Two crypto modes 802.11i Provides privacy and authentication of 802.11 payload Does not secure the CAPWAP header Breaks some 802.11 features (see next slide) DTLS Already present on AC and WTP (needed for control plane) Supports any CAPWAP binding Protects payload and CAPWAP header |