What is CAPWAP (Control and Provisioning of Wireless Access Points)?
CAPWAP (Control and Provisioning of Wireless Access Points) is a protocol that enables an access controller to manage a collection of wireless termination points. CAPWAP is defined in Request for Comments 5415.
The Internet Engineering Task Force (IETF) developed CAPWAP with the following goals in mind:
- To centralize authentication and policy enforcement functions in wireless networks.
- To shift higher-level protocol processing away from access points (APs).
- To provide an extensible protocol that could be used with various types of APs.
How CAPWAP works
When supported and enabled, CAPWAP's first function is to initiate a discovery phase. Wireless APs search for a controller by sending discovery request messages. Upon receiving a discovery request, the controller replies with a discovery response.
At this point, the two devices establish a secure connection using the Datagram Transport Layer Security protocol to exchange CAPWAP control and data messages. Control messages contain information and instructions related to wireless local area network (WLAN) management. Data messages encapsulate forwarded wireless frames. Each is sent over a different User Datagram Protocol port.
According to IETF, CAPWAP supports two modes of operation:
- Split media access controller (MAC).
- Local MAC.
In split MAC mode, the CAPWAP protocol encapsulates all Layer 2 wireless data and management frames, which are then exchanged between the controller and AP. Local MAC mode enables data frames to be locally bridged or tunneled as Ethernet frames. In either mode, the AP processes Layer 2 wireless management frames locally and then forwards them to the controller.
The protocol was also designed to support interoperability in a multivendor WLAN. Among the vendors that have implemented it, however, most have added proprietary extensions that prohibit interoperability.
Editor's note: This definition was updated to improve the reader experience.