CAPWAP
The functional design of the Cisco Unified Wireless Network solution, the Cisco Centralized WLAN Architecture, uses CAPWAP as its foundational protocol. It controls APs and WLANs, wraps and transmits WLAN client communications between APs and WLAN controllers, and manages and configures APs and WLANs (WLCs). The cornerstone of CAPWAP is the Lightweight Access Point Protocol (LWAPP), but Datagram Transport Layer Protection improves security (DTLS). CAPWAP, which makes use of the User Datagram Protocol (UDP), is compatible with both Internet Protocol Version 4 (IPv4) and Internet Protocol Version 6 (IPv6). The data transferred between the LAP and WLC is compressed using new IP packets by CAPWAP. Traffic that has been tunneled is subsequently switched or routed using the campus network.
Control messages sent over CAPWAP are used to set up and monitor AP operations. Control messages are sent over the control tunnel after authentication and encryption to ensure that APs are securely managed only by the correct WLC. The only tunnel protected by default is the CAPWAP (Wireless Access Point Control and Provisioning) control tunnel. Client data is sent over to the CAPWAP data tunnel, but encryption is optional. DHCP queries contain client data and are not encrypted by default. Last but not least, 802.11 beacons are sent wirelessly from the LAP, so they are not encrypted or sent over CAPWAP.
A CAPWAP tunnel is required because the network is built with WLCs and LAPs. Each LAP is connected to the WLC via one he CAPWAP tunnel for a total of 32 tunnels. CAPWAP encapsulates wireless communications in an additional IP header so that tunneled packets can be routed through a Layer 3 network. So the LAPs and WLCs are on any IP subnet as long as they have access to the subnet. LAPs and WLCs are not restricted from sharing Layer 2 VLANs or Layer 3 IP subnets. A lightweight AP only requires one access link with a single VLAN when operating in local mode. All other data is sent to the WLC over the CAPWAP tunnel.
Physical Infrastructure Connections of WLAN Components
The IETF Control and Provisioning of Wireless Access Points Protocol (CAPWAP) standard are used by Lightweight Cisco Access Points for the purpose of communicating with wireless controllers and other lightweight access points on your network.