Network Working Group                                    P. Calhoun, Ed.
Request for Comments: 5415                           Cisco Systems, Inc.
Category: Standards Track                             M. Montemurro, Ed.
                                                     Research In Motion
                                                        D. Stanley, Ed.
                                                         Aruba Networks
                                                             March 2009


     Control And Provisioning of Wireless Access Points (CAPWAP)
                        Protocol Specification

Status of This Memo

  This document specifies an Internet standards track protocol for the
  Internet community, and requests discussion and suggestions for
  improvements.  Please refer to the current edition of the "Internet
  Official Protocol Standards" (STD 1) for the standardization state
  and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

  Copyright (c) 2009 IETF Trust and the persons identified as the
  document authors.  All rights reserved.

  This document is subject to BCP 78 and the IETF Trust's Legal
  Provisions Relating to IETF Documents in effect on the date of
  publication of this document (http://trustee.ietf.org/license-info).
  Please review these documents carefully, as they describe your rights
  and restrictions with respect to this document.

  This document may contain material from IETF Documents or IETF
  Contributions published or made publicly available before November
  10, 2008.  The person(s) controlling the copyright in some of this
  material may not have granted the IETF Trust the right to allow
  modifications of such material outside the IETF Standards Process.
  Without obtaining an adequate license from the person(s) controlling
  the copyright in such materials, this document may not be modified
  outside the IETF Standards Process, and derivative works of it may
  not be created outside the IETF Standards Process, except to format
  it for publication as an RFC or to translate it into languages other
  than English.









Calhoun, et al.             Standards Track                     [Page 1]

RFC 5415             CAPWAP Protocol Specification            March 2009


Abstract

  This specification defines the Control And Provisioning of Wireless
  Access Points (CAPWAP) Protocol, meeting the objectives defined by
  the CAPWAP Working Group in RFC 4564.  The CAPWAP protocol is
  designed to be flexible, allowing it to be used for a variety of
  wireless technologies.  This document describes the base CAPWAP
  protocol, while separate binding extensions will enable its use with
  additional wireless technologies.

Table of Contents

  1. Introduction ....................................................7
     1.1. Goals ......................................................8
     1.2. Conventions Used in This Document ..........................9
     1.3. Contributing Authors .......................................9
     1.4. Terminology ...............................................10
  2. Protocol Overview ..............................................11
     2.1. Wireless Binding Definition ...............................12
     2.2. CAPWAP Session Establishment Overview .....................13
     2.3. CAPWAP State Machine Definition ...........................15
          2.3.1. CAPWAP Protocol State Transitions ..................17
          2.3.2. CAPWAP/DTLS Interface ..............................31
     2.4. Use of DTLS in the CAPWAP Protocol ........................33
          2.4.1. DTLS Handshake Processing ..........................33
          2.4.2. DTLS Session Establishment .........................35
          2.4.3. DTLS Error Handling ................................35
          2.4.4. DTLS Endpoint Authentication and Authorization .....36
  3. CAPWAP Transport ...............................................40
     3.1. UDP Transport .............................................40
     3.2. UDP-Lite Transport ........................................41
     3.3. AC Discovery ..............................................41
     3.4. Fragmentation/Reassembly ..................................42
     3.5. MTU Discovery .............................................43
  4. CAPWAP Packet Formats ..........................................43
     4.1. CAPWAP Preamble ...........................................46
     4.2. CAPWAP DTLS Header ........................................46
     4.3. CAPWAP Header .............................................47
     4.4. CAPWAP Data Messages ......................................50
          4.4.1. CAPWAP Data Channel Keep-Alive .....................51
          4.4.2. Data Payload .......................................52
          4.4.3. Establishment of a DTLS Data Channel ...............52
     4.5. CAPWAP Control Messages ...................................52
          4.5.1. Control Message Format .............................53
          4.5.2. Quality of Service .................................56
          4.5.3. Retransmissions ....................................57
     4.6. CAPWAP Protocol Message Elements ..........................58
          4.6.1. AC Descriptor ......................................61



Calhoun, et al.             Standards Track                     [Page 2]

RFC 5415             CAPWAP Protocol Specification            March 2009


          4.6.2. AC IPv4 List .......................................64
          4.6.3. AC IPv6 List .......................................64
          4.6.4. AC Name ............................................65
          4.6.5. AC Name with Priority ..............................65
          4.6.6. AC Timestamp .......................................66
          4.6.7. Add MAC ACL Entry ..................................66
          4.6.8. Add Station ........................................67
          4.6.9. CAPWAP Control IPv4 Address ........................68
          4.6.10. CAPWAP Control IPv6 Address .......................68
          4.6.11. CAPWAP Local IPv4 Address .........................69
          4.6.12. CAPWAP Local IPv6 Address .........................69
          4.6.13. CAPWAP Timers .....................................70
          4.6.14. CAPWAP Transport Protocol .........................71
          4.6.15. Data Transfer Data ................................72
          4.6.16. Data Transfer Mode ................................73
          4.6.17. Decryption Error Report ...........................73
          4.6.18. Decryption Error Report Period ....................74
          4.6.19. Delete MAC ACL Entry ..............................74
          4.6.20. Delete Station ....................................75
          4.6.21. Discovery Type ....................................75
          4.6.22. Duplicate IPv4 Address ............................76
          4.6.23. Duplicate IPv6 Address ............................77
          4.6.24. Idle Timeout ......................................78
          4.6.25. ECN Support .......................................78
          4.6.26. Image Data ........................................79
          4.6.27. Image Identifier ..................................79
          4.6.28. Image Information .................................80
          4.6.29. Initiate Download .................................81
          4.6.30. Location Data .....................................81
          4.6.31. Maximum Message Length ............................81
          4.6.32. MTU Discovery Padding .............................82
          4.6.33. Radio Administrative State ........................82
          4.6.34. Radio Operational State ...........................83
          4.6.35. Result Code .......................................84
          4.6.36. Returned Message Element ..........................85
          4.6.37. Session ID ........................................86
          4.6.38. Statistics Timer ..................................87
          4.6.39. Vendor Specific Payload ...........................87
          4.6.40. WTP Board Data ....................................88
          4.6.41. WTP Descriptor ....................................89
          4.6.42. WTP Fallback ......................................92
          4.6.43. WTP Frame Tunnel Mode .............................92
          4.6.44. WTP MAC Type ......................................93
          4.6.45. WTP Name ..........................................94
          4.6.46. WTP Radio Statistics ..............................94
          4.6.47. WTP Reboot Statistics .............................96
          4.6.48. WTP Static IP Address Information .................97
     4.7. CAPWAP Protocol Timers ....................................98



Calhoun, et al.             Standards Track                     [Page 3]

RFC 5415             CAPWAP Protocol Specification            March 2009


          4.7.1. ChangeStatePendingTimer ............................98
          4.7.2. DataChannelKeepAlive ...............................98
          4.7.3. DataChannelDeadInterval ............................99
          4.7.4. DataCheckTimer .....................................99
          4.7.5. DiscoveryInterval ..................................99
          4.7.6. DTLSSessionDelete ..................................99
          4.7.7. EchoInterval .......................................99
          4.7.8. IdleTimeout ........................................99
          4.7.9. ImageDataStartTimer ...............................100
          4.7.10. MaxDiscoveryInterval .............................100
          4.7.11. ReportInterval ...................................100
          4.7.12. RetransmitInterval ...............................100
          4.7.13. SilentInterval ...................................100
          4.7.14. StatisticsTimer ..................................100
          4.7.15. WaitDTLS .........................................101
          4.7.16. WaitJoin .........................................101
     4.8. CAPWAP Protocol Variables ................................101
          4.8.1. AdminState ........................................101
          4.8.2. DiscoveryCount ....................................101
          4.8.3. FailedDTLSAuthFailCount ...........................101
          4.8.4. FailedDTLSSessionCount ............................101
          4.8.5. MaxDiscoveries ....................................102
          4.8.6. MaxFailedDTLSSessionRetry .........................102
          4.8.7. MaxRetransmit .....................................102
          4.8.8. RetransmitCount ...................................102
          4.8.9. WTPFallBack .......................................102
     4.9. WTP Saved Variables ......................................102
          4.9.1. AdminRebootCount ..................................102
          4.9.2. FrameEncapType ....................................102
          4.9.3. LastRebootReason ..................................103
          4.9.4. MacType ...........................................103
          4.9.5. PreferredACs ......................................103
          4.9.6. RebootCount .......................................103
          4.9.7. Static IP Address .................................103
          4.9.8. WTPLinkFailureCount ...............................103
          4.9.9. WTPLocation .......................................103
          4.9.10. WTPName ..........................................103
  5. CAPWAP Discovery Operations ...................................103
     5.1. Discovery Request Message ................................103
     5.2. Discovery Response Message ...............................105
     5.3. Primary Discovery Request Message ........................106
     5.4. Primary Discovery Response ...............................107
  6. CAPWAP Join Operations ........................................108
     6.1. Join Request .............................................108
     6.2. Join Response ............................................110
  7. Control Channel Management ....................................111
     7.1. Echo Request .............................................111
     7.2. Echo Response ............................................112



Calhoun, et al.             Standards Track                     [Page 4]

RFC 5415             CAPWAP Protocol Specification            March 2009


  8. WTP Configuration Management ..................................112
     8.1. Configuration Consistency ................................112
          8.1.1. Configuration Flexibility .........................113
     8.2. Configuration Status Request .............................114
     8.3. Configuration Status Response ............................115
     8.4. Configuration Update Request .............................116
     8.5. Configuration Update Response ............................117
     8.6. Change State Event Request ...............................117
     8.7. Change State Event Response ..............................118
     8.8. Clear Configuration Request ..............................119
     8.9. Clear Configuration Response .............................119
  9. Device Management Operations ..................................120
     9.1. Firmware Management ......................................120
          9.1.1. Image Data Request ................................124
          9.1.2. Image Data Response ...............................125
     9.2. Reset Request ............................................126
     9.3. Reset Response ...........................................127
     9.4. WTP Event Request ........................................127
     9.5. WTP Event Response .......................................128
     9.6. Data Transfer ............................................128
          9.6.1. Data Transfer Request .............................130
          9.6.2. Data Transfer Response ............................131
  10. Station Session Management ...................................131
     10.1. Station Configuration Request ...........................131
     10.2. Station Configuration Response ..........................132
  11. NAT Considerations ...........................................132
  12. Security Considerations ......................................134
     12.1. CAPWAP Security .........................................134
          12.1.1. Converting Protected Data into Unprotected Data ..135
          12.1.2. Converting Unprotected Data into
                  Protected Data (Insertion) .......................135
          12.1.3. Deletion of Protected Records ....................135
          12.1.4. Insertion of Unprotected Records .................135
          12.1.5. Use of MD5 .......................................136
          12.1.6. CAPWAP Fragmentation .............................136
     12.2. Session ID Security .....................................136
     12.3. Discovery or DTLS Setup Attacks .........................137
     12.4. Interference with a DTLS Session ........................137
     12.5. CAPWAP Pre-Provisioning .................................138
     12.6. Use of Pre-Shared Keys in CAPWAP ........................139
     12.7. Use of Certificates in CAPWAP ...........................140
     12.8. Use of MAC Address in CN Field ..........................140
     12.9. AAA Security ............................................141
     12.10. WTP Firmware ...........................................141
  13. Operational Considerations ...................................141
  14. Transport Considerations .....................................142
  15. IANA Considerations ..........................................143
     15.1. IPv4 Multicast Address ..................................143



Calhoun, et al.             Standards Track                     [Page 5]

RFC 5415             CAPWAP Protocol Specification            March 2009


     15.2. IPv6 Multicast Address ..................................144
     15.3. UDP Port ................................................144
     15.4. CAPWAP Message Types ....................................144
     15.5. CAPWAP Header Flags .....................................144
     15.6. CAPWAP Control Message Flags ............................145
     15.7. CAPWAP Message Element Type .............................145
     15.8. CAPWAP Wireless Binding Identifiers .....................145
     15.9. AC Security Types .......................................146
     15.10. AC DTLS Policy .........................................146
     15.11. AC Information Type ....................................146
     15.12. CAPWAP Transport Protocol Types ........................146
     15.13. Data Transfer Type .....................................147
     15.14. Data Transfer Mode .....................................147
     15.15. Discovery Types ........................................147
     15.16. ECN Support ............................................148
     15.17. Radio Admin State ......................................148
     15.18. Radio Operational State ................................148
     15.19. Radio Failure Causes ...................................148
     15.20. Result Code ............................................149
     15.21. Returned Message Element Reason ........................149
     15.22. WTP Board Data Type ....................................149
     15.23. WTP Descriptor Type ....................................149
     15.24. WTP Fallback Mode ......................................150
     15.25. WTP Frame Tunnel Mode ..................................150
     15.26. WTP MAC Type ...........................................150
     15.27. WTP Radio Stats Failure Type ...........................151
     15.28. WTP Reboot Stats Failure Type ..........................151
  16. Acknowledgments ..............................................151
  17. References ...................................................151
     17.1. Normative References ....................................151
     17.2. Informative References ..................................153




















Calhoun, et al.             Standards Track                     [Page 6]

RFC 5415             CAPWAP Protocol Specification            March 2009


1.  Introduction

  This document describes the CAPWAP protocol, a standard,
  interoperable protocol that enables an Access Controller (AC) to
  manage a collection of Wireless Termination Points (WTPs).  The
  CAPWAP protocol is defined to be independent of Layer 2 (L2)
  technology, and meets the objectives in "Objectives for Control and
  Provisioning of Wireless Access Points (CAPWAP)" [RFC4564].

  The emergence of centralized IEEE 802.11 Wireless Local Area Network
  (WLAN) architectures, in which simple IEEE 802.11 WTPs are managed by
  an Access Controller (AC), suggested that a standards-based,
  interoperable protocol could radically simplify the deployment and
  management of wireless networks.  WTPs require a set of dynamic
  management and control functions related to their primary task of
  connecting the wireless and wired mediums.  Traditional protocols for
  managing WTPs are either manual static configuration via HTTP,
  proprietary Layer 2-specific or non-existent (if the WTPs are self-
  contained).  An IEEE 802.11 binding is defined in [RFC5416] to
  support use of the CAPWAP protocol with IEEE 802.11 WLAN networks.

  CAPWAP assumes a network configuration consisting of multiple WTPs
  communicating via the Internet Protocol (IP) to an AC.  WTPs are
  viewed as remote radio frequency (RF) interfaces controlled by the
  AC.  The CAPWAP protocol supports two modes of operation: Split and
  Local MAC (medium access control).  In Split MAC mode, all L2
  wireless data and management frames are encapsulated via the CAPWAP
  protocol and exchanged between the AC and the WTP.  As shown in
  Figure 1, the wireless frames received from a mobile device, which is
  referred to in this specification as a Station (STA), are directly
  encapsulated by the WTP and forwarded to the AC.

             +-+         wireless frames        +-+
             | |--------------------------------| |
             | |              +-+               | |
             | |--------------| |---------------| |
             | |wireless PHY/ | |     CAPWAP    | |
             | | MAC sublayer | |               | |
             +-+              +-+               +-+
             STA              WTP                AC

       Figure 1: Representative CAPWAP Architecture for Split MAC

  The Local MAC mode of operation allows for the data frames to be
  either locally bridged or tunneled as 802.3 frames.  The latter
  implies that the WTP performs the 802.11 Integration function.  In
  either case, the L2 wireless management frames are processed locally




Calhoun, et al.             Standards Track                     [Page 7]

RFC 5415             CAPWAP Protocol Specification            March 2009


  by the WTP and then forwarded to the AC.  Figure 2 shows the Local
  MAC mode, in which a station transmits a wireless frame that is
  encapsulated in an 802.3 frame and forwarded to the AC.

             +-+wireless frames +-+ 802.3 frames +-+
             | |----------------| |--------------| |
             | |                | |              | |
             | |----------------| |--------------| |
             | |wireless PHY/   | |     CAPWAP   | |
             | | MAC sublayer   | |              | |
             +-+                +-+              +-+
             STA                WTP               AC

       Figure 2: Representative CAPWAP Architecture for Local MAC

  Provisioning WTPs with security credentials and managing which WTPs
  are authorized to provide service are traditionally handled by
  proprietary solutions.  Allowing these functions to be performed from
  a centralized AC in an interoperable fashion increases manageability
  and allows network operators to more tightly control their wireless
  network infrastructure.

1.1.  Goals

  The goals for the CAPWAP protocol are listed below:

  1. To centralize the authentication and policy enforcement functions
     for a wireless network.  The AC may also provide centralized
     bridging, forwarding, and encryption of user traffic.
     Centralization of these functions will enable reduced cost and
     higher efficiency by applying the capabilities of network
     processing silicon to the wireless network, as in wired LANs.

  2. To enable shifting of the higher-level protocol processing from
     the WTP.  This leaves the time-critical applications of wireless
     control and access in the WTP, making efficient use of the
     computing power available in WTPs, which are subject to severe
     cost pressure.

  3. To provide an extensible protocol that is not bound to a specific
     wireless technology.  Extensibility is provided via a generic
     encapsulation and transport mechanism, enabling the CAPWAP
     protocol to be applied to many access point types in the future,
     via a specific wireless binding.

  The CAPWAP protocol concerns itself solely with the interface between
  the WTP and the AC.  Inter-AC and station-to-AC communication are
  strictly outside the scope of this document.



Calhoun, et al.             Standards Track                     [Page 8]

RFC 5415             CAPWAP Protocol Specification            March 2009


1.2.  Conventions Used in This Document

  The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
  "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
  document are to be interpreted as described in RFC 2119 [RFC2119].

1.3.  Contributing Authors

  This section lists and acknowledges the authors of significant text
  and concepts included in this specification.

  The CAPWAP Working Group selected the Lightweight Access Point
  Protocol (LWAPP) [LWAPP] to be used as the basis of the CAPWAP
  protocol specification.  The following people are authors of the
  LWAPP document:

     Bob O'Hara
     Email: [email protected]

     Pat Calhoun, Cisco Systems, Inc.
     170 West Tasman Drive, San Jose, CA  95134
     Phone: +1 408-902-3240, Email: [email protected]

     Rohit Suri, Cisco Systems, Inc.
     170 West Tasman Drive, San Jose, CA  95134
     Phone: +1 408-853-5548, Email: [email protected]

     Nancy Cam Winget, Cisco Systems, Inc.
     170 West Tasman Drive, San Jose, CA  95134
     Phone: +1 408-853-0532, Email: [email protected]

     Scott Kelly, Aruba Networks
     1322 Crossman Ave, Sunnyvale, CA 94089
     Phone: +1  408-754-8408, Email: [email protected]

     Michael Glenn Williams, Nokia, Inc.
     313 Fairchild Drive, Mountain View, CA  94043
     Phone: +1 650-714-7758, Email: [email protected]

     Sue Hares, Green Hills Software
     825 Victors Way, Suite 100, Ann Arbor, MI  48108
     Phone: +1 734 222 1610, Email: [email protected]

  Datagram Transport Layer Security (DTLS) [RFC4347] is used as the
  security solution for the CAPWAP protocol.  The following people are
  authors of significant DTLS-related text included in this document:





Calhoun, et al.             Standards Track                     [Page 9]

RFC 5415             CAPWAP Protocol Specification            March 2009


     Scott Kelly, Aruba Networks
     1322 Crossman Ave, Sunnyvale, CA 94089
     Phone: +1  408-754-8408
     Email: [email protected]

     Eric Rescorla, Network Resonance
     2483 El Camino Real, #212,Palo Alto CA, 94303
     Email: [email protected]

  The concept of using DTLS to secure the CAPWAP protocol was part of
  the Secure Light Access Point Protocol (SLAPP) proposal [SLAPP].  The
  following people are authors of the SLAPP proposal:

     Partha Narasimhan, Aruba Networks
     1322 Crossman Ave, Sunnyvale, CA  94089
     Phone: +1 408-480-4716
     Email: [email protected]

     Dan Harkins
     Trapeze Networks
     5753 W. Las Positas Blvd, Pleasanton, CA  94588
     Phone: +1-925-474-2212
     EMail: [email protected]

     Subbu Ponnuswamy, Aruba Networks
     1322 Crossman Ave, Sunnyvale, CA  94089
     Phone: +1 408-754-1213
     Email: [email protected]

  The following individuals contributed significant security-related
  text to the document [RFC5418]:

     T. Charles Clancy, Laboratory for Telecommunications Sciences,
     8080 Greenmead Drive, College Park, MD 20740
     Phone: +1 240-373-5069, Email: [email protected]

     Scott Kelly, Aruba Networks
     1322 Crossman Ave, Sunnyvale, CA 94089
     Phone: +1  408-754-8408, Email: [email protected]

1.4.  Terminology

  Access Controller (AC): The network entity that provides WTP access
  to the network infrastructure in the data plane, control plane,
  management plane, or a combination therein.






Calhoun, et al.             Standards Track                    [Page 10]

RFC 5415             CAPWAP Protocol Specification            March 2009


  CAPWAP Control Channel: A bi-directional flow defined by the AC IP
  Address, WTP IP Address, AC control port, WTP control port, and the
  transport-layer protocol (UDP or UDP-Lite) over which CAPWAP Control
  packets are sent and received.

  CAPWAP Data Channel: A bi-directional flow defined by the AC IP
  Address, WTP IP Address, AC data port, WTP data port, and the
  transport-layer protocol (UDP or UDP-Lite) over which CAPWAP Data
  packets are sent and received.

  Station (STA): A device that contains an interface to a wireless
  medium (WM).

  Wireless Termination Point (WTP): The physical or network entity that
  contains an RF antenna and wireless Physical Layer (PHY) to transmit
  and receive station traffic for wireless access networks.

  This document uses additional terminology defined in [RFC3753].

2.  Protocol Overview

  The CAPWAP protocol is a generic protocol defining AC and WTP control
  and data plane communication via a CAPWAP protocol transport
  mechanism.  CAPWAP Control messages, and optionally CAPWAP Data
  messages, are secured using Datagram Transport Layer Security (DTLS)
  [RFC4347].  DTLS is a standards-track IETF protocol based upon TLS.
  The underlying security-related protocol mechanisms of TLS have been
  successfully deployed for many years.

  The CAPWAP protocol transport layer carries two types of payload,
  CAPWAP Data messages and CAPWAP Control messages.  CAPWAP Data
  messages encapsulate forwarded wireless frames.  CAPWAP protocol
  Control messages are management messages exchanged between a WTP and
  an AC.  The CAPWAP Data and Control packets are sent over separate
  UDP ports.  Since both data and control packets can exceed the
  Maximum Transmission Unit (MTU) length, the payload of a CAPWAP Data
  or Control message can be fragmented.  The fragmentation behavior is
  defined in Section 3.

  The CAPWAP Protocol begins with a Discovery phase.  The WTPs send a
  Discovery Request message, causing any Access Controller (AC)
  receiving the message to respond with a Discovery Response message.
  From the Discovery Response messages received, a WTP selects an AC
  with which to establish a secure DTLS session.  In order to establish
  the secure DTLS connection, the WTP will need some amount of pre-
  provisioning, which is specified in Section 12.5.  CAPWAP protocol
  messages will be fragmented to the maximum length discovered to be
  supported by the network.



Calhoun, et al.             Standards Track                    [Page 11]

RFC 5415             CAPWAP Protocol Specification            March 2009


  Once the WTP and the AC have completed DTLS session establishment, a
  configuration exchange occurs in which both devices agree on version
  information.  During this exchange, the WTP may receive provisioning
  settings.  The WTP is then enabled for operation.

  When the WTP and AC have completed the version and provision exchange
  and the WTP is enabled, the CAPWAP protocol is used to encapsulate
  the wireless data frames sent between the WTP and AC.  The CAPWAP
  protocol will fragment the L2 frames if the size of the encapsulated
  wireless user data (Data) or protocol control (Management) frames
  causes the resulting CAPWAP protocol packet to exceed the MTU
  supported between the WTP and AC.  Fragmented CAPWAP packets are
  reassembled to reconstitute the original encapsulated payload.  MTU
  Discovery and Fragmentation are described in Section 3.

  The CAPWAP protocol provides for the delivery of commands from the AC
  to the WTP for the management of stations that are communicating with
  the WTP.  This may include the creation of local data structures in
  the WTP for the stations and the collection of statistical
  information about the communication between the WTP and the stations.
  The CAPWAP protocol provides a mechanism for the AC to obtain
  statistical information collected by the WTP.

  The CAPWAP protocol provides for a keep-alive feature that preserves
  the communication channel between the WTP and AC.  If the AC fails to
  appear alive, the WTP will try to discover a new AC.

2.1.  Wireless Binding Definition

  The CAPWAP protocol is independent of a specific WTP radio
  technology, as well its associated wireless link layer protocol.
  Elements of the CAPWAP protocol are designed to accommodate the
  specific needs of each wireless technology in a standard way.
  Implementation of the CAPWAP protocol for a particular wireless
  technology MUST follow the binding requirements defined for that
  technology.

  When defining a binding for wireless technologies, the authors MUST
  include any necessary definitions for technology-specific messages
  and all technology-specific message elements for those messages.  At
  a minimum, a binding MUST provide:

  1. The definition for a binding-specific Statistics message element,
     carried in the WTP Event Request message.

  2. A message element carried in the Station Configuration Request
     message to configure station information on the WTP.




Calhoun, et al.             Standards Track                    [Page 12]

RFC 5415             CAPWAP Protocol Specification            March 2009


  3. A WTP Radio Information message element carried in the Discovery,
     Primary Discovery, and Join Request and Response messages,
     indicating the binding-specific radio types supported at the WTP
     and AC.

  If technology-specific message elements are required for any of the
  existing CAPWAP messages defined in this specification, they MUST
  also be defined in the technology binding document.

  The naming of binding-specific message elements MUST begin with the
  name of the technology type, e.g., the binding for IEEE 802.11,
  provided in [RFC5416], begins with "IEEE 802.11".

  The CAPWAP binding concept MUST also be used in any future
  specifications that add functionality to either the base CAPWAP
  protocol specification, or any published CAPWAP binding
  specification.  A separate WTP Radio Information message element MUST
  be created to properly advertise support for the specification.  This
  mechanism allows for future protocol extensibility, while providing
  the necessary capabilities advertisement, through the WTP Radio
  Information message element, to ensure WTP/AC interoperability.

2.2.  CAPWAP Session Establishment Overview

  This section describes the session establishment process message
  exchanges between a CAPWAP WTP and AC.  The annotated ladder diagram
  shows the AC on the right, the WTP on the left, and assumes the use
  of certificates for DTLS authentication.  The CAPWAP protocol state
  machine is described in detail in Section 2.3.  Note that DTLS allows
  certain messages to be aggregated into a single frame, which is
  denoted via an asterisk in Figure 3.

          ============                         ============
              WTP                                   AC
          ============                         ============
           [----------- begin optional discovery ------------]

                          Discover Request
                ------------------------------------>
                          Discover Response
                <------------------------------------

           [----------- end optional discovery ------------]

                     (-- begin DTLS handshake --)

                            ClientHello
                ------------------------------------>



Calhoun, et al.             Standards Track                    [Page 13]

RFC 5415             CAPWAP Protocol Specification            March 2009


                     HelloVerifyRequest (with cookie)
                <------------------------------------


                       ClientHello (with cookie)
                ------------------------------------>
                               ServerHello,
                               Certificate,
                               ServerHelloDone*
                <------------------------------------

               (-- WTP callout for AC authorization --)

                       Certificate (optional),
                        ClientKeyExchange,
                    CertificateVerify (optional),
                        ChangeCipherSpec,
                            Finished*
                ------------------------------------>

               (-- AC callout for WTP authorization --)

                        ChangeCipherSpec,
                            Finished*
                <------------------------------------

               (-- DTLS session is established now --)

                             Join Request
                ------------------------------------>
                             Join Response
                <------------------------------------
                     [-- Join State Complete --]

                  (-- assume image is up to date --)

                     Configuration Status Request
                ------------------------------------>
                     Configuration Status Response
                <------------------------------------
                   [-- Configure State Complete --]

                      Change State Event Request
                ------------------------------------>
                      Change State Event Response
                <------------------------------------
                  [-- Data Check State Complete --]




Calhoun, et al.             Standards Track                    [Page 14]

RFC 5415             CAPWAP Protocol Specification            March 2009


                       (-- enter RUN state --)

                                  :
                                  :

                             Echo Request
                ------------------------------------>
                            Echo Response
                <------------------------------------

                                  :
                                  :

                             Event Request
                ------------------------------------>
                            Event Response
                <------------------------------------

                                  :
                                  :

               Figure 3: CAPWAP Control Protocol Exchange

  At the end of the illustrated CAPWAP message exchange, the AC and WTP
  are securely exchanging CAPWAP Control messages.  This illustration
  is provided to clarify protocol operation, and does not include any
  possible error conditions.  Section 2.3 provides a detailed
  description of the corresponding state machine.

2.3.  CAPWAP State Machine Definition

  The following state diagram represents the lifecycle of a WTP-AC
  session.  Use of DTLS by the CAPWAP protocol results in the
  juxtaposition of two nominally separate yet tightly bound state
  machines.  The DTLS and CAPWAP state machines are coupled through an
  API consisting of commands (see Section 2.3.2.1) and notifications
  (see Section 2.3.2.2).  Certain transitions in the DTLS state machine
  are triggered by commands from the CAPWAP state machine, while
  certain transitions in the CAPWAP state machine are triggered by
  notifications from the DTLS state machine.











Calhoun, et al.             Standards Track                    [Page 15]

RFC 5415             CAPWAP Protocol Specification            March 2009


                           /-------------------------------------\
                           |          /-------------------------\|
                           |         p|                         ||
                           |    q+----------+ r +------------+  ||
                           |     |   Run    |-->|   Reset    |-\||
                           |     +----------+   +------------+ |||
                          n|  o      ^           ^     ^      s|||
               +------------+--------/           |     |       |||
               | Data Check |             /-------/    |       |||
               +------------+<-------\   |             |       |||
                                     |   |             |       |||
                      /------------------+--------\    |       |||
                     f|             m|  h|    j   v   k|       |||
              +--------+     +-----------+     +--------------+|||
              |  Join  |---->| Configure |     |  Image Data  ||||
              +--------+  n  +-----------+     +--------------+|||
               ^   |g                 i|                    l| |||
               |   |                   \-------------------\ | |||
               |   \--------------------------------------\| | |||
               \------------------------\                 || | |||
        /--------------<----------------+---------------\ || | |||
        | /------------<----------------+-------------\ | || | |||
        | |  4                          |d           t| | vv v vvv
        | |   +----------------+   +--------------+   +-----------+
        | |   |   DTLS Setup   |   | DTLS Connect |-->|  DTLS TD  |
      /-|-|---+----------------+   +--------------+ e +-----------+
      | | |    |$  ^  ^   |5  ^6         ^              ^  |w
      v v v    |   |  |   |   \-------\  |              |  |
      | | |    |   |  |   \---------\ |  |  /-----------/  |
      | | |    |   |  \--\          | |  |  |              |
      | | |    |   |     |          | |  |  |              |
      | | |    v  3|  1  |%     #   v |  |a |b             v
      | | \->+------+-->+------+   +-----------+    +--------+
      | |    | Idle |   | Disc |   | Authorize |    |  Dead  |
      | |    +------+<--+------+   +-----------+    +--------+
      | |     ^   0^  2      |!
      | |     |    |         |   +-------+
     *| |u    |    \---------+---| Start |
      | |     |@             |   +-------+
      | \->+---------+<------/
      \--->| Sulking |
           +---------+&

                Figure 4: CAPWAP Integrated State Machine

  The CAPWAP protocol state machine, depicted above, is used by both
  the AC and the WTP.  In cases where states are not shared (i.e., not
  implemented in one or the other of the AC or WTP), this is explicitly



Calhoun, et al.             Standards Track                    [Page 16]

RFC 5415             CAPWAP Protocol Specification            March 2009


  called out in the transition descriptions below.  For every state
  defined, only certain messages are permitted to be sent and received.
  The CAPWAP Control message definitions specify the state(s) in which
  each message is valid.

  Since the WTP only communicates with a single AC, it only has a
  single instance of the CAPWAP state machine.  The state machine works
  differently on the AC since it communicates with many WTPs.  The AC
  uses the concept of three threads.  Note that the term thread used
  here does not necessarily imply that implementers must use threads,
  but it is one possible way of implementing the AC's state machine.

  Listener Thread:   The AC's Listener thread handles inbound DTLS
     session establishment requests, through the DTLSListen command.
     Upon creation, the Listener thread starts in the DTLS Setup state.
     Once a DTLS session has been validated, which occurs when the
     state machine enters the "Authorize" state, the Listener thread
     creates a WTP session-specific Service thread and state context.
     The state machine transitions in Figure 4 are represented by
     numerals.  It is necessary for the AC to protect itself against
     various attacks that exist with non-authenticated frames.  See
     Section 12 for more information.

  Discovery Thread:   The AC's Discovery thread is responsible for
     receiving, and responding to, Discovery Request messages.  The
     state machine transitions in Figure 4 are represented by numerals.
     Note that the Discovery thread does not maintain any per-WTP-
     specific context information, and a single state context exists.
     It is necessary for the AC to protect itself against various
     attacks that exist with non-authenticated frames.  See Section 12
     for more information.

  Service Thread:   The AC's Service thread handles the per-WTP states,
     and one such thread exists per-WTP connection.  This thread is
     created by the Listener thread when the Authorize state is
     reached.  When created, the Service thread inherits a copy of the
     state machine context from the Listener thread.  When
     communication with the WTP is complete, the Service thread is
     terminated and all associated resources are released.  The state
     machine transitions in Figure 4 are represented by alphabetic and
     punctuation characters.

2.3.1.  CAPWAP Protocol State Transitions

  This section describes the various state transitions, and the events
  that cause them.  This section does not discuss interactions between
  DTLS- and CAPWAP-specific states.  Those interactions, and DTLS-
  specific states and transitions, are discussed in Section 2.3.2.



Calhoun, et al.             Standards Track                    [Page 17]

RFC 5415             CAPWAP Protocol Specification            March 2009


  Start to Idle (0):  This transition occurs once device initialization
     is complete.

     WTP:  This state transition is used to start the WTP's CAPWAP
           state machine.

     AC:   The AC creates the Discovery and Listener threads and starts
           the CAPWAP state machine.

  Idle to Discovery (1):  This transition occurs to support the CAPWAP
     discovery process.

     WTP:  The WTP enters the Discovery state prior to transmitting the
           first Discovery Request message (see Section 5.1).  Upon
           entering this state, the WTP sets the DiscoveryInterval
           timer (see Section 4.7).  The WTP resets the DiscoveryCount
           counter to zero (0) (see Section 4.8).  The WTP also clears
           all information from ACs it may have received during a
           previous Discovery phase.

     AC:   This state transition is executed by the AC's Discovery
           thread, and occurs when a Discovery Request message is
           received.  The AC SHOULD respond with a Discovery Response
           message (see Section 5.2).

  Discovery to Discovery (#):  In the Discovery state, the WTP
     determines to which AC to connect.

     WTP:  This transition occurs when the DiscoveryInterval timer
           expires.  If the WTP is configured with a list of ACs, it
           transmits a Discovery Request message to every AC from which
           it has not received a Discovery Response message.  For every
           transition to this event, the WTP increments the
           DiscoveryCount counter.  See Section 5.1 for more
           information on how the WTP knows the ACs to which it should
           transmit the Discovery Request messages.  The WTP restarts
           the DiscoveryInterval timer whenever it transmits Discovery
           Request messages.

     AC:   This is an invalid state transition for the AC.

  Discovery to Idle (2):  This transition occurs on the AC's Discovery
     thread when the Discovery processing is complete.

     WTP:  This is an invalid state transition for the WTP.






Calhoun, et al.             Standards Track                    [Page 18]

RFC 5415             CAPWAP Protocol Specification            March 2009


     AC:   This state transition is executed by the AC's Discovery
           thread when it has transmitted the Discovery Response, in
           response to a Discovery Request.

  Discovery to Sulking (!):  This transition occurs on a WTP when AC
     Discovery fails.

     WTP:  The WTP enters this state when the DiscoveryInterval timer
           expires and the DiscoveryCount variable is equal to the
           MaxDiscoveries variable (see Section 4.8).  Upon entering
           this state, the WTP MUST start the SilentInterval timer.
           While in the Sulking state, all received CAPWAP protocol
           messages MUST be ignored.

     AC:   This is an invalid state transition for the AC.

  Sulking to Idle (@):  This transition occurs on a WTP when it must
     restart the Discovery phase.

     WTP:  The WTP enters this state when the SilentInterval timer (see
           Section 4.7) expires.  The FailedDTLSSessionCount,
           DiscoveryCount, and FailedDTLSAuthFailCount counters are
           reset to zero.

     AC:   This is an invalid state transition for the AC.

  Sulking to Sulking (&):  The Sulking state provides the silent
     period, minimizing the possibility for Denial-of-Service (DoS)
     attacks.

     WTP:  All packets received from the AC while in the sulking state
           are ignored.

     AC:   This is an invalid state transition for the AC.

  Idle to DTLS Setup (3):  This transition occurs to establish a secure
     DTLS session with the peer.

     WTP:  The WTP initiates this transition by invoking the DTLSStart
           command (see Section 2.3.2.1), which starts the DTLS session
           establishment with the chosen AC and the WaitDTLS timer is
           started (see Section 4.7).  When the Discovery phase is
           bypassed, it is assumed the WTP has locally configured ACs.








Calhoun, et al.             Standards Track                    [Page 19]

RFC 5415             CAPWAP Protocol Specification            March 2009


     AC:   Upon entering the Idle state from the Start state, the newly
           created Listener thread automatically transitions to the
           DTLS Setup and invokes the DTLSListen command (see
           Section 2.3.2.1), and the WaitDTLS timer is started (see
           Section 4.7).

  Discovery to DTLS Setup (%):  This transition occurs to establish a
     secure DTLS session with the peer.

     WTP:  The WTP initiates this transition by invoking the DTLSStart
           command (see Section 2.3.2.1), which starts the DTLS session
           establishment with the chosen AC.  The decision of to which
           AC to connect is the result of the Discovery phase, which is
           described in Section 3.3.

     AC:   This is an invalid state transition for the AC.

  DTLS Setup to Idle ($):  This transition occurs when the DTLS
     connection setup fails.

     WTP:  The WTP initiates this state transition when it receives a
           DTLSEstablishFail notification from DTLS (see
           Section 2.3.2.2), and the FailedDTLSSessionCount or the
           FailedDTLSAuthFailCount counter have not reached the value
           of the MaxFailedDTLSSessionRetry variable (see Section 4.8).
           This error notification aborts the secure DTLS session
           establishment.  When this notification is received, the
           FailedDTLSSessionCount counter is incremented.  This state
           transition also occurs if the WaitDTLS timer has expired.

     AC:   This is an invalid state transition for the AC.

  DTLS Setup to Sulking (*):  This transition occurs when repeated
     attempts to set up the DTLS connection have failed.

     WTP:  The WTP enters this state when the FailedDTLSSessionCount or
           the FailedDTLSAuthFailCount counter reaches the value of the
           MaxFailedDTLSSessionRetry variable (see Section 4.8).  Upon
           entering this state, the WTP MUST start the SilentInterval
           timer.  While in the Sulking state, all received CAPWAP and
           DTLS protocol messages received MUST be ignored.

     AC:   This is an invalid state transition for the AC.

  DTLS Setup to DTLS Setup (4):  This transition occurs when the DTLS
     Session failed to be established.

     WTP:  This is an invalid state transition for the WTP.



Calhoun, et al.             Standards Track                    [Page 20]

RFC 5415             CAPWAP Protocol Specification            March 2009


     AC:   The AC's Listener initiates this state transition when it
           receives a DTLSEstablishFail notification from DTLS (see
           Section 2.3.2.2).  This error notification aborts the secure
           DTLS session establishment.  When this notification is
           received, the FailedDTLSSessionCount counter is incremented.
           The Listener thread then invokes the DTLSListen command (see
           Section 2.3.2.1).

  DTLS Setup to Authorize (5):  This transition occurs when an incoming
     DTLS session is being established, and the DTLS stack needs
     authorization to proceed with the session establishment.

     WTP:  This state transition occurs when the WTP receives the
           DTLSPeerAuthorize notification (see Section 2.3.2.2).  Upon
           entering this state, the WTP performs an authorization check
           against the AC credentials.  See Section 2.4.4 for more
           information on AC authorization.

     AC:   This state transition is handled by the AC's Listener thread
           when the DTLS module initiates the DTLSPeerAuthorize
           notification (see Section 2.3.2.2).  The Listener thread
           forks an instance of the Service thread, along with a copy
           of the state context.  Once created, the Service thread
           performs an authorization check against the WTP credentials.
           See Section 2.4.4 for more information on WTP authorization.

  Authorize to DTLS Setup (6):  This transition is executed by the
     Listener thread to enable it to listen for new incoming sessions.

     WTP:  This is an invalid state transition for the WTP.

     AC:   This state transition occurs when the AC's Listener thread
           has created the WTP context and the Service thread.  The
           Listener thread then invokes the DTLSListen command (see
           Section 2.3.2.1).

  Authorize to DTLS Connect (a):  This transition occurs to notify the
     DTLS stack that the session should be established.

     WTP:  This state transition occurs when the WTP has successfully
           authorized the AC's credentials (see Section 2.4.4).  This
           is done by invoking the DTLSAccept DTLS command (see
           Section 2.3.2.1).

     AC:   This state transition occurs when the AC has successfully
           authorized the WTP's credentials (see Section 2.4.4).  This
           is done by invoking the DTLSAccept DTLS command (see
           Section 2.3.2.1).



Calhoun, et al.             Standards Track                    [Page 21]

RFC 5415             CAPWAP Protocol Specification            March 2009


  Authorize to DTLS Teardown (b):  This transition occurs to notify the
     DTLS stack that the session should be aborted.

     WTP:  This state transition occurs when the WTP has been unable to
           authorize the AC, using the AC credentials.  The WTP then
           aborts the DTLS session by invoking the DTLSAbortSession
           command (see Section 2.3.2.1).  This state transition also
           occurs if the WaitDTLS timer has expired.  The WTP starts
           the DTLSSessionDelete timer (see Section 4.7.6).

     AC:   This state transition occurs when the AC has been unable to
           authorize the WTP, using the WTP credentials.  The AC then
           aborts the DTLS session by invoking the DTLSAbortSession
           command (see Section 2.3.2.1).  This state transition also
           occurs if the WaitDTLS timer has expired.  The AC starts the
           DTLSSessionDelete timer (see Section 4.7.6).

  DTLS Connect to DTLS Teardown (c):  This transition occurs when the
     DTLS Session failed to be established.

     WTP:  This state transition occurs when the WTP receives either a
           DTLSAborted or DTLSAuthenticateFail notification (see
           Section 2.3.2.2), indicating that the DTLS session was not
           successfully established.  When this transition occurs due
           to the DTLSAuthenticateFail notification, the
           FailedDTLSAuthFailCount is incremented; otherwise, the
           FailedDTLSSessionCount counter is incremented.  This state
           transition also occurs if the WaitDTLS timer has expired.
           The WTP starts the DTLSSessionDelete timer (see
           Section 4.7.6).

     AC:   This state transition occurs when the AC receives either a
           DTLSAborted or DTLSAuthenticateFail notification (see
           Section 2.3.2.2), indicating that the DTLS session was not
           successfully established, and both of the
           FailedDTLSAuthFailCount and FailedDTLSSessionCount counters
           have not reached the value of the MaxFailedDTLSSessionRetry
           variable (see Section 4.8).  This state transition also
           occurs if the WaitDTLS timer has expired.  The AC starts the
           DTLSSessionDelete timer (see Section 4.7.6).

  DTLS Connect to Join (d):  This transition occurs when the DTLS
     Session is successfully established.

     WTP:  This state transition occurs when the WTP receives the
           DTLSEstablished notification (see Section 2.3.2.2),
           indicating that the DTLS session was successfully
           established.  When this notification is received, the



Calhoun, et al.             Standards Track                    [Page 22]

RFC 5415             CAPWAP Protocol Specification            March 2009


           FailedDTLSSessionCount counter is set to zero.  The WTP
           enters the Join state by transmitting the Join Request to
           the AC.  The WTP stops the WaitDTLS timer.

     AC:   This state transition occurs when the AC receives the
           DTLSEstablished notification (see Section 2.3.2.2),
           indicating that the DTLS session was successfully
           established.  When this notification is received, the
           FailedDTLSSessionCount counter is set to zero.  The AC stops
           the WaitDTLS timer, and starts the WaitJoin timer.

  Join to DTLS Teardown (e):  This transition occurs when the join
     process has failed.

     WTP:  This state transition occurs when the WTP receives a Join
           Response message with a Result Code message element
           containing an error, or if the Image Identifier provided by
           the AC in the Join Response message differs from the WTP's
           currently running firmware version and the WTP has the
           requested image in its non-volatile memory.  This causes the
           WTP to initiate the DTLSShutdown command (see
           Section 2.3.2.1).  This transition also occurs if the WTP
           receives one of the following DTLS notifications:
           DTLSAborted, DTLSReassemblyFailure, or DTLSPeerDisconnect.
           The WTP starts the DTLSSessionDelete timer (see
           Section 4.7.6).

     AC:   This state transition occurs either if the WaitJoin timer
           expires or if the AC transmits a Join Response message with
           a Result Code message element containing an error.  This
           causes the AC to initiate the DTLSShutdown command (see
           Section 2.3.2.1).  This transition also occurs if the AC
           receives one of the following DTLS notifications:
           DTLSAborted, DTLSReassemblyFailure, or DTLSPeerDisconnect.
           The AC starts the DTLSSessionDelete timer (see
           Section 4.7.6).

  Join to Image Data (f):  This state transition is used by the WTP and
     the AC to download executable firmware.

     WTP:  The WTP enters the Image Data state when it receives a
           successful Join Response message and determines that the
           software version in the Image Identifier message element is
           not the same as its currently running image.  The WTP also
           detects that the requested image version is not currently
           available in the WTP's non-volatile storage (see Section 9.1
           for a full description of the firmware download process).
           The WTP initializes the EchoInterval timer (see



Calhoun, et al.             Standards Track                    [Page 23]

RFC 5415             CAPWAP Protocol Specification            March 2009


           Section 4.7), and transmits the Image Data Request message
           (see Section 9.1.1) requesting the start of the firmware
           download.

     AC:   This state transition occurs when the AC receives the Image
           Data Request message from the WTP, after having sent its
           Join Response to the WTP.  The AC stops the WaitJoin timer.
           The AC MUST transmit an Image Data Response message (see
           Section 9.1.2) to the WTP, which includes a portion of the
           firmware.

  Join to Configure (g):  This state transition is used by the WTP and
     the AC to exchange configuration information.

     WTP:  The WTP enters the Configure state when it receives a
           successful Join Response message, and determines that the
           included Image Identifier message element is the same as its
           currently running image.  The WTP transmits the
           Configuration Status Request message (see Section 8.2) to
           the AC with message elements describing its current
           configuration.

     AC:   This state transition occurs when it receives the
           Configuration Status Request message from the WTP (see
           Section 8.2), which MAY include specific message elements to
           override the WTP's configuration.  The AC stops the WaitJoin
           timer.  The AC transmits the Configuration Status Response
           message (see Section 8.3) and starts the
           ChangeStatePendingTimer timer (see Section 4.7).

  Configure to Reset (h):  This state transition is used to reset the
     connection either due to an error during the configuration phase,
     or when the WTP determines it needs to reset in order for the new
     configuration to take effect.  The CAPWAP Reset command is used to
     indicate to the peer that it will initiate a DTLS teardown.

     WTP:  The WTP enters the Reset state when it receives a
           Configuration Status Response message indicating an error or
           when it determines that a reset of the WTP is required, due
           to the characteristics of a new configuration.

     AC:   The AC transitions to the Reset state when it receives a
           Change State Event message from the WTP that contains an
           error for which AC policy does not permit the WTP to provide
           service.  This state transition also occurs when the AC
           ChangeStatePendingTimer timer expires.





Calhoun, et al.             Standards Track                    [Page 24]

RFC 5415             CAPWAP Protocol Specification            March 2009


  Configure to DTLS Teardown (i):  This transition occurs when the
     configuration process aborts due to a DTLS error.

     WTP:  The WTP enters this state when it receives one of the
           following DTLS notifications: DTLSAborted,
           DTLSReassemblyFailure, or DTLSPeerDisconnect (see
           Section 2.3.2.2).  The WTP MAY tear down the DTLS session if
           it receives frequent DTLSDecapFailure notifications.  The
           WTP starts the DTLSSessionDelete timer (see Section 4.7.6).

     AC:   The AC enters this state when it receives one of the
           following DTLS notifications: DTLSAborted,
           DTLSReassemblyFailure, or DTLSPeerDisconnect (see
           Section 2.3.2.2).  The AC MAY tear down the DTLS session if
           it receives frequent DTLSDecapFailure notifications.  The AC
           starts the DTLSSessionDelete timer (see Section 4.7.6).

  Image Data to Image Data (j):  The Image Data state is used by the
     WTP and the AC during the firmware download phase.

     WTP:  The WTP enters the Image Data state when it receives an
           Image Data Response message indicating that the AC has more
           data to send.  This state transition also occurs when the
           WTP receives the subsequent Image Data Requests, at which
           time it resets the ImageDataStartTimer time to ensure it
           receives the next expected Image Data Request from the AC.
           This state transition can also occur when the WTP's
           EchoInterval timer (see Section 4.7.7) expires, in which
           case the WTP transmits an Echo Request message (see
           Section 7.1), and resets its EchoInterval timer.  The state
           transition also occurs when the WTP receives an Echo
           Response from the AC (see Section 7.2).

     AC:   This state transition occurs when the AC receives the Image
           Data Response message from the WTP while already in the
           Image Data state.  This state transition also occurs when
           the AC receives an Echo Request (see Section 7.1) from the
           WTP, in which case it responds with an Echo Response (see
           Section 7.2), and resets its EchoInterval timer (see
           Section 4.7.7).











Calhoun, et al.             Standards Track                    [Page 25]

RFC 5415             CAPWAP Protocol Specification            March 2009


  Image Data to Reset (k):  This state transition is used to reset the
     DTLS connection prior to restarting the WTP after an image
     download.

     WTP:  When an image download completes, or if the
           ImageDataStartTimer timer expires, the WTP enters the Reset
           state.  The WTP MAY also transition to this state upon
           receiving an Image Data Response message from the AC (see
           Section 9.1.2) indicating a failure.

     AC:   The AC enters the Reset state either when the image transfer
           has successfully completed or an error occurs during the
           image download process.

  Image Data to DTLS Teardown (l):  This transition occurs when the
     firmware download process aborts due to a DTLS error.

     WTP:  The WTP enters this state when it receives one of the
           following DTLS notifications: DTLSAborted,
           DTLSReassemblyFailure, or DTLSPeerDisconnect (see
           Section 2.3.2.2).  The WTP MAY tear down the DTLS session if
           it receives frequent DTLSDecapFailure notifications.  The
           WTP starts the DTLSSessionDelete timer (see Section 4.7.6).

     AC:   The AC enters this state when it receives one of the
           following DTLS notifications: DTLSAborted,
           DTLSReassemblyFailure, or DTLSPeerDisconnect (see
           Section 2.3.2.2).  The AC MAY tear down the DTLS session if
           it receives frequent DTLSDecapFailure notifications.  The AC
           starts the DTLSSessionDelete timer (see Section 4.7.6).

  Configure to Data Check (m):  This state transition occurs when the
     WTP and AC confirm the configuration.

     WTP:  The WTP enters this state when it receives a successful
           Configuration Status Response message from the AC.  The WTP
           transmits the Change State Event Request message (see
           Section 8.6).

     AC:   This state transition occurs when the AC receives the Change
           State Event Request message (see Section 8.6) from the WTP.
           The AC responds with a Change State Event Response message
           (see Section 8.7).  The AC MUST start the DataCheckTimer
           timer and stops the ChangeStatePendingTimer timer (see
           Section 4.7).

  Data Check to DTLS Teardown (n):  This transition occurs when the WTP
     does not complete the Data Check exchange.



Calhoun, et al.             Standards Track                    [Page 26]

RFC 5415             CAPWAP Protocol Specification            March 2009


     WTP:  This state transition occurs if the WTP does not receive the
           Change State Event Response message before a CAPWAP
           retransmission timeout occurs.  The WTP also transitions to
           this state if the underlying reliable transport's
           RetransmitCount counter has reached the MaxRetransmit
           variable (see Section 4.7).  The WTP starts the
           DTLSSessionDelete timer (see Section 4.7.6).

     AC:   The AC enters this state when the DataCheckTimer timer
           expires (see Section 4.7).  The AC starts the
           DTLSSessionDelete timer (see Section 4.7.6).

  Data Check to Run (o):  This state transition occurs when the linkage
     between the control and data channels is established, causing the
     WTP and AC to enter their normal state of operation.

     WTP:  The WTP enters this state when it receives a successful
           Change State Event Response message from the AC.  The WTP
           initiates the data channel, which MAY require the
           establishment of a DTLS session, starts the
           DataChannelKeepAlive timer (see Section 4.7.2) and transmits
           a Data Channel Keep-Alive packet (see Section 4.4.1).  The
           WTP then starts the EchoInterval timer and
           DataChannelDeadInterval timer (see Section 4.7).

     AC:   This state transition occurs when the AC receives the Data
           Channel Keep-Alive packet (see Section 4.4.1), with a
           Session ID message element matching that included by the WTP
           in the Join Request message.  The AC disables the
           DataCheckTimer timer.  Note that if AC policy is to require
           the data channel to be encrypted, this process would also
           require the establishment of a data channel DTLS session.
           Upon receiving the Data Channel Keep-Alive packet, the AC
           transmits its own Data Channel Keep Alive packet.

  Run to DTLS Teardown (p):  This state transition occurs when an error
     has occurred in the DTLS stack, causing the DTLS session to be
     torn down.

     WTP:  The WTP enters this state when it receives one of the
           following DTLS notifications: DTLSAborted,
           DTLSReassemblyFailure, or DTLSPeerDisconnect (see
           Section 2.3.2.2).  The WTP MAY tear down the DTLS session if
           it receives frequent DTLSDecapFailure notifications.  The
           WTP also transitions to this state if the underlying
           reliable transport's RetransmitCount counter has reached the
           MaxRetransmit variable (see Section 4.7).  The WTP starts
           the DTLSSessionDelete timer (see Section 4.7.6).



Calhoun, et al.             Standards Track                    [Page 27]

RFC 5415             CAPWAP Protocol Specification            March 2009


     AC:   The AC enters this state when it receives one of the
           following DTLS notifications: DTLSAborted,
           DTLSReassemblyFailure, or DTLSPeerDisconnect (see
           Section 2.3.2.2).  The AC MAY tear down the DTLS session if
           it receives frequent DTLSDecapFailure notifications.  The AC
           transitions to this state if the underlying reliable
           transport's RetransmitCount counter has reached the
           MaxRetransmit variable (see Section 4.7).  This state
           transition also occurs when the AC's EchoInterval timer (see
           Section 4.7.7) expires.  The AC starts the DTLSSessionDelete
           timer (see Section 4.7.6).

  Run to Run (q):  This is the normal state of operation.

     WTP:  This is the WTP's normal state of operation.  The WTP resets
           its EchoInterval timer whenever it transmits a request to
           the AC.  There are many events that result in this state
           transition:

           Configuration Update:  The WTP receives a Configuration
                 Update Request message (see Section 8.4).  The WTP
                 MUST respond with a Configuration Update Response
                 message (see Section 8.5).

           Change State Event:  The WTP receives a Change State Event
                 Response message, or determines that it must initiate
                 a Change State Event Request message, as a result of a
                 failure or change in the state of a radio.

           Echo Request:  The WTP sends an Echo Request message
                 (Section 7.1) or receives the corresponding Echo
                 Response message, (see Section 7.2) from the AC.  When
                 the WTP receives the Echo Response, it resets its
                 EchoInterval timer (see Section 4.7.7).

           Clear Config Request:  The WTP receives a Clear
                 Configuration Request message (see Section 8.8) and
                 MUST generate a corresponding Clear Configuration
                 Response message (see Section 8.9).  The WTP MUST
                 reset its configuration back to manufacturer defaults.

           WTP Event:  The WTP sends a WTP Event Request message,
                 delivering information to the AC (see Section 9.4).
                 The WTP receives a WTP Event Response message from the
                 AC (see Section 9.5).






Calhoun, et al.             Standards Track                    [Page 28]

RFC 5415             CAPWAP Protocol Specification            March 2009


           Data Transfer:  The WTP sends a Data Transfer Request or
                 Data Transfer Response message to the AC (see
                 Section 9.6).  The WTP receives a Data Transfer
                 Request or Data Transfer Response message from the AC
                 (see Section 9.6).  Upon receipt of a Data Transfer
                 Request, the WTP transmits a Data Transfer Response to
                 the AC.

           Station Configuration Request:  The WTP receives a Station
                 Configuration Request message (see Section 10.1), to
                 which it MUST respond with a Station Configuration
                 Response message (see Section 10.2).

     AC:   This is the AC's normal state of operation.  Note that the
           receipt of any Request from the WTP causes the AC to reset
           its EchoInterval timer (see Section 4.7.7).

           Configuration Update:  The AC sends a Configuration Update
                 Request message (see Section 8.4) to the WTP to update
                 its configuration.  The AC receives a Configuration
                 Update Response message (see Section 8.5) from the
                 WTP.

           Change State Event:  The AC receives a Change State Event
                 Request message (see Section 8.6), to which it MUST
                 respond with the Change State Event Response message
                 (see Section 8.7).

           Echo Request:  The AC receives an Echo Request message (see
                 Section 7.1), to which it MUST respond with an Echo
                 Response message (see Section 7.2).

           Clear Config Response:  The AC sends a Clear Configuration
                 Request message (see Section 8.8) to the WTP to clear
                 its configuration.  The AC receives a Clear
                 Configuration Response message from the WTP (see
                 Section 8.9).

           WTP Event:  The AC receives a WTP Event Request message from
                 the WTP (see Section 9.4) and MUST generate a
                 corresponding WTP Event Response message (see
                 Section 9.5).

           Data Transfer:  The AC sends a Data Transfer Request or Data
                 Transfer Response message to the WTP (see
                 Section 9.6).  The AC receives a Data Transfer Request





Calhoun, et al.             Standards Track                    [Page 29]

RFC 5415             CAPWAP Protocol Specification            March 2009


                 or Data Transfer Response message from the WTP (see
                 Section 9.6).  Upon receipt of a Data Transfer
                 Request, the AC transmits a Data Transfer Response to
                 the WTP.

           Station Configuration Request:  The AC sends a Station
                 Configuration Request message (see Section 10.1) or
                 receives the corresponding Station Configuration
                 Response message (see Section 10.2) from the WTP.

  Run to Reset (r):  This state transition is used when either the AC
     or WTP tears down the connection.  This may occur as part of
     normal operation, or due to error conditions.

     WTP:  The WTP enters the Reset state when it receives a Reset
           Request message from the AC.

     AC:   The AC enters the Reset state when it transmits a Reset
           Request message to the WTP.

  Reset to DTLS Teardown (s):  This transition occurs when the CAPWAP
     reset is complete to terminate the DTLS session.

     WTP:  This state transition occurs when the WTP transmits a Reset
           Response message.  The WTP does not invoke the DTLSShutdown
           command (see Section 2.3.2.1).  The WTP starts the
           DTLSSessionDelete timer (see Section 4.7.6).

     AC:   This state transition occurs when the AC receives a Reset
           Response message.  This causes the AC to initiate the
           DTLSShutdown command (see Section 2.3.2.1).  The AC starts
           the DTLSSessionDelete timer (see Section 4.7.6).

  DTLS Teardown to Idle (t):  This transition occurs when the DTLS
     session has been shut down.

     WTP:  This state transition occurs when the WTP has successfully
           cleaned up all resources associated with the control plane
           DTLS session, or if the DTLSSessionDelete timer (see
           Section 4.7.6) expires.  The data plane DTLS session is also
           shut down, and all resources released, if a DTLS session was
           established for the data plane.  Any timers set for the
           current instance of the state machine are also cleared.

     AC:   This is an invalid state transition for the AC.






Calhoun, et al.             Standards Track                    [Page 30]

RFC 5415             CAPWAP Protocol Specification            March 2009


  DTLS Teardown to Sulking (u):  This transition occurs when repeated
     attempts to setup the DTLS connection have failed.

     WTP:  The WTP enters this state when the FailedDTLSSessionCount or
           the FailedDTLSAuthFailCount counter reaches the value of the
           MaxFailedDTLSSessionRetry variable (see Section 4.8).  Upon
           entering this state, the WTP MUST start the SilentInterval
           timer.  While in the Sulking state, all received CAPWAP and
           DTLS protocol messages received MUST be ignored.

     AC:   This is an invalid state transition for the AC.

  DTLS Teardown to Dead (w):  This transition occurs when the DTLS
     session has been shut down.

     WTP:  This is an invalid state transition for the WTP.

     AC:   This state transition occurs when the AC has successfully
           cleaned up all resources associated with the control plane
           DTLS session , or if the DTLSSessionDelete timer (see
           Section 4.7.6) expires.  The data plane DTLS session is also
           shut down, and all resources released, if a DTLS session was
           established for the data plane.  Any timers set for the
           current instance of the state machine are also cleared.  The
           AC's Service thread is terminated.

2.3.2.  CAPWAP/DTLS Interface

  This section describes the DTLS Commands used by CAPWAP, and the
  notifications received from DTLS to the CAPWAP protocol stack.

2.3.2.1.  CAPWAP to DTLS Commands

  Six commands are defined for the CAPWAP to DTLS API.  These
  "commands" are conceptual, and may be implemented as one or more
  function calls.  This API definition is provided to clarify
  interactions between the DTLS and CAPWAP components of the integrated
  CAPWAP state machine.

  Below is a list of the minimal command APIs:

  o  DTLSStart is sent to the DTLS component to cause a DTLS session to
     be established.  Upon invoking the DTLSStart command, the WaitDTLS
     timer is started.  The WTP initiates this DTLS command, as the AC
     does not initiate DTLS sessions.

  o  DTLSListen is sent to the DTLS component to allow the DTLS
     component to listen for incoming DTLS session requests.



Calhoun, et al.             Standards Track                    [Page 31]

RFC 5415             CAPWAP Protocol Specification            March 2009


  o  DTLSAccept is sent to the DTLS component to allow the DTLS session
     establishment to continue successfully.

  o  DTLSAbortSession is sent to the DTLS component to cause the
     session that is in the process of being established to be aborted.
     This command is also sent when the WaitDTLS timer expires.  When
     this command is executed, the FailedDTLSSessionCount counter is
     incremented.

  o  DTLSShutdown is sent to the DTLS component to cause session
     teardown.

  o  DTLSMtuUpdate is sent by the CAPWAP component to modify the MTU
     size used by the DTLS component.  See Section 3.5 for more
     information on MTU Discovery.  The default size is 1468 bytes.

2.3.2.2.  DTLS to CAPWAP Notifications

  DTLS notifications are defined for the DTLS to CAPWAP API.  These
  "notifications" are conceptual and may be implemented in numerous
  ways (e.g., as function return values).  This API definition is
  provided to clarify interactions between the DTLS and CAPWAP
  components of the integrated CAPWAP state machine.  It is important
  to note that the notifications listed below MAY cause the CAPWAP
  state machine to jump from one state to another using a state
  transition not listed in Section 2.3.1.  When a notification listed
  below occurs, the target CAPWAP state shown in Figure 4 becomes the
  current state.

  Below is a list of the API notifications:

  o  DTLSPeerAuthorize is sent to the CAPWAP component during DTLS
     session establishment once the peer's identity has been received.
     This notification MAY be used by the CAPWAP component to authorize
     the session, based on the peer's identity.  The authorization
     process will lead to the CAPWAP component initiating either the
     DTLSAccept or DTLSAbortSession commands.

  o  DTLSEstablished is sent to the CAPWAP component to indicate that a
     secure channel now exists, using the parameters provided during
     the DTLS initialization process.  When this notification is
     received, the FailedDTLSSessionCount counter is reset to zero.
     When this notification is received, the WaitDTLS timer is stopped.

  o  DTLSEstablishFail is sent when the DTLS session establishment has
     failed, either due to a local error or due to the peer rejecting
     the session establishment.  When this notification is received,
     the FailedDTLSSessionCount counter is incremented.



Calhoun, et al.             Standards Track                    [Page 32]

RFC 5415             CAPWAP Protocol Specification            March 2009


  o  DTLSAuthenticateFail is sent when DTLS session establishment has
     failed due to an authentication error.  When this notification is
     received, the FailedDTLSAuthFailCount counter is incremented.

  o  DTLSAborted is sent to the CAPWAP component to indicate that
     session abort (as requested by CAPWAP) is complete; this occurs to
     confirm a DTLS session abort or when the WaitDTLS timer expires.
     When this notification is received, the WaitDTLS timer is stopped.

  o  DTLSReassemblyFailure MAY be sent to the CAPWAP component to
     indicate DTLS fragment reassembly failure.

  o  DTLSDecapFailure MAY be sent to the CAPWAP module to indicate a
     decapsulation failure.  DTLSDecapFailure MAY be sent to the CAPWAP
     module to indicate an encryption/authentication failure.  This
     notification is intended for informative purposes only, and is not
     intended to cause a change in the CAPWAP state machine (see
     Section 12.4).

  o  DTLSPeerDisconnect is sent to the CAPWAP component to indicate the
     DTLS session has been torn down.  Note that this notification is
     only received if the DTLS session has been established.

2.4.  Use of DTLS in the CAPWAP Protocol

  DTLS is used as a tightly integrated, secure wrapper for the CAPWAP
  protocol.  In this document, DTLS and CAPWAP are discussed as
  nominally distinct entities; however, they are very closely coupled,
  and may even be implemented inseparably.  Since there are DTLS
  library implementations currently available, and since security
  protocols (e.g., IPsec, TLS) are often implemented in widely
  available acceleration hardware, it is both convenient and forward-
  looking to maintain a modular distinction in this document.

  This section describes a detailed walk-through of the interactions
  between the DTLS module and the CAPWAP module, via 'commands' (CAPWAP
  to DTLS) and 'notifications' (DTLS to CAPWAP) as they would be
  encountered during the normal course of operation.

2.4.1.  DTLS Handshake Processing

  Details of the DTLS handshake process are specified in [RFC4347].
  This section describes the interactions between the DTLS session
  establishment process and the CAPWAP protocol.  Note that the
  conceptual DTLS state is shown below to help understand the point at
  which the DTLS states transition.  In the normal case, the DTLS
  handshake will proceed as shown in Figure 5.  (NOTE: this example
  uses certificates, but pre-shared keys are also supported.)



Calhoun, et al.             Standards Track                    [Page 33]

RFC 5415             CAPWAP Protocol Specification            March 2009


          ============                         ============
              WTP                                   AC
          ============                         ============
          ClientHello           ------>
                                <------       HelloVerifyRequest
                                                  (with cookie)

          ClientHello           ------>
          (with cookie)
                                <------       ServerHello
                                <------       Certificate
                                <------       ServerHelloDone

          (WTP callout for AC authorization
                   occurs in CAPWAP Auth state)

          Certificate*
          ClientKeyExchange
          CertificateVerify*
          ChangeCipherSpec
          Finished              ------>

                               (AC callout for WTP authorization
                                occurs in CAPWAP Auth state)

                                              ChangeCipherSpec
                                <------       Finished

                        Figure 5: DTLS Handshake

  DTLS, as specified, provides its own retransmit timers with an
  exponential back-off.  [RFC4347] does not specify how long
  retransmissions should continue.  Consequently, timing out incomplete
  DTLS handshakes is entirely the responsibility of the CAPWAP module.

  The DTLS implementation used by CAPWAP MUST support TLS Session
  Resumption.  Session resumption is typically used to establish the
  DTLS session used for the data channel.  Since the data channel uses
  different port numbers than the control channel, the DTLS
  implementation on the WTP MUST provide an interface that allows the
  CAPWAP module to request session resumption despite the use of the
  different port numbers (TLS implementations usually attempt session
  resumption only when connecting to the same IP address and port
  number).  Note that session resumption is not guaranteed to occur,
  and a full DTLS handshake may occur instead.






Calhoun, et al.             Standards Track                    [Page 34]

RFC 5415             CAPWAP Protocol Specification            March 2009


  The DTLS implementation used by CAPWAP MUST use replay detection, per
  Section 3.3 of [RFC4347].  Since the CAPWAP protocol handles
  retransmissions by re-encrypting lost frames, any duplicate DTLS
  frames are either unintentional or malicious and should be silently
  discarded.

2.4.2.  DTLS Session Establishment

  The WTP, either through the Discovery process or through pre-
  configuration, determines to which AC to connect.  The WTP uses the
  DTLSStart command to request that a secure connection be established
  to the selected AC.  Prior to initiation of the DTLS handshake, the
  WTP sets the WaitDTLS timer.  Upon invoking the DTLSStart or
  DTLSListen commands, the WTP and AC, respectively, set the WaitDTLS
  timer.  If the DTLSEstablished notification is not received prior to
  timer expiration, the DTLS session is aborted by issuing the
  DTLSAbortSession DTLS command.  This notification causes the CAPWAP
  module to transition to the Idle state.  Upon receiving a
  DTLSEstablished notification, the WaitDTLS timer is deactivated.

2.4.3.  DTLS Error Handling

  If the AC or WTP does not respond to any DTLS handshake messages sent
  by its peer, the DTLS specification calls for the message to be
  retransmitted.  Note that during the handshake, when both the AC and
  the WTP are expecting additional handshake messages, they both
  retransmit if an expected message has not been received (note that
  retransmissions for CAPWAP Control messages work differently: all
  CAPWAP Control messages are either requests or responses, and the
  peer who sent the request is responsible for retransmissions).

  If the WTP or the AC does not receive an expected DTLS handshake
  message despite of retransmissions, the WaitDTLS timer will
  eventually expire, and the session will be terminated.  This can
  happen if communication between the peers has completely failed, or
  if one of the peers sent a DTLS Alert message that was lost in
  transit (DTLS does not retransmit Alert messages).

  If a cookie fails to validate, this could represent a WTP error, or
  it could represent a DoS attack.  Hence, AC resource utilization
  SHOULD be minimized.  The AC MAY log a message indicating the
  failure, and SHOULD treat the message as though no cookie were
  present.

  Since DTLS Handshake messages are potentially larger than the maximum
  record size, DTLS supports fragmenting of Handshake messages across
  multiple records.  There are several potential causes of re-assembly




Calhoun, et al.             Standards Track                    [Page 35]

RFC 5415             CAPWAP Protocol Specification            March 2009


  errors, including overlapping and/or lost fragments.  The DTLS
  component MUST send a DTLSReassemblyFailure notification to the
  CAPWAP component.  Whether precise information is given along with
  notification is an implementation issue, and hence is beyond the
  scope of this document.  Upon receipt of such an error, the CAPWAP
  component SHOULD log an appropriate error message.  Whether
  processing continues or the DTLS session is terminated is
  implementation dependent.

  DTLS decapsulation errors consist of three types: decryption errors,
  authentication errors, and malformed DTLS record headers.  Since DTLS
  authenticates the data prior to encapsulation, if decryption fails,
  it is difficult to detect this without first attempting to
  authenticate the packet.  If authentication fails, a decryption error
  is also likely, but not guaranteed.  Rather than attempt to derive
  (and require the implementation of) algorithms for detecting
  decryption failures, decryption failures are reported as
  authentication failures.  The DTLS component MUST provide a
  DTLSDecapFailure notification to the CAPWAP component when such
  errors occur.  If a malformed DTLS record header is detected, the
  packets SHOULD be silently discarded, and the receiver MAY log an
  error message.

  There is currently only one encapsulation error defined: MTU
  exceeded.  As part of DTLS session establishment, the CAPWAP
  component informs the DTLS component of the MTU size.  This may be
  dynamically modified at any time when the CAPWAP component sends the
  DTLSMtuUpdate command to the DTLS component (see Section 2.3.2.1).
  The value provided to the DTLS stack is the result of the MTU
  Discovery process, which is described in Section 3.5.  The DTLS
  component returns this notification to the CAPWAP component whenever
  a transmission request will result in a packet that exceeds the MTU.

2.4.4.  DTLS Endpoint Authentication and Authorization

  DTLS supports endpoint authentication with certificates or pre-shared
  keys.  The TLS algorithm suites for each endpoint authentication
  method are described below.

2.4.4.1.  Authenticating with Certificates

  CAPWAP implementations only use cipher suites that are recommended
  for use with DTLS, see [DTLS-DESIGN].  At present, the following
  algorithms MUST be supported when using certificates for CAPWAP
  authentication:

  o  TLS_RSA_WITH_AES_128_CBC_SHA [RFC5246]




Calhoun, et al.             Standards Track                    [Page 36]

RFC 5415             CAPWAP Protocol Specification            March 2009


  The following algorithms SHOULD be supported when using certificates:

  o  TLS_DHE_RSA_WITH_AES_128_CBC_SHA [RFC5246]

  The following algorithms MAY be supported when using certificates:

  o  TLS_RSA_WITH_AES_256_CBC_SHA [RFC5246]

  o  TLS_DHE_RSA_WITH_AES_256_CBC_SHA [RFC5246]

  Additional ciphers MAY be defined in subsequent CAPWAP
  specifications.

2.4.4.2.  Authenticating with Pre-Shared Keys

  Pre-shared keys present significant challenges from a security
  perspective, and for that reason, their use is strongly discouraged.
  Several methods for authenticating with pre-shared keys are defined
  [RFC4279], and we focus on the following two:

  o  Pre-Shared Key (PSK) key exchange algorithm - simplest method,
     ciphersuites use only symmetric key algorithms.

  o  DHE_PSK key exchange algorithm - use a PSK to authenticate a
     Diffie-Hellman exchange.  These ciphersuites give some additional
     protection against dictionary attacks and also provide Perfect
     Forward Secrecy (PFS).

  The first approach (plain PSK) is susceptible to passive dictionary
  attacks; hence, while this algorithm MUST be supported, special care
  should be taken when choosing that method.  In particular, user-
  readable passphrases SHOULD NOT be used, and use of short PSKs SHOULD
  be strongly discouraged.

  The following cryptographic algorithms MUST be supported when using
  pre-shared keys:

  o  TLS_PSK_WITH_AES_128_CBC_SHA [RFC5246]

  o  TLS_DHE_PSK_WITH_AES_128_CBC_SHA [RFC5246]

  The following algorithms MAY be supported when using pre-shared keys:

  o  TLS_PSK_WITH_AES_256_CBC_SHA [RFC5246]

  o  TLS_DHE_PSK_WITH_AES_256_CBC_SHA [RFC5246]

  Additional ciphers MAY be defined in following CAPWAP specifications.



Calhoun, et al.             Standards Track                    [Page 37]

RFC 5415             CAPWAP Protocol Specification            March 2009


2.4.4.3.  Certificate Usage

  Certificate authorization by the AC and WTP is required so that only
  an AC may perform the functions of an AC and that only a WTP may
  perform the functions of a WTP.  This restriction of functions to the
  AC or WTP requires that the certificates used by the AC MUST be
  distinguishable from the certificate used by the WTP.  To accomplish
  this differentiation, the x.509 certificates MUST include the
  Extended Key Usage (EKU) certificate extension [RFC5280].

  The EKU field indicates one or more purposes for which a certificate
  may be used.  It is an essential part in authorization.  Its syntax
  is described in [RFC5280] and [ISO.9834-1.1993] and is as follows:

        ExtKeyUsageSyntax  ::=  SEQUENCE SIZE (1..MAX) OF KeyPurposeId

        KeyPurposeId  ::=  OBJECT IDENTIFIER

  Here we define two KeyPurposeId values, one for the WTP and one for
  the AC.  Inclusion of one of these two values indicates a certificate
  is authorized for use by a WTP or AC, respectively.  These values are
  formatted as id-kp fields.

            id-kp  OBJECT IDENTIFIER  ::=
                { iso(1) identified-organization(3) dod(6) internet(1)
                  security(5) mechanisms(5) pkix(7) 3 }

             id-kp-capwapAC   OBJECT IDENTIFIER  ::=  { id-kp 18 }

             id-kp-capwapWTP  OBJECT IDENTIFIER  ::=  { id-kp 19 }

  All capwap devices MUST support the ExtendedKeyUsage certificate
  extension if it is present in a certificate.  If the extension is
  present, then the certificate MUST have either the id-kp-capwapAC or
  the id-kp-anyExtendedKeyUsage keyPurposeID to act as an AC.
  Similarly, if the extension is present, a device MUST have the id-kp-
  capwapWTP or id-kp-anyExtendedKeyUsage keyPurposeID to act as a WTP.

  Part of the CAPWAP certificate validation process includes ensuring
  that the proper EKU is included and allowing the CAPWAP session to be
  established only if the extension properly represents the device.
  For instance, an AC SHOULD NOT accept a connection request from
  another AC, and therefore MUST verify that the id-kp-capwapWTP EKU is
  present in the certificate.

  CAPWAP implementations MUST support certificates where the common
  name (CN) for both the WTP and AC is the MAC address of that device.




Calhoun, et al.             Standards Track                    [Page 38]

RFC 5415             CAPWAP Protocol Specification            March 2009


  The MAC address MUST be encoded in the PrintableString format, using
  the well-recognized MAC address format of 01:23:45:67:89:ab.  The CN
  field MAY contain either of the EUI-48 [EUI-48] or EUI-64 [EUI-64]
  MAC Address formats.  This seemingly unconventional use of the CN
  field is consistent with other standards that rely on device
  certificates that are provisioned during the manufacturing process,
  such as Packet Cable [PacketCable], Cable Labs [CableLabs], and WiMAX
  [WiMAX].  See Section 12.8 for more information on the use of the MAC
  address in the CN field.

  ACs and WTPs MUST authorize (e.g., through access control lists)
  certificates of devices to which they are connecting, e.g., based on
  the issuer, MAC address, or organizational information specified in
  the certificate.  The identities specified in the certificates bind a
  particular DTLS session to a specific pair of mutually authenticated
  and authorized MAC addresses.  The particulars of authorization
  filter construction are implementation details which are, for the
  most part, not within the scope of this specification.  However, at
  minimum, all devices MUST verify that the appropriate EKU bit is set
  according to the role of the peer device (AC versus WTP), and that
  the issuer of the certificate is appropriate for the domain in
  question.

2.4.4.4.  PSK Usage

  When DTLS uses PSK Ciphersuites, the ServerKeyExchange message MUST
  contain the "PSK identity hint" field and the ClientKeyExchange
  message MUST contain the "PSK identity" field.  These fields are used
  to help the WTP select the appropriate PSK for use with the AC, and
  then indicate to the AC which key is being used.  When PSKs are
  provisioned to WTPs and ACs, both the PSK Hint and PSK Identity for
  the key MUST be specified.

  The PSK Hint SHOULD uniquely identify the AC and the PSK Identity
  SHOULD uniquely identify the WTP.  It is RECOMMENDED that these hints
  and identities be the ASCII HEX-formatted MAC addresses of the
  respective devices, since each pairwise combination of WTP and AC
  SHOULD have a unique PSK.  The PSK Hint and Identity SHOULD be
  sufficient to perform authorization, as simply having knowledge of a
  PSK does not necessarily imply authorization.

  If a single PSK is being used for multiple devices on a CAPWAP
  network, which is NOT RECOMMENDED, the PSK Hint and Identity can no
  longer be a MAC address, so appropriate hints and identities SHOULD
  be selected to identify the group of devices to which the PSK is
  provisioned.





Calhoun, et al.             Standards Track                    [Page 39]

RFC 5415             CAPWAP Protocol Specification            March 2009


3.  CAPWAP Transport

  Communication between a WTP and an AC is established using the
  standard UDP client/server model.  The CAPWAP protocol supports both
  UDP and UDP-Lite [RFC3828] transport protocols.  When run over IPv4,
  UDP is used for the CAPWAP Control and Data channels.

  When run over IPv6, the CAPWAP Control channel always uses UDP, while
  the CAPWAP Data channel may use either UDP or UDP-Lite.  UDP-Lite is
  the default transport protocol for the CAPWAP Data channel.  However,
  if a middlebox or IPv4 to IPv6 gateway has been discovered, UDP is
  used for the CAPWAP Data channel.

  This section describes how the CAPWAP protocol is carried over IP and
  UDP/UDP-Lite transport protocols.  The CAPWAP Transport Protocol
  message element, Section 4.6.14, describes the rules to use in
  determining which transport protocol is to be used.

  In order for CAPWAP to be compatible with potential middleboxes in
  the network, CAPWAP implementations MUST send return traffic from the
  same port on which they received traffic from a given peer.  Further,
  any unsolicited requests generated by a CAPWAP node MUST be sent on
  the same port.

3.1.  UDP Transport

  One of the CAPWAP protocol requirements is to allow a WTP to reside
  behind a middlebox, firewall, and/or Network Address Translation
  (NAT) device.  Since a CAPWAP session is initiated by the WTP
  (client) to the well-known UDP port of the AC (server), the use of
  UDP is a logical choice.  When CAPWAP is run over IPv4, the UDP
  checksum field in CAPWAP packets MUST be set to zero.

  CAPWAP protocol control packets sent from the WTP to the AC use the
  CAPWAP Control channel, as defined in Section 1.4.  The CAPWAP
  control port at the AC is the well-known UDP port 5246.  The CAPWAP
  control port at the WTP can be any port selected by the WTP.

  CAPWAP protocol data packets sent from the WTP to the AC use the
  CAPWAP Data channel, as defined in Section 1.4.  The CAPWAP data port
  at the AC is the well-known UDP port 5247.  If an AC permits the
  administrator to change the CAPWAP control port, the CAPWAP data port
  MUST be the next consecutive port number.  The CAPWAP data port at
  the WTP can be any port selected by the WTP.







Calhoun, et al.             Standards Track                    [Page 40]

RFC 5415             CAPWAP Protocol Specification            March 2009


3.2.  UDP-Lite Transport

  When CAPWAP is run over IPv6, UDP-Lite is the default transport
  protocol, which reduces the checksum processing required for each
  packet (compared to the use of UDP over IPv6 [RFC2460]).  When UDP-
  Lite is used, the checksum field MUST have a coverage of 8 [RFC3828].

  UDP-Lite uses the same port assignments as UDP.

3.3.  AC Discovery

  The AC Discovery phase allows the WTP to determine which ACs are
  available and choose the best AC with which to establish a CAPWAP
  session.  The Discovery phase occurs when the WTP enters the optional
  Discovery state.  A WTP does not need to complete the AC Discovery
  phase if it uses a pre-configured AC.  This section details the
  mechanism used by a WTP to dynamically discover candidate ACs.

  A WTP and an AC will frequently not reside in the same IP subnet
  (broadcast domain).  When this occurs, the WTP must be capable of
  discovering the AC, without requiring that multicast services are
  enabled in the network.

  When the WTP attempts to establish communication with an AC, it sends
  the Discovery Request message and receives the Discovery Response
  message from the AC(s).  The WTP MUST send the Discovery Request
  message to either the limited broadcast IP address (255.255.255.255),
  the well-known CAPWAP multicast address (224.0.1.140), or to the
  unicast IP address of the AC.  For IPv6 networks, since broadcast
  does not exist, the use of "All ACs multicast address" (FF0X:0:0:0:0:
  0:0:18C) is used instead.  Upon receipt of the Discovery Request
  message, the AC sends a Discovery Response message to the unicast IP
  address of the WTP, regardless of whether the Discovery Request
  message was sent as a broadcast, multicast, or unicast message.

  WTP use of a limited IP broadcast, multicast, or unicast IP address
  is implementation dependent.  ACs, on the other hand, MUST support
  broadcast, multicast, and unicast discovery.

  When a WTP transmits a Discovery Request message to a unicast
  address, the WTP must first obtain the IP address of the AC.  Any
  static configuration of an AC's IP address on the WTP non-volatile
  storage is implementation dependent.  However, additional dynamic
  schemes are possible, for example:







Calhoun, et al.             Standards Track                    [Page 41]

RFC 5415             CAPWAP Protocol Specification            March 2009


  DHCP:  See [RFC5417] for more information on the use of DHCP to
     discover AC IP addresses.

  DNS:  The WTP MAY support use of DNS Service Records (SRVs) [RFC2782]
     to discover the AC address(es).  In this case, the WTP first
     obtains (e.g., from local configuration) the correct domain name
     suffix (e.g., "example.com") and performs an SRV lookup with
     Service name "capwap-control" and Proto "udp".  Thus, the name
     resolved in DNS would be, e.g., "_capwap-
     control._udp.example.com".  Note that the SRV record MAY specify a
     non-default port number for the control channel; the port number
     for the data channel is the next port number (control channel port
     + 1).

  An AC MAY also communicate alternative ACs to the WTP within the
  Discovery Response message through the AC IPv4 List (see
  Section 4.6.2) and AC IPv6 List (see Section 4.6.2).  The addresses
  provided in these two message elements are intended to help the WTP
  discover additional ACs through means other than those listed above.

  The AC Name with Priority message element (see Section 4.6.5) is used
  to communicate a list of preferred ACs to the WTP.  The WTP SHOULD
  attempt to utilize the ACs listed in the order provided by the AC.
  The Name-to-IP Address mapping is handled via the Discovery message
  exchange, in which the ACs provide their identity in the AC Name (see
  Section 4.6.4) message element in the Discovery Response message.

  Once the WTP has received Discovery Response messages from the
  candidate ACs, it MAY use other factors to determine the preferred
  AC.  For instance, each binding defines a WTP Radio Information
  message element (see Section 2.1), which the AC includes in Discovery
  Response messages.  The presence of one or more of these message
  elements is used to identify the CAPWAP bindings supported by the AC.
  A WTP MAY connect to an AC based on the supported bindings
  advertised.

3.4.  Fragmentation/Reassembly

  While fragmentation and reassembly services are provided by IP, the
  CAPWAP protocol also provides such services.  Environments where the
  CAPWAP protocol is used involve firewall, NAT, and "middlebox"
  devices, which tend to drop IP fragments to minimize possible DoS
  attacks.  By providing fragmentation and reassembly at the
  application layer, any fragmentation required due to the tunneling
  component of the CAPWAP protocol becomes transparent to these
  intermediate devices.  Consequently, the CAPWAP protocol can be used
  in any network topology including firewall, NAT, and middlebox
  devices.



Calhoun, et al.             Standards Track                    [Page 42]

RFC 5415             CAPWAP Protocol Specification            March 2009


  It is important to note that the fragmentation mechanism employed by
  CAPWAP has known limitations and deficiencies, which are similar to
  those described in [RFC4963].  The limited size of the Fragment ID
  field (see Section 4.3) can cause wrapping of the field, and hence
  cause fragments from different datagrams to be incorrectly spliced
  together (known as "mis-associated").  For example, a 100Mpbs link
  with an MTU of 1500 (causing fragmentation at 1450 bytes) would cause
  the Fragment ID field wrap in 8 seconds.  Consequently, CAPWAP
  implementers are warned to properly size their buffers for reassembly
  purposes based on the expected wireless technology throughput.

  CAPWAP implementations SHOULD perform MTU Discovery (see
  Section 3.5), which can avoid the need for fragmentation.  At the
  time of writing of this specification, most enterprise switching and
  routing infrastructure were capable of supporting "mini-jumbo" frames
  (1800 bytes), which eliminates the need for fragmentation (assuming
  the station's MTU is 1500 bytes).  The need for fragmentation
  typically continues to exist when the WTP communicates with the AC
  over a Wide Area Network (WAN).  Therefore, future versions of the
  CAPWAP protocol SHOULD consider either increasing the size of the
  Fragment ID field or providing alternative extensions.

3.5.  MTU Discovery

  Once a WTP has discovered the AC with which it wishes to establish a
  CAPWAP session, it SHOULD perform a Path MTU (PMTU) discovery.  One
  recommendation for performing PMTU discovery is to have the WTP
  transmit Discovery Request (see Section 5.1) messages, and include
  the MTU Discovery Padding message element (see Section 4.6.32).  The
  actual procedures used for PMTU discovery are described in [RFC1191]
  for IPv4; for IPv6, [RFC1981] SHOULD be used.  Alternatively,
  implementers MAY use the procedures defined in [RFC4821].  The WTP
  SHOULD also periodically re-evaluate the PMTU using the guidelines
  provided in these two RFCs, using the Primary Discovery Request (see
  Section 5.3) along with the MTU Discovery Padding message element
  (see Section 4.6.32).  When the MTU is initially known, or updated in
  the case where an existing session already exists, the discovered
  PMTU is used to configure the DTLS component (see Section 2.3.2.1),
  while non-DTLS frames need to be fragmented to fit the MTU, defined
  in Section 3.4.

4.  CAPWAP Packet Formats

  This section contains the CAPWAP protocol packet formats.  A CAPWAP
  protocol packet consists of one or more CAPWAP Transport Layer packet
  headers followed by a CAPWAP message.  The CAPWAP message can be
  either of type Control or Data, where Control packets carry




Calhoun, et al.             Standards Track                    [Page 43]

RFC 5415             CAPWAP Protocol Specification            March 2009


  signaling, and Data packets carry user payloads.  The CAPWAP frame
  formats for CAPWAP Data packets, and for DTLS encapsulated CAPWAP
  Data and Control packets are defined below.

  The CAPWAP Control protocol includes two messages that are never
  protected by DTLS: the Discovery Request message and the Discovery
  Response message.  These messages need to be in the clear to allow
  the CAPWAP protocol to properly identify and process them.  The
  format of these packets are as follows:

      CAPWAP Control Packet (Discovery Request/Response):
      +-------------------------------------------+
      | IP  | UDP | CAPWAP | Control | Message    |
      | Hdr | Hdr | Header | Header  | Element(s) |
      +-------------------------------------------+

  All other CAPWAP Control protocol messages MUST be protected via the
  DTLS protocol, which ensures that the packets are both authenticated
  and encrypted.  These packets include the CAPWAP DTLS Header, which
  is described in Section 4.2.  The format of these packets is as
  follows:

   CAPWAP Control Packet (DTLS Security Required):
   +------------------------------------------------------------------+
   | IP  | UDP | CAPWAP   | DTLS | CAPWAP | Control| Message   | DTLS |
   | Hdr | Hdr | DTLS Hdr | Hdr  | Header | Header | Element(s)| Trlr |
   +------------------------------------------------------------------+
                          \---------- authenticated -----------/
                                 \------------- encrypted ------------/

  The CAPWAP protocol allows optional protection of data packets, using
  DTLS.  Use of data packet protection is determined by AC policy.
  When DTLS is utilized, the optional CAPWAP DTLS Header is present,
  which is described in Section 4.2.  The format of CAPWAP Data packets
  is shown below:
















Calhoun, et al.             Standards Track                    [Page 44]

RFC 5415             CAPWAP Protocol Specification            March 2009


      CAPWAP Plain Text Data Packet :
      +-------------------------------+
      | IP  | UDP | CAPWAP | Wireless |
      | Hdr | Hdr | Header | Payload  |
      +-------------------------------+

      DTLS Secured CAPWAP Data Packet:
      +--------------------------------------------------------+
      | IP  | UDP |  CAPWAP  | DTLS | CAPWAP | Wireless | DTLS |
      | Hdr | Hdr | DTLS Hdr | Hdr  |  Hdr   | Payload  | Trlr |
      +--------------------------------------------------------+
                             \------ authenticated -----/
                                    \------- encrypted --------/

  UDP Header:  All CAPWAP packets are encapsulated within either UDP,
     or UDP-Lite when used over IPv6.  Section 3 defines the specific
     UDP or UDP-Lite usage.

  CAPWAP DTLS Header:  All DTLS encrypted CAPWAP protocol packets are
     prefixed with the CAPWAP DTLS Header (see Section 4.2).

  DTLS Header:  The DTLS Header provides authentication and encryption
     services to the CAPWAP payload it encapsulates.  This protocol is
     defined in [RFC4347].

  CAPWAP Header:  All CAPWAP protocol packets use a common header that
     immediately follows the CAPWAP preamble or DTLS Header.  The
     CAPWAP Header is defined in Section 4.3.

  Wireless Payload:  A CAPWAP protocol packet that contains a wireless
     payload is a CAPWAP Data packet.  The CAPWAP protocol does not
     specify the format of the wireless payload, which is defined by
     the appropriate wireless standard.  Additional information is in
     Section 4.4.

  Control Header:  The CAPWAP protocol includes a signaling component,
     known as the CAPWAP Control protocol.  All CAPWAP Control packets
     include a Control Header, which is defined in Section 4.5.1.
     CAPWAP Data packets do not contain a Control Header field.

  Message Elements:  A CAPWAP Control packet includes one or more
     message elements, which are found immediately following the
     Control Header.  These message elements are in a Type/Length/Value
     style header, defined in Section 4.6.

  A CAPWAP implementation MUST be capable of receiving a reassembled
  CAPWAP message of length 4096 bytes.  A CAPWAP implementation MAY
  indicate that it supports a higher maximum message length, by



Calhoun, et al.             Standards Track                    [Page 45]

RFC 5415             CAPWAP Protocol Specification            March 2009


  including the Maximum Message Length message element, see
  Section 4.6.31, in the Join Request message or the Join Response
  message.

4.1.  CAPWAP Preamble

  The CAPWAP preamble is common to all CAPWAP transport headers and is
  used to identify the header type that immediately follows.  The
  reason for this preamble is to avoid needing to perform byte
  comparisons in order to guess whether or not the frame is DTLS
  encrypted.  It also provides an extensibility framework that can be
  used to support additional transport types.  The format of the
  preamble is as follows:

        0
        0 1 2 3 4 5 6 7
       +-+-+-+-+-+-+-+-+
       |Version| Type  |
       +-+-+-+-+-+-+-+-+

  Version:  A 4-bit field that contains the version of CAPWAP used in
     this packet.  The value for this specification is zero (0).

  Type:  A 4-bit field that specifies the payload type that follows the
     UDP header.  The following values are supported:

     0 -   CAPWAP Header.  The CAPWAP Header (see Section 4.3)
           immediately follows the UDP header.  If the packet is
           received on the CAPWAP Data channel, the CAPWAP stack MUST
           treat the packet as a clear text CAPWAP Data packet.  If
           received on the CAPWAP Control channel, the CAPWAP stack
           MUST treat the packet as a clear text CAPWAP Control packet.
           If the control packet is not a Discovery Request or
           Discovery Response packet, the packet MUST be dropped.

     1 -   CAPWAP DTLS Header.  The CAPWAP DTLS Header (and DTLS
           packet) immediately follows the UDP header (see
           Section 4.2).

4.2.  CAPWAP DTLS Header

  The CAPWAP DTLS Header is used to identify the packet as a DTLS
  encrypted packet.  The first eight bits include the common CAPWAP
  Preamble.  The remaining 24 bits are padding to ensure 4-byte
  alignment, and MAY be used in a future version of the protocol.  The
  DTLS packet [RFC4347] always immediately follows this header.  The
  format of the CAPWAP DTLS Header is as follows:




Calhoun, et al.             Standards Track                    [Page 46]

RFC 5415             CAPWAP Protocol Specification            March 2009


       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |CAPWAP Preamble|                    Reserved                   |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  CAPWAP Preamble:  The CAPWAP Preamble is defined in Section 4.1.  The
     CAPWAP Preamble's Payload Type field MUST be set to one (1).

  Reserved:  The 24-bit field is reserved for future use.  All
     implementations complying with this protocol MUST set to zero any
     bits that are reserved in the version of the protocol supported by
     that implementation.  Receivers MUST ignore all bits not defined
     for the version of the protocol they support.

4.3.  CAPWAP Header

  All CAPWAP protocol messages are encapsulated using a common header
  format, regardless of the CAPWAP Control or CAPWAP Data transport
  used to carry the messages.  However, certain flags are not
  applicable for a given transport.  Refer to the specific transport
  section in order to determine which flags are valid.

  Note that the optional fields defined in this section MUST be present
  in the precise order shown below.

       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |CAPWAP Preamble|  HLEN   |   RID   | WBID    |T|F|L|W|M|K|Flags|
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |          Fragment ID          |     Frag Offset         |Rsvd |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                 (optional) Radio MAC Address                  |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |            (optional) Wireless Specific Information           |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                        Payload ....                           |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  CAPWAP Preamble:  The CAPWAP Preamble is defined in Section 4.1.  The
     CAPWAP Preamble's Payload Type field MUST be set to zero (0).  If
     the CAPWAP DTLS Header is present, the version number in both
     CAPWAP Preambles MUST match.  The reason for this duplicate field
     is to avoid any possible tampering of the version field in the
     preamble that is not encrypted or authenticated.





Calhoun, et al.             Standards Track                    [Page 47]

RFC 5415             CAPWAP Protocol Specification            March 2009


  HLEN:  A 5-bit field containing the length of the CAPWAP transport
     header in 4-byte words (similar to IP header length).  This length
     includes the optional headers.

  RID:  A 5-bit field that contains the Radio ID number for this
     packet, whose value is between one (1) and 31.  Given that MAC
     Addresses are not necessarily unique across physical radios in a
     WTP, the Radio Identifier (RID) field is used to indicate with
     which physical radio the message is associated.

  WBID:  A 5-bit field that is the wireless binding identifier.  The
     identifier will indicate the type of wireless packet associated
     with the radio.  The following values are defined:

     0 -  Reserved

     1 -  IEEE 802.11

     2 -  Reserved

     3 -  EPCGlobal [EPCGlobal]

  T: The Type 'T' bit indicates the format of the frame being
     transported in the payload.  When this bit is set to one (1), the
     payload has the native frame format indicated by the WBID field.
     When this bit is zero (0), the payload is an IEEE 802.3 frame.

  F: The Fragment 'F' bit indicates whether this packet is a fragment.
     When this bit is one (1), the packet is a fragment and MUST be
     combined with the other corresponding fragments to reassemble the
     complete information exchanged between the WTP and AC.

  L: The Last 'L' bit is valid only if the 'F' bit is set and indicates
     whether the packet contains the last fragment of a fragmented
     exchange between WTP and AC.  When this bit is one (1), the packet
     is the last fragment.  When this bit is (zero) 0, the packet is
     not the last fragment.

  W: The Wireless 'W' bit is used to specify whether the optional
     Wireless Specific Information field is present in the header.  A
     value of one (1) is used to represent the fact that the optional
     header is present.

  M: The Radio MAC 'M' bit is used to indicate that the Radio MAC
     Address optional header is present.  This is used to communicate
     the MAC address of the receiving radio.





Calhoun, et al.             Standards Track                    [Page 48]

RFC 5415             CAPWAP Protocol Specification            March 2009


  K: The Keep-Alive 'K' bit indicates the packet is a Data Channel
     Keep-Alive packet.  This packet is used to map the data channel to
     the control channel for the specified Session ID and to maintain
     freshness of the data channel.  The 'K' bit MUST NOT be set for
     data packets containing user data.

  Flags:  A set of reserved bits for future flags in the CAPWAP Header.
     All implementations complying with this protocol MUST set to zero
     any bits that are reserved in the version of the protocol
     supported by that implementation.  Receivers MUST ignore all bits
     not defined for the version of the protocol they support.

  Fragment ID:  A 16-bit field whose value is assigned to each group of
     fragments making up a complete set.  The Fragment ID space is
     managed individually for each direction for every WTP/AC pair.
     The value of Fragment ID is incremented with each new set of
     fragments.  The Fragment ID wraps to zero after the maximum value
     has been used to identify a set of fragments.

  Fragment Offset:  A 13-bit field that indicates where in the payload
     this fragment belongs during re-assembly.  This field is valid
     when the 'F' bit is set to 1.  The fragment offset is measured in
     units of 8 octets (64 bits).  The first fragment has offset zero.
     Note that the CAPWAP protocol does not allow for overlapping
     fragments.

  Reserved:  The 3-bit field is reserved for future use.  All
     implementations complying with this protocol MUST set to zero any
     bits that are reserved in the version of the protocol supported by
     that implementation.  Receivers MUST ignore all bits not defined
     for the version of the protocol they support.

  Radio MAC Address:  This optional field contains the MAC address of
     the radio receiving the packet.  Because the native wireless frame
     format to IEEE 802.3 format causes the MAC address of the WTP's
     radio to be lost, this field allows the address to be communicated
     to the AC.  This field is only present if the 'M' bit is set.  The
     HLEN field assumes 4-byte alignment, and this field MUST be padded
     with zeroes (0x00) if it is not 4-byte aligned.












Calhoun, et al.             Standards Track                    [Page 49]

RFC 5415             CAPWAP Protocol Specification            March 2009


     The field contains the basic format:

       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |     Length    |                  MAC Address
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

     Length:  The length of the MAC address field.  The formats and
        lengths specified in [EUI-48] and [EUI-64] are supported.

     MAC Address:  The MAC address of the receiving radio.

  Wireless Specific Information:  This optional field contains
     technology-specific information that may be used to carry per-
     packet wireless information.  This field is only present if the
     'W' bit is set.  The WBID field in the CAPWAP Header is used to
     identify the format of the Wireless-Specific Information optional
     field.  The HLEN field assumes 4-byte alignment, and this field
     MUST be padded with zeroes (0x00) if it is not 4-byte aligned.

     The Wireless-Specific Information field uses the following format:

       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |    Length     |                Data...
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

     Length:  The 8-bit field contains the length of the data field,
        with a maximum size of 255.

     Data:  Wireless-specific information, defined by the wireless-
        specific binding specified in the CAPWAP Header's WBID field.

  Payload:  This field contains the header for a CAPWAP Data Message or
     CAPWAP Control Message, followed by the data contained in the
     message.

4.4.  CAPWAP Data Messages

  There are two different types of CAPWAP Data packets: CAPWAP Data
  Channel Keep-Alive packets and Data Payload packets.  The first is
  used by the WTP to synchronize the control and data channels and to
  maintain freshness of the data channel.  The second is used to
  transmit user payloads between the AC and WTP.  This section
  describes both types of CAPWAP Data packet formats.




Calhoun, et al.             Standards Track                    [Page 50]

RFC 5415             CAPWAP Protocol Specification            March 2009


  Both CAPWAP Data messages are transmitted on the CAPWAP Data channel.

4.4.1.  CAPWAP Data Channel Keep-Alive

  The CAPWAP Data Channel Keep-Alive packet is used to bind the CAPWAP
  control channel with the data channel, and to maintain freshness of
  the data channel, ensuring that the channel is still functioning.
  The CAPWAP Data Channel Keep-Alive packet is transmitted by the WTP
  when the DataChannelKeepAlive timer expires (see Section 4.7.2).
  When the CAPWAP Data Channel Keep-Alive packet is transmitted, the
  WTP sets the DataChannelDeadInterval timer.

  In the CAPWAP Data Channel Keep-Alive packet, all of the fields in
  the CAPWAP Header, except the HLEN field and the 'K' bit, are set to
  zero upon transmission.  Upon receiving a CAPWAP Data Channel Keep-
  Alive packet, the AC transmits a CAPWAP Data Channel Keep-Alive
  packet back to the WTP.  The contents of the transmitted packet are
  identical to the contents of the received packet.

  Upon receiving a CAPWAP Data Channel Keep-Alive packet, the WTP
  cancels the DataChannelDeadInterval timer and resets the
  DataChannelKeepAlive timer.  The CAPWAP Data Channel Keep-Alive
  packet is retransmitted by the WTP in the same manner as the CAPWAP
  Control messages.  If the DataChannelDeadInterval timer expires, the
  WTP tears down the control DTLS session, and the data DTLS session if
  one existed.

  The CAPWAP Data Channel Keep-Alive packet contains the following
  payload immediately following the CAPWAP Header (see Section 4.3).

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |    Message Element Length     |  Message Element [0..N] ...
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  Message Element Length:   The 16-bit Length field indicates the
     number of bytes following the CAPWAP Header, with a maximum size
     of 65535.

  Message Element[0..N]:   The message element(s) carry the information
     pertinent to each of the CAPWAP Data Channel Keep-Alive message.
     The following message elements MUST be present in this CAPWAP
     message:

        Session ID, see Section 4.6.37.





Calhoun, et al.             Standards Track                    [Page 51]

RFC 5415             CAPWAP Protocol Specification            March 2009


4.4.2.  Data Payload

  A CAPWAP protocol Data Payload packet encapsulates a forwarded
  wireless frame.  The CAPWAP protocol defines two different modes of
  encapsulation: IEEE 802.3 and native wireless.  IEEE 802.3
  encapsulation requires that for 802.11 frames, the 802.11
  *Integration* function be performed in the WTP.  An IEEE 802.3-
  encapsulated user payload frame has the following format:

      +------------------------------------------------------+
      | IP Header | UDP Header | CAPWAP Header | 802.3 Frame |
      +------------------------------------------------------+

  The CAPWAP protocol also defines the native wireless encapsulation
  mode.  The format of the encapsulated CAPWAP Data frame is subject to
  the rules defined by the specific wireless technology binding.  Each
  wireless technology binding MUST contain a section entitled "Payload
  Encapsulation", which defines the format of the wireless payload that
  is encapsulated within CAPWAP Data packets.

  For 802.3 payload frames, the 802.3 frame is encapsulated (excluding
  the IEEE 802.3 Preamble, Start Frame Delimiter (SFD), and Frame Check
  Sequence (FCS) fields).  If the encapsulated frame would exceed the
  transport layer's MTU, the sender is responsible for the
  fragmentation of the frame, as specified in Section 3.4.  The CAPWAP
  protocol can support IEEE 802.3 frames whose length is defined in the
  IEEE 802.3as specification [FRAME-EXT].

4.4.3.  Establishment of a DTLS Data Channel

  If the AC and WTP are configured to tunnel the data channel over
  DTLS, the proper DTLS session must be initiated.  To avoid having to
  reauthenticate and reauthorize an AC and WTP, the DTLS data channel
  SHOULD be initiated using the TLS session resumption feature
  [RFC5246].

  The AC DTLS implementation MUST NOT initiate a data channel session
  for a DTLS session for which there is no active control channel
  session.

4.5.  CAPWAP Control Messages

  The CAPWAP Control protocol provides a control channel between the
  WTP and the AC.  Control messages are divided into the following
  message types:

  Discovery:  CAPWAP Discovery messages are used to identify potential
     ACs, their load and capabilities.



Calhoun, et al.             Standards Track                    [Page 52]

RFC 5415             CAPWAP Protocol Specification            March 2009


  Join:  CAPWAP Join messages are used by a WTP to request service from
     an AC, and for the AC to respond to the WTP.

  Control Channel Management:  CAPWAP Control channel management
     messages are used to maintain the control channel.

  WTP Configuration Management:  The WTP Configuration messages are
     used by the AC to deliver a specific configuration to the WTP.
     Messages that retrieve statistics from a WTP are also included in
     WTP Configuration Management.

  Station Session Management:  Station Session Management messages are
     used by the AC to deliver specific station policies to the WTP.

  Device Management Operations:  Device management operations are used
     to request and deliver a firmware image to the WTP.

  Binding-Specific CAPWAP Management Messages:  Messages in this
     category are used by the AC and the WTP to exchange protocol-
     specific CAPWAP management messages.  These messages may or may
     not be used to change the link state of a station.

  Discovery, Join, Control Channel Management, WTP Configuration
  Management, and Station Session Management CAPWAP Control messages
  MUST be implemented.  Device Management Operations messages MAY be
  implemented.

  CAPWAP Control messages sent from the WTP to the AC indicate that the
  WTP is operational, providing an implicit keep-alive mechanism for
  the WTP.  The Control Channel Management Echo Request and Echo
  Response messages provide an explicit keep-alive mechanism when other
  CAPWAP Control messages are not exchanged.

4.5.1.  Control Message Format

  All CAPWAP Control messages are sent encapsulated within the CAPWAP
  Header (see Section 4.3).  Immediately following the CAPWAP Header is
  the control header, which has the following format:

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                       Message Type                            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |    Seq Num    |        Msg Element Length     |     Flags     |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    | Msg Element [0..N] ...
    +-+-+-+-+-+-+-+-+-+-+-+-+



Calhoun, et al.             Standards Track                    [Page 53]

RFC 5415             CAPWAP Protocol Specification            March 2009


4.5.1.1.  Message Type

  The Message Type field identifies the function of the CAPWAP Control
  message.  To provide extensibility, the Message Type field is
  comprised of an IANA Enterprise Number [RFC3232] and an enterprise-
  specific message type number.  The first three octets contain the
  IANA Enterprise Number in network byte order, with zero used for
  CAPWAP base protocol (this specification) defined message types.  The
  last octet is the enterprise-specific message type number, which has
  a range from 0 to 255.

  The Message Type field is defined as:

        Message Type =
                IANA Enterprise Number * 256 +
                    Enterprise Specific Message Type Number

  The CAPWAP protocol reliability mechanism requires that messages be
  defined in pairs, consisting of both a Request and a Response
  message.  The Response message MUST acknowledge the Request message.
  The assignment of CAPWAP Control Message Type Values always occurs in
  pairs.  All Request messages have odd numbered Message Type Values,
  and all Response messages have even numbered Message Type Values.
  The Request value MUST be assigned first.  As an example, assigning a
  Message Type Value of 3 for a Request message and 4 for a Response
  message is valid, while assigning a Message Type Value of 4 for a
  Response message and 5 for the corresponding Request message is
  invalid.

  When a WTP or AC receives a message with a Message Type Value field
  that is not recognized and is an odd number, the number in the
  Message Type Value Field is incremented by one, and a Response
  message with a Message Type Value field containing the incremented
  value and containing the Result Code message element with the value
  (Unrecognized Request) is returned to the sender of the received
  message.  If the unknown message type is even, the message is
  ignored.














Calhoun, et al.             Standards Track                    [Page 54]

RFC 5415             CAPWAP Protocol Specification            March 2009


  The valid values for CAPWAP Control Message Types are specified in
  the table below:

          CAPWAP Control Message           Message Type
                                             Value
          Discovery Request                    1
          Discovery Response                   2
          Join Request                         3
          Join Response                        4
          Configuration Status Request         5
          Configuration Status Response        6
          Configuration Update Request         7
          Configuration Update Response        8
          WTP Event Request                    9
          WTP Event Response                  10
          Change State Event Request          11
          Change State Event Response         12
          Echo Request                        13
          Echo Response                       14
          Image Data Request                  15
          Image Data Response                 16
          Reset Request                       17
          Reset Response                      18
          Primary Discovery Request           19
          Primary Discovery Response          20
          Data Transfer Request               21
          Data Transfer Response              22
          Clear Configuration Request         23
          Clear Configuration Response        24
          Station Configuration Request       25
          Station Configuration Response      26

4.5.1.2.  Sequence Number

  The Sequence Number field is an identifier value used to match
  Request and Response packets.  When a CAPWAP packet with a Request
  Message Type Value is received, the value of the Sequence Number
  field is copied into the corresponding Response message.

  When a CAPWAP Control message is sent, the sender's internal sequence
  number counter is monotonically incremented, ensuring that no two
  pending Request messages have the same sequence number.  The Sequence
  Number field wraps back to zero.

4.5.1.3.  Message Element Length

  The Length field indicates the number of bytes following the Sequence
  Number field.



Calhoun, et al.             Standards Track                    [Page 55]

RFC 5415             CAPWAP Protocol Specification            March 2009


4.5.1.4.  Flags

  The Flags field MUST be set to zero.

4.5.1.5.  Message Element [0..N]

  The message element(s) carry the information pertinent to each of the
  control message types.  Every control message in this specification
  specifies which message elements are permitted.

  When a WTP or AC receives a CAPWAP message without a message element
  that is specified as mandatory for the CAPWAP message, then the
  CAPWAP message is discarded.  If the received message was a Request
  message for which the corresponding Response message carries message
  elements, then a corresponding Response message with a Result Code
  message element indicating "Failure - Missing Mandatory Message
  Element" is returned to the sender.

  When a WTP or AC receives a CAPWAP message with a message element
  that the WTP or AC does not recognize, the CAPWAP message is
  discarded.  If the received message was a Request message for which
  the corresponding Response message carries message elements, then a
  corresponding Response message with a Result Code message element
  indicating "Failure - Unrecognized Message Element" and one or more
  Returned Message Element message elements is included, containing the
  unrecognized message element(s).

4.5.2.  Quality of Service

  The CAPWAP base protocol does not provide any Quality of Service
  (QoS) recommendations for use with the CAPWAP Data messages.  Any
  wireless-specific CAPWAP binding specification that has QoS
  requirements MUST define the application of QoS to the CAPWAP Data
  messages.

  The IP header also includes the Explicit Congestion Notification
  (ECN) bits [RFC3168].  Section 9.1.1 of [RFC3168] describes two
  levels of ECN functionality: full functionality and limited
  functionality.  CAPWAP ACs and WTPs SHALL implement the limited
  functionality and are RECOMMENDED to implement the full functionality
  described in [RFC3168].










Calhoun, et al.             Standards Track                    [Page 56]

RFC 5415             CAPWAP Protocol Specification            March 2009


4.5.2.1.  Applying QoS to CAPWAP Control Message

  It is recommended that CAPWAP Control messages be sent by both the AC
  and the WTP with an appropriate Quality-of-Service precedence value,
  ensuring that congestion in the network minimizes occurrences of
  CAPWAP Control channel disconnects.  Therefore, a QoS-enabled CAPWAP
  device SHOULD use the following values:

  802.1Q:   The priority tag of 7 SHOULD be used.

  DSCP:   The CS6 per-hop behavior Service Class SHOULD be used, which
     is described in [RFC2474]).

4.5.3.  Retransmissions

  The CAPWAP Control protocol operates as a reliable transport.  For
  each Request message, a Response message is defined, which is used to
  acknowledge receipt of the Request message.  In addition, the control
  header Sequence Number field is used to pair the Request and Response
  messages (see Section 4.5.1).

  Response messages are not explicitly acknowledged; therefore, if a
  Response message is not received, the original Request message is
  retransmitted.

  Implementations MUST keep track of the sequence number of the last
  received Request message, and MUST cache the corresponding Response
  message.  If a retransmission with the same sequence number is
  received, the cached Response message MUST be retransmitted without
  re-processing the Request.  If an older Request message is received,
  meaning one where the sequence number is smaller, it MUST be ignored.
  A newer Request message, meaning one whose sequence number is larger,
  is processed as usual.

  Note: A sequence number is considered "smaller" when s1 is smaller
  than s2 modulo 256 if and only if (s1<s2 and (s2-s1)<128) or
  (s1>s2 and (s1-s2)>128).

  Both the WTP and the AC can only have a single request outstanding at
  any given time.  Retransmitted Request messages MUST NOT be altered
  by the sender.

  After transmitting a Request message, the RetransmitInterval (see
  Section 4.7) timer and MaxRetransmit (see Section 4.8) variable are
  used to determine if the original Request message needs to be
  retransmitted.  The RetransmitInterval timer is used the first time
  the Request is retransmitted.  The timer is then doubled every




Calhoun, et al.             Standards Track                    [Page 57]

RFC 5415             CAPWAP Protocol Specification            March 2009


  subsequent time the same Request message is retransmitted, up to
  MaxRetransmit but no more than half the EchoInterval timer (see
  Section 4.7.7).  Response messages are not subject to these timers.

  If the sender stops retransmitting a Request message before reaching
  MaxRetransmit retransmissions (which leads to transition to DTLS
  Teardown, as described in Section 2.3.1), it cannot know whether the
  recipient received and processed the Request or not.  In most
  situations, the sender SHOULD NOT do this, and instead continue
  retransmitting until a Response message is received, or transition to
  DTLS Teardown occurs.  However, if the sender does decide to continue
  the connection with a new or modified Request message, the new
  message MUST have a new sequence number, and be treated as a new
  Request message by the receiver.  Note that there is a high chance
  that both the WTP and the AC's sequence numbers will become out of
  sync.

  When a Request message is retransmitted, it MUST be re-encrypted via
  the DTLS stack.  If the peer had received the Request message, and
  the corresponding Response message was lost, it is necessary to
  ensure that retransmitted Request messages are not identified as
  replays by the DTLS stack.  Similarly, any cached Response messages
  that are retransmitted as a result of receiving a retransmitted
  Request message MUST be re-encrypted via DTLS.

  Duplicate Response messages, identified by the Sequence Number field
  in the CAPWAP Control message header, SHOULD be discarded upon
  receipt.

4.6.  CAPWAP Protocol Message Elements

  This section defines the CAPWAP Protocol message elements that are
  included in CAPWAP protocol control messages.

  Message elements are used to carry information needed in control
  messages.  Every message element is identified by the Type Value
  field, defined below.  The total length of the message elements is
  indicated in the message element's length field.

  All of the message element definitions in this document use a diagram
  similar to the one below in order to depict its format.  Note that to
  simplify this specification, these diagrams do not include the header
  fields (Type and Length).  The header field values are defined in the
  message element descriptions.







Calhoun, et al.             Standards Track                    [Page 58]

RFC 5415             CAPWAP Protocol Specification            March 2009


  Unless otherwise specified, a control message that lists a set of
  supported (or expected) message elements MUST NOT expect the message
  elements to be in any specific order.  The sender MAY include the
  message elements in any order.  Unless otherwise noted, one message
  element of each type is present in a given control message.

  Unless otherwise specified, any configuration information sent by the
  AC to the WTP MAY be saved to non-volatile storage (see Section 8.1)
  for more information).

  Additional message elements may be defined in separate IETF
  documents.

  The format of a message element uses the TLV format shown here:

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |              Type             |             Length            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |   Value ...   |
    +-+-+-+-+-+-+-+-+

  The 16-bit Type field identifies the information carried in the Value
  field and Length (16 bits) indicates the number of bytes in the Value
  field.  The value of zero (0) is reserved and MUST NOT be used.  The
  rest of the Type field values are allocated as follows:

             Usage                              Type Values

  CAPWAP Protocol Message Elements                   1 - 1023
  IEEE 802.11 Message Elements                    1024 - 2047
  Reserved for Future Use                         2048 - 3071
  EPCGlobal Message Elements                      3072 - 4095
  Reserved for Future Use                         4096 - 65535

  The table below lists the CAPWAP protocol Message Elements and their
  Type values.













Calhoun, et al.             Standards Track                    [Page 59]

RFC 5415             CAPWAP Protocol Specification            March 2009


  CAPWAP Message Element                            Type Value

  AC Descriptor                                         1
  AC IPv4 List                                          2
  AC IPv6 List                                          3
  AC Name                                               4
  AC Name with Priority                                 5
  AC Timestamp                                          6
  Add MAC ACL Entry                                     7
  Add Station                                           8
  Reserved                                              9
  CAPWAP Control IPV4 Address                          10
  CAPWAP Control IPV6 Address                          11
  CAPWAP Local IPV4 Address                            30
  CAPWAP Local IPV6 Address                            50
  CAPWAP Timers                                        12
  CAPWAP Transport Protocol                            51
  Data Transfer Data                                   13
  Data Transfer Mode                                   14
  Decryption Error Report                              15
  Decryption Error Report Period                       16
  Delete MAC ACL Entry                                 17
  Delete Station                                       18
  Reserved                                             19
  Discovery Type                                       20
  Duplicate IPv4 Address                               21
  Duplicate IPv6 Address                               22
  ECN Support                                          53
  Idle Timeout                                         23
  Image Data                                           24
  Image Identifier                                     25
  Image Information                                    26
  Initiate Download                                    27
  Location Data                                        28
  Maximum Message Length                               29
  MTU Discovery Padding                                52
  Radio Administrative State                           31
  Radio Operational State                              32
  Result Code                                          33
  Returned Message Element                             34
  Session ID                                           35
  Statistics Timer                                     36
  Vendor Specific Payload                              37
  WTP Board Data                                       38
  WTP Descriptor                                       39
  WTP Fallback                                         40
  WTP Frame Tunnel Mode                                41
  Reserved                                             42



Calhoun, et al.             Standards Track                    [Page 60]

RFC 5415             CAPWAP Protocol Specification            March 2009


  Reserved                                             43
  WTP MAC Type                                         44
  WTP Name                                             45
  Unused/Reserved                                      46
  WTP Radio Statistics                                 47
  WTP Reboot Statistics                                48
  WTP Static IP Address Information                    49

4.6.1.  AC Descriptor

  The AC Descriptor message element is used by the AC to communicate
  its current state.  The value contains the following fields.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |            Stations           |             Limit             |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |          Active WTPs          |            Max WTPs           |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |    Security   |  R-MAC Field  |   Reserved1   |  DTLS Policy  |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                  AC Information Sub-Element...
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  Type:   1 for AC Descriptor

  Length:   >= 12

  Stations:   The number of stations currently served by the AC

  Limit:   The maximum number of stations supported by the AC

  Active WTPs:   The number of WTPs currently attached to the AC

  Max WTPs:   The maximum number of WTPs supported by the AC

  Security:   An 8-bit mask specifying the authentication credential
     type supported by the AC (see Section 2.4.4).  The field has the
     following format:

        0 1 2 3 4 5 6 7
       +-+-+-+-+-+-+-+-+
       |Reserved |S|X|R|
       +-+-+-+-+-+-+-+-+






Calhoun, et al.             Standards Track                    [Page 61]

RFC 5415             CAPWAP Protocol Specification            March 2009


     Reserved:  A set of reserved bits for future use.  All
        implementations complying with this protocol MUST set to zero
        any bits that are reserved in the version of the protocol
        supported by that implementation.  Receivers MUST ignore all
        bits not defined for the version of the protocol they support.

     S:    The AC supports the pre-shared secret authentication, as
           described in Section 12.6.

     X:    The AC supports X.509 Certificate authentication, as
           described in Section 12.7.

     R:    A reserved bit for future use.  All implementations
           complying with this protocol MUST set to zero any bits that
           are reserved in the version of the protocol supported by
           that implementation.  Receivers MUST ignore all bits not
           defined for the version of the protocol they support.

  R-MAC Field:   The AC supports the optional Radio MAC Address field
     in the CAPWAP transport header (see Section 4.3).  The following
     enumerated values are supported:

     0 -  Reserved

     1 -  Supported

     2 -  Not Supported

  Reserved:  A set of reserved bits for future use.  All
     implementations complying with this protocol MUST set to zero any
     bits that are reserved in the version of the protocol supported by
     that implementation.  Receivers MUST ignore all bits not defined
     for the version of the protocol they support.

  DTLS Policy:   The AC communicates its policy on the use of DTLS for
     the CAPWAP data channel.  The AC MAY communicate more than one
     supported option, represented by the bit field below.  The WTP
     MUST abide by one of the options communicated by AC.  The field
     has the following format:

        0 1 2 3 4 5 6 7
       +-+-+-+-+-+-+-+-+
       |Reserved |D|C|R|
       +-+-+-+-+-+-+-+-+







Calhoun, et al.             Standards Track                    [Page 62]

RFC 5415             CAPWAP Protocol Specification            March 2009


     Reserved:  A set of reserved bits for future use.  All
        implementations complying with this protocol MUST set to zero
        any bits that are reserved in the version of the protocol
        supported by that implementation.  Receivers MUST ignore all
        bits not defined for the version of the protocol they support.

     D:    DTLS-Enabled Data Channel Supported

     C:    Clear Text Data Channel Supported

     R:    A reserved bit for future use.  All implementations
           complying with this protocol MUST set to zero any bits that
           are reserved in the version of the protocol supported by
           that implementation.  Receivers MUST ignore all bits not
           defined for the version of the protocol they support.

  AC Information Sub-Element:   The AC Descriptor message element
     contains multiple AC Information sub-elements, and defines two
     sub-types, each of which MUST be present.  The AC Information sub-
     element has the following format:

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                AC Information Vendor Identifier               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |      AC Information Type      |     AC Information Length     |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                     AC Information Data...
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

     AC Information Vendor Identifier:   A 32-bit value containing the
        IANA-assigned "Structure of Management Information (SMI)
        Network Management Private Enterprise Codes".

     AC Information Type:   Vendor-specific encoding of AC information
        in the UTF-8 format [RFC3629].  The following enumerated values
        are supported.  Both the Hardware and Software Version sub-
        elements MUST be included in the AC Descriptor message element.
        The values listed below are used in conjunction with the AC
        Information Vendor Identifier field, whose value MUST be set to
        zero (0).  This field, combined with the AC Information Vendor
        Identifier set to a non-zero (0) value, allows vendors to use a
        private namespace.







Calhoun, et al.             Standards Track                    [Page 63]

RFC 5415             CAPWAP Protocol Specification            March 2009


        4 -   Hardware Version: The AC's hardware version number.

        5 -   Software Version: The AC's Software (firmware) version
              number.

     AC Information Length:   Length of vendor-specific encoding of AC
        information, with a maximum size of 1024.

     AC Information Data:   Vendor-specific encoding of AC information.

4.6.2.  AC IPv4 List

  The AC IPv4 List message element is used to configure a WTP with the
  latest list of ACs available for the WTP to join.


       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                       AC IP Address[]                         |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  Type:   2 for AC IPv4 List

  Length:   >= 4

  AC IP Address:   An array of 32-bit integers containing AC IPv4
     Addresses, containing no more than 1024 addresses.

4.6.3.  AC IPv6 List

  The AC IPv6 List message element is used to configure a WTP with the
  latest list of ACs available for the WTP to join.


       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                       AC IP Address[]                         |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                       AC IP Address[]                         |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                       AC IP Address[]                         |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                       AC IP Address[]                         |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+





Calhoun, et al.             Standards Track                    [Page 64]

RFC 5415             CAPWAP Protocol Specification            March 2009


  Type:   3 for AC IPV6 List

  Length:   >= 16

  AC IP Address:   An array of 128-bit integers containing AC IPv6
     Addresses, containing no more than 1024 addresses.

4.6.4.  AC Name

  The AC Name message element contains an UTF-8 [RFC3629]
  representation of the AC identity.  The value is a variable-length
  byte string.  The string is NOT zero terminated.

     0
     0 1 2 3 4 5 6 7
    +-+-+-+-+-+-+-+-+
    |   Name ...
    +-+-+-+-+-+-+-+-+

  Type:   4 for AC Name

  Length:   >= 1

  Name:   A variable-length UTF-8 encoded string [RFC3629] containing
     the AC's name, whose maximum size MUST NOT exceed 512 bytes.

4.6.5.  AC Name with Priority

  The AC Name with Priority message element is sent by the AC to the
  WTP to configure preferred ACs.  The number of instances of this
  message element is equal to the number of ACs configured on the WTP.
  The WTP also uses this message element to send its configuration to
  the AC.

     0                   1
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |   Priority  |   AC Name...
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  Type:   5 for AC Name with Priority

  Length:   >= 2

  Priority:   A value between 1 and 255 specifying the priority order
     of the preferred AC.  For instance, the value of one (1) is used
     to set the primary AC, the value of two (2) is used to set the
     secondary, etc.



Calhoun, et al.             Standards Track                    [Page 65]

RFC 5415             CAPWAP Protocol Specification            March 2009


  AC Name:   A variable-length UTF-8 encoded string [RFC3629]
     containing the AC name, whose maximum size MUST NOT exceed 512
     bytes.

4.6.6.  AC Timestamp

  The AC Timestamp message element is sent by the AC to synchronize the
  WTP clock.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                           Timestamp                           |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  Type:   6 for AC Timestamp

  Length:   4

  Timestamp:   The AC's current time, allowing all of the WTPs to be
     time synchronized in the format defined by Network Time Protocol
     (NTP) in RFC 1305 [RFC1305].  Only the most significant 32 bits of
     the NTP time are included in this field.

4.6.7.  Add MAC ACL Entry

  The Add MAC Access Control List (ACL) Entry message element is used
  by an AC to add a MAC ACL list entry on a WTP, ensuring that the WTP
  no longer provides service to the MAC addresses provided in the
  message.  The MAC addresses provided in this message element are not
  expected to be saved in non-volatile memory on the WTP.  The MAC ACL
  table on the WTP is cleared every time the WTP establishes a new
  session with an AC.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    | Num of Entries|    Length     |         MAC Address ...
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  Type:   7 for Add MAC ACL Entry

  Length:   >= 8

  Num of Entries:   The number of instances of the Length/MAC Address
     fields in the array.  This value MUST NOT exceed 255.





Calhoun, et al.             Standards Track                    [Page 66]

RFC 5415             CAPWAP Protocol Specification            March 2009


  Length:  The length of the MAC Address field.  The formats and
     lengths specified in [EUI-48] and [EUI-64] are supported.

  MAC Address:   MAC addresses to add to the ACL.

4.6.8.  Add Station

  The Add Station message element is used by the AC to inform a WTP
  that it should forward traffic for a station.  The Add Station
  message element is accompanied by technology-specific binding
  information element(s), which may include security parameters.
  Consequently, the security parameters MUST be applied by the WTP for
  the station.

  After station policy has been delivered to the WTP through the Add
  Station message element, an AC MAY change any policies by sending a
  modified Add Station message element.  When a WTP receives an Add
  Station message element for an existing station, it MUST override any
  existing state for the station.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |    Radio ID   |     Length    |          MAC Address ...
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |  VLAN Name...
    +-+-+-+-+-+-+-+-+

  Type:   8 for Add Station

  Length:   >= 8

  Radio ID:   An 8-bit value representing the radio, whose value is
     between one (1) and 31.

  Length:  The length of the MAC Address field.  The formats and
     lengths specified in [EUI-48] and [EUI-64] are supported.

  MAC Address:   The station's MAC address.

  VLAN Name:   An optional variable-length UTF-8 encoded string
     [RFC3629], with a maximum length of 512 octets, containing the
     VLAN Name on which the WTP is to locally bridge user data.  Note
     this field is only valid with WTPs configured in Local MAC mode.







Calhoun, et al.             Standards Track                    [Page 67]

RFC 5415             CAPWAP Protocol Specification            March 2009


4.6.9.  CAPWAP Control IPv4 Address

  The CAPWAP Control IPv4 Address message element is sent by the AC to
  the WTP during the Discovery process and is used by the AC to provide
  the interfaces available on the AC, and the current number of WTPs
  connected.  When multiple CAPWAP Control IPV4 Address message
  elements are returned, the WTP SHOULD perform load balancing across
  the multiple interfaces (see Section 6.1).

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                           IP Address                          |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |           WTP Count           |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  Type:   10 for CAPWAP Control IPv4 Address

  Length:   6

  IP Address:   The IP address of an interface.

  WTP Count:   The number of WTPs currently connected to the interface,
     with a maximum value of 65535.

4.6.10.  CAPWAP Control IPv6 Address

  The CAPWAP Control IPv6 Address message element is sent by the AC to
  the WTP during the Discovery process and is used by the AC to provide
  the interfaces available on the AC, and the current number of WTPs
  connected.  This message element is useful for the WTP to perform
  load balancing across multiple interfaces (see Section 6.1).

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                           IP Address                          |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                           IP Address                          |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                           IP Address                          |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                           IP Address                          |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |           WTP Count           |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+




Calhoun, et al.             Standards Track                    [Page 68]

RFC 5415             CAPWAP Protocol Specification            March 2009


  Type:   11 for CAPWAP Control IPv6 Address

  Length:   18

  IP Address:   The IP address of an interface.

  WTP Count:   The number of WTPs currently connected to the interface,
     with a maximum value of 65535.

4.6.11.  CAPWAP Local IPv4 Address

  The CAPWAP Local IPv4 Address message element is sent by either the
  WTP, in the Join Request, or by the AC, in the Join Response.  The
  CAPWAP Local IPv4 Address message element is used to communicate the
  IP Address of the transmitter.  The receiver uses this to determine
  whether a middlebox exists between the two peers, by comparing the
  source IP address of the packet against the value of the message
  element.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                           IP Address                          |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  Type:   30 for CAPWAP Local IPv4 Address

  Length:   4

  IP Address:   The IP address of the sender.

4.6.12.  CAPWAP Local IPv6 Address

  The CAPWAP Local IPv6 Address message element is sent by either the
  WTP, in the Join Request, or by the AC, in the Join Response.  The
  CAPWAP Local IPv6 Address message element is used to communicate the
  IP Address of the transmitter.  The receiver uses this to determine
  whether a middlebox exists between the two peers, by comparing the
  source IP address of the packet against the value of the message
  element.











Calhoun, et al.             Standards Track                    [Page 69]

RFC 5415             CAPWAP Protocol Specification            March 2009


     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                           IP Address                          |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                           IP Address                          |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                           IP Address                          |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                           IP Address                          |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  Type:   50 for CAPWAP Local IPv6 Address

  Length:   16

  IP Address:   The IP address of the sender.

4.6.13.  CAPWAP Timers

  The CAPWAP Timers message element is used by an AC to configure
  CAPWAP timers on a WTP.

     0                   1
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |   Discovery   | Echo Request  |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  Type:   12 for CAPWAP Timers

  Length:   2

  Discovery:   The number of seconds between CAPWAP Discovery messages,
     when the WTP is in the Discovery phase.  This value is used to
     configure the MaxDiscoveryInterval timer (see Section 4.7.10).

  Echo Request:   The number of seconds between WTP Echo Request CAPWAP
     messages.  This value is used to configure the EchoInterval timer
     (see Section 4.7.7).  The AC sets its EchoInterval timer to this
     value, plus the maximum retransmission time as described in
     Section 4.5.3.









Calhoun, et al.             Standards Track                    [Page 70]

RFC 5415             CAPWAP Protocol Specification            March 2009


4.6.14.  CAPWAP Transport Protocol

  When CAPWAP is run over IPv6, the UDP-Lite or UDP transports MAY be
  used (see Section 3).  The CAPWAP IPv6 Transport Protocol message
  element is used by either the WTP or the AC to signal which transport
  protocol is to be used for the CAPWAP data channel.

  Upon receiving the Join Request, the AC MAY set the CAPWAP Transport
  Protocol to UDP-Lite in the Join Response message if the CAPWAP
  message was received over IPv6, and the CAPWAP Local IPv6 Address
  message element (see Section 4.6.12) is present and no middlebox was
  detected (see Section 11).

  Upon receiving the Join Response, the WTP MAY set the CAPWAP
  Transport Protocol to UDP-Lite in the Configuration Status Request or
  Image Data Request message if the AC advertised support for UDP-Lite,
  the message was received over IPv6, the CAPWAP Local IPv6 Address
  message element (see Section 4.6.12) and no middlebox was detected
  (see Section 11).  Upon receiving either the Configuration Status
  Request or the Image Data Request, the AC MUST observe the preference
  indicated by the WTP in the CAPWAP Transport Protocol, as long as it
  is consistent with what the AC advertised in the Join Response.

  For any other condition, the CAPWAP Transport Protocol MUST be set to
  UDP.

     0
     0 1 2 3 4 5 6 7
    +-+-+-+-+-+-+-+-+
    |   Transport   |
    +-+-+-+-+-+-+-+-+

  Type:   51 for CAPWAP Transport Protocol

  Length:   1

  Transport:   The transport to use for the CAPWAP Data channel.  The
     following enumerated values are supported:

     1 -   UDP-Lite: The UDP-Lite transport protocol is to be used for
           the CAPWAP Data channel.  Note that this option MUST NOT be
           used if the CAPWAP Control channel is being used over IPv4.

     2 -   UDP: The UDP transport protocol is to be used for the CAPWAP
           Data channel.






Calhoun, et al.             Standards Track                    [Page 71]

RFC 5415             CAPWAP Protocol Specification            March 2009


4.6.15.  Data Transfer Data

  The Data Transfer Data message element is used by the WTP to provide
  information to the AC for debugging purposes.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |   Data Type   |   Data Mode   |         Data Length           |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |   Data ....
    +-+-+-+-+-+-+-+-+

  Type:   13 for Data Transfer Data

  Length:   >= 5

  Data Type:   An 8-bit value representing the transfer Data Type.  The
     following enumerated values are supported:

     1 -  Transfer data is included.

     2 -  Last Transfer Data Block is included (End of File (EOF)).

     5 -  An error occurred.  Transfer is aborted.

  Data Mode:   An 8-bit value describing the type of information being
     transmitted.  The following enumerated values are supported:

     0 -  Reserved

     1 -  WTP Crash Data

     2 -  WTP Memory Dump

  Data Length:   Length of data field, with a maximum size of 65535.

  Data:   Data being transferred from the WTP to the AC, whose type is
     identified via the Data Mode field.












Calhoun, et al.             Standards Track                    [Page 72]

RFC 5415             CAPWAP Protocol Specification            March 2009


4.6.16.  Data Transfer Mode

  The Data Transfer Mode message element is used by the WTP to indicate
  the type of data transfer information it is sending to the AC for
  debugging purposes.

     0
     0 1 2 3 4 5 6 7
    +-+-+-+-+-+-+-+-+
    |   Data Mode   |
    +-+-+-+-+-+-+-+-+

  Type:   14 for Data Transfer Mode

  Length:   1

  Data Mode:   An 8-bit value describing the type of information being
     requested.  The following enumerated values are supported:

     0 -  Reserved

     1 -  WTP Crash Data

     2 -  WTP Memory Dump

4.6.17.  Decryption Error Report

  The Decryption Error Report message element value is used by the WTP
  to inform the AC of decryption errors that have occurred since the
  last report.  Note that this error reporting mechanism is not used if
  encryption and decryption services are provided in the AC.

     0                   1                   2
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |   Radio ID    |Num Of Entries |     Length    | MAC Address...
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  Type:   15 for Decryption Error Report

  Length:   >= 9

  Radio ID:   The Radio Identifier refers to an interface index on the
     WTP, whose value is between one (1) and 31.

  Num of Entries:   The number of instances of the Length/MAC Address
     fields in the array.  This field MUST NOT exceed the value of 255.




Calhoun, et al.             Standards Track                    [Page 73]

RFC 5415             CAPWAP Protocol Specification            March 2009


  Length:  The length of the MAC Address field.  The formats and
     lengths specified in [EUI-48] and [EUI-64] are supported.

  MAC Address:   MAC address of the station that has caused decryption
     errors.

4.6.18.  Decryption Error Report Period

  The Decryption Error Report Period message element value is used by
  the AC to inform the WTP how frequently it should send decryption
  error report messages.  Note that this error reporting mechanism is
  not used if encryption and decryption services are provided in the
  AC.

     0                   1                   2
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |   Radio ID    |        Report Interval        |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  Type:   16 for Decryption Error Report Period

  Length:   3

  Radio ID:   The Radio Identifier refers to an interface index on the
     WTP, whose value is between one (1) and 31.

  Report Interval:   A 16-bit unsigned integer indicating the time, in
     seconds.  The default value for this message element can be found
     in Section 4.7.11.

4.6.19.  Delete MAC ACL Entry

  The Delete MAC ACL Entry message element is used by an AC to delete a
  MAC ACL entry on a WTP, ensuring that the WTP provides service to the
  MAC addresses provided in the message.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    | Num of Entries|     Length    |          MAC Address ...
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  Type:   17 for Delete MAC ACL Entry

  Length:   >= 8





Calhoun, et al.             Standards Track                    [Page 74]

RFC 5415             CAPWAP Protocol Specification            March 2009


  Num of Entries:   The number of instances of the Length/MAC Address
     fields in the array.  This field MUST NOT exceed the value of 255.

  Length:  The length of the MAC Address field.  The formats and
     lengths specified in [EUI-48] and [EUI-64] are supported.

  MAC Address:   An array of MAC addresses to delete from the ACL.

4.6.20.  Delete Station

  The Delete Station message element is used by the AC to inform a WTP
  that it should no longer provide service to a particular station.
  The WTP MUST terminate service to the station immediately upon
  receiving this message element.

  The transmission of a Delete Station message element could occur for
  various reasons, including for administrative reasons, or if the
  station has roamed to another WTP.

  The Delete Station message element MAY be sent by the WTP, in the WTP
  Event Request message, to inform the AC that a particular station is
  no longer being provided service.  This could occur as a result of an
  Idle Timeout (see section 4.4.43), due to internal resource shortages
  or for some other reason.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |    Radio ID   |     Length    |        MAC Address...
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  Type:   18 for Delete Station

  Length:   >= 8

  Radio ID:   An 8-bit value representing the radio, whose value is
     between one (1) and 31.

  Length:  The length of the MAC Address field.  The formats and
     lengths specified in [EUI-48] and [EUI-64] are supported.

  MAC Address:   The station's MAC address.

4.6.21.  Discovery Type

  The Discovery Type message element is used by the WTP to indicate how
  it has come to know about the existence of the AC to which it is
  sending the Discovery Request message.



Calhoun, et al.             Standards Track                    [Page 75]

RFC 5415             CAPWAP Protocol Specification            March 2009


     0
     0 1 2 3 4 5 6 7
    +-+-+-+-+-+-+-+-+
    | Discovery Type|
    +-+-+-+-+-+-+-+-+

  Type:   20 for Discovery Type

  Length:   1

  Discovery Type:   An 8-bit value indicating how the WTP discovered
     the AC.  The following enumerated values are supported:

     0 -   Unknown

     1 -   Static Configuration

     2 -   DHCP

     3 -   DNS

     4 -   AC Referral (used when the AC was configured either through
           the AC IPv4 List or AC IPv6 List message element)

4.6.22.  Duplicate IPv4 Address

  The Duplicate IPv4 Address message element is used by a WTP to inform
  an AC that it has detected another IP device using the same IP
  address that the WTP is currently using.

  The WTP MUST transmit this message element with the status set to 1
  after it has detected a duplicate IP address.  When the WTP detects
  that the duplicate IP address has been cleared, it MUST send this
  message element with the status set to 0.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                          IP Address                           |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |     Status    |     Length    |          MAC Address ...
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  Type:   21 for Duplicate IPv4 Address

  Length:   >= 12

  IP Address:   The IP address currently used by the WTP.



Calhoun, et al.             Standards Track                    [Page 76]

RFC 5415             CAPWAP Protocol Specification            March 2009


  Status:   The status of the duplicate IP address.  The value MUST be
     set to 1 when a duplicate address is detected, and 0 when the
     duplicate address has been cleared.

  Length:  The length of the MAC Address field.  The formats and
     lengths specified in [EUI-48] and [EUI-64] are supported.

  MAC Address:   The MAC address of the offending device.

4.6.23.  Duplicate IPv6 Address

  The Duplicate IPv6 Address message element is used by a WTP to inform
  an AC that it has detected another host using the same IP address
  that the WTP is currently using.

  The WTP MUST transmit this message element with the status set to 1
  after it has detected a duplicate IP address.  When the WTP detects
  that the duplicate IP address has been cleared, it MUST send this
  message element with the status set to 0.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                          IP Address                           |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                          IP Address                           |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                          IP Address                           |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                          IP Address                           |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |     Status    |     Length    |         MAC Address ...
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  Type:   22 for Duplicate IPv6 Address

  Length:   >= 24

  IP Address:   The IP address currently used by the WTP.

  Status:   The status of the duplicate IP address.  The value MUST be
     set to 1 when a duplicate address is detected, and 0 when the
     duplicate address has been cleared.

  Length:  The length of the MAC Address field.  The formats and
     lengths specified in [EUI-48] and [EUI-64] are supported.

  MAC Address:   The MAC address of the offending device.



Calhoun, et al.             Standards Track                    [Page 77]

RFC 5415             CAPWAP Protocol Specification            March 2009


4.6.24.  Idle Timeout

  The Idle Timeout message element is sent by the AC to the WTP to
  provide the Idle Timeout value that the WTP SHOULD enforce for its
  active stations.  The value applies to all radios on the WTP.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                            Timeout                            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  Type:   23 for Idle Timeout

  Length:   4

  Timeout:   The current Idle Timeout, in seconds, to be enforced by
     the WTP.  The default value for this message element is specified
     in Section 4.7.8.

4.6.25.  ECN Support

  The ECN Support message element is sent by both the WTP and the AC to
  indicate their support for the Explicit Congestion Notification (ECN)
  bits, as defined in [RFC3168].

     0
     0 1 2 3 4 5 6 7
    +-+-+-+-+-+-+-+-+
    |  ECN Support  |
    +-+-+-+-+-+-+-+-+

  Type:   53 for ECN Support

  Length:   1

  ECN Support:   An 8-bit value representing the sender's support for
     ECN, as defined in [RFC3168].  All CAPWAP Implementations MUST
     support the Limited ECN Support mode.  Full ECN Support is used if
     both the WTP and AC advertise the capability for "Full and Limited
     ECN" Support; otherwise, Limited ECN Support is used.

     0 -  Limited ECN Support

     1 -  Full and Limited ECN Support






Calhoun, et al.             Standards Track                    [Page 78]

RFC 5415             CAPWAP Protocol Specification            March 2009


4.6.26.  Image Data

  The Image Data message element is present in the Image Data Request
  message sent by the AC and contains the following fields.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |   Data Type   |                    Data ....
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  Type:   24 for Image Data

  Length:   >= 1

  Data Type:   An 8-bit value representing the image Data Type.  The
     following enumerated values are supported:

     1 -  Image data is included.

     2 -  Last Image Data Block is included (EOF).

     5 -  An error occurred.  Transfer is aborted.

  Data:   The Image Data field contains up to 1024 characters, and its
     length is inferred from this message element's length field.  If
     the block being sent is the last one, the Data Type field is set
     to 2.  The AC MAY opt to abort the data transfer by setting the
     Data Type field to 5.  When the Data Type field is 5, the Value
     field has a zero length.

4.6.27.  Image Identifier

  The Image Identifier message element is sent by the AC to the WTP to
  indicate the expected active software version that is to be run on
  the WTP.  The WTP sends the Image Identifier message element in order
  to request a specific software version from the AC.  The actual
  download process is defined in Section 9.1.  The value is a variable-
  length UTF-8 encoded string [RFC3629], which is NOT zero terminated.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                       Vendor Identifier                       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                             Data...
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+




Calhoun, et al.             Standards Track                    [Page 79]

RFC 5415             CAPWAP Protocol Specification            March 2009


  Type:   25 for Image Identifier

  Length:   >= 5

  Vendor Identifier:   A 32-bit value containing the IANA-assigned "SMI
     Network Management Private Enterprise Codes".

  Data:   A variable-length UTF-8 encoded string [RFC3629] containing
     the firmware identifier to be run on the WTP, whose length MUST
     NOT exceed 1024 octets.  The length of this field is inferred from
     this message element's length field.

4.6.28.  Image Information

  The Image Information message element is present in the Image Data
  Response message sent by the AC to the WTP and contains the following
  fields.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                           File Size                           |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                              Hash                             |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                              Hash                             |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                              Hash                             |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                              Hash                             |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  Type:   26 for Image Information

  Length:   20

  File Size:   A 32-bit value containing the size of the file, in
     bytes, that will be transferred by the AC to the WTP.

  Hash:   A 16-octet MD5 hash of the image using the procedures defined
     in [RFC1321].










Calhoun, et al.             Standards Track                    [Page 80]

RFC 5415             CAPWAP Protocol Specification            March 2009


4.6.29.  Initiate Download

  The Initiate Download message element is used by the WTP to inform
  the AC that the AC SHOULD initiate a firmware upgrade.  The AC
  subsequently transmits an Image Data Request message, which includes
  the Image Data message element.  This message element does not
  contain any data.

  Type:   27 for Initiate Download

  Length:   0

4.6.30.  Location Data

  The Location Data message element is a variable-length byte UTF-8
  encoded string [RFC3629] containing user-defined location information
  (e.g., "Next to Fridge").  This information is configurable by the
  network administrator, and allows the WTP location to be determined.
  The string is not zero terminated.

     0
     0 1 2 3 4 5 6 7
    +-+-+-+-+-+-+-+-+-
    | Location ...
    +-+-+-+-+-+-+-+-+-

  Type:   28 for Location Data

  Length:   >= 1

  Location:   A non-zero-terminated UTF-8 encoded string [RFC3629]
     containing the WTP location, whose maximum size MUST NOT exceed
     1024.

4.6.31.  Maximum Message Length

  The Maximum Message Length message element is included in the Join
  Request message by the WTP to indicate the maximum CAPWAP message
  length that it supports to the AC.  The Maximum Message Length
  message element is optionally included in Join Response message by
  the AC to indicate the maximum CAPWAP message length that it supports
  to the WTP.

        0              1
        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |    Maximum Message Length     |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+



Calhoun, et al.             Standards Track                    [Page 81]

RFC 5415             CAPWAP Protocol Specification            March 2009


  Type:   29 for Maximum Message Length

  Length:   2

  Maximum Message Length  A 16-bit unsigned integer indicating the
     maximum message length.

4.6.32.  MTU Discovery Padding

  The MTU Discovery Padding message element is used as padding to
  perform MTU discovery, and MUST contain octets of value 0xFF, of any
  length.

     0
     0 1 2 3 4 5 6 7
    +-+-+-+-+-+-+-+-+
    |  Padding...
    +-+-+-+-+-+-+-+-


  Type:   52 for MTU Discovery Padding

  Length:   Variable

  Pad:   A variable-length pad, filled with the value 0xFF.

4.6.33.  Radio Administrative State

  The Radio Administrative State message element is used to communicate
  the state of a particular radio.  The Radio Administrative State
  message element is sent by the AC to change the state of the WTP.
  The WTP saves the value, to ensure that it remains across WTP resets.
  The WTP communicates this message element during the configuration
  phase, in the Configuration Status Request message, to ensure that
  the AC has the WTP radio current administrative state settings.  The
  message element contains the following fields:

        0                   1
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |   Radio ID    |  Admin State  |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  Type:   31 for Radio Administrative State

  Length:   2





Calhoun, et al.             Standards Track                    [Page 82]

RFC 5415             CAPWAP Protocol Specification            March 2009


  Radio ID:   An 8-bit value representing the radio to configure, whose
     value is between one (1) and 31.  The Radio ID field MAY also
     include the value of 0xff, which is used to identify the WTP.  If
     an AC wishes to change the administrative state of a WTP, it
     includes 0xff in the Radio ID field.

  Admin State:   An 8-bit value representing the administrative state
     of the radio.  The default value for the Admin State field is
     listed in Section 4.8.1.  The following enumerated values are
     supported:

     0 -  Reserved

     1 -  Enabled

     2 -  Disabled

4.6.34.  Radio Operational State

  The Radio Operational State message element is sent by the WTP to the
  AC to communicate a radio's operational state.  This message element
  is included in the Configuration Update Response message by the WTP
  if it was requested to change the state of its radio, via the Radio
  Administrative State message element, but was unable to comply to the
  request.  This message element is included in the Change State Event
  message when a WTP radio state was changed unexpectedly.  This could
  occur due to a hardware failure.  Note that the operational state
  setting is not saved on the WTP, and therefore does not remain across
  WTP resets.  The value contains three fields, as shown below.

     0                   1                   2
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |   Radio ID    |     State     |     Cause     |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  Type:   32 for Radio Operational State

  Length:   3

  Radio ID:   The Radio Identifier refers to an interface index on the
     WTP, whose value is between one (1) and 31.  A value of 0xFF is
     invalid, as it is not possible to change the WTP's operational
     state.

  State:   An 8-bit Boolean value representing the state of the radio.
     The following enumerated values are supported:




Calhoun, et al.             Standards Track                    [Page 83]

RFC 5415             CAPWAP Protocol Specification            March 2009


     0 -  Reserved

     1 -  Enabled

     2 -  Disabled

  Cause:   When a radio is inoperable, the cause field contains the
     reason the radio is out of service.  The following enumerated
     values are supported:

     0 -  Normal

     1 -  Radio Failure

     2 -  Software Failure

     3 -  Administratively Set

4.6.35.  Result Code

  The Result Code message element value is a 32-bit integer value,
  indicating the result of the Request message corresponding to the
  sequence number included in the Response message.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                         Result Code                           |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  Type:   33 for Result Code

  Length:   4

  Result Code:   The following enumerated values are defined:

     0  Success

     1  Failure (AC List Message Element MUST Be Present)

     2  Success (NAT Detected)

     3  Join Failure (Unspecified)

     4  Join Failure (Resource Depletion)

     5  Join Failure (Unknown Source)




Calhoun, et al.             Standards Track                    [Page 84]

RFC 5415             CAPWAP Protocol Specification            March 2009


     6  Join Failure (Incorrect Data)

     7  Join Failure (Session ID Already in Use)

     8  Join Failure (WTP Hardware Not Supported)

     9  Join Failure (Binding Not Supported)

     10 Reset Failure (Unable to Reset)

     11 Reset Failure (Firmware Write Error)

     12 Configuration Failure (Unable to Apply Requested Configuration
        - Service Provided Anyhow)

     13 Configuration Failure (Unable to Apply Requested Configuration
        - Service Not Provided)

     14 Image Data Error (Invalid Checksum)

     15 Image Data Error (Invalid Data Length)

     16 Image Data Error (Other Error)

     17 Image Data Error (Image Already Present)

     18 Message Unexpected (Invalid in Current State)

     19 Message Unexpected (Unrecognized Request)

     20 Failure - Missing Mandatory Message Element

     21 Failure - Unrecognized Message Element

     22 Data Transfer Error (No Information to Transfer)

4.6.36.  Returned Message Element

  The Returned Message Element is sent by the WTP in the Change State
  Event Request message to communicate to the AC which message elements
  in the Configuration Status Response it was unable to apply locally.
  The Returned Message Element message element contains a result code
  indicating the reason that the configuration could not be applied,
  and encapsulates the failed message element.







Calhoun, et al.             Standards Track                    [Page 85]

RFC 5415             CAPWAP Protocol Specification            March 2009


     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |    Reason     |    Length     |       Message Element...
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  Type:   34 for Returned Message Element

  Length:   >= 6

  Reason:   The reason the configuration in the offending message
     element could not be applied by the WTP.  The following enumerated
     values are supported:

     0 -  Reserved

     1 -  Unknown Message Element

     2 -  Unsupported Message Element

     3 -  Unknown Message Element Value

     4 -  Unsupported Message Element Value

  Length:   The length of the Message Element field, which MUST NOT
     exceed 255 octets.

  Message Element:   The Message Element field encapsulates the message
     element sent by the AC in the Configuration Status Response
     message that caused the error.

4.6.37.  Session ID

  The Session ID message element value contains a randomly generated
  unsigned 128-bit integer.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                           Session ID                          |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                           Session ID                          |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                           Session ID                          |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                           Session ID                          |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+




Calhoun, et al.             Standards Track                    [Page 86]

RFC 5415             CAPWAP Protocol Specification            March 2009


  Type:   35 for Session ID

  Length:   16

  Session ID:   A 128-bit unsigned integer used as a random session
     identifier

4.6.38.  Statistics Timer

  The Statistics Timer message element value is used by the AC to
  inform the WTP of the frequency with which it expects to receive
  updated statistics.

     0                   1
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |        Statistics Timer       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  Type:   36 for Statistics Timer

  Length:   2

  Statistics Timer:   A 16-bit unsigned integer indicating the time, in
     seconds.  The default value for this timer is specified in
     Section 4.7.14.

4.6.39.  Vendor Specific Payload

  The Vendor Specific Payload message element is used to communicate
  vendor-specific information between the WTP and the AC.  The Vendor
  Specific Payload message element MAY be present in any CAPWAP
  message.  The exchange of vendor-specific data between the MUST NOT
  modify the behavior of the base CAPWAP protocol and state machine.
  The message element uses the following format:

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                       Vendor Identifier                       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |          Element ID           |    Data...
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  Type:   37 for Vendor Specific Payload

  Length:   >= 7




Calhoun, et al.             Standards Track                    [Page 87]

RFC 5415             CAPWAP Protocol Specification            March 2009


  Vendor Identifier:   A 32-bit value containing the IANA-assigned "SMI
     Network Management Private Enterprise Codes" [RFC3232].

  Element ID:   A 16-bit Element Identifier that is managed by the
     vendor.

  Data:   Variable-length vendor-specific information, whose contents
     and format are proprietary and understood based on the Element ID
     field.  This field MUST NOT exceed 2048 octets.

4.6.40.  WTP Board Data

  The WTP Board Data message element is sent by the WTP to the AC and
  contains information about the hardware present.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                       Vendor Identifier                       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                   Board Data Sub-Element...
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  Type:   38 for WTP Board Data

  Length:   >=14

  Vendor Identifier:   A 32-bit value containing the IANA-assigned "SMI
     Network Management Private Enterprise Codes", identifying the WTP
     hardware manufacturer.  The Vendor Identifier field MUST NOT be
     set to zero.

  Board Data Sub-Element:   The WTP Board Data message element contains
     multiple Board Data sub-elements, some of which are mandatory and
     some are optional, as described below.  The Board Data Type values
     are not extensible by vendors, and are therefore not coupled along
     with the Vendor Identifier field.  The Board Data sub-element has
     the following format:

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |        Board Data Type        |       Board Data Length       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                      Board Data Value...
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+





Calhoun, et al.             Standards Track                    [Page 88]

RFC 5415             CAPWAP Protocol Specification            March 2009


     Board Data Type:   The Board Data Type field identifies the data
        being encoded.  The CAPWAP protocol defines the following
        values, and each of these types identify whether their presence
        is mandatory or optional:

     0 -   WTP Model Number: The WTP Model Number MUST be included in
           the WTP Board Data message element.

     1 -   WTP Serial Number: The WTP Serial Number MUST be included in
           the WTP Board Data message element.

     2 -   Board ID: A hardware identifier, which MAY be included in
           the WTP Board Data message element.

     3 -   Board Revision: A revision number of the board, which MAY be
           included in the WTP Board Data message element.

     4 -   Base MAC Address: The WTP's Base MAC address, which MAY be
           assigned to the primary Ethernet interface.

  Board Data Length:   The length of the data in the Board Data Value
     field, whose length MUST NOT exceed 1024 octets.

  Board Data Value:   The data associated with the Board Data Type
     field for this Board Data sub-element.

4.6.41.  WTP Descriptor

  The WTP Descriptor message element is used by a WTP to communicate
  its current hardware and software (firmware) configuration.  The
  value contains the following fields:

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |   Max Radios  | Radios in use |  Num Encrypt  |Encryp Sub-Elmt|
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |     Encryption Sub-Element    |    Descriptor Sub-Element...
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  Type:   39 for WTP Descriptor

  Length:   >= 33








Calhoun, et al.             Standards Track                    [Page 89]

RFC 5415             CAPWAP Protocol Specification            March 2009


  Max Radios:   An 8-bit value representing the number of radios (where
     each radio is identified via the Radio ID field) supported by the
     WTP.

  Radios in use:   An 8-bit value representing the number of radios in
     use in the WTP.

  Num Encrypt:   The number of 3-byte Encryption sub-elements that
     follow this field.  The value of the Num Encrypt field MUST be
     between one (1) and 255.

  Encryption Sub-Element:   The WTP Descriptor message element MUST
     contain at least one Encryption sub-element.  One sub-element is
     present for each binding supported by the WTP.  The Encryption
     sub-element has the following format:

     0                   1                   2
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |Resvd|  WBID   |  Encryption Capabilities      |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

     Resvd:  The 3-bit field is reserved for future use.  All
        implementations complying with this protocol MUST set to zero
        any bits that are reserved in the version of the protocol
        supported by that implementation.  Receivers MUST ignore all
        bits not defined for the version of the protocol they support.

     WBID:   A 5-bit field that is the wireless binding identifier.
        The identifier will indicate the type of wireless packet
        associated with the radio.  The WBIDs defined in this
        specification can be found in Section 4.3.

     Encryption Capabilities:   This 16-bit field is used by the WTP to
        communicate its capabilities to the AC.  A WTP that does not
        have any encryption capabilities sets this field to zero (0).
        Refer to the specific wireless binding for further
        specification of the Encryption Capabilities field.

  Descriptor Sub-Element:   The WTP Descriptor message element contains
     multiple Descriptor sub-elements, some of which are mandatory and
     some are optional, as described below.  The Descriptor sub-element
     has the following format:








Calhoun, et al.             Standards Track                    [Page 90]

RFC 5415             CAPWAP Protocol Specification            March 2009


     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                  Descriptor Vendor Identifier                 |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |        Descriptor Type        |       Descriptor Length       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                       Descriptor Data...
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

     Descriptor Vendor Identifier:   A 32-bit value containing the
        IANA-assigned "SMI Network Management Private Enterprise
        Codes".

     Descriptor Type:   The Descriptor Type field identifies the data
        being encoded.  The format of the data is vendor-specific
        encoded in the UTF-8 format [RFC3629].  The CAPWAP protocol
        defines the following values, and each of these types identify
        whether their presence is mandatory or optional.  The values
        listed below are used in conjunction with the Descriptor Vendor
        Identifier field, whose value MUST be set to zero (0).  This
        field, combined with the Descriptor Vendor Identifier set to a
        non-zero (0) value, allows vendors to use a private namespace.

        0 -   Hardware Version: The WTP hardware version number MUST be
              present.

        1 -   Active Software Version: The WTP running software version
              number MUST be present.

        2 -   Boot Version: The WTP boot loader version number MUST be
              present.

        3 -   Other Software Version: The WTP non-running software
              (firmware) version number MAY be present.  This type is
              used to communicate alternate software versions that are
              available on the WTP's non-volatile storage.

     Descriptor Length:   Length of the vendor-specific encoding of the
        Descriptor Data field, whose length MUST NOT exceed 1024
        octets.

     Descriptor Data:   Vendor-specific data of WTP information encoded
        in the UTF-8 format [RFC3629].







Calhoun, et al.             Standards Track                    [Page 91]

RFC 5415             CAPWAP Protocol Specification            March 2009


4.6.42.  WTP Fallback

  The WTP Fallback message element is sent by the AC to the WTP to
  enable or disable automatic CAPWAP fallback in the event that a WTP
  detects its preferred AC to which it is not currently connected.

     0
     0 1 2 3 4 5 6 7
    +-+-+-+-+-+-+-+-+
    |     Mode      |
    +-+-+-+-+-+-+-+-+

  Type:   40 for WTP Fallback

  Length:   1

  Mode:   The 8-bit value indicates the status of automatic CAPWAP
     fallback on the WTP.  When enabled, if the WTP detects that its
     primary AC is available, and that the WTP is not connected to the
     primary AC, the WTP SHOULD automatically disconnect from its
     current AC and reconnect to its primary AC.  If disabled, the WTP
     will only reconnect to its primary AC through manual intervention
     (e.g., through the Reset Request message).  The default value for
     this field is specified in Section 4.8.9.  The following
     enumerated values are supported:

     0 -  Reserved

     1 -  Enabled

     2 -  Disabled

4.6.43.  WTP Frame Tunnel Mode

  The WTP Frame Tunnel Mode message element allows the WTP to
  communicate the tunneling modes of operation that it supports to the
  AC.  A WTP that advertises support for all types allows the AC to
  select which type will be used, based on its local policy.

     0
     0 1 2 3 4 5 6 7
    +-+-+-+-+-+-+-+-+
    |Reservd|N|E|L|U|
    +-+-+-+-+-+-+-+-+







Calhoun, et al.             Standards Track                    [Page 92]

RFC 5415             CAPWAP Protocol Specification            March 2009


  Type:   41 for WTP Frame Tunnel Mode

  Length:   1

  Reservd:   A set of reserved bits for future use.  All
     implementations complying with this protocol MUST set to zero any
     bits that are reserved in the version of the protocol supported by
     that implementation.  Receivers MUST ignore all bits not defined
     for the version of the protocol they support.

  N:    Native Frame Tunnel mode requires the WTP and AC to encapsulate
        all user payloads as native wireless frames, as defined by the
        wireless binding (see for example Section 4.4)

  E:    The 802.3 Frame Tunnel Mode requires the WTP and AC to
        encapsulate all user payload as native IEEE 802.3 frames (see
        Section 4.4).  All user traffic is tunneled to the AC.  This
        value MUST NOT be used when the WTP MAC Type is set to Split
        MAC.

  L:    When Local Bridging is used, the WTP does not tunnel user
        traffic to the AC; all user traffic is locally bridged.  This
        value MUST NOT be used when the WTP MAC Type is set to Split
        MAC.

  R:    A reserved bit for future use.  All implementations complying
        with this protocol MUST set to zero any bits that are reserved
        in the version of the protocol supported by that
        implementation.  Receivers MUST ignore all bits not defined for
        the version of the protocol they support.

4.6.44.  WTP MAC Type

  The WTP MAC-Type message element allows the WTP to communicate its
  mode of operation to the AC.  A WTP that advertises support for both
  modes allows the AC to select the mode to use, based on local policy.

     0
     0 1 2 3 4 5 6 7
    +-+-+-+-+-+-+-+-+
    |   MAC Type    |
    +-+-+-+-+-+-+-+-+

  Type:   44 for WTP MAC Type







Calhoun, et al.             Standards Track                    [Page 93]

RFC 5415             CAPWAP Protocol Specification            March 2009


  Length:   1

  MAC Type:   The MAC mode of operation supported by the WTP.  The
     following enumerated values are supported:

     0 -   Local MAC: Local MAC is the default mode that MUST be
           supported by all WTPs.  When tunneling is enabled (see
           Section 4.6.43), the encapsulated frames MUST be in the
           802.3 format (see Section 4.4.2), unless a wireless
           management or control frame which MAY be in its native
           format.  Any CAPWAP binding needs to specify the format of
           management and control wireless frames.

     1 -   Split MAC: Split MAC support is optional, and allows the AC
           to receive and process native wireless frames.

     2 -   Both: WTP is capable of supporting both Local MAC and Split
           MAC.

4.6.45.  WTP Name

  The WTP Name message element is a variable-length byte UTF-8 encoded
  string [RFC3629].  The string is not zero terminated.

     0
     0 1 2 3 4 5 6 7
    +-+-+-+-+-+-+-+-+-
    |  WTP Name ...
    +-+-+-+-+-+-+-+-+-

  Type:   45 for WTP Name

  Length:   >= 1

  WTP Name:   A non-zero-terminated UTF-8 encoded string [RFC3629]
     containing the WTP name, whose maximum size MUST NOT exceed 512
     bytes.

4.6.46.  WTP Radio Statistics

  The WTP Radio Statistics message element is sent by the WTP to the AC
  to communicate statistics on radio behavior and reasons why the WTP
  radio has been reset.  These counters are never reset on the WTP, and
  will therefore roll over to zero when the maximum size has been
  reached.






Calhoun, et al.             Standards Track                    [Page 94]

RFC 5415             CAPWAP Protocol Specification            March 2009


     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |   Radio ID    | Last Fail Type|          Reset Count          |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |       SW Failure Count        |        HW Failure Count       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |     Other  Failure Count      |     Unknown Failure Count     |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |      Config Update Count      |     Channel Change Count      |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |       Band Change Count       |      Current Noise Floor      |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  Type:   47 for WTP Radio Statistics

  Length:   20

  Radio ID:   The radio ID of the radio to which the statistics apply,
     whose value is between one (1) and 31.

  Last Failure Type:   The last WTP failure.  The following enumerated
     values are supported:

     0 -  Statistic Not Supported

     1 -  Software Failure

     2 -  Hardware Failure

     3 -  Other Failure

     255 -  Unknown (e.g., WTP doesn't keep track of info)

  Reset Count:   The number of times that the radio has been reset.

  SW Failure Count:   The number of times that the radio has failed due
     to software-related reasons.

  HW Failure Count:   The number of times that the radio has failed due
     to hardware-related reasons.

  Other Failure Count:   The number of times that the radio has failed
     due to known reasons, other than software or hardware failure.







Calhoun, et al.             Standards Track                    [Page 95]

RFC 5415             CAPWAP Protocol Specification            March 2009


  Unknown Failure Count:   The number of times that the radio has
     failed for unknown reasons.

  Config Update Count:   The number of times that the radio
     configuration has been updated.

  Channel Change Count:   The number of times that the radio channel
     has been changed.

  Band Change Count:   The number of times that the radio has changed
     frequency bands.

  Current Noise Floor:   A signed integer that indicates the noise
     floor of the radio receiver in units of dBm.

4.6.47.  WTP Reboot Statistics

  The WTP Reboot Statistics message element is sent by the WTP to the
  AC to communicate reasons why WTP reboots have occurred.  These
  counters are never reset on the WTP, and will therefore roll over to
  zero when the maximum size has been reached.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |         Reboot Count          |      AC Initiated Count       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |      Link Failure Count       |       SW Failure Count        |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |       HW Failure Count        |      Other Failure Count      |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |     Unknown Failure Count     |Last Failure Type|
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  Type:   48 for WTP Reboot Statistics

  Length:   15

  Reboot Count:   The number of reboots that have occurred due to a WTP
     crash.  A value of 65535 implies that this information is not
     available on the WTP.

  AC Initiated Count:   The number of reboots that have occurred at the
     request of a CAPWAP protocol message, such as a change in
     configuration that required a reboot or an explicit CAPWAP
     protocol reset request.  A value of 65535 implies that this
     information is not available on the WTP.




Calhoun, et al.             Standards Track                    [Page 96]

RFC 5415             CAPWAP Protocol Specification            March 2009


  Link Failure Count:   The number of times that a CAPWAP protocol
     connection with an AC has failed due to link failure.

  SW Failure Count:   The number of times that a CAPWAP protocol
     connection with an AC has failed due to software-related reasons.

  HW Failure Count:   The number of times that a CAPWAP protocol
     connection with an AC has failed due to hardware-related reasons.

  Other Failure Count:   The number of times that a CAPWAP protocol
     connection with an AC has failed due to known reasons, other than
     AC initiated, link, SW or HW failure.

  Unknown Failure Count:   The number of times that a CAPWAP protocol
     connection with an AC has failed for unknown reasons.

  Last Failure Type:   The failure type of the most recent WTP failure.
     The following enumerated values are supported:

     0 -  Not Supported

     1 -  AC Initiated (see Section 9.2)

     2 -  Link Failure

     3 -  Software Failure

     4 -  Hardware Failure

     5 -  Other Failure

     255 -  Unknown (e.g., WTP doesn't keep track of info)

4.6.48.  WTP Static IP Address Information

  The WTP Static IP Address Information message element is used by an
  AC to configure or clear a previously configured static IP address on
  a WTP.  IPv6 WTPs are expected to use dynamic addresses.













Calhoun, et al.             Standards Track                    [Page 97]

RFC 5415             CAPWAP Protocol Specification            March 2009


     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                          IP Address                           |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                            Netmask                            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                            Gateway                            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |    Static     |
    +-+-+-+-+-+-+-+-+

  Type:   49 for WTP Static IP Address Information

  Length:   13

  IP Address:   The IP address to assign to the WTP.  This field is
     only valid if the static field is set to one.

  Netmask:   The IP Netmask.  This field is only valid if the static
     field is set to one.

  Gateway:   The IP address of the gateway.  This field is only valid
     if the static field is set to one.

  Static:   An 8-bit Boolean stating whether or not the WTP should use
     a static IP address.  A value of zero disables the static IP
     address, while a value of one enables it.

4.7.  CAPWAP Protocol Timers

  This section contains the definition of the CAPWAP timers.

4.7.1.  ChangeStatePendingTimer

  The maximum time, in seconds, the AC will wait for the Change State
  Event Request from the WTP after having transmitted a successful
  Configuration Status Response message.

  Default: 25 seconds

4.7.2.  DataChannelKeepAlive

  The DataChannelKeepAlive timer is used by the WTP to determine the
  next opportunity when it must transmit the Data Channel Keep-Alive,
  in seconds.

  Default: 30 seconds



Calhoun, et al.             Standards Track                    [Page 98]

RFC 5415             CAPWAP Protocol Specification            March 2009


4.7.3.  DataChannelDeadInterval

  The minimum time, in seconds, a WTP MUST wait without having received
  a Data Channel Keep-Alive packet before the destination for the Data
  Channel Keep-Alive packets may be considered dead.  The value of this
  timer MUST be no less than 2*DataChannelKeepAlive seconds and no
  greater that 240 seconds.

  Default: 60

4.7.4.  DataCheckTimer

  The number of seconds the AC will wait for the Data Channel Keep
  Alive, which is required by the CAPWAP state machine's Data Check
  state.  The AC resets the state machine if this timer expires prior
  to transitioning to the next state.

  Default: 30

4.7.5.  DiscoveryInterval

  The minimum time, in seconds, that a WTP MUST wait after receiving a
  Discovery Response message, before initiating a DTLS handshake.

  Default: 5

4.7.6.  DTLSSessionDelete

  The minimum time, in seconds, a WTP MUST wait for DTLS session
  deletion.

  Default: 5

4.7.7.  EchoInterval

  The minimum time, in seconds, between sending Echo Request messages
  to the AC with which the WTP has joined.

  Default: 30

4.7.8.  IdleTimeout

  The default Idle Timeout is 300 seconds.








Calhoun, et al.             Standards Track                    [Page 99]

RFC 5415             CAPWAP Protocol Specification            March 2009


4.7.9.  ImageDataStartTimer

  The number of seconds the WTP will wait for its peer to transmit the
  Image Data Request.

  Default: 30

4.7.10.  MaxDiscoveryInterval

  The maximum time allowed between sending Discovery Request messages,
  in seconds.  This value MUST be no less than 2 seconds and no greater
  than 180 seconds.

  Default: 20 seconds.

4.7.11.  ReportInterval

  The ReportInterval is used by the WTP to determine the interval the
  WTP uses between sending the Decryption Error message elements to
  inform the AC of decryption errors, in seconds.

  The default Report Interval is 120 seconds.

4.7.12.  RetransmitInterval

  The minimum time, in seconds, in which a non-acknowledged CAPWAP
  packet will be retransmitted.

  Default: 3

4.7.13.  SilentInterval

  For a WTP, this is the minimum time, in seconds, a WTP MUST wait
  before it MAY again send Discovery Request messages or attempt to
  establish a DTLS session.  For an AC, this is the minimum time, in
  seconds, during which the AC SHOULD ignore all CAPWAP and DTLS
  packets received from the WTP that is in the Sulking state.

  Default: 30 seconds

4.7.14.  StatisticsTimer

  The StatisticsTimer is used by the WTP to determine the interval the
  WTP uses between the WTP Events Requests it transmits to the AC to
  communicate its statistics, in seconds.

  Default: 120 seconds




Calhoun, et al.             Standards Track                   [Page 100]

RFC 5415             CAPWAP Protocol Specification            March 2009


4.7.15.  WaitDTLS

  The maximum time, in seconds, a WTP MUST wait without having received
  a DTLS Handshake message from an AC.  This timer MUST be greater than
  30 seconds.

  Default: 60

4.7.16.  WaitJoin

  The maximum time, in seconds, an AC will wait after the DTLS session
  has been established until it receives the Join Request from the WTP.
  This timer MUST be greater than 20 seconds.

  Default: 60

4.8.  CAPWAP Protocol Variables

  This section defines the CAPWAP protocol variables, which are used
  for various protocol functions.  Some of these variables are
  configurable, while others are counters or have a fixed value.  For
  non-counter-related variables, default values are specified.
  However, when a WTP's variable configuration is explicitly overridden
  by an AC, the WTP MUST save the new value.

4.8.1.  AdminState

  The default Administrative State value is enabled (1).

4.8.2.  DiscoveryCount

  The number of Discovery Request messages transmitted by a WTP to a
  single AC.  This is a monotonically increasing counter.

4.8.3.  FailedDTLSAuthFailCount

  The number of failed DTLS session establishment attempts due to
  authentication failures.

4.8.4.  FailedDTLSSessionCount

  The number of failed DTLS session establishment attempts.









Calhoun, et al.             Standards Track                   [Page 101]

RFC 5415             CAPWAP Protocol Specification            March 2009


4.8.5.  MaxDiscoveries

  The maximum number of Discovery Request messages that will be sent
  after a WTP boots.

  Default: 10

4.8.6.  MaxFailedDTLSSessionRetry

  The maximum number of failed DTLS session establishment attempts
  before the CAPWAP device enters a silent period.

  Default: 3

4.8.7.  MaxRetransmit

  The maximum number of retransmissions for a given CAPWAP packet
  before the link layer considers the peer dead.

  Default: 5

4.8.8.  RetransmitCount

  The number of retransmissions for a given CAPWAP packet.  This is a
  monotonically increasing counter.

4.8.9.  WTPFallBack

  The default WTP Fallback value is enabled (1).

4.9.  WTP Saved Variables

  In addition to the values defined in Section 4.8, the following
  values SHOULD be saved on the WTP in non-volatile memory.  CAPWAP
  wireless bindings MAY define additional values that SHOULD be stored
  on the WTP.

4.9.1.  AdminRebootCount

  The number of times the WTP has rebooted administratively, defined in
  Section 4.6.47.

4.9.2.  FrameEncapType

  For WTPs that support multiple Frame Encapsulation Types, it is
  useful to save the value configured by the AC.  The Frame
  Encapsulation Type is defined in Section 4.6.43.




Calhoun, et al.             Standards Track                   [Page 102]

RFC 5415             CAPWAP Protocol Specification            March 2009


4.9.3.  LastRebootReason

  The reason why the WTP last rebooted, defined in Section 4.6.47.

4.9.4.  MacType

  For WTPs that support multiple MAC-Types, it is useful to save the
  value configured by the AC.  The MAC-Type is defined in
  Section 4.6.44.

4.9.5.  PreferredACs

  The preferred ACs, with the index, defined in Section 4.6.5.

4.9.6.  RebootCount

  The number of times the WTP has rebooted, defined in Section 4.6.47.

4.9.7.  Static IP Address

  The static IP address assigned to the WTP, as configured by the WTP
  Static IP address Information message element (see Section 4.6.48).

4.9.8.  WTPLinkFailureCount

  The number of times the link to the AC has failed, see
  Section 4.6.47.

4.9.9.  WTPLocation

  The WTP Location, defined in Section 4.6.30.

4.9.10.  WTPName

  The WTP Name, defined in Section 4.6.45.

5.  CAPWAP Discovery Operations

  The Discovery messages are used by a WTP to determine which ACs are
  available to provide service, and the capabilities and load of the
  ACs.

5.1.  Discovery Request Message

  The Discovery Request message is used by the WTP to automatically
  discover potential ACs available in the network.  The Discovery
  Request message provides ACs with the primary capabilities of the




Calhoun, et al.             Standards Track                   [Page 103]

RFC 5415             CAPWAP Protocol Specification            March 2009


  WTP.  A WTP must exchange this information to ensure subsequent
  exchanges with the ACs are consistent with the WTP's functional
  characteristics.

  Discovery Request messages MUST be sent by a WTP in the Discover
  state after waiting for a random delay less than
  MaxDiscoveryInterval, after a WTP first comes up or is
  (re)initialized.  A WTP MUST send no more than the maximum of
  MaxDiscoveries Discovery Request messages, waiting for a random delay
  less than MaxDiscoveryInterval between each successive message.

  This is to prevent an explosion of WTP Discovery Request messages.
  An example of this occurring is when many WTPs are powered on at the
  same time.

  If a Discovery Response message is not received after sending the
  maximum number of Discovery Request messages, the WTP enters the
  Sulking state and MUST wait for an interval equal to SilentInterval
  before sending further Discovery Request messages.

  Upon receiving a Discovery Request message, the AC will respond with
  a Discovery Response message sent to the address in the source
  address of the received Discovery Request message.  Once a Discovery
  Response has been received, if the WTP decides to establish a session
  with the responding AC, it SHOULD perform an MTU discovery, using the
  process described in Section 3.5.

  It is possible for the AC to receive a clear text Discovery Request
  message while a DTLS session is already active with the WTP.  This is
  most likely the case if the WTP has rebooted, perhaps due to a
  software or power failure, but could also be caused by a DoS attack.
  In such cases, any WTP state, including the state machine instance,
  MUST NOT be cleared until another DTLS session has been successfully
  established, communicated via the DTLSSessionEstablished DTLS
  notification (see Section 2.3.2.2).

  The binding specific WTP Radio Information message element (see
  Section 2.1) is included in the Discovery Request message to
  advertise WTP support for one or more CAPWAP bindings.

  The Discovery Request message is sent by the WTP when in the
  Discovery state.  The AC does not transmit this message.

  The following message elements MUST be included in the Discovery
  Request message:

  o  Discovery Type, see Section 4.6.21




Calhoun, et al.             Standards Track                   [Page 104]

RFC 5415             CAPWAP Protocol Specification            March 2009


  o  WTP Board Data, see Section 4.6.40

  o  WTP Descriptor, see Section 4.6.41

  o  WTP Frame Tunnel Mode, see Section 4.6.43

  o  WTP MAC Type, see Section 4.6.44

  o  WTP Radio Information message element(s) that the WTP supports;
     These are defined by the individual link layer CAPWAP Binding
     Protocols (see Section 2.1).

  The following message elements MAY be included in the Discovery
  Request message:

  o  MTU Discovery Padding, see Section 4.6.32

  o  Vendor Specific Payload, see Section 4.6.39

5.2.  Discovery Response Message

  The Discovery Response message provides a mechanism for an AC to
  advertise its services to requesting WTPs.

  When a WTP receives a Discovery Response message, it MUST wait for an
  interval not less than DiscoveryInterval for receipt of additional
  Discovery Response messages.  After the DiscoveryInterval elapses,
  the WTP enters the DTLS-Init state and selects one of the ACs that
  sent a Discovery Response message and send a DTLS Handshake to that
  AC.

  One or more binding-specific WTP Radio Information message elements
  (see Section 2.1) are included in the Discovery Request message to
  advertise AC support for the CAPWAP bindings.  The AC MAY include
  only the bindings it shares in common with the WTP, known through the
  WTP Radio Information message elements received in the Discovery
  Request message, or it MAY include all of the bindings supported.
  The WTP MAY use the supported bindings in its AC decision process.
  Note that if the WTP joins an AC that does not support a specific
  CAPWAP binding, service for that binding MUST NOT be provided by the
  WTP.

  The Discovery Response message is sent by the AC when in the Idle
  state.  The WTP does not transmit this message.

  The following message elements MUST be included in the Discovery
  Response Message:




Calhoun, et al.             Standards Track                   [Page 105]

RFC 5415             CAPWAP Protocol Specification            March 2009


  o  AC Descriptor, see Section 4.6.1

  o  AC Name, see Section 4.6.4

  o  WTP Radio Information message element(s) that the AC supports;
     these are defined by the individual link layer CAPWAP Binding
     Protocols (see Section 2.1 for more information).

  o  One of the following message elements MUST be included in the
     Discovery Response Message:

     *  CAPWAP Control IPv4 Address, see Section 4.6.9

     *  CAPWAP Control IPv6 Address, see Section 4.6.10

  The following message elements MAY be included in the Discovery
  Response message:

  o  Vendor Specific Payload, see Section 4.6.39

5.3.  Primary Discovery Request Message

  The Primary Discovery Request message is sent by the WTP to:

  o  determine whether its preferred (or primary) AC is available, or

  o  perform a Path MTU Discovery (see Section 3.5).

  A Primary Discovery Request message is sent by a WTP when it has a
  primary AC configured, and is connected to another AC.  This
  generally occurs as a result of a failover, and is used by the WTP as
  a means to discover when its primary AC becomes available.  Since the
  WTP only has a single instance of the CAPWAP state machine, the
  Primary Discovery Request is sent by the WTP when in the Run state.
  The AC does not transmit this message.

  The frequency of the Primary Discovery Request messages should be no
  more often than the sending of the Echo Request message.

  Upon receipt of a Primary Discovery Request message, the AC responds
  with a Primary Discovery Response message sent to the address in the
  source address of the received Primary Discovery Request message.

  The following message elements MUST be included in the Primary
  Discovery Request message.

  o  Discovery Type, see Section 4.6.21




Calhoun, et al.             Standards Track                   [Page 106]

RFC 5415             CAPWAP Protocol Specification            March 2009


  o  WTP Board Data, see Section 4.6.40

  o  WTP Descriptor, see Section 4.6.41

  o  WTP Frame Tunnel Mode, see Section 4.6.43

  o  WTP MAC Type, see Section 4.6.44

  o  WTP Radio Information message element(s) that the WTP supports;
     these are defined by the individual link layer CAPWAP Binding
     Protocols (see Section 2.1 for more information).

  The following message elements MAY be included in the Primary
  Discovery Request message:

  o  MTU Discovery Padding, see Section 4.6.32

  o  Vendor Specific Payload, see Section 4.6.39

5.4.  Primary Discovery Response

  The Primary Discovery Response message enables an AC to advertise its
  availability and services to requesting WTPs that are configured to
  have the AC as its primary AC.

  The Primary Discovery Response message is sent by an AC after
  receiving a Primary Discovery Request message.

  When a WTP receives a Primary Discovery Response message, it may
  establish a CAPWAP protocol connection to its primary AC, based on
  the configuration of the WTP Fallback Status message element on the
  WTP.

  The Primary Discovery Response message is sent by the AC when in the
  Idle state.  The WTP does not transmit this message.

  The following message elements MUST be included in the Primary
  Discovery Response message.

  o  AC Descriptor, see Section 4.6.1

  o  AC Name, see Section 4.6.4

  o  WTP Radio Information message element(s) that the AC supports;
     These are defined by the individual link layer CAPWAP Binding
     Protocols (see Section 2.1 for more information).





Calhoun, et al.             Standards Track                   [Page 107]

RFC 5415             CAPWAP Protocol Specification            March 2009


  One of the following message elements MUST be included in the
  Discovery Response Message:

  o  CAPWAP Control IPv4 Address, see Section 4.6.9

  o  CAPWAP Control IPv6 Address, see Section 4.6.10

  The following message elements MAY be included in the Primary
  Discovery Response message:

  o  Vendor Specific Payload, see Section 4.6.39

6.  CAPWAP Join Operations

  The Join Request message is used by a WTP to request service from an
  AC after a DTLS connection is established to that AC.  The Join
  Response message is used by the AC to indicate that it will or will
  not provide service.

6.1.  Join Request

  The Join Request message is used by a WTP to request service through
  the AC.  If the WTP is performing the optional AC Discovery process
  (see Section 3.3), the join process occurs after the WTP has received
  one or more Discovery Response messages.  During the Discovery
  process, an AC MAY return more than one CAPWAP Control IPv4 Address
  or CAPWAP Control IPv6 Address message elements.  When more than one
  such message element is returned, the WTP SHOULD perform "load
  balancing" by choosing the interface that is servicing the least
  number of WTPs (known through the WTP Count field of the message
  element).  Note, however, that other load balancing algorithms are
  also permitted.  Once the WTP has determined its preferred AC, and
  its associated interface, to which to connect, it establishes the
  DTLS session, and transmits the Join Request over the secured control
  channel.  When an AC receives a Join Request message it responds with
  a Join Response message.

  Upon completion of the DTLS handshake and receipt of the
  DTLSEstablished notification, the WTP sends the Join Request message
  to the AC.  When the AC is notified of the DTLS session
  establishment, it does not clear the WaitDTLS timer until it has
  received the Join Request message, at which time it sends a Join
  Response message to the WTP, indicating success or failure.

  One or more WTP Radio Information message elements (see Section 2.1)
  are included in the Join Request to request service for the CAPWAP
  bindings by the AC.  Including a binding that is unsupported by the
  AC will result in a failed Join Response.



Calhoun, et al.             Standards Track                   [Page 108]

RFC 5415             CAPWAP Protocol Specification            March 2009


  If the AC rejects the Join Request, it sends a Join Response message
  with a failure indication and initiates an abort of the DTLS session
  via the DTLSAbort command.

  If an invalid (i.e., malformed) Join Request message is received, the
  message MUST be silently discarded by the AC.  No response is sent to
  the WTP.  The AC SHOULD log this event.

  The Join Request is sent by the WTP when in the Join State.  The AC
  does not transmit this message.

  The following message elements MUST be included in the Join Request
  message.

  o  Location Data, see Section 4.6.30

  o  WTP Board Data, see Section 4.6.40

  o  WTP Descriptor, see Section 4.6.41

  o  WTP Name, see Section 4.6.45

  o  Session ID, see Section 4.6.37

  o  WTP Frame Tunnel Mode, see Section 4.6.43

  o  WTP MAC Type, see Section 4.6.44

  o  WTP Radio Information message element(s) that the WTP supports;
     these are defined by the individual link layer CAPWAP Binding
     Protocols (see Section 2.1 for more information).

  o  ECN Support, see Section 4.6.25

  At least one of the following message element MUST be included in the
  Join Request message.

  o  CAPWAP Local IPv4 Address, see Section 4.6.11

  o  CAPWAP Local IPv6 Address, see Section 4.6.12

  The following message element MAY be included in the Join Request
  message.

  o  CAPWAP Transport Protocol, see Section 4.6.14

  o  Maximum Message Length, see Section 4.6.31




Calhoun, et al.             Standards Track                   [Page 109]

RFC 5415             CAPWAP Protocol Specification            March 2009


  o  WTP Reboot Statistics, see Section 4.6.47

  o  Vendor Specific Payload, see Section 4.6.39

6.2.  Join Response

  The Join Response message is sent by the AC to indicate to a WTP that
  it is capable and willing to provide service to the WTP.

  The WTP, receiving a Join Response message, checks for success or
  failure.  If the message indicates success, the WTP clears the
  WaitDTLS timer for the session and proceeds to the Configure state.

  If the WaitDTLS Timer expires prior to reception of the Join Response
  message, the WTP MUST terminate the handshake, deallocate session
  state and initiate the DTLSAbort command.

  If an invalid (malformed) Join Response message is received, the WTP
  SHOULD log an informative message detailing the error.  This error
  MUST be treated in the same manner as AC non-responsiveness.  The
  WaitDTLS timer will eventually expire, and the WTP MAY (if it is so
  configured) attempt to join a new AC.

  If one of the WTP Radio Information message elements (see
  Section 2.1) in the Join Request message requested support for a
  CAPWAP binding that the AC does not support, the AC sets the Result
  Code message element to "Binding Not Supported".

  The AC includes the Image Identifier message element to indicate the
  software version it expects the WTP to run.  This information is used
  to determine whether the WTP MUST change its currently running
  firmware image or download a new version (see Section 9.1.1).

  The Join Response message is sent by the AC when in the Join State.
  The WTP does not transmit this message.

  The following message elements MUST be included in the Join Response
  message.

  o  Result Code, see Section 4.6.35

  o  AC Descriptor, see Section 4.6.1

  o  AC Name, see Section 4.6.4

  o  WTP Radio Information message element(s) that the AC supports;
     these are defined by the individual link layer CAPWAP Binding
     Protocols (see Section 2.1).



Calhoun, et al.             Standards Track                   [Page 110]

RFC 5415             CAPWAP Protocol Specification            March 2009


  o  ECN Support, see Section 4.6.25

  One of the following message elements MUST be included in the Join
  Response Message:

  o  CAPWAP Control IPv4 Address, see Section 4.6.9

  o  CAPWAP Control IPv6 Address, see Section 4.6.10

  One of the following message elements MUST be included in the Join
  Response Message:

  o  CAPWAP Local IPv4 Address, see Section 4.6.11

  o  CAPWAP Local IPv6 Address, see Section 4.6.12

  The following message elements MAY be included in the Join Response
  message.

  o  AC IPv4 List, see Section 4.6.2

  o  AC IPv6 List, see Section 4.6.3

  o  CAPWAP Transport Protocol, see Section 4.6.14

  o  Image Identifier, see Section 4.6.27

  o  Maximum Message Length, see Section 4.6.31

  o  Vendor Specific Payload, see Section 4.6.39

7.  Control Channel Management

  The Control Channel Management messages are used by the WTP and AC to
  maintain a control communication channel.  CAPWAP Control messages,
  such as the WTP Event Request message sent from the WTP to the AC
  indicate to the AC that the WTP is operational.  When such control
  messages are not being sent, the Echo Request and Echo Response
  messages are used to maintain the control communication channel.

7.1.  Echo Request

  The Echo Request message is a keep-alive mechanism for CAPWAP control
  messages.







Calhoun, et al.             Standards Track                   [Page 111]

RFC 5415             CAPWAP Protocol Specification            March 2009


  Echo Request messages are sent periodically by a WTP in the Image
  Data or Run state (see Section 2.3) to determine the state of the
  control connection between the WTP and the AC.  The Echo Request
  message is sent by the WTP when the EchoInterval timer expires.

  The Echo Request message is sent by the WTP when in the Run state.
  The AC does not transmit this message.

  The following message elements MAY be included in the Echo Request
  message:

  o  Vendor Specific Payload, see Section 4.6.39

  When an AC receives an Echo Request message it responds with an Echo
  Response message.

7.2.  Echo Response

  The Echo Response message acknowledges the Echo Request message.

  An Echo Response message is sent by an AC after receiving an Echo
  Request message.  After transmitting the Echo Response message, the
  AC SHOULD reset its EchoInterval timer (see Section 4.7.7).  If
  another Echo Request message or other control message is not received
  by the AC when the timer expires, the AC SHOULD consider the WTP to
  be no longer reachable.

  The Echo Response message is sent by the AC when in the Run state.
  The WTP does not transmit this message.

  The following message elements MAY be included in the Echo Response
  message:

  o  Vendor Specific Payload, see Section 4.6.39

  When a WTP receives an Echo Response message it initializes the
  EchoInterval to the configured value.

8.  WTP Configuration Management

  WTP Configuration messages are used to exchange configuration
  information between the AC and the WTP.

8.1.  Configuration Consistency

  The CAPWAP protocol provides flexibility in how WTP configuration is
  managed.  A WTP can behave in one of two ways, which is
  implementation specific:



Calhoun, et al.             Standards Track                   [Page 112]

RFC 5415             CAPWAP Protocol Specification            March 2009


  1. The WTP retains no configuration and accepts the configuration
     provided by the AC.

  2. The WTP saves the configuration of parameters provided by the AC
     that are non-default values into local non-volatile memory, and
     are enforced during the WTP's power up initialization phase.

  If the WTP opts to save configuration locally, the CAPWAP protocol
  state machine defines the Configure state, which allows for
  configuration exchange.  In the Configure state, the WTP sends its
  current configuration overrides to the AC via the Configuration
  Status Request message.  A configuration override is a non-default
  parameter.  As an example, in the CAPWAP protocol, the default
  antenna configuration is internal omni antenna.  A WTP that either
  has no internal antennas, or has been explicitly configured by the AC
  to use external antennas, sends its antenna configuration during the
  configure phase, allowing the AC to become aware of the WTP's current
  configuration.

  Once the WTP has provided its configuration to the AC, the AC sends
  its configuration to the WTP.  This allows the WTP to receive
  configuration and policies from the AC.

  The AC maintains a copy of each active WTP configuration.  There is
  no need for versioning or other means to identify configuration
  changes.  If a WTP becomes inactive, the AC MAY delete the inactive
  WTP configuration.  If a WTP fails, and connects to a new AC, the WTP
  provides its overridden configuration parameters, allowing the new AC
  to be aware of the WTP configuration.

  This model allows for resiliency in case of an AC failure, ensuring
  another AC can provide service to the WTP.  A new AC would be
  automatically updated with WTP configuration changes, eliminating the
  need for inter-AC communication and the need for all ACs to be aware
  of the configuration of all WTPs in the network.

  Once the CAPWAP protocol enters the Run state, the WTPs begin to
  provide service.  It is common for administrators to require that
  configuration changes be made while the network is operational.
  Therefore, the Configuration Update Request is sent by the AC to the
  WTP to make these changes at run-time.

8.1.1.  Configuration Flexibility

  The CAPWAP protocol provides the flexibility to configure and manage
  WTPs of varying design and functional characteristics.  When a WTP
  first discovers an AC, it provides primary functional information




Calhoun, et al.             Standards Track                   [Page 113]

RFC 5415             CAPWAP Protocol Specification            March 2009


  relating to its type of MAC and to the nature of frames to be
  exchanged.  The AC configures the WTP appropriately.  The AC also
  establishes corresponding internal state for the WTP.

8.2.  Configuration Status Request

  The Configuration Status Request message is sent by a WTP to deliver
  its current configuration to the AC.

  The Configuration Status Request message carries binding-specific
  message elements.  Refer to the appropriate binding for the
  definition of this structure.

  When an AC receives a Configuration Status Request message, it acts
  upon the content of the message and responds to the WTP with a
  Configuration Status Response message.

  The Configuration Status Request message includes multiple Radio
  Administrative State message elements, one for the WTP, and one for
  each radio in the WTP.

  The Configuration Status Request message is sent by the WTP when in
  the Configure State.  The AC does not transmit this message.

  The following message elements MUST be included in the Configuration
  Status Request message.

  o  AC Name, see Section 4.6.4

  o  Radio Administrative State, see Section 4.6.33

  o  Statistics Timer, see Section 4.6.38

  o  WTP Reboot Statistics, see Section 4.6.47

  The following message elements MAY be included in the Configuration
  Status Request message.

  o  AC Name with Priority, see Section 4.6.5

  o  CAPWAP Transport Protocol, see Section 4.6.14

  o  WTP Static IP Address Information, see Section 4.6.48

  o  Vendor Specific Payload, see Section 4.6.39






Calhoun, et al.             Standards Track                   [Page 114]

RFC 5415             CAPWAP Protocol Specification            March 2009


8.3.  Configuration Status Response

  The Configuration Status Response message is sent by an AC and
  provides a mechanism for the AC to override a WTP's requested
  configuration.

  A Configuration Status Response message is sent by an AC after
  receiving a Configuration Status Request message.

  The Configuration Status Response message carries binding-specific
  message elements.  Refer to the appropriate binding for the
  definition of this structure.

  When a WTP receives a Configuration Status Response message, it acts
  upon the content of the message, as appropriate.  If the
  Configuration Status Response message includes a Radio Operational
  State message element that causes a change in the operational state
  of one of the radios, the WTP transmits a Change State Event to the
  AC, as an acknowledgement of the change in state.

  The Configuration Status Response message is sent by the AC when in
  the Configure state.  The WTP does not transmit this message.

  The following message elements MUST be included in the Configuration
  Status Response message.

  o  CAPWAP Timers, see Section 4.6.13

  o  Decryption Error Report Period, see Section 4.6.18

  o  Idle Timeout, see Section 4.6.24

  o  WTP Fallback, see Section 4.6.42

  One or both of the following message elements MUST be included in the
  Configuration Status Response message:

  o  AC IPv4 List, see Section 4.6.2

  o  AC IPv6 List, see Section 4.6.3

  The following message element MAY be included in the Configuration
  Status Response message.

  o  WTP Static IP Address Information, see Section 4.6.48

  o  Vendor Specific Payload, see Section 4.6.39




Calhoun, et al.             Standards Track                   [Page 115]

RFC 5415             CAPWAP Protocol Specification            March 2009


8.4.  Configuration Update Request

  Configuration Update Request messages are sent by the AC to provision
  the WTP while in the Run state.  This is used to modify the
  configuration of the WTP while it is operational.

  When a WTP receives a Configuration Update Request message, it
  responds with a Configuration Update Response message, with a Result
  Code message element indicating the result of the configuration
  request.

  The AC includes the Image Identifier message element (see
  Section 4.6.27) to force the WTP to update its firmware while in the
  Run state.  The WTP MAY proceed to download the requested firmware if
  it determines the version specified in the Image Identifier message
  element is not in its non-volatile storage by transmitting an Image
  Data Request (see Section 9.1.1) that includes the Initiate Download
  message element (see Section 4.6.29).

  The Configuration Update Request is sent by the AC when in the Run
  state.  The WTP does not transmit this message.

  One or more of the following message elements MAY be included in the
  Configuration Update message:

  o  AC Name with Priority, see Section 4.6.5

  o  AC Timestamp, see Section 4.6.6

  o  Add MAC ACL Entry, see Section 4.6.7

  o  CAPWAP Timers, see Section 4.6.13

  o  Decryption Error Report Period, see Section 4.6.18

  o  Delete MAC ACL Entry, see Section 4.6.19

  o  Idle Timeout, see Section 4.6.24

  o  Location Data, see Section 4.6.30

  o  Radio Administrative State, see Section 4.6.33

  o  Statistics Timer, see Section 4.6.38

  o  WTP Fallback, see Section 4.6.42

  o  WTP Name, see Section 4.6.45



Calhoun, et al.             Standards Track                   [Page 116]

RFC 5415             CAPWAP Protocol Specification            March 2009


  o  WTP Static IP Address Information, see Section 4.6.48

  o  Image Identifier, see Section 4.6.27

  o  Vendor Specific Payload, see Section 4.6.39

8.5.  Configuration Update Response

  The Configuration Update Response message is the acknowledgement
  message for the Configuration Update Request message.

  The Configuration Update Response message is sent by a WTP after
  receiving a Configuration Update Request message.

  When an AC receives a Configuration Update Response message, the
  result code indicates if the WTP successfully accepted the
  configuration.

  The Configuration Update Response message is sent by the WTP when in
  the Run state.  The AC does not transmit this message.

  The following message element MUST be present in the Configuration
  Update message.

  Result Code, see Section 4.6.35

  The following message elements MAY be present in the Configuration
  Update Response message.

  o  Radio Operational State, see Section 4.6.34

  o  Vendor Specific Payload, see Section 4.6.39

8.6.  Change State Event Request

  The Change State Event Request message is used by the WTP for two
  main purposes:

  o  When sent by the WTP following the reception of a Configuration
     Status Response message from the AC, the WTP uses the Change State
     Event Request message to provide an update on the WTP radio's
     operational state and to confirm that the configuration provided
     by the AC was successfully applied.

  o  When sent during the Run state, the WTP uses the Change State
     Event Request message to notify the AC of an unexpected change in
     the WTP's radio operational state.




Calhoun, et al.             Standards Track                   [Page 117]

RFC 5415             CAPWAP Protocol Specification            March 2009


  When an AC receives a Change State Event Request message it responds
  with a Change State Event Response message and modifies its data
  structures for the WTP as needed.  The AC MAY decide not to provide
  service to the WTP if it receives an error, based on local policy,
  and to transition to the Reset state.

  The Change State Event Request message is sent by a WTP to
  acknowledge or report an error condition to the AC for a requested
  configuration in the Configuration Status Response message.  The
  Change State Event Request message includes the Result Code message
  element, which indicates whether the configuration was successfully
  applied.  If the WTP is unable to apply a specific configuration
  request, it indicates the failure by including one or more Returned
  Message Element message elements (see Section 4.6.36).

  The Change State Event Request message is sent by the WTP in the
  Configure or Run state.  The AC does not transmit this message.

  The WTP MAY save its configuration to persistent storage prior to
  transmitting the response.  However, this is implementation specific
  and is not required.

  The following message elements MUST be present in the Change State
  Event Request message.

  o  Radio Operational State, see Section 4.6.34

  o  Result Code, see Section 4.6.35

  One or more of the following message elements MAY be present in the
  Change State Event Request message:

  o  Returned Message Element(s), see Section 4.6.36

  o  Vendor Specific Payload, see Section 4.6.39

8.7.  Change State Event Response

  The Change State Event Response message acknowledges the Change State
  Event Request message.

  A Change State Event Response message is sent by an AC in response to
  a Change State Event Request message.

  The Change State Event Response message is sent by the AC when in the
  Configure or Run state.  The WTP does not transmit this message.





Calhoun, et al.             Standards Track                   [Page 118]

RFC 5415             CAPWAP Protocol Specification            March 2009


  The following message element MAY be included in the Change State
  Event Response message:

  o  Vendor Specific Payload, see Section 4.6.39

  The WTP does not take any action upon receipt of the Change State
  Event Response message.

8.8.  Clear Configuration Request

  The Clear Configuration Request message is used to reset the WTP
  configuration.

  The Clear Configuration Request message is sent by an AC to request
  that a WTP reset its configuration to the manufacturing default
  configuration.  The Clear Config Request message is sent while in the
  Run state.

  The Clear Configuration Request is sent by the AC when in the Run
  state.  The WTP does not transmit this message.

  The following message element MAY be included in the Clear
  Configuration Request message:

  o  Vendor Specific Payload, see Section 4.6.39

  When a WTP receives a Clear Configuration Request message, it resets
  its configuration to the manufacturing default configuration.

8.9.  Clear Configuration Response

  The Clear Configuration Response message is sent by the WTP after
  receiving a Clear Configuration Request message and resetting its
  configuration parameters to the manufacturing default values.

  The Clear Configuration Response is sent by the WTP when in the Run
  state.  The AC does not transmit this message.

  The Clear Configuration Response message MUST include the following
  message element:

  o  Result Code, see Section 4.6.35

  The following message element MAY be included in the Clear
  Configuration Request message:

  o  Vendor Specific Payload, see Section 4.6.39




Calhoun, et al.             Standards Track                   [Page 119]

RFC 5415             CAPWAP Protocol Specification            March 2009


9.  Device Management Operations

  This section defines CAPWAP operations responsible for debugging,
  gathering statistics, logging, and firmware management.  The
  management operations defined in this section are used by the AC to
  either push/pull information to/from the WTP, or request that the WTP
  reboot.  This section does not deal with the management of the AC per
  se, and assumes that the AC is operational and configured.

9.1.  Firmware Management

  This section describes the firmware download procedures used by the
  CAPWAP protocol.  Firmware download can occur during the Image Data
  or Run state.  The former allows the download to occur at boot time,
  while the latter is used to trigger the download while an active
  CAPWAP session exists.  It is important to note that the CAPWAP
  protocol does not provide the ability for the AC to identify whether
  the firmware information provided by the WTP is correct or whether
  the WTP is properly storing the firmware (see Section 12.10 for more
  information).

  Figure 6 provides an example of a WTP that performs a firmware
  upgrade while in the Image Data state.  In this example, the WTP does
  not already have the requested firmware (Image Identifier = x), and
  downloads the image from the AC.


























Calhoun, et al.             Standards Track                   [Page 120]

RFC 5415             CAPWAP Protocol Specification            March 2009


            WTP                                               AC

                               Join Request
        -------------------------------------------------------->

                    Join Response (Image Identifier = x)
        <------------------------------------------------------

             Image Data Request (Image Identifier = x,
                                 Initiate Download)
        -------------------------------------------------------->

          Image Data Response (Result Code = Success,
                               Image Information = {size,hash})
        <------------------------------------------------------

               Image Data Request (Image Data = Data)
        <------------------------------------------------------

               Image Data Response (Result Code = Success)
        -------------------------------------------------------->

                                 .....

               Image Data Request (Image Data = EOF)
        <------------------------------------------------------

               Image Data Response (Result Code = Success)
        -------------------------------------------------------->

                    (WTP enters the Reset State)

                 Figure 6: WTP Firmware Download Case 1

  Figure 7 provides an example in which the WTP has the image specified
  by the AC in its non-volatile storage, but is not its current running
  image.  In this case, the WTP opts to NOT download the firmware and
  immediately reset to the requested image.













Calhoun, et al.             Standards Track                   [Page 121]

RFC 5415             CAPWAP Protocol Specification            March 2009


            WTP                                               AC

                               Join Request
        -------------------------------------------------------->

                    Join Response (Image Identifier = x)
        <------------------------------------------------------

                    (WTP enters the Reset State)

                 Figure 7: WTP Firmware Download Case 2

  Figure 8 provides an example of a WTP that performs a firmware
  upgrade while in the Run state.  This mode of firmware upgrade allows
  the WTP to download its image while continuing to provide service.
  The WTP will not automatically reset until it is notified by the AC,
  with a Reset Request message.


































Calhoun, et al.             Standards Track                   [Page 122]

RFC 5415             CAPWAP Protocol Specification            March 2009


            WTP                                               AC

               Configuration Update Request (Image Identifier = x)
        <------------------------------------------------------

           Configuration Update Response (Result Code = Success)
        -------------------------------------------------------->


             Image Data Request (Image Identifier = x,
                                 Initiate Download)
        -------------------------------------------------------->

             Image Data Response (Result Code = Success,
                                  Image Information = {size,hash})
        <------------------------------------------------------

               Image Data Request (Image Data = Data)
        <------------------------------------------------------

               Image Data Response (Result Code = Success)
        -------------------------------------------------------->

                                 .....

               Image Data Request (Image Data = EOF)
        <------------------------------------------------------

               Image Data Response (Result Code = Success)
        -------------------------------------------------------->

                                 .....

               (administratively requested reboot request)
                  Reset Request (Image Identifier = x)
        <------------------------------------------------------

                 Reset Response (Result Code = Success)
        -------------------------------------------------------->

                 Figure 8: WTP Firmware Download Case 3

  Figure 9 provides another example of the firmware download while in
  the Run state.  In this example, the WTP already has the image
  specified by the AC in its non-volatile storage.  The WTP opts to NOT
  download the firmware.  The WTP resets upon receipt of a Reset
  Request message from the AC.




Calhoun, et al.             Standards Track                   [Page 123]

RFC 5415             CAPWAP Protocol Specification            March 2009


            WTP                                               AC

            Configuration Update Request (Image Identifier = x)
        <------------------------------------------------------

     Configuration Update Response (Result Code = Already Have Image)
        -------------------------------------------------------->

                                 .....

               (administratively requested reboot request)
                  Reset Request (Image Identifier = x)
        <------------------------------------------------------

                 Reset Response (Result Code = Success)
        -------------------------------------------------------->

                 Figure 9: WTP Firmware Download Case 4

9.1.1.  Image Data Request

  The Image Data Request message is used to update firmware on the WTP.
  This message and its companion Response message are used by the AC to
  ensure that the image being run on each WTP is appropriate.

  Image Data Request messages are exchanged between the WTP and the AC
  to download a new firmware image to the WTP.  When a WTP or AC
  receives an Image Data Request message, it responds with an Image
  Data Response message.  The message elements contained within the
  Image Data Request message are required to determine the intent of
  the request.

  The decision that new firmware is to be downloaded to the WTP can
  occur in one of two ways:

     When the WTP joins the AC, the Join Response message includes the
     Image Identifier message element, which informs the WTP of the
     firmware it is expected to run.  If the WTP does not currently
     have the requested firmware version, it transmits an Image Data
     Request message, with the appropriate Image Identifier message
     element.  If the WTP already has the requested firmware in its
     non-volatile flash, but is not its currently running image, it
     simply resets to run the proper firmware.

     Once the WTP is in the Run state, it is possible for the AC to
     cause the WTP to initiate a firmware download by sending a
     Configuration Update Request message with the Image Identifier
     message elements.  This will cause the WTP to transmit an Image



Calhoun, et al.             Standards Track                   [Page 124]

RFC 5415             CAPWAP Protocol Specification            March 2009


     Data Request with the Image Identifier and the Initiate Download
     message elements.  Note that when the firmware is downloaded in
     this way, the WTP does not automatically reset after the download
     is complete.  The WTP will only reset when it receives a Reset
     Request message from the AC.  If the WTP already had the requested
     firmware version in its non-volatile storage, the WTP does not
     transmit the Image Data Request message and responds with a
     Configuration Update Response message with the Result Code set to
     Image Already Present.

  Regardless of how the download was initiated, once the AC receives an
  Image Data Request message with the Image Identifier message element,
  it begins the transfer process by transmitting an Image Data Request
  message that includes the Image Data message element.  This continues
  until the firmware image has been transferred.

  The Image Data Request message is sent by the WTP or the AC when in
  the Image Data or Run state.

  The following message elements MAY be included in the Image Data
  Request message:

  o  CAPWAP Transport Protocol, see Section 4.6.14

  o  Image Data, see Section 4.6.26

  o  Vendor Specific Payload, see Section 4.6.39

  The following message elements MAY be included in the Image Data
  Request message when sent by the WTP:

  o  Image Identifier, see Section 4.6.27

  o  Initiate Download, see Section 4.6.29

9.1.2.  Image Data Response

  The Image Data Response message acknowledges the Image Data Request
  message.

  An Image Data Response message is sent in response to a received
  Image Data Request message.  Its purpose is to acknowledge the
  receipt of the Image Data Request message.  The Result Code is
  included to indicate whether a previously sent Image Data Request
  message was invalid.

  The Image Data Response message is sent by the WTP or the AC when in
  the Image Data or Run state.



Calhoun, et al.             Standards Track                   [Page 125]

RFC 5415             CAPWAP Protocol Specification            March 2009


  The following message element MUST be included in the Image Data
  Response message:

  o  Result Code, see Section 4.6.35

  The following message element MAY be included in the Image Data
  Response message:

  o  Vendor Specific Payload, see Section 4.6.39

  The following message element MAY be included in the Image Data
  Response message when sent by the AC:

  o  Image Information, see Section 4.6.28

  Upon receiving an Image Data Response message indicating an error,
  the WTP MAY retransmit a previous Image Data Request message, or
  abandon the firmware download to the WTP by transitioning to the
  Reset state.

9.2.  Reset Request

  The Reset Request message is used to cause a WTP to reboot.

  A Reset Request message is sent by an AC to cause a WTP to
  reinitialize its operation.  If the AC includes the Image Identifier
  message element (see Section 4.6.27), it indicates to the WTP that it
  SHOULD use that version of software upon reboot.

  The Reset Request is sent by the AC when in the Run state.  The WTP
  does not transmit this message.

  The following message element MUST be included in the Reset Request
  message:

  o  Image Identifier, see Section 4.6.27

  The following message element MAY be included in the Reset Request
  message:

  o  Vendor Specific Payload, see Section 4.6.39

  When a WTP receives a Reset Request message, it responds with a Reset
  Response message indicating success and then reinitializes itself.
  If the WTP is unable to write to its non-volatile storage, to ensure
  that it runs the requested software version indicated in the Image
  Identifier message element, it MAY send the appropriate Result Code
  message element, but MUST reboot.  If the WTP is unable to reset,



Calhoun, et al.             Standards Track                   [Page 126]

RFC 5415             CAPWAP Protocol Specification            March 2009


  including a hardware reset, it sends a Reset Response message to the
  AC with a Result Code message element indicating failure.  The AC no
  longer provides service to the WTP.

9.3.  Reset Response

  The Reset Response message acknowledges the Reset Request message.

  A Reset Response message is sent by the WTP after receiving a Reset
  Request message.

  The Reset Response is sent by the WTP when in the Run state.  The AC
  does not transmit this message.

  The following message elements MAY be included in the Reset Response
  message.

  o  Result Code, see Section 4.6.35

  o  Vendor Specific Payload, see Section 4.6.39

  When an AC receives a successful Reset Response message, it is
  notified that the WTP will reinitialize its operation.  An AC that
  receives a Reset Response message indicating failure may opt to no
  longer provide service to the WTP.

9.4.  WTP Event Request

  The WTP Event Request message is used by a WTP to send information to
  its AC.  The WTP Event Request message MAY be sent periodically, or
  sent in response to an asynchronous event on the WTP.  For example, a
  WTP MAY collect statistics and use the WTP Event Request message to
  transmit the statistics to the AC.

  When an AC receives a WTP Event Request message it will respond with
  a WTP Event Response message.

  The presence of the Delete Station message element is used by the WTP
  to inform the AC that it is no longer providing service to the
  station.  This could be the result of an Idle Timeout (see
  Section 4.6.24), due to resource shortages, or some other reason.

  The WTP Event Request message is sent by the WTP when in the Run
  state.  The AC does not transmit this message.







Calhoun, et al.             Standards Track                   [Page 127]

RFC 5415             CAPWAP Protocol Specification            March 2009


  The WTP Event Request message MUST contain one of the message
  elements listed below, or a message element that is defined for a
  specific wireless technology.  More than one of each message element
  listed MAY be included in the WTP Event Request message.

  o  Decryption Error Report, see Section 4.6.17

  o  Duplicate IPv4 Address, see Section 4.6.22

  o  Duplicate IPv6 Address, see Section 4.6.23

  o  WTP Radio Statistics, see Section 4.6.46

  o  WTP Reboot Statistics, see Section 4.6.47

  o  Delete Station, see Section 4.6.20

  o  Vendor Specific Payload, see Section 4.6.39

9.5.  WTP Event Response

  The WTP Event Response message acknowledges receipt of the WTP Event
  Request message.

  A WTP Event Response message is sent by an AC after receiving a WTP
  Event Request message.

  The WTP Event Response message is sent by the AC when in the Run
  state.  The WTP does not transmit this message.

  The following message element MAY be included in the WTP Event
  Response message:

  o  Vendor Specific Payload, see Section 4.6.39

9.6.  Data Transfer

  This section describes the data transfer procedures used by the
  CAPWAP protocol.  The data transfer mechanism is used to upload
  information available at the WTP to the AC, such as crash or debug
  information.  The data transfer messages can only be exchanged while
  in the Run state.

  Figure 10 provides an example of an AC that requests that the WTP
  transfer its latest crash file.  Once the WTP acknowledges that it
  has information to send, via the Data Transfer Response, it transmits
  its own Data Transfer Request.  Upon receipt, the AC responds with a




Calhoun, et al.             Standards Track                   [Page 128]

RFC 5415             CAPWAP Protocol Specification            March 2009


  Data Transfer Response, and the exchange continues until the WTP
  transmits a Data Transfer Data message element that indicates an End
  of File (EOF).

            WTP                                               AC

          Data Transfer Request (Data Transfer Mode = Crash Data)
        <------------------------------------------------------

             Data Transfer Response (Result Code = Success)
        -------------------------------------------------------->

             Data Transfer Request (Data Transfer Data = Data)
        -------------------------------------------------------->

             Data Transfer Response (Result Code = Success)
        <------------------------------------------------------

                                 .....

               Data Transfer Request (Data Transfer Data = EOF)
        -------------------------------------------------------->

             Data Transfer Response (Result Code = Success)
        <------------------------------------------------------


                   Figure 10: WTP Data Transfer Case 1

  Figure 11 provides an example of an AC that requests that the WTP
  transfer its latest crash file.  However, in this example, the WTP
  does not have any crash information to send, and therefore sends a
  Data Transfer Response with a Result Code indicating the error.

           WTP                                               AC

         Data Transfer Request (Data Transfer Mode = Crash Data)
       <------------------------------------------------------

            Data Transfer Response (Result Code = Data Transfer
                                    Error (No Information to Transfer))
       -------------------------------------------------------->


                   Figure 11: WTP Data Transfer Case 2






Calhoun, et al.             Standards Track                   [Page 129]

RFC 5415             CAPWAP Protocol Specification            March 2009


9.6.1.  Data Transfer Request

  The Data Transfer Request message is used to deliver debug
  information from the WTP to the AC.

  The Data Transfer Request messages can be sent either by the AC or
  the WTP.  When sent by the AC, it is used to request that data be
  transmitted from the WTP to the AC, and includes the Data Transfer
  Mode message element, which specifies the information desired by the
  AC.  The Data Transfer Request is sent by the WTP in order to
  transfer actual data to the AC, through the Data Transfer Data
  message element.

  Given that the CAPWAP protocol minimizes the need for WTPs to be
  directly managed, the Data Transfer Request is an important
  troubleshooting tool used by the AC to retrieve information that may
  be available on the WTP.  For instance, some WTP implementations may
  store crash information to help manufacturers identify software
  faults.  The Data Transfer Request message can be used to send such
  information from the WTP to the AC.  Another possible use would be to
  allow a remote debugger function in the WTP to use the Data Transfer
  Request message to send console output to the AC for debugging
  purposes.

  When the WTP or AC receives a Data Transfer Request message, it
  responds to the WTP with a Data Transfer Response message.  The AC
  MAY log the information received through the Data Transfer Data
  message element.

  The Data Transfer Request message is sent by the WTP or AC when in
  the Run state.

  When sent by the AC, the Data Transfer Request message MUST contain
  the following message element:

  o  Data Transfer Mode, see Section 4.6.16

  When sent by the WTP, the Data Transfer Request message MUST contain
  the following message element:

  o  Data Transfer Data, see Section 4.6.15

  Regardless of whether the Data Transfer Request is sent by the AC or
  WTP, the following message element MAY be included in the Data
  Transfer Request message:

  o  Vendor Specific Payload, see Section 4.6.39




Calhoun, et al.             Standards Track                   [Page 130]

RFC 5415             CAPWAP Protocol Specification            March 2009


9.6.2.  Data Transfer Response

  The Data Transfer Response message acknowledges the Data Transfer
  Request message.

  A Data Transfer Response message is sent in response to a received
  Data Transfer Request message.  Its purpose is to acknowledge receipt
  of the Data Transfer Request message.  When sent by the WTP, the
  Result Code message element is used to indicate whether the data
  transfer requested by the AC can be completed.  When sent by the AC,
  the Result Code message element is used to indicate receipt of the
  data transferred in the Data Transfer Request message.

  The Data Transfer Response message is sent by the WTP or AC when in
  the Run state.

  The following message element MUST be included in the Data Transfer
  Response message:

  o  Result Code, see Section 4.6.35

  The following message element MAY be included in the Data Transfer
  Response message:

  o  Vendor Specific Payload, see Section 4.6.39

  Upon receipt of a Data Transfer Response message, the WTP transmits
  more information, if more information is available.

10.  Station Session Management

  Messages in this section are used by the AC to create, modify, or
  delete station session state on the WTPs.

10.1.  Station Configuration Request

  The Station Configuration Request message is used to create, modify,
  or delete station session state on a WTP.  The message is sent by the
  AC to the WTP, and MAY contain one or more message elements.  The
  message elements for this CAPWAP Control message include information
  that is generally highly technology specific.  Refer to the
  appropriate binding document for definitions of the messages elements
  that are included in this control message.

  The Station Configuration Request message is sent by the AC when in
  the Run state.  The WTP does not transmit this message.





Calhoun, et al.             Standards Track                   [Page 131]

RFC 5415             CAPWAP Protocol Specification            March 2009


  The following CAPWAP Control message elements MAY be included in the
  Station Configuration Request message.  More than one of each message
  element listed MAY be included in the Station Configuration Request
  message:

  o  Add Station, see Section 4.6.8

  o  Delete Station, see Section 4.6.20

  o  Vendor Specific Payload, see Section 4.6.39

10.2.  Station Configuration Response

  The Station Configuration Response message is used to acknowledge a
  previously received Station Configuration Request message.

  The Station Configuration Response message is sent by the WTP when in
  the Run state.  The AC does not transmit this message.

  The following message element MUST be present in the Station
  Configuration Response message:

  o  Result Code, see Section 4.6.35

  The following message element MAY be included in the Station
  Configuration Response message:

  o  Vendor Specific Payload, see Section 4.6.39

  The Result Code message element indicates that the requested
  configuration was successfully applied, or that an error related to
  processing of the Station Configuration Request message occurred on
  the WTP.

11.  NAT Considerations

  There are three specific situations in which a NAT deployment may be
  used in conjunction with a CAPWAP-enabled deployment.  The first
  consists of a configuration in which a single WTP is behind a NAT
  system.  Since all communication is initiated by the WTP, and all
  communication is performed over IP using two UDP ports, the protocol
  easily traverses NAT systems in this configuration.

  In the second case, two or more WTPs are deployed behind the same NAT
  system.  Here, the AC would receive multiple connection requests from
  the same IP address, and therefore cannot use the WTP's IP address
  alone to bind the CAPWAP Control and Data channel.  The CAPWAP Data
  Check state, which establishes the data plane connection and



Calhoun, et al.             Standards Track                   [Page 132]

RFC 5415             CAPWAP Protocol Specification            March 2009


  communicates the CAPWAP Data Channel Keep-Alive, includes the Session
  Identifier message element, which is used to bind the control and
  data plane.  Use of the Session Identifier message element enables
  the AC to match the control and data plane flows from multiple WTPs
  behind the same NAT system (multiple WTPs sharing the same IP
  address).  CAPWAP implementations MUST also use DTLS session
  information on any encrypted CAPWAP channel to validate the source of
  both the control and data plane, as described in Section 12.2.

  In the third configuration, the AC is deployed behind a NAT.  In this
  case, the AC is not reachable by the WTP unless a specific rule has
  been configured on the NAT to translate the address and redirect
  CAPWAP messages to the AC.  This deployment presents two issues.
  First, an AC communicates its interfaces and corresponding WTP load
  using the CAPWAP Control IPv4 Address and CAPWAP Control IPv6 Address
  message elements.  This message element is mandatory, but contains IP
  addresses that are only valid in the private address space used by
  the AC, which is not reachable by the WTP.  The WTP MUST NOT utilize
  the information in these message elements if it detects a NAT (as
  described in the CAPWAP Transport Protocol message element in
  Section 4.6.14).  Second, since the addresses cannot be used by the
  WTP, this effectively disables the load-balancing capabilities (see
  Section 6.1) of the CAPWAP protocol.  Alternatively, the AC could
  have a configured NAT'ed address, which it would include in either of
  the two control address message elements, and the NAT would need to
  be configured accordingly.

  In order for a CAPWAP WTP or AC to detect whether a middlebox is
  present, both the Join Request (see Section 6.1) and the Join
  Response (see Section 6.2) include either the CAPWAP Local IPv4
  Address (see Section 4.6.11) or the CAPWAP Local IPv6 Address (see
  Section 4.6.12) message element.  Upon receiving one of these
  messages, if the packet's source IP address differs from the address
  found in either one of these message elements, it indicates that a
  middlebox is present.

  In order for CAPWAP to be compatible with potential middleboxes in
  the network, CAPWAP implementations MUST send return traffic from the
  same port on which it received traffic from a given peer.  Further,
  any unsolicited requests generated by a CAPWAP node MUST be sent on
  the same port.

  Note that this middlebox detection technique is not foolproof.  If
  the public IP address assigned to the NAT is identical to the private
  IP address used by the AC, detection by the WTP would fail.  This
  failure can lead to various protocol errors, so it is therefore
  necessary for deployments to ensure that the NAT's IP address is not
  the same as the ACs.



Calhoun, et al.             Standards Track                   [Page 133]

RFC 5415             CAPWAP Protocol Specification            March 2009


  The CAPWAP protocol allows for all of the AC identities supporting a
  group of WTPs to be communicated through the AC List message element.
  This feature MUST be ignored by the WTP when it detects the AC is
  behind a middlebox.

  The CAPWAP protocol allows an AC to configure a static IP address on
  a WTP using the WTP Static IP Address Information message element.
  This message element SHOULD NOT be used in NAT'ed environments,
  unless the administrator is familiar with the internal IP addressing
  scheme within the WTP's private network, and does not rely on the
  public address seen by the AC.

  When a WTP detects the duplicate address condition, it generates a
  message to the AC, which includes the Duplicate IP Address message
  element.  The IP address embedded within this message element is
  different from the public IP address seen by the AC.

12.  Security Considerations

  This section describes security considerations for the CAPWAP
  protocol.  It also provides security recommendations for protocols
  used in conjunction with CAPWAP.

12.1.  CAPWAP Security

  As it is currently specified, the CAPWAP protocol sits between the
  security mechanisms specified by the wireless link layer protocol
  (e.g., IEEE 802.11i) and Authentication, Authorization, and
  Accounting (AAA).  One goal of CAPWAP is to bootstrap trust between
  the STA and WTP using a series of preestablished trust relationships:

        STA            WTP           AC            AAA
        ==============================================

                           DTLS Cred     AAA Cred
                        <------------><------------->

                        EAP Credential
         <------------------------------------------>

          wireless link layer
          (e.g., 802.11 PTK)
         <--------------> or
         <--------------------------->
             (derived)

                      Figure 12: STA Session Setup




Calhoun, et al.             Standards Track                   [Page 134]

RFC 5415             CAPWAP Protocol Specification            March 2009


  Within CAPWAP, DTLS is used to secure the link between the WTP and
  AC.  In addition to securing control messages, it's also a link in
  this chain of trust for establishing link layer keys.  Consequently,
  much rests on the security of DTLS.

  In some CAPWAP deployment scenarios, there are two channels between
  the WTP and AC: the control channel, carrying CAPWAP Control
  messages, and the data channel, over which client data packets are
  tunneled between the AC and WTP.  Typically, the control channel is
  secured by DTLS, while the data channel is not.

  The use of parallel protected and unprotected channels deserves
  special consideration, but does not create a threat.  There are two
  potential concerns: attempting to convert protected data into
  unprotected data and attempting to convert un-protected data into
  protected data.  These concerns are addressed below.

12.1.1.  Converting Protected Data into Unprotected Data

  Since CAPWAP does not support authentication-only ciphers (i.e., all
  supported ciphersuites include encryption and authentication), it is
  not possible to convert protected data into unprotected data.  Since
  encrypted data is (ideally) indistinguishable from random data, the
  probability of an encrypted packet passing for a well-formed packet
  is effectively zero.

12.1.2.  Converting Unprotected Data into Protected Data (Insertion)

  The use of message authentication makes it impossible for the
  attacker to forge protected records.  This makes conversion of
  unprotected records to protected records impossible.

12.1.3.  Deletion of Protected Records

  An attacker could remove protected records from the stream, though
  not undetectably so, due the built-in reliability of the underlying
  CAPWAP protocol.  In the worst case, the attacker would remove the
  same record repeatedly, resulting in a CAPWAP session timeout and
  restart.  This is effectively a DoS attack, and could be accomplished
  by a man in the middle regardless of the CAPWAP protocol security
  mechanisms chosen.

12.1.4.   Insertion of Unprotected Records

  An attacker could inject packets into the unprotected channel, but
  this may become evident if sequence number desynchronization occurs
  as a result.  Only if the attacker is a man in the middle (MITM) can




Calhoun, et al.             Standards Track                   [Page 135]

RFC 5415             CAPWAP Protocol Specification            March 2009


  packets be inserted undetectably.  This is a consequence of that
  channel's lack of protection, and not a new threat resulting from the
  CAPWAP security mechanism.

12.1.5.  Use of MD5

  The Image Information message element (Section 4.6.28) makes use of
  MD5 to compute the hash field.  The authenticity and integrity of the
  image file is protected by DTLS, and in this context, MD5 is not used
  as a cryptographically secure hash, but just as a basic checksum.
  Therefore, the use of MD5 is not considered a security vulnerability,
  and no mechanisms for algorithm agility are provided.

12.1.6.  CAPWAP Fragmentation

  RFC 4963 [RFC4963] describes a possible security vulnerability where
  a malicious entity can "corrupt" a flow by injecting fragments.  By
  sending "high" fragments (those with offset greater than zero) with a
  forged source address, the attacker can deliberately cause
  corruption.  The use of DTLS on the CAPWAP Data channel can be used
  to avoid this possible vulnerability.

12.2.  Session ID Security

  Since DTLS does not export a unique session identifier, there can be
  no explicit protocol binding between the DTLS layer and CAPWAP layer.
  As a result, implementations MUST provide a mechanism for performing
  this binding.  For example, an AC MUST NOT associate decrypted DTLS
  control packets with a particular WTP session based solely on the
  Session ID in the packet header.  Instead, identification should be
  done based on which DTLS session decrypted the packet.  Otherwise,
  one authenticated WTP could spoof another authenticated WTP by
  altering the Session ID in the encrypted CAPWAP Header.

  It should be noted that when the CAPWAP Data channel is unencrypted,
  the WTP Session ID is exposed and possibly known to adversaries and
  other WTPs.  This would allow the forgery of the source of data-
  channel traffic.  This, however, should not be a surprise for
  unencrypted data channels.  When the data channel is encrypted, the
  Session ID is not exposed, and therefore can safely be used to
  associate a data and control channel.  The 128-bit length of the
  Session ID mitigates online guessing attacks where an adversarial,
  authenticated WTP tries to correlate his own data channel with
  another WTP's control channel.  Note that for encrypted data
  channels, the Session ID should only be used for correlation for the
  first packet immediately after the initial DTLS handshake.  Future
  correlation should instead be done via identification of a packet's
  DTLS session.



Calhoun, et al.             Standards Track                   [Page 136]

RFC 5415             CAPWAP Protocol Specification            March 2009


12.3.  Discovery or DTLS Setup Attacks

  Since the Discovery Request messages are sent in the clear, it is
  important that AC implementations NOT assume that receiving a
  Discovery Request message from a WTP implies that the WTP has
  rebooted, and consequently tear down any active DTLS sessions.
  Discovery Request messages can easily be spoofed by malicious
  devices, so it is important that the AC maintain two separate sets of
  states for the WTP until the DTLSSessionEstablished notification is
  received, indicating that the WTP was authenticated.  Once a new DTLS
  session is successfully established, any state referring to the old
  session can be cleared.

  Similarly, when the AC is entering the DTLS Setup phase, it SHOULD
  NOT assume that the WTP has reset, and therefore should not discard
  active state until the DTLS session has been successfully
  established.  While the HelloVerifyRequest provides some protection
  against denial-of-service (DoS) attacks on the AC, an adversary
  capable of receiving packets at a valid address (or a malfunctioning
  or misconfigured WTP) may repeatedly attempt DTLS handshakes with the
  AC, potentially creating a resource shortage.  If either the
  FailedDTLSSessionCount or the FailedDTLSAuthFailCount counter reaches
  the value of MaxFailedDTLSSessionRetry variable (see Section 4.8),
  implementations MAY choose to rate-limit new DTLS handshakes for some
  period of time.  It is RECOMMENDED that implementations choosing to
  implement rate-limiting use a random discard technique, rather than
  mimicking the WTP's sulking behavior.  This will ensure that messages
  from valid WTPs will have some probability of eliciting a response,
  even in the face of a significant DoS attack.

  Some CAPWAP implementations may wish to restrict the DTLS setup
  process to only those peers that have been configured in the access
  control list, authorizing only those clients to initiate a DTLS
  handshake.  Note that the impact of this on mitigating denial-of-
  service attacks against the DTLS layer is minimal, because DTLS
  already uses client-side cookies to minimize processor consumption
  attacks.

12.4.  Interference with a DTLS Session

  If a WTP or AC repeatedly receives packets that fail DTLS
  authentication or decryption, this could indicate a DTLS
  desynchronization between the AC and WTP, a link prone to
  undetectable bit errors, or an attacker trying to disrupt a DTLS
  session.






Calhoun, et al.             Standards Track                   [Page 137]

RFC 5415             CAPWAP Protocol Specification            March 2009


  In the state machine (section 2.3), transitions to the DTLS Tear Down
  (TD) state can be triggered by frequently receiving DTLS packets with
  authentication or decryption errors.  The threshold or technique for
  deciding when to move to the tear down state should be chosen
  carefully.  Being able to easily transition to DTLS TD allows easy
  detection of malfunctioning devices, but allows for denial-of-service
  attacks.  Making it difficult to transition to DTLS TD prevents
  denial-of-service attacks, but makes it more difficult to detect and
  reset a malfunctioning session.  Implementers should set this policy
  with care.

12.5.  CAPWAP Pre-Provisioning

  In order for CAPWAP to establish a secure communication with a peer,
  some level of pre-provisioning on both the WTP and AC is necessary.
  This section will detail the minimal number of configuration
  parameters.

  When using pre-shared keys, it is necessary to configure the pre-
  shared key for each possible peer with which a DTLS session may be
  established.  To support this mode of operation, one or more entries
  of the following table may be configured on either the AC or WTP:

  o  Identity: The identity of the peering AC or WTP.  This format MAY
     be in the form of either an IP address or host name (the latter of
     which needs to be resolved to an IP address using DNS).

  o  Key: The pre-shared key for use with the peer when establishing
     the DTLS session (see Section 12.6 for more information).

  o  PSK Identity: Identity hint associated with the provisioned key
     (see Section 2.4.4.4 for more information).

  When using certificates, the following items need to be pre-
  provisioned:

  o  Device Certificate: The local device's certificate (see
     Section 12.7 for more information).

  o  Trust Anchor: Trusted root certificate chain used to validate any
     certificate received from CAPWAP peers.  Note that one or more
     root certificates MAY be configured on a given device.

  Regardless of the authentication method, the following item needs to
  be pre-provisioned:






Calhoun, et al.             Standards Track                   [Page 138]

RFC 5415             CAPWAP Protocol Specification            March 2009


  o  Access Control List: The access control list table contains the
     identities of one or more CAPWAP peers, along with a rule.  The
     rule is used to determine whether communication with the peer is
     permitted (see Section 2.4.4.3 for more information).

12.6.  Use of Pre-Shared Keys in CAPWAP

  While use of pre-shared keys may provide deployment and provisioning
  advantages not found in public-key-based deployments, it also
  introduces a number of operational and security concerns.  In
  particular, because the keys must typically be entered manually, it
  is common for people to base them on memorable words or phrases.
  These are referred to as "low entropy passwords/passphrases".

  Use of low-entropy pre-shared keys, coupled with the fact that the
  keys are often not frequently updated, tends to significantly
  increase exposure.  For these reasons, the following recommendations
  are made:

  o  When DTLS is used with a pre-shared key (PSK) ciphersuite, each
     WTP SHOULD have a unique PSK.  Since WTPs will likely be widely
     deployed, their physical security is not guaranteed.  If PSKs are
     not unique for each WTP, key reuse would allow the compromise of
     one WTP to result in the compromise of others.

  o  Generating PSKs from low entropy passwords is NOT RECOMMENDED.

  o  It is RECOMMENDED that implementations that allow the
     administrator to manually configure the PSK also provide a
     capability for generation of new random PSKs, taking RFC 4086
     [RFC4086] into account.

  o  Pre-shared keys SHOULD be periodically updated.  Implementations
     MAY facilitate this by providing an administrative interface for
     automatic key generation and periodic update, or it MAY be
     accomplished manually instead.

  Every pairwise combination of WTP and AC on the network SHOULD have a
  unique PSK.  This prevents the domino effect (see "Guidance for
  Authentication, Authorization, and Accounting (AAA) Key Management"
  [RFC4962]).  If PSKs are tied to specific WTPs, then knowledge of the
  PSK implies a binding to a specified identity that can be authorized.

  If PSKs are shared, this binding between device and identity is no
  longer possible.  Compromise of one WTP can yield compromise of
  another WTP, violating the CAPWAP security hierarchy.  Consequently,
  sharing keys between WTPs is NOT RECOMMENDED.




Calhoun, et al.             Standards Track                   [Page 139]

RFC 5415             CAPWAP Protocol Specification            March 2009


12.7.  Use of Certificates in CAPWAP

  For public-key-based DTLS deployments, each device SHOULD have unique
  credentials, with an extended key usage authorizing the device to act
  as either a WTP or AC.  If devices do not have unique credentials, it
  is possible that by compromising one device, any other device using
  the same credential may also be considered to be compromised.

  Certificate validation involves checking a large variety of things.
  Since the necessary things to validate are often environment-
  specific, many are beyond the scope of this document.  In this
  section, we provide some basic guidance on certificate validation.

  Each device is responsible for authenticating and authorizing devices
  with which they communicate.  Authentication entails validation of
  the chain of trust leading to the peer certificate, followed by the
  peer certificate itself.  Implementations SHOULD also provide a
  secure method for verifying that the credential in question has not
  been revoked.

  Note that if the WTP relies on the AC for network connectivity (e.g.,
  the AC is a Layer 2 switch to which the WTP is directly connected),
  the WTP may not be able to contact an Online Certificate Status
  Protocol (OCSP) server or otherwise obtain an up-to-date Certificate
  Revocation List (CRL) if a compromised AC doesn't explicitly permit
  this.  This cannot be avoided, except through effective physical
  security and monitoring measures at the AC.

  Proper validation of certificates typically requires checking to
  ensure the certificate has not yet expired.  If devices have a real-
  time clock, they SHOULD verify the certificate validity dates.  If no
  real-time clock is available, the device SHOULD make a best-effort
  attempt to validate the certificate validity dates through other
  means.  Failure to check a certificate's temporal validity can make a
  device vulnerable to man-in-the-middle attacks launched using
  compromised, expired certificates, and therefore devices should make
  every effort to perform this validation.

12.8.  Use of MAC Address in CN Field

  The CAPWAP protocol is an evolution of an existing protocol [LWAPP],
  which is implemented on a large number of already deployed ACs and
  WTPs.  Every one of these devices has an existing X.509 certificate,
  which is provisioned at the time of manufacturing.  These X.509
  certificates use the device's MAC address in the Common Name (CN)
  field.  It is well understood that encoding the MAC address in the CN
  field is less than optimal, and using the SubjectAltName field would
  be preferable.  However, at the time of publication, there is no URN



Calhoun, et al.             Standards Track                   [Page 140]

RFC 5415             CAPWAP Protocol Specification            March 2009


  specification that allows for the MAC address to be used in the
  SubjectAltName field.  As such a specification is published by the
  IETF, future versions of the CAPWAP protocol MAY require support for
  the new URN scheme.

12.9.  AAA Security

  The AAA protocol is used to distribute Extensible Authentication
  Protocol (EAP) keys to the ACs, and consequently its security is
  important to the overall system security.  When used with Transport
  Layer Security (TLS) or IPsec, security guidelines specified in RFC
  3539 [RFC3539] SHOULD be followed.

  In general, the link between the AC and AAA server SHOULD be secured
  using a strong ciphersuite keyed with mutually authenticated session
  keys.  Implementations SHOULD NOT rely solely on Basic RADIUS shared
  secret authentication as it is often vulnerable to dictionary
  attacks, but rather SHOULD use stronger underlying security
  mechanisms.

12.10.  WTP Firmware

  The CAPWAP protocol defines a mechanism by which the AC downloads new
  firmware to the WTP.  During the session establishment process, the
  WTP provides information about its current firmware to the AC.  The
  AC then decides whether the WTP's firmware needs to be updated.  It
  is important to note that the CAPWAP specification makes the explicit
  assumption that the WTP is providing the correct firmware version to
  the AC, and is therefore not lying.  Further, during the firmware
  download process, the CAPWAP protocol does not provide any mechanisms
  to recognize whether the WTP is actually storing the firmware for
  future use.

13.  Operational Considerations

  The CAPWAP protocol assumes that it is the only configuration
  interface to the WTP to configure parameters that are specified in
  the CAPWAP specifications.  While the use of a separate management
  protocol MAY be used for the purposes of monitoring the WTP directly,
  configuring the WTP through a separate management interface is not
  recommended.  Configuring the WTP through a separate protocol, such
  as via a command line interface (CLI) or Simple Network Management
  Protocol (SNMP), could lead to the AC state being out of sync with
  the WTP.







Calhoun, et al.             Standards Track                   [Page 141]

RFC 5415             CAPWAP Protocol Specification            March 2009


  The CAPWAP protocol does not deal with the management of the ACs.
  The AC is assumed to be configured through some separate management
  interface, which could be via a proprietary CLI, SNMP, Network
  Configuration Protocol (NETCONF), or some other management protocol.

  The CAPWAP protocol's control channel is fairly lightweight from a
  traffic perspective.  Once the WTP has been configured, the WTP sends
  periodic statistics.  Further, the specification calls for a keep-
  alive packet to be sent on the protocol's data channel to make sure
  that any possible middleboxes (e.g., NAT) maintain their UDP state.
  The overhead associated with the control and data channel is not
  expected to impact network traffic.  That said, the CAPWAP protocol
  does allow for the frequency of these packets to be modified through
  the DataChannelKeepAlive and StatisticsTimer (see Section 4.7.2 and
  Section 4.7.14, respectively).

14.  Transport Considerations

  The CAPWAP WG carefully considered the congestion control
  requirements of the CAPWAP protocol, both for the CAPWAP Control and
  Data channels.

  CAPWAP specifies a single-threaded command/response protocol to be
  used on the control channel, and we have specified that an
  exponential back-off algorithm should be used when commands are
  retransmitted.  When CAPWAP runs in its default mode (Local MAC), the
  control channel is the only CAPWAP channel.

  However, CAPWAP can also be run in Split MAC mode, in which case
  there will be a DTLS-encrypted data channel between each WTP and the
  AC.  The WG discussed various options for providing congestion
  control on this channel.  However, due to performance problems with
  TCP when it is run over another congestion control mechanism and the
  fact that the vast majority of traffic run over the CAPWAP Data
  channel is likely to be congestion-controlled IP traffic, the CAPWAP
  WG felt that specifying a congestion control mechanism for the CAPWAP
  Data channel would be more likely to cause problems than to resolve
  any.

  Because there is no congestion control mechanism specified for the
  CAPWAP Data channel, it is RECOMMENDED that non-congestion-controlled
  traffic not be tunneled over CAPWAP.  When a significant amount of
  non-congestion-controlled traffic is expected to be present on a
  WLAN, the CAPWAP connection between the AC and the WTP for that LAN
  should be configured to remain in Local MAC mode with Distribution
  function at the WTP.





Calhoun, et al.             Standards Track                   [Page 142]

RFC 5415             CAPWAP Protocol Specification            March 2009


  The lock step nature of the CAPWAP protocol's control channel can
  cause the firmware download process to take some time, depending upon
  the round-trip time (RTT).  This is not expected to be a problem
  since the CAPWAP protocol allows firmware to be downloaded while the
  WTP provides service to wireless clients/devices.

  It is necessary for the WTP and AC to configure their MTU based on
  the capabilities of the path.  See Section 3.5 for more information.

  The CAPWAP protocol mandates support of the Explicit Congestion
  Notification (ECN) through a mode of operation named "limited
  functionality option", detailed in section 9.1.1 of [RFC3168].
  Future versions of the CAPWAP protocol should consider mandating
  support for the "full functionality option".

15.  IANA Considerations

  This section details the actions that IANA has taken in preparation
  for publication of the specification.  Numerous registries have been
  created, and the contents, document action (see [RFC5226], and
  registry format are all included below.  Note that in cases where bit
  fields are referred to, the bit numbering is left to right, where the
  leftmost bit is labeled as bit zero (0).

  For future registration requests where an Expert Review is required,
  a Designated Expert should be consulted, which is appointed by the
  responsible IESG Area Director.  The intention is that any allocation
  will be accompanied by a published RFC, but given that other SDOs may
  want to create standards built on top of CAPWAP, a document the
  Designated Expert can review is also acceptable.  IANA should allow
  for allocation of values prior to documents being approved for
  publication, so the Designated Expert can approve allocations once it
  seems clear that publication will occur.  The Designated Expert will
  post a request to the CAPWAP WG mailing list (or a successor
  designated by the Area Director) for comment and review.  Before a
  period of 30 days has passed, the Designated Expert will either
  approve or deny the registration request and publish a notice of the
  decision to the CAPWAP WG mailing list or its successor, as well as
  informing IANA.  A denial notice must be justified by an explanation,
  and in the cases where it is possible, concrete suggestions on how
  the request can be modified so as to become acceptable should be
  provided.

15.1.  IPv4 Multicast Address

  IANA has registered a new IPv4 multicast address called "capwap-ac"
  from the Internetwork Control Block IPv4 multicast address registry;
  see Section 3.3.



Calhoun, et al.             Standards Track                   [Page 143]

RFC 5415             CAPWAP Protocol Specification            March 2009


15.2.  IPv6 Multicast Address

  IANA has registered a new organization local multicast address called
  the "All ACs multicast address" in the Variable Scope IPv6 multicast
  address registry; see Section 3.3.

15.3.  UDP Port

  IANA registered two new UDP Ports, which are organization-local
  multicast addresses, in the registered port numbers registry; see
  Section 3.1.  The following values have been registered:

  Keyword         Decimal    Description                  References
  -------         -------    -----------                  ----------
  capwap-control  5246/udp   CAPWAP Control Protocol      This Document
  capwap-data     5247/udp   CAPWAP Data Protocol         This Document


15.4.  CAPWAP Message Types

  The Message Type field in the CAPWAP Header (see Section 4.5.1.1) is
  used to identify the operation performed by the message.  There are
  multiple namespaces, which are identified via the first three octets
  of the field containing the IANA Enterprise Number [RFC5226].

  IANA maintains the CAPWAP Message Types registry for all message
  types whose Enterprise Number is set to zero (0).  The namespace is 8
  bits (0-255), where the value of zero (0) is reserved and must not be
  assigned.  The values one (1) through 26 are allocated in this
  specification, and can be found in Section 4.5.1.1.  Any new
  assignments of a CAPWAP Message Type whose Enterprise Number is set
  to zero (0) requires an Expert Review.  The registry maintained by
  IANA has the following format:

          CAPWAP Control Message           Message Type     Reference
                                             Value

15.5.  CAPWAP Header Flags

  The Flags field in the CAPWAP Header (see Section 4.3) is 9 bits in
  length and is used to identify any special treatment related to the
  message.  This specification defines bits zero (0) through five (5),
  while bits six (6) through eight (8) are reserved.  There are
  currently three unused, reserved bits that are managed by IANA and
  whose assignment require an Expert Review.  IANA created the CAPWAP
  Header Flags registry, whose format is:

          Flag Field Name                   Bit Position    Reference



Calhoun, et al.             Standards Track                   [Page 144]

RFC 5415             CAPWAP Protocol Specification            March 2009


15.6.  CAPWAP Control Message Flags

  The Flags field in the CAPWAP Control Message header (see
  Section 4.5.1.4) is used to identify any special treatment related to
  the control message.  There are currently eight (8) unused, reserved
  bits.  The assignment of these bits is managed by IANA and requires
  an Expert Review.  IANA created the CAPWAP Control Message Flags
  registry, whose format is:

          Flag Field Name                   Bit Position    Reference

15.7.  CAPWAP Message Element Type

  The Type field in the CAPWAP Message Element header (see Section 4.6)
  is used to identify the data being transported.  The namespace is 16
  bits (0-65535), where the value of zero (0) is reserved and must not
  be assigned.  The values one (1) through 53 are allocated in this
  specification, and can be found in Section 4.5.1.1.

  The 16-bit namespace is further divided into blocks of addresses that
  are reserved for specific CAPWAP wireless bindings.  The following
  blocks are reserved:

        CAPWAP Protocol Message Elements                   1 - 1023
        IEEE 802.11 Message Elements                    1024 - 2047
        EPCGlobal Message Elements                      3072 - 4095

  This namespace is managed by IANA and assignments require an Expert
  Review.  IANA created the CAPWAP Message Element Type registry, whose
  format is:

          CAPWAP Message Element           Type Value       Reference

15.8.  CAPWAP Wireless Binding Identifiers

  The Wireless Binding Identifier (WBID) field in the CAPWAP Header
  (see Section 4.3) is used to identify the wireless technology
  associated with the packet.  This specification allocates the values
  one (1) and three (3).  Due to the limited address space available, a
  new WBID request requires Expert Review.  IANA created the CAPWAP
  Wireless Binding Identifier registry, whose format is:

          CAPWAP Wireless Binding Identifier  Type Value      Reference








Calhoun, et al.             Standards Track                   [Page 145]

RFC 5415             CAPWAP Protocol Specification            March 2009


15.9.  AC Security Types

  The Security field in the AC Descriptor message element (see
  Section 4.6.1) is 8 bits in length and is used to identify the
  authentication methods available on the AC.  This specification
  defines bits five (5) and six (6), while bits zero (0) through four
  (4) as well as bit seven (7) are reserved and unused.  These reserved
  bits are managed by IANA and assignment requires Standards Action.
  IANA created the AC Security Types registry, whose format is:

          AC Security Type                  Bit Position    Reference

15.10.  AC DTLS Policy

  The DTLS Policy field in the AC Descriptor message element (see
  Section 4.6.1) is 8 bits in length and is used to identify whether
  the CAPWAP Data Channel is to be secured.  This specification defines
  bits five (5) and six (6), while bits zero (0) through four (4) as
  well as bit seven (7) are reserved and unused.  These reserved bits
  are managed by IANA and assignment requires Standards Action.  IANA
  created the AC DTLS Policy registry, whose format is:

          AC DTLS Policy                    Bit Position    Reference

15.11.  AC Information Type

  The Information Type field in the AC Descriptor message element (see
  Section 4.6.1) is used to represent information about the AC.  The
  namespace is 16 bits (0-65535), where the value of zero (0) is
  reserved and must not be assigned.  This field, combined with the AC
  Information Vendor ID, allows vendors to use a private namespace.
  This specification defines the AC Information Type namespace when the
  AC Information Vendor ID is set to zero (0), for which the values
  four (4) and five (5) are allocated in this specification, and can be
  found in Section 4.6.1.  This namespace is managed by IANA and
  assignments require an Expert Review.  IANA created the AC
  Information Type registry, whose format is:

          AC Information Type              Type Value       Reference

15.12.  CAPWAP Transport Protocol Types

  The Transport field in the CAPWAP Transport Protocol message element
  (see Section 4.6.14) is used to identify the transport to use for the
  CAPWAP Data Channel.  The namespace is 8 bits (0-255), where the
  value of zero (0) is reserved and must not be assigned.  The values
  one (1) and two (2) are allocated in this specification, and can be




Calhoun, et al.             Standards Track                   [Page 146]

RFC 5415             CAPWAP Protocol Specification            March 2009


  found in Section 4.6.14.  This namespace is managed by IANA and
  assignments require an Expert Review.  IANA created the CAPWAP
  Transport Protocol Types registry, whose format is:

          CAPWAP Transport Protocol Type   Type Value       Reference

15.13.  Data Transfer Type

  The Data Type field in the Data Transfer Data message element (see
  Section 4.6.15) and Image Data message element (see Section 4.6.26)
  is used to provide information about the data being carried.  The
  namespace is 8 bits (0-255), where the value of zero (0) is reserved
  and must not be assigned.  The values one (1), two (2), and five (5)
  are allocated in this specification, and can be found in
  Section 4.6.15.  This namespace is managed by IANA and assignments
  require an Expert Review.  IANA created the Data Transfer Type
  registry, whose format is:

          Data Transfer Type               Type Value       Reference

15.14.  Data Transfer Mode

  The Data Mode field in the Data Transfer Data message element (see
  Section 4.6.15) and Data Transfer Mode message element (see
  Section 15.14) is used to provide information about the data being
  carried.  The namespace is 8 bits (0-255), where the value of zero
  (0) is reserved and must not be assigned.  The values one (1) and two
  (2) are allocated in this specification, and can be found in
  Section 15.14.  This namespace is managed by IANA and assignments
  require an Expert Review.  IANA created the Data Transfer Mode
  registry, whose format is:

          Data Transfer Mode               Type Value       Reference

15.15.  Discovery Types

  The Discovery Type field in the Discovery Type message element (see
  Section 4.6.21) is used by the WTP to indicate to the AC how it was
  discovered.  The namespace is 8 bits (0-255).  The values zero (0)
  through four (4) are allocated in this specification and can be found
  in Section 4.6.21.  This namespace is managed by IANA and assignments
  require an Expert Review.  IANA created the Discovery Types registry,
  whose format is:

          Discovery Types                  Type Value       Reference






Calhoun, et al.             Standards Track                   [Page 147]

RFC 5415             CAPWAP Protocol Specification            March 2009


15.16.  ECN Support

  The ECN Support field in the ECN Support message element (see
  Section 4.6.25) is used by the WTP to represent its ECN Support.  The
  namespace is 8 bits (0-255).  The values zero (0) and one (1) are
  allocated in this specification, and can be found in Section 4.6.25.
  This namespace is managed by IANA and assignments require an Expert
  Review.  IANA created the ECN Support registry, whose format is:

          ECN Support                      Type Value       Reference

15.17.  Radio Admin State

  The Radio Admin field in the Radio Administrative State message
  element (see Section 4.6.33) is used by the WTP to represent the
  state of its radios.  The namespace is 8 bits (0-255), where the
  value of zero (0) is reserved and must not be assigned.  The values
  one (1) and two (2) are allocated in this specification, and can be
  found in Section 4.6.33.  This namespace is managed by IANA and
  assignments require an Expert Review.  IANA created the Radio Admin
  State registry, whose format is:

          Radio Admin State                Type Value       Reference

15.18.  Radio Operational State

  The State field in the Radio Operational State message element (see
  Section 4.6.34) is used by the WTP to represent the operational state
  of its radios.  The namespace is 8 bits (0-255), where the value of
  zero (0) is reserved and must not be assigned.  The values one (1)
  and two (2) are allocated in this specification, and can be found in
  Section 4.6.34.  This namespace is managed by IANA and assignments
  require an Expert Review.  IANA created the Radio Operational State
  registry, whose format is:

          Radio Operational State          Type Value       Reference

15.19.  Radio Failure Causes

  The Cause field in the Radio Operational State message element (see
  Section 4.6.34) is used by the WTP to represent the reason a radio
  may have failed.  The namespace is 8 bits (0-255), where the value of
  zero (0) through three (3) are allocated in this specification, and
  can be found in Section 4.6.34.  This namespace is managed by IANA
  and assignments require an Expert Review.  IANA created the Radio
  Failure Causes registry, whose format is:

          Radio Failure Causes             Type Value       Reference



Calhoun, et al.             Standards Track                   [Page 148]

RFC 5415             CAPWAP Protocol Specification            March 2009


15.20.  Result Code

  The Result Code field in the Result Code message element (see
  Section 4.6.35) is used to indicate the success or failure of a
  CAPWAP Control message.  The namespace is 32 bits (0-4294967295),
  where the value of zero (0) through 22 are allocated in this
  specification, and can be found in Section 4.6.35.  This namespace is
  managed by IANA and assignments require an Expert Review.  IANA
  created the Result Code registry, whose format is:

          Result Code                      Type Value       Reference

15.21.  Returned Message Element Reason

  The Reason field in the Returned Message Element message element (see
  Section 4.6.36) is used to indicate the reason why a message element
  was not processed successfully.  The namespace is 8 bits (0-255),
  where the value of zero (0) is reserved and must not be assigned.
  The values one (1) through four (4) are allocated in this
  specification, and can be found in Section 4.6.36.  This namespace is
  managed by IANA and assignments require an Expert Review.  IANA
  created the Returned Message Element Reason registry, whose format
  is:

          Returned Message Element Reason  Type Value       Reference

15.22.  WTP Board Data Type

  The Board Data Type field in the WTP Board Data message element (see
  Section 4.6.40) is used to represent information about the WTP
  hardware.  The namespace is 16 bits (0-65535).  The WTP Board Data
  Type values zero (0) through four (4) are allocated in this
  specification, and can be found in Section 4.6.40.  This namespace is
  managed by IANA and assignments require an Expert Review.  IANA
  created the WTP Board Data Type registry, whose format is:

          WTP Board Data Type              Type Value       Reference

15.23.  WTP Descriptor Type

  The Descriptor Type field in the WTP Descriptor message element (see
  Section 4.6.41) is used to represent information about the WTP
  software.  The namespace is 16 bits (0-65535).  This field, combined
  with the Descriptor Vendor ID, allows vendors to use a private
  namespace.  This specification defines the WTP Descriptor Type
  namespace when the Descriptor Vendor ID is set to zero (0), for which
  the values zero (0) through three (3) are allocated in this




Calhoun, et al.             Standards Track                   [Page 149]

RFC 5415             CAPWAP Protocol Specification            March 2009


  specification, and can be found in Section 4.6.41.  This namespace is
  managed by IANA and assignments require an Expert Review.  IANA
  created the WTP Board Data Type registry, whose format is:

          WTP Descriptor Type              Type Value       Reference

15.24.  WTP Fallback Mode

  The Mode field in the WTP Fallback message element (see
  Section 4.6.42) is used to indicate the type of AC fallback mechanism
  the WTP should employ.  The namespace is 8 bits (0-255), where the
  value of zero (0) is reserved and must not be assigned.  The values
  one (1) and two (2) are allocated in this specification, and can be
  found in Section 4.6.42.  This namespace is managed by IANA and
  assignments require an Expert Review.  IANA created the WTP Fallback
  Mode registry, whose format is:

          WTP Fallback Mode                Type Value       Reference

15.25.  WTP Frame Tunnel Mode

  The Tunnel Type field in the WTP Frame Tunnel Mode message element
  (see Section 4.6.43) is 8 bits and is used to indicate the type of
  tunneling to use between the WTP and the AC.  This specification
  defines bits four (4) through six (6), while bits zero (0) through
  three (3) as well as bit seven (7) are reserved and unused.  These
  reserved bits are managed by IANA and assignment requires an Expert
  Review.  IANA created the WTP Frame Tunnel Mode registry, whose
  format is:

          WTP Frame Tunnel Mode             Bit Position    Reference

15.26.  WTP MAC Type

  The MAC Type field in the WTP MAC Type message element (see
  Section 4.6.44) is used to indicate the type of MAC to use in
  tunneled frames between the WTP and the AC.  The namespace is 8 bits
  (0-255), where the value of zero (0) through two (2) are allocated in
  this specification, and can be found in Section 4.6.44.  This
  namespace is managed by IANA and assignments require an Expert
  Review.  IANA created the WTP MAC Type registry, whose format is:

          WTP MAC Type                     Type Value       Reference








Calhoun, et al.             Standards Track                   [Page 150]

RFC 5415             CAPWAP Protocol Specification            March 2009


15.27.  WTP Radio Stats Failure Type

  The Last Failure Type field in the WTP Radio Statistics message
  element (see Section 4.6.46) is used to indicate the last WTP
  failure.  The namespace is 8 bits (0-255), where the value of zero
  (0) through three (3) as well as the value 255 are allocated in this
  specification, and can be found in Section 4.6.46.  This namespace is
  managed by IANA and assignments require an Expert Review.  IANA
  created the WTP Radio Stats Failure Type registry, whose format is:

          WTP Radio Stats Failure Type     Type Value       Reference

15.28.  WTP Reboot Stats Failure Type

  The Last Failure Type field in the WTP Reboot Statistics message
  element (see Section 4.6.47) is used to indicate the last reboot
  reason.  The namespace is 8 bits (0-255), where the value of zero (0)
  through five (5) as well as the value 255 are allocated in this
  specification, and can be found in Section 4.6.47.  This namespace is
  managed by IANA and assignments require an Expert Review.  IANA
  created the WTP Reboot Stats Failure Type registry, whose format is:

          WTP Reboot Stats Failure Type    Type Value       Reference

16.  Acknowledgments

  The following individuals are acknowledged for their contributions to
  this protocol specification: Puneet Agarwal, Abhijit Choudhury, Pasi
  Eronen, Saravanan Govindan, Peter Nilsson, David Perkins, and Yong
  Zhang.

  Michael Vakulenko contributed text to describe how CAPWAP can be used
  over Layer 3 (IP/UDP) networks.

17.  References

17.1.  Normative References

  [RFC1191]          Mogul, J. and S. Deering, "Path MTU discovery",
                     RFC 1191, November 1990.

  [RFC1321]          Rivest, R., "The MD5 Message-Digest Algorithm",
                     RFC 1321, April 1992.

  [RFC1305]          Mills, D., "Network Time Protocol (Version 3)
                     Specification, Implementation", RFC 1305,
                     March 1992.




Calhoun, et al.             Standards Track                   [Page 151]

RFC 5415             CAPWAP Protocol Specification            March 2009


  [RFC1981]          McCann, J., Deering, S., and J. Mogul, "Path MTU
                     Discovery for IP version 6", RFC 1981,
                     August 1996.

  [RFC2119]          Bradner, S., "Key words for use in RFCs to
                     Indicate Requirement Levels", BCP 14, RFC 2119,
                     March 1997.

  [RFC2460]          Deering, S. and R. Hinden, "Internet Protocol,
                     Version 6 (IPv6) Specification", RFC 2460,
                     December 1998.

  [RFC2474]          Nichols, K., Blake, S., Baker, F., and D. Black,
                     "Definition of the Differentiated Services Field
                     (DS Field) in the IPv4 and IPv6 Headers",
                     RFC 2474, December 1998.

  [RFC2782]          Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS
                     RR for specifying the location of services (DNS
                     SRV)", RFC 2782, February 2000.

  [RFC3168]          Ramakrishnan, K., Floyd, S., and D. Black, "The
                     Addition of Explicit Congestion Notification (ECN)
                     to IP", RFC 3168, September 2001.

  [RFC3539]          Aboba, B. and J. Wood, "Authentication,
                     Authorization and Accounting (AAA) Transport
                     Profile", RFC 3539, June 2003.

  [RFC3629]          Yergeau, F., "UTF-8, a transformation format of
                     ISO 10646", STD 63, RFC 3629, November 2003.

  [RFC3828]          Larzon, L-A., Degermark, M., Pink, S., Jonsson,
                     L-E., and G. Fairhurst, "The Lightweight User
                     Datagram Protocol (UDP-Lite)", RFC 3828,
                     July 2004.

  [RFC4086]          Eastlake, D., Schiller, J., and S. Crocker,
                     "Randomness Requirements for Security", BCP 106,
                     RFC 4086, June 2005.

  [RFC4279]          Eronen, P. and H. Tschofenig, "Pre-Shared Key
                     Ciphersuites for Transport Layer Security (TLS)",
                     RFC 4279, December 2005.

  [RFC5246]          Dierks, T. and E. Rescorla, "The Transport Layer
                     Security (TLS) Protocol Version 1.2", RFC 5246,
                     August 2008.



Calhoun, et al.             Standards Track                   [Page 152]

RFC 5415             CAPWAP Protocol Specification            March 2009


  [RFC4347]          Rescorla, E. and N. Modadugu, "Datagram Transport
                     Layer Security", RFC 4347, April 2006.

  [RFC4821]          Mathis, M. and J. Heffner, "Packetization Layer
                     Path MTU Discovery", RFC 4821, March 2007.

  [RFC4963]          Heffner, J., Mathis, M., and B. Chandler, "IPv4
                     Reassembly Errors at High Data Rates", RFC 4963,
                     July 2007.

  [RFC5226]          Narten, T. and H. Alvestrand, "Guidelines for
                     Writing an IANA Considerations Section in RFCs",
                     BCP 26, RFC 5226, May 2008.

  [RFC5280]          Cooper, D., Santesson, S., Farrell, S., Boeyen,
                     S., Housley, R., and W. Polk, "Internet X.509
                     Public Key Infrastructure Certificate and
                     Certificate Revocation List (CRL) Profile",
                     RFC 5280, May 2008.

  [ISO.9834-1.1993]  International Organization for Standardization,
                     "Procedures for the operation of OSI registration
                     authorities - part 1: general procedures",
                     ISO Standard 9834-1, 1993.

  [RFC5416]          Calhoun, P., Ed., Montemurro, M., Ed., and D.
                     Stanley, Ed., "Control And Provisioning of
                     Wireless Access Points (CAPWAP) Protocol Binding
                     for IEEE 802.11", RFC 5416, March 2009.

  [RFC5417]          Calhoun, P., "Control And Provisioning of Wireless
                     Access Points (CAPWAP) Access Controller DHCP
                     Option", RFC 5417, March 2009.

  [FRAME-EXT]        IEEE, "IEEE Standard 802.3as-2006", 2005.

17.2.  Informative References

  [RFC3232]          Reynolds, J., "Assigned Numbers: RFC 1700 is
                     Replaced by an On-line Database", RFC 3232,
                     January 2002.

  [RFC3753]          Manner, J. and M. Kojo, "Mobility Related
                     Terminology", RFC 3753, June 2004.







Calhoun, et al.             Standards Track                   [Page 153]

RFC 5415             CAPWAP Protocol Specification            March 2009


  [RFC4564]          Govindan, S., Cheng, H., Yao, ZH., Zhou, WH., and
                     L. Yang, "Objectives for Control and Provisioning
                     of Wireless Access Points (CAPWAP)", RFC 4564,
                     July 2006.

  [RFC4962]          Housley, R. and B. Aboba, "Guidance for
                     Authentication, Authorization, and Accounting
                     (AAA) Key Management", BCP 132, RFC 4962,
                     July 2007.

  [LWAPP]            Calhoun, P., O'Hara, B., Suri, R., Cam Winget, N.,
                     Kelly, S., Williams, M., and S. Hares,
                     "Lightweight Access Point Protocol", Work in
                     Progress, March 2007.

  [SLAPP]            Narasimhan, P., Harkins, D., and S. Ponnuswamy,
                     "SLAPP: Secure Light Access Point Protocol", Work
                     in Progress, May 2005.

  [DTLS-DESIGN]      Modadugu, et al., N., "The Design and
                     Implementation of Datagram TLS", Feb 2004.

  [EUI-48]           IEEE, "Guidelines for use of a 48-bit Extended
                     Unique Identifier", Dec 2005.

  [EUI-64]           IEEE, "GUIDELINES FOR 64-BIT GLOBAL IDENTIFIER
                     (EUI-64) REGISTRATION AUTHORITY".

  [EPCGlobal]        "See http://www.epcglobalinc.org/home".

  [PacketCable]      "PacketCable Security Specification PKT-SP-SEC-
                     I12-050812", August 2005, <PacketCable>.

  [CableLabs]        "OpenCable System Security Specification OC-SP-
                     SEC-I07-061031", October 2006, <CableLabs>.

  [WiMAX]            "WiMAX Forum X.509 Device Certificate Profile
                     Approved Specification V1.0.1", April 2008,
                     <WiMAX>.

  [RFC5418]          Kelly, S. and C. Clancy, "Control And Provisioning
                     for Wireless Access Points (CAPWAP) Threat
                     Analysis for IEEE 802.11 Deployments", RFC 5418,
                     March 2009.







Calhoun, et al.             Standards Track                   [Page 154]

RFC 5415             CAPWAP Protocol Specification            March 2009


Editors' Addresses

  Pat R. Calhoun (editor)
  Cisco Systems, Inc.
  170 West Tasman Drive
  San Jose, CA  95134

  Phone: +1 408-902-3240
  EMail: [email protected]

  Michael P. Montemurro (editor)
  Research In Motion
  5090 Commerce Blvd
  Mississauga, ON  L4W 5M4
  Canada

  Phone: +1 905-629-4746 x4999
  EMail: [email protected]


  Dorothy Stanley (editor)
  Aruba Networks
  1322 Crossman Ave
  Sunnyvale, CA  94089

  Phone: +1 630-363-1389
  EMail: [email protected]
























Calhoun, et al.             Standards Track                   [Page 155]