In this topic i am
planning to cover LWAPP protocol which is basic protocol for all controller
based communications. For CAPWAP protocol also base is LWAPP protocol.
Now all the vendors are using CAPWAP/LWAPP protocol for communicating between
Controller and APs.
Overview
LWAPP is a
generic protocol defining how Wireless Termination Points
communicate with Access Controllers. Wireless Termination Points
and Access Controllers may communicate either by means of Layer 2
protocols or by means of a routed IP network.
LWAPP goals
- Centralization of the bridging,
forwarding, authentication and policy enforcement
- Permit shifting of the higher
level protocol processing burden away from the WTP
- Providing a generic
encapsulation and transport mechanism
Note :
WTP
-Wireless Termination Points . Llike APs.
AC -
Acess Controller . Like Controllers or Wireless Switchesor WLAN appliance
State machine of LWAPP
LWAPP communication will happen with below messages
LWAPP discovery
L2: MAC level Broadcast domain
L3:
No need of same subnet
Discovery request
Limited broad cast(255.255.255.255)
Well Known Multicast
Unicast IP address
Discovery Response is always Unicast message
LWAPP Packets are classified into two types.
LWAPP data messages
For waded Wireless frames
LWAPP control messages
Control channel is series of Control messages between AC and WTP assosiated with session ID and key.
LWAPP control messages
1. Discovery
2. Control Channel management
3. WTP configuration management
4. Mobile session management
5. Firmware management
Control message format
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0
1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Message Type | Seq Num |
Msg Element Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Session ID
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Msg Element [0..N]
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
All LWAPP control messages
Description ValueDiscovery Request 1
Discovery Response 2
Join Request 3
Join Response 4
Join ACK 5
Join Confirm 6
Unused 7-9
Configure Request 10
Configure Response 11
Configuration Update Request 12
Configuration Update Response 13
WTP Event Request 14
WTP Event Respons 15
Change State Event Request 16
Change State Event Response 17
Unused 18-21
Echo Request 22
Echo Response 23
Image Data Request 24
Image Data Response 25
Reset Request 26
Reset Response 27
Unused 28-29
Key Update Request 30
Key Update Response 31
Primary Discovery Request 32
Primary Discovery Response 33
Data Transfer Request 34
Data Transfer Response 35
Clear Config Indication 36
WLAN Config Request 37
WLAN Config Response 38
Mobile Config Request 39
Mobile Config Response 40
Discovery
a. Discovery Request:Necessary step even for static AC also
Wait MaxDiscoveryInterval
b. Discovery Response
Wait Discovery Interval and select one of ACs move to joining state
c. Primary Discovery Request
Check Preferred AC availability
If it is connected to Another AC and configured with primary AC
d. Primary Discovery Response
Advertises availability and services
Connect to Primary AC
Control Channel management
a.Join Request
It is used as MTU discovery MechanismWith unknown MTU path discovery ,Initial Join Request with 1596bytes.
It will try with 15961500bytes.
If valid certificate generates session key and context for session.
Note : Join Request consists of certificate and Wnonce must be considered as invalid.
b. Join Response
Capable and willing to provide serviceHeartbeat timer initiated ,expiration deletion of AC-WTP session.
Timer refreshed on Echo Request.
Valid PSK-MIC responds with Join ACK.
C. Join ACK
WTP to AC , a mean of Key confirmationD. Join confirm
AC to WTC , a mean of Key confirmationIt will put NeighbourDeadInterval expiration will give Echo request.
Note : This two happen with Pre shared key only.
e. Echo Request
Keep alive mechanismf. Echo Response
AC should reset Heartbeat timer.If not received AC consider WTP not reachable.
g. Key Update Request
WTP to AC to initiate re-keying phaseIncludes new session unique identifier.
h. Keyupdate Response
Includes session ID,PSK-MIC element.i. Keyupdate ACK
By WTP used for key derivation processThose session keys used in encryption