figuration optionally saved for a defined period to flash memory (in an area
that cannot be read out with LANconfig or other tools).
1.2
Technical concepts
1.2.1
The CAPWAP standard
The CAPWAP protocol (Control And Provisioning of Wireless Access Points)
was adopted by the IETF (Internet Engineering Task Force) in March 2009 as
a standard for the centralized management of large WLAN infrastructures.
CAPWAP uses two channels for data transfer:
Control channel, encrypted with DTLS. This channel is used to exchange
administration information between the WLAN Controller and the Access
Point.
Datagram Transport Layer Security (DTLS) is an encryption protocol
based on TLS but, in contrast to TLS itself, it can be used for transfers
over connectionless, unsecured transport protocols such as UDP. DTLS
therefore combines the advantages of the high security provided by
TLS with the fast transfer via UDP. This also makes DTLS suitable for
the transfer of VoIP packets (unlike TLS) because, even after the loss
of a packet, the subsequent packets can be authenticated again.
Data channel, optionally also encrypted with DTLS. The payload data from
the WLAN is transferred through this channel from the Access Point via
the WLAN Controller into the LAN—encapsulated in the CAPWAP proto-
col.
1.2.2
Smart controller technology
In a decentralized WLAN structure with stand-alone Access Points (operating
as so-called "rich access points") all functions for data transfer take place in
the PHY layer, the control functions in the MAC layer, and the management
functions are integrated in the Access Points. Centralized WLAN management
divides these tasks among two different devices:
The central WLAN Controller assumes the administration tasks.
The decentralized Access Points handle the data transfer at the PHY layer
and the MAC functions.
LANCOM WLC series
Chapter 1: Centralized WLAN management
11