Network Working Group P. Calhoun, Editor Internet-Draft Cisco Systems, Inc. Expires: July 27, 2007 M. Montemurro, Editor Research In Motion D. Stanley, Editor Aruba Networks January 23, 2007 CAPWAP Protocol Specification draft-ietf-capwap-protocol-specification-04 Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on July 27, 2007. Copyright Notice Copyright (C) The IETF Trust (2007). Calhoun, Editor, et al. Expires July 27, 2007 [Page 1] Internet-Draft CAPWAP Protocol Specification January 2007 Abstract This specification defines the Control And Provisioning of Wireless Access Points (CAPWAP) Protocol. The CAPWAP protocol meets the IETF CAPWAP working group protocol requirements. The CAPWAP protocol is designed to be flexible, allowing it to be used for a variety of wireless technologies. This document describes the base CAPWAP protocol. The CAPWAP protocol binding which defines extensions for use with the IEEE 802.11 wireless LAN protocol is available in [12]. Extensions are expected to be defined to enable use of the CAPWAP protocol with additional wireless technologies. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 6 1.1. Goals . . . . . . . . . . . . . . . . . . . . . . . . . . 7 1.2. Conventions used in this document . . . . . . . . . . . . 7 1.3. Contributing Authors . . . . . . . . . . . . . . . . . . 8 1.4. Acknowledgements . . . . . . . . . . . . . . . . . . . . 9 1.5. Terminology . . . . . . . . . . . . . . . . . . . . . . . 9 2. Protocol Overview . . . . . . . . . . . . . . . . . . . . . . 10 2.1. Wireless Binding Definition . . . . . . . . . . . . . . . 11 2.2. CAPWAP Session Establishment Overview . . . . . . . . . . 11 2.3. CAPWAP State Machine Definition . . . . . . . . . . . . . 13 2.3.1. CAPWAP Protocol State Transitions . . . . . . . . . . 15 2.3.2. CAPWAP/DTLS Interface . . . . . . . . . . . . . . . . 24 2.4. Use of DTLS in the CAPWAP Protocol . . . . . . . . . . . 26 2.4.1. DTLS Handshake Processing . . . . . . . . . . . . . . 26 2.4.2. DTLS Session Establishment . . . . . . . . . . . . . 28 2.4.3. DTLS Error Handling . . . . . . . . . . . . . . . . . 28 2.4.4. DTLS EndPoint Authentication . . . . . . . . . . . . 29 3. CAPWAP Transport . . . . . . . . . . . . . . . . . . . . . . 33 3.1. UDP Transport . . . . . . . . . . . . . . . . . . . . . . 33 3.2. AC Discovery . . . . . . . . . . . . . . . . . . . . . . 33 3.3. Fragmentation/Reassembly . . . . . . . . . . . . . . . . 34 4. CAPWAP Packet Formats . . . . . . . . . . . . . . . . . . . . 35 4.1. CAPWAP preamble . . . . . . . . . . . . . . . . . . . . . 37 4.2. CAPWAP Header . . . . . . . . . . . . . . . . . . . . . . 37 4.3. CAPWAP Data Messages . . . . . . . . . . . . . . . . . . 41 4.3.1. CAPWAP Data Keepalive . . . . . . . . . . . . . . . . 41 4.3.2. Station Data Payloads . . . . . . . . . . . . . . . . 42 4.4. CAPWAP Control Messages . . . . . . . . . . . . . . . . . 43 4.4.1. Control Message Format . . . . . . . . . . . . . . . 43 4.4.2. Control Message Quality of Service . . . . . . . . . 46 4.5. CAPWAP Protocol Message Elements . . . . . . . . . . . . 46 4.5.1. AC Descriptor . . . . . . . . . . . . . . . . . . . . 49 4.5.2. AC IPv4 List . . . . . . . . . . . . . . . . . . . . 50 Calhoun, Editor, et al. Expires July 27, 2007 [Page 2] Internet-Draft CAPWAP Protocol Specification January 2007 4.5.3. AC IPv6 List . . . . . . . . . . . . . . . . . . . . 51 4.5.4. AC Name . . . . . . . . . . . . . . . . . . . . . . . 51 4.5.5. AC Name with Index . . . . . . . . . . . . . . . . . 52 4.5.6. AC Timestamp . . . . . . . . . . . . . . . . . . . . 52 4.5.7. Add MAC ACL Entry . . . . . . . . . . . . . . . . . . 53 4.5.8. Add Station . . . . . . . . . . . . . . . . . . . . . 53 4.5.9. Add Static MAC ACL Entry . . . . . . . . . . . . . . 54 4.5.10. CAPWAP Control IPv4 Address . . . . . . . . . . . . . 55 4.5.11. CAPWAP Control IPv6 Address . . . . . . . . . . . . . 55 4.5.12. CAPWAP Timers . . . . . . . . . . . . . . . . . . . . 56 4.5.13. Data Transfer Data . . . . . . . . . . . . . . . . . 56 4.5.14. Data Transfer Mode . . . . . . . . . . . . . . . . . 57 4.5.15. Decryption Error Report . . . . . . . . . . . . . . . 57 4.5.16. Decryption Error Report Period . . . . . . . . . . . 58 4.5.17. Delete MAC ACL Entry . . . . . . . . . . . . . . . . 58 4.5.18. Delete Station . . . . . . . . . . . . . . . . . . . 59 4.5.19. Delete Static MAC ACL Entry . . . . . . . . . . . . . 59 4.5.20. Discovery Type . . . . . . . . . . . . . . . . . . . 60 4.5.21. Duplicate IPv4 Address . . . . . . . . . . . . . . . 61 4.5.22. Duplicate IPv6 Address . . . . . . . . . . . . . . . 61 4.5.23. Idle Timeout . . . . . . . . . . . . . . . . . . . . 62 4.5.24. Image Data . . . . . . . . . . . . . . . . . . . . . 63 4.5.25. Image Filename . . . . . . . . . . . . . . . . . . . 63 4.5.26. Initiate Download . . . . . . . . . . . . . . . . . . 64 4.5.27. Location Data . . . . . . . . . . . . . . . . . . . . 64 4.5.28. MTU Discovery Padding . . . . . . . . . . . . . . . . 65 4.5.29. Radio Administrative State . . . . . . . . . . . . . 65 4.5.30. Radio Operational State . . . . . . . . . . . . . . . 66 4.5.31. Result Code . . . . . . . . . . . . . . . . . . . . . 67 4.5.32. Returned Message Element . . . . . . . . . . . . . . 68 4.5.33. Session ID . . . . . . . . . . . . . . . . . . . . . 69 4.5.34. Statistics Timer . . . . . . . . . . . . . . . . . . 69 4.5.35. Vendor Specific Payload . . . . . . . . . . . . . . . 70 4.5.36. WTP Board Data . . . . . . . . . . . . . . . . . . . 70 4.5.37. WTP Descriptor . . . . . . . . . . . . . . . . . . . 71 4.5.38. WTP Fallback . . . . . . . . . . . . . . . . . . . . 73 4.5.39. WTP Frame Tunnel Mode . . . . . . . . . . . . . . . . 73 4.5.40. WTP IPv4 IP Address . . . . . . . . . . . . . . . . . 74 4.5.41. WTP MAC Type . . . . . . . . . . . . . . . . . . . . 75 4.5.42. WTP Name . . . . . . . . . . . . . . . . . . . . . . 75 4.5.43. WTP Operational Statistics . . . . . . . . . . . . . 76 4.5.44. WTP Radio Statistics . . . . . . . . . . . . . . . . 76 4.5.45. WTP Reboot Statistics . . . . . . . . . . . . . . . . 78 4.5.46. WTP Static IP Address Information . . . . . . . . . . 79 4.6. CAPWAP Protocol Timers . . . . . . . . . . . . . . . . . 80 4.6.1. DataChannelKeepAlive . . . . . . . . . . . . . . . . 80 4.6.2. DataChannelDeadInterval . . . . . . . . . . . . . . . 80 4.6.3. DiscoveryInterval . . . . . . . . . . . . . . . . . . 81 Calhoun, Editor, et al. Expires July 27, 2007 [Page 3] Internet-Draft CAPWAP Protocol Specification January 2007 4.6.4. DTLSRehandshake . . . . . . . . . . . . . . . . . . . 81 4.6.5. DTLSSessionDelete . . . . . . . . . . . . . . . . . . 81 4.6.6. EchoInterval . . . . . . . . . . . . . . . . . . . . 81 4.6.7. KeyLifetime . . . . . . . . . . . . . . . . . . . . . 81 4.6.8. MaxDiscoveryInterval . . . . . . . . . . . . . . . . 81 4.6.9. MaxFailedDTLSSessionRetry . . . . . . . . . . . . . . 82 4.6.10. NeighborDeadInterval . . . . . . . . . . . . . . . . 82 4.6.11. ResponseTimeout . . . . . . . . . . . . . . . . . . . 82 4.6.12. RetransmitInterval . . . . . . . . . . . . . . . . . 82 4.6.13. SilentInterval . . . . . . . . . . . . . . . . . . . 82 4.6.14. StatisticsTimer . . . . . . . . . . . . . . . . . . . 82 4.6.15. WaitDTLS . . . . . . . . . . . . . . . . . . . . . . 82 4.7. CAPWAP Protocol Variables . . . . . . . . . . . . . . . . 83 4.7.1. AdminState . . . . . . . . . . . . . . . . . . . . . 83 4.7.2. DiscoveryCount . . . . . . . . . . . . . . . . . . . 83 4.7.3. FailedDTLSSessionCount . . . . . . . . . . . . . . . 83 4.7.4. IdleTimeout . . . . . . . . . . . . . . . . . . . . . 83 4.7.5. MaxDiscoveries . . . . . . . . . . . . . . . . . . . 83 4.7.6. MaxRetransmit . . . . . . . . . . . . . . . . . . . . 83 4.7.7. ReportInterval . . . . . . . . . . . . . . . . . . . 83 4.7.8. RetransmitCount . . . . . . . . . . . . . . . . . . . 84 4.7.9. WTPFallBack . . . . . . . . . . . . . . . . . . . . . 84 4.8. WTP Saved Variables . . . . . . . . . . . . . . . . . . . 84 4.8.1. AdminRebootCount . . . . . . . . . . . . . . . . . . 84 4.8.2. FrameEncapType . . . . . . . . . . . . . . . . . . . 84 4.8.3. LastRebootReason . . . . . . . . . . . . . . . . . . 84 4.8.4. MacType . . . . . . . . . . . . . . . . . . . . . . . 84 4.8.5. PreferredACs . . . . . . . . . . . . . . . . . . . . 84 4.8.6. RebootCount . . . . . . . . . . . . . . . . . . . . . 84 4.8.7. Static ACL Table . . . . . . . . . . . . . . . . . . 85 4.8.8. Static IP Address . . . . . . . . . . . . . . . . . . 85 4.8.9. WTPLinkFailureCount . . . . . . . . . . . . . . . . . 85 4.8.10. WTPLocation . . . . . . . . . . . . . . . . . . . . . 85 4.8.11. WTPName . . . . . . . . . . . . . . . . . . . . . . . 85 5. CAPWAP Discovery Operations . . . . . . . . . . . . . . . . . 86 5.1. Discovery Request Message . . . . . . . . . . . . . . . . 86 5.2. Discovery Response Message . . . . . . . . . . . . . . . 87 5.3. Primary Discovery Request Message . . . . . . . . . . . . 87 5.4. Primary Discovery Response . . . . . . . . . . . . . . . 88 6. CAPWAP Join Operations . . . . . . . . . . . . . . . . . . . 90 6.1. Join Request . . . . . . . . . . . . . . . . . . . . . . 90 6.2. Join Response . . . . . . . . . . . . . . . . . . . . . . 91 7. Control Channel Management . . . . . . . . . . . . . . . . . 92 7.1. Echo Request . . . . . . . . . . . . . . . . . . . . . . 92 7.2. Echo Response . . . . . . . . . . . . . . . . . . . . . . 92 8. WTP Configuration Management . . . . . . . . . . . . . . . . 93 8.1. Configuration Consistency . . . . . . . . . . . . . . . . 93 8.1.1. Configuration Flexibility . . . . . . . . . . . . . . 94 Calhoun, Editor, et al. Expires July 27, 2007 [Page 4] Internet-Draft CAPWAP Protocol Specification January 2007 8.2. Configuration Status . . . . . . . . . . . . . . . . . . 94 8.3. Configuration Status Response . . . . . . . . . . . . . . 95 8.4. Configuration Status Acknowledge . . . . . . . . . . . . 96 8.5. Configuration Update Request . . . . . . . . . . . . . . 96 8.6. Configuration Update Response . . . . . . . . . . . . . . 97 8.7. Change State Event Request . . . . . . . . . . . . . . . 97 8.8. Change State Event Response . . . . . . . . . . . . . . . 98 8.9. Clear Configuration Request . . . . . . . . . . . . . . . 99 8.10. Clear Configuration Response . . . . . . . . . . . . . . 99 9. Device Management Operations . . . . . . . . . . . . . . . . 100 9.1. Image Data Request . . . . . . . . . . . . . . . . . . . 100 9.2. Image Data Response . . . . . . . . . . . . . . . . . . . 101 9.3. Reset Request . . . . . . . . . . . . . . . . . . . . . . 101 9.4. Reset Response . . . . . . . . . . . . . . . . . . . . . 101 9.5. WTP Event Request . . . . . . . . . . . . . . . . . . . . 102 9.6. WTP Event Response . . . . . . . . . . . . . . . . . . . 102 9.7. Data Transfer Request . . . . . . . . . . . . . . . . . . 103 9.8. Data Transfer Response . . . . . . . . . . . . . . . . . 103 10. Station Session Management . . . . . . . . . . . . . . . . . 104 10.1. Station Configuration Request . . . . . . . . . . . . . . 104 10.2. Station Configuration Response . . . . . . . . . . . . . 104 11. NAT Considerations . . . . . . . . . . . . . . . . . . . . . 105 12. Security Considerations . . . . . . . . . . . . . . . . . . . 107 12.1. CAPWAP Security . . . . . . . . . . . . . . . . . . . . . 107 12.1.1. Converting Protected Data into Unprotected Data . . . 108 12.1.2. Converting Unprotected Data into Protected Data (Insertion) . . . . . . . . . . . . . . . . . . . . . 108 12.1.3. Deletion of Protected Records . . . . . . . . . . . . 108 12.1.4. Insertion of Unprotected Records . . . . . . . . . . 108 12.2. Use of Preshared Keys in CAPWAP . . . . . . . . . . . . . 108 12.3. Use of Certificates in CAPWAP . . . . . . . . . . . . . . 109 12.4. AAA Security . . . . . . . . . . . . . . . . . . . . . . 110 13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 111 14. References . . . . . . . . . . . . . . . . . . . . . . . . . 112 14.1. Normative References . . . . . . . . . . . . . . . . . . 112 14.2. Informational References . . . . . . . . . . . . . . . . 112 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 114 Intellectual Property and Copyright Statements . . . . . . . . . 115 Calhoun, Editor, et al. Expires July 27, 2007 [Page 5] Internet-Draft CAPWAP Protocol Specification January 2007 1. Introduction This document describes the CAPWAP Protocol, a standard, interoperable protocol which enables an Access Controller (AC) to manage a collection of Wireless Termination Points (WTPs). The CAPWAP protocol is defined to be independent of layer 2 technology. The emergence of centralized IEEE 802.11 Wireless Local Area Network (WLAN) architectures, in which simple IEEE 802.11 WTPs are managed by an Access Controller (AC) suggested that a standards based, interoperable protocol could radically simplify the deployment and management of wireless networks. WTPs require a set of dynamic management and control functions related to their primary task of connecting the wireless and wired mediums. Traditional protocols for managing WTPs are either manual static configuration via HTTP, proprietary Layer 2 specific or non-existent (if the WTPs are self- contained). An IEEE 802.11 binding is defined in [12] to support use of the CAPWAP protocol with IEEE 802.11 WLAN networks. CAPWAP assumes a network configuration consisting of multiple WTPs communicating via the Internet Protocol (IP) to an AC. WTPs are viewed as remote RF interfaces controlled by the AC. The CAPWAP protocol supports two modes of operation: Split and Local MAC. In Split MAC mode all L2 wireless data and management frames are encapsulated via the CAPWAP protocol and exchanged between the AC and the WTP. As shown in Figure 1, the wireless frames received from a mobile device, which is referred to in this specification as a Station (or STA for short), are directly encapsulated by the WTP and forwarded to the AC. +-+ wireless frames +-+ | |--------------------------------| | | | +-+ | | | |--------------| |---------------| | | |wireless PHY/ | | CAPWAP | | | | MAC sublayer | | | | +-+ +-+ +-+ STA WTP AC Figure 1: Representative CAPWAP Architecture for Split MAC The Local MAC mode of operation allows for the data frames to be either locally bridged, or tunneled as 802.3 frames. The latter implies that the WTP performs the 802 bridging function. In either case the L2 wireless management frames are processed locally by the WTP, and then forwarded to the AC. Figure 2 shows the Local MAC mode, in which a station transmits a wireless frame which is encapsulated in an 802.3 frame and forwarded to the AC. Calhoun, Editor, et al. Expires July 27, 2007 [Page 6] Internet-Draft CAPWAP Protocol Specification January 2007 +-+wireless frames +-+ 802.3 frames +-+ | |----------------| |--------------| | | | | | | | | |----------------| |--------------| | | |wireless PHY/ | | CAPWAP | | | | MAC sublayer | | | | +-+ +-+ +-+ STA WTP AC Figure 2: Representative CAPWAP Architecture for Local MAC Provisioning WTPs with security credentials, and managing which WTPs are authorized to provide service are traditionally handled by proprietary solutions. Allowing these functions to be performed from a centralized AC in an interoperable fashion increases manageability and allows network operators to more tightly control their wireless network infrastructure. 1.1. Goals The goals for the CAPWAP protocol are listed below: 1. To centralize the authentication and policy enforcement functions for a wireless network. The AC may also provide centralized bridging, forwarding, and encryption of user traffic. Centralization of these functions will enable reduced cost and higher efficiency by applying the capabilities of network processing silicon to the wireless network, as in wired LANs. 2. To enable shifting of the higher level protocol processing from the WTP. This leaves the time critical applications of wireless control and access in the WTP, making efficient use of the computing power available in WTPs which are the subject to severe cost pressure. 3. To provide a generic encapsulation and transport mechanism, enabling the CAPWAP protocol to be applied to many access point types in the future, via a specific wireless binding. The CAPWAP protocol concerns itself solely with the interface between the WTP and the AC. Inter-AC, or station to AC communication is strictly outside the scope of this document. 1.2. Conventions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [1]. Calhoun, Editor, et al. Expires July 27, 2007 [Page 7] Internet-Draft CAPWAP Protocol Specification January 2007 1.3. Contributing Authors This section lists and acknowledges the authors of significant text and concepts included in this specification. [Note: This section needs work to accurately reflect the contribution of each author and this work will be done a future revision of this document.] The CAPWAP Working Group selected the Lightweight Access Point Protocol (LWAPP) [add reference, when available]to be used as the basis of the CAPWAP protocol specification. The following people are authors of the LWAPP document: Bob O'Hara, Cisco Systems, Inc.,170 West Tasman Drive, San Jose, CA 95134 Phone: +1 408-853-5513, Email: bob.ohara@cisco.com Pat Calhoun, Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134 Phone: +1 408-853-5269, Email: pcalhoun@cisco.com Rohit Suri, Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134 Phone: +1 408-853-5548, Email: rsuri@cisco.com Nancy Cam Winget, Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134 Phone: +1 408-853-0532, Email: ncamwing@cisco.com Scott Kelly, Aruba Networks, 1322 Crossman Ave, Sunnyvale, CA 94089 Phone: +1 408-754-8408, Email: skelly@arubanetworks.com Michael Glenn Williams, Nokia, Inc., 313 Fairchild Drive, Mountain View, CA 94043 Phone: +1 650-714-7758, Email: Michael.G.Williams@Nokia.com Sue Hares, Nexthop Technologies, Inc., 825 Victors Way, Suite 100, Ann Arbor, MI 48108 Phone: +1 734 222 1610, Email: shares@nexthop.com DTLS is used as the security solution for the CAPWAP protocol. The following people are authors of significant DTLS-related text included in this document: Scott Kelly, Aruba Networks, 1322 Crossman Ave, Sunnyvale, CA 94089 Phone: +1 408-754-8408, Email: skelly@arubanetworks.com Eric Rescorla, Network Resonance, 2483 El Camino Real, #212,Palo Alto CA, 94303 Email: ekr@networkresonance.com The concept of using DTLS to secure the CAPWAP protocol was part of the Secure Light Access Point Protocol (SLAPP) proposal [add reference when available]. The following people are authors of the SLAPP proposal: Calhoun, Editor, et al. Expires July 27, 2007 [Page 8] Internet-Draft CAPWAP Protocol Specification January 2007 Partha Narasimhan, Aruba Networks, 1322 Crossman Ave, Sunnyvale, CA 94089 Phone: +1 408-480-4716, Email: partha@arubanetworks.com Dan Harkins, Tropos Networks, 555 Del Rey Avenue, Sunnyvale, CA, 95085 Phone: +1 408 470 7372, Email: dharkins@tropos.com Subbu Ponnuswamy, Aruba Networks, 1322 Crossman Ave, Sunnyvale, CA 94089 Phone: +1 408-754-1213, Email: subbu@arubanetworks.com 1.4. Acknowledgements The authors thank Michael Vakulenko for contributing text that describes how CAPWAP can be used over a layer 3 (IP/UDP) network. The authors thank Russ Housley and Charles Clancy for their assistance in provide a security review of the LWAPP specification. Charles' review can be found at [11]. 1.5. Terminology Access Controller (AC): The network entity that provides WTPs access to the network infrastructure in the data plane, control plane, management plane, or a combination therein. Station (STA): A device that contains an IEEE 802.11 conformant medium access control (MAC) and physical layer (PHY) interface to the wireless medium (WM). Wireless Termination Point (WTP): The physical or network entity that contains an RF antenna and wireless PHY to transmit and receive station traffic for wireless access networks. This Document uses additional terminology defined in [8]. Calhoun, Editor, et al. Expires July 27, 2007 [Page 9] Internet-Draft CAPWAP Protocol Specification January 2007 2. Protocol Overview The CAPWAP protocol is a generic protocol defining AC and WTP control and data plane communication via a CAPWAP protocol transport mechanism. CAPWAP control messages, and optionally CAPWAP data messages, are secured using Datagram Transport Layer Security (DTLS) [7]. DTLS is a standards-track IETF protocol based upon TLS. The underlying security-related protocol mechanisms of TLS have been successfully deployed for many years. The CAPWAP protocol Transport layer carries two types of payload, CAPWAP Data messages and CAPWAP Control messages. CAPWAP Data messages encapsulate forwarded wireless frames. CAPWAP protocol Control messages are management messages exchanged between a WTP and an AC. The CAPWAP Data and Control packets are sent over separate UDP ports. Since both data and control frames can exceed the PMTU, the payload of a CAPWAP data or control message can be fragmented. The fragmentation behavior is defined in Section 3. The CAPWAP Protocol begins with a discovery phase. The WTPs send a Discovery Request message, causing any Access Controller (AC) receiving the message to respond with a Discovery Response message. From the Discovery Response messages received, a WTP will select an AC with which to establish a secure DTLS session. CAPWAP protocol messages will be fragmented to the maximum length discovered to be supported by the network. Once the WTP and the AC have completed DTLS session establishment, a configuration exchange occurs in which both devices to agree on version information. During this exchange the WTP may receive provisioning settings. The WTP is then enabled for operation. When the WTP and AC have completed the version and provision exchange and the WTP is enabled, the CAPWAP protocol is used to encapsulate the wireless data frames sent between the WTP and AC. The CAPWAP protocol will fragment the L2 frames if the size of the encapsulated wireless user data (Data) or protocol control (Management) frames causes the resulting CAPWAP protocol packet to exceed the MTU supported between the WTP and AC. Fragmented CAPWAP packets are reassembled to reconstitute the original encapsulated payload. The CAPWAP protocol provides for the delivery of commands from the AC to the WTP for the management of stations that are communicating with the WTP. This may include the creation of local data structures in the WTP for the stations and the collection of statistical information about the communication between the WTP and the stations. The CAPWAP protocol provides a mechanism for the AC to obtain statistical information collected by the WTP. Calhoun, Editor, et al. Expires July 27, 2007 [Page 10] Internet-Draft CAPWAP Protocol Specification January 2007 The CAPWAP protocol provides for a keep alive feature that preserves the communication channel between the WTP and AC. If the AC fails to appear alive, the WTP will try to discover a new AC. 2.1. Wireless Binding Definition The CAPWAP protocol is independent of a specific WTP radio technology. Elements of the CAPWAP protocol are designed to accommodate the specific needs of each wireless technology in a standard way. Implementation of the CAPWAP protocol for a particular wireless technology must follow the binding requirements defined for that technology. When defining a binding for wireless technologies, the authors MUST include any necessary definitions for technology-specific messages and all technology-specific message elements for those messages. At a minimum, a binding MUST provide the definition for a binding- specific Statistics message element, carried in the WTP Event Request message, a message element carried in the Station Configure Request to configure STA information on the WTP, and a WTP Radio Information message element carried in the Discovery Request, Primary Discovery Request and and Join Request messages, indicating the binding specific radio types supported at the WTP. If technology specific message elements are required for any of the existing CAPWAP messages defined in this specification, they MUST also be defined in the technology binding document. The naming of binding-specific message elements MUST begin with the name of the technology type, e.g., the binding for IEEE 802.11, provided in [12], begins with "IEEE 802.11"." 2.2. CAPWAP Session Establishment Overview This section describes the session establishment process message exchanges in the ideal case. The annotated ladder diagram shows the AC on the right, the WTP on the left, and assumes the use of certificates for DTLS authentication. The CAPWAP Protocol State Machine is described in detail in Section 2.3. ============ ============ WTP AC ============ ============ [----------- begin optional discovery ------------] Discover Request ------> <------ Discover Response [----------- end optional discovery ------------] Calhoun, Editor, et al. Expires July 27, 2007 [Page 11] Internet-Draft CAPWAP Protocol Specification January 2007 (--- begin dtls handshake ---) ClientHello ------> <------ HelloVerifyRequest (with cookie) ClientHello ------> (with cookie) <------ ServerHello <------ Certificate <------ ServerHelloDone (WTP callout for AC authorization) Certificate* ClientKeyExchange CertificateVerify* [ChangeCipherSpec] Finished ------> (AC callout for WTP authorization) [ChangeCipherSpec] <------ Finished (--- DTLS session is established now ---) Join Request ------> <------ Join Response ( ---assume image is up to date ---) Configure Request -------> <------ Configure Response (--- enter RUN state ---) : : Echo Request -------> <------ Echo Response : : EventRequest -------> Calhoun, Editor, et al. Expires July 27, 2007 [Page 12] Internet-Draft CAPWAP Protocol Specification January 2007 <------ Event Response : : At the end of the illustrated CAPWAP message exchange, the AC and WTP are securely exchanging CAPWAP control messages. This is an idealized illustration, provided to clarify protocol operation. Section 2.3 provides a detailed description of the corresponding state machine. 2.3. CAPWAP State Machine Definition The following state diagram represents the lifecycle of a WTP-AC session. Use of DTLS by the CAPWAP protocol results in the juxtaposition of two nominally separate yet tightly bound state machines. The DTLS and CAPWAP state machines are coupled through an API consisting of commands (from CAPWAP to DTLS) and notifications (from DTLS to CAPWAP). Certain transitions in the DTLS state machine are triggered by commands from the CAPWAP state machine, while certain transitions in the CAPWAP state machine are triggered by notifications from the DTLS state machine. Calhoun, Editor, et al. Expires July 27, 2007 [Page 13] Internet-Draft CAPWAP Protocol Specification January 2007 /-------------------------\ w| | 5+----------+ x +------------+ | | Run |-->| Reset |-\| +----------+ +------------+ || u ^ ^ ^ y|| +------------+--------/ | | || | Data Check | /-------/ | || +------------+<-------\ | | || t| s| 4 o| || +--------+ +-----------+ +------------+ || | Join |---->| Configure |---->| Image Data | || +--------+ q +-----------+ r +------------+ || ^ p| || | \------------------------------------\ || \---------------------\ | || /--------------<----------------+---------------\ | || | /------------<-------------\ | | | || | | m| |n z| v vv | | +----------------+ +--------------+ +-----------+ | | | DTLS Setup | | DTLS Connect | | DTLS TD | | | +----------------+ +--------------+ +-----------+ | | g| ^ ^ |h ^ ^ v v | | | | | | | | | | | \-------\ | /-----------/ | | | | | | | | | | v |e f| 2 v |j |k | \->+------+ +------+ +-----------+ | | Idle |-->| Disc | | Authorize | \--->+------+ a +------+ +-----------+ b| ^ |c | | /----/ v d| | +---------+ | | Sulking |<-/ 3 +---------+ Figure 3: CAPWAP Integrated State Machine The CAPWAP protocol state machine, depicted above, is used by both the AC and the WTP. In cases where states are not shared (i.e. not implemented in one or the other of the AC or WTP), this is explicitly called out in the transition descriptions below. For every state defined, only certain messages are permitted to be sent and received. The CAPWAP control messages definitions specify the state(s) in which each message is valid. Calhoun, Editor, et al. Expires July 27, 2007 [Page 14] Internet-Draft CAPWAP Protocol Specification January 2007 2.3.1. CAPWAP Protocol State Transitions The following text discusses the various state transitions, and the events that cause them. This section does not discuss interactions between DTLS- and CAPWAP-specific states. Those interactions, as well as DTLS-specific states and transitions, are discussed in Section 2.3.2. Idle to Discovery (a): This transition occurs once device initialization is complete. WTP: The WTP enters the Discovery state prior to transmitting the first Discovery Request message (see Section 5.1). Upon entering this state, the WTP sets the DiscoveryInterval timer (see Section 4.6). The WTP resets the DiscoveryCount counter to zero (0) (see Section 4.7). The WTP also clears all information from ACs it may have received during a previous Discovery phase. AC: The AC does not maintain state information for the WTP upon reception of the Discovery Request message, but it SHOULD respond with a Discovery Response message (see Section 5.2). This transition is a no-op for the AC. Idle to Sulking (b): This transition occurs to force the WTP and AC to enter a quiet period to avoid repeatedly attempting to establish a connection. WTP: The WTP enters this state when the FailedDTLSSessionCount counter reaches MaxFailedDTLSSessionRetry variable (see Section 4.7). Upon entering this state, the WTP shall start the SilentInterval timer. While in the Sulking state, all received CAPWAP and DTLS protocol messages received shall be ignored. AC: The AC enters this state with the specific WTP when the FailedDTLSSessionCount counter reaches MaxFailedDTLSSessionRetry variable (see Section 4.7). Upon entering this state, the AC shall start the SilentInterval timer. While in the Sulking state, all received CAPWAP and DTLS protocol messages received from the WTP shall be ignored. Discovery to Discovery (2): In the Discovery state, the WTP determines which AC to connect to. Calhoun, Editor, et al. Expires July 27, 2007 [Page 15] Internet-Draft CAPWAP Protocol Specification January 2007 WTP: This transition occurs when the DiscoveryInterval timer expires. If the WTP is configured with a list of ACs, it transmits a Discovery Request message to every AC from which it has not received a Discovery Response message. For every transition to this event, the WTP increments the DiscoveryCount counter. See Section 5.1 for more information on how the WTP knows the ACs to which it should transmit the Discovery Request messages. The WTP restarts the DiscoveryInterval timer whenever it transmits Discovery Request messages. AC: This is a no-op. Discovery to Sulking (c): This transition occurs on a WTP when Discovery or connectivity to the AC fails. WTP: The WTP enters this state when the DiscoveryInterval timer expires or the DiscoveryCount variable is equal to the MaxDiscoveries variable (see Section 4.7). Upon entering this state, the WTP shall start the SilentInterval timer. While in the Sulking state, all received CAPWAP protocol messages received shall be ignored. AC: This is a no-op. Sulking to Idle (d): This transition occurs on a WTP when it must restart the discovery phase. WTP: The WTP enters this state when the SilentInterval timer (see Section 4.6) expires. The FailedDTLSSessionCount and DiscoveryCount counters are reset to zero. AC: The AC enters this state when the SilentInterval timer (see Section 4.6) expires. The FailedDTLSSessionCount and DiscoveryCount counters are reset to zero. Sulking to Sulking (3): The Sulking state provides the silent period, minimizing the possibility for Denial of service attacks. WTP: All packets received from the AC while in the sulking state are ignored. AC: All packets receive from the WTP while in the sulking state are ignored. Calhoun, Editor, et al. Expires July 27, 2007 [Page 16] Internet-Draft CAPWAP Protocol Specification January 2007 Idle to DTLS Setup (e): This transition occurs to establish a secure DTLS session with the peer. WTP: The WTP initiates this transition by invoking the DTLSStart command, which starts the DTLS session establishment with the chosen AC. This decision is performed via local configuration of the AC. AC: The AC initiates this transition by invoking the DTLSListen command, which informs the DTLS stack that it is willing to listen for an incoming session. The AC MAY provide optional qualifiers in the DTLSListen to only accept session requests from specific WTP. Discovery to DTLS Setup (f): This transition occurs to establish a secure DTLS session with the peer. WTP: The WTP initiates this transition by invoking the DTLSStart command (see Section 2.3.2.1), which starts the DTLS session establishment with the chosen AC. The decision of which AC to connect to is the result of the discovery phase, which is described in Section 3.2. AC: The AC initiates this transition by invoking the DTLSListen command (see Section 2.3.2.1), which informs the DTLS stack that it is willing to listen for an incoming session. The AC MAY have maintained state information when it received the Discovery Request in order to provide optional qualifiers in the DTLSListen command to only accept session requests from specific WTP. Note that maintaining state information based on an unsecured discovery request MAY lead to a Denial of Service attack. Therefore the AC SHOULD ensure that the state information is freed after a period, which is implementation specific. DTLS Setup to Idle (g): This transition occurs when the DTLS Session failed to be established. WTP: The WTP initiates this state transition when it receives a DTLSEstablishFail notification from DTLS (see Section 2.3.2.2). This error notification aborts the secure DTLS session establishment. When this transition occurs, the FailedDTLSSessionCount counter is incremented. AC: The WTP initiates this state transition when it receives a DTLSEstablishFail notification from DTLS (see Section 2.3.2.2). This error notification means a DTLS session was attempted with a WTP, but failed. The notification should include information Calhoun, Editor, et al. Expires July 27, 2007 [Page 17] Internet-Draft CAPWAP Protocol Specification January 2007 such as the offending WTP, and the reason for the failure. When this transition occurs, the FailedDTLSSessionCount counter is incremented. DTLS Setup to Authorize (h): This transition occurs an incoming DTLS session is being established, and the DTLS stack needs authorization to proceed with the session establishment. WTP: This state transition occurs when the WTP receives the DTLSPeerAuthorize notification (see Section 2.3.2.2). Upon entering this state, the WTP MAY perform an authorization check against the AC's credentials. The method by which this authorization is performed is outside the scope of the CAPWAP specification. AC: This state transition occurs when the AC receives the DTLSPeerAuthorize notification (see Section 2.3.2.2). Upon entering this state, the AC MAY perform an authorization check against the WTP's credentials. The method by which this authorization is performed is outside the scope of the CAPWAP specification. Authorize to DTLS Connect (j): This transition occurs to notify the DTLS stack that the session should be established. WTP: This state transition occurs when the WTP has either opted to forgo the authorization check of the AC's credentials, or the credentials were successfully authorized. This is done by invoking the DTLSAccept DTLS command (see Section 2.3.2.1). AC: This state transition occurs when the AC has either opted to forgo the authorization check of the WTP's credentials, or the credentials were successfully authorized. This is done by invoking the DTLSAccept DTLS command (see Section 2.3.2.1). Authorize to DTLS Teardown (k): This transition occurs to notify the DTLS stack that the session should be aborted. WTP: This state transition occurs when the WTP was unable to authorize the AC, via its credentials. The WTP then aborts the DTLS session, which is done by invoking DTLSAbortSession (see Section 2.3.2.1). AC: This state transition occurs when the AC was unable to authorize the WTP, via its credentials. The AC then aborts the DTLS session, which is done by invoking DTLSAbortSession (see Section 2.3.2.1). Calhoun, Editor, et al. Expires July 27, 2007 [Page 18] Internet-Draft CAPWAP Protocol Specification January 2007 DTLS Connect to Idle (m): This transition occurs when the DTLS Session failed to be established. WTP: This state transition occurs when the WTP receives the DTLSAborted notification (see Section 2.3.2.2), indicating that the DTLS session was not successfully established. When this notification is received, the FailedDTLSSessionCount counter is incremented. AC: This state transition occurs when the AC receives the DTLSAborted notification (see Section 2.3.2.2), indicating that the DTLS session was not successfully established. When this notification is received, the FailedDTLSSessionCount counter is incremented. DTLS Connect to Join (n): This transition occurs when the DTLS Session is successfully established. WTP: This state transition occurs when the WTP receives the DTLSEstablished notification (see Section 2.3.2.2), indicating that the DTLS session was successfully established. When this notification is received, the FailedDTLSSessionCount counter is set to zero. AC: This state transition occurs when the AC receives the DTLSEstablished notification (see Section 2.3.2.2), indicating that the DTLS session was successfully established. When this notification is received, the FailedDTLSSessionCount counter is set to zero. Join to DTLS Teardown (p): This transition occurs when the join process failed. WTP: This state transition occurs when the WTP receives a Join Response with a Result Code message element containing an error. This causes the WTP to initiate the DTLSShutdown command (see Section 2.3.2.1). AC: This state transition occurs when the AC transmits a Join Response with a Result Code message element containing an error. This causes the WTP to initiate the DTLSShutdown command (see Section 2.3.2.1). Join to Configure (g): This state transition is used by the WTP and the AC to exchange configuration information. Calhoun, Editor, et al. Expires July 27, 2007 [Page 19] Internet-Draft CAPWAP Protocol Specification January 2007 WTP: The WTP enters the Configure state when it successfully completes the Join operation. If it determines that its version number and the version number advertised by the AC are compatible, the WTP transmits the Configuration Status message (see Section 8.2) to the AC with a snapshot of its current configuration. The WTP also starts the ResponseTimeout timer (see Section 4.6). If the version numbers are not compatible, the WTP will immediately transition to Image Data state (see transition (g)). If the AC determines that a new firmware image should be installed on the WTP, the AC initiates a firmware download by sending an Image Data Request Message with an Initiate Download message element to the WTP AC: This state transition occurs immediately after the AC transmits the Join Response message to the WTP. If the AC receives the Configuration Status message from the WTP, the AC must transmit a Configuration Status Response message (see Section 8.3) to the WTP, and may include specific message elements to override the WTP's configuration. If the AC instead receives the Image Data Request from the WTP, it immediately transitions to the Image Data state (see transition (g)). Configure to Reset (s): This state transition is used to reset the connection either due to an error during the configuration phase, or when the WTP determines it needs to reset in order for the new configuration to take effect. WTP: The WTP enters the Reset state when it receives a Configuration Status Response indicating an error or when it determines that a reset of the WTP is required, due to the characteristics of a new configuration. AC: The AC transitions to the Reset state when it receives a Change State Event message from the WTP that contains an error for which the AC's policy does not permit the WTP providing service. Configure to Image Data (r): This state transition is used by the WTP and the AC to download executable firmware. WTP: The WTP enters the Image Data state when it successfully comletes DTLS session establishment, and determines that its version number and the version number advertised by the AC are different. The WTP transmits the Image Data Request (see Section 9.1) message requesting that a download of the AC's latest firmware be initiated. Calhoun, Editor, et al. Expires July 27, 2007 [Page 20] Internet-Draft CAPWAP Protocol Specification January 2007 AC: This state transition occurs when the AC receives the Image Data Request message from the WTP. The AC must transmit an Image Data Response message (see Section 9.2) to the WTP, which includes a portion of the firmware. Image Data to Image Data (4): The Image Data state is used by WTP and the AC during the firmware download phase. WTP: The WTP enters the Image Data state when it receives an Image Data Response message indicating that the AC has more data to send. AC: This state transition occurs when the AC receives the Image Data Request message from the WTP while already in the Image Data state, and it detects that the firmware download has not completed. Image Data to Reset (o): This state transition is used to reset the DTLS connection prior to restarting the WTP after an image download. WTP: When an image download completes, the WTP enters the Reset state. The WTP MAY also transition to this state upon receiving an Image Data Response from the AC (see Section 9.2) indicating a failure. AC: The AC enters the Reset state when the image download is complete, or if an error occurs during the image download process. Configure to Data Check (t): This state transition occurs when the WTP and AC confirm the configuration. WTP: The WTP enters this state when it receives a successful Configuration Status Response message from the AC. The WTP initializes the HeartBeat timer (see Section 4.6), and transmits the Change State Event Request message (see Section 8.7). AC: This state transition occurs when the AC receives the Change State Event Request message (see Section 8.7) from the WTP. The AC responds with a Change State Event Response (see Section 8.8) message. The AC must start the NeighborDeadInterval timer (see Section 4.6). Calhoun, Editor, et al. Expires July 27, 2007 [Page 21] Internet-Draft CAPWAP Protocol Specification January 2007 Data Check to Run (u): This state transition occurs once the linkage between the control and data channels has occured, which causes the WTP and AC to enter their normal state of operation. WTP: The WTP enters this state when it receives a successful Change State Event Response from the AC. The WTP initiates the data channel, which MAY require the establishment of a DTLS session, starts the DataChannelKeepAlive timer (see Section 4.6) and transmits a Data Channel Keep Alive (see Section 4.3.1). The WTP then starts the DataChannelDeadInterval timer (see Section 4.6). AC: This state transition occurs when the AC receives the Data Channel Keep Alive (see Section 4.3.1), whose Session ID message element matches the one included by the WTP in the Join Request. Note that if the AC's policy is to require the data channel to be encrypted, this process would also require the establishment of the data channel's DTLS session. Upon receiving the Data Channel Keep Alive, the AC transmits its own Data Channel Keep Alive. Run to DTLS Teardown (u): This state transition occurs when an error has occured in the DTLS stack, causing the DTLS session to be torndown. WTP: The WTP enters this state when it receives a one of the following DTLS notifications: DTLSAborted, DTLSReassemblyFailure, DTLSDecapFailure or DTLSPeerDisconnect (see Section 2.3.2.2). AC: The AC enters this state when it receives a one of the following DTLS notifications: DTLSAborted, DTLSReassemblyFailure, DTLSDecapFailure or DTLSPeerDisconnect (see Section 2.3.2.2). Run to Run (5): This is the normal state of operation. WTP: This is the WTP's normal state of operation. There are many events that result this state transition: Configuration Update: The WTP receives a Configuration Update Request message(see Section 8.5). The WTP MUST respond with a Configuration Update Response message (see Section 8.6). Change State Event: The WTP receives a Change State Event Response message, or determines that it must initiate a Change State Event Request message, as a result of a failure or change in the state of a radio. Calhoun, Editor, et al. Expires July 27, 2007 [Page 22] Internet-Draft CAPWAP Protocol Specification January 2007 Echo Request: The WTP receives an Echo Request message (see Section 7.1), to which it MUST respond with an Echo Response message(see Section 7.2). Clear Config Request: The WTP receives a Clear Configuration Request message (see Section 8.9). The WTP MUST reset its configuration back to manufacturer defaults. WTP Event: The WTP generates a WTP Event Request message to send information to the AC (see Section 9.5). The WTP receives a WTP Event Response message from the AC (see Section 9.6). Data Transfer: The WTP generates a Data Transfer Request message to the AC (see Section 9.7). The WTP receives a Data Transfer Response message from the AC (see Section 9.8). Station Configuration Request: The WTP receives a Station Config Request message (see Section 10.1), to which it MUST respond with a Station Config Response message (see Section 10.2). AC: This is the AC's normal state of operation: Configuration Update: The AC sends a Configuration Update Request message (see Section 8.5) to the WTP to update its configuration. The AC receives a Configuration Update Response message (see Section 8.6) from the WTP. Change State Event: The AC receives a Change State Event Request message (see Section 8.7), to which it MUST respond with the Change State Event Response message (see Section 8.8). Echo: The AC sends an Echo Request message Section 7.1 or receives the corresponding Echo Response message, see Section 7.2 from the WTP. Clear Config Response: The AC receives a Clear Configuration Response message (see Section 8.10). Station Config: The AC sends a Station Configuration Request message (see Section 10.1) or receives the corresponding Station Configuration Response message (see Section 10.2) from the WTP. Calhoun, Editor, et al. Expires July 27, 2007 [Page 23] Internet-Draft CAPWAP Protocol Specification January 2007 Data Transfer: The AC receives a Data Transfer Request message from the AC (see Section 9.7) and MUST generate a corresponding Data Transfer Response message (see Section 9.8). WTP Event: The AC receives a WTP Event Request message from the AC (see Section 9.5) and MUST generate a corresponding WTP Event Response message (see Section 9.6). Run to Reset (x): This state transition is used when the AC or WTP wish to tear down the connection. This may occur as part of normal operation, or due to error conditions. WTP: The WTP enters the Reset state when it receives a Reset Request from the AC. AC: The AC enters the reset state when it transmits a Reset Request to the WTP. Reset to DTLS Teardown (y): This transition occurs when the CAPWAP reset is complete to terminate the DTLS session. WTP: This state transition occurs when the WTP receives a Reset Response. This causes the WTP to initiate the DTLSShutdown command (see Section 2.3.2.1). AC: This state transition occurs when the AC transmits a Reset Response. This causes the WTP to initiate the DTLSShutdown command (see Section 2.3.2.1). DTLS Teardown to Idle (z): This transition occurs when the DTLS session has been shutdown. WTP: This state transition occurs when the WTP receives a DTLSPeerDisconnect notification (see Section 2.3.2.2). AC: This state transition occurs when the AC receives a DTLSPeerDisconnect notification (see Section 2.3.2.2). 2.3.2. CAPWAP/DTLS Interface This section describes the DTLS Commands used by CAPWAP, as well as the notifications received from DTLS to the CAPWAP protocol stack. 2.3.2.1. CAPWAP to DTLS Commands Four commands are defined for the CAPWAP to DTLS API. These "commands" are conceptual, and may be implemented as one or more Calhoun, Editor, et al. Expires July 27, 2007 [Page 24] Internet-Draft CAPWAP Protocol Specification January 2007 function calls. This API definition is provided to clarify interactions between the DTLS and CAPWAP components of the integrated CAPWAP state machine. Below is a list of the minimal command API: o DTLSStart is sent to the DTLS module to cause a DTLS session to be established. Upon invoking the DTLSStart command, the WaitDTLS timer is started. The WTP is the only CAPWAP device that initiates this DTLS command, as the AC does not initiate DTLS sessions. o DTLSListen is sent to the DTLS module to allow the DTLS to listen for incoming DTLS session requests. o DTLSAccept is sent to the DTLS module to allow the DTLS session establishment to continue successfully. o DTLSAbortSession is sent to the DTLS module to cause the session that is in the process of being established, to be aborted. This command is also sent when the WaitDTLS timer expires. When this command is executed, the FailedDTLSSessionCount counter is incremented. o DTLSShutdown is sent to the DTLS module to cause session teardown. 2.3.2.2. DTLS to CAPWAP Notifications DTLS notifications are defined for the DTLS to CAPWAP API. These "notifications" are conceptual, and may be implemented in numerous ways (e.g. as function return values). This API definition is provided to clarify interactions between the DTLS and CAPWAP components of the integrated CAPWAP state machine. It is important to note that the notifications listed below MAY cause the CAPWAP state machine to jump from one state to another using a state transition not listed in section Section 2.3.1. When a notification listed below occurs, the target CAPWAP state shown in Figure 3 becomes the current state. Below is a list of the API notifications: o DTLSIncomingSession is sent to the CAPWAP protocol stack during the DTLS session establishment once the peer's identity has been received. This notification MAY be used by the CAPWAP protocol stack in order to authorize the session, based on the peer's identity. The authorization process will lead to the CAPWAP protocol stack initiating either the DTLSAccept or DTLSAbortSession commands. Calhoun, Editor, et al. Expires July 27, 2007 [Page 25] Internet-Draft CAPWAP Protocol Specification January 2007 o DTLSEstablished is sent to the CAPWAP module to indicate that that a secure channel now exists, using the parameters provided during the DTLS initialization process. When this notification is received, the FailedDTLSSessionCount counter is reset to zero. When this notification is received, the WaitDTLS is stopped. o DTLSEstablishFail is sent when the DTLS session establishment has failed, either due to a local error, or due to the peer rejecting the session establishment. When this notification is received, the FailedDTLSSessionCount counter is reset to zero. When this notification is received, the WaitDTLS is stopped. o DTLSAborted is sent to the CAPWAP module to indicate that session abort (as requested by CAPWAP) is complete; this occurs to confirm a DTLS session abort, or when the WaitDTLS timer expires. When this notification is received, the WaitDTLS is stopped. o DTLSReassemblyFailure may be sent to the CAPWAP module to indicate DTLS fragment reassembly failure. o DTLSDecapFailure may be sent to CAPWAP to indicate an decapsulation failure. DTLSDecapFailure may be sent to CAPWAP to indicate an encryption/authentication failure. o DTLSPeerDisconnect is sent to the CAPWAP module to indicate the DTLS session has been torn down. Note that this notification is only received if the DTLS session has been established. 2.4. Use of DTLS in the CAPWAP Protocol DTLS is used as a tightly-integrated, secure wrapper for the CAPWAP protocol. In this document DTLS and CAPWAP are discussed as nominally distinct entitites; however they are very closely coupled, and may even be implemented inseparably. Since there are DTLS library implementations currently available, and since security protocols (e.g. IPsec, TLS) are often implemented in widely available acceleration hardware, it is both convenient and forward- looking to maintain a modular distinction in this document. This section describes a detailed walk-through of the interactions between the DTLS module and the CAPWAP module, via 'commands' (CAPWAP to DTLS) and 'notifications' (DTLS to CAPWAP) as they would be encountered during the normal course of operation. 2.4.1. DTLS Handshake Processing Details of the DTLS handshake process are specified in [9]. This section describes the interactions between the DTLS session Calhoun, Editor, et al. Expires July 27, 2007 [Page 26] Internet-Draft CAPWAP Protocol Specification January 2007 establishment process and the CAPWAP protocol. Note that the conceptual DTLS state is shown below to help understand the point at which the DTLS states transition. In the normal case, the DTLS handshake will proceed as follows (NOTE: this example uses certificates, but preshared keys are also supported): ============ ============ WTP AC ============ ============ ClientHello ------> <------ HelloVerifyRequest (with cookie) ClientHello ------> (with cookie) <------ ServerHello <------ Certificate <------ ServerHelloDone (WTP callout for AC authorization occurs in CAPWAP Auth state) Certificate* ClientKeyExchange CertificateVerify* [ChangeCipherSpec] Finished ------> (AC callout for WTP authorization occurs in CAPWAP Auth state) [ChangeCipherSpec] <------ Finished DTLS, as specified, provides its own retransmit timers with an exponential back-off. However, it will never terminate the handshake due to non-responsiveness; rather, it will continue to increase its back-off timer period. Hence, timing out incomplete DTLS handshakes is entirely the responsiblity of the CAPWAP protocol. Calhoun, Editor, et al. Expires July 27, 2007 [Page 27] Internet-Draft CAPWAP Protocol Specification January 2007 2.4.2. DTLS Session Establishment The WTP, either through the Discovery process, or through pre- configuration, determines the AC to connect to. The WTP uses the DTLSStart command to request that a secure connection be established to the selected AC. Prior to initiation of the DTLS handshake, the WTP sets the WaitDTLS timer. Upon receiving the DTLSIncomingSession DTLS notification, the AC sets the WaitDTLS timer. If the DTLSEstablished notification is not received prior to timer expiration, the DTLS session is aborted by issuing the DTLSAbortSession DTLS command. This notification causes the CAPWAP state to transition back to the Idle state. Upon receiving a DTLSEstablished notification, the WaitDTLS timer is deactivated. 2.4.3. DTLS Error Handling If the AC does not respond to any DTLS messages sent by the WTP, the DTLS specification calls for the WTP to retransmit these messages. If the WaitDTLS timer expires, CAPWAP will issue the DTLSAbortSession command, causing DTLS to terminate the handshake and remove any allocated session context. Note that DTLS MAY send a single TLS Alert message to the AC to indicate session termination. If the WTP does not respond to any DTLS messages sent by the AC, the CAPWAP protocol allows for three possiblities, listed below. Note that DTLS MAY send a single TLS Alert message to the AC to indicate session termination. o The message was lost in transit; in this case, the WTP will re- transmit its last outstanding message, since it did not receive the reply. o The WTP sent a DTLS Alert, which was lost in transit; in this case, the AC's WaitDTLS timer will expire, and the session will be terminated. o Communication with the WTP has completely failed; in this case, the AC's WaitDTLS timer will expire, and the session will be terminated. The DTLS specification provides for retransmission of unacknowledged requests. If retransmissions remain unacknowledged, the WaitDTLS timer will eventually expire, at which time the CAPWAP module will terminate the session. If a cookie fails to validate, this could represent a WTP error, or it could represent a DoS attack. Hence, AC resource utilization SHOULD be minimized. The AC MAY log a message indicating the Calhoun, Editor, et al. Expires July 27, 2007 [Page 28] Internet-Draft CAPWAP Protocol Specification January 2007 failure, but SHOULD NOT attempt to reply to the WTP. Since DTLS handshake messages are potentially larger than the maximum record size, DTLS supports fragmenting of handshake messages across multiple records. There are several potential causes of re-assembly errors, including overlapping and/or lost fragments. The DTLS module MUST send a DTLSReassemblyFailure notification to CAPWAP. Whether precise information is given along with notification is an implementation issue, and hence is beyond the scope of this document. Upon receipt of such an error, the CAPWAP protocol implementation SHOULD log an appropriate error message. Whether processing continues or the DTLS session is terminated is implementation dependent. DTLS decapsulation errors consist of three types: decryption errors, and authentication errors, and malformed DTLS record headers. Since DTLS authenticates the data prior to encapsulation, if decryption fails, it is difficult to detect this without first attempting to authenticate the packet. If authentication fails, a decryption error is also likely, but not guaranteed. Rather than attempt to derive (and require the implementation of) algorithms for detecting decryption failures, these are reported as authentication failures. The DTLS module MUST provide a DTLSDecapFailure notification to CAPWAP when such errors occur. If a malformed DTLS record header is detected, the packets SHOULD be silently discarded, and the receiver MAY log an error message. There is currently only one encapsulation error defined: MTU exceeeded. As part of DTLS session establishment, CAPWAP informs DTLS of the MTU size. This may be dynamically modified at any time when CAPWAP sends the DTLSMtuUpdate command to DTLS. DTLS returns this notification to CAPWAP whenever a transmission request will result in a packet which exceeds the MTU. 2.4.4. DTLS EndPoint Authentication DTLS supports endpoint authentication with certificates or preshared keys. The TLS algorithm suites for each endpoint authentication method are described below. 2.4.4.1. Authenticating with Certificates Note that only block ciphers are currently recommended for use with DTLS. To understand the reasoning behind this, see [14]. However, support for AES counter mode encryption is currently progressing in the TLS working group, and once protocol identifiers are available, they will be added below. At present, the following algorithms MUST be supported when using certificates for CAPWAP authentication: Calhoun, Editor, et al. Expires July 27, 2007 [Page 29] Internet-Draft CAPWAP Protocol Specification January 2007 o TLS_RSA_WITH_AES_128_CBC_SHA o TLS_RSA_WITH_3DES_EDE_CBC_SHA The following algorithms SHOULD be supported when using certificates: o TLS_DH_RSA_WITH_AES_128_CBC_SHA o TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA The following algorithms MAY be supported when using certificates: o TLS_RSA_WITH_AES_256_CBC_SHA o TLS_DH_RSA_WITH_AES_256_CBC_SHA 2.4.4.2. Authenticating with Preshared Keys Pre-shared keys present significant challenges from a security perspective, and for that reason, their use is strongly discouraged. However, [6] defines several different methods for authenticating with preshared keys, and we focus on the following two: o PSK key exchange algorithm - simplest method, ciphersuites use only symmetric key algorithms o DHE_PSK key exchange algorithm - use a PSK to authenticate a Diffie-Hellman exchange. These ciphersuites give some additional protection against dictionary attacks and also provide Perfect Forward Secrecy (PFS). The first approach (plain PSK) is susceptible to passive dictionary attacks; hence, while this alorithm MUST be supported, special care should be taken when choosing that method. In particular, user- readable passphrases SHOULD NOT be used, and use of short PSKs SHOULD be strongly discouraged. The following cryptographic algorithms MUST be supported when using preshared keys: o TLS_PSK_WITH_AES_128_CBC_SHA o TLS_PSK_WITH_3DES_EDE_CBC_SHA o TLS_DHE_PSK_WITH_AES_128_CBC_SHA o TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA Calhoun, Editor, et al. Expires July 27, 2007 [Page 30] Internet-Draft CAPWAP Protocol Specification January 2007 The following algorithms MAY be supported when using preshared keys: o TLS_PSK_WITH_AES_256_CBC_SHA o TLS_DHE_PSK_WITH_AES_256_CBC_SHA 2.4.4.3. Certificate Usage When using certificates, both authentication and authorization must be considered. Section 12.3 provides recommendations on how to authenticate a certificate and bind that to a CAPWAP entity. This section deals with certificate authorization. Certificate authorization by the AC and WTP is required so that only an AC may perform the functions of an AC and that only a WTP may perform the functions of a WTP. This restriction of functions to the AC or WTP requires that the certificates used by the AC MUST be distinguishable from the certificate used by the WTP. To accomplish this differentiation, the x.509 certificates MUST include the Extended Key Usage (EKU) certificate extension [4]. The EKU field indicates one or more purposes for which a certificate may be used. It is an essential part in authorization. Its syntax is as follows: ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId KeyPurposeId ::= OBJECT IDENTIFIER Here we define two KeyPurposeId values, one for the WTP and one for the AC. Inclusion of one of those two values indicates a certificate is authorized for use by a WTP or AC, respectively. These values are formatted as id-kp fields. id-kp OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) 3 } id-kp-capwapWTP OBJECT IDENTIFIER ::= { id-kp 19 } id-kp-capwapAC OBJECT IDENTIFIER ::= { id-kp 18 } For an AC, the id-kp-capwapAC EKU MUST be present in the certificate. For a WTP, the id-kp-capwapWTP EKU MUST be present in the certificate. Part of the CAPWAP certificate validation process includes ensuring Calhoun, Editor, et al. Expires July 27, 2007 [Page 31] Internet-Draft CAPWAP Protocol Specification January 2007 that the proper EKU is included and only allowing the CAPWAP session to be established if the extension properly represents the device. Calhoun, Editor, et al. Expires July 27, 2007 [Page 32] Internet-Draft CAPWAP Protocol Specification January 2007 3. CAPWAP Transport The CAPWAP protocol uses UDP as a transport, and can be used with IPv4 or IPv6. This section details the specifics of how the CAPWAP protocol works in conjunction with IP. 3.1. UDP Transport Communication between a WTP and an AC is established according to the standard UDP client/server model. One of the CAPWAP requirements is to allow a WTP to reside behind a firewall and/or Network Address Translation (NAT) device. Since the connection is initiated by the WTP (client) to the well-known UDP port of the AC (server), the use of UDP is a logical choice. CAPWAP protocol control packets sent between the WTP and the AC use well known UDP port [to be IANA assigned]. CAPWAP protocol data packets sent between the WTP and the AC use UDP port [to be IANA assigned]. 3.2. AC Discovery A WTP and an AC will frequently not reside in the same IP subnet (broadcast domain). When this occurs, the WTP must be capable of discovering the AC, without requiring that multicast services are enabled in the network. This section describes how AC discovery is performed by WTPs. As the WTP attempts to establish communication with an AC, it sends the Discovery Request message and receives the corresponding response message from the AC(s). The WTP must send the Discovery Request message to either the limited broadcast IP address (255.255.255.255), a well known multicast address or to the unicast IP address of the AC. Upon receipt of the Discovery Request message, the AC issues a Discovery Response message to the unicast IP address of the WTP, regardless of whether the Discovery Request message was sent as a broadcast, multicast or unicast message. WTP use of a limited IP broadcast, multicast or unicast IP address is implementation dependent. When a WTP transmits a Discovery Request message to a unicast address, the WTP must first obtain the IP address of the AC. Any static configuration of an AC's IP address on the WTP non-volatile storage is implementation dependent. However, additional dynamic schemes are possible, for example: Calhoun, Editor, et al. Expires July 27, 2007 [Page 33] Internet-Draft CAPWAP Protocol Specification January 2007 DHCP: A comma delimited ASCII encoded list of AC IP addresses is embedded in the DHCP code number TBD. An example of the actual format of the vendor specific payload for IPv4 is of the form "10.1.1.1, 10.1.1.2". DNS: The DNS name "CAPWAP-AC-Address" MAY be resolvable to one or more AC addresses. 3.3. Fragmentation/Reassembly While fragmentation and reassembly services are provided by IP, the CAPWAP protocol also provides such services. Environments where the CAPWAP protocol is used involve firewall, Network Address Translation (NAT) and "middle box" devices, which tend to drop IP fragments in order to minimize possible Denial of Service attacks. By providing fragmentation and reassembly at the application layer, any fragmentation required due to the tunneling component of the CAPWAP protocol becomes transparent to these intermediate devices. Consequently, the CAPWAP protocol is not impacted by any network configurations. Calhoun, Editor, et al. Expires July 27, 2007 [Page 34] Internet-Draft CAPWAP Protocol Specification January 2007 4. CAPWAP Packet Formats This section contains the CAPWAP protocol packet formats. A CAPWAP protocol packet consists of a CAPWAP Transport Layer packet header followed by a CAPWAP message. The CAPWAP message can be either of type Control or Data, where Control packets carry signaling, and Data packets carry user payloads. The CAPWAP frame formats for CAPWAP Data packets, and for DTLS encapsulated CAPWAP Data and Control packets. See section Section 3.1 for more information on the use of UDP. The CAPWAP Control protocol includes two messages that are never protected by DTLS. These messages, called the Discovery Request and Discovery Response, need to be in the clear in order for the CAPWAP protocol to properly identify and process them. The format of these packets are as follows: CAPWAP Control Packet (Discovery Request/Response): +---------------------------------------------------+ | IP | UDP | CAPWAP |CAPWAP | Control | Message | | Hdr | Hdr | p-amble|Header | Header | Element(s) | +---------------------------------------------------+ All other CAPWAP control protocol messages MUST be protected via the DTLS protocol, which ensures that the packets are both authenticated and encrypted. The format of these packets are as follows: CAPWAP Control Packet (DTLS Security Required): +------------------------------------------------------------------+ | IP | UDP | CAPWAP | DTLS | CAPWAP | Control | Message | DTLS | | Hdr | Hdr | p-amble| Hdr | Header | Header | Element(s) | Trlr | +------------------------------------------------------------------+ \----------- authenticated ------------/ \------------- encrypted -------------/ The CAPWAP protocol allows optional encryption of the data frames, once again using the DTLS protocol. Whether or not the data frames are encrypted is a matter of policy, which is described in a later section of this specification. The format of these packets is as follows: Calhoun, Editor, et al. Expires July 27, 2007 [Page 35] Internet-Draft CAPWAP Protocol Specification January 2007 CAPWAP Plain Text Data Packet : +-----------------------------------------+ | IP | UDP | CAPWAP | CAPWAP | Wireless | | Hdr | Hdr | p-amble| Header | Payload | +-----------------------------------------+ DTLS Secured CAPWAP Data Packet: +------------------------------------------------------+ | IP | UDP | CAPWAP | DTLS | CAPWAP | Wireless | DTLS | | Hdr | Hdr | p-amble| Hdr | Hdr | Payload | Trlr | +------------------------------------------------------+ \----- authenticated -----/ \------- encrypted --------/ UDP: All CAPWAP packets are encapsulated within UDP. Section Section 3.1 defines the specific UDP usage. CAPWAP preamble: All CAPWAP protocol packets are prefixed with the preable header, which is used to identify the frame type that follows. This header, is defined in Section 4.1. DTLS Header: The DTLS header provides authentication and encrytion services to the CAPWAP payload it encapsulates. This protocol is defined in RFC 4347 [9]. CAPWAP Header: All CAPWAP protocol packets use a common header that immediately follows the UDP header. This header, is defined in Section 4.2. Wireless Payload: A CAPWAP protocol packet that contains a wireless payload is known as a data frame. The CAPWAP protocol does not dictate the format of the wireless payload, which is defined by the appropriate wireless standard. Additional information is in Section 4.3. Control Header: The CAPWAP protocol includes a signalling component, known as the CAPWAP control protocol. All CAPWAP control packets include a Control Header, which is defined in Section 4.4.1. Message Elements: A CAPWAP Control packet includes one or more message elements, which are found immediately following the control header. These message elements are in a Type/Length/value style header, defined in Section 4.5. Calhoun, Editor, et al. Expires July 27, 2007 [Page 36] Internet-Draft CAPWAP Protocol Specification January 2007 4.1. CAPWAP preamble The CAPWAP preamble header is used to help identify the payload type that immediately follows. The reason for this header to is avoid needing the perform byte comparisons in order to guess whether the frame is DTLS encrypted or not. The format of the frame is as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Version| Type | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Version: A 4 bit field which contains the version of CAPWAP used in this packet. The value for this draft is zero (0). Payload Type: A 4 bit field which specifies the payload type that follows the preamble header. The following values are supported: 0 - Clear text. If the packet is received on the data UDP port, the CAPWAP stack MUST treat this as a clear text CAPWAP data packet. If received on the control UDP port, the CAPWAP stack MUST treat this as a clear text CAPWAP control packet. If the control packet is not a Discovery Request or Response packet, it is illegal and MUST be dropped. 1 - DTLS Payload. The packet is either a DTLS packet and MAY be a data or control packet, based on the UDP port it was received on (see section Section 3.1). Reserved: The 24-bit field is reserved for future use. All implementations complying with this protocol MUST set to zero any bits that are reserved in the version of the protocol supported by that implementation. Receivers MUST ignore all bits not defined for the version of the protocol they support. 4.2. CAPWAP Header All CAPWAP protocol messages are encapsulated using a common header format, regardless of the CAPWAP control or CAPWAP Data transport used to carry the messages. However, certain flags are not applicable for a given transport. Refer to the specific transport section in order to determine which flags are valid. Note that the optional fields defined in this section MUST be present in the precise order shown below. Calhoun, Editor, et al. Expires July 27, 2007 [Page 37] Internet-Draft CAPWAP Protocol Specification January 2007 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Version| RID | HLEN | WBID |T|F|L|W|M|K| Flags | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Fragment ID | Frag Offset |Rsvd | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | (optional) Radio MAC Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | (optional) Wireless Specific Information | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Payload .... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Version: A 4 bit field which contains the version of CAPWAP used in this packet. The value of this field MUST match the version field set in the CAPWAP preamble header (see Section 4.1). The reason for this duplicate field is to avoid any possible tampering of the version field in the preamble header which is not encrypted or authenticated. RID: A 5 bit field which contains the Radio ID number for this packet. WTPs with multiple radios but a single MAC Address range use this field to indicate which radio is associated with the packet. HLEN: A 5 bit field containing the length of the CAPWAP transport header in 4 byte words (Similar to IP header length). This length includes the optional headers. WBID: A 5 bit field which is the wireless binding identifier. The identifier will indicate the type of wireless packet type associated with the radio. The following values are defined: 1 - IEEE 802.11 2 - IEEE 802.16 3 - EPCGlobal T: The Type 'T' bit indicates the format of the frame being transported in the payload. When this bit is set to one (1), the payload has the native frame format indicated by the WBID field. When this bit is zero (0) the payload is an IEEE 802.3 frame. Calhoun, Editor, et al. Expires July 27, 2007 [Page 38] Internet-Draft CAPWAP Protocol Specification January 2007 F: The Fragment 'F' bit indicates whether this packet is a fragment. When this bit is one (1), the packet is a fragment and MUST be combined with the other corresponding fragments to reassemble the complete information exchanged between the WTP and AC. L: The Last 'L' bit is valid only if the 'F' bit is set and indicates whether the packet contains the last fragment of a fragmented exchange between WTP and AC. When this bit is 1, the packet is the last fragment. When this bit is 0, the packet is not the last fragment. W: The Wireless 'W' bit is used to specify whether the optional wireless specific information field is present in the header. A value of one (1) is used to represent the fact that the optional header is present. M: The M bit is used to indicate that the Radio MAC Address optional header is present. This is used to communicate the MAC address of the receiving radio when the native wireless packet. This field MUST NOT be set to one in packets sent by the AC to the WTP. K: The 'Keep-alive' K bit indicates the packet is a data channel keep-alive packet. This packet is used to map the data channel to the control channel for the specified Session ID and to maintain freshness of the Data Channel. The K bit MUST NOT be set for data packets containing user data. Flags: A set of reserved bits for future flags in the CAPWAP header. All implementations complying with this protocol MUST set to zero any bits that are reserved in the version of the protocol supported by that implementation. Receivers MUST ignore all bits not defined for the version of the protocol they support. Fragment ID: An 16 bit field whose value is assigned to each group of fragments making up a complete set. The fragment ID space is managed individually for every WTP/AC pair. The value of Fragment ID is incremented with each new set of fragments. The Fragment ID wraps to zero after the maximum value has been used to identify a set of fragments. Fragment Offset: A 13 bit field that indicates where in the payload will this fragment belong during re-assembly. This field is valid when the 'F' bit is set to 1. The fragment offset is measured in units of 8 octets (64 bits). The first fragment has offset zero. Note the CAPWAP protocol does not allow for overlapping fragments. For instance, fragment 0 would include offset 0 with a payload length of 1000, while fragment 1 include offset 900 with a payload length of 600. Calhoun, Editor, et al. Expires July 27, 2007 [Page 39] Internet-Draft CAPWAP Protocol Specification January 2007 Reserved: The 3-bit field is reserved for future use. All implementations complying with this protocol MUST set to zero any bits that are reserved in the version of the protocol supported by that implementation. Receivers MUST ignore all bits not defined for the version of the protocol they support. Radio MAC Address: This optional field contains the MAC address of the radio receiving the packet. This is useful in packets sent from the WTP to the AC, when the native wireless frame format is converted to 802.3 by the WTP. This field is only present if the 'M' bit is set. Given the HLEN field assumes 4 byte alignment, this field MUST be padded with zeroes (0x00) if it is not 4 byte aligned. The field contains the basic format: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Length | MAC Address +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Length: The number of bytes in the MAC Address field. The length field is present since some technologies (e.g., IEEE 802.16) are now using 64 bit MAC addresses. MAC Address: The MAC Address of the receiving radio. Wireless Specific Information: This optional field contains technology specific information that may be used to carry per packet wireless information. This field is only present if the 'W' bit is set. Given the HLEN field assumes 4 byte alignment, this field MUST be padded with zeroes (0x00) if it is not 4 byte aligned. The field contains the basic format: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Wireless ID | Length | Data +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Wireless ID: The wireless binding identifier. The following values are defined: Calhoun, Editor, et al. Expires July 27, 2007 [Page 40] Internet-Draft CAPWAP Protocol Specification January 2007 1 - : IEEE 802.11 IEEE 802.16 EPCGlobal Length: The length of the data field Data: Wireless specific information, defined by the wireless specific binding. Payload: This field contains the header for a CAPWAP Data Message or CAPWAP Control Message, followed by the data associated with that message. 4.3. CAPWAP Data Messages There are two different types of CAPWAP data messages; keepalive and user payload. The first is used by the WTP to synchronize the control and data channels, as well as to maintain freshness of the data channel. The second is used to transmit user payloads between the AC and WTP. This section will detail both types of CAPWAP data messages. Both CAPWAP data messages are transmitted on the data channel UDP port. 4.3.1. CAPWAP Data Keepalive The CAPWAP data keepalive is used to bind the CAPWAP control channel with the data channel. The keep alive is also used to maintain freshness of the data channel, meaning ensuring the channel is still in functioning. The CAPWAP Data Keepalive is transmitted by the WTP when the DataChannelKeepAlive timer expires. When the CAPWAP Data Keepalive is transmitted, the WTP sets the DataChannelDeadInterval timer. All of the fields in the CAPWAP header, other than the HLEN and K bit, are set to zero upon transmission. Upon receiving a CAPWAP Data Keepalive, the AC transmits a CAPWAP Data Keepalive message back to the WTP. The contents of the CAPWAP message is assumed to be identical to the one received. Upon receiving a CAPWAP Data Keepalive, the WTP cancels the DataChannelDeadInterval timer and resets the DataChannelKeepAlive timer. The CAPWAP Data Keepalive is retranmitted by the WTP in the same manner as the CAPWAP control messages. If the DataChannelDeadInterval timer expires the WTP tears down the control Calhoun, Editor, et al. Expires July 27, 2007 [Page 41] Internet-Draft CAPWAP Protocol Specification January 2007 DTLS session, as well as the data DTLS session if one existed. The CAPWAP Data Keepalive contains the following payload immediately following the CAPWAP Header (see Section 4.2) 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Msg Element Length | Msg Element [0..N] ... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Message Element Length: The Length field indicates the number of bytes following the CAPWAP Header. Message Element[0..N]: The message element(s) carry the information pertinent to each of the CAPWAP Data Keepalive message. The following message elements MUST be present in this CAPWAP message: Session ID, see Section 4.5.33 4.3.2. Station Data Payloads A CAPWAP protocol data message encapsulates a forwarded wireless frame. The CAPWAP protocol defines two different modes of encapsulation; IEEE 802.3 and native wireless. IEEE 802.3 encapsulation requires that the bridging function be performed in the WTP. An IEEE 802.3 encapsulated user payload frame has the following format: +------------------------------------------------------+ | IP Header | UDP Header | CAPWAP Header | 802.3 Frame | +------------------------------------------------------+ The CAPWAP protocol also defines the native wireless encapsulation mode. The actual format of the encapsulated CAPWAP data frame is subject to the rules defined under the specific wireless technology binding. As a consequence, each wireless technology binding MUST define a section entitled "Payload encapsulation", which defines the format of the wireless payload that is encapsulated within the CAPWAP Data messages. In the event that the encapsulated frame would exceed the transport layer's MTU, the sender is responsible for the fragmentation of the frame, as specified in Section 3.3. Calhoun, Editor, et al. Expires July 27, 2007 [Page 42] Internet-Draft CAPWAP Protocol Specification January 2007 4.4. CAPWAP Control Messages The CAPWAP Control protocol provides a control channel between the WTP and the AC. Control messages are divided into the following distinct message types: Discovery: CAPWAP Discovery messages are used to identify potential ACs, their load and capabilities. Join: CAPWAP Join messages are used to for a WTP to request service from an AC, and for the AC to respond to the WTP. Control Channel Management: CAPWAP control channel management messages are used to maintain the control channel. WTP Configuration Management: The WTP Configuration messages are used by the AC to push a specific configuration to the WTP. Messages which provide retrieval of statistics from the WTP also fall in this category. Station Session Management: Station session management messages are used by the AC to push specific Station policies to the WTP. Device Management Operations: Device management operations are used to request and deliver a firmware image to the WTP. Binding Specific CAPWAP Management Frames: Messages in this category are used by the AC and the WTP to exchange protocol-specific CAPWAP management messages. These messages may or may not be used to change the link state of a station. Discovery, Join, Control Message Management, WTP Configuration Management and Station Session Management CAPWAP control messages MUST be implemented. Device Operations Management messages MAY be implemented. CAPWAP control messages sent from the WTP to the AC indicate that the WTP is operational, providing an implicit keep-alive mechanism for the WTP. The Control Channel Management Echo Request and Echo Response messages provide an explicit keep-alive mechanism when other CAPWAP control messages are not exchanged. 4.4.1. Control Message Format All CAPWAP control messages are sent encapsulated within the CAPWAP header (see Section 4.2). Immediately following the CAPWAP header, is the control header, which has the following format: Calhoun, Editor, et al. Expires July 27, 2007 [Page 43] Internet-Draft CAPWAP Protocol Specification January 2007 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Message Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Seq Num | Msg Element Length | Flags | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Msg Element [0..N] ... +-+-+-+-+-+-+-+-+-+-+-+-+ 4.4.1.1. Message Type The Message Type field identifies the function of the CAPWAP control message. The Message Type field is comprised of an IANA Enterprise Number and an enterprise specific message type number. The first three octets is the enterprise number in network byte order, with zero being used for CAPWAP generic message types and the IEEE 802.11 IANA assigned enterprise number 13277 being used for IEEE 802.11 technology specific message types. The last octet is the enterprise specific message type number, which has a range from 0 to 255. The message type field can be expressed as: Message Type = IANA Enterprise Number * 256 + enterprise specific message type number The valid values for base CAPWAP Message Types are given in the table below: Calhoun, Editor, et al. Expires July 27, 2007 [Page 44] Internet-Draft CAPWAP Protocol Specification January 2007 CAPWAP Control Message Message Type Value Discovery Request 1 Discovery Response 2 Join Request 3 Join Response 4 Configuration Status 5 Configuration Status Response 6 Configuration Status Acknowledge ??? CAPWAP Control Message Message Type Value Discovery Request 1 Discovery Response 2 Join Request 3 Join Response 4 Configuration Status 5 Configuration Status Response 6 Configuration Status Acknowledge ??? 4.4.1.2. Sequence Number The Sequence Number Field is an identifier value to match request and response packet exchanges. When a CAPWAP packet with a request message type is received, the value of the sequence number field is copied into the corresponding response packet. When a CAPWAP control message is sent, its internal sequence number counter is monotonically incremented, ensuring that no two requests pending have the same sequence number. This field will wrap back to zero. 4.4.1.3. Message Element Length The Length field indicates the number of bytes following the Sequence Number field. 4.4.1.4. Flags The Flags field MUST be set to zero. 4.4.1.5. Message Element[0..N] The message element(s) carry the information pertinent to each of the control message types. Every control message in this specification specifies which message elements are permitted. Calhoun, Editor, et al. Expires July 27, 2007 [Page 45] Internet-Draft CAPWAP Protocol Specification January 2007 4.4.2. Control Message Quality of Service It is recommended that CAPWAP control messages be sent by both the AC and the WTP with an appropriate Quality of Service precedence value, ensuring that congestion in the network minimizes occurrences of CAPWAP control channel disconnects. Therefore, a Quality of Service enabled CAPWAP device should use the following values: 802.1P: The precedence value of 7 SHOULD be used. DSCP: The DSCP tag value of 46 SHOULD be used. 4.5. CAPWAP Protocol Message Elements This section defines the CAPWAP Protocol message elements which are included in CAPWAP protocol control messages. Message elements are used to carry information needed in control messages. Every message element is identified by the Type field, whose numbering space is defined below. The total length of the message elements is indicated in the Message Element Length field. All of the message element definitions in this document use a diagram similar to the one below in order to depict its format. Note that in order to simplify this specification, these diagrams do not include the header fields (Type and Length). The header field values are defined in the Message element descriptions. Note that unless otherwise specified, a control message that lists a set of supported (or expected) message elements MUST not expect the message elements to be in any specific order. The sender may order the message elements as convenient. Furthermore, unless specifically noted, any individual message element may exist one or more times within a given control message. Additional message elements may be defined in separate IETF documents. The format of a message element uses the TLV format shown here: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value ... | +-+-+-+-+-+-+-+-+ Calhoun, Editor, et al. Expires July 27, 2007 [Page 46] Internet-Draft CAPWAP Protocol Specification January 2007 Where Type (16 bit) identifies the character of the information carried in the Value field and Length (16 bits) indicates the number of bytes in the Value field. Type field values are allocated as follows: Usage Type Values CAPWAP Protocol Message Elements 1-1023 IEEE 802.11 Message Elements 1024-2047 IEEE 802.16 Message Elements 2048 - 3071 EPCGlobal Message Elements 3072 - 4095 Reserved for Future Use 4096 - 65024 The table below lists the CAPWAP protocol Message Elements and their Type values. Calhoun, Editor, et al. Expires July 27, 2007 [Page 47] Internet-Draft CAPWAP Protocol Specification January 2007 CAPWAP Message Element Type Value AC Descriptor 1 AC IPv4 List 2 AC IPv6 List 3 AC Name 4 AC Name with Index 5 AC Timestamp 6 Add MAC ACL Entry 7 Add Station 8 Add Static MAC ACL Entry 9 CAPWAP Control IPV4 Address 10 CAPWAP Control IPV6 Address 11 CAPWAP Timers 12 Data Transfer Data 13 Data Transfer Mode 14 Decryption Error Report 15 Decryption Error Report Period 16 Delete MAC ACL Entry 17 Delete Station 18 Delete Static MAC ACL Entry 19 Discovery Type 20 Duplicate IPv4 Address 21 Duplicate IPv6 Address 22 Idle Timeout 23 Image Data 24 Image Filename 25 Initiate Download 26 Location Data 27 MTU Discovery Padding 28 Radio Administrative State 29 Radio Operational State 30 Result Code 31 Returned Message Element 46 Session ID 32 Statistics Timer 33 Vendor Specific Payload 34 WTP Board Data 35 WTP Descriptor 36 WTP Fallback 37 WTP Frame Tunnel Mode 38 WTP IPv4 IP Address 39 WTP MAC Type 40 WTP Name 41 WTP Operational Statistics 42 WTP Radio Statistics 43 WTP Reboot Statistics 44 WTP Static IP Address Information 45 Calhoun, Editor, et al. Expires July 27, 2007 [Page 48] Internet-Draft CAPWAP Protocol Specification January 2007 4.5.1. AC Descriptor The AC payload message element is used by the AC to communicate it's current state. The value contains the following fields. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Stations | Limit | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Active WTPs | Max WTPs | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Security | R-MAC Field |Wireless Field | DTLS Policy | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Vendor Identifier | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type=4 | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Vendor Identifier | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type=5 | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 1 for AC Descriptor Length: >= 12 Stations: The number of stations currently associated with the AC Limit: The maximum number of stations supported by the AC Active WTPs: The number of WTPs currently attached to the AC Max WTPs: The maximum number of WTPs supported by the AC Security: A 8 bit bit mask specifying the authentication credential type supported by the AC. The following values are supported (see Section 2.4.4): 1 - X.509 Certificate Based Calhoun, Editor, et al. Expires July 27, 2007 [Page 49] Internet-Draft CAPWAP Protocol Specification January 2007 2 - Pre-Shared Secret R-MAC Field: The AC supports the optional Radio MAC Address field in the CAPWAP transport Header (see Section 4.2). Wireless Field: The AC supports the optional Wireless Specific Information field in the CAPWAP Header (see Section 4.2). DTLS Policy: The AC communicates its policy on the use of DTLS for the CAPWAP data channel. The AC MAY communicate more than one supported option, represented by the bit field below. The WTP MUST abide by one of the options communicated by AC. The following bit field values are supported: 1 - Clear Text Data Channel Supported 2 - DTLS Enabled Data Channel Supported Vendor Identifier: A 32-bit value containing the IANA assigned "SMI Network Management Private Enterprise Codes" Type: Vendor specific encoding of AC information. The following values are supported. The Hardware and Software Version values MUST be included. 4 - Hardware Version: The AC's hardware version number. 5 - Software Version: The AC's Firmware version number. Length: Length of vendor specific encoding of AC information. Value: Vendor specific encoding of AC information. 4.5.2. AC IPv4 List The AC IPv4 List message element is used to configure a WTP with the latest list of ACs available for the WTP to join. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | AC IP Address[] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Calhoun, Editor, et al. Expires July 27, 2007 [Page 50] Internet-Draft CAPWAP Protocol Specification January 2007 Type: 2 for AC List Length: 4 The AC IP Address: An array of 32-bit integers containing an AC's IPv4 Address. 4.5.3. AC IPv6 List The AC IPv6 List message element is used to configure a WTP with the latest list of ACs available for the WTP to join. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | AC IP Address[] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | AC IP Address[] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | AC IP Address[] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | AC IP Address[] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 3 for AC IPV6 List Length: 16 The AC IP Address: An array of 32-bit integers containing an AC's IPv6 Address. 4.5.4. AC Name The AC name message element contains an UTF-8 representation of the AC's identity. The value is a variable length byte string. The string is NOT zero terminated. 0 0 1 2 3 4 5 6 7 +-+-+-+-+-+-+-+-+ | Name ... +-+-+-+-+-+-+-+-+ Calhoun, Editor, et al. Expires July 27, 2007 [Page 51] Internet-Draft CAPWAP Protocol Specification January 2007 Type: 4 for AC Name Length: > 0 Name: A variable length UTF-8 encoded string containing the AC's name 4.5.5. AC Name with Index The AC Name with Index message element is sent by the AC to the WTP to configure preferred ACs. The number of instances where this message element would be present is equal to the number of ACs configured on the WTP. 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Index | AC Name... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 5 for AC Name with Index Length: > 2 Index: The index of the preferred server (e.g., 1=primary, 2=secondary). AC Name: A variable length UTF-8 encoded string containing the AC's name. 4.5.6. AC Timestamp The AC Timestamp message element is sent by the AC to synchronize the WTP's clock. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Timestamp | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 6 for AC Timestamp Length: 4 Calhoun, Editor, et al. Expires July 27, 2007 [Page 52] Internet-Draft CAPWAP Protocol Specification January 2007 Timestamp: The AC's current time, allowing all of the WTPs to be time synchronized in the format defined by Network Time Protocol (NTP) in RFC 1305 [3]. 4.5.7. Add MAC ACL Entry The Add MAC Access Control List (ACL) Entry message element is used by an AC to add a MAC ACL list entry on a WTP, ensuring that the WTP no longer provides any service to the MAC addresses provided in the message. The MAC Addresses provided in this message element are not expected to be saved in non-volatile memory on the WTP. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Num of Entries| MAC Address[] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MAC Address[] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 7 for Add MAC ACL Entry Length: >= 7 Num of Entries: The number of MAC Addresses in the array. MAC Address: An array of MAC Addresses to add to the ACL. 4.5.8. Add Station The Add Station message element is used by the AC to inform a WTP that it should forward traffic for a particular station. The Add Station message element will be accompanied by technology specific binding information element which may include security parameters. Consequently, the security parameters must be applied by the WTP for the particular station. Once a station's policy has been pushed to the WTP through this message element, an AC may change any policies by simply sending a modified Add Station message element. When a WTP receives an Add Station message element for an existing station, it must override any existing state it may have for the station in question. The latest Add Station message element data overrides any previously received messages. Calhoun, Editor, et al. Expires July 27, 2007 [Page 53] Internet-Draft CAPWAP Protocol Specification January 2007 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | MAC Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MAC Address | VLAN Name... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 8 for Add Station Length: >= 7 Radio ID: An 8-bit value representing the radio MAC Address: The station's MAC Address VLAN Name: An optional variable length UTF-8 encoded string containing the VLAN Name on which the WTP is to locally bridge user data. Note this field is only valid with WTPs configured in Local MAC mode. 4.5.9. Add Static MAC ACL Entry The Add Static MAC ACL Entry message element is used by an AC to add a permanent ACL entry on a WTP, ensuring that the WTP no longer provides any service to the MAC addresses provided in the message. The MAC Addresses provided in this message element are expected to be saved in non-volative memory on the WTP. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Num of Entries| MAC Address[] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MAC Address[] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 9 for Add Static MAC ACL Entry Length: >= 7 Num of Entries: The number of MAC Addresses in the array. MAC Address: An array of MAC Addresses to add to the permanent ACL. Calhoun, Editor, et al. Expires July 27, 2007 [Page 54] Internet-Draft CAPWAP Protocol Specification January 2007 4.5.10. CAPWAP Control IPv4 Address The CAPWAP Control IPv4 Address message element is sent by the AC to the WTP during the discovery process and is used by the AC to provide the interfaces available on the AC, and the current number of WTPs connected. In the event that multiple CAPWAP Control IPV4 Address message elements are returned, the WTP is expected to perform load balancing across the multiple interfaces. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IP Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | WTP Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 10 for CAPWAP Control IPv4 Address Length: 6 IP Address: The IP Address of an interface. WTP Count: The number of WTPs currently connected to the interface. 4.5.11. CAPWAP Control IPv6 Address The CAPWAP Control IPv6 Address message element is sent by the AC to the WTP during the discovery process and is used by the AC to provide the interfaces available on the AC, and the current number of WTPs connected. This message element is useful for the WTP to perform load balancing across multiple interfaces. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IP Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IP Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IP Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IP Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | WTP Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Calhoun, Editor, et al. Expires July 27, 2007 [Page 55] Internet-Draft CAPWAP Protocol Specification January 2007 Type: 11 for CAPWAP Control IPv6 Address Length: 18 IP Address: The IP Address of an interface. WTP Count: The number of WTPs currently connected to the interface. 4.5.12. CAPWAP Timers The CAPWAP Timers message element is used by an AC to configure CAPWAP timers on a WTP. 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Discovery | Echo Request | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 12 for CAPWAP Timers Length: 2 Discovery: The number of seconds between CAPWAP Discovery packets, when the WTP is in the discovery mode. Echo Request: The number of seconds between WTP Echo Request CAPWAP messages. The default value for this message element can be found in Section 4.6.6. 4.5.13. Data Transfer Data The Data Transfer Data message element is used by the WTP to provide information to the AC for debugging purposes. 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Data Type | Data Length | Data .... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 13 for Data Transfer Data Length: >= 3 Calhoun, Editor, et al. Expires July 27, 2007 [Page 56] Internet-Draft CAPWAP Protocol Specification January 2007 Data Type: An 8-bit value the type of information being sent. The following values are supported: 1 - WTP Crash Data 2 - WTP Memory Dump Data Length: Length of data field. Data: Debug information. 4.5.14. Data Transfer Mode The Data Transfer Mode message element is used by the WTP to indicate the type of data transfer information it is sending to the AC for debugging purposes. 0 0 1 2 3 4 5 6 7 +-+-+-+-+-+-+-+-+ | Data Type | +-+-+-+-+-+-+-+-+ Type: 14 for Data Transfer Mode Length: 1 Data Type: An 8-bit value the type of information being requested. The following values are supported: 1 - WTP Crash Data 2 - WTP Memory Dump 4.5.15. Decryption Error Report The Decryption Error Report message element value is used by the WTP to inform the AC of decryption errors that have occurred since the last report. Note that this error reporting mechanism is not used if encryption and decryption services are provided via the AC. 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID |Num Of Entries | Station MAC Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Station MAC Address[] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Calhoun, Editor, et al. Expires July 27, 2007 [Page 57] Internet-Draft CAPWAP Protocol Specification January 2007 Type: 15 for Decryption Error Report Length: >= 8 Radio ID: The Radio Identifier, which typically refers to an interface index on the WTP Num Of Entries: An 8-bit unsigned integer indicating the number of station MAC addresses. Station MAC Address: An array of station MAC addresses that have caused decryption errors. 4.5.16. Decryption Error Report Period The Decryption Error Report Period message element value is used by the AC to inform the WTP how frequently it should send decryption error report messages. 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | Report Interval | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 16 for Decryption Error Report Period Length: 3 Radio ID: The Radio Identifier, typically refers to some interface index on the WTP Report Interval: A 16-bit unsigned integer indicating the time, in seconds. The default value for this message element can be found in Section 4.7.7. 4.5.17. Delete MAC ACL Entry The Delete MAC ACL Entry message element is used by an AC to delete a MAC ACL entry on a WTP, ensuring that the WTP provides service to the MAC addresses provided in the message. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Num of Entries| MAC Address[] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MAC Address[] | Calhoun, Editor, et al. Expires July 27, 2007 [Page 58] Internet-Draft CAPWAP Protocol Specification January 2007 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 17 for Delete MAC ACL Entry Length: >= 7 Num of Entries: The number of MAC Addresses in the array. MAC Address: An array of MAC Addresses to delete from the ACL. 4.5.18. Delete Station The Delete Station message element is used by the AC to inform an WTP that it should no longer provide service to a particular station. The WTP must terminate service immediately upon receiving this message element. The transmission of a Delete Station message element could occur for various reasons, including for administrative reasons, as a result of the fact that the station has roamed to another WTP, etc. The Delete Station message element MAY be sent by the WTP, through the WTP Event Request, to inform the AC that a particular station is no longer being provided service. This could occur as a result of an Idle Timeout (see section 4.4.43), due to internal resource shortages or for some other reason. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | MAC Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MAC Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 18 for Delete Station Length: 7 Radio ID: An 8-bit value representing the radio MAC Address: The station's MAC Address 4.5.19. Delete Static MAC ACL Entry The Delete Static MAC ACL Entry message element is used by an AC to delete a previously added static MAC ACL entry on a WTP, ensuring that the WTP provides service to the MAC addresses provided in the Calhoun, Editor, et al. Expires July 27, 2007 [Page 59] Internet-Draft CAPWAP Protocol Specification January 2007 message. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Num of Entries| MAC Address[] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MAC Address[] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 19 for Delete Static MAC ACL Entry Length: >= 7 Num of Entries: The number of MAC Addresses in the array. MAC Address: An array of MAC Addresses to delete from the static MAC ACL entry. 4.5.20. Discovery Type The Discovery Type message element is used by the WTP to indicate how it has come to know about the existence of the AC, to which it is sending the Discovery Request message. 0 0 1 2 3 4 5 6 7 +-+-+-+-+-+-+-+-+ | Discovery Type| +-+-+-+-+-+-+-+-+ Type: 20 for Discovery Type Length: 1 Discovery Type: An 8-bit value indicating how the WTP discovered the AC . The following values are supported: 0 - Unknown 1 - Static Configuration 2 - DHCP 3 - DNS Calhoun, Editor, et al. Expires July 27, 2007 [Page 60] Internet-Draft CAPWAP Protocol Specification January 2007 4 - AC Referral 4.5.21. Duplicate IPv4 Address The Duplicate IPv4 Address message element is used by a WTP to inform an AC that it has detected another IP device using the same IP address it is currently using. The WTP shall transmit this message element after it has detected a duplicate IP address. The WTP will consider the condition cleared once it has successfully received a frame from the AC. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IP Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MAC Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MAC Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 21 for Duplicate IPv4 Address Length: 10 IP Address: The IP Address currently used by the WTP. MAC Address: The MAC Address of the offending device. 4.5.22. Duplicate IPv6 Address The Duplicate IPv6 Address message element is used by a WTP to inform an AC that it has detected another host using the same IP address it is currently using. The WTP shall transmit this message element after it has detected a duplicate IP address. The WTP will consider the condition cleared once it has successfully received a frame from the AC. Calhoun, Editor, et al. Expires July 27, 2007 [Page 61] Internet-Draft CAPWAP Protocol Specification January 2007 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IP Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IP Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IP Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IP Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MAC Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MAC Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 22 for Duplicate IPv6 Address Length: 22 IP Address: The IP Address currently used by the WTP. MAC Address: The MAC Address of the offending device. 4.5.23. Idle Timeout The Idle Timeout message element is sent by the AC to the WTP to provide it with the idle timeout that it should enforce on its active station entries. The value applies for all radios on the WTP. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Timeout | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 23 for Idle Timeout Length: 4 Timeout: The current idle timeout to be enforced by the WTP. The default value for this message element can be found in Section 4.7.4. Calhoun, Editor, et al. Expires July 27, 2007 [Page 62] Internet-Draft CAPWAP Protocol Specification January 2007 4.5.24. Image Data The image data message element is present in the Image Data Request message sent by the AC and contains the following fields. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Opcode | Checksum | Image Data | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Image Data ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 24 for Image Data Length: >= 4 (allows 0 length element if last data unit is 1024 bytes) Opcode: An 8-bit value representing the transfer opcode. The following values are supported: 3 - Image data is included 5 - An error occurred. Transfer is aborted Checksum: A 16-bit value containing a checksum of the image data that follows. The checksum field is the 16 bit one's complement of the one's complement sum of all 16 bit words in the header. For purposes of computing the checksum, the value of the checksum field is zero. Image Data: The Image Data field contains 1024 characters, unless the payload being sent is the last one (end of file). If the last block was 1024 in length, an Image Data with a zero length payload is sent. 4.5.25. Image Filename The image filename message element is sent by the WTP to the AC and is used to initiate the firmware download process. This message element contains the image filename, which the AC subsequently transfers to the WTP via the Image Data message element. The value is a variable length UTF-8 encoded string, which is NOT zero terminated. Calhoun, Editor, et al. Expires July 27, 2007 [Page 63] Internet-Draft CAPWAP Protocol Specification January 2007 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Filename ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 25 for Image Filename Length: >= 1 Filename: A variable length UTF-8 encoded string containing the filename to download. 4.5.26. Initiate Download The Initiate Download message element is used by the AC to inform the WTP that it should initiate a firmware upgrade. This is performed by having the WTP initiate its own Image Data Request, with the Image Download message element. This message element does not contain any data. Type: 24 for Initiate Download Length: 0 4.5.27. Location Data The Location Data message element is a variable length byte UTF-8 encoded string containing user defined location information (e.g. "Next to Fridge"). This information is configurable by the network administrator, and allows for the WTP location to be determined through this field. The string is not zero terminated. 0 0 1 2 3 4 5 6 7 +-+-+-+-+-+-+-+-+- | Location ... +-+-+-+-+-+-+-+-+- Type: 27 for Location Data Length: > 0 Location: A non-zero terminated UTF-8 encoded string containing the WTP location. Calhoun, Editor, et al. Expires July 27, 2007 [Page 64] Internet-Draft CAPWAP Protocol Specification January 2007 4.5.28. MTU Discovery Padding The MTU Discovery Padding message element is used as padding to perform MTU discovery, and MUST contain octets of value 0xFF, of any length 0 0 1 2 3 4 5 6 7 +-+-+-+-+-+-+-+-+ | Padding... +-+-+-+-+-+-+-+- Type: 28 for MTU Discovery Padding Length: variable Pad: A variable length pad. 4.5.29. Radio Administrative State The radio administrative state message element is used to communicate the state of a particular radio. The configuration of the Radio Administrative State is sent by the AC to change the state of the WTP, which saves the value to ensure its effect remains across WTP resets. The WTP communicates this message element during the configuration phase to ensure that AC has the WTP radio's current administrative state settings. The value contains the following fields. 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | Admin State | Cause | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 29 for Administrative State Length: 2 Radio ID: An 8-bit value representing the radio to configure. The Radio ID field may also include the value of 0xff, which is used to identify the WTP itself. Therefore, if an AC wishes to change the administrative state of a WTP, it would include 0xff in the Radio ID field. Calhoun, Editor, et al. Expires July 27, 2007 [Page 65] Internet-Draft CAPWAP Protocol Specification January 2007 Admin State: An 8-bit value representing the administrative state of the radio. The default value for the Admin State field is listed in section Section 4.7.1. The following values are supported: 1 - Enabled 2 - Disabled Cause: In the event of a radio being inoperable, the cause field would contain the reason the radio is out of service. The following values are supported: 0 - Normal 1 - Radio Failure 2 - Software Failure 3 - Radar Detection 4.5.30. Radio Operational State The Radio Operational State message element is sent by the WTP to the AC to communicate a change in the operational state of a radio. For instance, if the WTP were to detect that a hardware failure existed with a radio, which caused the radio to be taken offline, the WTP would indicate this event to the AC via the message element. The AC MAY also send this message element to change the operational state of a specific radio. Note that the operational state setting is not saved on the WTP, and therefore does not remain across WTP resets. The value contains two fields, as shown. 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | State | Cause | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 30 for Radio Operational State Length: 3 Radio ID: The Radio Identifier, typically refers to some interface index on the WTP. A value of 0xFF is invalid, as it is not possible to change the WTP's operational state. Calhoun, Editor, et al. Expires July 27, 2007 [Page 66] Internet-Draft CAPWAP Protocol Specification January 2007 State: An 8-bit boolean value representing the state of the radio. A value of one disables the radio, while a value of two enables it. Cause: In the event of a radio being inoperable, the cause field would contain the reason the radio is out of service. The following values are supported: 0 - Normal 1 - Radio Failure 2 - Software Failure 3 - Administratively Set 4.5.31. Result Code The Result Code message element value is a 32-bit integer value, indicating the result of the request operation corresponding to the sequence number in the message. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Result Code | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 31 for Result Code Length: 4 Result Code: The following values are defined: 0 Success 1 Failure (AC List message element MUST be present) 2 Success (NAT detected) 3 Failure (unspecified) 4 Failure (Join Failure, Resource Depletion) 5 Failure (Join Failure, Unknown Source) Calhoun, Editor, et al. Expires July 27, 2007 [Page 67] Internet-Draft CAPWAP Protocol Specification January 2007 6 Failure (Join Failure, Incorrect Data) 7 Failure (Join Failure, Session ID already in use) 8 Failure (Join Failure, WTP Hardware not supported) 9 Failure (Unable to Reset) 10 Failure (Unable to Apply Requested Configuration - Service Provided Anyhow) 11 Failure (Unable to Apply Requested Configuration - Service Not Provided) 12 Image Data Error (Invalid Checksum) 13 Image Data Error (Invalid Data Length) 14 Image Data Error (Other Error) 4.5.32. Returned Message Element The Returned Message Element is sent by the WTP within the Change State Event Request in order to communicate to the AC which message elements in the Configuration Status Response it was unable to apply locally. The Returned Message Element contains a result code that is used to indicate the reason why the configuration could not be applied, and encapsulates the offending message element. 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Reason | Message Element... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Reason: The reason why the configuration in the offending message element could not be applied by the WTP 1 - Unknown Message Element 2 - Unsupported Message Element 3 - Unknown Message Element Value 4 - Unsupported Message Element Value Calhoun, Editor, et al. Expires July 27, 2007 [Page 68] Internet-Draft CAPWAP Protocol Specification January 2007 Message Element: The Message Element field encapsulates the message element sent by the AC in the Configuration Status Response message that caused the error. 4.5.33. Session ID The session ID message element value contains a randomly generated unsigned 32-bit integer. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Session ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Session ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Session ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Session ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 32 for Session ID Length: 16 Session ID: A 16 octet random session identifier 4.5.34. Statistics Timer The statistics timer message element value is used by the AC to inform the WTP of the frequency which it expects to receive updated statistics. 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Statistics Timer | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 33 for Statistics Timer Length: 2 Statistics Timer: A 16-bit unsigned integer indicating the time, in seconds. The default value for this timer can be found in section Section 4.6.14. Calhoun, Editor, et al. Expires July 27, 2007 [Page 69] Internet-Draft CAPWAP Protocol Specification January 2007 4.5.35. Vendor Specific Payload The Vendor Specific Payload is used to communicate vendor specific information between the WTP and the AC. The value contains the following format: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Vendor Identifier | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Element ID | Value... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 34 for Vendor Specific Length: >= 7 Vendor Identifier: A 32-bit value containing the IANA assigned "SMI Network Management Private Enterprise Codes" [13] Element ID: A 16-bit Element Identifier which is managed by the vendor. Value: The value associated with the vendor specific element. 4.5.36. WTP Board Data The WTP Board Data message element is sent by the WTP to the AC and contains information about the hardware present. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Vendor Identifier | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type=0 | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type=1 | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Optional additional vendor specific WTP board data TLVs Calhoun, Editor, et al. Expires July 27, 2007 [Page 70] Internet-Draft CAPWAP Protocol Specification January 2007 Type: 35 for WTP Board Data Length: >=14 Vendor Identifier: A 32-bit value containing the IANA assigned "SMI Network Management Private Enterprise Codes" Type: The following values are supported: 0 - WTP Model Number: The WTP Model Number MUST be included in the WTP Board Data message element. 1 - WTP Serial Number: The WTP Serial Number MUST be included in the WTP Board Data message element. 2 - Board ID: A hardware identifier, which MAY be included in the WTP Board Data mesage element. 3 - Board Revision A revision number of the board, which MAY be included in the WTP Board Data message element. 4.5.37. WTP Descriptor The WTP descriptor message element is used by a WTP to communicate it's current hardware/firmware configuration. The value contains the following fields. Calhoun, Editor, et al. Expires July 27, 2007 [Page 71] Internet-Draft CAPWAP Protocol Specification January 2007 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Max Radios | Radios in use | Encryption Capabilities | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Vendor Identifier | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type=0 | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Vendor Identifier | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type=1 | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Vendor Identifier | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type=2 | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 36 for WTP Descriptor Length: >= 31 Max Radios: An 8-bit value representing the number of radios (where each radio is identified via the Radio ID, or RID, field) supported by the WTP Radios in use: An 8-bit value representing the number of radios present in the WTP Encryption Capabilities: This 16-bit field is used by the WTP to communicate it's capabilities to the AC. A WTP that does not have any encryption capabilities sets this field to zero (0). Refer to the specific wireless binding for further specification of the Encryption Capabilities field. Vendor Identifier: A 32-bit value containing the IANA assigned "SMI Network Management Private Enterprise Codes" Calhoun, Editor, et al. Expires July 27, 2007 [Page 72] Internet-Draft CAPWAP Protocol Specification January 2007 Type: The following values are supported. The Hardware Version, Software Version, and Boot Version values MUST be included. 0 - Hardware Version: The WTP's hardware version number. 1 - Software Version: The WTP's Firmware version number. 2 - Boot Version: The WTP's boot loader's version number. Length: Length of vendor specific encoding of WTP information. Value: Vendor specific data of WTP information encoded in the UTF-8 format. 4.5.38. WTP Fallback The WTP Fallback message element is sent by the AC to the WTP to enable or disable automatic CAPWAP fallback in the event that a WTP detects its preferred AC, and is not currently connected to it. 0 0 1 2 3 4 5 6 7 +-+-+-+-+-+-+-+-+ | Mode | +-+-+-+-+-+-+-+-+ Type: 37 for WTP Fallback Length: 1 Mode: The 8-bit value indicates the status of automatic CAPWAP fallback on the WTP. When enabled, if the WTP detects that its primary AC is available, and it is not connected to it, it SHOULD automatically disconnect from its current AC and reconnect to its primary. If disabled, the WTP will only reconnect to its primary through manual intervention (e.g., through the Reset Request command). The default value for this field can be found in section Section 4.7.9. The following values are supported: 1 - Enabled 2 - Disabled 4.5.39. WTP Frame Tunnel Mode The WTP Frame Tunnel Mode message element allows the WTP to communicate the tunneling modes of operation which it supports to the AC. A WTP that advertises support for all types allows the AC to Calhoun, Editor, et al. Expires July 27, 2007 [Page 73] Internet-Draft CAPWAP Protocol Specification January 2007 select which type will be used, based on its local policy. 0 0 1 2 3 4 5 6 7 +-+-+-+-+-+-+-+-+ | Tunnel Mode | +-+-+-+-+-+-+-+-+ Type: 38 for WTP Frame Tunnel Mode Length: 1 Frame Tunnel Mode: The Frame Tunnel mode specifies the tunneling modes for station data which are supported by the WTP. The following values are supported: 1 - Local Bridging: When Local Bridging is used, the WTP does not tunnel user traffic to the AC; all user traffic is locally bridged. This value MUST NOT be used when the WTP MAC Type is set to Split-MAC. 2 - 802.3 Frame Tunnel Mode: The 802.3 Frame Tunnel Mode requires the WTP and AC to encapsulate all user payload as native IEEE 802.3 frames (see Section 4.3). All user traffic is tunneled to the AC. This value MUST NOT be used when the WTP MAC Type is set to Split-MAC. 4 - Native Frame Tunnel Mode: Native Frame Tunnel mode requires the WTP and AC to encapsulate all user payloads as native wireless frames, as defined by the wireless binding (see for example Section 4.3). 7 - All: The WTP is capable of supporting all frame tunnel modes. 4.5.40. WTP IPv4 IP Address The WTP IPv4 address is used to perform NAT detection. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | WTP IPv4 IP Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Calhoun, Editor, et al. Expires July 27, 2007 [Page 74] Internet-Draft CAPWAP Protocol Specification January 2007 Type: 39 for WTP IPv4 IP Address Length: 4 WTP IPv4 IP Address: The IPv4 address from which the WTP is sending packets. This field is used for NAT detection. 4.5.41. WTP MAC Type The WTP MAC-Type message element allows the WTP to communicate its mode of operation to the AC. A WTP that advertises support for both modes allows the AC to select the mode to use, based on local policy. 0 0 1 2 3 4 5 6 7 +-+-+-+-+-+-+-+-+ | MAC Type | +-+-+-+-+-+-+-+-+ Type: 40 for WTP MAC Type Length: 1 MAC Type: The MAC mode of operation supported by the WTP. The following values are supported 0 - Local-MAC: Local-MAC is the default mode that MUST be supported by all WTPs. 1 - Split-MAC: Split-MAC support is optional, and allows the AC to receive and process native wireless frames. 2 - Both: WTP is capable of supporting both Local-MAC and Split- MAC. 4.5.42. WTP Name The WTP Name message element is a variable length byte UTF-8 encoded string. The string is not zero terminated. 0 0 1 2 3 4 5 6 7 +-+-+-+-+-+-+-+-+- | WTP Name ... +-+-+-+-+-+-+-+-+- Calhoun, Editor, et al. Expires July 27, 2007 [Page 75] Internet-Draft CAPWAP Protocol Specification January 2007 Type: 41 for WTP Name Length: variable WTP Name: A non-zero terminated UTF-8 encoded string containing the WTP name. 4.5.43. WTP Operational Statistics The WTP Operational Statistics message element is sent by the WTP to the AC to provide statistics related to the operation of the WTP. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | Tx Queue Level | Wireless Link Frames per Sec | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 42 for WTP Operational Statistics Length: 4 Radio ID: The radio ID of the radio to which the statistics apply. Wireless Transmit Queue Level: The percentage of Wireless Transmit queue utilization, calaculated as the sum of utilized transmit queue lengths divided by the sum of maximum transmit queue lengths, multiplied by 100. The Wireless Transmit Queue Level is representative of congestion conditions over wireless interfaces between the WTP and wireless terminals. Wireless Link Frames per Sec: The number of frames transmitted or received per second by the WTP over the air interface. 4.5.44. WTP Radio Statistics The WTP Radio Statistics message element is sent by the WTP to the AC to communicate statistics on radio behavior and reasons why the WTP radio has been reset. Calhoun, Editor, et al. Expires July 27, 2007 [Page 76] Internet-Draft CAPWAP Protocol Specification January 2007 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | Last Fail Type| Reset Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | SW Failure Count | HW Failure Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Other Failure Count | Unknown Failure Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Config Update Count | Channel Change Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Band Change Count | Current Noise Floor | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 43 for WTP Radio Statistics Length: 20 Radio ID: The radio ID of the radio to which the statistics apply. Last Failure Type: The last WTP failure. The following values are supported: 0 - Statistic Not Supported 1 - Software Failure 2 - Hardware Failure 3 - Other Failure 255 - Unknown (e.g., WTP doesn't keep track of info) Reset Count: The number of times that that the radio has been reset. SW Failure Count: The number of times that the radio has failed due to software related reasons. HW Failure Count: The number of times that the radio has failed due to hardware related reasons. Other Failure Count: The number of times that the radio has failed due to known reasons, other than software or hardware failure. Calhoun, Editor, et al. Expires July 27, 2007 [Page 77] Internet-Draft CAPWAP Protocol Specification January 2007 Unknown Failure Count: The number of times that the radio has failed for unknown reasons. Config Update Count: The number of times that the radio configuration has been updated. Channel Change Count: The number of times that the radio channel has been changed. Band Change Count: The number of times that the radio has changed frequency bands. Current Noise Floor: A signed integer which indicates the noise floor of the radio receiver in units of dBm. 4.5.45. WTP Reboot Statistics The WTP Reboot Statistics message element is sent by the WTP to the AC to communicate reasons why WTP reboots have occurred. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Reboot Count | AC Initiated Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Link Failure Count | SW Failure Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | HW Failure Count | Other Failure Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Unknown Failure Count |Last Failure Type| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 44 for WTP Reboot Statistics Length: 15 Reboot Count: The number of reboots that have occurred due to a WTP crash. A value of 65535 implies that this information is not available on the WTP. AC Initiated Count: The number of reboots that have occurred at the request of a CAPWAP protocol message, such as a change in configuration that required a reboot or an explicit CAPWAP protocol reset request. A value of 65535 implies that this information is not available on the WTP. Calhoun, Editor, et al. Expires July 27, 2007 [Page 78] Internet-Draft CAPWAP Protocol Specification January 2007 Link Failure Count: The number of times that a CAPWAP protocol connection with an AC has failed due to link failure. SW Failure Count: The number of times that a CAPWAP protocol connection with an AC has failed due to software related reasons. HW Failure Count: The number of times that a CAPWAP protocol connection with an AC has failed due to hardware related reasons. Other Failure Count: The number of times that a CAPWAP protocol connection with an AC has failed due to known reasons, other than AC initiated, link, SW or HW failure. Unknown Failure Count: The number of times that a CAPWAP protocol connection with an AC has failed for unknown reasons. Last Failure Type: The failure type of the most recent WTP failure. The following values are supported: 0 - Not Supported 1 - AC Initiated (see Section 9.3) 2 - Link Failure 3 - Software Failure 4 - Hardware Failure 5 - Other Failure 255 - Unknown (e.g., WTP doesn't keep track of info) 4.5.46. WTP Static IP Address Information The WTP Static IP Address Information message element is used by an AC to configure or clear a previously configured static IP address on a WTP. Calhoun, Editor, et al. Expires July 27, 2007 [Page 79] Internet-Draft CAPWAP Protocol Specification January 2007 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IP Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Netmask | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Gateway | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Static | +-+-+-+-+-+-+-+-+ Type: 45 for WTP Static IP Address Information Length: 13 IP Address: The IP Address to assign to the WTP. This field is only valid if the static field is set to one. Netmask: The IP Netmask. This field is only valid if the static field is set to one. Gateway: The IP address of the gateway. This field is only valid if the static field is set to one. Netmask: The IP Netmask. This field is only valid if the static field is set to one. Static: An 8-bit boolean stating whether the WTP should use a static IP address or not. A value of zero disables the static IP address, while a value of one enables it. 4.6. CAPWAP Protocol Timers A WTP or AC that implements CAPWAP discovery MUST implement the following timers. 4.6.1. DataChannelKeepAlive The minimum time, in seconds, between sending data channel keep-alive packets to the AC with which the WTP has joined. The default value is 30 seconds. 4.6.2. DataChannelDeadInterval The minimum time, in seconds, a WTP MUST wait without having received data channel keep-alive packets before the destination for the data channel keep-alive packets may be considered dead. Must be no less Calhoun, Editor, et al. Expires July 27, 2007 [Page 80] Internet-Draft CAPWAP Protocol Specification January 2007 than 2*DataChannelKeepAlive seconds and no greater that 240 seconds. Default: 5 4.6.3. DiscoveryInterval The minimum time, in seconds, that a WTP MUST wait after receiving a Discovery Response, before initiating a DTLS handshake. Default: 5 4.6.4. DTLSRehandshake The minimum time, in seconds, a WTP MUST wait for DTLS rehandshake to complete. Default: 10 4.6.5. DTLSSessionDelete The minimum time, in seconds, a WTP MUST wait for DTLS session deletion. Default: 5 4.6.6. EchoInterval The minimum time, in seconds, between sending echo requests to the AC with which the WTP has joined. Default: 30 4.6.7. KeyLifetime The maximum time, in seconds, which a CAPWAP DTLS session key is valid. Default: 28800 4.6.8. MaxDiscoveryInterval The maximum time allowed between sending discovery requests from the interface, in seconds. Must be no less than 2 seconds and no greater than 180 seconds. Default: 20 seconds. Calhoun, Editor, et al. Expires July 27, 2007 [Page 81] Internet-Draft CAPWAP Protocol Specification January 2007 4.6.9. MaxFailedDTLSSessionRetry The maximum number of failed DTLS session establishment attempts before the CAPWAP device enters a silent period. Default: 3. 4.6.10. NeighborDeadInterval The minimum time, in seconds, a WTP MUST wait without having received Echo Responses to its Echo Requests, before the destination for the Echo Request may be considered dead. Must be no less than 2*EchoInterval seconds and no greater than 240 seconds. Default: 60 4.6.11. ResponseTimeout The minimum time, in seconds, which the WTP or AC must respond to a CAPWAP Request message. Default: 1 4.6.12. RetransmitInterval The minimum time, in seconds, which a non-acknowledged CAPWAP packet will be retransmitted. Default: 3 4.6.13. SilentInterval For a WTP, this is the minimum time, in seconds, a WTP MUST wait before it MAY again send discovery requests or attempt to a establish DTLS session. For an AC, this is the minimum time, in seconds, which the AC should ignore all CAPWAP and DTLS packets received from the WTP that is in the sulking state. Default: 30 4.6.14. StatisticsTimer The default Statistics Interval is 120 seconds. 4.6.15. WaitDTLS The maximum time, in seconds, a WTP MUST wait without having received a DTLS Handshake message from an AC. This timer must be greater than Calhoun, Editor, et al. Expires July 27, 2007 [Page 82] Internet-Draft CAPWAP Protocol Specification January 2007 30 seconds. Default: 60 4.7. CAPWAP Protocol Variables A WTP or AC that implements CAPWAP discovery MUST allow for the following variables to be configured by system management; default values are specified, making explicit configuration unnecessary in many cases. If the default values are explicitly overriden by the AC, t he WTP MUST save the values sent by the AC. 4.7.1. AdminState The default Administrative State value is enabled (1). 4.7.2. DiscoveryCount The number of discoveries transmitted by a WTP to a single AC. This is a monotonically increasing counter. 4.7.3. FailedDTLSSessionCount The number of failed DTLS session establishment attempts. 4.7.4. IdleTimeout The default Idle Timeout is 300 seconds. 4.7.5. MaxDiscoveries The maximum number of discovery requests that will be sent after a WTP boots. Default: 10 4.7.6. MaxRetransmit The maximum number of retransmissions for a given CAPWAP packet before the link layer considers the peer dead. Default: 5 4.7.7. ReportInterval The default Report Interval is 120 seconds.. Calhoun, Editor, et al. Expires July 27, 2007 [Page 83] Internet-Draft CAPWAP Protocol Specification January 2007 4.7.8. RetransmitCount The number of retransmissions for a given CAPWAP packet. This is a monotonically increasing counter. 4.7.9. WTPFallBack The default WTP Fallback value is enabled (1). 4.8. WTP Saved Variables In addition to the values defined in Section 4.7, the following values SHOULD be saved on the WTP in non-volatile memory. CAPWAP wireless bindings may define additional values that SHOULD be stored on the WTP. 4.8.1. AdminRebootCount The number of times the WTP has rebooted administratively, defined in Section 4.5.45. 4.8.2. FrameEncapType For WTPs that support multiple Frame Encapsulation Types, it is useful to save the value configured by the AC. The Frame Encapsulation Type is defined in Section 4.5.39. 4.8.3. LastRebootReason The reason why the WTP last rebooted, defined in Section 4.5.45. 4.8.4. MacType For WTPs that support multiple MAC Types, it is usefule to save the value configured by the AC. The MAC Type is defined in Section 4.5.41. 4.8.5. PreferredACs The preferred ACs, with the index, defined in Section 4.5.5. 4.8.6. RebootCount The number of times the WTP has rebooted, defined in Section 4.5.45. Calhoun, Editor, et al. Expires July 27, 2007 [Page 84] Internet-Draft CAPWAP Protocol Specification January 2007 4.8.7. Static ACL Table The static ACL table saved on the WTP, as configured by the Add Static MAC ACL Entry message element, see Section 4.5.9. 4.8.8. Static IP Address The static IP Address assigned to the WTP, as configured by the message element, see Section 4.5.46. 4.8.9. WTPLinkFailureCount The number of times the link to the AC has failed, see Section 4.5.45. 4.8.10. WTPLocation The WTP Location, defined in Section 4.5.27. 4.8.11. WTPName The WTP Name, defined in Section 4.5.42. Calhoun, Editor, et al. Expires July 27, 2007 [Page 85] Internet-Draft CAPWAP Protocol Specification January 2007 5. CAPWAP Discovery Operations The Discovery messages are used by a WTP to determine which ACs are available to provide service, and the capabilities and load of the ACs. 5.1. Discovery Request Message The Discovery Request message is used by the WTP to automatically discover potential ACs available in the network. The Discovery Request message provides ACs with the primary capabilities of the WTP. A WTP must exchange this information to ensure subsequent exchanges with the ACs are consistent with the WTP's functional characteristics. A WTP must transmit this command even if it has a statically configured AC. Discovery Request messages MUST be sent by a WTP in the Discover state after waiting for a random delay less than MaxDiscoveryInterval, after a WTP first comes up or is (re)initialized. A WTP MUST send no more than the maximum of MaxDiscoveries Discovery Request messages, waiting for a random delay less than MaxDiscoveryInterval between each successive message. This is to prevent an explosion of WTP Discovery Request messages. An example of this occurring is when many WTPs are powered on at the same time. Discovery Request messages MUST be sent by a WTP when no Echo Response messages are received for NeighborDeadInterval and the WTP returns to the Idle state. Discovery Request messages are sent after NeighborDeadInterval. They MUST be sent after waiting for a random delay less than MaxDiscoveryInterval. A WTP MAY send up to a maximum of MaxDiscoveries Discovery Request messages, waiting for a random delay less than MaxDiscoveryInterval between each successive message. If a Discovery Response message is not received after sending the maximum number of Discovery Request messages, the WTP enters the Sulking state and MUST wait for an interval equal to SilentInterval before sending further Discovery Request messages. Upon receiving a Discovery Request message, the AC will respond with a Discovery Response message sent to the address in the source address of the received discovery request message. The following message elements MUST be included in the Discovery Request message: Calhoun, Editor, et al. Expires July 27, 2007 [Page 86] Internet-Draft CAPWAP Protocol Specification January 2007 o Discovery Type, see Section 4.5.20 o WTP Board Data, see Section 4.5.36 o WTP Descriptor, see Section 4.5.37 o WTP Frame Tunnel Mode, see Section 4.5.39 o WTP MAC Type, see Section 4.5.41 5.2. Discovery Response Message The Discovery Response message provides a mechanism for an AC to advertise its services to requesting WTPs. The Discovery Response message is sent by an AC after receiving a Discovery Request message from a WTP. As with the Discovery Request, the Session ID field in the CAPWAP header MUST be set to zero. When a WTP receives a Discovery Response message, it MUST wait for an interval not less than DiscoveryInterval for receipt of additional Discovery Response messages. After the DiscoveryInterval elapses, the WTP enters the DTLS-Init state and selects one of the ACs that sent a Discovery Response message and send a DTLS Handshake to that AC. The following message elements MUST be included in the Discovery Response Message: o AC Descriptor, see Section 4.5.1 o AC Name, see Section 4.5.4 o CAPWAP Control IPv4 Address, see Section 4.5.10 o CAPWAP Control IPv6 Address, see Section 4.5.11 5.3. Primary Discovery Request Message The Primary Discovery Request message is sent by the WTP to determine whether its preferred (or primary) AC is available. A Primary Discovery Request message is sent by a WTP when it has a primary AC configured, and is connected to another AC. This generally occurs as a result of a failover, and is used by the WTP as a means to discover when its primary AC becomes available. As a consequence, this message is only sent by a WTP when it is in the Run state. Calhoun, Editor, et al. Expires July 27, 2007 [Page 87] Internet-Draft CAPWAP Protocol Specification January 2007 The frequency of the Primary Discovery Request messages should be no more often than the sending of the Echo Request message. Upon receipt of a Discovery Request message, the AC responds with a Primary Discovery Response message sent to the address in the source address of the received Primary Discovery Request message. The following message elements MUST be included in the Primary Discovery Request message. o Discovery Type, see Section 4.5.20 o WTP Board Data, see Section 4.5.36 o WTP Descriptor, see Section 4.5.37 o WTP Frame Tunnel Mode, see Section 4.5.39 o WTP MAC Type, see Section 4.5.41 o WTP Radio Information Element(s)that the AC supports; These are defined by the individual link layer CAPWAP Binding Protocols. 5.4. Primary Discovery Response The Primary Discovery Response message enables an AC to advertise its availability and services to requesting WTPs that are configured to have the AC as its primary AC. The Primary Discovery Response message is sent by an AC after receiving a Primary Discovery Request message. When a WTP receives a Primary Discovery Response message, it may establish a CAPWAP protocol connection to its primary AC, based on the configuration of the WTP Fallback Status message element on the WTP. The following message elements MUST be included in the Primary Discovery Response message. o AC Descriptor, see Section 4.5.1 o AC Name, see Section 4.5.4 o CAPWAP Control IPv4 Address, see Section 4.5.10 o CAPWAP Control IPv6 Address, see Section 4.5.11 Calhoun, Editor, et al. Expires July 27, 2007 [Page 88] Internet-Draft CAPWAP Protocol Specification January 2007 o WTP Radio Information Element(s)that the AC supports; These are defined by the individual link layer CAPWAP Binding Protocols. Calhoun, Editor, et al. Expires July 27, 2007 [Page 89] Internet-Draft CAPWAP Protocol Specification January 2007 6. CAPWAP Join Operations The Join Request message is used by a WTP to request service from an AC after a DTLS connection is established to that AC. The Join Response message is used by the the AC to indicate that it will or will not provide service. 6.1. Join Request The Join Request message is used by a WTP to inform an AC that it wishes to provide services through the AC. A Join Request message is sent by a WTP after (optionally) receiving one or more Discovery Responses, and completion of DTLS session establishment. When an AC receives a Join Request message it responds with a Join Response message. Upon completion of the DTLS handshake, which the WTP is notified via the DTLSEstablished notification, sends the Join Request message to the AC. When the AC is notified of the DTLS session establishment, it does not clear the WaitDTLS timer until it has received the Join Request message, at which time it generates a Join Response message and sends it to the WTP, indicating success or failure. If the AC rejects the Join Request, it sends a Join Response message with a failure indication and initiates an abort of the DTLS session via the DTLSAbort command. If an invalid (i.e. malformed) Join Request message is received, the message MUST be silently discarded by the AC. No response is sent to the WTP. The AC SHOULD log this event. The following message elements MUST be included in the Join Request message. o Location Data, see Section 4.5.27 o WTP Board Data, see Section 4.5.36 o WTP Descriptor, see Section 4.5.37 o WTP IPv4 IP Address, see Section 4.5.40 o WTP Name, see Section 4.5.42 o Session ID, see Section 4.5.33 The following message element MAY be included in the Join Request message. Calhoun, Editor, et al. Expires July 27, 2007 [Page 90] Internet-Draft CAPWAP Protocol Specification January 2007 o WTP Reboot Statistics, see Section 4.5.45 6.2. Join Response The Join Response message is sent by the AC to indicate to a WTP that it is capable and willing to provide service to it. The WTP, receiving a Join Response message, checks for success or failure. If the message indicates success, the WTP clears the WaitDTLS timer for the session and proceeds to the Configure state. If the WaitDTLS Timer expires prior to reception of the Join Response message, the WTP MUST terminate the handshake, deallocate associated session state and initiate the DTLSAbort command. If an invalid (malformed) Join Response message is received, the WTP SHOULD log an informative message detailing the error. This error MUST be treated in the same manner as AC non-responsiveness. In this way, the WaitDTLS timer will eventually expire, in which case the WTP may (if it is so configured) attempt to join with an alternative AC. The following message elements MAY be included in the Join Response message. o AC IPv4 List, see Section 4.5.2 o AC IPv6 List, see Section 4.5.3 o Result Code, see Section 4.5.31 o WTP Radio Information Element(s)that the AC supports; These are defined by the individual link layer CAPWAP Binding Protocols. The following message element MUST be included in the Join Response message. o AC Descriptor, see Section 4.5.1 Calhoun, Editor, et al. Expires July 27, 2007 [Page 91] Internet-Draft CAPWAP Protocol Specification January 2007 7. Control Channel Management The Control Channel Management messages are used by the WTP and AC to maintain a control communication channel. CAPWAP control messages, such as the WTP Event Request message sent from the WTP to the AC indicate to the AC that the WTP is operational. When such control messages are not being sent, the Echo Request and Echo Response messages are used to maintain the control communication channel. 7.1. Echo Request The Echo Request message is a keep alive mechanism for CAPWAP control messages. Echo Request messages are sent periodically by a WTP in the Run state (see Section 2.3) to determine the state of the connection between the WTP and the AC. The Echo Request message is sent by the WTP when the Heartbeat timer expires. The WTP MUST start its NeighborDeadInterval timer when the Heartbeat timer expires. The Echo Request message carries no message elements. When an AC receives an Echo Request message it responds with an Echo Response message. 7.2. Echo Response The Echo Response message acknowledges the Echo Request message, and is only processed while in the Run state (see Section 2.3). An Echo Response message is sent by an AC after receiving an Echo Request message. After transmitting the Echo Response message, the AC SHOULD reset its Heartbeat timer to expire in the value configured for EchoInterval. If another Echo Request message or other control message is not received by the AC when the timer expires, the AC SHOULD consider the WTP to be no longer be reachable. The Echo Response message carries no message elements. When a WTP receives an Echo Response message it stops the NeighborDeadInterval timer, and initializes the Heartbeat timer to the EchoInterval. If the NeighborDeadInterval timer expires prior to receiving an Echo Response message, or other control message, the WTP enters the Idle state. Calhoun, Editor, et al. Expires July 27, 2007 [Page 92] Internet-Draft CAPWAP Protocol Specification January 2007 8. WTP Configuration Management Wireless Termination Point Configuration messages are used to exchange configuration information between the AC and the WTP. 8.1. Configuration Consistency The CAPWAP protocol provides flexibility in how WTP configuration is managed. A WTP has two options: 1. The WTP retains no configuration and accepts the configuration provided by the AC. 2. The WTP retains the configuration of parameters provided by the AC that are non-default values. If the WTP opts to save configuration locally, the CAPWAP protocol state machine defines the Configure state, which allows for configuration exchange. In the Configure state, the WTP sends its current configuration overrides to the AC via the Configuration Status message. A configuration override is a parameter that is non- default. One example is that in the CAPWAP protocol, the default antenna configuration is internal omni antenna. A WTP that either has no internal antennas, or has been explicitly configured by the AC to use external antennas, sends its antenna configuration during the configure phase, allowing the AC to become aware of the WTP's current configuration. Once the WTP has provided its configuration to the AC, the AC sends its own configuration. This allows the WTP to inherit the configuration and policies from the AC. An AC maintains a copy of each active WTP's configuration. There is no need for versioning or other means to identify configuration changes. If a WTP becomes inactive, the AC MAY delete the configuration associated with it. If a WTP fails, and connects to a new AC, it provides its overridden configuration parameters, allowing the new AC to be aware of the WTP's configuration. This model allows for resiliency in case of an AC failure, that another AC can provide service to the WTP. In this scenario, the new AC would be automatically updated with WTP configuration changes, eliminating the need for inter-AC communication or the need for all ACs to be aware of the configuration of all WTPs in the network. Once the CAPWAP protocol enters the Run state, the WTPs begin to provide service. It is quite common for administrators to require that configuration changes be made while the network is operational. Calhoun, Editor, et al. Expires July 27, 2007 [Page 93] Internet-Draft CAPWAP Protocol Specification January 2007 Therefore, the Configuration Update Request is sent by the AC to the WTP to make these changes at run-time. 8.1.1. Configuration Flexibility The CAPWAP protocol provides the flexibility to configure and manage WTPs of varying design and functional characteristics. When a WTP first discovers an AC, it provides primary functional information relating to its type of MAC and to the nature of frames to be exchanged. The AC configures the WTP appropriately. The AC also establishes corresponding internal operations to deal with the WTP according to its functionalities. 8.2. Configuration Status The Configuration Status message is sent by a WTP to deliver its current configuration to its AC. Configuration Status messages are sent by a WTP while in the Configure state. The Configuration Status message carries binding specific message elements. Refer to the appropriate binding for the definition of this structure. When an AC receives a Configuration Status message it will act upon the content of the packet and respond to the WTP with a Configuration Status Response message. The Configuration Status message includes multiple Radio Administrative State message Elements. There is one such message element for the WTP, and one message element per radio in the WTP. The following message elements MUST be included in the Configuration Status message. o AC Name, see Section 4.5.4 o AC Name with Index, see Section 4.5.5 o Radio Administrative State, see Section 4.5.29 o Statistics Timer, see Section 4.5.34 o WTP Reboot Statistics, see Section 4.5.45 The following message elements MAY be included in the Configuration Status message. Calhoun, Editor, et al. Expires July 27, 2007 [Page 94] Internet-Draft CAPWAP Protocol Specification January 2007 o WTP Static IP Address Information, see Section 4.5.46 8.3. Configuration Status Response The Configuration Status Response message is sent by an AC and provides a mechanism for the AC to override a WTP's requested configuration. Configuration Status Response messages are sent by an AC after receiving a Configure Request message. The Configuration Status Response message carries binding specific message elements. Refer to the appropriate binding for the definition of this structure. When a WTP receives a Configuration Status Response message it acts upon the content of the message, as appropriate. If the Configuration Status Response message includes a Radio Operational State message element that causes a change in the operational state of one of the Radio, the WTP will transmit a Change State Event to the AC, as an acknowledgement of the change in state. The following message elements MUST be included in the Configuration Status Response message. o AC IPv4 List, see Section 4.5.2 o AC IPv6 List, see Section 4.5.3 o CAPWAP Timers, see Section 4.5.12 o Radio Operational Event, see Section 4.5.30 o Decryption Error Report Period, see Section 4.5.16 o Idle Timeout, see Section 4.5.23 o WTP Fallback, see Section 4.5.38 The following message element MAY be included in the Configuration Status Response message. o WTP Static IP Address Information, see Section 4.5.46 Calhoun, Editor, et al. Expires July 27, 2007 [Page 95] Internet-Draft CAPWAP Protocol Specification January 2007 8.4. Configuration Status Acknowledge The Configuration Status Acknowledge message is sent by a WTP and provides a mechanism for the WTP to acknowledge or report an error condition to the AC for a requested configuration. Configuration Status Acknowledge messages are sent by a WTP after receiving a Configure Response message. The Configuration Status Acknowledge message carries a status code and may contain any specific binding message elements that could not be set as requested by the AC. If the WTP successfully applies the configuration, it shall set the return code value to "Success". If the WTP is unable to apply any part of the configuration, it shall set the return code value to "Unable to Apply Requested Configuration" Refer to the appropriate binding for the definition of this structure. When a AC receives a Configuration Status Acknowledge message it acts upon the content of the message, as appropriate. If the Configuration Status Response message includes a Radio Operational State message element that causes a change in the operational state of one of the Radio, the WTP will transmit a Change State Event to the AC, as an acknowledgement of the change in state. The following message elements MUST be included in the Configuration Status Acknowledge message. o Result Code, see Section 4.5.31 8.5. Configuration Update Request Configuration Update Request messages are sent by the AC to provision the WTP while in the Run state. This is used to modify the configuration of the WTP while it is operational. When an AC receives a Configuration Update Request message it will respond with a Configuration Update Response message, with the appropriate Result Code. One or more of the following message elements MAY be included in the Configuration Update message. o AC Name with Index, see Section 4.5.5 o AC Timestamp, see Section 4.5.6 Calhoun, Editor, et al. Expires July 27, 2007 [Page 96] Internet-Draft CAPWAP Protocol Specification January 2007 o Add MAC ACL Entry, see Section 4.5.7 o Add Static MAC ACL Entry, see Section 4.5.9 o CAPWAP Timers, see Section 4.5.12 o Decryption Error Report Period, see Section 4.5.16 o Delete MAC ACL Entry, see Section 4.5.17 o Delete Static MAC ACL Entry, see Section 4.5.19 o Idle Timeout, see Section 4.5.23 o Location Data, see Section 4.5.27 o Radio Operational State, see Section 4.5.30 o Statistics Timer, see Section 4.5.34 o WTP Fallback, see Section 4.5.38 o WTP Name, see Section 4.5.42 o WTP Static IP Address Information, see Section 4.5.46 8.6. Configuration Update Response The Configuration Update Response message is the acknowledgement message for the Configuration Update Request message. The Configuration Update Response message is sent by a WTP after receiving a Configuration Update Request message. When an AC receives a Configuration Update Response message the result code indicates if the WTP successfully accepted the configuration. The following message element MUST be present in the Configuration Update message. Result Code, see Section 4.5.31 8.7. Change State Event Request The Change State Event Request message is used by the WTP for two main purposes: Calhoun, Editor, et al. Expires July 27, 2007 [Page 97] Internet-Draft CAPWAP Protocol Specification January 2007 o When sent by the WTP following the reception Configuration Status Response from the AC, the WTP uses the Change State Event to provide an update on the WTP radio's operational state as well as to confirm that the configuration provided by the AC was successfully applied. o When sent during the Run state, the WTP uses the Change State Event to notify the AC of an unexpected change in the WTP's radio operational state. When an AC receives a Change State Event Request message it will respond with a Change State Event Response message and make any necessary modifications to internal WTP data structures. The AC MAY decide not to provide service to the WTP if it receives an error, based on local policy, which is done by transitioning to the CAPWAP Reset state. The Change State Event Request is sent by a WTP to acknowledge or report an error condition to the AC for a requested configuration through the Configuration Status Response. The Change State Event Request includes the Result Code message element, which indicates whether the configuration was successfully applied. If the WTP is unable to apply a specfic configuration request, it indicates the failure by including one or more Returned Message Element message elements (see Section 4.5.32). The following message elements MUST be present in the Change State Event Request message. o Radio Operational State, see Section 4.5.30 o Result Code, see Section 4.5.31 One or more of the following message elements MAY be present in the Change State Event Request message. o Returned Message Element, see Section 4.5.32 8.8. Change State Event Response The Change State Event Response message acknowledges the Change State Event Request message. A Change State Event Response message is sent by an AC in response to a Change State Event Request message. The Change State Event Response message carries no message elements. Its purpose is to acknowledge the receipt of the Change State Event Calhoun, Editor, et al. Expires July 27, 2007 [Page 98] Internet-Draft CAPWAP Protocol Specification January 2007 Request message. The WTP does not need to perform any special processing of the Change State Event Response message. 8.9. Clear Configuration Request The Clear Configuration Request message is used to reset a WTP's configuration. The Clear Configuration Request message is sent by an AC to request that a WTP reset its configuration to the manufacturing default configuration. The Clear Config Request message is sent while in the Run CAPWAP state. The Clear Configuration Request message carries no message elements. When a WTP receives a Clear Configuration Request message it resets its configuration to the manufacturing default configuration. 8.10. Clear Configuration Response The Clear Configuration Response message is sent by the WTP after receiving a Clear Configuration Request message and resetting its configuration parameters back to the manufacturing default values. The Clear Configuration Request message carries the message elements. o Result Code, see Section 4.5.31 Calhoun, Editor, et al. Expires July 27, 2007 [Page 99] Internet-Draft CAPWAP Protocol Specification January 2007 9. Device Management Operations This section defines CAPWAP operations responsible for debugging, gathering statistics, logging, and firmware management. 9.1. Image Data Request The Image Data Request message is used to update firmware on the WTP. This message and its companion response message are used by the AC to ensure that the image being run on each WTP is appropriate. Image Data Request messages are exchanged between the WTP and the AC to download a new firmware image to the WTP. When a WTP or AC receives an Image Data Request message it will respond with an Image Data Response message. The message elements contained within the Image Data Request message are required to determine the intent of the request. The decision that new firmware is to be downloaded to the WTP can occur in one of two methods: When the WTP joins the AC, and each exchange their software revision, the WTP may opt to initiate a firmware download by sending an Image Data Request, which contains an Image Filename message element. Once the WTP is in the Configure state, it is possible for the AC to cause the WTP to initiate a firmware download by sending an Image Data Request message, with the Initiate Download and and Image Filename message elements. The WTP then transmits the Image Data Request message,which includes the Image Filename message element to start the download process. Regardless of how the download was initiated, once the AC receives an Image Data Request with the Image Filename message element, it begins the transfer process by transmitting its own request with the Image Data message element. This continues until the firmware image has been transfered. The following message elements MAY be included in the Image Data Request message. o Image Data, see Section 4.5.24 o Image Filename, see Section 4.5.25 o Initiate Download, see Section 4.5.26 Calhoun, Editor, et al. Expires July 27, 2007 [Page 100] Internet-Draft CAPWAP Protocol Specification January 2007 9.2. Image Data Response The Image Data Response message acknowledges the Image Data Request message. An Image Data Response message is sent in response to a received Image Data Request message. Its purpose is to acknowledge the receipt of the Image Data Request message. The Result Code is included to indicate whether a previously sent Image Data Request message was invalid. The following message elements MUST be included in the Image Data Response message. o Result Code, see Section 4.5.31 Upon receiving an error, the WTP MAY decide to retransmit a previous Image Data Reqest, or abandon the firmware download to the WTP by transitioning to the Reset state machine. 9.3. Reset Request The Reset Request message is used to cause a WTP to reboot. A Reset Request message is sent by an AC to cause a WTP to reinitialize its operation. The Reset Request carries no message elements. When a WTP receives a Reset Request it will respond with a Reset Response indicating success and then reinitialize itself. In the event the WTP is unable to reset, including a hardware reset, it can respond with a Reset Response whose Result-Code message element indicates failure. 9.4. Reset Response The Reset Response message acknowledges the Reset Request message. A Reset Response message is sent by the WTP after receiving a Reset Request message. The following message elements MAY be included in the Image Data Request Message. o Result Code, see Section 4.5.31 When an AC receives a successful Reset Response message, it is Calhoun, Editor, et al. Expires July 27, 2007 [Page 101] Internet-Draft CAPWAP Protocol Specification January 2007 notified that the WTP will reinitialize its operation. An AC that receives a Reset Response indicating failure may opt to no longer provide service to the WTP in question. 9.5. WTP Event Request WTP Event Request message is used by a WTP to send information to its AC. The WTP Event Request message may be sent periodically, or sent in response to an asynchronous event on the WTP. For example, a WTP MAY collect statistics and use the WTP Event Request message to transmit the statistics to the AC. When an AC receives a WTP Event Request message it will respond with a WTP Event Response message. The presence of the Delete Station message element is used by the WTP to inform the AC that it is no longer providing service to the station. This could be the result of an Idle Timeout (see Section 4.5.23), due to to resource shortages, or some other reason. The WTP Event Request message MUST contain one of the message elements listed below, or a message element that is defined for a specific wireless technology. o Decryption Error Report, see Section 4.5.15 o Duplicate IPv4 Address, see Section 4.5.21 o Duplicate IPv6 Address, see Section 4.5.22 o WTP Operational Statistics, see Section 4.5.43 o WTP Radio Statistics, see Section 4.5.44 o WTP Reboot Statistics, see Section 4.5.45 o Delete Station, see Section 4.5.18 9.6. WTP Event Response The WTP Event Response message acknowledges receipt of the WTP Event Request message. A WTP Event Response message issent by an AC after receiving a WTP Event Request message. The WTP Event Response message carries no message elements. Calhoun, Editor, et al. Expires July 27, 2007 [Page 102] Internet-Draft CAPWAP Protocol Specification January 2007 9.7. Data Transfer Request The Data Transfer Request message is used to deliver debug information from the WTP to the AC. Data Transfer Request messages are sent by the WTP to the AC when the WTP determines that it has important information to send to the AC. For instance, if the WTP detects that its previous reboot was caused by a system crash, it can send the crash file to the AC. The remote debugger function in the WTP also uses the Data Transfer Request message to send console output to the AC for debugging purposes. When the AC receives a Data Transfer Request message it responds to the WTP ith a Data Transfer Response message. The AC MAY log the information received. The Data Transfer Request message MUST contain one of the message elements listed below. o Data Transfer Data, see Section 4.5.13 o Data Transfer Mode, see Section 4.5.14 9.8. Data Transfer Response The Data Transfer Response message acknowledges the Data Transfer Request message. A Data Transfer Response message is sent in response to a received Data Transfer Request message. Its purpose is to acknowledge receipt of the Data Transfer Request message. The Data Transfer Response message carries no message elements. Upon receipt of a Data Transfer Response message, the WTP transmits more information, if more information is available. Calhoun, Editor, et al. Expires July 27, 2007 [Page 103] Internet-Draft CAPWAP Protocol Specification January 2007 10. Station Session Management Messages in this section are used by the AC to create, modify or delete station session state on the WTPs. 10.1. Station Configuration Request The Station Configuration Request message is used to create, modify or delete station session state on a WTP. The message is sent by the AC to the WTP, and may contain one or more message elements. The message elements for this CAPWAP control message include information that is generally highly technology specific. Refer to the appropriate binding section or document for the definitions of the messages elements that may be used in this control message. The following CAPWAP Control message elements MAY be included in the Station Configuration Request message. o Add Station, see Section 4.5.8 o Delete Station, see Section 4.5.18 10.2. Station Configuration Response The Station Configuration Response message is used to acknowledge a previously received Station Configuration Request message. The following message element MUST be present in the Station Configuration Response message. o Result Code, see Section 4.5.31 The Result Code message element indicates that the requested configuration was successfully applied, or that an error related to processing of the Station Configuration Request message occurred on the WTP. Calhoun, Editor, et al. Expires July 27, 2007 [Page 104] Internet-Draft CAPWAP Protocol Specification January 2007 11. NAT Considerations There are two specific situations in which a NAT system may be used in conjunction with a CAPWAP-enabled system. The first consists of a configuration where the WTP is behind a NAT system. Given that all communication is initiated by the WTP, and all communication is performed over IP using two UDP ports, the protocol easily traverses NAT systems in this configuration. It is, however, possible for two or more WTPs to reside behind the same NAT system. In this instance, the AC would receive multiple connection requests from the same IP address, and could end up thinking all of the connection requests come from the same WTP. It is important that the AC not disconnect another WTP's session as a result of this situation occuring. Therefore, the AC should consider the WTP's identity, which is communicated within the DTLS exchange used to secure the CAPWAP control channel. The CAPWAP header includes a Session Identifier field, which is used to match the control and data plane. This allows the AC to match the control and data plane flows from multiple WTPs behind the same NAT system (therefore all sharing the same IP address). The second configuration is one where the AC sits behind a NAT. Two issues exist in this situation. First, an AC communicates its interfaces, and associated WTP load on these interfaces, through the WTP Manager Control IP Address. This message element is currently mandatory, and if NAT compliance became an issue, it would be possible to either: 1. Make the WTP Manager Control IP Address optional, allowing the WTP to simply use the known IP Address. However, note that this approach would eliminate the ability to perform load balancing of WTP across ACs, and therefore is not the recommended approach. 2. Allow an AC to be able to configure a NAT'ed address for every associated AC that would generally be communicated in the WTP Manager Control IP Address message element. 3. Require that if a WTP determines that the AC List message element consists of a set of IP Addresses that are different from the AC's IP Address it is currently communicating with, then assume that NAT is being enforced, and require that the WTP communicate with the original AC's IP Address (and ignore the WTP Manager Control IP Address message element(s)). Another issue related to having an AC behind a NAT system is CAPWAP's support for the CAPWAP Objective to allow the control and data plane to be separated. In order to support this requirement, the CAPWAP Calhoun, Editor, et al. Expires July 27, 2007 [Page 105] Internet-Draft CAPWAP Protocol Specification January 2007 protocol defines the WTP Manager Data IP Address message element, which allows the AC to inform the WTP that the CAPWAP data frames are to be forwarded to a separate IP Address. This feature MUST be disabled when an AC is behind a NAT. However, there is no easy way to provide some default mechanism that satisfies both the data/ control separation and NAT objectives, as they directly conflict with each other. As a consequence, user intervention will be required to support such networks. The CAPWAP protocol allows for all of the ACs identities supporting a group of WTPs to be communicated through the AC List message element. This feature must be disabled when the AC is behind a NAT and the IP Address that is embedded would be invalid. The CAPWAP protocol has a feature that allows an AC to configure a static IP address on a WTP. The WTP Static IP Address Information message element provides such a function, however this feature SHOULD NOT be used in NAT'ed environments, unless the administrator is familiar with the internal IP addressing scheme within the WTP's private network, and does not rely on the public address seen by the AC. When a WTP detects the duplicate address condition, it generates a message to the AC, which includes the Duplicate IP Address message element. The IP Address embedded within this message element is different from the public IP address seen by the AC. Calhoun, Editor, et al. Expires July 27, 2007 [Page 106] Internet-Draft CAPWAP Protocol Specification January 2007 12. Security Considerations This section describes security considerations for the CAPWAP protocol. It also provides security recommendations for protocols used in conjunction with CAPWAP. 12.1. CAPWAP Security As it is currently specified, the CAPWAP protocol sits between the security mechanisms specified by the wireless link layer protocol (e.g.IEEE 802.11i) and AAA. One goal of CAPWAP is to bootstrap trust between the STA and WTP using a series of preestablished trust relationships: STA WTP AC AAA ============================================== DTLS Cred AAA Cred <------------><-------------> EAP Credential <------------------------------------------> wireless link layer (e.g.802.11 PTK) <--------------> or <---------------------------> (derived) Within CAPWAP, DTLS is used to secure the link between the WTP and AC. In addition to securing control messages, it's also a link in this chain of trust for establishing link layer keys. Consequently, much rests on the security of DTLS. In some CAPWAP deployment scenarios, there are two channels between the WTP and AC: the control channel, carrying CAPWAP control messages, and the data channel, over which client data packets are tunneled between the AC and WTP. Typically, the control channel is secured by DTLS, while the data channel is not. The use of parallel protected and unprotected channels deserves special consideration, but does not create a threat. There are two potential concerns: attempting to convert protected data into un- protected data and attempting to convert un-protected data into protected data. These concerns are addressed below. Calhoun, Editor, et al. Expires July 27, 2007 [Page 107] Internet-Draft CAPWAP Protocol Specification January 2007 12.1.1. Converting Protected Data into Unprotected Data Since CAPWAP does not support authentication-only ciphers (i.e. all supported ciphersuites include encryption and authentication), it is not possible to convert protected data into unprotected data. Since encrypted data is (ideally) indistinguishable from random data, the probability of an encrypted packet passing for a well-formed packet is effectively zero. 12.1.2. Converting Unprotected Data into Protected Data (Insertion) The use of message authentication makes it impossible for the attacker to forge protected records. This makes conversion of unprotected records to protected records impossible. 12.1.3. Deletion of Protected Records An attacker could remove protected records from the stream, though not undetectably so, due the built-in reliability of the underlying CAPWAP protocol. In the worst case, the attacker would remove the same record repeatedly, resulting in a CAPWAP session timeout and restart. This is effectively a DoS attack, and could be accomplished by a man in the middle regardless of the CAPWAP protocol security mechanisms chosen. 12.1.4. Insertion of Unprotected Records An attacker could inject packets into the unprotected channel, but this may become evident if sequence number desynchronization occurs as a result. Only if the attacker is a MiM can packets be inserted undetectably. This is a consequence of that channel's lack of protection, and not a new threat resulting from the CAPWAP security mechanism. 12.2. Use of Preshared Keys in CAPWAP While use of preshared keys may provide deployment and provisioning advantages not found in public key based deployments, it also introduces a number of operational and security concerns. In particular, because the keys must typically be entered manually, it is common for people to base them on memorable words or phrases. These are referred to as "low entropy passwords/passphrases". Use of low-entropy preshared keys, coupled with the fact that the keys are often not frequently updated, tends to significantly increase exposure. For these reasons, we make the following recommendations: Calhoun, Editor, et al. Expires July 27, 2007 [Page 108] Internet-Draft CAPWAP Protocol Specification January 2007 o When DTLS is used with a preshared-key (PSK) ciphersuite, each WTP SHOULD have a unique PSK. Since WTPs will likely be widely deployed, their physical security is not guaranteed. If PSKs are not unique for each WTP, key reuse would allow the compromise of one WTP to result in the compromise of others o Generating PSKs from low entropy passwords is NOT RECOMMENDED. o It is RECOMMENDED that implementations that allow the administrator to manually configure the PSK also provide a capability for generation of new random PSKs, taking RFC 1750 [2] into account. o Preshared keys SHOULD be periodically updated. Implementations may facilitate this by providing an administrative interface for automatic key generation and periodic update, or it may be accomplished manually instead. 12.3. Use of Certificates in CAPWAP For public-key-based DTLS deployments, each device SHOULD have unique credentials, with an extended key usage authorizing them to act as either a WTP or AC. If devices do not have unique credentials, it is possible that by compromising one, any other one using the same credential may also be considered to be compromised. Certificate validation involves checking a large variety of things. Since the necessary things to validate are often environment- specific, many are beyond the scope of this document. In this section, we provide some basic guidance on certificate validation. Each device is responsible for authenticating and authorizing devices with which they communicate. Authentication entails validation of the chain of trust leading to the peer certificate, followed by the the peer certificate itself. At a minimum, devices SHOULD use SSH- style certificate caching to guarantee consistency. If devices have access to a certificate authority, they SHOULD properly validate the trust chain. Implementations SHOULD also provide a secure method for verifying that the credential in question has not been revoked. Note that if the WTP relies on the AC for network connectivity (e.g. the AC is a layer 2 switch to which the WTP is directly connected), there is a chicken and egg problem, in that the WTP may not be able to contact an OCSP server or otherwise obtain an up to date CRL if a compromised AC doesn't explicitly permit this. This cannot be avoided, except through effective physical security and monitoring measures at the AC. Calhoun, Editor, et al. Expires July 27, 2007 [Page 109] Internet-Draft CAPWAP Protocol Specification January 2007 Proper validation of certificates typically requires checking to ensure the certificate has not yet expired. If devices have a real- time clock, they SHOULD verify the certificate validity dates. If no real-time clock is available, the device SHOULD make a best-effort attempt to validate the certificate validity dates through other means. Failure to check a certificate's temporal validity can make a device vulnerable to man-in-the-middle attacks launched using compromised, expired certificates, and therefore devices should make every effort to perform this validation. Another important part of certificate authentication is binding a certificate to a particular device. There are many ways to accomplish this. Specification of the certificate common name (CN) as the WTP or AC MAC address formatted as ASCII HEX, for example, 01: 23:45:67:89:ab is REQUIRED for use with the CAPWAP protocol. During authentication, devices SHOULD ensure that the MAC address matches the MAC address specified in the CAPWAP header. If this mechanism is used, the ACs SHOULD maintain list of all authorized WTP MAC addresses and the WTP SHOULD save the AC credential or credential identifier. 12.4. AAA Security The AAA protocol is used to distribute EAP keys to the ACs, and consequently its security is important to the overall system security. When used with TLS or IPsec, security guidelines specified in RFC 3539 [5] SHOULD be followed. In general, the link between the AC and AAA server SHOULD be secured using a strong ciphersuite keyed with mutually authenticated session keys. Implementations SHOULD NOT rely solely on Basic RADIUS shared secret authentication as it is often vulnerable to dictionary attacks, but rather SHOULD use stronger underlying security mechanisms. Calhoun, Editor, et al. Expires July 27, 2007 [Page 110] Internet-Draft CAPWAP Protocol Specification January 2007 13. IANA Considerations A separate UDP port for data channel communications is (currently) the selected demultiplexing mechanism, and a port must be assigned for this purpose. IANA needs to assign a DHCP code point, currently identified as TBD in the section Section 3.2. DHCP options are defined in RFC 1533 [10], and are listed by IANA at http://www.iana.org/assignments/bootp-dhcp-parameters. Calhoun, Editor, et al. Expires July 27, 2007 [Page 111] Internet-Draft CAPWAP Protocol Specification January 2007 14. References 14.1. Normative References [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [2] Eastlake, D., Crocker, S., and J. Schiller, "Randomness Recommendations for Security", RFC 1750, December 1994. [3] Mills, D., "Network Time Protocol (Version 3) Specification, Implementation", RFC 1305, March 1992. [4] Housley, R., Polk, W., Ford, W., and D. Solo, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 3280, April 2002. [5] Aboba, B. and J. Wood, "Authentication, Authorization and Accounting (AAA) Transport Profile", RFC 3539, June 2003. [6] Eronen, P. and H. Tschofenig, "Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)", RFC 4279, December 2005. [7] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.1", RFC 4346, April 2006. [8] Manner, J. and M. Kojo, "Mobility Related Terminology", RFC 3753, June 2004. [9] Rescorla, E. and N. Modadugu, "Datagram Transport Layer Security", RFC 4347, April 2006. [10] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor Extensions", RFC 1533, October 1993. [11] Clancy, C., "Security Review of the Light Weight Access Point Protocol", May 2005, . 14.2. Informational References [12] "draft-ietf-capwap-protocol-binding-specification-ieee802dot11- 00". [13] Reynolds, J., "Assigned Numbers: RFC 1700 is Replaced by an On- line Database", RFC 3232, January 2002. [14] Modadugu et al, N., "The Design and Implementation of Datagram Calhoun, Editor, et al. Expires July 27, 2007 [Page 112] Internet-Draft CAPWAP Protocol Specification January 2007 TLS", Feb 2004. Calhoun, Editor, et al. Expires July 27, 2007 [Page 113] Internet-Draft CAPWAP Protocol Specification January 2007 Authors' Addresses Pat R. Calhoun Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 Phone: +1 408-853-5269 Email: pcalhoun@cisco.com Michael P. Montemurro Research In Motion 5090 Commerce Blvd Mississauga, ON L4W 5M4 Canada Phone: +1 905-629-4746 x4999 Email: mmontemurro@rim.com Dorothy Stanley Aruba Networks 1322 Crossman Ave Sunnyvale, CA 94089 Phone: +1 630-363-1389 Email: dstanley@arubanetworks.com Calhoun, Editor, et al. Expires July 27, 2007 [Page 114] Internet-Draft CAPWAP Protocol Specification January 2007 Full Copyright Statement Copyright (C) The IETF Trust (2007). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Acknowledgment Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA). Calhoun, Editor, et al. Expires July 27, 2007 [Page 115]