CAPWAP Split-MAC Architecture Overview

One of the key principles behind the LWAPP and CAPWAP protocol architecture is the notion of a split 802.11 media access control. Since the real processing power and smart feature set of the architecture is implemented in controllers, some functions need to be performed in the controller instead of the access point. This concept is called "Split-MAC" by Cisco and most other controller-based vendors.

The AP and controller are linked by the CAPWAP protocol using both a "control" channel for access point management, configuration, and control, and a "data" channel for forwarding of user traffic between the two entities in the cases where user traffic is tunneled all the way to the controller (central bridging). These two channels are nothing more than CAPWAP encapsulated UDP packets using port 5246 (control) and 5247 (data) since Cisco code version 5.2. Earlier versions of code used the LWAPP protocol, which was CAPWAP's predecessor, and use UDP ports 12223 (control) and 12222 (data).

It is important for wireless engineers designing, deploying, administering, and troubleshooting solutions using this type of architecture to understand the functions carried out by the controller versus the access point.

The industry is currently in a transition back to a de-centralized model, with local data bridging coming into higher demand as 802.11n data rates strain controller bandwidth capacity and branch offices struggle to cost-justify the additional expense of controllers. This is evident with the emergence of Cisco H-REAP, Aruba RAP, Motorola Adaptive APs, and taken to the extreme by Aerohive in their controller-less architecture. This trend will only continue, but engineers will still be required to fully understand the split-MAC concept even under these circumstances as the large vendors are likely to require centralized controllers for some control-plane functions.

The split-MAC functionality is divided between controller and AP in the following fashion:

Controller Responsibilities:

  • Security management (policy enforcement, rogue detection, etc.)
  • Configuration and firmware management
  • Northbound management interfaces
  • Non real-time 802.11 MAC functions
    • Association, Dis-Association, Re-Association
    • 802.11e/WMM Resource Reservation (CAC, TSPEC, etc.)
    • 802.1x/EAP Authentication
    • Encryption Key Management
  • 802.11 Distribution Services
  • Wired and Wireless Integration Services

Access Point Responsibilities:

  • Real-Time 802.11 MAC Functions
    • Beacon generation
    • Probe responses
    • Informs WLC of client probe requests
    • Power management and packet buffering
    • 802.11e/WMM scheduling and queuing
    • MAC layer data encryption and decryption
    • 802.11 control messages (ACK, RTS/CTS)
  • Data encapsulation and de-capsulation via CAPWAP
  • Fragmentation and re-assembly
  • RF spectral analysis
  • WLAN IDS signature analysis

In future posts, I detail how CAPWAP APs discover, select, join, and maintain association with a controller.