capwap-5----Page:5
1 2 3 4 5 6 7 8 9 10 11 12 13
|
Document Outline Introduction A little background on original fat AP model CAPWAP splits this AP function in two WTP implements WLAN edge functions with respect to user AC implements edge functions with respect to LAN, AAA Variable splits of MAC functions between WTP/AC Splitting in itself introduces nothing new in terms of security if the same assumptions hold as for fat AP model But in most cases they don’t Ideally, CAPWAP should introduce no new vulnerabilities which are not intrinsic to WLANs (i.e. present in fat AP scenarios) Practically, this is not achievable, but we must strive to minimize new exposures introduced by the act of splitting the AP function |