


From Wikipedia, the free encyclopedia
  (Redirected from Capwap)
Jump to: navigation, search

CAPWAP stands for Control And Provisioning of Wireless Access Points. The protocol specification is described in RFC 5415 and an IEEE 802.11 binding is provided in RFC 5416 and is based on LWAPP (Lightweight Access Point Protocol).

CAPWAP is a standard, interoperable protocol that enables a controller to manage a collection of wireless access points, and uses UDP ports 5246 (control channel) and 5247 (data channel).

The state machine of CAPWAP is similar to LWAPP's, but with the addition of a full Datagram Transport Layer Security (DTLS) tunnel establishment. The standard provides configuration management and device management, allowing for configurations and firmware to be pushed to access points (APs). Because the overall state design of the CAPWAP protocol is largely the same as the finite state machine (FSM) in LWAPP, a detailed diagram is not needed.

This protocol differentiates between data traffic and control traffic, as LWAPP did. However, only the control messages are transmitted in a DTLS tunnel. The publishers argue that an unencrypted data channel is not a security threat, because full IPsec is available. More consideration has been placed on ensuring that CAPWAP is secure, by taking advantage of the security offered by requiring full encryption with authentication between the controller and AP. This creates some inconveniences, however, in that both APs and controllers need to be preconfigured in order to associate with each other. Both the AP and controller must be either loaded with PSKs or certificate files to enable encrypted communication.

Access Control Lists are also implemented to prevent rogue CAPWAP controllers from hijacking unassociated APs.

[edit] See also


[edit] External links

  • "Control And Provisioning of Wireless Access Points (CAPWAP) Protocol Specification". 
  • "Control and Provisioning of Wireless Access Points (CAPWAP) Protocol Binding for IEEE 802.11". 

Retrieved from ""

