tech-invite   World Map     

IETF     RFCs     Groups     SIP     ABNFs    |    3GPP     Specs     Glossaries     Architecture     IMS     UICC    |    search

RFC 5415

 Errata 
Proposed STD
Pages: 155
Top     in Index     Prev     Next
in Group Index     Prev in Group     Next in Group     Group: CAPWAP

Control And Provisioning of Wireless Access Points (CAPWAP) Protocol Specification

Part 1 of 6, p. 1 to 11
None       Next RFC Part

Obsoletes:    5414


Top       ToC       Page 1 
Network Working Group                                    P. Calhoun, Ed.
Request for Comments: 5415                           Cisco Systems, Inc.
Category: Standards Track                             M. Montemurro, Ed.
                                                      Research In Motion
                                                         D. Stanley, Ed.
                                                          Aruba Networks
                                                              March 2009


      Control And Provisioning of Wireless Access Points (CAPWAP)
                         Protocol Specification

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (c) 2009 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents in effect on the date of
   publication of this document (http://trustee.ietf.org/license-info).
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.

   This document may contain material from IETF Documents or IETF
   Contributions published or made publicly available before November
   10, 2008.  The person(s) controlling the copyright in some of this
   material may not have granted the IETF Trust the right to allow
   modifications of such material outside the IETF Standards Process.
   Without obtaining an adequate license from the person(s) controlling
   the copyright in such materials, this document may not be modified
   outside the IETF Standards Process, and derivative works of it may
   not be created outside the IETF Standards Process, except to format
   it for publication as an RFC or to translate it into languages other
   than English.

Page 2 
Abstract

   This specification defines the Control And Provisioning of Wireless
   Access Points (CAPWAP) Protocol, meeting the objectives defined by
   the CAPWAP Working Group in RFC 4564.  The CAPWAP protocol is
   designed to be flexible, allowing it to be used for a variety of
   wireless technologies.  This document describes the base CAPWAP
   protocol, while separate binding extensions will enable its use with
   additional wireless technologies.

Table of Contents

   1. Introduction ....................................................7
      1.1. Goals ......................................................8
      1.2. Conventions Used in This Document ..........................9
      1.3. Contributing Authors .......................................9
      1.4. Terminology ...............................................10
   2. Protocol Overview ..............................................11
      2.1. Wireless Binding Definition ...............................12
      2.2. CAPWAP Session Establishment Overview .....................13
      2.3. CAPWAP State Machine Definition ...........................15
           2.3.1. CAPWAP Protocol State Transitions ..................17
           2.3.2. CAPWAP/DTLS Interface ..............................31
      2.4. Use of DTLS in the CAPWAP Protocol ........................33
           2.4.1. DTLS Handshake Processing ..........................33
           2.4.2. DTLS Session Establishment .........................35
           2.4.3. DTLS Error Handling ................................35
           2.4.4. DTLS Endpoint Authentication and Authorization .....36
   3. CAPWAP Transport ...............................................40
      3.1. UDP Transport .............................................40
      3.2. UDP-Lite Transport ........................................41
      3.3. AC Discovery ..............................................41
      3.4. Fragmentation/Reassembly ..................................42
      3.5. MTU Discovery .............................................43
   4. CAPWAP Packet Formats ..........................................43
      4.1. CAPWAP Preamble ...........................................46
      4.2. CAPWAP DTLS Header ........................................46
      4.3. CAPWAP Header .............................................47
      4.4. CAPWAP Data Messages ......................................50
           4.4.1. CAPWAP Data Channel Keep-Alive .....................51
           4.4.2. Data Payload .......................................52
           4.4.3. Establishment of a DTLS Data Channel ...............52
      4.5. CAPWAP Control Messages ...................................52
           4.5.1. Control Message Format .............................53
           4.5.2. Quality of Service .................................56
           4.5.3. Retransmissions ....................................57
      4.6. CAPWAP Protocol Message Elements ..........................58
           4.6.1. AC Descriptor ......................................61

Top      ToC       Page 3 
           4.6.2. AC IPv4 List .......................................64
           4.6.3. AC IPv6 List .......................................64
           4.6.4. AC Name ............................................65
           4.6.5. AC Name with Priority ..............................65
           4.6.6. AC Timestamp .......................................66
           4.6.7. Add MAC ACL Entry ..................................66
           4.6.8. Add Station ........................................67
           4.6.9. CAPWAP Control IPv4 Address ........................68
           4.6.10. CAPWAP Control IPv6 Address .......................68
           4.6.11. CAPWAP Local IPv4 Address .........................69
           4.6.12. CAPWAP Local IPv6 Address .........................69
           4.6.13. CAPWAP Timers .....................................70
           4.6.14. CAPWAP Transport Protocol .........................71
           4.6.15. Data Transfer Data ................................72
           4.6.16. Data Transfer Mode ................................73
           4.6.17. Decryption Error Report ...........................73
           4.6.18. Decryption Error Report Period ....................74
           4.6.19. Delete MAC ACL Entry ..............................74
           4.6.20. Delete Station ....................................75
           4.6.21. Discovery Type ....................................75
           4.6.22. Duplicate IPv4 Address ............................76
           4.6.23. Duplicate IPv6 Address ............................77
           4.6.24. Idle Timeout ......................................78
           4.6.25. ECN Support .......................................78
           4.6.26. Image Data ........................................79
           4.6.27. Image Identifier ..................................79
           4.6.28. Image Information .................................80
           4.6.29. Initiate Download .................................81
           4.6.30. Location Data .....................................81
           4.6.31. Maximum Message Length ............................81
           4.6.32. MTU Discovery Padding .............................82
           4.6.33. Radio Administrative State ........................82
           4.6.34. Radio Operational State ...........................83
           4.6.35. Result Code .......................................84
           4.6.36. Returned Message Element ..........................85
           4.6.37. Session ID ........................................86
           4.6.38. Statistics Timer ..................................87
           4.6.39. Vendor Specific Payload ...........................87
           4.6.40. WTP Board Data ....................................88
           4.6.41. WTP Descriptor ....................................89
           4.6.42. WTP Fallback ......................................92
           4.6.43. WTP Frame Tunnel Mode .............................92
           4.6.44. WTP MAC Type ......................................93
           4.6.45. WTP Name ..........................................94
           4.6.46. WTP Radio Statistics ..............................94
           4.6.47. WTP Reboot Statistics .............................96
           4.6.48. WTP Static IP Address Information .................97
      4.7. CAPWAP Protocol Timers ....................................98

Top      ToC       Page 4 
           4.7.1. ChangeStatePendingTimer ............................98
           4.7.2. DataChannelKeepAlive ...............................98
           4.7.3. DataChannelDeadInterval ............................99
           4.7.4. DataCheckTimer .....................................99
           4.7.5. DiscoveryInterval ..................................99
           4.7.6. DTLSSessionDelete ..................................99
           4.7.7. EchoInterval .......................................99
           4.7.8. IdleTimeout ........................................99
           4.7.9. ImageDataStartTimer ...............................100
           4.7.10. MaxDiscoveryInterval .............................100
           4.7.11. ReportInterval ...................................100
           4.7.12. RetransmitInterval ...............................100
           4.7.13. SilentInterval ...................................100
           4.7.14. StatisticsTimer ..................................100
           4.7.15. WaitDTLS .........................................101
           4.7.16. WaitJoin .........................................101
      4.8. CAPWAP Protocol Variables ................................101
           4.8.1. AdminState ........................................101
           4.8.2. DiscoveryCount ....................................101
           4.8.3. FailedDTLSAuthFailCount ...........................101
           4.8.4. FailedDTLSSessionCount ............................101
           4.8.5. MaxDiscoveries ....................................102
           4.8.6. MaxFailedDTLSSessionRetry .........................102
           4.8.7. MaxRetransmit .....................................102
           4.8.8. RetransmitCount ...................................102
           4.8.9. WTPFallBack .......................................102
      4.9. WTP Saved Variables ......................................102
           4.9.1. AdminRebootCount ..................................102
           4.9.2. FrameEncapType ....................................102
           4.9.3. LastRebootReason ..................................103
           4.9.4. MacType ...........................................103
           4.9.5. PreferredACs ......................................103
           4.9.6. RebootCount .......................................103
           4.9.7. Static IP Address .................................103
           4.9.8. WTPLinkFailureCount ...............................103
           4.9.9. WTPLocation .......................................103
           4.9.10. WTPName ..........................................103
   5. CAPWAP Discovery Operations ...................................103
      5.1. Discovery Request Message ................................103
      5.2. Discovery Response Message ...............................105
      5.3. Primary Discovery Request Message ........................106
      5.4. Primary Discovery Response ...............................107
   6. CAPWAP Join Operations ........................................108
      6.1. Join Request .............................................108
      6.2. Join Response ............................................110
   7. Control Channel Management ....................................111
      7.1. Echo Request .............................................111
      7.2. Echo Response ............................................112

Top      ToC       Page 5 
   8. WTP Configuration Management ..................................112
      8.1. Configuration Consistency ................................112
           8.1.1. Configuration Flexibility .........................113
      8.2. Configuration Status Request .............................114
      8.3. Configuration Status Response ............................115
      8.4. Configuration Update Request .............................116
      8.5. Configuration Update Response ............................117
      8.6. Change State Event Request ...............................117
      8.7. Change State Event Response ..............................118
      8.8. Clear Configuration Request ..............................119
      8.9. Clear Configuration Response .............................119
   9. Device Management Operations ..................................120
      9.1. Firmware Management ......................................120
           9.1.1. Image Data Request ................................124
           9.1.2. Image Data Response ...............................125
      9.2. Reset Request ............................................126
      9.3. Reset Response ...........................................127
      9.4. WTP Event Request ........................................127
      9.5. WTP Event Response .......................................128
      9.6. Data Transfer ............................................128
           9.6.1. Data Transfer Request .............................130
           9.6.2. Data Transfer Response ............................131
   10. Station Session Management ...................................131
      10.1. Station Configuration Request ...........................131
      10.2. Station Configuration Response ..........................132
   11. NAT Considerations ...........................................132
   12. Security Considerations ......................................134
      12.1. CAPWAP Security .........................................134
           12.1.1. Converting Protected Data into Unprotected Data ..135
           12.1.2. Converting Unprotected Data into
                   Protected Data (Insertion) .......................135
           12.1.3. Deletion of Protected Records ....................135
           12.1.4. Insertion of Unprotected Records .................135
           12.1.5. Use of MD5 .......................................136
           12.1.6. CAPWAP Fragmentation .............................136
      12.2. Session ID Security .....................................136
      12.3. Discovery or DTLS Setup Attacks .........................137
      12.4. Interference with a DTLS Session ........................137
      12.5. CAPWAP Pre-Provisioning .................................138
      12.6. Use of Pre-Shared Keys in CAPWAP ........................139
      12.7. Use of Certificates in CAPWAP ...........................140
      12.8. Use of MAC Address in CN Field ..........................140
      12.9. AAA Security ............................................141
      12.10. WTP Firmware ...........................................141
   13. Operational Considerations ...................................141
   14. Transport Considerations .....................................142
   15. IANA Considerations ..........................................143
      15.1. IPv4 Multicast Address ..................................143

Top      ToC       Page 6 
      15.2. IPv6 Multicast Address ..................................144
      15.3. UDP Port ................................................144
      15.4. CAPWAP Message Types ....................................144
      15.5. CAPWAP Header Flags .....................................144
      15.6. CAPWAP Control Message Flags ............................145
      15.7. CAPWAP Message Element Type .............................145
      15.8. CAPWAP Wireless Binding Identifiers .....................145
      15.9. AC Security Types .......................................146
      15.10. AC DTLS Policy .........................................146
      15.11. AC Information Type ....................................146
      15.12. CAPWAP Transport Protocol Types ........................146
      15.13. Data Transfer Type .....................................147
      15.14. Data Transfer Mode .....................................147
      15.15. Discovery Types ........................................147
      15.16. ECN Support ............................................148
      15.17. Radio Admin State ......................................148
      15.18. Radio Operational State ................................148
      15.19. Radio Failure Causes ...................................148
      15.20. Result Code ............................................149
      15.21. Returned Message Element Reason ........................149
      15.22. WTP Board Data Type ....................................149
      15.23. WTP Descriptor Type ....................................149
      15.24. WTP Fallback Mode ......................................150
      15.25. WTP Frame Tunnel Mode ..................................150
      15.26. WTP MAC Type ...........................................150
      15.27. WTP Radio Stats Failure Type ...........................151
      15.28. WTP Reboot Stats Failure Type ..........................151
   16. Acknowledgments ..............................................151
   17. References ...................................................151
      17.1. Normative References ....................................151
      17.2. Informative References ..................................153

Top      ToC       Page 7 
1.  Introduction

   This document describes the CAPWAP protocol, a standard,
   interoperable protocol that enables an Access Controller (AC) to
   manage a collection of Wireless Termination Points (WTPs).  The
   CAPWAP protocol is defined to be independent of Layer 2 (L2)
   technology, and meets the objectives in "Objectives for Control and
   Provisioning of Wireless Access Points (CAPWAP)" [RFC4564].

   The emergence of centralized IEEE 802.11 Wireless Local Area Network
   (WLAN) architectures, in which simple IEEE 802.11 WTPs are managed by
   an Access Controller (AC), suggested that a standards-based,
   interoperable protocol could radically simplify the deployment and
   management of wireless networks.  WTPs require a set of dynamic
   management and control functions related to their primary task of
   connecting the wireless and wired mediums.  Traditional protocols for
   managing WTPs are either manual static configuration via HTTP,
   proprietary Layer 2-specific or non-existent (if the WTPs are self-
   contained).  An IEEE 802.11 binding is defined in [RFC5416] to
   support use of the CAPWAP protocol with IEEE 802.11 WLAN networks.

   CAPWAP assumes a network configuration consisting of multiple WTPs
   communicating via the Internet Protocol (IP) to an AC.  WTPs are
   viewed as remote radio frequency (RF) interfaces controlled by the
   AC.  The CAPWAP protocol supports two modes of operation: Split and
   Local MAC (medium access control).  In Split MAC mode, all L2
   wireless data and management frames are encapsulated via the CAPWAP
   protocol and exchanged between the AC and the WTP.  As shown in
   Figure 1, the wireless frames received from a mobile device, which is
   referred to in this specification as a Station (STA), are directly
   encapsulated by the WTP and forwarded to the AC.

              +-+         wireless frames        +-+
              | |--------------------------------| |
              | |              +-+               | |
              | |--------------| |---------------| |
              | |wireless PHY/ | |     CAPWAP    | |
              | | MAC sublayer | |               | |
              +-+              +-+               +-+
              STA              WTP                AC

        Figure 1: Representative CAPWAP Architecture for Split MAC

   The Local MAC mode of operation allows for the data frames to be
   either locally bridged or tunneled as 802.3 frames.  The latter
   implies that the WTP performs the 802.11 Integration function.  In
   either case, the L2 wireless management frames are processed locally

Top      ToC       Page 8 
   by the WTP and then forwarded to the AC.  Figure 2 shows the Local
   MAC mode, in which a station transmits a wireless frame that is
   encapsulated in an 802.3 frame and forwarded to the AC.

              +-+wireless frames +-+ 802.3 frames +-+
              | |----------------| |--------------| |
              | |                | |              | |
              | |----------------| |--------------| |
              | |wireless PHY/   | |     CAPWAP   | |
              | | MAC sublayer   | |              | |
              +-+                +-+              +-+
              STA                WTP               AC

        Figure 2: Representative CAPWAP Architecture for Local MAC

   Provisioning WTPs with security credentials and managing which WTPs
   are authorized to provide service are traditionally handled by
   proprietary solutions.  Allowing these functions to be performed from
   a centralized AC in an interoperable fashion increases manageability
   and allows network operators to more tightly control their wireless
   network infrastructure.

1.1.  Goals

   The goals for the CAPWAP protocol are listed below:

   1. To centralize the authentication and policy enforcement functions
      for a wireless network.  The AC may also provide centralized
      bridging, forwarding, and encryption of user traffic.
      Centralization of these functions will enable reduced cost and
      higher efficiency by applying the capabilities of network
      processing silicon to the wireless network, as in wired LANs.

   2. To enable shifting of the higher-level protocol processing from
      the WTP.  This leaves the time-critical applications of wireless
      control and access in the WTP, making efficient use of the
      computing power available in WTPs, which are subject to severe
      cost pressure.

   3. To provide an extensible protocol that is not bound to a specific
      wireless technology.  Extensibility is provided via a generic
      encapsulation and transport mechanism, enabling the CAPWAP
      protocol to be applied to many access point types in the future,
      via a specific wireless binding.

   The CAPWAP protocol concerns itself solely with the interface between
   the WTP and the AC.  Inter-AC and station-to-AC communication are
   strictly outside the scope of this document.

Top      ToC       Page 9 
1.2.  Conventions Used in This Document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119].

1.3.  Contributing Authors

   This section lists and acknowledges the authors of significant text
   and concepts included in this specification.

   The CAPWAP Working Group selected the Lightweight Access Point
   Protocol (LWAPP) [LWAPP] to be used as the basis of the CAPWAP
   protocol specification.  The following people are authors of the
   LWAPP document:

      Bob O'Hara
      Email: bob.ohara@computer.org

      Pat Calhoun, Cisco Systems, Inc.
      170 West Tasman Drive, San Jose, CA  95134
      Phone: +1 408-902-3240, Email: pcalhoun@cisco.com

      Rohit Suri, Cisco Systems, Inc.
      170 West Tasman Drive, San Jose, CA  95134
      Phone: +1 408-853-5548, Email: rsuri@cisco.com

      Nancy Cam Winget, Cisco Systems, Inc.
      170 West Tasman Drive, San Jose, CA  95134
      Phone: +1 408-853-0532, Email: ncamwing@cisco.com

      Scott Kelly, Aruba Networks
      1322 Crossman Ave, Sunnyvale, CA 94089
      Phone: +1  408-754-8408, Email: skelly@arubanetworks.com

      Michael Glenn Williams, Nokia, Inc.
      313 Fairchild Drive, Mountain View, CA  94043
      Phone: +1 650-714-7758, Email: Michael.G.Williams@Nokia.com

      Sue Hares, Green Hills Software
      825 Victors Way, Suite 100, Ann Arbor, MI  48108
      Phone: +1 734 222 1610, Email: shares@ndzh.com

   Datagram Transport Layer Security (DTLS) [RFC4347] is used as the
   security solution for the CAPWAP protocol.  The following people are
   authors of significant DTLS-related text included in this document:

Top      ToC       Page 10 
      Scott Kelly, Aruba Networks
      1322 Crossman Ave, Sunnyvale, CA 94089
      Phone: +1  408-754-8408
      Email: skelly@arubanetworks.com

      Eric Rescorla, Network Resonance
      2483 El Camino Real, #212,Palo Alto CA, 94303
      Email: ekr@networkresonance.com

   The concept of using DTLS to secure the CAPWAP protocol was part of
   the Secure Light Access Point Protocol (SLAPP) proposal [SLAPP].  The
   following people are authors of the SLAPP proposal:

      Partha Narasimhan, Aruba Networks
      1322 Crossman Ave, Sunnyvale, CA  94089
      Phone: +1 408-480-4716
      Email: partha@arubanetworks.com

      Dan Harkins
      Trapeze Networks
      5753 W. Las Positas Blvd, Pleasanton, CA  94588
      Phone: +1-925-474-2212
      EMail: dharkins@trpz.com

      Subbu Ponnuswamy, Aruba Networks
      1322 Crossman Ave, Sunnyvale, CA  94089
      Phone: +1 408-754-1213
      Email: subbu@arubanetworks.com

   The following individuals contributed significant security-related
   text to the document [RFC5418]:

      T. Charles Clancy, Laboratory for Telecommunications Sciences,
      8080 Greenmead Drive, College Park, MD 20740
      Phone: +1 240-373-5069, Email: clancy@ltsnet.net

      Scott Kelly, Aruba Networks
      1322 Crossman Ave, Sunnyvale, CA 94089
      Phone: +1  408-754-8408, Email: scott@hyperthought.com

1.4.  Terminology

   Access Controller (AC): The network entity that provides WTP access
   to the network infrastructure in the data plane, control plane,
   management plane, or a combination therein.

Top      ToC       Page 11 
   CAPWAP Control Channel: A bi-directional flow defined by the AC IP
   Address, WTP IP Address, AC control port, WTP control port, and the
   transport-layer protocol (UDP or UDP-Lite) over which CAPWAP Control
   packets are sent and received.

   CAPWAP Data Channel: A bi-directional flow defined by the AC IP
   Address, WTP IP Address, AC data port, WTP data port, and the
   transport-layer protocol (UDP or UDP-Lite) over which CAPWAP Data
   packets are sent and received.

   Station (STA): A device that contains an interface to a wireless
   medium (WM).

   Wireless Termination Point (WTP): The physical or network entity that
   contains an RF antenna and wireless Physical Layer (PHY) to transmit
   and receive station traffic for wireless access networks.

   This document uses additional terminology defined in [RFC3753].



(page 11 continued on part 2)

Next RFC Part