draft-ietf-capwap-problem-statement-00.txt   draft-ietf-capwap-problem-statement-01.txt 
CAPWAP Working Group P. Calhoun CAPWAP Working Group P. Calhoun
Internet-Draft B. O'Hara Internet-Draft B. O'Hara
Expires: August 2, 2004 Airespace Expires: November 8, 2004 Airespace
J. Kempf J. Kempf
Docomo Labs USA Docomo Labs USA
February 2, 2004 May 10, 2004
CAPWAP Problem Statement CAPWAP Problem Statement
draft-ietf-capwap-problem-statement-00 draft-ietf-capwap-problem-statement-01
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that other Task Force (IETF), its areas, and its working groups. Note that
groups may also distribute working documents as Internet-Drafts. other groups may also distribute working documents as
Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at http:// The list of current Internet-Drafts can be accessed at
www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on August 2, 2004. This Internet-Draft will expire on November 8, 2004.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2004). All Rights Reserved. Copyright (C) The Internet Society (2004). All Rights Reserved.
Abstract Abstract
This document describes the Configuration and Provisioning for This document describes the Configuration and Provisioning for
Wireless Access Points (CAPWAP) problem statement. Wireless Access Points (CAPWAP) problem statement.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . . 4 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 4
3. Security Considerations . . . . . . . . . . . . . . . . . . . . 6 3. Security Considerations . . . . . . . . . . . . . . . . . . . 6
References . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 4. References . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 6
Intellectual Property and Copyright Statements . . . . . . . . . 8 Intellectual Property and Copyright Statements . . . . . . . . 8
1. Introduction 1. Introduction
With the approval of the 802.11 standard by the IEEE in 1997, With the approval of the 802.11 standard by the IEEE in 1997,
wireless LANs (WLANs) began a slow entry into enterprise networks. wireless LANs (WLANs) began a slow entry into enterprise networks.
The limited data rates of the original 802.11 standard, only 1- and The limited data rates of the original 802.11 standard, only 1- and
2-Mbps, limited widespread adoption of the technology. 802.11 found 2-Mbps, limited widespread adoption of the technology. 802.11 found
wide deployment in vertical applications, such as inventory wide deployment in vertical applications, such as inventory
management, point of sale, and transportation management. Pioneering management, point of sale, and transportation management. Pioneering
enterprises began to deploy 802.11, mostly for experimentation. enterprises began to deploy 802.11, mostly for experimentation.
skipping to change at page 5, line 7 skipping to change at page 5, line 7
access points. Access points are often difficult to physically access points. Access points are often difficult to physically
secure, since their location must often be outside of a locked secure, since their location must often be outside of a locked
network closet or server room. Theft of an access point, with its network closet or server room. Theft of an access point, with its
embedded secrets, allows the thief to obtain access to the resources embedded secrets, allows the thief to obtain access to the resources
secured by those secrets. secured by those secrets.
Recently, multiple vendors have begun offering proprietary solutions Recently, multiple vendors have begun offering proprietary solutions
that combine aspects of network switching, centralized control and that combine aspects of network switching, centralized control and
management, and distributed wireless access in a variety of new management, and distributed wireless access in a variety of new
architectures to adress some, or all, of the above mentioned architectures to adress some, or all, of the above mentioned
problems. Since interoperable solutions allow enterprises and service problems. Since interoperable solutions allow enterprises and
providers a broader choice, a standardized, interoperable interface service providers a broader choice, a standardized, interoperable
between access points and a centralized controller addressing the interface between access points and a centralized controller
above mentioned problems seems desirable. addressing the above mentioned problems seems desirable.
The physical portions of this network system, in currently fielded The physical portions of this network system, in currently fielded
devices, are one or more 802.11 access points (APs) and one or more devices, are one or more 802.11 access points (APs) and one or more
central control devices, alternatively described as controllers (or central control devices, alternatively described as controllers (or
access controllers, ACs). Ideally, a network designer would be able access controllers, ACs). Ideally, a network designer would be able
to choose one or more vendors for the APs and one or more vendors for to choose one or more vendors for the APs and one or more vendors for
the central control devices in sufficient numbers to design a network the central control devices in sufficient numbers to design a network
with 802.11 wireless access to meet the designer's requirements. with 802.11 wireless access to meet the designer's requirements.
Current implementations are proprietary and not interoperable. A Current implementations are proprietary and not interoperable. This
taxonomy of the architectures employed in the existing products in is due to a number of factors, including the disparate architectural
the market will provide the basis of an output document to be choices made by the various manufacturers. A taxonomy of the
provided to the IEEE 802.11 Working Group. This taxonomy will be architectures employed in the existing products in the market will
utilized by the 802.11 Working Group as input to their task of provide the basis of an output document to be provided to the IEEE
defining the functional architecture of an access point. The 802.11 Working Group. This taxonomy will be utilized by the 802.11
functional architecture, including description of detailed functional Working Group as input to their task of defining the functional
blocks, interfaces, and information flow, will be reviewed by CAPWAP architecture of an access point. The functional architecture,
to determine if further work is needed to apply or develop standard including description of detailed functional blocks, interfaces, and
protocols providing for multi-vendor interoperable implementations of information flow, will be reviewed by CAPWAP to determine if further
WLANs built from devices that adhere to the newly appearing work is needed to apply or develop standard protocols providing for
hierarchical architecture utilizing a functional split between an multi-vendor interoperable implementations of WLANs built from
access point and an access controller. devices that adhere to the newly appearing hierarchical architecture
utilizing a functional split between an access point and an access
controller.
3. Security Considerations 3. Security Considerations
To the extent of our knowledge, this problem statement does not The devices used in WLANs control the access to networks and provide
create any security issues to the Internet. for the delivery of packets between hosts using the WLAN and other
hosts on the WLAN or elsewhere on the internet. The functions for
control and provisioning of wireless access points, therefore require
protection to prevent misuse of the devices.
References Requirements for central management, monitoring, and control of
wireless access points that should be addressed include
confidentiality, integrity, and authenticity. Once an AP and AC have
been authenticated to each other, it may not be sufficient that a
single level of authorization allows monitoring, as well as control
and provisioning. The requirement for more than a single level of
authorization should be determined. Physical security should also be
addressed, for those devices that contain security parameters that
are sensitive and might compromise the security of the system, if
those parameters were to fall into the hands of an attacker.
[1] "Mobility Related Terminology", April 2003, <ftp://ftp.isi.edu/ 4 References
internet-drafts/draft-ietf-seamoby-terminology-04.txt>.
Authors' Addresses Authors' Addresses
Pat R. Calhoun Pat R. Calhoun
Airespace Airespace
110 Nortech Parkway 110 Nortech Parkway
San Jose, CA 95134 San Jose, CA 95134
Phone: +1 408-635-2000 Phone: +1 408-635-2000
EMail: pcalhoun@airespace.com EMail: pcalhoun@airespace.com
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/