS6 per-hop behavior Service Class SHOULD be used, which
|
||
is described in [RFC2474]).
|
||
|
||
4.5.3. Retransmissions
|
||
|
||
The CAPWAP Control protocol operates as a reliable transport. For
|
||
each Request message, a Response message is defined, which is used to
|
||
acknowledge receipt of the Request message. In addition, the control
|
||
header Sequence Number field is used to pair the Request and Response
|
||
messages (see Section 4.5.1).
|
||
|
||
Response messages are not explicitly acknowledged; therefore, if a
|
||
Response message is not received, the original Request message is
|
||
retransmitted.
|
||
|
||
Implementations MUST keep track of the sequence number of the last
|
||
received Request message, and MUST cache the corresponding Response
|
||
message. If a retransmission with the same sequence number is
|
||
received, the cached Response message MUST be retransmitted without
|
||
re-processing the Request. If an older Request message is received,
|
||
meaning one where the sequence number is smaller, it MUST be ignored.
|
||
A newer Request message, meaning one whose sequence number is larger,
|
||
is processed as usual.
|
||
|
||
Note: A sequence number is considered "smaller" when s1 is smaller
|
||
than s2 modulo 256 if and only if (s1<s2 and (s2-s1)<128) or
|
||
(s1>s2 and (s1-s2)>128).
|
||
|
||
Both the WTP and the AC can only have a single request outstanding at
|
||
any given time. Retransmitted Request messages MUST NOT be altered
|
||
by the sender.
|
||
|
||
After transmitting a Request message, the RetransmitInterval (see
|
||
Section 4.7) timer and MaxRetransmit (see Section 4.8) variable are
|
||
used to determine if the original Request message needs to be
|
||
retransmitted. The RetransmitInterval timer is used the first time
|
||
the Request is retransmitted. The timer is then doubled every
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 57]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
subsequent time the same Request message is retransmitted, up to
|
||
MaxRetransmit but no more than half the EchoInterval timer (see
|
||
Section 4.7.7). Response messages are not subject to these timers.
|
||
|
||
If the sender stops retransmitting a Request message before reaching
|
||
MaxRetransmit retransmissions (which leads to transition to DTLS
|
||
Teardown, as described in Section 2.3.1), it cannot know whether the
|
||
recipient received and processed the Request or not. In most
|
||
situations, the sender SHOULD NOT do this, and instead continue
|
||
retransmitting until a Response message is received, or transition to
|
||
DTLS Teardown occurs. However, if the sender does decide to continue
|
||
the connection with a new or modified Request message, the new
|
||
message MUST have a new sequence number, and be treated as a new
|
||
Request message by the receiver. Note that there is a high chance
|
||
that both the WTP and the AC's sequence numbers will become out of
|
||
sync.
|
||
|
||
When a Request message is retransmitted, it MUST be re-encrypted via
|
||
the DTLS stack. If the peer had received the Request message, and
|
||
the corresponding Response message was lost, it is necessary to
|
||
ensure that retransmitted Request messages are not identified as
|
||
replays by the DTLS stack. Similarly, any cached Response messages
|
||
that are retransmitted as a result of receiving a retransmitted
|
||
Request message MUST be re-encrypted via DTLS.
|
||
|
||
Duplicate Response messages, identified by the Sequence Number field
|
||
in the CAPWAP Control message header, SHOULD be discarded upon
|
||
receipt.
|
||
|
||
4.6. CAPWAP Protocol Message Elements
|
||
|
||
This section defines the CAPWAP Protocol message elements that are
|
||
included in CAPWAP protocol control messages.
|
||
|
||
Message elements are used to carry information needed in control
|
||
messages. Every message element is identified by the Type Value
|
||
field, defined below. The total length of the message elements is
|
||
indicated in the message element's length field.
|
||
|
||
All of the message element definitions in this document use a diagram
|
||
similar to the one below in order to depict its format. Note that to
|
||
simplify this specification, these diagrams do not include the header
|
||
fields (Type and Length). The header field values are defined in the
|
||
message element descriptions.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 58]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
Unless otherwise specified, a control message that lists a set of
|
||
supported (or expected) message elements MUST NOT expect the message
|
||
elements to be in any specific order. The sender MAY include the
|
||
message elements in any order. Unless otherwise noted, one message
|
||
element of each type is present in a given control message.
|
||
|
||
Unless otherwise specified, any configuration information sent by the
|
||
AC to the WTP MAY be saved to non-volatile storage (see Section 8.1)
|
||
for more information).
|
||
|
||
Additional message elements may be defined in separate IETF
|
||
documents.
|
||
|
||
The format of a message element uses the TLV format shown here:
|
||
|
||
0 1 2 3
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Type | Length |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Value ... |
|
||
+-+-+-+-+-+-+-+-+
|
||
|
||
The 16-bit Type field identifies the information carried in the Value
|
||
field and Length (16 bits) indicates the number of bytes in the Value
|
||
field. The value of zero (0) is reserved and MUST NOT be used. The
|
||
rest of the Type field values are allocated as follows:
|
||
|
||
Usage Type Values
|
||
|
||
CAPWAP Protocol Message Elements 1 - 1023
|
||
IEEE 802.11 Message Elements 1024 - 2047
|
||
Reserved for Future Use 2048 - 3071
|
||
EPCGlobal Message Elements 3072 - 4095
|
||
Reserved for Future Use 4096 - 65535
|
||
|
||
The table below lists the CAPWAP protocol Message Elements and their
|
||
Type values.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 59]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
CAPWAP Message Element Type Value
|
||
|
||
AC Descriptor 1
|
||
AC IPv4 List 2
|
||
AC IPv6 List 3
|
||
AC Name 4
|
||
AC Name with Priority 5
|
||
AC Timestamp 6
|
||
Add MAC ACL Entry 7
|
||
Add Station 8
|
||
Reserved 9
|
||
CAPWAP Control IPV4 Address 10
|
||
CAPWAP Control IPV6 Address 11
|
||
CAPWAP Local IPV4 Address 30
|
||
CAPWAP Local IPV6 Address 50
|
||
CAPWAP Timers 12
|
||
CAPWAP Transport Protocol 51
|
||
Data Transfer Data 13
|
||
Data Transfer Mode 14
|
||
Decryption Error Report 15
|
||
Decryption Error Report Period 16
|
||
Delete MAC ACL Entry 17
|
||
Delete Station 18
|
||
Reserved 19
|
||
Discovery Type 20
|
||
Duplicate IPv4 Address 21
|
||
Duplicate IPv6 Address 22
|
||
ECN Support 53
|
||
Idle Timeout 23
|
||
Image Data 24
|
||
Image Identifier 25
|
||
Image Information 26
|
||
Initiate Download 27
|
||
Location Data 28
|
||
Maximum Message Length 29
|
||
MTU Discovery Padding 52
|
||
Radio Administrative State 31
|
||
Radio Operational State 32
|
||
Result Code 33
|
||
Returned Message Element 34
|
||
Session ID 35
|
||
Statistics Timer 36
|
||
Vendor Specific Payload 37
|
||
WTP Board Data 38
|
||
WTP Descriptor 39
|
||
WTP Fallback 40
|
||
WTP Frame Tunnel Mode 41
|
||
Reserved 42
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 60]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
Reserved 43
|
||
WTP MAC Type 44
|
||
WTP Name 45
|
||
Unused/Reserved 46
|
||
WTP Radio Statistics 47
|
||
WTP Reboot Statistics 48
|
||
WTP Static IP Address Information 49
|
||
|
||
4.6.1. AC Descriptor
|
||
|
||
The AC Descriptor message element is used by the AC to communicate
|
||
its current state. The value contains the following fields.
|
||
|
||
0 1 2 3
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Stations | Limit |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Active WTPs | Max WTPs |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Security | R-MAC Field | Reserved1 | DTLS Policy |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| AC Information Sub-Element...
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
Type: 1 for AC Descriptor
|
||
|
||
Length: >= 12
|
||
|
||
Stations: The number of stations currently served by the AC
|
||
|
||
Limit: The maximum number of stations supported by the AC
|
||
|
||
Active WTPs: The number of WTPs currently attached to the AC
|
||
|
||
Max WTPs: The maximum number of WTPs supported by the AC
|
||
|
||
Security: An 8-bit mask specifying the authentication credential
|
||
type supported by the AC (see Section 2.4.4). The field has the
|
||
following format:
|
||
|
||
0 1 2 3 4 5 6 7
|
||
+-+-+-+-+-+-+-+-+
|
||
|Reserved |S|X|R|
|
||
+-+-+-+-+-+-+-+-+
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 61]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
Reserved: A set of reserved bits for future use. All
|
||
implementations complying with this protocol MUST set to zero
|
||
any bits that are reserved in the version of the protocol
|
||
supported by that implementation. Receivers MUST ignore all
|
||
bits not defined for the version of the protocol they support.
|
||
|
||
S: The AC supports the pre-shared secret authentication, as
|
||
described in Section 12.6.
|
||
|
||
X: The AC supports X.509 Certificate authentication, as
|
||
described in Section 12.7.
|
||
|
||
R: A reserved bit for future use. All implementations
|
||
complying with this protocol MUST set to zero any bits that
|
||
are reserved in the version of the protocol supported by
|
||
that implementation. Receivers MUST ignore all bits not
|
||
defined for the version of the protocol they support.
|
||
|
||
R-MAC Field: The AC supports the optional Radio MAC Address field
|
||
in the CAPWAP transport header (see Section 4.3). The following
|
||
enumerated values are supported:
|
||
|
||
0 - Reserved
|
||
|
||
1 - Supported
|
||
|
||
2 - Not Supported
|
||
|
||
Reserved: A set of reserved bits for future use. All
|
||
implementations complying with this protocol MUST set to zero any
|
||
bits that are reserved in the version of the protocol supported by
|
||
that implementation. Receivers MUST ignore all bits not defined
|
||
for the version of the protocol they support.
|
||
|
||
DTLS Policy: The AC communicates its policy on the use of DTLS for
|
||
the CAPWAP data channel. The AC MAY communicate more than one
|
||
supported option, represented by the bit field below. The WTP
|
||
MUST abide by one of the options communicated by AC. The field
|
||
has the following format:
|
||
|
||
0 1 2 3 4 5 6 7
|
||
+-+-+-+-+-+-+-+-+
|
||
|Reserved |D|C|R|
|
||
+-+-+-+-+-+-+-+-+
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 62]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
Reserved: A set of reserved bits for future use. All
|
||
implementations complying with this protocol MUST set to zero
|
||
any bits that are reserved in the version of the protocol
|
||
supported by that implementation. Receivers MUST ignore all
|
||
bits not defined for the version of the protocol they support.
|
||
|
||
D: DTLS-Enabled Data Channel Supported
|
||
|
||
C: Clear Text Data Channel Supported
|
||
|
||
R: A reserved bit for future use. All implementations
|
||
complying with this protocol MUST set to zero any bits that
|
||
are reserved in the version of the protocol supported by
|
||
that implementation. Receivers MUST ignore all bits not
|
||
defined for the version of the protocol they support.
|
||
|
||
AC Information Sub-Element: The AC Descriptor message element
|
||
contains multiple AC Information sub-elements, and defines two
|
||
sub-types, each of which MUST be present. The AC Information sub-
|
||
element has the following format:
|
||
|
||
0 1 2 3
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| AC Information Vendor Identifier |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| AC Information Type | AC Information Length |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| AC Information Data...
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
AC Information Vendor Identifier: A 32-bit value containing the
|
||
IANA-assigned "Structure of Management Information (SMI)
|
||
Network Management Private Enterprise Codes".
|
||
|
||
AC Information Type: Vendor-specific encoding of AC information
|
||
in the UTF-8 format [RFC3629]. The following enumerated values
|
||
are supported. Both the Hardware and Software Version sub-
|
||
elements MUST be included in the AC Descriptor message element.
|
||
The values listed below are used in conjunction with the AC
|
||
Information Vendor Identifier field, whose value MUST be set to
|
||
zero (0). This field, combined with the AC Information Vendor
|
||
Identifier set to a non-zero (0) value, allows vendors to use a
|
||
private namespace.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 63]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
4 - Hardware Version: The AC's hardware version number.
|
||
|
||
5 - Software Version: The AC's Software (firmware) version
|
||
number.
|
||
|
||
AC Information Length: Length of vendor-specific encoding of AC
|
||
information, with a maximum size of 1024.
|
||
|
||
AC Information Data: Vendor-specific encoding of AC information.
|
||
|
||
4.6.2. AC IPv4 List
|
||
|
||
The AC IPv4 List message element is used to configure a WTP with the
|
||
latest list of ACs available for the WTP to join.
|
||
|
||
|
||
0 1 2 3
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| AC IP Address[] |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
Type: 2 for AC IPv4 List
|
||
|
||
Length: >= 4
|
||
|
||
AC IP Address: An array of 32-bit integers containing AC IPv4
|
||
Addresses, containing no more than 1024 addresses.
|
||
|
||
4.6.3. AC IPv6 List
|
||
|
||
The AC IPv6 List message element is used to configure a WTP with the
|
||
latest list of ACs available for the WTP to join.
|
||
|
||
|
||
0 1 2 3
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| AC IP Address[] |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| AC IP Address[] |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| AC IP Address[] |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| AC IP Address[] |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 64]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
Type: 3 for AC IPV6 List
|
||
|
||
Length: >= 16
|
||
|
||
AC IP Address: An array of 128-bit integers containing AC IPv6
|
||
Addresses, containing no more than 1024 addresses.
|
||
|
||
4.6.4. AC Name
|
||
|
||
The AC Name message element contains an UTF-8 [RFC3629]
|
||
representation of the AC identity. The value is a variable-length
|
||
byte string. The string is NOT zero terminated.
|
||
|
||
0
|
||
0 1 2 3 4 5 6 7
|
||
+-+-+-+-+-+-+-+-+
|
||
| Name ...
|
||
+-+-+-+-+-+-+-+-+
|
||
|
||
Type: 4 for AC Name
|
||
|
||
Length: >= 1
|
||
|
||
Name: A variable-length UTF-8 encoded string [RFC3629] containing
|
||
the AC's name, whose maximum size MUST NOT exceed 512 bytes.
|
||
|
||
4.6.5. AC Name with Priority
|
||
|
||
The AC Name with Priority message element is sent by the AC to the
|
||
WTP to configure preferred ACs. The number of instances of this
|
||
message element is equal to the number of ACs configured on the WTP.
|
||
The WTP also uses this message element to send its configuration to
|
||
the AC.
|
||
|
||
0 1
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Priority | AC Name...
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
Type: 5 for AC Name with Priority
|
||
|
||
Length: >= 2
|
||
|
||
Priority: A value between 1 and 255 specifying the priority order
|
||
of the preferred AC. For instance, the value of one (1) is used
|
||
to set the primary AC, the value of two (2) is used to set the
|
||
secondary, etc.
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 65]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
AC Name: A variable-length UTF-8 encoded string [RFC3629]
|
||
containing the AC name, whose maximum size MUST NOT exceed 512
|
||
bytes.
|
||
|
||
4.6.6. AC Timestamp
|
||
|
||
The AC Timestamp message element is sent by the AC to synchronize the
|
||
WTP clock.
|
||
|
||
0 1 2 3
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Timestamp |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
Type: 6 for AC Timestamp
|
||
|
||
Length: 4
|
||
|
||
Timestamp: The AC's current time, allowing all of the WTPs to be
|
||
time synchronized in the format defined by Network Time Protocol
|
||
(NTP) in RFC 1305 [RFC1305]. Only the most significant 32 bits of
|
||
the NTP time are included in this field.
|
||
|
||
4.6.7. Add MAC ACL Entry
|
||
|
||
The Add MAC Access Control List (ACL) Entry message element is used
|
||
by an AC to add a MAC ACL list entry on a WTP, ensuring that the WTP
|
||
no longer provides service to the MAC addresses provided in the
|
||
message. The MAC addresses provided in this message element are not
|
||
expected to be saved in non-volatile memory on the WTP. The MAC ACL
|
||
table on the WTP is cleared every time the WTP establishes a new
|
||
session with an AC.
|
||
|
||
0 1 2 3
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Num of Entries| Length | MAC Address ...
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
Type: 7 for Add MAC ACL Entry
|
||
|
||
Length: >= 8
|
||
|
||
Num of Entries: The number of instances of the Length/MAC Address
|
||
fields in the array. This value MUST NOT exceed 255.
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 66]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
Length: The length of the MAC Address field. The formats and
|
||
lengths specified in [EUI-48] and [EUI-64] are supported.
|
||
|
||
MAC Address: MAC addresses to add to the ACL.
|
||
|
||
4.6.8. Add Station
|
||
|
||
The Add Station message element is used by the AC to inform a WTP
|
||
that it should forward traffic for a station. The Add Station
|
||
message element is accompanied by technology-specific binding
|
||
information element(s), which may include security parameters.
|
||
Consequently, the security parameters MUST be applied by the WTP for
|
||
the station.
|
||
|
||
After station policy has been delivered to the WTP through the Add
|
||
Station message element, an AC MAY change any policies by sending a
|
||
modified Add Station message element. When a WTP receives an Add
|
||
Station message element for an existing station, it MUST override any
|
||
existing state for the station.
|
||
|
||
0 1 2 3
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Radio ID | Length | MAC Address ...
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| VLAN Name...
|
||
+-+-+-+-+-+-+-+-+
|
||
|
||
Type: 8 for Add Station
|
||
|
||
Length: >= 8
|
||
|
||
Radio ID: An 8-bit value representing the radio, whose value is
|
||
between one (1) and 31.
|
||
|
||
Length: The length of the MAC Address field. The formats and
|
||
lengths specified in [EUI-48] and [EUI-64] are supported.
|
||
|
||
MAC Address: The station's MAC address.
|
||
|
||
VLAN Name: An optional variable-length UTF-8 encoded string
|
||
[RFC3629], with a maximum length of 512 octets, containing the
|
||
VLAN Name on which the WTP is to locally bridge user data. Note
|
||
this field is only valid with WTPs configured in Local MAC mode.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 67]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
4.6.9. CAPWAP Control IPv4 Address
|
||
|
||
The CAPWAP Control IPv4 Address message element is sent by the AC to
|
||
the WTP during the Discovery process and is used by the AC to provide
|
||
the interfaces available on the AC, and the current number of WTPs
|
||
connected. When multiple CAPWAP Control IPV4 Address message
|
||
elements are returned, the WTP SHOULD perform load balancing across
|
||
the multiple interfaces (see Section 6.1).
|
||
|
||
0 1 2 3
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| IP Address |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| WTP Count |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
Type: 10 for CAPWAP Control IPv4 Address
|
||
|
||
Length: 6
|
||
|
||
IP Address: The IP address of an interface.
|
||
|
||
WTP Count: The number of WTPs currently connected to the interface,
|
||
with a maximum value of 65535.
|
||
|
||
4.6.10. CAPWAP Control IPv6 Address
|
||
|
||
The CAPWAP Control IPv6 Address message element is sent by the AC to
|
||
the WTP during the Discovery process and is used by the AC to provide
|
||
the interfaces available on the AC, and the current number of WTPs
|
||
connected. This message element is useful for the WTP to perform
|
||
load balancing across multiple interfaces (see Section 6.1).
|
||
|
||
0 1 2 3
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| IP Address |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| IP Address |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| IP Address |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| IP Address |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| WTP Count |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 68]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
Type: 11 for CAPWAP Control IPv6 Address
|
||
|
||
Length: 18
|
||
|
||
IP Address: The IP address of an interface.
|
||
|
||
WTP Count: The number of WTPs currently connected to the interface,
|
||
with a maximum value of 65535.
|
||
|
||
4.6.11. CAPWAP Local IPv4 Address
|
||
|
||
The CAPWAP Local IPv4 Address message element is sent by either the
|
||
WTP, in the Join Request, or by the AC, in the Join Response. The
|
||
CAPWAP Local IPv4 Address message element is used to communicate the
|
||
IP Address of the transmitter. The receiver uses this to determine
|
||
whether a middlebox exists between the two peers, by comparing the
|
||
source IP address of the packet against the value of the message
|
||
element.
|
||
|
||
0 1 2 3
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| IP Address |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
Type: 30 for CAPWAP Local IPv4 Address
|
||
|
||
Length: 4
|
||
|
||
IP Address: The IP address of the sender.
|
||
|
||
4.6.12. CAPWAP Local IPv6 Address
|
||
|
||
The CAPWAP Local IPv6 Address message element is sent by either the
|
||
WTP, in the Join Request, or by the AC, in the Join Response. The
|
||
CAPWAP Local IPv6 Address message element is used to communicate the
|
||
IP Address of the transmitter. The receiver uses this to determine
|
||
whether a middlebox exists between the two peers, by comparing the
|
||
source IP address of the packet against the value of the message
|
||
element.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 69]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
0 1 2 3
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| IP Address |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| IP Address |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| IP Address |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| IP Address |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
Type: 50 for CAPWAP Local IPv6 Address
|
||
|
||
Length: 16
|
||
|
||
IP Address: The IP address of the sender.
|
||
|
||
4.6.13. CAPWAP Timers
|
||
|
||
The CAPWAP Timers message element is used by an AC to configure
|
||
CAPWAP timers on a WTP.
|
||
|
||
0 1
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Discovery | Echo Request |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
Type: 12 for CAPWAP Timers
|
||
|
||
Length: 2
|
||
|
||
Discovery: The number of seconds between CAPWAP Discovery messages,
|
||
when the WTP is in the Discovery phase. This value is used to
|
||
configure the MaxDiscoveryInterval timer (see Section 4.7.10).
|
||
|
||
Echo Request: The number of seconds between WTP Echo Request CAPWAP
|
||
messages. This value is used to configure the EchoInterval timer
|
||
(see Section 4.7.7). The AC sets its EchoInterval timer to this
|
||
value, plus the maximum retransmission time as described in
|
||
Section 4.5.3.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 70]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
4.6.14. CAPWAP Transport Protocol
|
||
|
||
When CAPWAP is run over IPv6, the UDP-Lite or UDP transports MAY be
|
||
used (see Section 3). The CAPWAP IPv6 Transport Protocol message
|
||
element is used by either the WTP or the AC to signal which transport
|
||
protocol is to be used for the CAPWAP data channel.
|
||
|
||
Upon receiving the Join Request, the AC MAY set the CAPWAP Transport
|
||
Protocol to UDP-Lite in the Join Response message if the CAPWAP
|
||
message was received over IPv6, and the CAPWAP Local IPv6 Address
|
||
message element (see Section 4.6.12) is present and no middlebox was
|
||
detected (see Section 11).
|
||
|
||
Upon receiving the Join Response, the WTP MAY set the CAPWAP
|
||
Transport Protocol to UDP-Lite in the Configuration Status Request or
|
||
Image Data Request message if the AC advertised support for UDP-Lite,
|
||
the message was received over IPv6, the CAPWAP Local IPv6 Address
|
||
message element (see Section 4.6.12) and no middlebox was detected
|
||
(see Section 11). Upon receiving either the Configuration Status
|
||
Request or the Image Data Request, the AC MUST observe the preference
|
||
indicated by the WTP in the CAPWAP Transport Protocol, as long as it
|
||
is consistent with what the AC advertised in the Join Response.
|
||
|
||
For any other condition, the CAPWAP Transport Protocol MUST be set to
|
||
UDP.
|
||
|
||
0
|
||
0 1 2 3 4 5 6 7
|
||
+-+-+-+-+-+-+-+-+
|
||
| Transport |
|
||
+-+-+-+-+-+-+-+-+
|
||
|
||
Type: 51 for CAPWAP Transport Protocol
|
||
|
||
Length: 1
|
||
|
||
Transport: The transport to use for the CAPWAP Data channel. The
|
||
following enumerated values are supported:
|
||
|
||
1 - UDP-Lite: The UDP-Lite transport protocol is to be used for
|
||
the CAPWAP Data channel. Note that this option MUST NOT be
|
||
used if the CAPWAP Control channel is being used over IPv4.
|
||
|
||
2 - UDP: The UDP transport protocol is to be used for the CAPWAP
|
||
Data channel.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 71]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
4.6.15. Data Transfer Data
|
||
|
||
The Data Transfer Data message element is used by the WTP to provide
|
||
information to the AC for debugging purposes.
|
||
|
||
0 1 2 3
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Data Type | Data Mode | Data Length |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Data ....
|
||
+-+-+-+-+-+-+-+-+
|
||
|
||
Type: 13 for Data Transfer Data
|
||
|
||
Length: >= 5
|
||
|
||
Data Type: An 8-bit value representing the transfer Data Type. The
|
||
following enumerated values are supported:
|
||
|
||
1 - Transfer data is included.
|
||
|
||
2 - Last Transfer Data Block is included (End of File (EOF)).
|
||
|
||
5 - An error occurred. Transfer is aborted.
|
||
|
||
Data Mode: An 8-bit value describing the type of information being
|
||
transmitted. The following enumerated values are supported:
|
||
|
||
0 - Reserved
|
||
|
||
1 - WTP Crash Data
|
||
|
||
2 - WTP Memory Dump
|
||
|
||
Data Length: Length of data field, with a maximum size of 65535.
|
||
|
||
Data: Data being transferred from the WTP to the AC, whose type is
|
||
identified via the Data Mode field.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 72]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
4.6.16. Data Transfer Mode
|
||
|
||
The Data Transfer Mode message element is used by the WTP to indicate
|
||
the type of data transfer information it is sending to the AC for
|
||
debugging purposes.
|
||
|
||
0
|
||
0 1 2 3 4 5 6 7
|
||
+-+-+-+-+-+-+-+-+
|
||
| Data Mode |
|
||
+-+-+-+-+-+-+-+-+
|
||
|
||
Type: 14 for Data Transfer Mode
|
||
|
||
Length: 1
|
||
|
||
Data Mode: An 8-bit value describing the type of information being
|
||
requested. The following enumerated values are supported:
|
||
|
||
0 - Reserved
|
||
|
||
1 - WTP Crash Data
|
||
|
||
2 - WTP Memory Dump
|
||
|
||
4.6.17. Decryption Error Report
|
||
|
||
The Decryption Error Report message element value is used by the WTP
|
||
to inform the AC of decryption errors that have occurred since the
|
||
last report. Note that this error reporting mechanism is not used if
|
||
encryption and decryption services are provided in the AC.
|
||
|
||
0 1 2
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Radio ID |Num Of Entries | Length | MAC Address...
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
Type: 15 for Decryption Error Report
|
||
|
||
Length: >= 9
|
||
|
||
Radio ID: The Radio Identifier refers to an interface index on the
|
||
WTP, whose value is between one (1) and 31.
|
||
|
||
Num of Entries: The number of instances of the Length/MAC Address
|
||
fields in the array. This field MUST NOT exceed the value of 255.
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 73]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
Length: The length of the MAC Address field. The formats and
|
||
lengths specified in [EUI-48] and [EUI-64] are supported.
|
||
|
||
MAC Address: MAC address of the station that has caused decryption
|
||
errors.
|
||
|
||
4.6.18. Decryption Error Report Period
|
||
|
||
The Decryption Error Report Period message element value is used by
|
||
the AC to inform the WTP how frequently it should send decryption
|
||
error report messages. Note that this error reporting mechanism is
|
||
not used if encryption and decryption services are provided in the
|
||
AC.
|
||
|
||
0 1 2
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Radio ID | Report Interval |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
Type: 16 for Decryption Error Report Period
|
||
|
||
Length: 3
|
||
|
||
Radio ID: The Radio Identifier refers to an interface index on the
|
||
WTP, whose value is between one (1) and 31.
|
||
|
||
Report Interval: A 16-bit unsigned integer indicating the time, in
|
||
seconds. The default value for this message element can be found
|
||
in Section 4.7.11.
|
||
|
||
4.6.19. Delete MAC ACL Entry
|
||
|
||
The Delete MAC ACL Entry message element is used by an AC to delete a
|
||
MAC ACL entry on a WTP, ensuring that the WTP provides service to the
|
||
MAC addresses provided in the message.
|
||
|
||
0 1 2 3
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Num of Entries| Length | MAC Address ...
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
Type: 17 for Delete MAC ACL Entry
|
||
|
||
Length: >= 8
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 74]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
Num of Entries: The number of instances of the Length/MAC Address
|
||
fields in the array. This field MUST NOT exceed the value of 255.
|
||
|
||
Length: The length of the MAC Address field. The formats and
|
||
lengths specified in [EUI-48] and [EUI-64] are supported.
|
||
|
||
MAC Address: An array of MAC addresses to delete from the ACL.
|
||
|
||
4.6.20. Delete Station
|
||
|
||
The Delete Station message element is used by the AC to inform a WTP
|
||
that it should no longer provide service to a particular station.
|
||
The WTP MUST terminate service to the station immediately upon
|
||
receiving this message element.
|
||
|
||
The transmission of a Delete Station message element could occur for
|
||
various reasons, including for administrative reasons, or if the
|
||
station has roamed to another WTP.
|
||
|
||
The Delete Station message element MAY be sent by the WTP, in the WTP
|
||
Event Request message, to inform the AC that a particular station is
|
||
no longer being provided service. This could occur as a result of an
|
||
Idle Timeout (see section 4.4.43), due to internal resource shortages
|
||
or for some other reason.
|
||
|
||
0 1 2 3
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Radio ID | Length | MAC Address...
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
Type: 18 for Delete Station
|
||
|
||
Length: >= 8
|
||
|
||
Radio ID: An 8-bit value representing the radio, whose value is
|
||
between one (1) and 31.
|
||
|
||
Length: The length of the MAC Address field. The formats and
|
||
lengths specified in [EUI-48] and [EUI-64] are supported.
|
||
|
||
MAC Address: The station's MAC address.
|
||
|
||
4.6.21. Discovery Type
|
||
|
||
The Discovery Type message element is used by the WTP to indicate how
|
||
it has come to know about the existence of the AC to which it is
|
||
sending the Discovery Request message.
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 75]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
0
|
||
0 1 2 3 4 5 6 7
|
||
+-+-+-+-+-+-+-+-+
|
||
| Discovery Type|
|
||
+-+-+-+-+-+-+-+-+
|
||
|
||
Type: 20 for Discovery Type
|
||
|
||
Length: 1
|
||
|
||
Discovery Type: An 8-bit value indicating how the WTP discovered
|
||
the AC. The following enumerated values are supported:
|
||
|
||
0 - Unknown
|
||
|
||
1 - Static Configuration
|
||
|
||
2 - DHCP
|
||
|
||
3 - DNS
|
||
|
||
4 - AC Referral (used when the AC was configured either through
|
||
the AC IPv4 List or AC IPv6 List message element)
|
||
|
||
4.6.22. Duplicate IPv4 Address
|
||
|
||
The Duplicate IPv4 Address message element is used by a WTP to inform
|
||
an AC that it has detected another IP device using the same IP
|
||
address that the WTP is currently using.
|
||
|
||
The WTP MUST transmit this message element with the status set to 1
|
||
after it has detected a duplicate IP address. When the WTP detects
|
||
that the duplicate IP address has been cleared, it MUST send this
|
||
message element with the status set to 0.
|
||
|
||
0 1 2 3
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| IP Address |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Status | Length | MAC Address ...
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
Type: 21 for Duplicate IPv4 Address
|
||
|
||
Length: >= 12
|
||
|
||
IP Address: The IP address currently used by the WTP.
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 76]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
Status: The status of the duplicate IP address. The value MUST be
|
||
set to 1 when a duplicate address is detected, and 0 when the
|
||
duplicate address has been cleared.
|
||
|
||
Length: The length of the MAC Address field. The formats and
|
||
lengths specified in [EUI-48] and [EUI-64] are supported.
|
||
|
||
MAC Address: The MAC address of the offending device.
|
||
|
||
4.6.23. Duplicate IPv6 Address
|
||
|
||
The Duplicate IPv6 Address message element is used by a WTP to inform
|
||
an AC that it has detected another host using the same IP address
|
||
that the WTP is currently using.
|
||
|
||
The WTP MUST transmit this message element with the status set to 1
|
||
after it has detected a duplicate IP address. When the WTP detects
|
||
that the duplicate IP address has been cleared, it MUST send this
|
||
message element with the status set to 0.
|
||
|
||
0 1 2 3
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| IP Address |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| IP Address |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| IP Address |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| IP Address |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Status | Length | MAC Address ...
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
Type: 22 for Duplicate IPv6 Address
|
||
|
||
Length: >= 24
|
||
|
||
IP Address: The IP address currently used by the WTP.
|
||
|
||
Status: The status of the duplicate IP address. The value MUST be
|
||
set to 1 when a duplicate address is detected, and 0 when the
|
||
duplicate address has been cleared.
|
||
|
||
Length: The length of the MAC Address field. The formats and
|
||
lengths specified in [EUI-48] and [EUI-64] are supported.
|
||
|
||
MAC Address: The MAC address of the offending device.
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 77]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
4.6.24. Idle Timeout
|
||
|
||
The Idle Timeout message element is sent by the AC to the WTP to
|
||
provide the Idle Timeout value that the WTP SHOULD enforce for its
|
||
active stations. The value applies to all radios on the WTP.
|
||
|
||
0 1 2 3
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Timeout |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
Type: 23 for Idle Timeout
|
||
|
||
Length: 4
|
||
|
||
Timeout: The current Idle Timeout, in seconds, to be enforced by
|
||
the WTP. The default value for this message element is specified
|
||
in Section 4.7.8.
|
||
|
||
4.6.25. ECN Support
|
||
|
||
The ECN Support message element is sent by both the WTP and the AC to
|
||
indicate their support for the Explicit Congestion Notification (ECN)
|
||
bits, as defined in [RFC3168].
|
||
|
||
0
|
||
0 1 2 3 4 5 6 7
|
||
+-+-+-+-+-+-+-+-+
|
||
| ECN Support |
|
||
+-+-+-+-+-+-+-+-+
|
||
|
||
Type: 53 for ECN Support
|
||
|
||
Length: 1
|
||
|
||
ECN Support: An 8-bit value representing the sender's support for
|
||
ECN, as defined in [RFC3168]. All CAPWAP Implementations MUST
|
||
support the Limited ECN Support mode. Full ECN Support is used if
|
||
both the WTP and AC advertise the capability for "Full and Limited
|
||
ECN" Support; otherwise, Limited ECN Support is used.
|
||
|
||
0 - Limited ECN Support
|
||
|
||
1 - Full and Limited ECN Support
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 78]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
4.6.26. Image Data
|
||
|
||
The Image Data message element is present in the Image Data Request
|
||
message sent by the AC and contains the following fields.
|
||
|
||
0 1 2 3
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Data Type | Data ....
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
Type: 24 for Image Data
|
||
|
||
Length: >= 1
|
||
|
||
Data Type: An 8-bit value representing the image Data Type. The
|
||
following enumerated values are supported:
|
||
|
||
1 - Image data is included.
|
||
|
||
2 - Last Image Data Block is included (EOF).
|
||
|
||
5 - An error occurred. Transfer is aborted.
|
||
|
||
Data: The Image Data field contains up to 1024 characters, and its
|
||
length is inferred from this message element's length field. If
|
||
the block being sent is the last one, the Data Type field is set
|
||
to 2. The AC MAY opt to abort the data transfer by setting the
|
||
Data Type field to 5. When the Data Type field is 5, the Value
|
||
field has a zero length.
|
||
|
||
4.6.27. Image Identifier
|
||
|
||
The Image Identifier message element is sent by the AC to the WTP to
|
||
indicate the expected active software version that is to be run on
|
||
the WTP. The WTP sends the Image Identifier message element in order
|
||
to request a specific software version from the AC. The actual
|
||
download process is defined in Section 9.1. The value is a variable-
|
||
length UTF-8 encoded string [RFC3629], which is NOT zero terminated.
|
||
|
||
0 1 2 3
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Vendor Identifier |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Data...
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 79]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
Type: 25 for Image Identifier
|
||
|
||
Length: >= 5
|
||
|
||
Vendor Identifier: A 32-bit value containing the IANA-assigned "SMI
|
||
Network Management Private Enterprise Codes".
|
||
|
||
Data: A variable-length UTF-8 encoded string [RFC3629] containing
|
||
the firmware identifier to be run on the WTP, whose length MUST
|
||
NOT exceed 1024 octets. The length of this field is inferred from
|
||
this message element's length field.
|
||
|
||
4.6.28. Image Information
|
||
|
||
The Image Information message element is present in the Image Data
|
||
Response message sent by the AC to the WTP and contains the following
|
||
fields.
|
||
|
||
0 1 2 3
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| File Size |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Hash |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Hash |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Hash |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Hash |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
Type: 26 for Image Information
|
||
|
||
Length: 20
|
||
|
||
File Size: A 32-bit value containing the size of the file, in
|
||
bytes, that will be transferred by the AC to the WTP.
|
||
|
||
Hash: A 16-octet MD5 hash of the image using the procedures defined
|
||
in [RFC1321].
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 80]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
4.6.29. Initiate Download
|
||
|
||
The Initiate Download message element is used by the WTP to inform
|
||
the AC that the AC SHOULD initiate a firmware upgrade. The AC
|
||
subsequently transmits an Image Data Request message, which includes
|
||
the Image Data message element. This message element does not
|
||
contain any data.
|
||
|
||
Type: 27 for Initiate Download
|
||
|
||
Length: 0
|
||
|
||
4.6.30. Location Data
|
||
|
||
The Location Data message element is a variable-length byte UTF-8
|
||
encoded string [RFC3629] containing user-defined location information
|
||
(e.g., "Next to Fridge"). This information is configurable by the
|
||
network administrator, and allows the WTP location to be determined.
|
||
The string is not zero terminated.
|
||
|
||
0
|
||
0 1 2 3 4 5 6 7
|
||
+-+-+-+-+-+-+-+-+-
|
||
| Location ...
|
||
+-+-+-+-+-+-+-+-+-
|
||
|
||
Type: 28 for Location Data
|
||
|
||
Length: >= 1
|
||
|
||
Location: A non-zero-terminated UTF-8 encoded string [RFC3629]
|
||
containing the WTP location, whose maximum size MUST NOT exceed
|
||
1024.
|
||
|
||
4.6.31. Maximum Message Length
|
||
|
||
The Maximum Message Length message element is included in the Join
|
||
Request message by the WTP to indicate the maximum CAPWAP message
|
||
length that it supports to the AC. The Maximum Message Length
|
||
message element is optionally included in Join Response message by
|
||
the AC to indicate the maximum CAPWAP message length that it supports
|
||
to the WTP.
|
||
|
||
0 1
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Maximum Message Length |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 81]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
Type: 29 for Maximum Message Length
|
||
|
||
Length: 2
|
||
|
||
Maximum Message Length A 16-bit unsigned integer indicating the
|
||
maximum message length.
|
||
|
||
4.6.32. MTU Discovery Padding
|
||
|
||
The MTU Discovery Padding message element is used as padding to
|
||
perform MTU discovery, and MUST contain octets of value 0xFF, of any
|
||
length.
|
||
|
||
0
|
||
0 1 2 3 4 5 6 7
|
||
+-+-+-+-+-+-+-+-+
|
||
| Padding...
|
||
+-+-+-+-+-+-+-+-
|
||
|
||
|
||
Type: 52 for MTU Discovery Padding
|
||
|
||
Length: Variable
|
||
|
||
Pad: A variable-length pad, filled with the value 0xFF.
|
||
|
||
4.6.33. Radio Administrative State
|
||
|
||
The Radio Administrative State message element is used to communicate
|
||
the state of a particular radio. The Radio Administrative State
|
||
message element is sent by the AC to change the state of the WTP.
|
||
The WTP saves the value, to ensure that it remains across WTP resets.
|
||
The WTP communicates this message element during the configuration
|
||
phase, in the Configuration Status Request message, to ensure that
|
||
the AC has the WTP radio current administrative state settings. The
|
||
message element contains the following fields:
|
||
|
||
0 1
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Radio ID | Admin State |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
Type: 31 for Radio Administrative State
|
||
|
||
Length: 2
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 82]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
Radio ID: An 8-bit value representing the radio to configure, whose
|
||
value is between one (1) and 31. The Radio ID field MAY also
|
||
include the value of 0xff, which is used to identify the WTP. If
|
||
an AC wishes to change the administrative state of a WTP, it
|
||
includes 0xff in the Radio ID field.
|
||
|
||
Admin State: An 8-bit value representing the administrative state
|
||
of the radio. The default value for the Admin State field is
|
||
listed in Section 4.8.1. The following enumerated values are
|
||
supported:
|
||
|
||
0 - Reserved
|
||
|
||
1 - Enabled
|
||
|
||
2 - Disabled
|
||
|
||
4.6.34. Radio Operational State
|
||
|
||
The Radio Operational State message element is sent by the WTP to the
|
||
AC to communicate a radio's operational state. This message element
|
||
is included in the Configuration Update Response message by the WTP
|
||
if it was requested to change the state of its radio, via the Radio
|
||
Administrative State message element, but was unable to comply to the
|
||
request. This message element is included in the Change State Event
|
||
message when a WTP radio state was changed unexpectedly. This could
|
||
occur due to a hardware failure. Note that the operational state
|
||
setting is not saved on the WTP, and therefore does not remain across
|
||
WTP resets. The value contains three fields, as shown below.
|
||
|
||
0 1 2
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Radio ID | State | Cause |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
Type: 32 for Radio Operational State
|
||
|
||
Length: 3
|
||
|
||
Radio ID: The Radio Identifier refers to an interface index on the
|
||
WTP, whose value is between one (1) and 31. A value of 0xFF is
|
||
invalid, as it is not possible to change the WTP's operational
|
||
state.
|
||
|
||
State: An 8-bit Boolean value representing the state of the radio.
|
||
The following enumerated values are supported:
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 83]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
0 - Reserved
|
||
|
||
1 - Enabled
|
||
|
||
2 - Disabled
|
||
|
||
Cause: When a radio is inoperable, the cause field contains the
|
||
reason the radio is out of service. The following enumerated
|
||
values are supported:
|
||
|
||
0 - Normal
|
||
|
||
1 - Radio Failure
|
||
|
||
2 - Software Failure
|
||
|
||
3 - Administratively Set
|
||
|
||
4.6.35. Result Code
|
||
|
||
The Result Code message element value is a 32-bit integer value,
|
||
indicating the result of the Request message corresponding to the
|
||
sequence number included in the Response message.
|
||
|
||
0 1 2 3
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Result Code |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
Type: 33 for Result Code
|
||
|
||
Length: 4
|
||
|
||
Result Code: The following enumerated values are defined:
|
||
|
||
0 Success
|
||
|
||
1 Failure (AC List Message Element MUST Be Present)
|
||
|
||
2 Success (NAT Detected)
|
||
|
||
3 Join Failure (Unspecified)
|
||
|
||
4 Join Failure (Resource Depletion)
|
||
|
||
5 Join Failure (Unknown Source)
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 84]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
6 Join Failure (Incorrect Data)
|
||
|
||
7 Join Failure (Session ID Already in Use)
|
||
|
||
8 Join Failure (WTP Hardware Not Supported)
|
||
|
||
9 Join Failure (Binding Not Supported)
|
||
|
||
10 Reset Failure (Unable to Reset)
|
||
|
||
11 Reset Failure (Firmware Write Error)
|
||
|
||
12 Configuration Failure (Unable to Apply Requested Configuration
|
||
- Service Provided Anyhow)
|
||
|
||
13 Configuration Failure (Unable to Apply Requested Configuration
|
||
- Service Not Provided)
|
||
|
||
14 Image Data Error (Invalid Checksum)
|
||
|
||
15 Image Data Error (Invalid Data Length)
|
||
|
||
16 Image Data Error (Other Error)
|
||
|
||
17 Image Data Error (Image Already Present)
|
||
|
||
18 Message Unexpected (Invalid in Current State)
|
||
|
||
19 Message Unexpected (Unrecognized Request)
|
||
|
||
20 Failure - Missing Mandatory Message Element
|
||
|
||
21 Failure - Unrecognized Message Element
|
||
|
||
22 Data Transfer Error (No Information to Transfer)
|
||
|
||
4.6.36. Returned Message Element
|
||
|
||
The Returned Message Element is sent by the WTP in the Change State
|
||
Event Request message to communicate to the AC which message elements
|
||
in the Configuration Status Response it was unable to apply locally.
|
||
The Returned Message Element message element contains a result code
|
||
indicating the reason that the configuration could not be applied,
|
||
and encapsulates the failed message element.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 85]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
0 1 2 3
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Reason | Length | Message Element...
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
Type: 34 for Returned Message Element
|
||
|
||
Length: >= 6
|
||
|
||
Reason: The reason the configuration in the offending message
|
||
element could not be applied by the WTP. The following enumerated
|
||
values are supported:
|
||
|
||
0 - Reserved
|
||
|
||
1 - Unknown Message Element
|
||
|
||
2 - Unsupported Message Element
|
||
|
||
3 - Unknown Message Element Value
|
||
|
||
4 - Unsupported Message Element Value
|
||
|
||
Length: The length of the Message Element field, which MUST NOT
|
||
exceed 255 octets.
|
||
|
||
Message Element: The Message Element field encapsulates the message
|
||
element sent by the AC in the Configuration Status Response
|
||
message that caused the error.
|
||
|
||
4.6.37. Session ID
|
||
|
||
The Session ID message element value contains a randomly generated
|
||
unsigned 128-bit integer.
|
||
|
||
0 1 2 3
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Session ID |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Session ID |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Session ID |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Session ID |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 86]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
Type: 35 for Session ID
|
||
|
||
Length: 16
|
||
|
||
Session ID: A 128-bit unsigned integer used as a random session
|
||
identifier
|
||
|
||
4.6.38. Statistics Timer
|
||
|
||
The Statistics Timer message element value is used by the AC to
|
||
inform the WTP of the frequency with which it expects to receive
|
||
updated statistics.
|
||
|
||
0 1
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Statistics Timer |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
Type: 36 for Statistics Timer
|
||
|
||
Length: 2
|
||
|
||
Statistics Timer: A 16-bit unsigned integer indicating the time, in
|
||
seconds. The default value for this timer is specified in
|
||
Section 4.7.14.
|
||
|
||
4.6.39. Vendor Specific Payload
|
||
|
||
The Vendor Specific Payload message element is used to communicate
|
||
vendor-specific information between the WTP and the AC. The Vendor
|
||
Specific Payload message element MAY be present in any CAPWAP
|
||
message. The exchange of vendor-specific data between the MUST NOT
|
||
modify the behavior of the base CAPWAP protocol and state machine.
|
||
The message element uses the following format:
|
||
|
||
0 1 2 3
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Vendor Identifier |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Element ID | Data...
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
Type: 37 for Vendor Specific Payload
|
||
|
||
Length: >= 7
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 87]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
Vendor Identifier: A 32-bit value containing the IANA-assigned "SMI
|
||
Network Management Private Enterprise Codes" [RFC3232].
|
||
|
||
Element ID: A 16-bit Element Identifier that is managed by the
|
||
vendor.
|
||
|
||
Data: Variable-length vendor-specific information, whose contents
|
||
and format are proprietary and understood based on the Element ID
|
||
field. This field MUST NOT exceed 2048 octets.
|
||
|
||
4.6.40. WTP Board Data
|
||
|
||
The WTP Board Data message element is sent by the WTP to the AC and
|
||
contains information about the hardware present.
|
||
|
||
0 1 2 3
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Vendor Identifier |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Board Data Sub-Element...
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
Type: 38 for WTP Board Data
|
||
|
||
Length: >=14
|
||
|
||
Vendor Identifier: A 32-bit value containing the IANA-assigned "SMI
|
||
Network Management Private Enterprise Codes", identifying the WTP
|
||
hardware manufacturer. The Vendor Identifier field MUST NOT be
|
||
set to zero.
|
||
|
||
Board Data Sub-Element: The WTP Board Data message element contains
|
||
multiple Board Data sub-elements, some of which are mandatory and
|
||
some are optional, as described below. The Board Data Type values
|
||
are not extensible by vendors, and are therefore not coupled along
|
||
with the Vendor Identifier field. The Board Data sub-element has
|
||
the following format:
|
||
|
||
0 1 2 3
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Board Data Type | Board Data Length |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Board Data Value...
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 88]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
Board Data Type: The Board Data Type field identifies the data
|
||
being encoded. The CAPWAP protocol defines the following
|
||
values, and each of these types identify whether their presence
|
||
is mandatory or optional:
|
||
|
||
0 - WTP Model Number: The WTP Model Number MUST be included in
|
||
the WTP Board Data message element.
|
||
|
||
1 - WTP Serial Number: The WTP Serial Number MUST be included in
|
||
the WTP Board Data message element.
|
||
|
||
2 - Board ID: A hardware identifier, which MAY be included in
|
||
the WTP Board Data message element.
|
||
|
||
3 - Board Revision: A revision number of the board, which MAY be
|
||
included in the WTP Board Data message element.
|
||
|
||
4 - Base MAC Address: The WTP's Base MAC address, which MAY be
|
||
assigned to the primary Ethernet interface.
|
||
|
||
Board Data Length: The length of the data in the Board Data Value
|
||
field, whose length MUST NOT exceed 1024 octets.
|
||
|
||
Board Data Value: The data associated with the Board Data Type
|
||
field for this Board Data sub-element.
|
||
|
||
4.6.41. WTP Descriptor
|
||
|
||
The WTP Descriptor message element is used by a WTP to communicate
|
||
its current hardware and software (firmware) configuration. The
|
||
value contains the following fields:
|
||
|
||
0 1 2 3
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Max Radios | Radios in use | Num Encrypt |Encryp Sub-Elmt|
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Encryption Sub-Element | Descriptor Sub-Element...
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
Type: 39 for WTP Descriptor
|
||
|
||
Length: >= 33
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 89]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
Max Radios: An 8-bit value representing the number of radios (where
|
||
each radio is identified via the Radio ID field) supported by the
|
||
WTP.
|
||
|
||
Radios in use: An 8-bit value representing the number of radios in
|
||
use in the WTP.
|
||
|
||
Num Encrypt: The number of 3-byte Encryption sub-elements that
|
||
follow this field. The value of the Num Encrypt field MUST be
|
||
between one (1) and 255.
|
||
|
||
Encryption Sub-Element: The WTP Descriptor message element MUST
|
||
contain at least one Encryption sub-element. One sub-element is
|
||
present for each binding supported by the WTP. The Encryption
|
||
sub-element has the following format:
|
||
|
||
0 1 2
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|Resvd| WBID | Encryption Capabilities |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
Resvd: The 3-bit field is reserved for future use. All
|
||
implementations complying with this protocol MUST set to zero
|
||
any bits that are reserved in the version of the protocol
|
||
supported by that implementation. Receivers MUST ignore all
|
||
bits not defined for the version of the protocol they support.
|
||
|
||
WBID: A 5-bit field that is the wireless binding identifier.
|
||
The identifier will indicate the type of wireless packet
|
||
associated with the radio. The WBIDs defined in this
|
||
specification can be found in Section 4.3.
|
||
|
||
Encryption Capabilities: This 16-bit field is used by the WTP to
|
||
communicate its capabilities to the AC. A WTP that does not
|
||
have any encryption capabilities sets this field to zero (0).
|
||
Refer to the specific wireless binding for further
|
||
specification of the Encryption Capabilities field.
|
||
|
||
Descriptor Sub-Element: The WTP Descriptor message element contains
|
||
multiple Descriptor sub-elements, some of which are mandatory and
|
||
some are optional, as described below. The Descriptor sub-element
|
||
has the following format:
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 90]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
0 1 2 3
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Descriptor Vendor Identifier |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Descriptor Type | Descriptor Length |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Descriptor Data...
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
Descriptor Vendor Identifier: A 32-bit value containing the
|
||
IANA-assigned "SMI Network Management Private Enterprise
|
||
Codes".
|
||
|
||
Descriptor Type: The Descriptor Type field identifies the data
|
||
being encoded. The format of the data is vendor-specific
|
||
encoded in the UTF-8 format [RFC3629]. The CAPWAP protocol
|
||
defines the following values, and each of these types identify
|
||
whether their presence is mandatory or optional. The values
|
||
listed below are used in conjunction with the Descriptor Vendor
|
||
Identifier field, whose value MUST be set to zero (0). This
|
||
field, combined with the Descriptor Vendor Identifier set to a
|
||
non-zero (0) value, allows vendors to use a private namespace.
|
||
|
||
0 - Hardware Version: The WTP hardware version number MUST be
|
||
present.
|
||
|
||
1 - Active Software Version: The WTP running software version
|
||
number MUST be present.
|
||
|
||
2 - Boot Version: The WTP boot loader version number MUST be
|
||
present.
|
||
|
||
3 - Other Software Version: The WTP non-running software
|
||
(firmware) version number MAY be present. This type is
|
||
used to communicate alternate software versions that are
|
||
available on the WTP's non-volatile storage.
|
||
|
||
Descriptor Length: Length of the vendor-specific encoding of the
|
||
Descriptor Data field, whose length MUST NOT exceed 1024
|
||
octets.
|
||
|
||
Descriptor Data: Vendor-specific data of WTP information encoded
|
||
in the UTF-8 format [RFC3629].
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 91]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
4.6.42. WTP Fallback
|
||
|
||
The WTP Fallback message element is sent by the AC to the WTP to
|
||
enable or disable automatic CAPWAP fallback in the event that a WTP
|
||
detects its preferred AC to which it is not currently connected.
|
||
|
||
0
|
||
0 1 2 3 4 5 6 7
|
||
+-+-+-+-+-+-+-+-+
|
||
| Mode |
|
||
+-+-+-+-+-+-+-+-+
|
||
|
||
Type: 40 for WTP Fallback
|
||
|
||
Length: 1
|
||
|
||
Mode: The 8-bit value indicates the status of automatic CAPWAP
|
||
fallback on the WTP. When enabled, if the WTP detects that its
|
||
primary AC is available, and that the WTP is not connected to the
|
||
primary AC, the WTP SHOULD automatically disconnect from its
|
||
current AC and reconnect to its primary AC. If disabled, the WTP
|
||
will only reconnect to its primary AC through manual intervention
|
||
(e.g., through the Reset Request message). The default value for
|
||
this field is specified in Section 4.8.9. The following
|
||
enumerated values are supported:
|
||
|
||
0 - Reserved
|
||
|
||
1 - Enabled
|
||
|
||
2 - Disabled
|
||
|
||
4.6.43. WTP Frame Tunnel Mode
|
||
|
||
The WTP Frame Tunnel Mode message element allows the WTP to
|
||
communicate the tunneling modes of operation that it supports to the
|
||
AC. A WTP that advertises support for all types allows the AC to
|
||
select which type will be used, based on its local policy.
|
||
|
||
0
|
||
0 1 2 3 4 5 6 7
|
||
+-+-+-+-+-+-+-+-+
|
||
|Reservd|N|E|L|U|
|
||
+-+-+-+-+-+-+-+-+
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 92]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
Type: 41 for WTP Frame Tunnel Mode
|
||
|
||
Length: 1
|
||
|
||
Reservd: A set of reserved bits for future use. All
|
||
implementations complying with this protocol MUST set to zero any
|
||
bits that are reserved in the version of the protocol supported by
|
||
that implementation. Receivers MUST ignore all bits not defined
|
||
for the version of the protocol they support.
|
||
|
||
N: Native Frame Tunnel mode requires the WTP and AC to encapsulate
|
||
all user payloads as native wireless frames, as defined by the
|
||
wireless binding (see for example Section 4.4)
|
||
|
||
E: The 802.3 Frame Tunnel Mode requires the WTP and AC to
|
||
encapsulate all user payload as native IEEE 802.3 frames (see
|
||
Section 4.4). All user traffic is tunneled to the AC. This
|
||
value MUST NOT be used when the WTP MAC Type is set to Split
|
||
MAC.
|
||
|
||
L: When Local Bridging is used, the WTP does not tunnel user
|
||
traffic to the AC; all user traffic is locally bridged. This
|
||
value MUST NOT be used when the WTP MAC Type is set to Split
|
||
MAC.
|
||
|
||
R: A reserved bit for future use. All implementations complying
|
||
with this protocol MUST set to zero any bits that are reserved
|
||
in the version of the protocol supported by that
|
||
implementation. Receivers MUST ignore all bits not defined for
|
||
the version of the protocol they support.
|
||
|
||
4.6.44. WTP MAC Type
|
||
|
||
The WTP MAC-Type message element allows the WTP to communicate its
|
||
mode of operation to the AC. A WTP that advertises support for both
|
||
modes allows the AC to select the mode to use, based on local policy.
|
||
|
||
0
|
||
0 1 2 3 4 5 6 7
|
||
+-+-+-+-+-+-+-+-+
|
||
| MAC Type |
|
||
+-+-+-+-+-+-+-+-+
|
||
|
||
Type: 44 for WTP MAC Type
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 93]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
Length: 1
|
||
|
||
MAC Type: The MAC mode of operation supported by the WTP. The
|
||
following enumerated values are supported:
|
||
|
||
0 - Local MAC: Local MAC is the default mode that MUST be
|
||
supported by all WTPs. When tunneling is enabled (see
|
||
Section 4.6.43), the encapsulated frames MUST be in the
|
||
802.3 format (see Section 4.4.2), unless a wireless
|
||
management or control frame which MAY be in its native
|
||
format. Any CAPWAP binding needs to specify the format of
|
||
management and control wireless frames.
|
||
|
||
1 - Split MAC: Split MAC support is optional, and allows the AC
|
||
to receive and process native wireless frames.
|
||
|
||
2 - Both: WTP is capable of supporting both Local MAC and Split
|
||
MAC.
|
||
|
||
4.6.45. WTP Name
|
||
|
||
The WTP Name message element is a variable-length byte UTF-8 encoded
|
||
string [RFC3629]. The string is not zero terminated.
|
||
|
||
0
|
||
0 1 2 3 4 5 6 7
|
||
+-+-+-+-+-+-+-+-+-
|
||
| WTP Name ...
|
||
+-+-+-+-+-+-+-+-+-
|
||
|
||
Type: 45 for WTP Name
|
||
|
||
Length: >= 1
|
||
|
||
WTP Name: A non-zero-terminated UTF-8 encoded string [RFC3629]
|
||
containing the WTP name, whose maximum size MUST NOT exceed 512
|
||
bytes.
|
||
|
||
4.6.46. WTP Radio Statistics
|
||
|
||
The WTP Radio Statistics message element is sent by the WTP to the AC
|
||
to communicate statistics on radio behavior and reasons why the WTP
|
||
radio has been reset. These counters are never reset on the WTP, and
|
||
will therefore roll over to zero when the maximum size has been
|
||
reached.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 94]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
0 1 2 3
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Radio ID | Last Fail Type| Reset Count |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| SW Failure Count | HW Failure Count |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Other Failure Count | Unknown Failure Count |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Config Update Count | Channel Change Count |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Band Change Count | Current Noise Floor |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
Type: 47 for WTP Radio Statistics
|
||
|
||
Length: 20
|
||
|
||
Radio ID: The radio ID of the radio to which the statistics apply,
|
||
whose value is between one (1) and 31.
|
||
|
||
Last Failure Type: The last WTP failure. The following enumerated
|
||
values are supported:
|
||
|
||
0 - Statistic Not Supported
|
||
|
||
1 - Software Failure
|
||
|
||
2 - Hardware Failure
|
||
|
||
3 - Other Failure
|
||
|
||
255 - Unknown (e.g., WTP doesn't keep track of info)
|
||
|
||
Reset Count: The number of times that the radio has been reset.
|
||
|
||
SW Failure Count: The number of times that the radio has failed due
|
||
to software-related reasons.
|
||
|
||
HW Failure Count: The number of times that the radio has failed due
|
||
to hardware-related reasons.
|
||
|
||
Other Failure Count: The number of times that the radio has failed
|
||
due to known reasons, other than software or hardware failure.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 95]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
Unknown Failure Count: The number of times that the radio has
|
||
failed for unknown reasons.
|
||
|
||
Config Update Count: The number of times that the radio
|
||
configuration has been updated.
|
||
|
||
Channel Change Count: The number of times that the radio channel
|
||
has been changed.
|
||
|
||
Band Change Count: The number of times that the radio has changed
|
||
frequency bands.
|
||
|
||
Current Noise Floor: A signed integer that indicates the noise
|
||
floor of the radio receiver in units of dBm.
|
||
|
||
4.6.47. WTP Reboot Statistics
|
||
|
||
The WTP Reboot Statistics message element is sent by the WTP to the
|
||
AC to communicate reasons why WTP reboots have occurred. These
|
||
counters are never reset on the WTP, and will therefore roll over to
|
||
zero when the maximum size has been reached.
|
||
|
||
0 1 2 3
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Reboot Count | AC Initiated Count |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Link Failure Count | SW Failure Count |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| HW Failure Count | Other Failure Count |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Unknown Failure Count |Last Failure Type|
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
||
Type: 48 for WTP Reboot Statistics
|
||
|
||
Length: 15
|
||
|
||
Reboot Count: The number of reboots that have occurred due to a WTP
|
||
crash. A value of 65535 implies that this information is not
|
||
available on the WTP.
|
||
|
||
AC Initiated Count: The number of reboots that have occurred at the
|
||
request of a CAPWAP protocol message, such as a change in
|
||
configuration that required a reboot or an explicit CAPWAP
|
||
protocol reset request. A value of 65535 implies that this
|
||
information is not available on the WTP.
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 96]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
Link Failure Count: The number of times that a CAPWAP protocol
|
||
connection with an AC has failed due to link failure.
|
||
|
||
SW Failure Count: The number of times that a CAPWAP protocol
|
||
connection with an AC has failed due to software-related reasons.
|
||
|
||
HW Failure Count: The number of times that a CAPWAP protocol
|
||
connection with an AC has failed due to hardware-related reasons.
|
||
|
||
Other Failure Count: The number of times that a CAPWAP protocol
|
||
connection with an AC has failed due to known reasons, other than
|
||
AC initiated, link, SW or HW failure.
|
||
|
||
Unknown Failure Count: The number of times that a CAPWAP protocol
|
||
connection with an AC has failed for unknown reasons.
|
||
|
||
Last Failure Type: The failure type of the most recent WTP failure.
|
||
The following enumerated values are supported:
|
||
|
||
0 - Not Supported
|
||
|
||
1 - AC Initiated (see Section 9.2)
|
||
|
||
2 - Link Failure
|
||
|
||
3 - Software Failure
|
||
|
||
4 - Hardware Failure
|
||
|
||
5 - Other Failure
|
||
|
||
255 - Unknown (e.g., WTP doesn't keep track of info)
|
||
|
||
4.6.48. WTP Static IP Address Information
|
||
|
||
The WTP Static IP Address Information message element is used by an
|
||
AC to configure or clear a previously configured static IP address on
|
||
a WTP. IPv6 WTPs are expected to use dynamic addresses.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 97]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
0 1 2 3
|
||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| IP Address |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Netmask |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Gateway |
|
||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
| Static |
|
||
+-+-+-+-+-+-+-+-+
|
||
|
||
Type: 49 for WTP Static IP Address Information
|
||
|
||
Length: 13
|
||
|
||
IP Address: The IP address to assign to the WTP. This field is
|
||
only valid if the static field is set to one.
|
||
|
||
Netmask: The IP Netmask. This field is only valid if the static
|
||
field is set to one.
|
||
|
||
Gateway: The IP address of the gateway. This field is only valid
|
||
if the static field is set to one.
|
||
|
||
Static: An 8-bit Boolean stating whether or not the WTP should use
|
||
a static IP address. A value of zero disables the static IP
|
||
address, while a value of one enables it.
|
||
|
||
4.7. CAPWAP Protocol Timers
|
||
|
||
This section contains the definition of the CAPWAP timers.
|
||
|
||
4.7.1. ChangeStatePendingTimer
|
||
|
||
The maximum time, in seconds, the AC will wait for the Change State
|
||
Event Request from the WTP after having transmitted a successful
|
||
Configuration Status Response message.
|
||
|
||
Default: 25 seconds
|
||
|
||
4.7.2. DataChannelKeepAlive
|
||
|
||
The DataChannelKeepAlive timer is used by the WTP to determine the
|
||
next opportunity when it must transmit the Data Channel Keep-Alive,
|
||
in seconds.
|
||
|
||
Default: 30 seconds
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 98]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
4.7.3. DataChannelDeadInterval
|
||
|
||
The minimum time, in seconds, a WTP MUST wait without having received
|
||
a Data Channel Keep-Alive packet before the destination for the Data
|
||
Channel Keep-Alive packets may be considered dead. The value of this
|
||
timer MUST be no less than 2*DataChannelKeepAlive seconds and no
|
||
greater that 240 seconds.
|
||
|
||
Default: 60
|
||
|
||
4.7.4. DataCheckTimer
|
||
|
||
The number of seconds the AC will wait for the Data Channel Keep
|
||
Alive, which is required by the CAPWAP state machine's Data Check
|
||
state. The AC resets the state machine if this timer expires prior
|
||
to transitioning to the next state.
|
||
|
||
Default: 30
|
||
|
||
4.7.5. DiscoveryInterval
|
||
|
||
The minimum time, in seconds, that a WTP MUST wait after receiving a
|
||
Discovery Response message, before initiating a DTLS handshake.
|
||
|
||
Default: 5
|
||
|
||
4.7.6. DTLSSessionDelete
|
||
|
||
The minimum time, in seconds, a WTP MUST wait for DTLS session
|
||
deletion.
|
||
|
||
Default: 5
|
||
|
||
4.7.7. EchoInterval
|
||
|
||
The minimum time, in seconds, between sending Echo Request messages
|
||
to the AC with which the WTP has joined.
|
||
|
||
Default: 30
|
||
|
||
4.7.8. IdleTimeout
|
||
|
||
The default Idle Timeout is 300 seconds.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 99]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
4.7.9. ImageDataStartTimer
|
||
|
||
The number of seconds the WTP will wait for its peer to transmit the
|
||
Image Data Request.
|
||
|
||
Default: 30
|
||
|
||
4.7.10. MaxDiscoveryInterval
|
||
|
||
The maximum time allowed between sending Discovery Request messages,
|
||
in seconds. This value MUST be no less than 2 seconds and no greater
|
||
than 180 seconds.
|
||
|
||
Default: 20 seconds.
|
||
|
||
4.7.11. ReportInterval
|
||
|
||
The ReportInterval is used by the WTP to determine the interval the
|
||
WTP uses between sending the Decryption Error message elements to
|
||
inform the AC of decryption errors, in seconds.
|
||
|
||
The default Report Interval is 120 seconds.
|
||
|
||
4.7.12. RetransmitInterval
|
||
|
||
The minimum time, in seconds, in which a non-acknowledged CAPWAP
|
||
packet will be retransmitted.
|
||
|
||
Default: 3
|
||
|
||
4.7.13. SilentInterval
|
||
|
||
For a WTP, this is the minimum time, in seconds, a WTP MUST wait
|
||
before it MAY again send Discovery Request messages or attempt to
|
||
establish a DTLS session. For an AC, this is the minimum time, in
|
||
seconds, during which the AC SHOULD ignore all CAPWAP and DTLS
|
||
packets received from the WTP that is in the Sulking state.
|
||
|
||
Default: 30 seconds
|
||
|
||
4.7.14. StatisticsTimer
|
||
|
||
The StatisticsTimer is used by the WTP to determine the interval the
|
||
WTP uses between the WTP Events Requests it transmits to the AC to
|
||
communicate its statistics, in seconds.
|
||
|
||
Default: 120 seconds
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 100]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
4.7.15. WaitDTLS
|
||
|
||
The maximum time, in seconds, a WTP MUST wait without having received
|
||
a DTLS Handshake message from an AC. This timer MUST be greater than
|
||
30 seconds.
|
||
|
||
Default: 60
|
||
|
||
4.7.16. WaitJoin
|
||
|
||
The maximum time, in seconds, an AC will wait after the DTLS session
|
||
has been established until it receives the Join Request from the WTP.
|
||
This timer MUST be greater than 20 seconds.
|
||
|
||
Default: 60
|
||
|
||
4.8. CAPWAP Protocol Variables
|
||
|
||
This section defines the CAPWAP protocol variables, which are used
|
||
for various protocol functions. Some of these variables are
|
||
configurable, while others are counters or have a fixed value. For
|
||
non-counter-related variables, default values are specified.
|
||
However, when a WTP's variable configuration is explicitly overridden
|
||
by an AC, the WTP MUST save the new value.
|
||
|
||
4.8.1. AdminState
|
||
|
||
The default Administrative State value is enabled (1).
|
||
|
||
4.8.2. DiscoveryCount
|
||
|
||
The number of Discovery Request messages transmitted by a WTP to a
|
||
single AC. This is a monotonically increasing counter.
|
||
|
||
4.8.3. FailedDTLSAuthFailCount
|
||
|
||
The number of failed DTLS session establishment attempts due to
|
||
authentication failures.
|
||
|
||
4.8.4. FailedDTLSSessionCount
|
||
|
||
The number of failed DTLS session establishment attempts.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 101]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
4.8.5. MaxDiscoveries
|
||
|
||
The maximum number of Discovery Request messages that will be sent
|
||
after a WTP boots.
|
||
|
||
Default: 10
|
||
|
||
4.8.6. MaxFailedDTLSSessionRetry
|
||
|
||
The maximum number of failed DTLS session establishment attempts
|
||
before the CAPWAP device enters a silent period.
|
||
|
||
Default: 3
|
||
|
||
4.8.7. MaxRetransmit
|
||
|
||
The maximum number of retransmissions for a given CAPWAP packet
|
||
before the link layer considers the peer dead.
|
||
|
||
Default: 5
|
||
|
||
4.8.8. RetransmitCount
|
||
|
||
The number of retransmissions for a given CAPWAP packet. This is a
|
||
monotonically increasing counter.
|
||
|
||
4.8.9. WTPFallBack
|
||
|
||
The default WTP Fallback value is enabled (1).
|
||
|
||
4.9. WTP Saved Variables
|
||
|
||
In addition to the values defined in Section 4.8, the following
|
||
values SHOULD be saved on the WTP in non-volatile memory. CAPWAP
|
||
wireless bindings MAY define additional values that SHOULD be stored
|
||
on the WTP.
|
||
|
||
4.9.1. AdminRebootCount
|
||
|
||
The number of times the WTP has rebooted administratively, defined in
|
||
Section 4.6.47.
|
||
|
||
4.9.2. FrameEncapType
|
||
|
||
For WTPs that support multiple Frame Encapsulation Types, it is
|
||
useful to save the value configured by the AC. The Frame
|
||
Encapsulation Type is defined in Section 4.6.43.
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 102]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
4.9.3. LastRebootReason
|
||
|
||
The reason why the WTP last rebooted, defined in Section 4.6.47.
|
||
|
||
4.9.4. MacType
|
||
|
||
For WTPs that support multiple MAC-Types, it is useful to save the
|
||
value configured by the AC. The MAC-Type is defined in
|
||
Section 4.6.44.
|
||
|
||
4.9.5. PreferredACs
|
||
|
||
The preferred ACs, with the index, defined in Section 4.6.5.
|
||
|
||
4.9.6. RebootCount
|
||
|
||
The number of times the WTP has rebooted, defined in Section 4.6.47.
|
||
|
||
4.9.7. Static IP Address
|
||
|
||
The static IP address assigned to the WTP, as configured by the WTP
|
||
Static IP address Information message element (see Section 4.6.48).
|
||
|
||
4.9.8. WTPLinkFailureCount
|
||
|
||
The number of times the link to the AC has failed, see
|
||
Section 4.6.47.
|
||
|
||
4.9.9. WTPLocation
|
||
|
||
The WTP Location, defined in Section 4.6.30.
|
||
|
||
4.9.10. WTPName
|
||
|
||
The WTP Name, defined in Section 4.6.45.
|
||
|
||
5. CAPWAP Discovery Operations
|
||
|
||
The Discovery messages are used by a WTP to determine which ACs are
|
||
available to provide service, and the capabilities and load of the
|
||
ACs.
|
||
|
||
5.1. Discovery Request Message
|
||
|
||
The Discovery Request message is used by the WTP to automatically
|
||
discover potential ACs available in the network. The Discovery
|
||
Request message provides ACs with the primary capabilities of the
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 103]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
WTP. A WTP must exchange this information to ensure subsequent
|
||
exchanges with the ACs are consistent with the WTP's functional
|
||
characteristics.
|
||
|
||
Discovery Request messages MUST be sent by a WTP in the Discover
|
||
state after waiting for a random delay less than
|
||
MaxDiscoveryInterval, after a WTP first comes up or is
|
||
(re)initialized. A WTP MUST send no more than the maximum of
|
||
MaxDiscoveries Discovery Request messages, waiting for a random delay
|
||
less than MaxDiscoveryInterval between each successive message.
|
||
|
||
This is to prevent an explosion of WTP Discovery Request messages.
|
||
An example of this occurring is when many WTPs are powered on at the
|
||
same time.
|
||
|
||
If a Discovery Response message is not received after sending the
|
||
maximum number of Discovery Request messages, the WTP enters the
|
||
Sulking state and MUST wait for an interval equal to SilentInterval
|
||
before sending further Discovery Request messages.
|
||
|
||
Upon receiving a Discovery Request message, the AC will respond with
|
||
a Discovery Response message sent to the address in the source
|
||
address of the received Discovery Request message. Once a Discovery
|
||
Response has been received, if the WTP decides to establish a session
|
||
with the responding AC, it SHOULD perform an MTU discovery, using the
|
||
process described in Section 3.5.
|
||
|
||
It is possible for the AC to receive a clear text Discovery Request
|
||
message while a DTLS session is already active with the WTP. This is
|
||
most likely the case if the WTP has rebooted, perhaps due to a
|
||
software or power failure, but could also be caused by a DoS attack.
|
||
In such cases, any WTP state, including the state machine instance,
|
||
MUST NOT be cleared until another DTLS session has been successfully
|
||
established, communicated via the DTLSSessionEstablished DTLS
|
||
notification (see Section 2.3.2.2).
|
||
|
||
The binding specific WTP Radio Information message element (see
|
||
Section 2.1) is included in the Discovery Request message to
|
||
advertise WTP support for one or more CAPWAP bindings.
|
||
|
||
The Discovery Request message is sent by the WTP when in the
|
||
Discovery state. The AC does not transmit this message.
|
||
|
||
The following message elements MUST be included in the Discovery
|
||
Request message:
|
||
|
||
o Discovery Type, see Section 4.6.21
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 104]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
o WTP Board Data, see Section 4.6.40
|
||
|
||
o WTP Descriptor, see Section 4.6.41
|
||
|
||
o WTP Frame Tunnel Mode, see Section 4.6.43
|
||
|
||
o WTP MAC Type, see Section 4.6.44
|
||
|
||
o WTP Radio Information message element(s) that the WTP supports;
|
||
These are defined by the individual link layer CAPWAP Binding
|
||
Protocols (see Section 2.1).
|
||
|
||
The following message elements MAY be included in the Discovery
|
||
Request message:
|
||
|
||
o MTU Discovery Padding, see Section 4.6.32
|
||
|
||
o Vendor Specific Payload, see Section 4.6.39
|
||
|
||
5.2. Discovery Response Message
|
||
|
||
The Discovery Response message provides a mechanism for an AC to
|
||
advertise its services to requesting WTPs.
|
||
|
||
When a WTP receives a Discovery Response message, it MUST wait for an
|
||
interval not less than DiscoveryInterval for receipt of additional
|
||
Discovery Response messages. After the DiscoveryInterval elapses,
|
||
the WTP enters the DTLS-Init state and selects one of the ACs that
|
||
sent a Discovery Response message and send a DTLS Handshake to that
|
||
AC.
|
||
|
||
One or more binding-specific WTP Radio Information message elements
|
||
(see Section 2.1) are included in the Discovery Request message to
|
||
advertise AC support for the CAPWAP bindings. The AC MAY include
|
||
only the bindings it shares in common with the WTP, known through the
|
||
WTP Radio Information message elements received in the Discovery
|
||
Request message, or it MAY include all of the bindings supported.
|
||
The WTP MAY use the supported bindings in its AC decision process.
|
||
Note that if the WTP joins an AC that does not support a specific
|
||
CAPWAP binding, service for that binding MUST NOT be provided by the
|
||
WTP.
|
||
|
||
The Discovery Response message is sent by the AC when in the Idle
|
||
state. The WTP does not transmit this message.
|
||
|
||
The following message elements MUST be included in the Discovery
|
||
Response Message:
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 105]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
o AC Descriptor, see Section 4.6.1
|
||
|
||
o AC Name, see Section 4.6.4
|
||
|
||
o WTP Radio Information message element(s) that the AC supports;
|
||
these are defined by the individual link layer CAPWAP Binding
|
||
Protocols (see Section 2.1 for more information).
|
||
|
||
o One of the following message elements MUST be included in the
|
||
Discovery Response Message:
|
||
|
||
* CAPWAP Control IPv4 Address, see Section 4.6.9
|
||
|
||
* CAPWAP Control IPv6 Address, see Section 4.6.10
|
||
|
||
The following message elements MAY be included in the Discovery
|
||
Response message:
|
||
|
||
o Vendor Specific Payload, see Section 4.6.39
|
||
|
||
5.3. Primary Discovery Request Message
|
||
|
||
The Primary Discovery Request message is sent by the WTP to:
|
||
|
||
o determine whether its preferred (or primary) AC is available, or
|
||
|
||
o perform a Path MTU Discovery (see Section 3.5).
|
||
|
||
A Primary Discovery Request message is sent by a WTP when it has a
|
||
primary AC configured, and is connected to another AC. This
|
||
generally occurs as a result of a failover, and is used by the WTP as
|
||
a means to discover when its primary AC becomes available. Since the
|
||
WTP only has a single instance of the CAPWAP state machine, the
|
||
Primary Discovery Request is sent by the WTP when in the Run state.
|
||
The AC does not transmit this message.
|
||
|
||
The frequency of the Primary Discovery Request messages should be no
|
||
more often than the sending of the Echo Request message.
|
||
|
||
Upon receipt of a Primary Discovery Request message, the AC responds
|
||
with a Primary Discovery Response message sent to the address in the
|
||
source address of the received Primary Discovery Request message.
|
||
|
||
The following message elements MUST be included in the Primary
|
||
Discovery Request message.
|
||
|
||
o Discovery Type, see Section 4.6.21
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 106]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
o WTP Board Data, see Section 4.6.40
|
||
|
||
o WTP Descriptor, see Section 4.6.41
|
||
|
||
o WTP Frame Tunnel Mode, see Section 4.6.43
|
||
|
||
o WTP MAC Type, see Section 4.6.44
|
||
|
||
o WTP Radio Information message element(s) that the WTP supports;
|
||
these are defined by the individual link layer CAPWAP Binding
|
||
Protocols (see Section 2.1 for more information).
|
||
|
||
The following message elements MAY be included in the Primary
|
||
Discovery Request message:
|
||
|
||
o MTU Discovery Padding, see Section 4.6.32
|
||
|
||
o Vendor Specific Payload, see Section 4.6.39
|
||
|
||
5.4. Primary Discovery Response
|
||
|
||
The Primary Discovery Response message enables an AC to advertise its
|
||
availability and services to requesting WTPs that are configured to
|
||
have the AC as its primary AC.
|
||
|
||
The Primary Discovery Response message is sent by an AC after
|
||
receiving a Primary Discovery Request message.
|
||
|
||
When a WTP receives a Primary Discovery Response message, it may
|
||
establish a CAPWAP protocol connection to its primary AC, based on
|
||
the configuration of the WTP Fallback Status message element on the
|
||
WTP.
|
||
|
||
The Primary Discovery Response message is sent by the AC when in the
|
||
Idle state. The WTP does not transmit this message.
|
||
|
||
The following message elements MUST be included in the Primary
|
||
Discovery Response message.
|
||
|
||
o AC Descriptor, see Section 4.6.1
|
||
|
||
o AC Name, see Section 4.6.4
|
||
|
||
o WTP Radio Information message element(s) that the AC supports;
|
||
These are defined by the individual link layer CAPWAP Binding
|
||
Protocols (see Section 2.1 for more information).
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 107]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
One of the following message elements MUST be included in the
|
||
Discovery Response Message:
|
||
|
||
o CAPWAP Control IPv4 Address, see Section 4.6.9
|
||
|
||
o CAPWAP Control IPv6 Address, see Section 4.6.10
|
||
|
||
The following message elements MAY be included in the Primary
|
||
Discovery Response message:
|
||
|
||
o Vendor Specific Payload, see Section 4.6.39
|
||
|
||
6. CAPWAP Join Operations
|
||
|
||
The Join Request message is used by a WTP to request service from an
|
||
AC after a DTLS connection is established to that AC. The Join
|
||
Response message is used by the AC to indicate that it will or will
|
||
not provide service.
|
||
|
||
6.1. Join Request
|
||
|
||
The Join Request message is used by a WTP to request service through
|
||
the AC. If the WTP is performing the optional AC Discovery process
|
||
(see Section 3.3), the join process occurs after the WTP has received
|
||
one or more Discovery Response messages. During the Discovery
|
||
process, an AC MAY return more than one CAPWAP Control IPv4 Address
|
||
or CAPWAP Control IPv6 Address message elements. When more than one
|
||
such message element is returned, the WTP SHOULD perform "load
|
||
balancing" by choosing the interface that is servicing the least
|
||
number of WTPs (known through the WTP Count field of the message
|
||
element). Note, however, that other load balancing algorithms are
|
||
also permitted. Once the WTP has determined its preferred AC, and
|
||
its associated interface, to which to connect, it establishes the
|
||
DTLS session, and transmits the Join Request over the secured control
|
||
channel. When an AC receives a Join Request message it responds with
|
||
a Join Response message.
|
||
|
||
Upon completion of the DTLS handshake and receipt of the
|
||
DTLSEstablished notification, the WTP sends the Join Request message
|
||
to the AC. When the AC is notified of the DTLS session
|
||
establishment, it does not clear the WaitDTLS timer until it has
|
||
received the Join Request message, at which time it sends a Join
|
||
Response message to the WTP, indicating success or failure.
|
||
|
||
One or more WTP Radio Information message elements (see Section 2.1)
|
||
are included in the Join Request to request service for the CAPWAP
|
||
bindings by the AC. Including a binding that is unsupported by the
|
||
AC will result in a failed Join Response.
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 108]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
If the AC rejects the Join Request, it sends a Join Response message
|
||
with a failure indication and initiates an abort of the DTLS session
|
||
via the DTLSAbort command.
|
||
|
||
If an invalid (i.e., malformed) Join Request message is received, the
|
||
message MUST be silently discarded by the AC. No response is sent to
|
||
the WTP. The AC SHOULD log this event.
|
||
|
||
The Join Request is sent by the WTP when in the Join State. The AC
|
||
does not transmit this message.
|
||
|
||
The following message elements MUST be included in the Join Request
|
||
message.
|
||
|
||
o Location Data, see Section 4.6.30
|
||
|
||
o WTP Board Data, see Section 4.6.40
|
||
|
||
o WTP Descriptor, see Section 4.6.41
|
||
|
||
o WTP Name, see Section 4.6.45
|
||
|
||
o Session ID, see Section 4.6.37
|
||
|
||
o WTP Frame Tunnel Mode, see Section 4.6.43
|
||
|
||
o WTP MAC Type, see Section 4.6.44
|
||
|
||
o WTP Radio Information message element(s) that the WTP supports;
|
||
these are defined by the individual link layer CAPWAP Binding
|
||
Protocols (see Section 2.1 for more information).
|
||
|
||
o ECN Support, see Section 4.6.25
|
||
|
||
At least one of the following message element MUST be included in the
|
||
Join Request message.
|
||
|
||
o CAPWAP Local IPv4 Address, see Section 4.6.11
|
||
|
||
o CAPWAP Local IPv6 Address, see Section 4.6.12
|
||
|
||
The following message element MAY be included in the Join Request
|
||
message.
|
||
|
||
o CAPWAP Transport Protocol, see Section 4.6.14
|
||
|
||
o Maximum Message Length, see Section 4.6.31
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 109]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
o WTP Reboot Statistics, see Section 4.6.47
|
||
|
||
o Vendor Specific Payload, see Section 4.6.39
|
||
|
||
6.2. Join Response
|
||
|
||
The Join Response message is sent by the AC to indicate to a WTP that
|
||
it is capable and willing to provide service to the WTP.
|
||
|
||
The WTP, receiving a Join Response message, checks for success or
|
||
failure. If the message indicates success, the WTP clears the
|
||
WaitDTLS timer for the session and proceeds to the Configure state.
|
||
|
||
If the WaitDTLS Timer expires prior to reception of the Join Response
|
||
message, the WTP MUST terminate the handshake, deallocate session
|
||
state and initiate the DTLSAbort command.
|
||
|
||
If an invalid (malformed) Join Response message is received, the WTP
|
||
SHOULD log an informative message detailing the error. This error
|
||
MUST be treated in the same manner as AC non-responsiveness. The
|
||
WaitDTLS timer will eventually expire, and the WTP MAY (if it is so
|
||
configured) attempt to join a new AC.
|
||
|
||
If one of the WTP Radio Information message elements (see
|
||
Section 2.1) in the Join Request message requested support for a
|
||
CAPWAP binding that the AC does not support, the AC sets the Result
|
||
Code message element to "Binding Not Supported".
|
||
|
||
The AC includes the Image Identifier message element to indicate the
|
||
software version it expects the WTP to run. This information is used
|
||
to determine whether the WTP MUST change its currently running
|
||
firmware image or download a new version (see Section 9.1.1).
|
||
|
||
The Join Response message is sent by the AC when in the Join State.
|
||
The WTP does not transmit this message.
|
||
|
||
The following message elements MUST be included in the Join Response
|
||
message.
|
||
|
||
o Result Code, see Section 4.6.35
|
||
|
||
o AC Descriptor, see Section 4.6.1
|
||
|
||
o AC Name, see Section 4.6.4
|
||
|
||
o WTP Radio Information message element(s) that the AC supports;
|
||
these are defined by the individual link layer CAPWAP Binding
|
||
Protocols (see Section 2.1).
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 110]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
o ECN Support, see Section 4.6.25
|
||
|
||
One of the following message elements MUST be included in the Join
|
||
Response Message:
|
||
|
||
o CAPWAP Control IPv4 Address, see Section 4.6.9
|
||
|
||
o CAPWAP Control IPv6 Address, see Section 4.6.10
|
||
|
||
One of the following message elements MUST be included in the Join
|
||
Response Message:
|
||
|
||
o CAPWAP Local IPv4 Address, see Section 4.6.11
|
||
|
||
o CAPWAP Local IPv6 Address, see Section 4.6.12
|
||
|
||
The following message elements MAY be included in the Join Response
|
||
message.
|
||
|
||
o AC IPv4 List, see Section 4.6.2
|
||
|
||
o AC IPv6 List, see Section 4.6.3
|
||
|
||
o CAPWAP Transport Protocol, see Section 4.6.14
|
||
|
||
o Image Identifier, see Section 4.6.27
|
||
|
||
o Maximum Message Length, see Section 4.6.31
|
||
|
||
o Vendor Specific Payload, see Section 4.6.39
|
||
|
||
7. Control Channel Management
|
||
|
||
The Control Channel Management messages are used by the WTP and AC to
|
||
maintain a control communication channel. CAPWAP Control messages,
|
||
such as the WTP Event Request message sent from the WTP to the AC
|
||
indicate to the AC that the WTP is operational. When such control
|
||
messages are not being sent, the Echo Request and Echo Response
|
||
messages are used to maintain the control communication channel.
|
||
|
||
7.1. Echo Request
|
||
|
||
The Echo Request message is a keep-alive mechanism for CAPWAP control
|
||
messages.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 111]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
Echo Request messages are sent periodically by a WTP in the Image
|
||
Data or Run state (see Section 2.3) to determine the state of the
|
||
control connection between the WTP and the AC. The Echo Request
|
||
message is sent by the WTP when the EchoInterval timer expires.
|
||
|
||
The Echo Request message is sent by the WTP when in the Run state.
|
||
The AC does not transmit this message.
|
||
|
||
The following message elements MAY be included in the Echo Request
|
||
message:
|
||
|
||
o Vendor Specific Payload, see Section 4.6.39
|
||
|
||
When an AC receives an Echo Request message it responds with an Echo
|
||
Response message.
|
||
|
||
7.2. Echo Response
|
||
|
||
The Echo Response message acknowledges the Echo Request message.
|
||
|
||
An Echo Response message is sent by an AC after receiving an Echo
|
||
Request message. After transmitting the Echo Response message, the
|
||
AC SHOULD reset its EchoInterval timer (see Section 4.7.7). If
|
||
another Echo Request message or other control message is not received
|
||
by the AC when the timer expires, the AC SHOULD consider the WTP to
|
||
be no longer reachable.
|
||
|
||
The Echo Response message is sent by the AC when in the Run state.
|
||
The WTP does not transmit this message.
|
||
|
||
The following message elements MAY be included in the Echo Response
|
||
message:
|
||
|
||
o Vendor Specific Payload, see Section 4.6.39
|
||
|
||
When a WTP receives an Echo Response message it initializes the
|
||
EchoInterval to the configured value.
|
||
|
||
8. WTP Configuration Management
|
||
|
||
WTP Configuration messages are used to exchange configuration
|
||
information between the AC and the WTP.
|
||
|
||
8.1. Configuration Consistency
|
||
|
||
The CAPWAP protocol provides flexibility in how WTP configuration is
|
||
managed. A WTP can behave in one of two ways, which is
|
||
implementation specific:
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 112]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
1. The WTP retains no configuration and accepts the configuration
|
||
provided by the AC.
|
||
|
||
2. The WTP saves the configuration of parameters provided by the AC
|
||
that are non-default values into local non-volatile memory, and
|
||
are enforced during the WTP's power up initialization phase.
|
||
|
||
If the WTP opts to save configuration locally, the CAPWAP protocol
|
||
state machine defines the Configure state, which allows for
|
||
configuration exchange. In the Configure state, the WTP sends its
|
||
current configuration overrides to the AC via the Configuration
|
||
Status Request message. A configuration override is a non-default
|
||
parameter. As an example, in the CAPWAP protocol, the default
|
||
antenna configuration is internal omni antenna. A WTP that either
|
||
has no internal antennas, or has been explicitly configured by the AC
|
||
to use external antennas, sends its antenna configuration during the
|
||
configure phase, allowing the AC to become aware of the WTP's current
|
||
configuration.
|
||
|
||
Once the WTP has provided its configuration to the AC, the AC sends
|
||
its configuration to the WTP. This allows the WTP to receive
|
||
configuration and policies from the AC.
|
||
|
||
The AC maintains a copy of each active WTP configuration. There is
|
||
no need for versioning or other means to identify configuration
|
||
changes. If a WTP becomes inactive, the AC MAY delete the inactive
|
||
WTP configuration. If a WTP fails, and connects to a new AC, the WTP
|
||
provides its overridden configuration parameters, allowing the new AC
|
||
to be aware of the WTP configuration.
|
||
|
||
This model allows for resiliency in case of an AC failure, ensuring
|
||
another AC can provide service to the WTP. A new AC would be
|
||
automatically updated with WTP configuration changes, eliminating the
|
||
need for inter-AC communication and the need for all ACs to be aware
|
||
of the configuration of all WTPs in the network.
|
||
|
||
Once the CAPWAP protocol enters the Run state, the WTPs begin to
|
||
provide service. It is common for administrators to require that
|
||
configuration changes be made while the network is operational.
|
||
Therefore, the Configuration Update Request is sent by the AC to the
|
||
WTP to make these changes at run-time.
|
||
|
||
8.1.1. Configuration Flexibility
|
||
|
||
The CAPWAP protocol provides the flexibility to configure and manage
|
||
WTPs of varying design and functional characteristics. When a WTP
|
||
first discovers an AC, it provides primary functional information
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 113]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
relating to its type of MAC and to the nature of frames to be
|
||
exchanged. The AC configures the WTP appropriately. The AC also
|
||
establishes corresponding internal state for the WTP.
|
||
|
||
8.2. Configuration Status Request
|
||
|
||
The Configuration Status Request message is sent by a WTP to deliver
|
||
its current configuration to the AC.
|
||
|
||
The Configuration Status Request message carries binding-specific
|
||
message elements. Refer to the appropriate binding for the
|
||
definition of this structure.
|
||
|
||
When an AC receives a Configuration Status Request message, it acts
|
||
upon the content of the message and responds to the WTP with a
|
||
Configuration Status Response message.
|
||
|
||
The Configuration Status Request message includes multiple Radio
|
||
Administrative State message elements, one for the WTP, and one for
|
||
each radio in the WTP.
|
||
|
||
The Configuration Status Request message is sent by the WTP when in
|
||
the Configure State. The AC does not transmit this message.
|
||
|
||
The following message elements MUST be included in the Configuration
|
||
Status Request message.
|
||
|
||
o AC Name, see Section 4.6.4
|
||
|
||
o Radio Administrative State, see Section 4.6.33
|
||
|
||
o Statistics Timer, see Section 4.6.38
|
||
|
||
o WTP Reboot Statistics, see Section 4.6.47
|
||
|
||
The following message elements MAY be included in the Configuration
|
||
Status Request message.
|
||
|
||
o AC Name with Priority, see Section 4.6.5
|
||
|
||
o CAPWAP Transport Protocol, see Section 4.6.14
|
||
|
||
o WTP Static IP Address Information, see Section 4.6.48
|
||
|
||
o Vendor Specific Payload, see Section 4.6.39
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 114]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
8.3. Configuration Status Response
|
||
|
||
The Configuration Status Response message is sent by an AC and
|
||
provides a mechanism for the AC to override a WTP's requested
|
||
configuration.
|
||
|
||
A Configuration Status Response message is sent by an AC after
|
||
receiving a Configuration Status Request message.
|
||
|
||
The Configuration Status Response message carries binding-specific
|
||
message elements. Refer to the appropriate binding for the
|
||
definition of this structure.
|
||
|
||
When a WTP receives a Configuration Status Response message, it acts
|
||
upon the content of the message, as appropriate. If the
|
||
Configuration Status Response message includes a Radio Operational
|
||
State message element that causes a change in the operational state
|
||
of one of the radios, the WTP transmits a Change State Event to the
|
||
AC, as an acknowledgement of the change in state.
|
||
|
||
The Configuration Status Response message is sent by the AC when in
|
||
the Configure state. The WTP does not transmit this message.
|
||
|
||
The following message elements MUST be included in the Configuration
|
||
Status Response message.
|
||
|
||
o CAPWAP Timers, see Section 4.6.13
|
||
|
||
o Decryption Error Report Period, see Section 4.6.18
|
||
|
||
o Idle Timeout, see Section 4.6.24
|
||
|
||
o WTP Fallback, see Section 4.6.42
|
||
|
||
One or both of the following message elements MUST be included in the
|
||
Configuration Status Response message:
|
||
|
||
o AC IPv4 List, see Section 4.6.2
|
||
|
||
o AC IPv6 List, see Section 4.6.3
|
||
|
||
The following message element MAY be included in the Configuration
|
||
Status Response message.
|
||
|
||
o WTP Static IP Address Information, see Section 4.6.48
|
||
|
||
o Vendor Specific Payload, see Section 4.6.39
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 115]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
8.4. Configuration Update Request
|
||
|
||
Configuration Update Request messages are sent by the AC to provision
|
||
the WTP while in the Run state. This is used to modify the
|
||
configuration of the WTP while it is operational.
|
||
|
||
When a WTP receives a Configuration Update Request message, it
|
||
responds with a Configuration Update Response message, with a Result
|
||
Code message element indicating the result of the configuration
|
||
request.
|
||
|
||
The AC includes the Image Identifier message element (see
|
||
Section 4.6.27) to force the WTP to update its firmware while in the
|
||
Run state. The WTP MAY proceed to download the requested firmware if
|
||
it determines the version specified in the Image Identifier message
|
||
element is not in its non-volatile storage by transmitting an Image
|
||
Data Request (see Section 9.1.1) that includes the Initiate Download
|
||
message element (see Section 4.6.29).
|
||
|
||
The Configuration Update Request is sent by the AC when in the Run
|
||
state. The WTP does not transmit this message.
|
||
|
||
One or more of the following message elements MAY be included in the
|
||
Configuration Update message:
|
||
|
||
o AC Name with Priority, see Section 4.6.5
|
||
|
||
o AC Timestamp, see Section 4.6.6
|
||
|
||
o Add MAC ACL Entry, see Section 4.6.7
|
||
|
||
o CAPWAP Timers, see Section 4.6.13
|
||
|
||
o Decryption Error Report Period, see Section 4.6.18
|
||
|
||
o Delete MAC ACL Entry, see Section 4.6.19
|
||
|
||
o Idle Timeout, see Section 4.6.24
|
||
|
||
o Location Data, see Section 4.6.30
|
||
|
||
o Radio Administrative State, see Section 4.6.33
|
||
|
||
o Statistics Timer, see Section 4.6.38
|
||
|
||
o WTP Fallback, see Section 4.6.42
|
||
|
||
o WTP Name, see Section 4.6.45
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 116]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
o WTP Static IP Address Information, see Section 4.6.48
|
||
|
||
o Image Identifier, see Section 4.6.27
|
||
|
||
o Vendor Specific Payload, see Section 4.6.39
|
||
|
||
8.5. Configuration Update Response
|
||
|
||
The Configuration Update Response message is the acknowledgement
|
||
message for the Configuration Update Request message.
|
||
|
||
The Configuration Update Response message is sent by a WTP after
|
||
receiving a Configuration Update Request message.
|
||
|
||
When an AC receives a Configuration Update Response message, the
|
||
result code indicates if the WTP successfully accepted the
|
||
configuration.
|
||
|
||
The Configuration Update Response message is sent by the WTP when in
|
||
the Run state. The AC does not transmit this message.
|
||
|
||
The following message element MUST be present in the Configuration
|
||
Update message.
|
||
|
||
Result Code, see Section 4.6.35
|
||
|
||
The following message elements MAY be present in the Configuration
|
||
Update Response message.
|
||
|
||
o Radio Operational State, see Section 4.6.34
|
||
|
||
o Vendor Specific Payload, see Section 4.6.39
|
||
|
||
8.6. Change State Event Request
|
||
|
||
The Change State Event Request message is used by the WTP for two
|
||
main purposes:
|
||
|
||
o When sent by the WTP following the reception of a Configuration
|
||
Status Response message from the AC, the WTP uses the Change State
|
||
Event Request message to provide an update on the WTP radio's
|
||
operational state and to confirm that the configuration provided
|
||
by the AC was successfully applied.
|
||
|
||
o When sent during the Run state, the WTP uses the Change State
|
||
Event Request message to notify the AC of an unexpected change in
|
||
the WTP's radio operational state.
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 117]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
When an AC receives a Change State Event Request message it responds
|
||
with a Change State Event Response message and modifies its data
|
||
structures for the WTP as needed. The AC MAY decide not to provide
|
||
service to the WTP if it receives an error, based on local policy,
|
||
and to transition to the Reset state.
|
||
|
||
The Change State Event Request message is sent by a WTP to
|
||
acknowledge or report an error condition to the AC for a requested
|
||
configuration in the Configuration Status Response message. The
|
||
Change State Event Request message includes the Result Code message
|
||
element, which indicates whether the configuration was successfully
|
||
applied. If the WTP is unable to apply a specific configuration
|
||
request, it indicates the failure by including one or more Returned
|
||
Message Element message elements (see Section 4.6.36).
|
||
|
||
The Change State Event Request message is sent by the WTP in the
|
||
Configure or Run state. The AC does not transmit this message.
|
||
|
||
The WTP MAY save its configuration to persistent storage prior to
|
||
transmitting the response. However, this is implementation specific
|
||
and is not required.
|
||
|
||
The following message elements MUST be present in the Change State
|
||
Event Request message.
|
||
|
||
o Radio Operational State, see Section 4.6.34
|
||
|
||
o Result Code, see Section 4.6.35
|
||
|
||
One or more of the following message elements MAY be present in the
|
||
Change State Event Request message:
|
||
|
||
o Returned Message Element(s), see Section 4.6.36
|
||
|
||
o Vendor Specific Payload, see Section 4.6.39
|
||
|
||
8.7. Change State Event Response
|
||
|
||
The Change State Event Response message acknowledges the Change State
|
||
Event Request message.
|
||
|
||
A Change State Event Response message is sent by an AC in response to
|
||
a Change State Event Request message.
|
||
|
||
The Change State Event Response message is sent by the AC when in the
|
||
Configure or Run state. The WTP does not transmit this message.
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 118]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
The following message element MAY be included in the Change State
|
||
Event Response message:
|
||
|
||
o Vendor Specific Payload, see Section 4.6.39
|
||
|
||
The WTP does not take any action upon receipt of the Change State
|
||
Event Response message.
|
||
|
||
8.8. Clear Configuration Request
|
||
|
||
The Clear Configuration Request message is used to reset the WTP
|
||
configuration.
|
||
|
||
The Clear Configuration Request message is sent by an AC to request
|
||
that a WTP reset its configuration to the manufacturing default
|
||
configuration. The Clear Config Request message is sent while in the
|
||
Run state.
|
||
|
||
The Clear Configuration Request is sent by the AC when in the Run
|
||
state. The WTP does not transmit this message.
|
||
|
||
The following message element MAY be included in the Clear
|
||
Configuration Request message:
|
||
|
||
o Vendor Specific Payload, see Section 4.6.39
|
||
|
||
When a WTP receives a Clear Configuration Request message, it resets
|
||
its configuration to the manufacturing default configuration.
|
||
|
||
8.9. Clear Configuration Response
|
||
|
||
The Clear Configuration Response message is sent by the WTP after
|
||
receiving a Clear Configuration Request message and resetting its
|
||
configuration parameters to the manufacturing default values.
|
||
|
||
The Clear Configuration Response is sent by the WTP when in the Run
|
||
state. The AC does not transmit this message.
|
||
|
||
The Clear Configuration Response message MUST include the following
|
||
message element:
|
||
|
||
o Result Code, see Section 4.6.35
|
||
|
||
The following message element MAY be included in the Clear
|
||
Configuration Request message:
|
||
|
||
o Vendor Specific Payload, see Section 4.6.39
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 119]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
9. Device Management Operations
|
||
|
||
This section defines CAPWAP operations responsible for debugging,
|
||
gathering statistics, logging, and firmware management. The
|
||
management operations defined in this section are used by the AC to
|
||
either push/pull information to/from the WTP, or request that the WTP
|
||
reboot. This section does not deal with the management of the AC per
|
||
se, and assumes that the AC is operational and configured.
|
||
|
||
9.1. Firmware Management
|
||
|
||
This section describes the firmware download procedures used by the
|
||
CAPWAP protocol. Firmware download can occur during the Image Data
|
||
or Run state. The former allows the download to occur at boot time,
|
||
while the latter is used to trigger the download while an active
|
||
CAPWAP session exists. It is important to note that the CAPWAP
|
||
protocol does not provide the ability for the AC to identify whether
|
||
the firmware information provided by the WTP is correct or whether
|
||
the WTP is properly storing the firmware (see Section 12.10 for more
|
||
information).
|
||
|
||
Figure 6 provides an example of a WTP that performs a firmware
|
||
upgrade while in the Image Data state. In this example, the WTP does
|
||
not already have the requested firmware (Image Identifier = x), and
|
||
downloads the image from the AC.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 120]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
WTP AC
|
||
|
||
Join Request
|
||
-------------------------------------------------------->
|
||
|
||
Join Response (Image Identifier = x)
|
||
<------------------------------------------------------
|
||
|
||
Image Data Request (Image Identifier = x,
|
||
Initiate Download)
|
||
-------------------------------------------------------->
|
||
|
||
Image Data Response (Result Code = Success,
|
||
Image Information = {size,hash})
|
||
<------------------------------------------------------
|
||
|
||
Image Data Request (Image Data = Data)
|
||
<------------------------------------------------------
|
||
|
||
Image Data Response (Result Code = Success)
|
||
-------------------------------------------------------->
|
||
|
||
.....
|
||
|
||
Image Data Request (Image Data = EOF)
|
||
<------------------------------------------------------
|
||
|
||
Image Data Response (Result Code = Success)
|
||
-------------------------------------------------------->
|
||
|
||
(WTP enters the Reset State)
|
||
|
||
Figure 6: WTP Firmware Download Case 1
|
||
|
||
Figure 7 provides an example in which the WTP has the image specified
|
||
by the AC in its non-volatile storage, but is not its current running
|
||
image. In this case, the WTP opts to NOT download the firmware and
|
||
immediately reset to the requested image.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 121]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
WTP AC
|
||
|
||
Join Request
|
||
-------------------------------------------------------->
|
||
|
||
Join Response (Image Identifier = x)
|
||
<------------------------------------------------------
|
||
|
||
(WTP enters the Reset State)
|
||
|
||
Figure 7: WTP Firmware Download Case 2
|
||
|
||
Figure 8 provides an example of a WTP that performs a firmware
|
||
upgrade while in the Run state. This mode of firmware upgrade allows
|
||
the WTP to download its image while continuing to provide service.
|
||
The WTP will not automatically reset until it is notified by the AC,
|
||
with a Reset Request message.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 122]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
WTP AC
|
||
|
||
Configuration Update Request (Image Identifier = x)
|
||
<------------------------------------------------------
|
||
|
||
Configuration Update Response (Result Code = Success)
|
||
-------------------------------------------------------->
|
||
|
||
|
||
Image Data Request (Image Identifier = x,
|
||
Initiate Download)
|
||
-------------------------------------------------------->
|
||
|
||
Image Data Response (Result Code = Success,
|
||
Image Information = {size,hash})
|
||
<------------------------------------------------------
|
||
|
||
Image Data Request (Image Data = Data)
|
||
<------------------------------------------------------
|
||
|
||
Image Data Response (Result Code = Success)
|
||
-------------------------------------------------------->
|
||
|
||
.....
|
||
|
||
Image Data Request (Image Data = EOF)
|
||
<------------------------------------------------------
|
||
|
||
Image Data Response (Result Code = Success)
|
||
-------------------------------------------------------->
|
||
|
||
.....
|
||
|
||
(administratively requested reboot request)
|
||
Reset Request (Image Identifier = x)
|
||
<------------------------------------------------------
|
||
|
||
Reset Response (Result Code = Success)
|
||
-------------------------------------------------------->
|
||
|
||
Figure 8: WTP Firmware Download Case 3
|
||
|
||
Figure 9 provides another example of the firmware download while in
|
||
the Run state. In this example, the WTP already has the image
|
||
specified by the AC in its non-volatile storage. The WTP opts to NOT
|
||
download the firmware. The WTP resets upon receipt of a Reset
|
||
Request message from the AC.
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 123]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
WTP AC
|
||
|
||
Configuration Update Request (Image Identifier = x)
|
||
<------------------------------------------------------
|
||
|
||
Configuration Update Response (Result Code = Already Have Image)
|
||
-------------------------------------------------------->
|
||
|
||
.....
|
||
|
||
(administratively requested reboot request)
|
||
Reset Request (Image Identifier = x)
|
||
<------------------------------------------------------
|
||
|
||
Reset Response (Result Code = Success)
|
||
-------------------------------------------------------->
|
||
|
||
Figure 9: WTP Firmware Download Case 4
|
||
|
||
9.1.1. Image Data Request
|
||
|
||
The Image Data Request message is used to update firmware on the WTP.
|
||
This message and its companion Response message are used by the AC to
|
||
ensure that the image being run on each WTP is appropriate.
|
||
|
||
Image Data Request messages are exchanged between the WTP and the AC
|
||
to download a new firmware image to the WTP. When a WTP or AC
|
||
receives an Image Data Request message, it responds with an Image
|
||
Data Response message. The message elements contained within the
|
||
Image Data Request message are required to determine the intent of
|
||
the request.
|
||
|
||
The decision that new firmware is to be downloaded to the WTP can
|
||
occur in one of two ways:
|
||
|
||
When the WTP joins the AC, the Join Response message includes the
|
||
Image Identifier message element, which informs the WTP of the
|
||
firmware it is expected to run. If the WTP does not currently
|
||
have the requested firmware version, it transmits an Image Data
|
||
Request message, with the appropriate Image Identifier message
|
||
element. If the WTP already has the requested firmware in its
|
||
non-volatile flash, but is not its currently running image, it
|
||
simply resets to run the proper firmware.
|
||
|
||
Once the WTP is in the Run state, it is possible for the AC to
|
||
cause the WTP to initiate a firmware download by sending a
|
||
Configuration Update Request message with the Image Identifier
|
||
message elements. This will cause the WTP to transmit an Image
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 124]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
Data Request with the Image Identifier and the Initiate Download
|
||
message elements. Note that when the firmware is downloaded in
|
||
this way, the WTP does not automatically reset after the download
|
||
is complete. The WTP will only reset when it receives a Reset
|
||
Request message from the AC. If the WTP already had the requested
|
||
firmware version in its non-volatile storage, the WTP does not
|
||
transmit the Image Data Request message and responds with a
|
||
Configuration Update Response message with the Result Code set to
|
||
Image Already Present.
|
||
|
||
Regardless of how the download was initiated, once the AC receives an
|
||
Image Data Request message with the Image Identifier message element,
|
||
it begins the transfer process by transmitting an Image Data Request
|
||
message that includes the Image Data message element. This continues
|
||
until the firmware image has been transferred.
|
||
|
||
The Image Data Request message is sent by the WTP or the AC when in
|
||
the Image Data or Run state.
|
||
|
||
The following message elements MAY be included in the Image Data
|
||
Request message:
|
||
|
||
o CAPWAP Transport Protocol, see Section 4.6.14
|
||
|
||
o Image Data, see Section 4.6.26
|
||
|
||
o Vendor Specific Payload, see Section 4.6.39
|
||
|
||
The following message elements MAY be included in the Image Data
|
||
Request message when sent by the WTP:
|
||
|
||
o Image Identifier, see Section 4.6.27
|
||
|
||
o Initiate Download, see Section 4.6.29
|
||
|
||
9.1.2. Image Data Response
|
||
|
||
The Image Data Response message acknowledges the Image Data Request
|
||
message.
|
||
|
||
An Image Data Response message is sent in response to a received
|
||
Image Data Request message. Its purpose is to acknowledge the
|
||
receipt of the Image Data Request message. The Result Code is
|
||
included to indicate whether a previously sent Image Data Request
|
||
message was invalid.
|
||
|
||
The Image Data Response message is sent by the WTP or the AC when in
|
||
the Image Data or Run state.
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 125]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
The following message element MUST be included in the Image Data
|
||
Response message:
|
||
|
||
o Result Code, see Section 4.6.35
|
||
|
||
The following message element MAY be included in the Image Data
|
||
Response message:
|
||
|
||
o Vendor Specific Payload, see Section 4.6.39
|
||
|
||
The following message element MAY be included in the Image Data
|
||
Response message when sent by the AC:
|
||
|
||
o Image Information, see Section 4.6.28
|
||
|
||
Upon receiving an Image Data Response message indicating an error,
|
||
the WTP MAY retransmit a previous Image Data Request message, or
|
||
abandon the firmware download to the WTP by transitioning to the
|
||
Reset state.
|
||
|
||
9.2. Reset Request
|
||
|
||
The Reset Request message is used to cause a WTP to reboot.
|
||
|
||
A Reset Request message is sent by an AC to cause a WTP to
|
||
reinitialize its operation. If the AC includes the Image Identifier
|
||
message element (see Section 4.6.27), it indicates to the WTP that it
|
||
SHOULD use that version of software upon reboot.
|
||
|
||
The Reset Request is sent by the AC when in the Run state. The WTP
|
||
does not transmit this message.
|
||
|
||
The following message element MUST be included in the Reset Request
|
||
message:
|
||
|
||
o Image Identifier, see Section 4.6.27
|
||
|
||
The following message element MAY be included in the Reset Request
|
||
message:
|
||
|
||
o Vendor Specific Payload, see Section 4.6.39
|
||
|
||
When a WTP receives a Reset Request message, it responds with a Reset
|
||
Response message indicating success and then reinitializes itself.
|
||
If the WTP is unable to write to its non-volatile storage, to ensure
|
||
that it runs the requested software version indicated in the Image
|
||
Identifier message element, it MAY send the appropriate Result Code
|
||
message element, but MUST reboot. If the WTP is unable to reset,
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 126]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
including a hardware reset, it sends a Reset Response message to the
|
||
AC with a Result Code message element indicating failure. The AC no
|
||
longer provides service to the WTP.
|
||
|
||
9.3. Reset Response
|
||
|
||
The Reset Response message acknowledges the Reset Request message.
|
||
|
||
A Reset Response message is sent by the WTP after receiving a Reset
|
||
Request message.
|
||
|
||
The Reset Response is sent by the WTP when in the Run state. The AC
|
||
does not transmit this message.
|
||
|
||
The following message elements MAY be included in the Reset Response
|
||
message.
|
||
|
||
o Result Code, see Section 4.6.35
|
||
|
||
o Vendor Specific Payload, see Section 4.6.39
|
||
|
||
When an AC receives a successful Reset Response message, it is
|
||
notified that the WTP will reinitialize its operation. An AC that
|
||
receives a Reset Response message indicating failure may opt to no
|
||
longer provide service to the WTP.
|
||
|
||
9.4. WTP Event Request
|
||
|
||
The WTP Event Request message is used by a WTP to send information to
|
||
its AC. The WTP Event Request message MAY be sent periodically, or
|
||
sent in response to an asynchronous event on the WTP. For example, a
|
||
WTP MAY collect statistics and use the WTP Event Request message to
|
||
transmit the statistics to the AC.
|
||
|
||
When an AC receives a WTP Event Request message it will respond with
|
||
a WTP Event Response message.
|
||
|
||
The presence of the Delete Station message element is used by the WTP
|
||
to inform the AC that it is no longer providing service to the
|
||
station. This could be the result of an Idle Timeout (see
|
||
Section 4.6.24), due to resource shortages, or some other reason.
|
||
|
||
The WTP Event Request message is sent by the WTP when in the Run
|
||
state. The AC does not transmit this message.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 127]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
The WTP Event Request message MUST contain one of the message
|
||
elements listed below, or a message element that is defined for a
|
||
specific wireless technology. More than one of each message element
|
||
listed MAY be included in the WTP Event Request message.
|
||
|
||
o Decryption Error Report, see Section 4.6.17
|
||
|
||
o Duplicate IPv4 Address, see Section 4.6.22
|
||
|
||
o Duplicate IPv6 Address, see Section 4.6.23
|
||
|
||
o WTP Radio Statistics, see Section 4.6.46
|
||
|
||
o WTP Reboot Statistics, see Section 4.6.47
|
||
|
||
o Delete Station, see Section 4.6.20
|
||
|
||
o Vendor Specific Payload, see Section 4.6.39
|
||
|
||
9.5. WTP Event Response
|
||
|
||
The WTP Event Response message acknowledges receipt of the WTP Event
|
||
Request message.
|
||
|
||
A WTP Event Response message is sent by an AC after receiving a WTP
|
||
Event Request message.
|
||
|
||
The WTP Event Response message is sent by the AC when in the Run
|
||
state. The WTP does not transmit this message.
|
||
|
||
The following message element MAY be included in the WTP Event
|
||
Response message:
|
||
|
||
o Vendor Specific Payload, see Section 4.6.39
|
||
|
||
9.6. Data Transfer
|
||
|
||
This section describes the data transfer procedures used by the
|
||
CAPWAP protocol. The data transfer mechanism is used to upload
|
||
information available at the WTP to the AC, such as crash or debug
|
||
information. The data transfer messages can only be exchanged while
|
||
in the Run state.
|
||
|
||
Figure 10 provides an example of an AC that requests that the WTP
|
||
transfer its latest crash file. Once the WTP acknowledges that it
|
||
has information to send, via the Data Transfer Response, it transmits
|
||
its own Data Transfer Request. Upon receipt, the AC responds with a
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 128]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
Data Transfer Response, and the exchange continues until the WTP
|
||
transmits a Data Transfer Data message element that indicates an End
|
||
of File (EOF).
|
||
|
||
WTP AC
|
||
|
||
Data Transfer Request (Data Transfer Mode = Crash Data)
|
||
<------------------------------------------------------
|
||
|
||
Data Transfer Response (Result Code = Success)
|
||
-------------------------------------------------------->
|
||
|
||
Data Transfer Request (Data Transfer Data = Data)
|
||
-------------------------------------------------------->
|
||
|
||
Data Transfer Response (Result Code = Success)
|
||
<------------------------------------------------------
|
||
|
||
.....
|
||
|
||
Data Transfer Request (Data Transfer Data = EOF)
|
||
-------------------------------------------------------->
|
||
|
||
Data Transfer Response (Result Code = Success)
|
||
<------------------------------------------------------
|
||
|
||
|
||
Figure 10: WTP Data Transfer Case 1
|
||
|
||
Figure 11 provides an example of an AC that requests that the WTP
|
||
transfer its latest crash file. However, in this example, the WTP
|
||
does not have any crash information to send, and therefore sends a
|
||
Data Transfer Response with a Result Code indicating the error.
|
||
|
||
WTP AC
|
||
|
||
Data Transfer Request (Data Transfer Mode = Crash Data)
|
||
<------------------------------------------------------
|
||
|
||
Data Transfer Response (Result Code = Data Transfer
|
||
Error (No Information to Transfer))
|
||
-------------------------------------------------------->
|
||
|
||
|
||
Figure 11: WTP Data Transfer Case 2
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 129]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
9.6.1. Data Transfer Request
|
||
|
||
The Data Transfer Request message is used to deliver debug
|
||
information from the WTP to the AC.
|
||
|
||
The Data Transfer Request messages can be sent either by the AC or
|
||
the WTP. When sent by the AC, it is used to request that data be
|
||
transmitted from the WTP to the AC, and includes the Data Transfer
|
||
Mode message element, which specifies the information desired by the
|
||
AC. The Data Transfer Request is sent by the WTP in order to
|
||
transfer actual data to the AC, through the Data Transfer Data
|
||
message element.
|
||
|
||
Given that the CAPWAP protocol minimizes the need for WTPs to be
|
||
directly managed, the Data Transfer Request is an important
|
||
troubleshooting tool used by the AC to retrieve information that may
|
||
be available on the WTP. For instance, some WTP implementations may
|
||
store crash information to help manufacturers identify software
|
||
faults. The Data Transfer Request message can be used to send such
|
||
information from the WTP to the AC. Another possible use would be to
|
||
allow a remote debugger function in the WTP to use the Data Transfer
|
||
Request message to send console output to the AC for debugging
|
||
purposes.
|
||
|
||
When the WTP or AC receives a Data Transfer Request message, it
|
||
responds to the WTP with a Data Transfer Response message. The AC
|
||
MAY log the information received through the Data Transfer Data
|
||
message element.
|
||
|
||
The Data Transfer Request message is sent by the WTP or AC when in
|
||
the Run state.
|
||
|
||
When sent by the AC, the Data Transfer Request message MUST contain
|
||
the following message element:
|
||
|
||
o Data Transfer Mode, see Section 4.6.16
|
||
|
||
When sent by the WTP, the Data Transfer Request message MUST contain
|
||
the following message element:
|
||
|
||
o Data Transfer Data, see Section 4.6.15
|
||
|
||
Regardless of whether the Data Transfer Request is sent by the AC or
|
||
WTP, the following message element MAY be included in the Data
|
||
Transfer Request message:
|
||
|
||
o Vendor Specific Payload, see Section 4.6.39
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 130]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
9.6.2. Data Transfer Response
|
||
|
||
The Data Transfer Response message acknowledges the Data Transfer
|
||
Request message.
|
||
|
||
A Data Transfer Response message is sent in response to a received
|
||
Data Transfer Request message. Its purpose is to acknowledge receipt
|
||
of the Data Transfer Request message. When sent by the WTP, the
|
||
Result Code message element is used to indicate whether the data
|
||
transfer requested by the AC can be completed. When sent by the AC,
|
||
the Result Code message element is used to indicate receipt of the
|
||
data transferred in the Data Transfer Request message.
|
||
|
||
The Data Transfer Response message is sent by the WTP or AC when in
|
||
the Run state.
|
||
|
||
The following message element MUST be included in the Data Transfer
|
||
Response message:
|
||
|
||
o Result Code, see Section 4.6.35
|
||
|
||
The following message element MAY be included in the Data Transfer
|
||
Response message:
|
||
|
||
o Vendor Specific Payload, see Section 4.6.39
|
||
|
||
Upon receipt of a Data Transfer Response message, the WTP transmits
|
||
more information, if more information is available.
|
||
|
||
10. Station Session Management
|
||
|
||
Messages in this section are used by the AC to create, modify, or
|
||
delete station session state on the WTPs.
|
||
|
||
10.1. Station Configuration Request
|
||
|
||
The Station Configuration Request message is used to create, modify,
|
||
or delete station session state on a WTP. The message is sent by the
|
||
AC to the WTP, and MAY contain one or more message elements. The
|
||
message elements for this CAPWAP Control message include information
|
||
that is generally highly technology specific. Refer to the
|
||
appropriate binding document for definitions of the messages elements
|
||
that are included in this control message.
|
||
|
||
The Station Configuration Request message is sent by the AC when in
|
||
the Run state. The WTP does not transmit this message.
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 131]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
The following CAPWAP Control message elements MAY be included in the
|
||
Station Configuration Request message. More than one of each message
|
||
element listed MAY be included in the Station Configuration Request
|
||
message:
|
||
|
||
o Add Station, see Section 4.6.8
|
||
|
||
o Delete Station, see Section 4.6.20
|
||
|
||
o Vendor Specific Payload, see Section 4.6.39
|
||
|
||
10.2. Station Configuration Response
|
||
|
||
The Station Configuration Response message is used to acknowledge a
|
||
previously received Station Configuration Request message.
|
||
|
||
The Station Configuration Response message is sent by the WTP when in
|
||
the Run state. The AC does not transmit this message.
|
||
|
||
The following message element MUST be present in the Station
|
||
Configuration Response message:
|
||
|
||
o Result Code, see Section 4.6.35
|
||
|
||
The following message element MAY be included in the Station
|
||
Configuration Response message:
|
||
|
||
o Vendor Specific Payload, see Section 4.6.39
|
||
|
||
The Result Code message element indicates that the requested
|
||
configuration was successfully applied, or that an error related to
|
||
processing of the Station Configuration Request message occurred on
|
||
the WTP.
|
||
|
||
11. NAT Considerations
|
||
|
||
There are three specific situations in which a NAT deployment may be
|
||
used in conjunction with a CAPWAP-enabled deployment. The first
|
||
consists of a configuration in which a single WTP is behind a NAT
|
||
system. Since all communication is initiated by the WTP, and all
|
||
communication is performed over IP using two UDP ports, the protocol
|
||
easily traverses NAT systems in this configuration.
|
||
|
||
In the second case, two or more WTPs are deployed behind the same NAT
|
||
system. Here, the AC would receive multiple connection requests from
|
||
the same IP address, and therefore cannot use the WTP's IP address
|
||
alone to bind the CAPWAP Control and Data channel. The CAPWAP Data
|
||
Check state, which establishes the data plane connection and
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 132]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
communicates the CAPWAP Data Channel Keep-Alive, includes the Session
|
||
Identifier message element, which is used to bind the control and
|
||
data plane. Use of the Session Identifier message element enables
|
||
the AC to match the control and data plane flows from multiple WTPs
|
||
behind the same NAT system (multiple WTPs sharing the same IP
|
||
address). CAPWAP implementations MUST also use DTLS session
|
||
information on any encrypted CAPWAP channel to validate the source of
|
||
both the control and data plane, as described in Section 12.2.
|
||
|
||
In the third configuration, the AC is deployed behind a NAT. In this
|
||
case, the AC is not reachable by the WTP unless a specific rule has
|
||
been configured on the NAT to translate the address and redirect
|
||
CAPWAP messages to the AC. This deployment presents two issues.
|
||
First, an AC communicates its interfaces and corresponding WTP load
|
||
using the CAPWAP Control IPv4 Address and CAPWAP Control IPv6 Address
|
||
message elements. This message element is mandatory, but contains IP
|
||
addresses that are only valid in the private address space used by
|
||
the AC, which is not reachable by the WTP. The WTP MUST NOT utilize
|
||
the information in these message elements if it detects a NAT (as
|
||
described in the CAPWAP Transport Protocol message element in
|
||
Section 4.6.14). Second, since the addresses cannot be used by the
|
||
WTP, this effectively disables the load-balancing capabilities (see
|
||
Section 6.1) of the CAPWAP protocol. Alternatively, the AC could
|
||
have a configured NAT'ed address, which it would include in either of
|
||
the two control address message elements, and the NAT would need to
|
||
be configured accordingly.
|
||
|
||
In order for a CAPWAP WTP or AC to detect whether a middlebox is
|
||
present, both the Join Request (see Section 6.1) and the Join
|
||
Response (see Section 6.2) include either the CAPWAP Local IPv4
|
||
Address (see Section 4.6.11) or the CAPWAP Local IPv6 Address (see
|
||
Section 4.6.12) message element. Upon receiving one of these
|
||
messages, if the packet's source IP address differs from the address
|
||
found in either one of these message elements, it indicates that a
|
||
middlebox is present.
|
||
|
||
In order for CAPWAP to be compatible with potential middleboxes in
|
||
the network, CAPWAP implementations MUST send return traffic from the
|
||
same port on which it received traffic from a given peer. Further,
|
||
any unsolicited requests generated by a CAPWAP node MUST be sent on
|
||
the same port.
|
||
|
||
Note that this middlebox detection technique is not foolproof. If
|
||
the public IP address assigned to the NAT is identical to the private
|
||
IP address used by the AC, detection by the WTP would fail. This
|
||
failure can lead to various protocol errors, so it is therefore
|
||
necessary for deployments to ensure that the NAT's IP address is not
|
||
the same as the ACs.
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 133]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
The CAPWAP protocol allows for all of the AC identities supporting a
|
||
group of WTPs to be communicated through the AC List message element.
|
||
This feature MUST be ignored by the WTP when it detects the AC is
|
||
behind a middlebox.
|
||
|
||
The CAPWAP protocol allows an AC to configure a static IP address on
|
||
a WTP using the WTP Static IP Address Information message element.
|
||
This message element SHOULD NOT be used in NAT'ed environments,
|
||
unless the administrator is familiar with the internal IP addressing
|
||
scheme within the WTP's private network, and does not rely on the
|
||
public address seen by the AC.
|
||
|
||
When a WTP detects the duplicate address condition, it generates a
|
||
message to the AC, which includes the Duplicate IP Address message
|
||
element. The IP address embedded within this message element is
|
||
different from the public IP address seen by the AC.
|
||
|
||
12. Security Considerations
|
||
|
||
This section describes security considerations for the CAPWAP
|
||
protocol. It also provides security recommendations for protocols
|
||
used in conjunction with CAPWAP.
|
||
|
||
12.1. CAPWAP Security
|
||
|
||
As it is currently specified, the CAPWAP protocol sits between the
|
||
security mechanisms specified by the wireless link layer protocol
|
||
(e.g., IEEE 802.11i) and Authentication, Authorization, and
|
||
Accounting (AAA). One goal of CAPWAP is to bootstrap trust between
|
||
the STA and WTP using a series of preestablished trust relationships:
|
||
|
||
STA WTP AC AAA
|
||
==============================================
|
||
|
||
DTLS Cred AAA Cred
|
||
<------------><------------->
|
||
|
||
EAP Credential
|
||
<------------------------------------------>
|
||
|
||
wireless link layer
|
||
(e.g., 802.11 PTK)
|
||
<--------------> or
|
||
<--------------------------->
|
||
(derived)
|
||
|
||
Figure 12: STA Session Setup
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 134]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
Within CAPWAP, DTLS is used to secure the link between the WTP and
|
||
AC. In addition to securing control messages, it's also a link in
|
||
this chain of trust for establishing link layer keys. Consequently,
|
||
much rests on the security of DTLS.
|
||
|
||
In some CAPWAP deployment scenarios, there are two channels between
|
||
the WTP and AC: the control channel, carrying CAPWAP Control
|
||
messages, and the data channel, over which client data packets are
|
||
tunneled between the AC and WTP. Typically, the control channel is
|
||
secured by DTLS, while the data channel is not.
|
||
|
||
The use of parallel protected and unprotected channels deserves
|
||
special consideration, but does not create a threat. There are two
|
||
potential concerns: attempting to convert protected data into
|
||
unprotected data and attempting to convert un-protected data into
|
||
protected data. These concerns are addressed below.
|
||
|
||
12.1.1. Converting Protected Data into Unprotected Data
|
||
|
||
Since CAPWAP does not support authentication-only ciphers (i.e., all
|
||
supported ciphersuites include encryption and authentication), it is
|
||
not possible to convert protected data into unprotected data. Since
|
||
encrypted data is (ideally) indistinguishable from random data, the
|
||
probability of an encrypted packet passing for a well-formed packet
|
||
is effectively zero.
|
||
|
||
12.1.2. Converting Unprotected Data into Protected Data (Insertion)
|
||
|
||
The use of message authentication makes it impossible for the
|
||
attacker to forge protected records. This makes conversion of
|
||
unprotected records to protected records impossible.
|
||
|
||
12.1.3. Deletion of Protected Records
|
||
|
||
An attacker could remove protected records from the stream, though
|
||
not undetectably so, due the built-in reliability of the underlying
|
||
CAPWAP protocol. In the worst case, the attacker would remove the
|
||
same record repeatedly, resulting in a CAPWAP session timeout and
|
||
restart. This is effectively a DoS attack, and could be accomplished
|
||
by a man in the middle regardless of the CAPWAP protocol security
|
||
mechanisms chosen.
|
||
|
||
12.1.4. Insertion of Unprotected Records
|
||
|
||
An attacker could inject packets into the unprotected channel, but
|
||
this may become evident if sequence number desynchronization occurs
|
||
as a result. Only if the attacker is a man in the middle (MITM) can
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 135]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
packets be inserted undetectably. This is a consequence of that
|
||
channel's lack of protection, and not a new threat resulting from the
|
||
CAPWAP security mechanism.
|
||
|
||
12.1.5. Use of MD5
|
||
|
||
The Image Information message element (Section 4.6.28) makes use of
|
||
MD5 to compute the hash field. The authenticity and integrity of the
|
||
image file is protected by DTLS, and in this context, MD5 is not used
|
||
as a cryptographically secure hash, but just as a basic checksum.
|
||
Therefore, the use of MD5 is not considered a security vulnerability,
|
||
and no mechanisms for algorithm agility are provided.
|
||
|
||
12.1.6. CAPWAP Fragmentation
|
||
|
||
RFC 4963 [RFC4963] describes a possible security vulnerability where
|
||
a malicious entity can "corrupt" a flow by injecting fragments. By
|
||
sending "high" fragments (those with offset greater than zero) with a
|
||
forged source address, the attacker can deliberately cause
|
||
corruption. The use of DTLS on the CAPWAP Data channel can be used
|
||
to avoid this possible vulnerability.
|
||
|
||
12.2. Session ID Security
|
||
|
||
Since DTLS does not export a unique session identifier, there can be
|
||
no explicit protocol binding between the DTLS layer and CAPWAP layer.
|
||
As a result, implementations MUST provide a mechanism for performing
|
||
this binding. For example, an AC MUST NOT associate decrypted DTLS
|
||
control packets with a particular WTP session based solely on the
|
||
Session ID in the packet header. Instead, identification should be
|
||
done based on which DTLS session decrypted the packet. Otherwise,
|
||
one authenticated WTP could spoof another authenticated WTP by
|
||
altering the Session ID in the encrypted CAPWAP Header.
|
||
|
||
It should be noted that when the CAPWAP Data channel is unencrypted,
|
||
the WTP Session ID is exposed and possibly known to adversaries and
|
||
other WTPs. This would allow the forgery of the source of data-
|
||
channel traffic. This, however, should not be a surprise for
|
||
unencrypted data channels. When the data channel is encrypted, the
|
||
Session ID is not exposed, and therefore can safely be used to
|
||
associate a data and control channel. The 128-bit length of the
|
||
Session ID mitigates online guessing attacks where an adversarial,
|
||
authenticated WTP tries to correlate his own data channel with
|
||
another WTP's control channel. Note that for encrypted data
|
||
channels, the Session ID should only be used for correlation for the
|
||
first packet immediately after the initial DTLS handshake. Future
|
||
correlation should instead be done via identification of a packet's
|
||
DTLS session.
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 136]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
12.3. Discovery or DTLS Setup Attacks
|
||
|
||
Since the Discovery Request messages are sent in the clear, it is
|
||
important that AC implementations NOT assume that receiving a
|
||
Discovery Request message from a WTP implies that the WTP has
|
||
rebooted, and consequently tear down any active DTLS sessions.
|
||
Discovery Request messages can easily be spoofed by malicious
|
||
devices, so it is important that the AC maintain two separate sets of
|
||
states for the WTP until the DTLSSessionEstablished notification is
|
||
received, indicating that the WTP was authenticated. Once a new DTLS
|
||
session is successfully established, any state referring to the old
|
||
session can be cleared.
|
||
|
||
Similarly, when the AC is entering the DTLS Setup phase, it SHOULD
|
||
NOT assume that the WTP has reset, and therefore should not discard
|
||
active state until the DTLS session has been successfully
|
||
established. While the HelloVerifyRequest provides some protection
|
||
against denial-of-service (DoS) attacks on the AC, an adversary
|
||
capable of receiving packets at a valid address (or a malfunctioning
|
||
or misconfigured WTP) may repeatedly attempt DTLS handshakes with the
|
||
AC, potentially creating a resource shortage. If either the
|
||
FailedDTLSSessionCount or the FailedDTLSAuthFailCount counter reaches
|
||
the value of MaxFailedDTLSSessionRetry variable (see Section 4.8),
|
||
implementations MAY choose to rate-limit new DTLS handshakes for some
|
||
period of time. It is RECOMMENDED that implementations choosing to
|
||
implement rate-limiting use a random discard technique, rather than
|
||
mimicking the WTP's sulking behavior. This will ensure that messages
|
||
from valid WTPs will have some probability of eliciting a response,
|
||
even in the face of a significant DoS attack.
|
||
|
||
Some CAPWAP implementations may wish to restrict the DTLS setup
|
||
process to only those peers that have been configured in the access
|
||
control list, authorizing only those clients to initiate a DTLS
|
||
handshake. Note that the impact of this on mitigating denial-of-
|
||
service attacks against the DTLS layer is minimal, because DTLS
|
||
already uses client-side cookies to minimize processor consumption
|
||
attacks.
|
||
|
||
12.4. Interference with a DTLS Session
|
||
|
||
If a WTP or AC repeatedly receives packets that fail DTLS
|
||
authentication or decryption, this could indicate a DTLS
|
||
desynchronization between the AC and WTP, a link prone to
|
||
undetectable bit errors, or an attacker trying to disrupt a DTLS
|
||
session.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 137]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
In the state machine (section 2.3), transitions to the DTLS Tear Down
|
||
(TD) state can be triggered by frequently receiving DTLS packets with
|
||
authentication or decryption errors. The threshold or technique for
|
||
deciding when to move to the tear down state should be chosen
|
||
carefully. Being able to easily transition to DTLS TD allows easy
|
||
detection of malfunctioning devices, but allows for denial-of-service
|
||
attacks. Making it difficult to transition to DTLS TD prevents
|
||
denial-of-service attacks, but makes it more difficult to detect and
|
||
reset a malfunctioning session. Implementers should set this policy
|
||
with care.
|
||
|
||
12.5. CAPWAP Pre-Provisioning
|
||
|
||
In order for CAPWAP to establish a secure communication with a peer,
|
||
some level of pre-provisioning on both the WTP and AC is necessary.
|
||
This section will detail the minimal number of configuration
|
||
parameters.
|
||
|
||
When using pre-shared keys, it is necessary to configure the pre-
|
||
shared key for each possible peer with which a DTLS session may be
|
||
established. To support this mode of operation, one or more entries
|
||
of the following table may be configured on either the AC or WTP:
|
||
|
||
o Identity: The identity of the peering AC or WTP. This format MAY
|
||
be in the form of either an IP address or host name (the latter of
|
||
which needs to be resolved to an IP address using DNS).
|
||
|
||
o Key: The pre-shared key for use with the peer when establishing
|
||
the DTLS session (see Section 12.6 for more information).
|
||
|
||
o PSK Identity: Identity hint associated with the provisioned key
|
||
(see Section 2.4.4.4 for more information).
|
||
|
||
When using certificates, the following items need to be pre-
|
||
provisioned:
|
||
|
||
o Device Certificate: The local device's certificate (see
|
||
Section 12.7 for more information).
|
||
|
||
o Trust Anchor: Trusted root certificate chain used to validate any
|
||
certificate received from CAPWAP peers. Note that one or more
|
||
root certificates MAY be configured on a given device.
|
||
|
||
Regardless of the authentication method, the following item needs to
|
||
be pre-provisioned:
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 138]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
o Access Control List: The access control list table contains the
|
||
identities of one or more CAPWAP peers, along with a rule. The
|
||
rule is used to determine whether communication with the peer is
|
||
permitted (see Section 2.4.4.3 for more information).
|
||
|
||
12.6. Use of Pre-Shared Keys in CAPWAP
|
||
|
||
While use of pre-shared keys may provide deployment and provisioning
|
||
advantages not found in public-key-based deployments, it also
|
||
introduces a number of operational and security concerns. In
|
||
particular, because the keys must typically be entered manually, it
|
||
is common for people to base them on memorable words or phrases.
|
||
These are referred to as "low entropy passwords/passphrases".
|
||
|
||
Use of low-entropy pre-shared keys, coupled with the fact that the
|
||
keys are often not frequently updated, tends to significantly
|
||
increase exposure. For these reasons, the following recommendations
|
||
are made:
|
||
|
||
o When DTLS is used with a pre-shared key (PSK) ciphersuite, each
|
||
WTP SHOULD have a unique PSK. Since WTPs will likely be widely
|
||
deployed, their physical security is not guaranteed. If PSKs are
|
||
not unique for each WTP, key reuse would allow the compromise of
|
||
one WTP to result in the compromise of others.
|
||
|
||
o Generating PSKs from low entropy passwords is NOT RECOMMENDED.
|
||
|
||
o It is RECOMMENDED that implementations that allow the
|
||
administrator to manually configure the PSK also provide a
|
||
capability for generation of new random PSKs, taking RFC 4086
|
||
[RFC4086] into account.
|
||
|
||
o Pre-shared keys SHOULD be periodically updated. Implementations
|
||
MAY facilitate this by providing an administrative interface for
|
||
automatic key generation and periodic update, or it MAY be
|
||
accomplished manually instead.
|
||
|
||
Every pairwise combination of WTP and AC on the network SHOULD have a
|
||
unique PSK. This prevents the domino effect (see "Guidance for
|
||
Authentication, Authorization, and Accounting (AAA) Key Management"
|
||
[RFC4962]). If PSKs are tied to specific WTPs, then knowledge of the
|
||
PSK implies a binding to a specified identity that can be authorized.
|
||
|
||
If PSKs are shared, this binding between device and identity is no
|
||
longer possible. Compromise of one WTP can yield compromise of
|
||
another WTP, violating the CAPWAP security hierarchy. Consequently,
|
||
sharing keys between WTPs is NOT RECOMMENDED.
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 139]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
12.7. Use of Certificates in CAPWAP
|
||
|
||
For public-key-based DTLS deployments, each device SHOULD have unique
|
||
credentials, with an extended key usage authorizing the device to act
|
||
as either a WTP or AC. If devices do not have unique credentials, it
|
||
is possible that by compromising one device, any other device using
|
||
the same credential may also be considered to be compromised.
|
||
|
||
Certificate validation involves checking a large variety of things.
|
||
Since the necessary things to validate are often environment-
|
||
specific, many are beyond the scope of this document. In this
|
||
section, we provide some basic guidance on certificate validation.
|
||
|
||
Each device is responsible for authenticating and authorizing devices
|
||
with which they communicate. Authentication entails validation of
|
||
the chain of trust leading to the peer certificate, followed by the
|
||
peer certificate itself. Implementations SHOULD also provide a
|
||
secure method for verifying that the credential in question has not
|
||
been revoked.
|
||
|
||
Note that if the WTP relies on the AC for network connectivity (e.g.,
|
||
the AC is a Layer 2 switch to which the WTP is directly connected),
|
||
the WTP may not be able to contact an Online Certificate Status
|
||
Protocol (OCSP) server or otherwise obtain an up-to-date Certificate
|
||
Revocation List (CRL) if a compromised AC doesn't explicitly permit
|
||
this. This cannot be avoided, except through effective physical
|
||
security and monitoring measures at the AC.
|
||
|
||
Proper validation of certificates typically requires checking to
|
||
ensure the certificate has not yet expired. If devices have a real-
|
||
time clock, they SHOULD verify the certificate validity dates. If no
|
||
real-time clock is available, the device SHOULD make a best-effort
|
||
attempt to validate the certificate validity dates through other
|
||
means. Failure to check a certificate's temporal validity can make a
|
||
device vulnerable to man-in-the-middle attacks launched using
|
||
compromised, expired certificates, and therefore devices should make
|
||
every effort to perform this validation.
|
||
|
||
12.8. Use of MAC Address in CN Field
|
||
|
||
The CAPWAP protocol is an evolution of an existing protocol [LWAPP],
|
||
which is implemented on a large number of already deployed ACs and
|
||
WTPs. Every one of these devices has an existing X.509 certificate,
|
||
which is provisioned at the time of manufacturing. These X.509
|
||
certificates use the device's MAC address in the Common Name (CN)
|
||
field. It is well understood that encoding the MAC address in the CN
|
||
field is less than optimal, and using the SubjectAltName field would
|
||
be preferable. However, at the time of publication, there is no URN
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 140]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
specification that allows for the MAC address to be used in the
|
||
SubjectAltName field. As such a specification is published by the
|
||
IETF, future versions of the CAPWAP protocol MAY require support for
|
||
the new URN scheme.
|
||
|
||
12.9. AAA Security
|
||
|
||
The AAA protocol is used to distribute Extensible Authentication
|
||
Protocol (EAP) keys to the ACs, and consequently its security is
|
||
important to the overall system security. When used with Transport
|
||
Layer Security (TLS) or IPsec, security guidelines specified in RFC
|
||
3539 [RFC3539] SHOULD be followed.
|
||
|
||
In general, the link between the AC and AAA server SHOULD be secured
|
||
using a strong ciphersuite keyed with mutually authenticated session
|
||
keys. Implementations SHOULD NOT rely solely on Basic RADIUS shared
|
||
secret authentication as it is often vulnerable to dictionary
|
||
attacks, but rather SHOULD use stronger underlying security
|
||
mechanisms.
|
||
|
||
12.10. WTP Firmware
|
||
|
||
The CAPWAP protocol defines a mechanism by which the AC downloads new
|
||
firmware to the WTP. During the session establishment process, the
|
||
WTP provides information about its current firmware to the AC. The
|
||
AC then decides whether the WTP's firmware needs to be updated. It
|
||
is important to note that the CAPWAP specification makes the explicit
|
||
assumption that the WTP is providing the correct firmware version to
|
||
the AC, and is therefore not lying. Further, during the firmware
|
||
download process, the CAPWAP protocol does not provide any mechanisms
|
||
to recognize whether the WTP is actually storing the firmware for
|
||
future use.
|
||
|
||
13. Operational Considerations
|
||
|
||
The CAPWAP protocol assumes that it is the only configuration
|
||
interface to the WTP to configure parameters that are specified in
|
||
the CAPWAP specifications. While the use of a separate management
|
||
protocol MAY be used for the purposes of monitoring the WTP directly,
|
||
configuring the WTP through a separate management interface is not
|
||
recommended. Configuring the WTP through a separate protocol, such
|
||
as via a command line interface (CLI) or Simple Network Management
|
||
Protocol (SNMP), could lead to the AC state being out of sync with
|
||
the WTP.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 141]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
The CAPWAP protocol does not deal with the management of the ACs.
|
||
The AC is assumed to be configured through some separate management
|
||
interface, which could be via a proprietary CLI, SNMP, Network
|
||
Configuration Protocol (NETCONF), or some other management protocol.
|
||
|
||
The CAPWAP protocol's control channel is fairly lightweight from a
|
||
traffic perspective. Once the WTP has been configured, the WTP sends
|
||
periodic statistics. Further, the specification calls for a keep-
|
||
alive packet to be sent on the protocol's data channel to make sure
|
||
that any possible middleboxes (e.g., NAT) maintain their UDP state.
|
||
The overhead associated with the control and data channel is not
|
||
expected to impact network traffic. That said, the CAPWAP protocol
|
||
does allow for the frequency of these packets to be modified through
|
||
the DataChannelKeepAlive and StatisticsTimer (see Section 4.7.2 and
|
||
Section 4.7.14, respectively).
|
||
|
||
14. Transport Considerations
|
||
|
||
The CAPWAP WG carefully considered the congestion control
|
||
requirements of the CAPWAP protocol, both for the CAPWAP Control and
|
||
Data channels.
|
||
|
||
CAPWAP specifies a single-threaded command/response protocol to be
|
||
used on the control channel, and we have specified that an
|
||
exponential back-off algorithm should be used when commands are
|
||
retransmitted. When CAPWAP runs in its default mode (Local MAC), the
|
||
control channel is the only CAPWAP channel.
|
||
|
||
However, CAPWAP can also be run in Split MAC mode, in which case
|
||
there will be a DTLS-encrypted data channel between each WTP and the
|
||
AC. The WG discussed various options for providing congestion
|
||
control on this channel. However, due to performance problems with
|
||
TCP when it is run over another congestion control mechanism and the
|
||
fact that the vast majority of traffic run over the CAPWAP Data
|
||
channel is likely to be congestion-controlled IP traffic, the CAPWAP
|
||
WG felt that specifying a congestion control mechanism for the CAPWAP
|
||
Data channel would be more likely to cause problems than to resolve
|
||
any.
|
||
|
||
Because there is no congestion control mechanism specified for the
|
||
CAPWAP Data channel, it is RECOMMENDED that non-congestion-controlled
|
||
traffic not be tunneled over CAPWAP. When a significant amount of
|
||
non-congestion-controlled traffic is expected to be present on a
|
||
WLAN, the CAPWAP connection between the AC and the WTP for that LAN
|
||
should be configured to remain in Local MAC mode with Distribution
|
||
function at the WTP.
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 142]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
The lock step nature of the CAPWAP protocol's control channel can
|
||
cause the firmware download process to take some time, depending upon
|
||
the round-trip time (RTT). This is not expected to be a problem
|
||
since the CAPWAP protocol allows firmware to be downloaded while the
|
||
WTP provides service to wireless clients/devices.
|
||
|
||
It is necessary for the WTP and AC to configure their MTU based on
|
||
the capabilities of the path. See Section 3.5 for more information.
|
||
|
||
The CAPWAP protocol mandates support of the Explicit Congestion
|
||
Notification (ECN) through a mode of operation named "limited
|
||
functionality option", detailed in section 9.1.1 of [RFC3168].
|
||
Future versions of the CAPWAP protocol should consider mandating
|
||
support for the "full functionality option".
|
||
|
||
15. IANA Considerations
|
||
|
||
This section details the actions that IANA has taken in preparation
|
||
for publication of the specification. Numerous registries have been
|
||
created, and the contents, document action (see [RFC5226], and
|
||
registry format are all included below. Note that in cases where bit
|
||
fields are referred to, the bit numbering is left to right, where the
|
||
leftmost bit is labeled as bit zero (0).
|
||
|
||
For future registration requests where an Expert Review is required,
|
||
a Designated Expert should be consulted, which is appointed by the
|
||
responsible IESG Area Director. The intention is that any allocation
|
||
will be accompanied by a published RFC, but given that other SDOs may
|
||
want to create standards built on top of CAPWAP, a document the
|
||
Designated Expert can review is also acceptable. IANA should allow
|
||
for allocation of values prior to documents being approved for
|
||
publication, so the Designated Expert can approve allocations once it
|
||
seems clear that publication will occur. The Designated Expert will
|
||
post a request to the CAPWAP WG mailing list (or a successor
|
||
designated by the Area Director) for comment and review. Before a
|
||
period of 30 days has passed, the Designated Expert will either
|
||
approve or deny the registration request and publish a notice of the
|
||
decision to the CAPWAP WG mailing list or its successor, as well as
|
||
informing IANA. A denial notice must be justified by an explanation,
|
||
and in the cases where it is possible, concrete suggestions on how
|
||
the request can be modified so as to become acceptable should be
|
||
provided.
|
||
|
||
15.1. IPv4 Multicast Address
|
||
|
||
IANA has registered a new IPv4 multicast address called "capwap-ac"
|
||
from the Internetwork Control Block IPv4 multicast address registry;
|
||
see Section 3.3.
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 143]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
15.2. IPv6 Multicast Address
|
||
|
||
IANA has registered a new organization local multicast address called
|
||
the "All ACs multicast address" in the Variable Scope IPv6 multicast
|
||
address registry; see Section 3.3.
|
||
|
||
15.3. UDP Port
|
||
|
||
IANA registered two new UDP Ports, which are organization-local
|
||
multicast addresses, in the registered port numbers registry; see
|
||
Section 3.1. The following values have been registered:
|
||
|
||
Keyword Decimal Description References
|
||
------- ------- ----------- ----------
|
||
capwap-control 5246/udp CAPWAP Control Protocol This Document
|
||
capwap-data 5247/udp CAPWAP Data Protocol This Document
|
||
|
||
|
||
15.4. CAPWAP Message Types
|
||
|
||
The Message Type field in the CAPWAP Header (see Section 4.5.1.1) is
|
||
used to identify the operation performed by the message. There are
|
||
multiple namespaces, which are identified via the first three octets
|
||
of the field containing the IANA Enterprise Number [RFC5226].
|
||
|
||
IANA maintains the CAPWAP Message Types registry for all message
|
||
types whose Enterprise Number is set to zero (0). The namespace is 8
|
||
bits (0-255), where the value of zero (0) is reserved and must not be
|
||
assigned. The values one (1) through 26 are allocated in this
|
||
specification, and can be found in Section 4.5.1.1. Any new
|
||
assignments of a CAPWAP Message Type whose Enterprise Number is set
|
||
to zero (0) requires an Expert Review. The registry maintained by
|
||
IANA has the following format:
|
||
|
||
CAPWAP Control Message Message Type Reference
|
||
Value
|
||
|
||
15.5. CAPWAP Header Flags
|
||
|
||
The Flags field in the CAPWAP Header (see Section 4.3) is 9 bits in
|
||
length and is used to identify any special treatment related to the
|
||
message. This specification defines bits zero (0) through five (5),
|
||
while bits six (6) through eight (8) are reserved. There are
|
||
currently three unused, reserved bits that are managed by IANA and
|
||
whose assignment require an Expert Review. IANA created the CAPWAP
|
||
Header Flags registry, whose format is:
|
||
|
||
Flag Field Name Bit Position Reference
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 144]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
15.6. CAPWAP Control Message Flags
|
||
|
||
The Flags field in the CAPWAP Control Message header (see
|
||
Section 4.5.1.4) is used to identify any special treatment related to
|
||
the control message. There are currently eight (8) unused, reserved
|
||
bits. The assignment of these bits is managed by IANA and requires
|
||
an Expert Review. IANA created the CAPWAP Control Message Flags
|
||
registry, whose format is:
|
||
|
||
Flag Field Name Bit Position Reference
|
||
|
||
15.7. CAPWAP Message Element Type
|
||
|
||
The Type field in the CAPWAP Message Element header (see Section 4.6)
|
||
is used to identify the data being transported. The namespace is 16
|
||
bits (0-65535), where the value of zero (0) is reserved and must not
|
||
be assigned. The values one (1) through 53 are allocated in this
|
||
specification, and can be found in Section 4.5.1.1.
|
||
|
||
The 16-bit namespace is further divided into blocks of addresses that
|
||
are reserved for specific CAPWAP wireless bindings. The following
|
||
blocks are reserved:
|
||
|
||
CAPWAP Protocol Message Elements 1 - 1023
|
||
IEEE 802.11 Message Elements 1024 - 2047
|
||
EPCGlobal Message Elements 3072 - 4095
|
||
|
||
This namespace is managed by IANA and assignments require an Expert
|
||
Review. IANA created the CAPWAP Message Element Type registry, whose
|
||
format is:
|
||
|
||
CAPWAP Message Element Type Value Reference
|
||
|
||
15.8. CAPWAP Wireless Binding Identifiers
|
||
|
||
The Wireless Binding Identifier (WBID) field in the CAPWAP Header
|
||
(see Section 4.3) is used to identify the wireless technology
|
||
associated with the packet. This specification allocates the values
|
||
one (1) and three (3). Due to the limited address space available, a
|
||
new WBID request requires Expert Review. IANA created the CAPWAP
|
||
Wireless Binding Identifier registry, whose format is:
|
||
|
||
CAPWAP Wireless Binding Identifier Type Value Reference
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 145]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
15.9. AC Security Types
|
||
|
||
The Security field in the AC Descriptor message element (see
|
||
Section 4.6.1) is 8 bits in length and is used to identify the
|
||
authentication methods available on the AC. This specification
|
||
defines bits five (5) and six (6), while bits zero (0) through four
|
||
(4) as well as bit seven (7) are reserved and unused. These reserved
|
||
bits are managed by IANA and assignment requires Standards Action.
|
||
IANA created the AC Security Types registry, whose format is:
|
||
|
||
AC Security Type Bit Position Reference
|
||
|
||
15.10. AC DTLS Policy
|
||
|
||
The DTLS Policy field in the AC Descriptor message element (see
|
||
Section 4.6.1) is 8 bits in length and is used to identify whether
|
||
the CAPWAP Data Channel is to be secured. This specification defines
|
||
bits five (5) and six (6), while bits zero (0) through four (4) as
|
||
well as bit seven (7) are reserved and unused. These reserved bits
|
||
are managed by IANA and assignment requires Standards Action. IANA
|
||
created the AC DTLS Policy registry, whose format is:
|
||
|
||
AC DTLS Policy Bit Position Reference
|
||
|
||
15.11. AC Information Type
|
||
|
||
The Information Type field in the AC Descriptor message element (see
|
||
Section 4.6.1) is used to represent information about the AC. The
|
||
namespace is 16 bits (0-65535), where the value of zero (0) is
|
||
reserved and must not be assigned. This field, combined with the AC
|
||
Information Vendor ID, allows vendors to use a private namespace.
|
||
This specification defines the AC Information Type namespace when the
|
||
AC Information Vendor ID is set to zero (0), for which the values
|
||
four (4) and five (5) are allocated in this specification, and can be
|
||
found in Section 4.6.1. This namespace is managed by IANA and
|
||
assignments require an Expert Review. IANA created the AC
|
||
Information Type registry, whose format is:
|
||
|
||
AC Information Type Type Value Reference
|
||
|
||
15.12. CAPWAP Transport Protocol Types
|
||
|
||
The Transport field in the CAPWAP Transport Protocol message element
|
||
(see Section 4.6.14) is used to identify the transport to use for the
|
||
CAPWAP Data Channel. The namespace is 8 bits (0-255), where the
|
||
value of zero (0) is reserved and must not be assigned. The values
|
||
one (1) and two (2) are allocated in this specification, and can be
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 146]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
found in Section 4.6.14. This namespace is managed by IANA and
|
||
assignments require an Expert Review. IANA created the CAPWAP
|
||
Transport Protocol Types registry, whose format is:
|
||
|
||
CAPWAP Transport Protocol Type Type Value Reference
|
||
|
||
15.13. Data Transfer Type
|
||
|
||
The Data Type field in the Data Transfer Data message element (see
|
||
Section 4.6.15) and Image Data message element (see Section 4.6.26)
|
||
is used to provide information about the data being carried. The
|
||
namespace is 8 bits (0-255), where the value of zero (0) is reserved
|
||
and must not be assigned. The values one (1), two (2), and five (5)
|
||
are allocated in this specification, and can be found in
|
||
Section 4.6.15. This namespace is managed by IANA and assignments
|
||
require an Expert Review. IANA created the Data Transfer Type
|
||
registry, whose format is:
|
||
|
||
Data Transfer Type Type Value Reference
|
||
|
||
15.14. Data Transfer Mode
|
||
|
||
The Data Mode field in the Data Transfer Data message element (see
|
||
Section 4.6.15) and Data Transfer Mode message element (see
|
||
Section 15.14) is used to provide information about the data being
|
||
carried. The namespace is 8 bits (0-255), where the value of zero
|
||
(0) is reserved and must not be assigned. The values one (1) and two
|
||
(2) are allocated in this specification, and can be found in
|
||
Section 15.14. This namespace is managed by IANA and assignments
|
||
require an Expert Review. IANA created the Data Transfer Mode
|
||
registry, whose format is:
|
||
|
||
Data Transfer Mode Type Value Reference
|
||
|
||
15.15. Discovery Types
|
||
|
||
The Discovery Type field in the Discovery Type message element (see
|
||
Section 4.6.21) is used by the WTP to indicate to the AC how it was
|
||
discovered. The namespace is 8 bits (0-255). The values zero (0)
|
||
through four (4) are allocated in this specification and can be found
|
||
in Section 4.6.21. This namespace is managed by IANA and assignments
|
||
require an Expert Review. IANA created the Discovery Types registry,
|
||
whose format is:
|
||
|
||
Discovery Types Type Value Reference
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 147]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
15.16. ECN Support
|
||
|
||
The ECN Support field in the ECN Support message element (see
|
||
Section 4.6.25) is used by the WTP to represent its ECN Support. The
|
||
namespace is 8 bits (0-255). The values zero (0) and one (1) are
|
||
allocated in this specification, and can be found in Section 4.6.25.
|
||
This namespace is managed by IANA and assignments require an Expert
|
||
Review. IANA created the ECN Support registry, whose format is:
|
||
|
||
ECN Support Type Value Reference
|
||
|
||
15.17. Radio Admin State
|
||
|
||
The Radio Admin field in the Radio Administrative State message
|
||
element (see Section 4.6.33) is used by the WTP to represent the
|
||
state of its radios. The namespace is 8 bits (0-255), where the
|
||
value of zero (0) is reserved and must not be assigned. The values
|
||
one (1) and two (2) are allocated in this specification, and can be
|
||
found in Section 4.6.33. This namespace is managed by IANA and
|
||
assignments require an Expert Review. IANA created the Radio Admin
|
||
State registry, whose format is:
|
||
|
||
Radio Admin State Type Value Reference
|
||
|
||
15.18. Radio Operational State
|
||
|
||
The State field in the Radio Operational State message element (see
|
||
Section 4.6.34) is used by the WTP to represent the operational state
|
||
of its radios. The namespace is 8 bits (0-255), where the value of
|
||
zero (0) is reserved and must not be assigned. The values one (1)
|
||
and two (2) are allocated in this specification, and can be found in
|
||
Section 4.6.34. This namespace is managed by IANA and assignments
|
||
require an Expert Review. IANA created the Radio Operational State
|
||
registry, whose format is:
|
||
|
||
Radio Operational State Type Value Reference
|
||
|
||
15.19. Radio Failure Causes
|
||
|
||
The Cause field in the Radio Operational State message element (see
|
||
Section 4.6.34) is used by the WTP to represent the reason a radio
|
||
may have failed. The namespace is 8 bits (0-255), where the value of
|
||
zero (0) through three (3) are allocated in this specification, and
|
||
can be found in Section 4.6.34. This namespace is managed by IANA
|
||
and assignments require an Expert Review. IANA created the Radio
|
||
Failure Causes registry, whose format is:
|
||
|
||
Radio Failure Causes Type Value Reference
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 148]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
15.20. Result Code
|
||
|
||
The Result Code field in the Result Code message element (see
|
||
Section 4.6.35) is used to indicate the success or failure of a
|
||
CAPWAP Control message. The namespace is 32 bits (0-4294967295),
|
||
where the value of zero (0) through 22 are allocated in this
|
||
specification, and can be found in Section 4.6.35. This namespace is
|
||
managed by IANA and assignments require an Expert Review. IANA
|
||
created the Result Code registry, whose format is:
|
||
|
||
Result Code Type Value Reference
|
||
|
||
15.21. Returned Message Element Reason
|
||
|
||
The Reason field in the Returned Message Element message element (see
|
||
Section 4.6.36) is used to indicate the reason why a message element
|
||
was not processed successfully. The namespace is 8 bits (0-255),
|
||
where the value of zero (0) is reserved and must not be assigned.
|
||
The values one (1) through four (4) are allocated in this
|
||
specification, and can be found in Section 4.6.36. This namespace is
|
||
managed by IANA and assignments require an Expert Review. IANA
|
||
created the Returned Message Element Reason registry, whose format
|
||
is:
|
||
|
||
Returned Message Element Reason Type Value Reference
|
||
|
||
15.22. WTP Board Data Type
|
||
|
||
The Board Data Type field in the WTP Board Data message element (see
|
||
Section 4.6.40) is used to represent information about the WTP
|
||
hardware. The namespace is 16 bits (0-65535). The WTP Board Data
|
||
Type values zero (0) through four (4) are allocated in this
|
||
specification, and can be found in Section 4.6.40. This namespace is
|
||
managed by IANA and assignments require an Expert Review. IANA
|
||
created the WTP Board Data Type registry, whose format is:
|
||
|
||
WTP Board Data Type Type Value Reference
|
||
|
||
15.23. WTP Descriptor Type
|
||
|
||
The Descriptor Type field in the WTP Descriptor message element (see
|
||
Section 4.6.41) is used to represent information about the WTP
|
||
software. The namespace is 16 bits (0-65535). This field, combined
|
||
with the Descriptor Vendor ID, allows vendors to use a private
|
||
namespace. This specification defines the WTP Descriptor Type
|
||
namespace when the Descriptor Vendor ID is set to zero (0), for which
|
||
the values zero (0) through three (3) are allocated in this
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 149]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
specification, and can be found in Section 4.6.41. This namespace is
|
||
managed by IANA and assignments require an Expert Review. IANA
|
||
created the WTP Board Data Type registry, whose format is:
|
||
|
||
WTP Descriptor Type Type Value Reference
|
||
|
||
15.24. WTP Fallback Mode
|
||
|
||
The Mode field in the WTP Fallback message element (see
|
||
Section 4.6.42) is used to indicate the type of AC fallback mechanism
|
||
the WTP should employ. The namespace is 8 bits (0-255), where the
|
||
value of zero (0) is reserved and must not be assigned. The values
|
||
one (1) and two (2) are allocated in this specification, and can be
|
||
found in Section 4.6.42. This namespace is managed by IANA and
|
||
assignments require an Expert Review. IANA created the WTP Fallback
|
||
Mode registry, whose format is:
|
||
|
||
WTP Fallback Mode Type Value Reference
|
||
|
||
15.25. WTP Frame Tunnel Mode
|
||
|
||
The Tunnel Type field in the WTP Frame Tunnel Mode message element
|
||
(see Section 4.6.43) is 8 bits and is used to indicate the type of
|
||
tunneling to use between the WTP and the AC. This specification
|
||
defines bits four (4) through six (6), while bits zero (0) through
|
||
three (3) as well as bit seven (7) are reserved and unused. These
|
||
reserved bits are managed by IANA and assignment requires an Expert
|
||
Review. IANA created the WTP Frame Tunnel Mode registry, whose
|
||
format is:
|
||
|
||
WTP Frame Tunnel Mode Bit Position Reference
|
||
|
||
15.26. WTP MAC Type
|
||
|
||
The MAC Type field in the WTP MAC Type message element (see
|
||
Section 4.6.44) is used to indicate the type of MAC to use in
|
||
tunneled frames between the WTP and the AC. The namespace is 8 bits
|
||
(0-255), where the value of zero (0) through two (2) are allocated in
|
||
this specification, and can be found in Section 4.6.44. This
|
||
namespace is managed by IANA and assignments require an Expert
|
||
Review. IANA created the WTP MAC Type registry, whose format is:
|
||
|
||
WTP MAC Type Type Value Reference
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 150]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
15.27. WTP Radio Stats Failure Type
|
||
|
||
The Last Failure Type field in the WTP Radio Statistics message
|
||
element (see Section 4.6.46) is used to indicate the last WTP
|
||
failure. The namespace is 8 bits (0-255), where the value of zero
|
||
(0) through three (3) as well as the value 255 are allocated in this
|
||
specification, and can be found in Section 4.6.46. This namespace is
|
||
managed by IANA and assignments require an Expert Review. IANA
|
||
created the WTP Radio Stats Failure Type registry, whose format is:
|
||
|
||
WTP Radio Stats Failure Type Type Value Reference
|
||
|
||
15.28. WTP Reboot Stats Failure Type
|
||
|
||
The Last Failure Type field in the WTP Reboot Statistics message
|
||
element (see Section 4.6.47) is used to indicate the last reboot
|
||
reason. The namespace is 8 bits (0-255), where the value of zero (0)
|
||
through five (5) as well as the value 255 are allocated in this
|
||
specification, and can be found in Section 4.6.47. This namespace is
|
||
managed by IANA and assignments require an Expert Review. IANA
|
||
created the WTP Reboot Stats Failure Type registry, whose format is:
|
||
|
||
WTP Reboot Stats Failure Type Type Value Reference
|
||
|
||
16. Acknowledgments
|
||
|
||
The following individuals are acknowledged for their contributions to
|
||
this protocol specification: Puneet Agarwal, Abhijit Choudhury, Pasi
|
||
Eronen, Saravanan Govindan, Peter Nilsson, David Perkins, and Yong
|
||
Zhang.
|
||
|
||
Michael Vakulenko contributed text to describe how CAPWAP can be used
|
||
over Layer 3 (IP/UDP) networks.
|
||
|
||
17. References
|
||
|
||
17.1. Normative References
|
||
|
||
[RFC1191] Mogul, J. and S. Deering, "Path MTU discovery",
|
||
RFC 1191, November 1990.
|
||
|
||
[RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm",
|
||
RFC 1321, April 1992.
|
||
|
||
[RFC1305] Mills, D., "Network Time Protocol (Version 3)
|
||
Specification, Implementation", RFC 1305,
|
||
March 1992.
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 151]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
[RFC1981] McCann, J., Deering, S., and J. Mogul, "Path MTU
|
||
Discovery for IP version 6", RFC 1981,
|
||
August 1996.
|
||
|
||
[RFC2119] Bradner, S., "Key words for use in RFCs to
|
||
Indicate Requirement Levels", BCP 14, RFC 2119,
|
||
March 1997.
|
||
|
||
[RFC2460] Deering, S. and R. Hinden, "Internet Protocol,
|
||
Version 6 (IPv6) Specification", RFC 2460,
|
||
December 1998.
|
||
|
||
[RFC2474] Nichols, K., Blake, S., Baker, F., and D. Black,
|
||
"Definition of the Differentiated Services Field
|
||
(DS Field) in the IPv4 and IPv6 Headers",
|
||
RFC 2474, December 1998.
|
||
|
||
[RFC2782] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS
|
||
RR for specifying the location of services (DNS
|
||
SRV)", RFC 2782, February 2000.
|
||
|
||
[RFC3168] Ramakrishnan, K., Floyd, S., and D. Black, "The
|
||
Addition of Explicit Congestion Notification (ECN)
|
||
to IP", RFC 3168, September 2001.
|
||
|
||
[RFC3539] Aboba, B. and J. Wood, "Authentication,
|
||
Authorization and Accounting (AAA) Transport
|
||
Profile", RFC 3539, June 2003.
|
||
|
||
[RFC3629] Yergeau, F., "UTF-8, a transformation format of
|
||
ISO 10646", STD 63, RFC 3629, November 2003.
|
||
|
||
[RFC3828] Larzon, L-A., Degermark, M., Pink, S., Jonsson,
|
||
L-E., and G. Fairhurst, "The Lightweight User
|
||
Datagram Protocol (UDP-Lite)", RFC 3828,
|
||
July 2004.
|
||
|
||
[RFC4086] Eastlake, D., Schiller, J., and S. Crocker,
|
||
"Randomness Requirements for Security", BCP 106,
|
||
RFC 4086, June 2005.
|
||
|
||
[RFC4279] Eronen, P. and H. Tschofenig, "Pre-Shared Key
|
||
Ciphersuites for Transport Layer Security (TLS)",
|
||
RFC 4279, December 2005.
|
||
|
||
[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer
|
||
Security (TLS) Protocol Version 1.2", RFC 5246,
|
||
August 2008.
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 152]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
[RFC4347] Rescorla, E. and N. Modadugu, "Datagram Transport
|
||
Layer Security", RFC 4347, April 2006.
|
||
|
||
[RFC4821] Mathis, M. and J. Heffner, "Packetization Layer
|
||
Path MTU Discovery", RFC 4821, March 2007.
|
||
|
||
[RFC4963] Heffner, J., Mathis, M., and B. Chandler, "IPv4
|
||
Reassembly Errors at High Data Rates", RFC 4963,
|
||
July 2007.
|
||
|
||
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for
|
||
Writing an IANA Considerations Section in RFCs",
|
||
BCP 26, RFC 5226, May 2008.
|
||
|
||
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen,
|
||
S., Housley, R., and W. Polk, "Internet X.509
|
||
Public Key Infrastructure Certificate and
|
||
Certificate Revocation List (CRL) Profile",
|
||
RFC 5280, May 2008.
|
||
|
||
[ISO.9834-1.1993] International Organization for Standardization,
|
||
"Procedures for the operation of OSI registration
|
||
authorities - part 1: general procedures",
|
||
ISO Standard 9834-1, 1993.
|
||
|
||
[RFC5416] Calhoun, P., Ed., Montemurro, M., Ed., and D.
|
||
Stanley, Ed., "Control And Provisioning of
|
||
Wireless Access Points (CAPWAP) Protocol Binding
|
||
for IEEE 802.11", RFC 5416, March 2009.
|
||
|
||
[RFC5417] Calhoun, P., "Control And Provisioning of Wireless
|
||
Access Points (CAPWAP) Access Controller DHCP
|
||
Option", RFC 5417, March 2009.
|
||
|
||
[FRAME-EXT] IEEE, "IEEE Standard 802.3as-2006", 2005.
|
||
|
||
17.2. Informative References
|
||
|
||
[RFC3232] Reynolds, J., "Assigned Numbers: RFC 1700 is
|
||
Replaced by an On-line Database", RFC 3232,
|
||
January 2002.
|
||
|
||
[RFC3753] Manner, J. and M. Kojo, "Mobility Related
|
||
Terminology", RFC 3753, June 2004.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 153]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
[RFC4564] Govindan, S., Cheng, H., Yao, ZH., Zhou, WH., and
|
||
L. Yang, "Objectives for Control and Provisioning
|
||
of Wireless Access Points (CAPWAP)", RFC 4564,
|
||
July 2006.
|
||
|
||
[RFC4962] Housley, R. and B. Aboba, "Guidance for
|
||
Authentication, Authorization, and Accounting
|
||
(AAA) Key Management", BCP 132, RFC 4962,
|
||
July 2007.
|
||
|
||
[LWAPP] Calhoun, P., O'Hara, B., Suri, R., Cam Winget, N.,
|
||
Kelly, S., Williams, M., and S. Hares,
|
||
"Lightweight Access Point Protocol", Work in
|
||
Progress, March 2007.
|
||
|
||
[SLAPP] Narasimhan, P., Harkins, D., and S. Ponnuswamy,
|
||
"SLAPP: Secure Light Access Point Protocol", Work
|
||
in Progress, May 2005.
|
||
|
||
[DTLS-DESIGN] Modadugu, et al., N., "The Design and
|
||
Implementation of Datagram TLS", Feb 2004.
|
||
|
||
[EUI-48] IEEE, "Guidelines for use of a 48-bit Extended
|
||
Unique Identifier", Dec 2005.
|
||
|
||
[EUI-64] IEEE, "GUIDELINES FOR 64-BIT GLOBAL IDENTIFIER
|
||
(EUI-64) REGISTRATION AUTHORITY".
|
||
|
||
[EPCGlobal] "See http://www.epcglobalinc.org/home".
|
||
|
||
[PacketCable] "PacketCable Security Specification PKT-SP-SEC-
|
||
I12-050812", August 2005, <PacketCable>.
|
||
|
||
[CableLabs] "OpenCable System Security Specification OC-SP-
|
||
SEC-I07-061031", October 2006, <CableLabs>.
|
||
|
||
[WiMAX] "WiMAX Forum X.509 Device Certificate Profile
|
||
Approved Specification V1.0.1", April 2008,
|
||
<WiMAX>.
|
||
|
||
[RFC5418] Kelly, S. and C. Clancy, "Control And Provisioning
|
||
for Wireless Access Points (CAPWAP) Threat
|
||
Analysis for IEEE 802.11 Deployments", RFC 5418,
|
||
March 2009.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 154]
|
||
|
||
RFC 5415 CAPWAP Protocol Specification March 2009
|
||
|
||
|
||
Editors' Addresses
|
||
|
||
Pat R. Calhoun (editor)
|
||
Cisco Systems, Inc.
|
||
170 West Tasman Drive
|
||
San Jose, CA 95134
|
||
|
||
Phone: +1 408-902-3240
|
||
EMail: pcalhoun@cisco.com
|
||
|
||
Michael P. Montemurro (editor)
|
||
Research In Motion
|
||
5090 Commerce Blvd
|
||
Mississauga, ON L4W 5M4
|
||
Canada
|
||
|
||
Phone: +1 905-629-4746 x4999
|
||
EMail: mmontemurro@rim.com
|
||
|
||
|
||
Dorothy Stanley (editor)
|
||
Aruba Networks
|
||
1322 Crossman Ave
|
||
Sunnyvale, CA 94089
|
||
|
||
Phone: +1 630-363-1389
|
||
EMail: dstanley@arubanetworks.com
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Calhoun, et al. Standards Track [Page 155]
|
||
|