draft-ohara-capwap-lwapp-01.txt   draft-ohara-capwap-lwapp-02.txt 
Network Working Group P. Calhoun Network Working Group P. Calhoun
Internet-Draft B. O'Hara Internet-Draft B. O'Hara
Expires: August 5, 2005 Airespace Expires: October 2, 2005 Airespace
S. Kelly S. Kelly
Facetime Communications Facetime Communications
R. Suri R. Suri
Airespace Airespace
M. Williams M. Williams
Nokia, Inc. Nokia, Inc.
S. Hares S. Hares
Nexthop Technologies, Inc. Nexthop Technologies, Inc.
Feb 2005 N. Cam Winget
Cisco Systems, Inc.
March 31, 2005
Light Weight Access Point Protocol (LWAPP) Light Weight Access Point Protocol (LWAPP)
draft-ohara-capwap-lwapp-01.txt draft-ohara-capwap-lwapp-02
Status of this Memo Status of this Memo
This document is an Internet-Draft and is subject to all provisions This document is an Internet-Draft and is subject to all provisions
of Section 3 of RFC 3667. By submitting this Internet-Draft, each of Section 3 of RFC 3667. By submitting this Internet-Draft, each
author represents that any applicable patent or other IPR claims of author represents that any applicable patent or other IPR claims of
which he or she is aware have been or will be disclosed, and any of which he or she is aware have been or will be disclosed, and any of
which he or she become aware will be disclosed, in accordance with which he or she become aware will be disclosed, in accordance with
RFC 3668. RFC 3668.
skipping to change at page 1, line 44 skipping to change at page 1, line 46
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on August 5, 2005. This Internet-Draft will expire on October 2, 2005.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2005). Copyright (C) The Internet Society (2005).
Abstract Abstract
In the recent years, there has been a shift in wireless LAN product In the recent years, there has been a shift in wireless LAN product
architectures from autonomous access points to centralized control of architectures from autonomous access points to centralized control of
light weight access points. The general goal has been to move most light weight access points. The general goal has been to move most
of the traditional wireless functionality such as access control of the traditional wireless functionality such as access control
(user authentication and authorization), mobility and radio (user authentication and authorization), mobility and radio
management out of the access point into a centralized controller. management out of the access point into a centralized controller.
skipping to change at page 3, line 7 skipping to change at page 3, line 7
Termination Points (the latter are also commonly referred to as Light Termination Points (the latter are also commonly referred to as Light
Weight Access Points). This specification defines the Light Weight Weight Access Points). This specification defines the Light Weight
Access Point Protocol (LWAPP), which addresses the CAPWAP's protocol Access Point Protocol (LWAPP), which addresses the CAPWAP's protocol
requirements. Although the LWAPP protocol is designed to be flexible requirements. Although the LWAPP protocol is designed to be flexible
enough to be used for a variety of wireless technologies, this enough to be used for a variety of wireless technologies, this
specific document describes the base protocol, and an extension that specific document describes the base protocol, and an extension that
allows it to be used with the IEEE's 802.11 wireless LAN protocol. allows it to be used with the IEEE's 802.11 wireless LAN protocol.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 7 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 8
1.1 Conventions used in this document . . . . . . . . . . . 8 1.1 Conventions used in this document . . . . . . . . . . . 9
2. Protocol Overview . . . . . . . . . . . . . . . . . . . . . 9 2. Protocol Overview . . . . . . . . . . . . . . . . . . . . . 10
2.1 Wireless Binding Definition . . . . . . . . . . . . . . 11 2.1 Wireless Binding Definition . . . . . . . . . . . . . . 11
2.2 LWAPP State Machine Definition . . . . . . . . . . . . . 11 2.2 LWAPP State Machine Definition . . . . . . . . . . . . . 12
3. LWAPP Transport Layers . . . . . . . . . . . . . . . . . . . 18 3. LWAPP Transport Layers . . . . . . . . . . . . . . . . . . . 20
3.1 LWAPP Transport Header . . . . . . . . . . . . . . . . . 18 3.1 LWAPP Transport Header . . . . . . . . . . . . . . . . . 20
3.1.1 VER Field . . . . . . . . . . . . . . . . . . . . . 18 3.1.1 VER Field . . . . . . . . . . . . . . . . . . . . . 20
3.1.2 RID Field . . . . . . . . . . . . . . . . . . . . . 18 3.1.2 RID Field . . . . . . . . . . . . . . . . . . . . . 20
3.1.3 C Bit . . . . . . . . . . . . . . . . . . . . . . . 18 3.1.3 C Bit . . . . . . . . . . . . . . . . . . . . . . . 20
3.1.4 F Bit . . . . . . . . . . . . . . . . . . . . . . . 18 3.1.4 F Bit . . . . . . . . . . . . . . . . . . . . . . . 20
3.1.5 L Bit . . . . . . . . . . . . . . . . . . . . . . . 19 3.1.5 L Bit . . . . . . . . . . . . . . . . . . . . . . . 21
3.1.6 Fragment ID . . . . . . . . . . . . . . . . . . . . 19 3.1.6 Fragment ID . . . . . . . . . . . . . . . . . . . . 21
3.1.7 Length . . . . . . . . . . . . . . . . . . . . . . . 19 3.1.7 Length . . . . . . . . . . . . . . . . . . . . . . . 21
3.1.8 Status and WLANS . . . . . . . . . . . . . . . . . . 19 3.1.8 Status and WLANS . . . . . . . . . . . . . . . . . . 21
3.1.9 Payload . . . . . . . . . . . . . . . . . . . . . . 19 3.1.9 Payload . . . . . . . . . . . . . . . . . . . . . . 21
3.2 Using IEEE 802.3 MAC as LWAPP transport . . . . . . . . 19 3.2 Using IEEE 802.3 MAC as LWAPP transport . . . . . . . . 21
3.2.1 Framing . . . . . . . . . . . . . . . . . . . . . . 19 3.2.1 Framing . . . . . . . . . . . . . . . . . . . . . . 22
3.2.2 AC Discovery . . . . . . . . . . . . . . . . . . . . 20 3.2.2 AC Discovery . . . . . . . . . . . . . . . . . . . . 22
3.2.3 LWAPP Message Header format over IEEE 802.3 MAC 3.2.3 LWAPP Message Header format over IEEE 802.3 MAC
transport . . . . . . . . . . . . . . . . . . . . . 20 transport . . . . . . . . . . . . . . . . . . . . . 22
3.2.4 Fragmentation/Reassembly . . . . . . . . . . . . . . 20 3.2.4 Fragmentation/Reassembly . . . . . . . . . . . . . . 22
3.2.5 Multiplexing . . . . . . . . . . . . . . . . . . . . 20 3.2.5 Multiplexing . . . . . . . . . . . . . . . . . . . . 23
3.3 Using IPv4/UDP as LWAPP transport . . . . . . . . . . . 20 3.3 Using IPv4/UDP as LWAPP transport . . . . . . . . . . . 23
3.3.1 Framing . . . . . . . . . . . . . . . . . . . . . . 20 3.3.1 Framing . . . . . . . . . . . . . . . . . . . . . . 23
3.3.2 AC Discovery . . . . . . . . . . . . . . . . . . . . 21 3.3.2 AC Discovery . . . . . . . . . . . . . . . . . . . . 23
3.3.3 LWAPP Message Header format over IPv4/UDP transport 21 3.3.3 LWAPP Message Header format over IPv4/UDP transport 24
3.3.4 Fragmentation/Reassembly . . . . . . . . . . . . . . 22 3.3.4 Fragmentation/Reassembly . . . . . . . . . . . . . . 24
3.3.5 Multiplexing . . . . . . . . . . . . . . . . . . . . 22 3.3.5 Multiplexing . . . . . . . . . . . . . . . . . . . . 25
4. LWAPP Packet Definitions . . . . . . . . . . . . . . . . . . 23 4. LWAPP Packet Definitions . . . . . . . . . . . . . . . . . . 26
4.1 LWAPP Data Messages . . . . . . . . . . . . . . . . . . 23 4.1 LWAPP Data Messages . . . . . . . . . . . . . . . . . . 26
4.2 LWAPP Control Messages Overview . . . . . . . . . . . . 23 4.2 LWAPP Control Messages Overview . . . . . . . . . . . . 26
4.2.1 Control Message Format . . . . . . . . . . . . . . . 24 4.2.1 Control Message Format . . . . . . . . . . . . . . . 27
4.2.2 Message Element Format . . . . . . . . . . . . . . . 26 4.2.2 Message Element Format . . . . . . . . . . . . . . . 29
5. LWAPP Discovery Operations . . . . . . . . . . . . . . . . . 28 5. LWAPP Discovery Operations . . . . . . . . . . . . . . . . . 31
5.1 Discovery Request . . . . . . . . . . . . . . . . . . . 28 5.1 Discovery Request . . . . . . . . . . . . . . . . . . . 31
5.1.1 Discovery Type . . . . . . . . . . . . . . . . . . . 29 5.1.1 Discovery Type . . . . . . . . . . . . . . . . . . . 32
5.1.2 WTP Descriptor . . . . . . . . . . . . . . . . . . . 29 5.1.2 WTP Descriptor . . . . . . . . . . . . . . . . . . . 32
5.1.3 WTP Radio Information . . . . . . . . . . . . . . . 30 5.1.3 WTP Radio Information . . . . . . . . . . . . . . . 33
5.2 Discovery Response . . . . . . . . . . . . . . . . . . . 30 5.2 Discovery Response . . . . . . . . . . . . . . . . . . . 33
5.2.1 AC Descriptor . . . . . . . . . . . . . . . . . . . 31 5.2.1 AC Address . . . . . . . . . . . . . . . . . . . . . 34
5.2.2 AC Name . . . . . . . . . . . . . . . . . . . . . . 31 5.2.2 AC Descriptor . . . . . . . . . . . . . . . . . . . 34
5.2.3 WTP Manager Control IP Address . . . . . . . . . . . 32 5.2.3 AC Name . . . . . . . . . . . . . . . . . . . . . . 35
5.3 Primary Discovery Request . . . . . . . . . . . . . . . 32 5.2.4 WTP Manager Control IP Address . . . . . . . . . . . 35
5.3.1 Discovery Type . . . . . . . . . . . . . . . . . . . 33 5.3 Primary Discovery Request . . . . . . . . . . . . . . . 36
5.3.2 WTP Descriptor . . . . . . . . . . . . . . . . . . . 33 5.3.1 Discovery Type . . . . . . . . . . . . . . . . . . . 36
5.3.3 WTP Radio Information . . . . . . . . . . . . . . . 33 5.3.2 WTP Descriptor . . . . . . . . . . . . . . . . . . . 36
5.4 Primary Discovery Response . . . . . . . . . . . . . . . 33 5.3.3 WTP Radio Information . . . . . . . . . . . . . . . 36
5.4.1 AC Descriptor . . . . . . . . . . . . . . . . . . . 33 5.4 Primary Discovery Response . . . . . . . . . . . . . . . 36
5.4.2 AC Name . . . . . . . . . . . . . . . . . . . . . . 33 5.4.1 AC Descriptor . . . . . . . . . . . . . . . . . . . 37
5.4.3 WTP Manager Control IP Address . . . . . . . . . . . 33 5.4.2 AC Name . . . . . . . . . . . . . . . . . . . . . . 37
6. Control Channel Management . . . . . . . . . . . . . . . . . 35 5.4.3 WTP Manager Control IP Address . . . . . . . . . . . 37
6.1 Join Request . . . . . . . . . . . . . . . . . . . . . . 35 6. Control Channel Management . . . . . . . . . . . . . . . . . 38
6.1.1 AC Address . . . . . . . . . . . . . . . . . . . . . 35 6.1 Join Request . . . . . . . . . . . . . . . . . . . . . . 38
6.1.2 WTP Descriptor . . . . . . . . . . . . . . . . . . . 36 6.1.1 WTP Descriptor . . . . . . . . . . . . . . . . . . . 39
6.1.3 WTP Name . . . . . . . . . . . . . . . . . . . . . . 36 6.1.2 AC Address . . . . . . . . . . . . . . . . . . . . . 39
6.1.4 Location Data . . . . . . . . . . . . . . . . . . . 36 6.1.3 WTP Name . . . . . . . . . . . . . . . . . . . . . . 39
6.1.5 WTP Radio Information . . . . . . . . . . . . . . . 37 6.1.4 Location Data . . . . . . . . . . . . . . . . . . . 39
6.1.6 Certificate . . . . . . . . . . . . . . . . . . . . 37 6.1.5 WTP Radio Information . . . . . . . . . . . . . . . 39
6.1.7 Session ID . . . . . . . . . . . . . . . . . . . . . 37 6.1.6 Certificate . . . . . . . . . . . . . . . . . . . . 40
6.1.8 Test . . . . . . . . . . . . . . . . . . . . . . . . 37 6.1.7 Session ID . . . . . . . . . . . . . . . . . . . . . 40
6.2 Join Response . . . . . . . . . . . . . . . . . . . . . 38 6.1.8 Test . . . . . . . . . . . . . . . . . . . . . . . . 40
6.2.1 Result Code . . . . . . . . . . . . . . . . . . . . 38 6.1.9 WNonce . . . . . . . . . . . . . . . . . . . . . . . 41
6.2.2 Status . . . . . . . . . . . . . . . . . . . . . . . 39 6.1.10 DH-Params . . . . . . . . . . . . . . . . . . . . . 41
6.2.3 Certificate . . . . . . . . . . . . . . . . . . . . 39 6.2 Join Response . . . . . . . . . . . . . . . . . . . . . 42
6.2.4 Session Key . . . . . . . . . . . . . . . . . . . . 39 6.2.1 Result Code . . . . . . . . . . . . . . . . . . . . 42
6.2.5 WTP Manager Data IP Address . . . . . . . . . . . . 40 6.2.2 Status . . . . . . . . . . . . . . . . . . . . . . . 43
6.3 Echo Request . . . . . . . . . . . . . . . . . . . . . . 40 6.2.3 Certificate . . . . . . . . . . . . . . . . . . . . 43
6.4 Echo Response . . . . . . . . . . . . . . . . . . . . . 40 6.2.4 Session Key . . . . . . . . . . . . . . . . . . . . 43
6.5 Key Update Request . . . . . . . . . . . . . . . . . . . 41 6.2.5 WTP Manager Data IP Address . . . . . . . . . . . . 44
6.5.1 Session ID . . . . . . . . . . . . . . . . . . . . . 41 6.2.6 AC List . . . . . . . . . . . . . . . . . . . . . . 44
6.6 Key Update Response . . . . . . . . . . . . . . . . . . 41 6.2.7 ANonce . . . . . . . . . . . . . . . . . . . . . . . 45
6.6.1 Session Key . . . . . . . . . . . . . . . . . . . . 42 6.2.8 PSK-MIC . . . . . . . . . . . . . . . . . . . . . . 45
6.7 Key Update Trigger . . . . . . . . . . . . . . . . . . . 42 6.2.9 DH-Params . . . . . . . . . . . . . . . . . . . . . 46
6.7.1 Session ID . . . . . . . . . . . . . . . . . . . . . 42 6.3 Join ACK . . . . . . . . . . . . . . . . . . . . . . . . 46
7. WTP Configuration Management . . . . . . . . . . . . . . . . 43 6.3.1 Session ID . . . . . . . . . . . . . . . . . . . . . 46
7.1 Configure Request . . . . . . . . . . . . . . . . . . . 43 6.3.2 WNonce . . . . . . . . . . . . . . . . . . . . . . . 46
7.1.1 Administrative State . . . . . . . . . . . . . . . . 43 6.3.3 PSK-MIC . . . . . . . . . . . . . . . . . . . . . . 46
7.1.2 AC Name . . . . . . . . . . . . . . . . . . . . . . 44 6.4 Join Confirm . . . . . . . . . . . . . . . . . . . . . . 46
7.1.3 AC Name with Index . . . . . . . . . . . . . . . . . 44 6.4.1 Session ID . . . . . . . . . . . . . . . . . . . . . 47
7.1.4 WTP Board Data . . . . . . . . . . . . . . . . . . . 44 6.4.2 ANonce . . . . . . . . . . . . . . . . . . . . . . . 47
7.1.5 Statistics Timer . . . . . . . . . . . . . . . . . . 45 6.4.3 PSK-MIC . . . . . . . . . . . . . . . . . . . . . . 47
7.1.6 WTP Static IP Address Information . . . . . . . . . 45 6.5 Echo Request . . . . . . . . . . . . . . . . . . . . . . 47
7.1.7 WTP Reboot Statistics . . . . . . . . . . . . . . . 46 6.6 Echo Response . . . . . . . . . . . . . . . . . . . . . 47
7.2 Configure Response . . . . . . . . . . . . . . . . . . . 46 6.7 Key Update Request . . . . . . . . . . . . . . . . . . . 48
7.2.1 Decryption Error Report Period . . . . . . . . . . . 47 6.7.1 Session ID . . . . . . . . . . . . . . . . . . . . . 48
7.2.2 Change State Event . . . . . . . . . . . . . . . . . 47 6.8 Key Update Response . . . . . . . . . . . . . . . . . . 48
7.2.3 LWAPP Timers . . . . . . . . . . . . . . . . . . . . 48 6.8.1 Session Key . . . . . . . . . . . . . . . . . . . . 49
7.2.4 AC List . . . . . . . . . . . . . . . . . . . . . . 48 6.9 Key Update Trigger . . . . . . . . . . . . . . . . . . . 49
7.2.5 WTP Fallback . . . . . . . . . . . . . . . . . . . . 48 6.9.1 Session ID . . . . . . . . . . . . . . . . . . . . . 49
7.2.6 Idle Timeout . . . . . . . . . . . . . . . . . . . . 49 7. WTP Configuration Management . . . . . . . . . . . . . . . . 50
7.3 Configuration Update Request . . . . . . . . . . . . . . 49 7.1 Configure Request . . . . . . . . . . . . . . . . . . . 50
7.3.1 WTP Name . . . . . . . . . . . . . . . . . . . . . . 49 7.1.1 Administrative State . . . . . . . . . . . . . . . . 50
7.3.2 Change State Event . . . . . . . . . . . . . . . . . 50 7.1.2 AC Name . . . . . . . . . . . . . . . . . . . . . . 51
7.3.3 Administrative State . . . . . . . . . . . . . . . . 50 7.1.3 AC Name with Index . . . . . . . . . . . . . . . . . 51
7.3.4 Statistics Timer . . . . . . . . . . . . . . . . . . 50 7.1.4 WTP Board Data . . . . . . . . . . . . . . . . . . . 51
7.3.5 Location Data . . . . . . . . . . . . . . . . . . . 50 7.1.5 Statistics Timer . . . . . . . . . . . . . . . . . . 52
7.3.6 Decryption Error Report Period . . . . . . . . . . . 50 7.1.6 WTP Static IP Address Information . . . . . . . . . 52
7.3.7 AC List . . . . . . . . . . . . . . . . . . . . . . 50 7.1.7 WTP Reboot Statistics . . . . . . . . . . . . . . . 53
7.3.8 Add Blacklist Entry . . . . . . . . . . . . . . . . 50 7.2 Configure Response . . . . . . . . . . . . . . . . . . . 53
7.3.9 Delete Blacklist Entry . . . . . . . . . . . . . . . 51 7.2.1 Decryption Error Report Period . . . . . . . . . . . 54
7.3.10 Add Static Blacklist Entry . . . . . . . . . . . . . 51 7.2.2 Change State Event . . . . . . . . . . . . . . . . . 54
7.3.11 Delete Static Blacklist Entry . . . . . . . . . . . 52 7.2.3 LWAPP Timers . . . . . . . . . . . . . . . . . . . . 55
7.3.12 LWAPP Timers . . . . . . . . . . . . . . . . . . . . 52 7.2.4 AC List . . . . . . . . . . . . . . . . . . . . . . 55
7.3.13 AC Name with Index . . . . . . . . . . . . . . . . . 52 7.2.5 WTP Fallback . . . . . . . . . . . . . . . . . . . . 55
7.3.14 WTP Fallback . . . . . . . . . . . . . . . . . . . . 52 7.2.6 Idle Timeout . . . . . . . . . . . . . . . . . . . . 56
7.3.15 Idle Timeout . . . . . . . . . . . . . . . . . . . . 52 7.3 Configuration Update Request . . . . . . . . . . . . . . 56
7.4 Configuration Update Response . . . . . . . . . . . . . 52 7.3.1 WTP Name . . . . . . . . . . . . . . . . . . . . . . 56
7.4.1 Result Code . . . . . . . . . . . . . . . . . . . . 53 7.3.2 Change State Event . . . . . . . . . . . . . . . . . 57
7.5 Change State Event Request . . . . . . . . . . . . . . . 53 7.3.3 Administrative State . . . . . . . . . . . . . . . . 57
7.5.1 Change State Event . . . . . . . . . . . . . . . . . 53 7.3.4 Statistics Timer . . . . . . . . . . . . . . . . . . 57
7.6 Change State Event Response . . . . . . . . . . . . . . 53 7.3.5 Location Data . . . . . . . . . . . . . . . . . . . 57
7.7 Clear Config Indication . . . . . . . . . . . . . . . . 54 7.3.6 Decryption Error Report Period . . . . . . . . . . . 57
8. Device Management Operations . . . . . . . . . . . . . . . . 55 7.3.7 AC List . . . . . . . . . . . . . . . . . . . . . . 57
8.1 Image Data Request . . . . . . . . . . . . . . . . . . . 55 7.3.8 Add Blacklist Entry . . . . . . . . . . . . . . . . 57
8.1.1 Image Download . . . . . . . . . . . . . . . . . . . 55 7.3.9 Delete Blacklist Entry . . . . . . . . . . . . . . . 58
8.1.2 Image Data . . . . . . . . . . . . . . . . . . . . . 55 7.3.10 Add Static Blacklist Entry . . . . . . . . . . . . . 58
8.2 Image Data Response . . . . . . . . . . . . . . . . . . 56 7.3.11 Delete Static Blacklist Entry . . . . . . . . . . . 59
8.3 Reset Request . . . . . . . . . . . . . . . . . . . . . 56 7.3.12 LWAPP Timers . . . . . . . . . . . . . . . . . . . . 59
8.4 Reset Response . . . . . . . . . . . . . . . . . . . . . 56 7.3.13 AC Name with Index . . . . . . . . . . . . . . . . . 59
8.5 WTP Event Request . . . . . . . . . . . . . . . . . . . 56 7.3.14 WTP Fallback . . . . . . . . . . . . . . . . . . . . 59
8.5.1 Decryption Error Report . . . . . . . . . . . . . . 57 7.3.15 Idle Timeout . . . . . . . . . . . . . . . . . . . . 59
8.5.2 Duplicate IP Address . . . . . . . . . . . . . . . . 57 7.4 Configuration Update Response . . . . . . . . . . . . . 59
8.6 WTP Event Response . . . . . . . . . . . . . . . . . . . 58 7.4.1 Result Code . . . . . . . . . . . . . . . . . . . . 60
8.7 Data Transfer Request . . . . . . . . . . . . . . . . . 58 7.5 Change State Event Request . . . . . . . . . . . . . . . 60
8.7.1 Data Transfer Mode . . . . . . . . . . . . . . . . . 58 7.5.1 Change State Event . . . . . . . . . . . . . . . . . 60
8.7.2 Data Transfer Data . . . . . . . . . . . . . . . . . 59 7.6 Change State Event Response . . . . . . . . . . . . . . 60
8.8 Data Transfer Response . . . . . . . . . . . . . . . . . 59 7.7 Clear Config Indication . . . . . . . . . . . . . . . . 61
9. Mobile Session Management . . . . . . . . . . . . . . . . . 60 8. Device Management Operations . . . . . . . . . . . . . . . . 62
9.1 Mobile Config Request . . . . . . . . . . . . . . . . . 60 8.1 Image Data Request . . . . . . . . . . . . . . . . . . . 62
9.1.1 Delete Mobile . . . . . . . . . . . . . . . . . . . 60 8.1.1 Image Download . . . . . . . . . . . . . . . . . . . 62
9.2 Mobile Config Response . . . . . . . . . . . . . . . . . 61 8.1.2 Image Data . . . . . . . . . . . . . . . . . . . . . 62
9.2.1 Result Code . . . . . . . . . . . . . . . . . . . . 61 8.2 Image Data Response . . . . . . . . . . . . . . . . . . 63
10. Session Key Generation . . . . . . . . . . . . . . . . . . 62 8.3 Reset Request . . . . . . . . . . . . . . . . . . . . . 63
10.1 Securing WTP-AC communications . . . . . . . . . . . . . 62 8.4 Reset Response . . . . . . . . . . . . . . . . . . . . . 63
10.2 LWAPP Frame Encryption . . . . . . . . . . . . . . . . . 63 8.5 WTP Event Request . . . . . . . . . . . . . . . . . . . 63
10.3 Authenticated Key Exchange . . . . . . . . . . . . . . . 63 8.5.1 Decryption Error Report . . . . . . . . . . . . . . 64
10.4 Refreshing Cryptographic Keys . . . . . . . . . . . . . 65 8.5.2 Duplicate IP Address . . . . . . . . . . . . . . . . 64
11. IEEE 802.11 Binding . . . . . . . . . . . . . . . . . . . 67 8.6 WTP Event Response . . . . . . . . . . . . . . . . . . . 65
11.1 Transport specific bindings . . . . . . . . . . . . . . 67 8.7 Data Transfer Request . . . . . . . . . . . . . . . . . 65
11.1.1 Status and WLANS field . . . . . . . . . . . . . . . 67 8.7.1 Data Transfer Mode . . . . . . . . . . . . . . . . . 65
11.2 Data Message bindings . . . . . . . . . . . . . . . . . 68 8.7.2 Data Transfer Data . . . . . . . . . . . . . . . . . 66
11.3 Control Message bindings . . . . . . . . . . . . . . . . 68 8.8 Data Transfer Response . . . . . . . . . . . . . . . . . 66
11.3.1 Mobile Config Request . . . . . . . . . . . . . . . 68 9. Mobile Session Management . . . . . . . . . . . . . . . . . 67
11.3.2 WTP Event Request . . . . . . . . . . . . . . . . . 72 9.1 Mobile Config Request . . . . . . . . . . . . . . . . . 67
11.4 802.11 Control Messages . . . . . . . . . . . . . . . . 74 9.1.1 Delete Mobile . . . . . . . . . . . . . . . . . . . 67
11.4.1 IEEE 802.11 WLAN Config Request . . . . . . . . . . 74 9.2 Mobile Config Response . . . . . . . . . . . . . . . . . 68
11.4.2 IEEE 802.11 WLAN Config Response . . . . . . . . . . 78 9.2.1 Result Code . . . . . . . . . . . . . . . . . . . . 68
11.4.3 IEEE 802.11 WTP Event . . . . . . . . . . . . . . . 78 10. Session Key Generation . . . . . . . . . . . . . . . . . . 69
11.5 Message Element Bindings . . . . . . . . . . . . . . . . 79 10.1 Securing WTP-AC communications . . . . . . . . . . . . . 69
11.5.1 IEEE 802.11 WTP WLAN Radio Configuration . . . . . . 80 10.2 LWAPP Frame Encryption . . . . . . . . . . . . . . . . . 70
11.5.2 IEEE 802.11 Rate Set . . . . . . . . . . . . . . . . 81 10.3 Authenticated Key Exchange . . . . . . . . . . . . . . . 71
11.5.3 IEEE 802.11 Multi-domain Capability . . . . . . . . 82 10.3.1 Certificate Based Approach . . . . . . . . . . . . . 71
11.5.4 IEEE 802.11 MAC Operation . . . . . . . . . . . . . 82 10.3.2 Pre-Shared Key Approach . . . . . . . . . . . . . . 74
11.5.5 IEEE 802.11 Tx Power . . . . . . . . . . . . . . . . 84 11. IEEE 802.11 Binding . . . . . . . . . . . . . . . . . . . 78
11.5.6 IEEE 802.11 Tx Power Level . . . . . . . . . . . . . 84 11.1 Division of labor . . . . . . . . . . . . . . . . . . . 78
11.5.7 IEEE 802.11 Direct Sequence Control . . . . . . . . 84 11.1.1 Split MAC . . . . . . . . . . . . . . . . . . . . . 78
11.5.8 IEEE 802.11 OFDM Control . . . . . . . . . . . . . . 85 11.1.2 Local MAC . . . . . . . . . . . . . . . . . . . . . 79
11.5.9 IEEE 802.11 Antenna . . . . . . . . . . . . . . . . 86 11.2 Transport specific bindings . . . . . . . . . . . . . . 79
11.5.10 IEEE 802.11 Supported Rates . . . . . . . . . . . 86 11.2.1 Status and WLANS field . . . . . . . . . . . . . . . 79
11.5.11 IEEE 802.11 CFP Status . . . . . . . . . . . . . . 87 11.3 Data Message bindings . . . . . . . . . . . . . . . . . 80
11.5.12 IEEE 802.11 WTP Mode and Type . . . . . . . . . . 87 11.4 Control Message bindings . . . . . . . . . . . . . . . . 80
11.5.13 IEEE 802.11 Broadcast Probe Mode . . . . . . . . . 88 11.4.1 Mobile Config Request . . . . . . . . . . . . . . . 80
11.5.14 IEEE 802.11 WTP Quality of Service . . . . . . . . 88 11.4.2 WTP Event Request . . . . . . . . . . . . . . . . . 85
11.5.15 IEEE 802.11 MIC Error Report From Mobile . . . . . 89 11.5 802.11 Control Messages . . . . . . . . . . . . . . . . 87
11.6 IEEE 802.11 Message Element Values . . . . . . . . . . . 90 11.5.1 IEEE 802.11 WLAN Config Request . . . . . . . . . . 87
12. LWAPP Protocol Timers . . . . . . . . . . . . . . . . . . 91 11.5.2 IEEE 802.11 WLAN Config Response . . . . . . . . . . 91
12.1 MaxDiscoveryInterval . . . . . . . . . . . . . . . . . . 91 11.5.3 IEEE 802.11 WTP Event . . . . . . . . . . . . . . . 91
12.2 SilentInterval . . . . . . . . . . . . . . . . . . . . . 91 11.6 Message Element Bindings . . . . . . . . . . . . . . . . 92
12.3 NeighborDeadInterval . . . . . . . . . . . . . . . . . . 91 11.6.1 IEEE 802.11 WTP WLAN Radio Configuration . . . . . . 93
12.4 EchoInterval . . . . . . . . . . . . . . . . . . . . . . 91 11.6.2 IEEE 802.11 Rate Set . . . . . . . . . . . . . . . . 94
12.5 DiscoveryInterval . . . . . . . . . . . . . . . . . . . 91 11.6.3 IEEE 802.11 Multi-domain Capability . . . . . . . . 95
12.6 RetransmitInterval . . . . . . . . . . . . . . . . . . . 91 11.6.4 IEEE 802.11 MAC Operation . . . . . . . . . . . . . 95
12.7 ResponseTimeout . . . . . . . . . . . . . . . . . . . . 92 11.6.5 IEEE 802.11 Tx Power . . . . . . . . . . . . . . . . 97
12.8 KeyLifetime . . . . . . . . . . . . . . . . . . . . . . 92 11.6.6 IEEE 802.11 Tx Power Level . . . . . . . . . . . . . 97
13. LWAPP Protocol Variables . . . . . . . . . . . . . . . . . 93 11.6.7 IEEE 802.11 Direct Sequence Control . . . . . . . . 97
13.1 MaxDiscoveries . . . . . . . . . . . . . . . . . . . . . 93 11.6.8 IEEE 802.11 OFDM Control . . . . . . . . . . . . . . 98
13.2 DiscoveryCount . . . . . . . . . . . . . . . . . . . . . 93 11.6.9 IEEE 802.11 Antenna . . . . . . . . . . . . . . . . 99
13.3 RetransmitCount . . . . . . . . . . . . . . . . . . . . 93 11.6.10 IEEE 802.11 Supported Rates . . . . . . . . . . . 99
13.4 MaxRetransmit . . . . . . . . . . . . . . . . . . . . . 93 11.6.11 IEEE 802.11 CFP Status . . . . . . . . . . . . . . 100
14. Security Considerations . . . . . . . . . . . . . . . . . 94 11.6.12 IEEE 802.11 WTP Mode and Type . . . . . . . . . . 100
15. IANA Considerations . . . . . . . . . . . . . . . . . . . 95 11.6.13 IEEE 802.11 Broadcast Probe Mode . . . . . . . . . 101
16. IPR Statement . . . . . . . . . . . . . . . . . . . . . . 96 11.6.14 IEEE 802.11 WTP Quality of Service . . . . . . . . 101
17. References . . . . . . . . . . . . . . . . . . . . . . . . 97 11.6.15 IEEE 802.11 MIC Error Report From Mobile . . . . . 102
17.1 Normative References . . . . . . . . . . . . . . . . . . 97 11.7 IEEE 802.11 Message Element Values . . . . . . . . . . . 103
17.2 Informational References . . . . . . . . . . . . . . . . 97 12. LWAPP Protocol Timers . . . . . . . . . . . . . . . . . . 104
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 98 12.1 MaxDiscoveryInterval . . . . . . . . . . . . . . . . . . 104
Intellectual Property and Copyright Statements . . . . . . . 100 12.2 SilentInterval . . . . . . . . . . . . . . . . . . . . . 104
12.3 NeighborDeadInterval . . . . . . . . . . . . . . . . . . 104
12.4 EchoInterval . . . . . . . . . . . . . . . . . . . . . . 104
12.5 DiscoveryInterval . . . . . . . . . . . . . . . . . . . 104
12.6 RetransmitInterval . . . . . . . . . . . . . . . . . . . 104
12.7 ResponseTimeout . . . . . . . . . . . . . . . . . . . . 105
12.8 KeyLifetime . . . . . . . . . . . . . . . . . . . . . . 105
13. LWAPP Protocol Variables . . . . . . . . . . . . . . . . . 106
13.1 MaxDiscoveries . . . . . . . . . . . . . . . . . . . . . 106
13.2 DiscoveryCount . . . . . . . . . . . . . . . . . . . . . 106
13.3 RetransmitCount . . . . . . . . . . . . . . . . . . . . 106
13.4 MaxRetransmit . . . . . . . . . . . . . . . . . . . . . 106
14. Security Considerations . . . . . . . . . . . . . . . . . 107
14.1 Certificate based Session Key establishment . . . . . . 107
14.2 PSK based Session Key establishment . . . . . . . . . . 108
15. IANA Considerations . . . . . . . . . . . . . . . . . . . 109
16. IPR Statement . . . . . . . . . . . . . . . . . . . . . . 110
17. References . . . . . . . . . . . . . . . . . . . . . . . . 111
17.1 Normative References . . . . . . . . . . . . . . . . . . 111
17.2 Informational References . . . . . . . . . . . . . . . . 112
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 112
Intellectual Property and Copyright Statements . . . . . . . 114
1. Introduction 1. Introduction
Unlike wired network elements, Wireless Termination Points (WTPs) Unlike wired network elements, Wireless Termination Points (WTPs)
require a set of management and control functions related to their require a set of dynamic management and control functions related to
primary task of connecting the wireless and wired mediums. Today, their primary task of connecting the wireless and wired mediums.
protocols for managing WTPs are either Layer 2 specific or Today, protocols for managing WTPs are either manual static
non-existent (if the WTPs are self-contained). The emergence of configuration via HTTP, proprietary Layer 2 specific or non-existent
simple 802.11 WTPs that are managed by a WLAN appliance or switch (if the WTPs are self-contained). The emergence of simple 802.11
(also known as an Access Controller, or AC) suggests that having a WTPs that are managed by a WLAN appliance or switch (also known as an
standardized, interoperable protocol could radically simplify the Access Controller, or AC) suggests that having a standardized,
deployment and management of wireless networks. In many cases the interoperable protocol could radically simplify the deployment and
overall control and management functions themselves are generic and management of wireless networks. In many cases the overall control
could apply to any wireless Layer 2 protocol. Being independent of and management functions themselves are generic and could apply to an
specific wireless Layer 2 technologies, such a protocol could better AP for any wireless Layer 2 protocol. Being independent of specific
support interoperability between Layer 2 devices and enable smoother wireless Layer 2 technologies, such a protocol could better support
interoperability between Layer 2 devices and enable smoother
intertechnology handovers. intertechnology handovers.
The details of how these functions would be implemented are dependent The details of how these functions would be implemented are dependent
on the particular Layer 2 wireless technology. Such a protocol would on the particular Layer 2 wireless technology. Such a protocol would
need provisions for binding to specific technologies. need provisions for binding to specific technologies.
LWAPP assumes a network configuration that consists of multiple WTPs LWAPP assumes a network configuration that consists of multiple WTPs
communicating either via layer 2 (MAC) or layer 3 (IP) to an AC. The communicating either via layer 2 (MAC) or layer 3 (IP) to an AC. The
WTP can be considered as remote RF interfaces, being controlled by WTPs can be considered as remote RF interfaces, being controlled by
the AC. The AC forwards all L2 frames it wants to transmit to an WTP the AC. The AC forwards all L2 frames it wants to transmit to an WTP
via the LWAPP protocol. Packets from mobile nodes are forwarded by via the LWAPP protocol. Packets from mobile nodes are forwarded by
the WTP to the AC, also via this protocol. Figure 1 illustrates this the WTP to the AC, also via this protocol. Figure 1 illustrates this
arrangement as applied to an IEEE 802.11 binding. arrangement as applied to an IEEE 802.11 binding.
+-+ 802.11frames +-+ +-+ 802.11frames +-+
| |--------------------------------| | | |--------------------------------| |
| | +-+ | | | | +-+ | |
| |--------------| |---------------| | | |--------------| |---------------| |
| | 802.11 PHY/ | | LWAPP | | | | 802.11 PHY/ | | LWAPP | |
skipping to change at page 8, line 25 skipping to change at page 9, line 26
the AC may also provide centralized encryption of user traffic. the AC may also provide centralized encryption of user traffic.
This will permit reduced cost and higher efficiency when applying This will permit reduced cost and higher efficiency when applying
the capabilities of network processing silicon to the wireless the capabilities of network processing silicon to the wireless
network, as it has already been applied to wired LANs. network, as it has already been applied to wired LANs.
2. Permit shifting of the higher level protocol processing burden 2. Permit shifting of the higher level protocol processing burden
away from the WTP. This leaves the computing resource of the WTP away from the WTP. This leaves the computing resource of the WTP
to the timing critical applications of wireless control and to the timing critical applications of wireless control and
access. This makes the most efficient use of the computing power access. This makes the most efficient use of the computing power
available in WTPs that are the subject of severe cost pressure. available in WTPs that are the subject of severe cost pressure.
3. Providing a generic encapsulation and transport mechanism, the 3. Providing a generic encapsulation and transport mechanism, the
protocol may be applied to other access point protocols in the protocol may be applied to other access point type in the future
future by adding the binding. by adding the binding.
The LWAPP protocol concerns itself solely on the interface between The LWAPP protocol concerns itself solely with the interface between
the WTP and the AC. Inter-AC, or mobile to AC communication is the WTP and the AC. Inter-AC, or mobile to AC communication is
strictly outside the scope of this document. strictly outside the scope of this document.
1.1 Conventions used in this document 1.1 Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [1]. document are to be interpreted as described in RFC 2119 [1].
2. Protocol Overview 2. Protocol Overview
skipping to change at page 9, line 21 skipping to change at page 10, line 21
LWAPP messages and procedures defined in this document apply to both LWAPP messages and procedures defined in this document apply to both
types of transports unless specified otherwise. Transport types of transports unless specified otherwise. Transport
independence is achieved by defining formats for both MAC level and independence is achieved by defining formats for both MAC level and
IP level transport (see Section 3). Also defined are framing, IP level transport (see Section 3). Also defined are framing,
fragmentation/reassembly, and multiplexing services to LWAPP for each fragmentation/reassembly, and multiplexing services to LWAPP for each
transport type. transport type.
The LWAPP Transport layer carries two types of payload. LWAPP Data The LWAPP Transport layer carries two types of payload. LWAPP Data
Messages are forwarded wireless frames. LWAPP Control Messages are Messages are forwarded wireless frames. LWAPP Control Messages are
management messages exchanged between an WTP and is AC. The LWAPP management messages exchanged between an WTP and an AC. The LWAPP
transport header defines the "C-bit", which is used to distinguish transport header defines the "C-bit", which is used to distinguish
data and control traffic. When used over IP, the LWAPP data and data and control traffic. When used over IP, the LWAPP data and
control traffic are also sent over separate UDP ports. Since both control traffic are also sent over separate UDP ports. Since both
data and control frames can exceed PMTU, the payload of an LWAPP data data and control frames can exceed PMTU, the payload of an LWAPP data
or control message can be fragmented. The fragmentation behavior is or control message can be fragmented. The fragmentation behavior is
highly dependent upon the lower layer transport and is defined in highly dependent upon the lower layer transport and is defined in
Section 3. Section 3.
Layer 2 LWAPP Data Frame
+-----------------------------------------------------------+
| MAC Header | LWAPP Header [C=0] | Forwarded Data ... |
+-----------------------------------------------------------+
Layer 3 LWAPP Data Frame
+--------------------------------------------+
| MAC Header | IP | UDP | LWAPP Header [C=0] |
+--------------------------------------------+
|Forwarded Data ... |
+-------------------+
Layer 2 LWAPP Control Frame
+---------------------------------------------------+
| MAC Header | LWAPP Header [C=1] | Control Message |
+---------------------------------------------------+
| Message Elements ... |
+----------------------+
Layer 3 LWAPP Control Frame
+--------------------------------------------+
| MAC Header | IP | UDP | LWAPP Header [C=1] |
+--------------------------------------------+
| Control Message | Message Elements ... |
+-----------------+----------------------+
The Light Weight Access Protocol (LWAPP) begins with a discovery The Light Weight Access Protocol (LWAPP) begins with a discovery
phase. The WTPs send a Discovery Request frame, causing any Access phase. The WTPs send a Discovery Request frame, causing any Access
Controller (AC) , receiving that frame to respond with a Discovery Controller (AC) , receiving that frame to respond with a Discovery
Response. From the Discovery Responses received, an WTP will select Response. From the Discovery Responses received, an WTP will select
an AC with which to associate, using the Join Request and Join an AC with which to associate, using the Join Request and Join
Response. The Join Request also provides an MTU discovery mechanism, Response. The Join Request also provides an MTU discovery mechanism,
to determine whether there is support for the transport of large to determine whether there is support for the transport of large
frames between the WTP and it's AC. If support for large frames is frames between the WTP and it's AC. If support for large frames is
not present, the LWAPP frames will be fragmented to the maximum not present, the LWAPP frames will be fragmented to the maximum
length discovered to be supported by the network. length discovered to be supported by the network.
skipping to change at page 11, line 15 skipping to change at page 11, line 36
2.1 Wireless Binding Definition 2.1 Wireless Binding Definition
This draft standard specifies a protocol independent of a specific This draft standard specifies a protocol independent of a specific
wireless access point radio technology. Elements of the protocol are wireless access point radio technology. Elements of the protocol are
designed to accommodate specific needs of each wireless technology in designed to accommodate specific needs of each wireless technology in
a standard way. Implementation of this standard for a particular a standard way. Implementation of this standard for a particular
wireless technology must follow the binding requirements defined for wireless technology must follow the binding requirements defined for
that technology. This specification includes a binding for the IEEE that technology. This specification includes a binding for the IEEE
802.11 (see Section 11). 802.11 (see Section 11).
When defining a bindings for other technologies, the authors MUST When defining a binding for other technologies, the authors MUST
include any necessary definitions for technology-specific messages include any necessary definitions for technology-specific messages
and all technology-specific message elements for those messages. At and all technology-specific message elements for those messages. At
a minimum, a binding MUST provide definition of binding-specific a minimum, a binding MUST provide the definition for a
Statistics message element, which is carried in the WTP Event Request binding-specific Statistics message element, which is carried in the
message, and Add Mobile message element, which is carried in the WTP Event Request message, and Add Mobile message element, which is
Mobile Configure Request. If any technology specific message carried in the Mobile Configure Request. If any technology specific
elements are required for any of the existing LWAPP messages defined message elements are required for any of the existing LWAPP messages
in this specification, they MUST also be defined in the technology defined in this specification, they MUST also be defined in the
binding document. technology binding document.
The naming of binding-specific message elements MUST begin with the The naming of binding-specific message elements MUST begin with the
name of the technology type, e.g., the binding for IEEE 802.11, name of the technology type, e.g., the binding for IEEE 802.11,
provided in this standard, begins with "IEEE 802.11"." provided in this standard, begins with "IEEE 802.11"."
2.2 LWAPP State Machine Definition 2.2 LWAPP State Machine Definition
The following state diagram represents the lifecycle of an WTP-AC The following state diagram represents the lifecycle of an WTP-AC
session: session:
/-------------\ /-------------\
| v | v
| +------+ | +------------+
| C| Idle |<-------------------------------------\ | C| Idle |<-----------------------------------\
| +------+<--------------------------\ | | +------------+<-----------------------\ |
| ^ | ^ | | | ^ |a ^ | |
| | | \---------------\ | | | | | \----\ | |
| | | | | | | | | |t u | |
| / | +---------+-->+------------+ | | | | +-----------+------>+------------+ |
| / | C| Run | | Key Update | | | / | C| Run | | Key Update | |
| / | +---------+<--+------------+ | | / | r+-----------+<------+------------+ |
| / v | ^ | | | | / | ^ |s w x| |
| | +-----------+ | | | v | | | v | | | |
| | C| Discovery |<--------/ | \------------>+-------+ | | +--------------+ | | v |y
| | +-----------+ +-----------+ | Reset | | | C| Discovery | q| \--------------->+-------+
| | | \ ^ /-->| Configure |------->+-------+ | | b+--------------+ +-------------+ | Reset |
| | v \ \ / +-----------+ ^ | | |d f| ^ | Configure |------->+-------+
| +---------+ v \ / | | | | | | +-------------+p ^
| C| Sulking | +------+ | | |e v | | ^ ^ |
| +---------+ C| Join |----------------------\ | | +---------+ v |i |k 2| |
| +------+ v | | C| Sulking | +------------+ +--------------+ |
\ | +------------+ | +---------+ C| Join |--->| Join-Confirm | |
\-----------------/ C| Image Data | | g+------------+z +--------------+ |
+------------+ | |h m| 3| |4 |
| | | | v |o
|\ | | | +------------+
\\-----------------/ \--------+---->| Image Data |C
\------------------------------------/ +------------+n
Figure 3: LWAPP State Machine Figure 2: LWAPP State Machine
The LWAPP state machine, depicted above, is used by both the AC and The LWAPP state machine, depicted above, is used by both the AC and
the WTP. For every state defined, only certain messages are the WTP. For every state defined, only certain messages are
permitted to be sent and received. In all of the LWAPP control permitted to be sent and received. In all of the LWAPP control
messages defined in this specification, the specific state for which messages defined in this document, the state for which each command
they are valid is specified. is valid is specified.
Note that in the state diagram figure above, the 'C' character is Note that in the state diagram figure above, the 'C' character is
used to represent a condition that causes the state to remain the used to represent a condition that causes the state to remain the
same. same.
The following text discusses the various state transitions, and the The following text discusses the various state transitions, and the
events that cause them. events that cause them.
Idle to Discovery: This is the initialization state. Idle to Discovery (a): This is the initialization state.
WTP: The WTP enters the Discovery state prior to transmitting the WTP: The WTP enters the Discovery state prior to transmitting the
first Discovery Request (see Section 5.1). Upon entering this first Discovery Request (see Section 5.1). Upon entering this
state, the WTP sets the DiscoveryInterval timer (see state, the WTP sets the DiscoveryInterval timer (see
Section 12). The WTP resets the DiscoveryCount counter to zero Section 12). The WTP resets the DiscoveryCount counter to zero
(0) (see Section 13). The WTP also clears all information from (0) (see Section 13). The WTP also clears all information from
ACs (e.g., AC Addresses) it may have received during a previous ACs (e.g., AC Addresses) it may have received during a previous
Discovery phase. Discovery phase.
AC: The AC does not need to maintain state information for the WTP AC: The AC does not need to maintain state information for the WTP
upon reception of the Discovery Request, but it MUST respond upon reception of the Discovery Request, but it MUST respond
with a Discovery Response (see Section 5.2). with a Discovery Response (see Section 5.2).
Discovery to Discovery: This is the state the WTP uses to determine Discovery to Discovery (b): This is the state the WTP uses to
which AC it wishes to connect to. determine which AC it wishes to connect to.
WTP: This event occurs when the DiscoveryInterval timer expires. WTP: This event occurs when the DiscoveryInterval timer expires.
The WTP transmits a Discovery Request to every AC which the WTP The WTP transmits a Discovery Request to every AC which the WTP
hasn't received a response to. For every transition to this hasn't received a response to. For every transition to this
event, the WTP increments DisoveryCount counter. See event, the WTP increments DisoveryCount counter. See
Section 5.1) for more information on how the WTP knows which Section 5.1) for more information on how the WTP knows which
ACs it should transmit the Discovery Requests to. The WTP ACs it should transmit the Discovery Requests to. The WTP
restarts the DiscoveryInterval timer. restarts the DiscoveryInterval timer.
AC: This is a noop. AC: This is a noop.
Discovery to Sulking: This state occurs on a WTP when Discovery or Discovery to Sulking (d): This state occurs on a WTP when Discovery
connectivity to the AC fails. or connectivity to the AC fails.
WTP: The WTP enters this state when the DiscoveryInterval timer WTP: The WTP enters this state when the DiscoveryInterval timer
expires and the DiscoveryCount variable is equal to the expires and the DiscoveryCount variable is equal to the
MaxDiscoveries variable (see Section 13). Upon entering this MaxDiscoveries variable (see Section 13). Upon entering this
state, the WTP will start the SilentInterval timer. While in state, the WTP will start the SilentInterval timer. While in
the Sulking state, all LWAPP messages received are ignored. the Sulking state, all LWAPP messages received are ignored.
AC: This is a noop. AC: This is a noop.
Sulking to Idle: This state occurs on a WTP when it must restart the Sulking to Idle (e): This state occurs on a WTP when it must restart
discovery phase. the discovery phase.
WTP: The WTP enters this state when the SilentInterval timer (see WTP: The WTP enters this state when the SilentInterval timer (see
Section 12) expires. Section 12) expires.
AC: This is a noop. AC: This is a noop.
Discovery to Join: This state is used by the WTP to confirm its Discovery to Join (f): This state is used by the WTP to confirm its
commitment to an AC that it wishes to be provided service. commitment to an AC that it wishes to be provided service.
WTP: The WTP selects the best AC based on the information it WTP: The WTP selects the best AC based on the information it
gathered during the Discovery Phase. It then transmits a Join gathered during the Discovery Phase. It then transmits a Join
Request (see Section 6.1 to its preferred AC. The WTP starts Request (see Section 6.1 to its preferred AC. The WTP starts
the WaitJoin Timer (see Section 12). the WaitJoin Timer (see Section 12).
AC: The AC enters this state for the given WTP upon reception of a AC: The AC enters this state for the given WTP upon reception of a
Join Request. The WTP processes the request and responds with Join Request. The AC processes the request and responds with a
a Join Response. Join Response.
Join to Join: This state transition during the join phase. Join to Join (g): This state transition occurs during the join phase.
WTP: The WTP enters this state when the WaitJoin timer expires, WTP: The WTP enters this state when the WaitJoin timer expires,
and the underlying transport requires LWAPP MTU detection and the underlying transport requires LWAPP MTU detection
Section 3). Section 3).
AC: This state occurs when the AC receives a retransmission of a AC: This state occurs when the AC receives a retransmission of a
Join Request. The WTP processes the request and responds with Join Request. The WTP processes the request and responds with
the Join Response.. the Join Response..
Join to Idle: This state is used when the join process failed. Join to Idle (h): This state is used when the join process failed.
WTP: This state transition is invalid. WTP: This state transition occurs if the WTP is configured to use
PSK security and receives a Join Response that includes an
invalid PSK-MIC message element.
AC: The AC enters this state when it transmits an unsuccessful AC: The AC enters this state when it transmits an unsuccessful
Join Response. Join Response.
Join to Discovery (i): This state is used when the join process
Join to Discovery: This state is used when the join process failed. failed.
WTP: The WTP enters this state when it receives an unsuccessful WTP: The WTP enters this state when it receives an unsuccessful
Join Response. Upon entering this state, the WTP sets the Join Response. Upon entering this state, the WTP sets the
DiscoveryInterval timer (see Section 12). The WTP resets the DiscoveryInterval timer (see Section 12). The WTP resets the
DiscoveryCount counter to zero (0) (see Section 13). DiscoveryCount counter to zero (0) (see Section 13). This
state transition may also occur if the PSK-MIC (see
Section 6.2.8) message element is invalid.
AC: This state transition is invalid. AC: This state transition is invalid.
Join to Configure: This state is used by the WTP and the AC to Join to Join-Confirm (z): This state is used solely with the LWAPP
PSK Mode, and is used for the purposes of key confirmation.
WTP: This state is entered when the WTP receives a Join Response
that includes a valid PSK-MIC message element. The WTP MUST
respond with a Join ACK, which is used to provide key
confirmation.
AC: The AC enters this state when it receives a Join ACK that
includes a valid PSK-MIC message element. The AC MUST respond
with a Join Confirm message, which includes the Session Key
message element.
Join to Configure (k): This state is used by the WTP and the AC to
exchange configuration information. exchange configuration information.
WTP: The WTP enters this state when it receives a successful Join WTP: The WTP enters this state when it receives a successful Join
Response, and determines that its version number and the Response, and determines that its version number and the
version number advertised by the AC are the same. The WTP version number advertised by the AC are the same. The WTP
transmits the Configure Request (see Section 7.1) message to transmits the Configure Request (see Section 7.1) message to
the AC with a snapshot of its current configuration. The WTP the AC with a snapshot of its current configuration. This
also starts the ResponseTimeout timer (see Section 12). state transition is only valid when the Certificate message
AC: This state transition transition occurs when the AC receives element is present in the Join Response, and not if the PSK-MIC
the Configure Request from the WTP. The AC must transmit a message element is present. The WTP also starts the
ResponseTimeout timer (see Section 12).
AC: This state transition occurs when the AC receives the
Configure Request from the WTP. Note that the AC MUST only
allow this state transition if the Join process used
certificate based security, through the presence on the
Certificate message element. The AC must transmit a Configure
Response (see Section 7.2) to the WTP, and may include specific
message elements to override the WTP's configuration.
Join to Image Data (m): This state is used by the WTP and the AC to
download executable firmware.
WTP: The WTP enters this state when it receives a successful Join
Response, and determines that its version number and the
version number advertised by the AC are different. This state
transition is only valid when the Certificate message element
is present in the Join Response, and not if the PSK-MIC message
element is present. The WTP transmits the Image Data Request
(see Section 8.1) message requesting that the AC's latest
firmware be initiated.
AC: This state transition occurs when the AC receives the Image
Data Request from the WTP. Note that the AC MUST only allow
this state transition if the Join process used certificate
based security, through the presence on the Certificate message
element. The AC must transmit a Image Data Response (see
Section 8.2) to the WTP, which includes a portion of the
firmware.
Join-Confirm to Idle (3): This state is used when the join process
failed.
WTP: This state transition occurs when the WTP receives an invalid
Join Confirm.
AC: The AC enters this state when it receives an invalid Join ACK.
Join-Confirm to Configure (2): This state is used by the WTP and the
AC to exchange configuration information.
WTP: The WTP enters this state when it receives a successful Join
Confirm, and determines that its version number and the version
number advertised by the AC are the same. The WTP transmits
the Configure Request (see Section 7.1) message to the AC with
a snapshot of its current configuration. The WTP also starts
the ResponseTimeout timer (see Section 12).
AC: This state transition occurs when the AC receives the
Configure Request from the WTP. The AC must transmit a
Configure Response (see Section 7.2) to the WTP, and may Configure Response (see Section 7.2) to the WTP, and may
include specific message elements to override the WTP's include specific message elements to override the WTP's
configuration. configuration.
Join to Image Data: This state is used by the WTP and the AC to Join-Confirm to Image Data (4): This state is used by the WTP and the
download executable firmware. AC to download executable firmware.
WTP: The WTP enters this state when it receives a successful Join WTP: The WTP enters this state when it receives a successful Join
Response, and determines that its version number and the Confirm, and determines that its version number and the version
version number advertised by the AC are different. The WTP number advertised by the AC are different. The WTP transmits
transmits the Image Data Request (see Section 8.1) message the Image Data Request (see Section 8.1) message requesting
requesting that the AC's latest firmware be initiated. that the AC's latest firmware be initiated.
AC: This state transition transition occurs when the AC receives AC: This state transition occurs when the AC receives the Image
the Image Data Request from the WTP. The AC must transmit a Data Request from the WTP. The AC must transmit a Image Data
Image Data Response (see Section 8.2) to the WTP, which Response (see Section 8.2) to the WTP, which includes a portion
includes a portion of the firmware. of the firmware.
Image Data to Image Data: This state is used by WTP and the AC during
the firmware download phase. Image Data to Image Data (n): This state is used by WTP and the AC
during the firmware download phase.
WTP: The WTP enters this state when it receives a Image Data WTP: The WTP enters this state when it receives a Image Data
Response that indicates that the AC has more data to send. Response that indicates that the AC has more data to send.
AC: This state transition transition occurs when the AC receives AC: This state transition occurs when the AC receives the Image
the Image Data Request from the WTP while already in this Data Request from the WTP while already in this state, and it
state, and it detects that the firmware download has not detects that the firmware download has not completed.
completed. Image Data to Reset (o): This state is used when the firmware
Image Data to Reset: This state is used when the firmware download is download is completed.
completed.
WTP: The WTP enters this state when it receives a Image Data WTP: The WTP enters this state when it receives a Image Data
Response that indicates that the AC has no more data to send, Response that indicates that the AC has no more data to send,
or if the underlying LWAPP transport indicates a link failure. or if the underlying LWAPP transport indicates a link failure.
At this point, the WTP reboots itself. At this point, the WTP reboots itself.
AC: This state transition occurs when the AC receives the Image AC: This state transition occurs when the AC receives the Image
Data Request from the WTP while already in this state, and it Data Request from the WTP while already in this state, and it
detects that the firmware download has completed, or if the detects that the firmware download has completed, or if the
underlying LWAPP transport indicates a link failure. Note that underlying LWAPP transport indicates a link failure. Note that
the AC itself does not reset, but it places the specific WTPs the AC itself does not reset, but it places the specific WTPs
context it is communicating with in the reset state, meaning context it is communicating with in the reset state, meaning
that it clears all state associated with the WTP. that it clears all state associated with the WTP.
Configure to Reset: This state transition occurs if the Configure Configure to Reset (p): This state transition occurs if the Configure
phase fails. phase fails.
WTP: The WTP enters this state when the reliable transport fails WTP: The WTP enters this state when the reliable transport fails
to deliver the Configure Request, or if the ResponseTimeout to deliver the Configure Request, or if the ResponseTimeout
Timer (see Section 12)expires. Timer (see Section 12)expires.
AC: This state transition occurs if the AC is unable to transmit AC: This state transition occurs if the AC is unable to transmit
the Configure Response. Note that the AC itself does not the Configure Response to a specific WTP. Note that the AC
reset, but it places the specific WTPs context it is itself does not reset, but it places the specific WTPs context
communicating with in the reset state, meaning that it clears it is communicating with in the reset state, meaning that it
all state associated with the WTP. clears all state associated with the WTP.
Configure to Run: This state transition occurs when the WTP and AC Configure to Run (q): This state transition occurs when the WTP and
enters their normal state of operation. AC enters their normal state of operation.
WTP: The WTP enters this state when it receives a successful WTP: The WTP enters this state when it receives a successful
Configure Response from the AC. The WTP initializes the Configure Response from the AC. The WTP initializes the
HeartBeat Timer (see Section 12), and transmits the Change HeartBeat Timer (see Section 12), and transmits the Change
State Event Request message (see Section 7.5). State Event Request message (see Section 7.5).
AC: This state transition occurs when the AC receives the Change AC: This state transition occurs when the AC receives the Change
State Event Request (see Section 7.5) from the WTP. The AC State Event Request (see Section 7.5) from the WTP. The AC
responds with a Change State Event Response (see Section 7.6) responds with a Change State Event Response (see Section 7.6)
message. The AC must start the Session ID and Neighbor Dead message. The AC must start the Session ID and Neighbor Dead
timers (see Section 12). timers (see Section 12).
Run to Run: This is the normal state of operation. Run to Run (r): This is the normal state of operation.
WTP: This is the WTP's normal state of operation, and there are WTP: This is the WTP's normal state of operation, and there are
many events that cause this to occur: many events that cause this to occur:
Configuration Update: The WTP receives a Configuration Update Configuration Update: The WTP receives a Configuration Update
Request (see Section 7.3). The WTP MUST respond with a Request (see Section 7.3). The WTP MUST respond with a
Configuration Update Response (see Section 7.4). Configuration Update Response (see Section 7.4).
Change State Event: The WTP receives a Change State Event Change State Event: The WTP receives a Change State Event
Response, or determines that it must initiate a Change State Response, or determines that it must initiate a Change State
Event Request, as a result of a failure or change in the Event Request, as a result of a failure or change in the
state of a radio. state of a radio.
Echo Request: The WTP receives an Echo Request message Echo Request: The WTP receives an Echo Request message
Section 6.3), which it MUST respond with an Echo Response Section 6.5), which it MUST respond with an Echo Response
(see Section 6.4). (see Section 6.6).
Clear Config Indication: The WTP receives a Clear Config Clear Config Indication: The WTP receives a Clear Config
Indication message Section 7.7). The WTP MUST reset its Indication message Section 7.7). The WTP MUST reset its
configuration back to manufacturer defaults. configuration back to manufacturer defaults.
WTP Event: The WTP generates a WTP Event Request to send WTP Event: The WTP generates a WTP Event Request to send
information to the AC Section 8.5). The WTP receives a WTP information to the AC Section 8.5). The WTP receives a WTP
Event Response from the AC Section 8.6). Event Response from the AC Section 8.6).
Data Transfer: The WTP generates a Data Transfer Request to the Data Transfer: The WTP generates a Data Transfer Request to the
AC Section 8.7). The WTP receives a Data Transfer Response AC Section 8.7). The WTP receives a Data Transfer Response
from the AC Section 8.8). from the AC Section 8.8).
WLAN Config Request: The WTP receives an WLAN Config Request WLAN Config Request: The WTP receives an WLAN Config Request
message Section 11.4.1), which it MUST respond with an WLAN message Section 11.5.1), which it MUST respond with an WLAN
Config Response (see Section 11.4.2). Config Response (see Section 11.5.2).
Mobile Config Request: The WTP receives an Mobile Config Mobile Config Request: The WTP receives an Mobile Config
Request message Section 9.1), which it MUST respond with an Request message Section 9.1), which it MUST respond with an
Mobile Config Response (see Section 9.2). Mobile Config Response (see Section 9.2).
AC: This is the AC's normal state of operation, and there are many AC: This is the AC's normal state of operation, and there are many
events that cause this to occur: events that cause this to occur:
Configuration Update: The AC sends a Configuration Update Configuration Update: The AC sends a Configuration Update
Request (see Section 7.3) to the AP to update its Request (see Section 7.3) to the WTP to update its
configuration. The AC receives a Configuration Update configuration. The AC receives a Configuration Update
Response (see Section 7.4) from the WTP. Response (see Section 7.4) from the WTP.
Change State Event: The AC receives a Change State Event Change State Event: The AC receives a Change State Event
Request (see Section 7.5), which it MUST respond to with the Request (see Section 7.5), which it MUST respond to with the
Change State Event Response (see Section 7.6). Change State Event Response (see Section 7.6).
Echo: The AC sends an Echo Request message Section 6.3) or Echo: The AC sends an Echo Request message Section 6.5) or
receives the associated Echo Response (see Section 6.4) from receives the associated Echo Response (see Section 6.6) from
the WTP. the WTP.
Clear Config Indication: The AC sends a Clear Config Indication Clear Config Indication: The AC sends a Clear Config Indication
message Section 7.7). message Section 7.7).
WLAN Config: The AC sends an WLAN Config Request message WLAN Config: The AC sends an WLAN Config Request message
Section 11.4.1) or receives the associated WLAN Config Section 11.5.1) or receives the associated WLAN Config
Response (see Section 11.4.2) from the WTP. Response (see Section 11.5.2) from the WTP.
Mobile Config: The AC sends an Mobile Config Request message Mobile Config: The AC sends an Mobile Config Request message
Section 9.1) or receives the associated Mobile Config Section 9.1) or receives the associated Mobile Config
Response (see Section 9.2) from the WTP. Response (see Section 9.2) from the WTP.
Data Transfer: The AC receives a Data Transfer Request from the Data Transfer: The AC receives a Data Transfer Request from the
AC (see Section 8.7) and MUST generate the associated Data AC (see Section 8.7) and MUST generate the associated Data
Transfer Response message (see Section 8.8). Transfer Response message (see Section 8.8).
WTP Event: The AC receives a WTP Event Request from the AC (see WTP Event: The AC receives a WTP Event Request from the AC (see
Section 8.5) and MUST generate the associated WTP Event Section 8.5) and MUST generate the associated WTP Event
Response message (see Section 8.6). Response message (see Section 8.6).
Run to Reset: This event occurs when the AC wishes for the WTP re Run to Reset (s): This event occurs when the AC wishes for the WTP to
reboot. reboot.
WTP: The WTP enters this state when it receives a Reset Request WTP: The WTP enters this state when it receives a Reset Request
(see Section 8.3). It must respond with a Reset Response (see (see Section 8.3). It must respond with a Reset Response (see
Section 8.4), and once the reliable transport acknowledgement Section 8.4), and once the reliable transport acknowledgement
has been received, it must reboot itself. has been received, it must reboot itself.
AC: This state transition occurs either through some AC: This state transition occurs either through some
administrative action, or via some internal event on the AC administrative action, or via some internal event on the AC
that causes it to request that the WTP disconnect. Note that that causes it to request that the WTP disconnect. Note that
the AC itself does not reset, but it places the specific WTPs the AC itself does not reset, but it places the specific WTPs
context it is communicating with in the reset state. context it is communicating with in the reset state.
Run to Idle: This event occurs when an error occurs in the Run to Idle (t): This event occurs when an error occurs in the
communication between the WTP and the AC. communication between the WTP and the AC.
WTP: The WTP enters this state when the underlying reliable WTP: The WTP enters this state when the underlying reliable
transport in unable to transmit a message within the transport in unable to transmit a message within the
RetransmitInterval timer (see Section 12), and the maximum RetransmitInterval timer (see Section 12), and the maximum
number of RetransmitCount counter has reached the MaxRetransmit number of RetransmitCount counter has reached the MaxRetransmit
variable (see Section 13). variable (see Section 13).
AC: The AC enters this state when the underlying reliable AC: The AC enters this state when the underlying reliable
transport in unable to transmit a message within the transport in unable to transmit a message within the
RetransmitInterval timer (see Section 12), and the maximum RetransmitInterval timer (see Section 12), and the maximum
number of RetransmitCount counter has reached the MaxRetransmit number of RetransmitCount counter has reached the MaxRetransmit
variable (see Section 13). variable (see Section 13).
skipping to change at page 17, line 15 skipping to change at page 18, line 31
WTP: The WTP enters this state when the underlying reliable WTP: The WTP enters this state when the underlying reliable
transport in unable to transmit a message within the transport in unable to transmit a message within the
RetransmitInterval timer (see Section 12), and the maximum RetransmitInterval timer (see Section 12), and the maximum
number of RetransmitCount counter has reached the MaxRetransmit number of RetransmitCount counter has reached the MaxRetransmit
variable (see Section 13). variable (see Section 13).
AC: The AC enters this state when the underlying reliable AC: The AC enters this state when the underlying reliable
transport in unable to transmit a message within the transport in unable to transmit a message within the
RetransmitInterval timer (see Section 12), and the maximum RetransmitInterval timer (see Section 12), and the maximum
number of RetransmitCount counter has reached the MaxRetransmit number of RetransmitCount counter has reached the MaxRetransmit
variable (see Section 13). variable (see Section 13).
Run to Key Update: This event occurs when the WTP and the AC are to Run to Key Update (u): This event occurs when the WTP and the AC are
exchange new keying material, with which it must use to protect to exchange new keying material, with which it must use to protect
all future messages. all future messages.
WTP: This state transition occurs when the KeyLifetime timer WTP: This state transition occurs when the KeyLifetime timer
expires (see Section 12). expires (see Section 12).
AC: The WTP enters this state when it receives a Key Update AC: The WTP enters this state when it receives a Key Update
Request (see Section 6.5). It must create new keying material Request (see Section 6.7). It must create new keying material
and include it in the Key Update Response (see Section 6.6). and include it in the Key Update Response (see Section 6.8).
Key Update to Run: This event occurs when the key exchange phase is Key Update to Run (w): This event occurs when the key exchange phase
completed. is completed.
WTP: This state transition occurs when the AC receives the Key WTP: This state transition occurs when the WTP receives the Key
Update Response. The WTP must plumb the new keys in its crypto Update Response. The WTP must plumb the new keys in its crypto
module, allowing it to communicate with the AC using the new module, allowing it to communicate with the AC using the new
key. key.
AC: The WTP enters this state when it transmits the Key Update AC: The AC enters this state when it transmits the Key Update
Response message. The key is then plumbed into its crypto Response message. The key is then plumbed into its crypto
module, allowing it to communicate with the WTP using the new module, allowing it to communicate with the WTP using the new
key. key.
Key Update to Reset (x): This event occurs when the key exchange
phase times out.
WTP: This state transition occurs when the WTP does not receive a
Key Update Response from the AC.
AC: The AC enters this state when it is unable to process a Key
Update Request.
Reset to Idle (y): This event occurs when the state machine is
restarted.
WTP: The WTP reboots itself. After reboot the WTP will start its
LWAPP state machine in the Idle state.
AC: The AC clears out any state associated with the WTP. The AC
generally does this as a result of the reliable link layer
timing out.
3. LWAPP Transport Layers 3. LWAPP Transport Layers
The LWAPP protocol can operate at layer 2 or 3. For layer 2 support, The LWAPP protocol can operate at layer 2 or 3. For layer 2 support,
the LWAPP messages are carried in a native Ethernet frame. As such, the LWAPP messages are carried in a native Ethernet frame. As such,
the protocol is not routable and depends upon layer 2 connectivity the protocol is not routable and depends upon layer 2 connectivity
between the WTP and the AC. Layer 3 support is provided by between the WTP and the AC. Layer 3 support is provided by
encapsulating the LWAPP messages within UDP. encapsulating the LWAPP messages within UDP.
3.1 LWAPP Transport Header 3.1 LWAPP Transport Header
skipping to change at page 18, line 42 skipping to change at page 20, line 42
packet. The value for this draft is 0. packet. The value for this draft is 0.
3.1.2 RID Field 3.1.2 RID Field
A 3 bit field which contains the Radio ID number for this packet. A 3 bit field which contains the Radio ID number for this packet.
WTPs with multiple radios but a single MAC Address use this field to WTPs with multiple radios but a single MAC Address use this field to
indicate which radio is associated with the packet. indicate which radio is associated with the packet.
3.1.3 C Bit 3.1.3 C Bit
The C bit indicates whether this packet carries a data message or a The Control Message 'C' bit indicates whether this packet carries a
control message. When this bit is 0, the packet carries an LWAPP data or control message. When this bit is zero (0), the packet
data message in the payload. When this bit is 1, the packet carries carries an LWAPP data message in the payload (see Section 4.1). When
an LWAPP control messwage as defined in section 4 for consumption by this bit is one (1), the packet carries an LWAPP control message as
the addressed destination. defined in section Section 4.2 for consumption by the addressed
destination.
3.1.4 F Bit 3.1.4 F Bit
The F bit indicates whether this packet is a fragment. When this bit The Fragment 'F' bit indicates whether this packet is a fragment.
is 1, the packet is a fragment and MUST be combined with the other
corresponding fragments to reassemble the complete information When this bit is one (1), the packet is a fragment and MUST be
exchanged between the WTP and AC. combined with the other corresponding fragments to reassemble the
complete information exchanged between the WTP and AC.
3.1.5 L Bit 3.1.5 L Bit
The L bit is valid only if the 'F' bit is set and indicates whether The Not Last 'L' bit is valid only if the 'F' bit is set and
the packet contains the last fragment of a fragmented exchange indicates whether the packet contains the last fragment of a
between WTP and AC. When this bit is 1, the packet is not the last fragmented exchange between WTP and AC. When this bit is 1, the
fragment. When this bit is 0, the packet is the last fragment. packet is not the last fragment. When this bit is 0, the packet is
the last fragment.
3.1.6 Fragment ID 3.1.6 Fragment ID
An 8 bit field whose value is assigned to each group of fragments An 8 bit field whose value is assigned to each group of fragments
making up a complete set. The value of Fragment ID is incremented making up a complete set. The fragment ID space is managed
with each new set of fragments. The Fragment ID wraps to zero after individually for every WTP/AC pair. The value of Fragment ID is
the maximum value has been used to identify a set of fragments. incremented with each new set of fragments. The Fragment ID wraps to
LWAPP only supports up to 2 fragments per frame. zero after the maximum value has been used to identify a set of
fragments. LWAPP only supports up to 2 fragments per frame.
3.1.7 Length 3.1.7 Length
The 16 bit length field contains the number of bytes in the Payload. The 16 bit length field contains the number of bytes in the Payload.
The field is encoded as an unsigned number. The field is encoded as an unsigned number. If the LWAPP packet is
encrypted, the length field includes the AES-CCM MIC (see
Section 10.2 for more information).
3.1.8 Status and WLANS 3.1.8 Status and WLANS
The interpretation of this 16 bit field is binding specific. Refer The interpretation of this 16 bit field is binding specific. Refer
to the transport portion of the binding for a wireless technology for to the transport portion of the binding for a wireless technology for
the specification. the specification.
3.1.9 Payload 3.1.9 Payload
This field contains the header for an LWAPP Data Message or LWAPP This field contains the header for an LWAPP Data Message or LWAPP
Control Message, followed by the data associated with that message. Control Message, followed by the data associated with that message.
3.2 Using IEEE 802.3 MAC as LWAPP transport 3.2 Using IEEE 802.3 MAC as LWAPP transport
This section describes how the LWAPP protocol is provided over native This section describes how the LWAPP protocol is provided over native
ethernet frames. An LWAPP packet is formed from the MAC frame header ethernet frames. An LWAPP packet is formed from the MAC frame header
followed by the LWAPP message header. followed by the LWAPP message header. The following figure provides
an example of the frame formats used when LWAPP is used over the IEEE
802.3 transport.
Layer 2 LWAPP Data Frame
+-----------------------------------------------------------+
| MAC Header | LWAPP Header [C=0] | Forwarded Data ... |
+-----------------------------------------------------------+
Layer 2 LWAPP Control Frame
+---------------------------------------------------+
| MAC Header | LWAPP Header [C=1] | Control Message |
+---------------------------------------------------+
| Message Elements ... |
+----------------------+
3.2.1 Framing 3.2.1 Framing
Source Address Source Address
A MAC address belonging to the interface from which this message is A MAC address belonging to the interface from which this message is
sent. If multiple source addresses are configured on an interface, sent. If multiple source addresses are configured on an interface,
then the one chosen is implementation dependent. then the one chosen is implementation dependent.
Destination Address Destination Address
skipping to change at page 20, line 48 skipping to change at page 23, line 20
3.2.5 Multiplexing 3.2.5 Multiplexing
LWAPP control messages and data messages are distinguished by the C LWAPP control messages and data messages are distinguished by the C
Bit in the LWAPP message header. Bit in the LWAPP message header.
3.3 Using IPv4/UDP as LWAPP transport 3.3 Using IPv4/UDP as LWAPP transport
This section defines how LWAPP makes use of IPV4/UDP transport This section defines how LWAPP makes use of IPV4/UDP transport
between the WTP and the AC. When this transport is used, the MAC between the WTP and the AC. When this transport is used, the MAC
layer is controlled by the IPv4 stack, and there are therefore no layer is controlled by the IPv4 stack, and there are therefore no
special MAC layer requirements. special MAC layer requirements. The following figure provides an
example of the frame formats used when LWAPP is used over the
IPv4/UDP transport.
Layer 3 LWAPP Data Frame
+--------------------------------------------+
| MAC Header | IP | UDP | LWAPP Header [C=0] |
+--------------------------------------------+
|Forwarded Data ... |
+-------------------+
Layer 3 LWAPP Control Frame
+--------------------------------------------+
| MAC Header | IP | UDP | LWAPP Header [C=1] |
+--------------------------------------------+
| Control Message | Message Elements ... |
+-----------------+----------------------+
3.3.1 Framing 3.3.1 Framing
Communication between WTP and AC is established according to the Communication between WTP and AC is established according to the
standard UDP client/server model. The connection is initiated by the standard UDP client/server model. The connection is initiated by the
WTP (client) to the well-known UDP port of the AC (server) used for WTP (client) to the well-known UDP port of the AC (server) used for
control messages. This UDP port number of the AC is 12222 for LWAPP control messages. This UDP port number of the AC is 12222 for LWAPP
data and 12223 for LWAPP control frames. data and 12223 for LWAPP control frames.
3.3.2 AC Discovery 3.3.2 AC Discovery
skipping to change at page 21, line 36 skipping to change at page 24, line 26
address is implementation dependent. address is implementation dependent.
In order for a WTP to transmit a Discovery Request to a unicast In order for a WTP to transmit a Discovery Request to a unicast
address, the WTP must first obtain the IP address of the AC. Any address, the WTP must first obtain the IP address of the AC. Any
static configuration of an AC's IP address on the WTP non-volatile static configuration of an AC's IP address on the WTP non-volatile
storage is implementation dependent. However, additional dynamic storage is implementation dependent. However, additional dynamic
schemes are possible, for example: schemes are possible, for example:
DHCP: A comma delimited ASCII encoded list of AC IP addresses is DHCP: A comma delimited ASCII encoded list of AC IP addresses is
embedded inside a DHCP vendor specific option 43 extension. An embedded inside a DHCP vendor specific option 43 extension. An
example of the actual format of the vendor specific payload is of example of the actual format of the vendor specific payload is of
the form "LWAPP=10.1.1.1, 10.1.1.2". the form "10.1.1.1, 10.1.1.2".
DNS: The DNS name "LWAPP-AC-Address" MAY be resolvable to or more AC DNS: The DNS name "LWAPP-AC-Address" MAY be resolvable to or more AC
addresses addresses
3.3.3 LWAPP Message Header format over IPv4/UDP transport 3.3.3 LWAPP Message Header format over IPv4/UDP transport
All of the fields described in Section 3.1 are used when LWAPP uses All of the fields described in Section 3.1 are used when LWAPP uses
the IPv4/UDP transport, with the following exceptions: the IPv4/UDP transport, with the following exceptions:
3.3.3.1 F Bit 3.3.3.1 F Bit
skipping to change at page 25, line 10 skipping to change at page 28, line 10
4.2.1.1 Message Type 4.2.1.1 Message Type
The Message Type field identifies the function of the LWAPP control The Message Type field identifies the function of the LWAPP control
message. The valid values for Message Type are the following: message. The valid values for Message Type are the following:
Description Value Description Value
Discovery Request 1 Discovery Request 1
Discovery Response 2 Discovery Response 2
Join Request 3 Join Request 3
Join Response 4 Join Response 4
Unused 5-9 Join ACK 5
Join Confirm 6
Unused 7-9
Configure Request 10 Configure Request 10
Configure Response 11 Configure Response 11
Configuration Update Request 12 Configuration Update Request 12
Configuration Update Response 13 Configuration Update Response 13
WTP Event Request 14 WTP Event Request 14
WTP Event Response 15 WTP Event Response 15
Change State Event Request 16 Change State Event Request 16
Change State Event Response 17 Change State Event Response 17
Unused 18-21 Unused 18-21
Echo Request 22 Echo Request 22
skipping to change at page 26, line 8 skipping to change at page 29, line 8
field is copied into the corresponding response packet. field is copied into the corresponding response packet.
When an LWAPP control frame is sent, its internal sequence number When an LWAPP control frame is sent, its internal sequence number
counter is monotonically incremented, ensuring that no two requests counter is monotonically incremented, ensuring that no two requests
pending have the same sequence number. This field will wrap back to pending have the same sequence number. This field will wrap back to
zero. zero.
4.2.1.3 Message Element Length 4.2.1.3 Message Element Length
The Length field indicates the number of bytes following the Session The Length field indicates the number of bytes following the Session
ID field. ID field. If the LWAPP packet is encrypted, the length field
includes the AES-CCM MIC (see Section 10.2 for more information).
4.2.1.4 Session ID 4.2.1.4 Session ID
The Session ID is a 32-bit unsigned integer that is used to identify The Session ID is a 32-bit unsigned integer that is used to identify
the security context for encrypted exchanges between the WTP and the the security context for encrypted exchanges between the WTP and the
AC. Note that a Session ID is a random value that MUST be unique AC. Note that a Session ID is a random value that MUST be unique
between a given AC and any of the WTP it may be communicating with. between a given AC and any of the WTP it may be communicating with.
4.2.1.5 Message Element[0..N] 4.2.1.5 Message Element[0..N]
skipping to change at page 27, line 27 skipping to change at page 30, line 27
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Vendor Identifier | | Vendor Identifier |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Element ID | Value... | | Element ID | Value... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 104 for Vendor Specific Type: 104 for Vendor Specific
Length: >= 7 Length: >= 7
Vendor Identifier: A 32-bit value containing the IANA assigned "SMI Vendor Identifier: A 32-bit value containing the IANA assigned "SMI
Network Management Private Enterprise Codes" [9] Network Management Private Enterprise Codes" [11]
Element ID: A 16-bit Element Idenfier which is managed by the Element ID: A 16-bit Element Identifier which is managed by the
vendor. vendor.
Value: The value associated with the vendor specific element. Value: The value associated with the vendor specific element.
5. LWAPP Discovery Operations 5. LWAPP Discovery Operations
The Discovery messages are used by an WTP to determine which ACs are The Discovery messages are used by an WTP to determine which ACs are
available to provide service, as well as the capabilities and load of available to provide service, as well as the capabilities and load of
the ACs. the ACs.
5.1 Discovery Request 5.1 Discovery Request
skipping to change at page 31, line 10 skipping to change at page 34, line 10
When an WTP receives a Discovery Response, it MUST wait for an When an WTP receives a Discovery Response, it MUST wait for an
interval not less than DiscoveryInterval for receipt of additional interval not less than DiscoveryInterval for receipt of additional
Discovery Responses. After the DiscoveryInterval elapses, the WTP Discovery Responses. After the DiscoveryInterval elapses, the WTP
enters the Joining state and will select one of the ACs that sent a enters the Joining state and will select one of the ACs that sent a
Discovery Response and send a Join Request to that AC. Discovery Response and send a Join Request to that AC.
The following subsections define the message elements that MUST be The following subsections define the message elements that MUST be
included in this LWAPP operation. included in this LWAPP operation.
5.2.1 AC Descriptor 5.2.1 AC Address
The AC address message element is used to communicate the identity of
the AC. The value contains two fields, as shown.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved | MAC Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MAC Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 2 for AC Address
Length: 7
Reserved: MUST be set to zero
Mac Address: The MAC Address of the AC
5.2.2 AC Descriptor
The AC payload message element is used by the AC to communicate it's The AC payload message element is used by the AC to communicate it's
current state. The value contains the following fields. current state. The value contains the following fields.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved | Hardware Version ... | | Reserved | Hardware Version ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| HW Ver | Software Version ... | | HW Ver | Software Version ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SW Ver | Stations | Limit | | SW Ver | Stations | Limit |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Limit | Radios | Max Radio | | Limit | Radios | Max Radio |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Max Radio | | Max Radio | Security |
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 6 for AC Descriptor Type: 6 for AC Descriptor
Length: 17 Length: 17
Reserved: MUST be set to zero Reserved: MUST be set to zero
Hardware Version: A 32-bit integer representing the AC's hardware Hardware Version: A 32-bit integer representing the AC's hardware
version number version number
Software Version: A 32-bit integer representing the AC's Firmware Software Version: A 32-bit integer representing the AC's Firmware
version number version number
Stations: A 16-bit integer representing number of mobile stations Stations: A 16-bit integer representing number of mobile stations
currently associated with the AC currently associated with the AC
Limit: A 16-bit integer representing the maximum number of stations Limit: A 16-bit integer representing the maximum number of stations
supported by the AC supported by the AC
Radios: A 16-bit integer representing the number of WTPs currently Radios: A 16-bit integer representing the number of WTPs currently
attached to the AC attached to the AC
Max Radio: A 16-bit integer representing the maximum number of WTPs Max Radio: A 16-bit integer representing the maximum number of WTPs
supported by the AC supported by the AC
Security: A 8 bit bit mask specifying the security schemes supported
by the AC. The following values are supported:
1 - X.509 Certificate Based (Section 10.3.1)
2 - Pre-Shared Secret (Section 10.3.2)
5.2.2 AC Name 5.2.3 AC Name
The AC name message element contains an ASCII representation of the The AC name message element contains an ASCII representation of the
AC's identity. The value is a variable length byte string. The AC's identity. The value is a variable length byte string. The
string is NOT zero terminated. string is NOT zero terminated.
0 0
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
| Name ... | Name ...
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
Type: 31 for AC Name Type: 31 for AC Name
Length: > 0 Length: > 0
Name: A variable length ASCII string containing the AC's name Name: A variable length ASCII string containing the AC's name
5.2.3 WTP Manager Control IP Address 5.2.4 WTP Manager Control IP Address
The WTP Manager Control IP Address message element is sent by the AC The WTP Manager Control IP Address message element is sent by the AC
to the WTP during the discovery process and is used by the AC to to the WTP during the discovery process and is used by the AC to
provide the interfaces available on the AC, and their current load. provide the interfaces available on the AC, and their current load.
This message elemenet is useful for the WTP to perform load balancing This message elemenet is useful for the WTP to perform load balancing
across multiple interfaces. across multiple interfaces.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 33, line 43 skipping to change at page 37, line 19
When an WTP receives a Primary Discovery Response, it may opt to When an WTP receives a Primary Discovery Response, it may opt to
establish an LWAPP connection to its primary AC, based on the establish an LWAPP connection to its primary AC, based on the
configuration of the WTP Fallback Status message element on the WTP. configuration of the WTP Fallback Status message element on the WTP.
The following subsections define the message elements that MUST be The following subsections define the message elements that MUST be
included in this LWAPP operation. included in this LWAPP operation.
5.4.1 AC Descriptor 5.4.1 AC Descriptor
The Discovery Type message element is defined in section The Discovery Type message element is defined in section
Section 5.2.1. Section 5.2.2.
5.4.2 AC Name 5.4.2 AC Name
The AC Name message element is defined in section Section 5.2.2. The AC Name message element is defined in section Section 5.2.3.
5.4.3 WTP Manager Control IP Address 5.4.3 WTP Manager Control IP Address
An WTP Radio Information message element must be present for every An WTP Radio Information message element must be present for every
radio in the WTP. This message element is defined in section radio in the WTP. This message element is defined in section
Section 5.2.3. Section 5.2.4.
6. Control Channel Management 6. Control Channel Management
The Control Channel Management messages are used by the WTP and AC to The Control Channel Management messages are used by the WTP and AC to
create and maintain a channel of communication on which various other create and maintain a channel of communication on which various other
commands may be transmitted, such as configuration, firmware update, commands may be transmitted, such as configuration, firmware update,
etc. etc.
6.1 Join Request 6.1 Join Request
skipping to change at page 35, line 31 skipping to change at page 38, line 31
to exceed MTU. to exceed MTU.
If the transport used does not provide MTU path discovery, the If the transport used does not provide MTU path discovery, the
initial Join Request is padded with the Test message element to 1596 initial Join Request is padded with the Test message element to 1596
bytes. If a Join Response is received, the WTP can forward frames bytes. If a Join Response is received, the WTP can forward frames
without requiring any fragmentation. If no Join Response is without requiring any fragmentation. If no Join Response is
received, it issues a second Join Request padded with the Test received, it issues a second Join Request padded with the Test
payload to a total of 1500 bytes. The WTP continues to cycle from payload to a total of 1500 bytes. The WTP continues to cycle from
large (1596) to small (1500) packets until a Join Response has been large (1596) to small (1500) packets until a Join Response has been
received, or until both packets sizes have been retransmitted 3 received, or until both packets sizes have been retransmitted 3
times. If the Join Response is not received after the maximum number times . If the Join Response is not received after the maximum
of retransmissions, the WTP MUST abandon the AC and restart the number of retransmissions, the WTP MUST abandon the AC and restart
discovery phase. the discovery phase.
When an AC receives a Join Request it will respond with a Join When an AC receives a Join Request it will respond with a Join
Response. The AC validates the certificate found in the request. If Response. If the certificate based security mechanism is used, the
valid, the AC generates a session key which will be used to secure AC validates the certificate found in the request. If valid, the AC
the control frames it exchanges with the WTP. When the AC issues the generates a session key which will be used to secure the control
Join Response, the AC creates a context for the session with the WTP. frames it exchanges with the WTP. When the AC issues the Join
Response, the AC creates a context for the session with the WTP.
If the pre-shared session key security mechanism is used, the AC
saves the WTP's nonce, found in the WNonce message element, creates
its own nonce which it includes in the ANonce message element.
Finally, the AC creates the PSK-MIC, which is computed using a key
that is derived from the PSK.
A Join Request that includes both a WNonce and a Certificate message
element MUST be considered invalid.
Details on the key generation is found in Section 10. Details on the key generation is found in Section 10.
The following subsections define the message elements that MUST be The following subsections define the message elements that MUST be
included in this LWAPP operation. included in this LWAPP operation.
6.1.1 AC Address 6.1.1 WTP Descriptor
The AC address message element is used to communicate the identity of
the AC. The value contains two fields, as shown.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved | MAC Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MAC Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 2 for AC Address
Length: 7
Reserved: MUST be set to zero
Mac Address: The MAC Address of the AC
6.1.2 WTP Descriptor
The WTP Descriptor message element is defined in section The WTP Descriptor message element is defined in section
Section 5.1.2. Section 5.1.2.
6.1.2 AC Address
The AC Address message element is defined in section Section 5.2.1.
6.1.3 WTP Name 6.1.3 WTP Name
The WTP name message element value is a variable length byte string. The WTP name message element value is a variable length byte string.
The string is NOT zero terminated. The string is NOT zero terminated.
0 0
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
| Name ... | Name ...
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
skipping to change at page 37, line 18 skipping to change at page 40, line 9
6.1.5 WTP Radio Information 6.1.5 WTP Radio Information
An WTP Radio Information message element must be present for every An WTP Radio Information message element must be present for every
radio in the WTP. This message element is defined in section radio in the WTP. This message element is defined in section
Section 5.1.3. Section 5.1.3.
6.1.6 Certificate 6.1.6 Certificate
The certificate message element value is a byte string containing a The certificate message element value is a byte string containing a
DER-encoded x.509v3 certificate. DER-encoded x.509v3 certificate. This message element is only
included if the LWAPP security type used between the WTP and the AC
makes use of certificates (see Section 10 for more information).
0 0
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
| Certificate... | Certificate...
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
Type: 44 for Certificate Type: 44 for Certificate
Length: > 0 Length: > 0
Certificate: A non zero terminated string containing the device's Certificate: A non zero terminated string containing the device's
skipping to change at page 38, line 10 skipping to change at page 41, line 4
6.1.8 Test 6.1.8 Test
The test message element is used as padding to perform MTU discovery, The test message element is used as padding to perform MTU discovery,
and MAY contain any value, of any length. and MAY contain any value, of any length.
0 0
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
| Padding ... | Padding ...
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
Type: 18 for Test Type: 18 for Test
Length: > 0 Length: > 0
Padding: A variable length pad. Padding: A variable length pad.
6.1.9 WNonce
The wnonce message element is sent by a WTP that is configured to
make use of the pre-shared key security mechanism. See
Section 10.3.2 for more information.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Nonce |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Nonce |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Nonce |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Nonce |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 107 for WNonce
Length: 16
Nonce: A 16 octet random nonce.
6.1.10 DH-Params
The DH-Params message element is used in order for the WTP and the AC
to perform a Diffie Hellman exchange. This message element contains
the g, p, g^x mod p - where x is the exponent chosen by the sender.
See Section 10.3.2 for more information.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Nonce |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Nonce |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Nonce |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Nonce |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 111 for DH-Params
Length: 16
Nonce: Contains g, p, g^x mod p, where 'x' is the exponent chosen by
the sender.
6.2 Join Response 6.2 Join Response
The Join Response is sent by the AC to indicate to an WTP whether it The Join Response is sent by the AC to indicate to an WTP whether it
is capable and willing to provide service to it. is capable and willing to provide service to it.
Join Responses are sent by the AC after receiving a Join Request. Join Responses are sent by the AC after receiving a Join Request.
Once the Join Response has been sent, the heartbeat timer is Once the Join Response has been sent, the heartbeat timer is
initiated for the session to EchoInterval. Expiration of the timer initiated for the session to EchoInterval. Expiration of the timer
will result in deletion of the AC-WTP session. The timer is will result in deletion of the AC-WTP session. The timer is
refreshed upon receipt of the Echo Request. refreshed upon receipt of the Echo Request.
When an WTP receives a Join Response it enters the Joined state and If the security method used is certificate based, when a WTP receives
initiates either a Configure Request or Image Data to the AC to which a Join Response it enters the Joined state and initiates either a
it is now joined. Upon entering the Joined state, the WTP begins Configure Request or Image Data to the AC to which it is now joined.
timing an interval equal to NeighborDeadInterval. Expiration of the Upon entering the Joined state, the WTP begins timing an interval
timer will result in the transmission of the Echo Request. equal to NeighborDeadInterval. Expiration of the timer will result
in the transmission of the Echo Request.
If the security method used is pre-shared secret based, when a WTP
receives a Join Response that includes a valid PSK-MIC message
element, it responds with a Join ACK that also MUST include a locally
computed PSK-MIC message element.
The following subsections define the message elements that MUST be The following subsections define the message elements that MUST be
included in this LWAPP operation. included in this LWAPP operation.
6.2.1 Result Code 6.2.1 Result Code
The Result Code message element value is a 32-bit integer value, The Result Code message element value is a 32-bit integer value,
indicating the result of the request operation corresponding to the indicating the result of the request operation corresponding to the
sequence number in the message. The Result Code is included in a sequence number in the message. The Result Code is included in a
successful Join Response. successful Join Response.
skipping to change at page 39, line 6 skipping to change at page 43, line 7
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Result Code | | Result Code |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 2 for Result Code Type: 2 for Result Code
Length: 4 Length: 4
Result Code: The following values are defined: Result Code: The following values are defined:
0 Success 0 Success
1 Failure 1 Failure (AC List message element MUST be present)
6.2.2 Status 6.2.2 Status
The Status message element is sent by the AC to the WTP in a The Status message element is sent by the AC to the WTP in a
non-successful Join Response message. This message element is used non-successful Join Response message. This message element is used
to indicate the reason for the failure and should only be accompanied to indicate the reason for the failure and should only be accompanied
with a Result Code message element that indicates a failure. with a Result Code message element that indicates a failure.
0 0
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
skipping to change at page 39, line 33 skipping to change at page 43, line 34
Status: The status field indicates the reason for an LWAPP failure. Status: The status field indicates the reason for an LWAPP failure.
The following values are supported: The following values are supported:
1 - Reserved - do not use 1 - Reserved - do not use
2 - Resource Depletion 2 - Resource Depletion
3 - Unknown Source 3 - Unknown Source
4 - Incorrect Data 4 - Incorrect Data
6.2.3 Certificate 6.2.3 Certificate
The Certificate message element is defined in section Section 6.1.6. The Certificate message element is defined in section Section 6.1.6.
Note this message element is only included if the WTP and the AC make
use of certificate based security as defined in section Section 10.
6.2.4 Session Key 6.2.4 Session Key
The Session Key message element is sent by the AC to the WTP and The Session Key message element is sent by the AC to the WTP and
includes the randomly generated session key, which is used to protect includes the randomly generated session key, which is used to protect
the LWAPP control messages. More details are available in the LWAPP control messages. More details are available in
Section 10. The value contains the following fields. Section 10. The value contains the following fields.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Session ID | | Security | Session Key ....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Session Key |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Session Key |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Session Key |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Session Key |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 46 for Session Key Type: 46 for Session Key
Length: 20 Length: > 1
Session ID: A 32-bit value defined in the session ID above. Security: The LWAPP security model used. The following values are
Session Key: A signed, encrypted 128-bit randomly generated session supported:
key. See Section 10 for more information on how this field is 0 - Unused
created. 1 - X.509 Certificate Based (Section 10.3.1)
2 - Pre-Shared Secret (Section 10.3.2)
Session Key: An Encrypted Session Key. The encryption procedures
used for this field depends upon the security model used, which
are defined in section Section 10.
6.2.5 WTP Manager Data IP Address 6.2.5 WTP Manager Data IP Address
The WTP Manager Data IP Address message element is optionally sent by The WTP Manager Data IP Address message element is optionally sent by
the AC to the WTP during the join phase. If present, the IP Address the AC to the WTP during the join phase. If present, the IP Address
contained in this message element is the address the WTP is to use contained in this message element is the address the WTP is to use
when sending any of its LWAPP data frames. when sending any of its LWAPP data frames.
Note this message element is only valid when LWAPP uses the IP/UDP Note this message element is only valid when LWAPP uses the IP/UDP
layer 3 transport layer 3 transport
skipping to change at page 40, line 34 skipping to change at page 44, line 35
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address | | IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: TBD for WTP Manager Data IP Address Type: TBD for WTP Manager Data IP Address
Length: 4 Length: 4
IP Address: The IP Address of an interface. IP Address: The IP Address of an interface.
6.3 Echo Request 6.2.6 AC List
The AC List message element is used to configure an WTP with the
latest list of ACs in a cluster. This message element MUST be
included if the Join Response returns a failure indicating that the
AC cannot handle the WTP at this time, allowing the WTP to find an
alternate AC to connect to.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| AC IP Address[] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 59 for AC List
Length: >= 4
AC IP Address: An array of 32-bit integers containing an AC's IP
Address.
6.2.7 ANonce
The anonce message element is sent by a AC that is configured to make
use of the pre-shared key security method. See Section 10.3.2 for
more information.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Nonce |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Nonce |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Nonce |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Nonce |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 108 for Test
Length: 16
Nonce: A 16 octet random nonce.
6.2.8 PSK-MIC
The PSK-MIC message element includes a message integrity check, whose
purpose is to provide confirmation to the peer that the sender has
the proper session key. This message element is only included if the
security method used between the WTP and the AC is the pre-shared
secret mechanism. See Section 10.3.2 for more information.
When present, the PSK-MIC message element MUST be the last message
element in the message. The MIC is computed over the complete LWAPP
packet, from the LWAPP control header as defined in Section 4.2.1 to
the end of the packet (which MUST be this PSK-MIC message element).
The MIC field in this message element and the sequence number field
in the LWAPP control header MUST be set to zeroes prior to computing
the MIC. The length field in the LWAPP control header must already
include this message element prior to computing the MIC.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SPI | MIC ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 109 for PSK-MIC
Length: > 1
SPI: The SPI field specifies the cryptographic algorithm used to
create the message integrity check. The following values are
supported:
0 - Unused
1 - HMAC-SHA-1 (RFC 2104 [14])
MIC: A 20 octet Message Integrity Check.
6.2.9 DH-Params
The Certificate message element is defined in section Section 6.1.10.
Note this message element is only included if the WTP and the AC make
use of pre-shared key based security as defined in section
Section 10.3.2.
6.3 Join ACK
The Join ACK message is sent by the WTP upon receiving a Join
Response, which has a valid PSK-MIC message element, as a means of
providing key confirmation to the AC. The Join ACK is only used in
the case where the WTP makes use of the pre-shared key LWAPP mode
(See Section 10.3.2 for more information).
Note that the AC should never receive this message unless the
security method used between the WTP and the AC is pre-shared secret
based.
The following subsections define the message elements that MUST be
included in this LWAPP operation.
6.3.1 Session ID
The Session ID message element is defined in section Section 6.1.7.
6.3.2 WNonce
The WNonce message element is defined in section Section 6.1.9.
6.3.3 PSK-MIC
The PSK-MIC message element is defined in section Section 6.2.8.
6.4 Join Confirm
The Join Confirm message is sent by the AC upon receiving a Join ACK,
which has a valid PSK-MIC message element, as a means of providing
key confirmation to the WTP. The Join Confirm is only used in the
case where the WTP makes use of the pre-shared key LWAPP mode (See
Section 10.3.2 for more information).
If the security method used is pre-shared key based, when an WTP
receives a Join Confirm it enters the Joined state and initiates
either a Configure Request or Image Data to the AC to which it is now
joined. Upon entering the Joined state, the WTP begins timing an
interval equal to NeighborDeadInterval. Expiration of the timer will
result in the transmission of the Echo Request.
This message is never received, or sent, when the security type used
between the WTP and the AC is certificated based.
The following subsections define the message elements that MUST be
included in this LWAPP operation.
6.4.1 Session ID
The Session ID message element is defined in section Section 6.1.7.
6.4.2 ANonce
The ANonce message element is defined in section Section 6.2.7.
6.4.3 PSK-MIC
The PSK-MIC message element is defined in section Section 6.2.8.
6.5 Echo Request
The Echo Request message is a keepalive mechanism for the LWAPP The Echo Request message is a keepalive mechanism for the LWAPP
control message. control message.
Echo Requests are sent periodically by an WTP in the Run state (see Echo Requests are sent periodically by an WTP in the Run state (see
Figure 3) to determine the state of the connection between the WTP Figure 2) to determine the state of the connection between the WTP
and the AC. The Echo Request is sent by the WTP when the Heartbeat and the AC. The Echo Request is sent by the WTP when the Heartbeat
timer expires, and it MUST start its NeighborDeadInterval timer. timer expires, and it MUST start its NeighborDeadInterval timer.
The Echo Request carries no message elements. The Echo Request carries no message elements.
When an AC receives an Echo Request it responds with an Echo When an AC receives an Echo Request it responds with an Echo
Response. Response.
6.4 Echo Response 6.6 Echo Response
The Echo Response acknowledges the Echo Request, and are only The Echo Response acknowledges the Echo Request, and are only
accepted while in the Run state (see Figure 3). accepted while in the Run state (see Figure 2).
Echo Responses are sent by an AC after receiving an Echo Request. Echo Responses are sent by an AC after receiving an Echo Request.
After transmitting the Echo Response, the AC should reset its After transmitting the Echo Response, the AC should reset its
Heartbeat timer to expire in the value configured for EchoInterval. Heartbeat timer to expire in the value configured for EchoInterval.
If another Echo request is not received by the AC when the timer If another Echo request is not received by the AC when the timer
expires, the AC SHOULD consider the AP to no longer be reachable. expires, the AC SHOULD consider the WTP to no longer be reachable.
The Echo Response carries no message elements. The Echo Response carries no message elements.
When an WTP receives an Echo Response it stops the When an WTP receives an Echo Response it stops the
NeighborDeadInterval timer, and starts the Heartbeat timer to NeighborDeadInterval timer, and starts the Heartbeat timer to
EchoInterval. EchoInterval.
If the NeighborDeadInterval timer expires prior to receiving an Echo If the NeighborDeadInterval timer expires prior to receiving an Echo
Response, the WTP enters the Idle state. Response, the WTP enters the Idle state.
6.5 Key Update Request 6.7 Key Update Request
The Key Update Request updates the LWAPP session key used to secure The Key Update Request updates the LWAPP session key used to secure
messages between the WTP and the AC. messages between the WTP and the AC.
Key Update Requests are sent by an WTP in the Run state to update a Key Update Requests are sent by an WTP in the Run state to update a
session key. The Session ID message element MUST include a new session key. The Session ID message element MUST include a new
session identifier. session identifier.
When an AC receives a Key Update Request it generates a new key (see When an AC receives a Key Update Request it generates a new key (see
Section 10) and responds with a Key Update Response. Section 10) and responds with a Key Update Response.
The following subsections define the message elements that MUST be The following subsections define the message elements that MUST be
included in this LWAPP operation. included in this LWAPP operation.
6.5.1 Session ID 6.7.1 Session ID
The Session ID message element is defined in section Section 6.1.7. The Session ID message element is defined in section Section 6.1.7.
6.6 Key Update Response 6.8 Key Update Response
The Key Update Response updates the LWAPP session key used to secure The Key Update Response updates the LWAPP session key used to secure
messages between the WTP and the AC, and acknowledges the Key Update messages between the WTP and the AC, and acknowledges the Key Update
Request. Request.
Key Update Responses are sent by a AC after receiving a Key Update Key Update Responses are sent by a AC after receiving a Key Update
Request. The Key Update Responses is secured using public key Request. The Key Update Responses is secured using public key
cryptography. cryptography when certificates were used in the Join Request/Response
exchange. However, the session keys are AES Key-wrapped when the AC
and WTP invoked PSK-mode to establish the first session key.
When an WTP receives a Key Update Response it will use the When an WTP receives a Key Update Response it will use the
information contained in the Session Key message element to determine information contained in the Session Key message element to determine
the keying material used to encrypt the LWAPP communications between the keying material used to encrypt the LWAPP communications between
the WTP and the AC. the WTP and the AC.
The following subsections define the message elements that MUST be The following subsections define the message elements that MUST be
included in this LWAPP operation. included in this LWAPP operation.
6.6.1 Session Key 6.8.1 Session Key
The Session Key message element is defined in section Section 6.2.4. The Session Key message element is defined in section Section 6.2.4.
6.7 Key Update Trigger 6.9 Key Update Trigger
The Key Update Trigger is used by the AC to request that a Key Update The Key Update Trigger is used by the AC to request that a Key Update
Request be initiated by the WTP. Request be initiated by the WTP.
Key Update Trigger are sent by an AC in the Run state to inform the Key Update Trigger are sent by an AC in the Run state to inform the
WTP to initiate a Key Update Request message. WTP to initiate a Key Update Request message.
When a WTP receives a Key Update Trigger it generates a key Update When a WTP receives a Key Update Trigger it generates a key Update
Request. Request.
The following subsections define the message elements that MUST be The following subsections define the message elements that MUST be
included in this LWAPP operation. included in this LWAPP operation.
6.7.1 Session ID 6.9.1 Session ID
The Session ID message element is defined in section Section 6.1.7. The Session ID message element is defined in section Section 6.1.7.
7. WTP Configuration Management 7. WTP Configuration Management
The Wireless Termination Point Configuration messages are used to The Wireless Termination Point Configuration messages are used to
exchange configuration between the AC and the WTP. exchange configuration between the AC and the WTP.
7.1 Configure Request 7.1 Configure Request
skipping to change at page 44, line 12 skipping to change at page 51, line 12
the administrative state of an WTP, it would include 0xff in the the administrative state of an WTP, it would include 0xff in the
Radio ID field. Radio ID field.
Admin State: An 8-bit value representing the administrative state of Admin State: An 8-bit value representing the administrative state of
the radio. The following values are supported: the radio. The following values are supported:
1 - Enabled 1 - Enabled
2 - Disabled 2 - Disabled
7.1.2 AC Name 7.1.2 AC Name
The AC Name message element is defined in section Section 5.2.2. The AC Name message element is defined in section Section 5.2.3.
7.1.3 AC Name with Index 7.1.3 AC Name with Index
The AC Name with Index message element is sent by the AC to the WTP The AC Name with Index message element is sent by the AC to the WTP
to configure preferred ACs. The number of instances where this to configure preferred ACs. The number of instances where this
message element would be present is equal to the number of ACs message element would be present is equal to the number of ACs
configured on the WTP. configured on the WTP.
0 1 0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
skipping to change at page 44, line 49 skipping to change at page 51, line 49
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Card ID | Card Revision | | Card ID | Card Revision |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| WTP Model | | WTP Model |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| WTP Model | | WTP Model |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| WTP Serial Number ... | | WTP Serial Number ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| WTP Options | | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Ethernet MAC Address | | Ethernet MAC Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Ethernet MAC Address | | Ethernet MAC Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 50 for WTP Board Data Type: 50 for WTP Board Data
Length: 26 Length: 26
Card ID: A hardware identifier. Card ID: A hardware identifier.
Card Revision: Revision of the card. Card Revision: 4 byte Revision of the card.
WTP Model: WTP Model Number. WTP Model: 8 byte WTP Model Number.
WTP Serial Number: WTP Serial Number. WTP Serial Number: 24 byte WTP Serial Number.
WTP Options: A vendor specific field encoding specific options Reserved: A 4 byte reserved field that MUST be set to zero (0).
enabled on the WTP.
Ethernet MAC Address: MAC Address of the WTP's Ethernet interface. Ethernet MAC Address: MAC Address of the WTP's Ethernet interface.
7.1.5 Statistics Timer 7.1.5 Statistics Timer
The statistics timer message element value is used by the AC to The statistics timer message element value is used by the AC to
inform the WTP of the frequency which it expects to receive updated inform the WTP of the frequency which it expects to receive updated
statistics. statistics.
0 1 0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
skipping to change at page 46, line 11 skipping to change at page 53, line 11
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Static | | Static |
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
Type: 82 for WTP Static IP Address Information Type: 82 for WTP Static IP Address Information
Length: 13 Length: 13
IP Address: The IP Address to assign to the WTP. IP Address: The IP Address to assign to the WTP.
Netmask: The IP Netmask. Netmask: The IP Netmask.
Gateway: The IP address of the gateway. Gateway: The IP address of the gateway.
Netmask: The IP Netmask. Netmask: The IP Netmask.
Static: An 8-bit boolean stating whether the WTP should use a static Static: An 8-bit boolean stating whether the WTP should use a static
IP address or not. IP address or not. A value of zero disables the static IP
address, while a value of one enables it.
7.1.7 WTP Reboot Statistics 7.1.7 WTP Reboot Statistics
The WTP Reboot Statistics message element is sent by the WTP to the The WTP Reboot Statistics message element is sent by the WTP to the
AC to communicate information about reasons why reboots have AC to communicate information about reasons why reboots have
occurred. occurred.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 47, line 48 skipping to change at page 55, line 4
The WTP radios information message element is used to communicate the The WTP radios information message element is used to communicate the
operational state of a radio. The value contains two fields, as operational state of a radio. The value contains two fields, as
shown. shown.
0 1 0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | State | Cause | | Radio ID | State | Cause |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 26 for Change State Event Type: 26 for Change State Event
Length: 3 Length: 3
Radio ID: The Radio Identifier, typically refers to some interface Radio ID: The Radio Identifier, typically refers to some interface
index on the WTP. index on the WTP.
State: An 8-bit boolean containing the state of the radio. State: An 8-bit boolean value representing the state of the radio.
A value of one disables the radio, while a value of two enables
it.
Cause: In the event of a radio being inoperable, the cause field Cause: In the event of a radio being inoperable, the cause field
would contain the reason the radio is out of service. would contain the reason the radio is out of service.
Cause: In the event of a radio being inoperable, the cause field
would contain the reason the radio is out of service. The
following values are supported:
0 - Normal
1 - Radio Failure
2 - Software Failure
7.2.3 LWAPP Timers 7.2.3 LWAPP Timers
The LWAPP Timers message element is used by an AC to configure LWAPP The LWAPP Timers message element is used by an AC to configure LWAPP
timers on an WTP. timers on an WTP.
0 1 0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Discovery | Echo Request | | Discovery | Echo Request |
skipping to change at page 48, line 31 skipping to change at page 55, line 40
Type: 68 for LWAPP Timers Type: 68 for LWAPP Timers
Length: 2 Length: 2
Discovery: The number of seconds between LWAPP Discovery packets, Discovery: The number of seconds between LWAPP Discovery packets,
when the WTP is in the discovery mode. when the WTP is in the discovery mode.
Echo Request: The number of seconds between WTP Echo Request LWAPP Echo Request: The number of seconds between WTP Echo Request LWAPP
messages. messages.
7.2.4 AC List 7.2.4 AC List
The AC List message element is used to configure an WTP with the The AC List message element is defined in section Section 6.2.6.
latest list of ACs in a cluster.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| AC IP Address[] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 59 for AC List
Length: >= 4
AC IP Address: An array of 32-bit integers containing an AC's IP
Address.
7.2.5 WTP Fallback 7.2.5 WTP Fallback
The WTP Fallback message element is sent by the AC to the WTP to The WTP Fallback message element is sent by the AC to the WTP to
enable or disable automatic LWAPP fallback in the event that an WTP enable or disable automatic LWAPP fallback in the event that an WTP
detects its preferred AC, and is not currently connected to it. detects its preferred AC, and is not currently connected to it.
0 0
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
| Mode | | Mode |
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
Type: 91 for WTP Fallback Type: 91 for WTP Fallback
Length: 1 Length: 1
Mode: The 8-bit boolean value indicates the status of automatic Mode: The 8-bit boolean value indicates the status of automatic
LWAPP fallback on the WTP. When enabled, if the WTP detects that LWAPP fallback on the WTP. A value of zero disables the fallback
its primary AC is available, and it is not connected to it, it feature, while a value of one enables it. When enabled, if the
SHOULD automatically disconnect from its current AC and reconnect WTP detects that its primary AC is available, and it is not
to its primary. If disabled, the WTP will only reconnect to its connected to it, it SHOULD automatically disconnect from its
primary through manual intervention (e.g., through the Reset current AC and reconnect to its primary. If disabled, the WTP
Request command). will only reconnect to its primary through manual intervention
(e.g., through the Reset Request command).
7.2.6 Idle Timeout 7.2.6 Idle Timeout
The Idle Timeout message element is sent by the AC to the WTP to The Idle Timeout message element is sent by the AC to the WTP to
provide it with the idle timeout that it should enforce on its active provide it with the idle timeout that it should enforce on its active
mobile station entries. mobile station entries.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 50, line 32 skipping to change at page 57, line 32
The Location Data message element is defined in section The Location Data message element is defined in section
Section 6.1.4. Section 6.1.4.
7.3.6 Decryption Error Report Period 7.3.6 Decryption Error Report Period
The Decryption Error Report Period message element is defined in The Decryption Error Report Period message element is defined in
section Section 7.2.1. section Section 7.2.1.
7.3.7 AC List 7.3.7 AC List
The AC List message element is defined in section Section 7.2.4. The AC List message element is defined in section Section 6.2.6.
7.3.8 Add Blacklist Entry 7.3.8 Add Blacklist Entry
The Add Blacklist Entry message element is used by an AC to add a The Add Blacklist Entry message element is used by an AC to add a
blacklist entry on an WTP, ensuring that the WTP no longer provides blacklist entry on an WTP, ensuring that the WTP no longer provides
any service to the MAC addresses provided in the message. The MAC any service to the MAC addresses provided in the message. The MAC
Addresses provided in this message element are not expected to be Addresses provided in this message element are not expected to be
saved in non-volative memory on the WTP. saved in non-volative memory on the WTP.
0 1 2 3 0 1 2 3
skipping to change at page 53, line 24 skipping to change at page 60, line 24
7.5 Change State Event Request 7.5 Change State Event Request
The Change State Event is used by the WTP to inform the AC of a The Change State Event is used by the WTP to inform the AC of a
change in the operational state. change in the operational state.
The Change State Event message is sent by the WTP when it receives a The Change State Event message is sent by the WTP when it receives a
Configuration Response that includes a Change State Event message Configuration Response that includes a Change State Event message
element. It is also sent in the event that the WTP detects an element. It is also sent in the event that the WTP detects an
operational failure with a radio. The Change State Event may be sent operational failure with a radio. The Change State Event may be sent
in either the Configure or Run state (see Figure 3. in either the Configure or Run state (see Figure 2.
When an AC receives a Change State Event it will respond with a When an AC receives a Change State Event it will respond with a
Change State Event Response and make any necessary modifications to Change State Event Response and make any necessary modifications to
internal WTP data structures. internal WTP data structures.
The following subsections define the message elements that must be The following subsections define the message elements that must be
present in this LWAPP operation. present in this LWAPP operation.
7.5.1 Change State Event 7.5.1 Change State Event
skipping to change at page 62, line 7 skipping to change at page 69, line 7
The data transfer request message MUST contain the message elements The data transfer request message MUST contain the message elements
described in the next subsection. described in the next subsection.
9.2.1 Result Code 9.2.1 Result Code
The Result Code message element is defined in section Section 6.2.1. The Result Code message element is defined in section Section 6.2.1.
10. Session Key Generation 10. Session Key Generation
Note: This version only defines a certificate based mechanism to Note: This version only defines a certificate and a shared secret
secure traffic between the WTP and the AC. A shared-secret mechanism based mechanism to secure control LWAPP traffic exchanged between the
will be added in a future version. WTP and the AC.
10.1 Securing WTP-AC communications 10.1 Securing WTP-AC communications
While it is generally straightforward to produce network While it is generally straightforward to produce network
installations in which the communications medium between the WTP and installations in which the communications medium between the WTP and
AC is not accessible to the casual user (e.g. these LAN segments are AC is not accessible to the casual user (e.g. these LAN segments are
isolated, no RJ45 or other access ports exist between the WTP and the isolated, no RJ45 or other access ports exist between the WTP and the
AC), this will not always be the case. Furthermore, a determined AC), this will not always be the case. Furthermore, a determined
attacker may resort to various more sophisticated monitoring and/or attacker may resort to various more sophisticated monitoring and/or
access techniques, thereby compromising the integrity of this access techniques, thereby compromising the integrity of this
skipping to change at page 62, line 44 skipping to change at page 69, line 44
beyond the scope of this document, some discussion of the motivation beyond the scope of this document, some discussion of the motivation
for various security-related design choices is useful. The for various security-related design choices is useful. The
assumptions driving the security design thus far include the assumptions driving the security design thus far include the
following: following:
o WTP-AC communications take place over a wired connection which may o WTP-AC communications take place over a wired connection which may
be accessible to a sophisticated attacker be accessible to a sophisticated attacker
o access to this connection is not trivial for an outsider (i.e. o access to this connection is not trivial for an outsider (i.e.
someone who does not "belong" in the building) to access someone who does not "belong" in the building) to access
o if authentication and/or privacy of end to end traffic for which o if authentication and/or privacy of end to end traffic for which
the WTP and AC are intermediaries is required, this may be the WTP and AC are intermediaries is required, this may be
provided via IPsec [11]. provided via IPsec [13].
o privacy and authentication for at least some WTP-AC control o privacy and authentication for at least some WTP-AC control
traffic is required (e.g. WEP keys for user sessions, passed from traffic is required (e.g. WEP keys for user sessions, passed from
AC to WTP) AC to WTP)
o the AC can be trusted to generate strong cryptographic keys o the AC can be trusted to generate strong cryptographic keys
AC-WTP traffic can be considered to consist of two types: data AC-WTP traffic can be considered to consist of two types: data
traffic (e.g. to or from an end user), and control traffic which is traffic (e.g. to or from an end user), and control traffic which is
strictly between the AC and WTP. Since data traffic may be secured strictly between the AC and WTP. Since data traffic may be secured
using IPsec (or some other end-to-end security mechanism), we confine using IPsec (or some other end-to-end security mechanism), we confine
our solution to control traffic. The resulting security consists of our solution to control traffic. The resulting security consists of
skipping to change at page 63, line 19 skipping to change at page 70, line 19
strong AES-based authentication and encryption. The exchange of strong AES-based authentication and encryption. The exchange of
cryptographic keys used for CCM is described below. cryptographic keys used for CCM is described below.
10.2 LWAPP Frame Encryption 10.2 LWAPP Frame Encryption
While, the LWAPP protocol uses AES-CCM to encrypt control traffic, it While, the LWAPP protocol uses AES-CCM to encrypt control traffic, it
is important to note that not all control frames are encrypted. The is important to note that not all control frames are encrypted. The
LWAPP discovery and join phase are not encrypted. The Discovery LWAPP discovery and join phase are not encrypted. The Discovery
messages are sent in the clear since there does not exist a security messages are sent in the clear since there does not exist a security
association between the WTP and the AC during the discovery phase. association between the WTP and the AC during the discovery phase.
The Join phase is used to negotiate symmetric session keys (see The Join phase is an authenticated exchange used to negotiate
Section 6.2.4). symmetric session keys (see Section 6.2.4).
Once the join phase has been successfully completed, the LWAPP state Once the join phase has been successfully completed, the LWAPP state
machine Figure 3 will move to the Configure state, at which time all machine Figure 2 will move to the Configure state, at which time all
LWAPP control frames are encrypted using AES-CCM. LWAPP control frames are encrypted using AES-CCM.
Encryption of a control message begins at the Message Element field, Encryption of a control message begins at the Message Element field,
meaning tha the Msg Type, Seq Num, Msg Element Length and Session ID meaning the Msg Type, Seq Num, Msg Element Length and Session ID
fields are left intact (see Section 4.2.1). fields are left intact (see Section 4.2.1).
The AES-CCM 12 byte authentication data is appended to the end of the The AES-CCM 12 byte authentication data is appended to the end of the
message. The authentication data is calculated from the start of the message. The authentication data is calculated from the start of the
LWAPP packet, and includes the complete LWAPP header. LWAPP packet, and includes the complete LWAPP control header (see
Section 4.2.1).
The AES-CCM block cipher protocol requires an initialization vector. The AES-CCM block cipher protocol requires an initialization vector.
The IV is initialized on both the WTP and the AC to the Session ID, The LWAPP protocol requires that the WTP and the AC maintain two
and the IV is monotonically increased for every packet transmitted. separate IVs, one for transmission and one for reception. The IV is
Note that the IV is implicit, and is not transmitted in the LWAPP initialized on both the WTP and the AC to the Session ID, and the IV
header, and therefore an LWAPP device MUST keep track of both is monotonically increased for every packet transmitted. Note that
bi-directional IVs. The IV is 13 bytes long, and the first byte is the IV is implicit, and is not transmitted in the LWAPP header, and
set to zero, while the remaining four bytes are set to the therefore an LWAPP device MUST keep track of both bi-directional IVs.
monotonically increasing 32 bit counter previously mentioned. The IV is 13 bytes long, and the first byte is set to zero, while the
remaining twelve bytes are set to the monotonically increasing 32 bit
counter previously mentioned. The following pseudo code provides an
example of how the IVs are managed for a transmitted packet.
void SetNonce(char *buffer, int sessionId, int xmitIv)
{
if (xmitIv == 0) {
xmitIv = sessionId;
memset(buffer, '\0', 13);
/* Initialize the IV Buffer */
buffer[1] = (xmitIv >> 24) & 0xff;
buffer[2] = (xmitIv >> 16) & 0xff;
buffer[3] = (xmitIv >> 8) & 0xff;
buffer[4] = (xmitIv & 0xff);
buffer[5] = (xmitIv >> 24) & 0xff;
buffer[6] = (xmitIv >> 16) & 0xff;
buffer[7] = (xmitIv >> 8) & 0xff;
buffer[8] = (xmitIv & 0xff);
buffer[9] = (xmitIv >> 24) & 0xff;
buffer[10] = (xmitIv >> 16) & 0xff;
buffer[11] = (xmitIv >> 8) & 0xff;
buffer[12] = (xmitIv & 0xff);
} else {
xmitIv = bignuminc-12(xmitIv);
}
return;
}
10.3 Authenticated Key Exchange 10.3 Authenticated Key Exchange
The AC and WTP accomplish mutual authentication and a cryptographic This section describes the key management component of the LWAPP
key exchange in a single round trip using the Join Request and protocol. There are two modes supported by LWAPP; certificate and
Response pair (see Section 6.1). pre-shared key.
The following notations are used throughout this section: 10.3.1 Certificate Based Approach
This section details the key management protocol which makes use of
X.509 certificates.
The following notations are used throughout this section:
o Kpriv - the private key of a public-private key pair o Kpriv - the private key of a public-private key pair
o Kpub - the public key of the pair o Kpub - the public key of the pair
o KeyMaterial - clear text LWAPP session key, randomly generated on o KeyMaterial - output of KDF-256(key, WTP-MAC)
the AC when it receives the Join Request o K1 - AES-CCM Encryption Key
o K2 - AES Key-Wrap Key
o SessionID - randomly generated LWAPP session identifier, provided o SessionID - randomly generated LWAPP session identifier, provided
by the WTP in the Join Request by the WTP in the Join Request
o M - a clear-text message o M - a clear-text message
o C - a cipher-text message. o C - a cipher-text message.
o S - signed cipher-text message. o S - signed cipher-text message.
o PKCS1(z) - the PKCS#1 encapsulation of z o PKCS1(z) - the PKCS#1 encapsulation of z
o E-x{Kpriv, M} - encryption of M using X's private key o E-x{Kpriv, M} - RSA encryption of M using X's private key
o E-x{Kpub, M} - encryption of M using X's public key o E-x{Kpub, M} - RSA encryption of M using X's public key
o S-x{M} - a digital signature over M produced by X o S-x{M} - an RSA digital signature over M produced by X
o V-x{S-x, M} - verification of X's digital signature over M o V-x{S-x, M} - RSA verification of X's digital signature over M
o D-x{Kpriv, C} - decryption of C using X's private key o D-x{Kpriv, C} - RSA decryption of C using X's private key
o D-x{Kpub, C} - decryption of C using X's public key o D-x{Kpub, C} - RSA decryption of C using X's public key
o Certificate-AC - AC's Certificate o Certificate-AC - AC's Certificate
o Certificate-WTP - WTP's Certificate o Certificate-WTP - WTP's Certificate
10.3.1.1 Session Key Generation
The AC and WTP accomplish mutual authentication and a cryptographic
key exchange in a single round trip using the Join Request and
Response pair (see Section 6.1).
Note that the constant 'x' is used in the above notations to Note that the constant 'x' is used in the above notations to
represent one of the parties in the LWAPP exchange. For instance, if represent one of the parties in the LWAPP exchange. For instance, if
the WTP must encrypt some text, it would use its own private key, and the WTP must encrypt some text, it would use its own private key, and
therefore the notation "E-wtp{Kpriv, M}" would be used. therefore the notation "E-wtp{Kpriv, M}" would be used.
The following text describes the exchange between the WTP and the AC The following text describes the exchange between the WTP and the AC
that creates a session key, which is used to secure LWAPP control that creates a session key, which is used to secure LWAPP control
messages. messages.
o The WTP adds the Certificate message element (see Section 6.1.6) o The WTP adds the Certificate message element (see Section 6.1.6)
with the contents set to Certificate-WTP in the Join Request. with the contents set to Certificate-WTP in the Join Request.
o The WTP adds the Session ID message element (see Section 6.1.7) o The WTP adds the Session ID message element (see Section 6.1.7)
with the contents set to a randomly generated session identifer with the contents set to a randomly generated session identifer
(see [4]) in the Join Request. The WTP MUST save the Session ID (see RFC 1750 [4]) in the Join Request. The WTP MUST save the
in order to validate the Join Response. Session ID in order to validate the Join Response.
o Upon receiving the Join Request, the AC verifies Certificate-WTP, o Upon receiving the Join Request, the AC verifies Certificate-WTP,
encoded in the Certificate message element. encoded in the Certificate message element. The AC SHOULD also
o The AC Randomly generates 4 random session keys. The four keys perform some authorization check, ensuring that the WTP is allowed
are (in order) a 16 byte Transmission AES key, a 16 byte Reception to connect to the AC.
AES Key, a 20 byte HMAC-SHA1 Transmission Key and a 20 byte o The AC generates a 32 byte random session key. The first 16
HMAC-SHA1 Reception Key. These four keys are concatenated into a bytes, K1 are used to protect the LWAPP traffic while the latter
single bit string, which is now referred to as KeyMaterial. The 16 bytes, K2 are used to keywrap the keys in the Key Update
directionality of these keys is from the standpoint of the AC. Response using RFC 3394 [10].
o The AC encrypts the key into cipher-text (C), using E-wtp{Kpub , o The AC encrypts the key into cipher-text (C), using E-wtp{Kpub ,
PKCS1(KeyMaterial)}. This encrypts the PKCS#1-encoded key PKCS1(KeyMaterial)}. This encrypts the PKCS#1-encoded key
material with the public key of the WTP, so that only the WTP can material with the public key of the WTP, so that only the WTP can
decrypt it and determine the session keys. decrypt it and determine the session keys.
o The AC compute a signature (S), using S-ac{SessionID|C} of the o The AC encrypts the concatenation of sessionID and cipher text (C)
cipher-text; this computes the AC's digital signature over the into cipher text(CĒ), using E-ac{Kpriv, SessionID|C}. This
concatenation of the 32-bit SessionID and the encrypted key encrypts using the private key of AC and can be decrypted using
material (C), and can be verified using the public key of the AC, the public key of AC, proving that AC produced this; this forms
"proving" that the AC produced this; this forms the basis of trust the basis of trust for WTP with respect to the source of the
for the WTP with respect to the source of the session keys session keys. The cipher-text (CĒ) is then copied into the
(KeyMaterial). session key field within the Session Key message element.
o AC creates the Join Response, and includes two message elements. o AC creates the Join Response, and includes two message elements.
Certificate-AC in included in the Certificate message element. Certificate-AC is included in the Certificate message element.
The Session Key message element is added, with the Session ID The Session Key message element is added, with the Security field
encoded and the signed cipher-text (S) included in the Session Key set to one (1 - X.509 Certificate Based), and the cipher-text (CĒ)
field. The resulting Join Response is sent to the WTP. is included in the Session Key field. The resulting Join Response
o WTP verifies that SessionID in the Join Response's Session Key is sent to the WTP.
message element matches an outstanding request
o WTP verifies authenticity of Certificate-AC in the Join Response's o WTP verifies authenticity of Certificate-AC in the Join Response's
Certificate message element. Certificate message element.
o WTP computes V-ac{S, SessionID|C}, where S is the Session Key o WTP computes D-ac{Kpub, 'CĒ}, where 'CĒ is the content of Session
field of the Session Key message element, verifying the AC's Key field in Session Key Message element. The resulting data
signature over the session identifier and the encrypted key includes the SessionID and cipher text (C). SessionID is
material validated against the SessionID that was sent in the Join Request.
o WTP computes PKCS1(KeyMaterial) = D-ac{Kpriv , C}, decrypting the o WTP computes PKCS1(KeyMaterial) = D-ac{Kpriv , C}, decrypting the
session keys using its private key; since these were encrypted session keys using its private key, where C is the cipher text
with the WTP's public key, only the WTP can successfully decrypt retrieved by decrypting the session key field in earlier step.
this. Since these were encrypted with the WTP's public key, only the WTP
KeyMaterial is divided into the four transmission and reception can successfully decrypt the session key. The resulting 32 octet
AES and HMAC-SHA1 session keys. From this point on, all control KeyMaterial is split into two 16 octet keys, K1 and K2,
protocol payloads between the WTP and AC are encrypted and respectively.
authenticated. The related payloads are described in the sections o K1 is now plumbed into the crypto engine as the AES-CCM session
above. key. From this point on, all control protocol payloads between
the WTP and AC are encrypted and authenticated using the new
session key.
10.4 Refreshing Cryptographic Keys 10.3.1.2 Refreshing Cryptographic Keys
Since AC-WTP associations will tend to be relatively long-lived, it Since AC-WTP associations will tend to be relatively long-lived, it
is sensible to periodically refresh the encryption and authentication is sensible to periodically refresh the encryption and authentication
keys; this is referred to as "rekeying". When the key lifetime keys; this is referred to as "rekeying". When the key lifetime
reaches 95% of the configured value, identified in the KeyLifetime reaches 95% of the configured value, identified in the KeyLifetime
timer (see Section 12), the rekeying will proceed as follows: timer (see Section 12), the rekeying will proceed as follows:
o WTP generates a fresh random Session identier value and encodes it o WTP generates a fresh random Session identier value and encodes it
within the Key Update Request's Session ID message elemenet. The within the Key Update Request's Session ID message element. The
new session identifier is saved on the WTP in order to verify the new session identifier is saved on the WTP in order to verify the
Key Update Response. The Key Update Request is sent to the AC. Key Update Response. The protected Key Update Request is sent to
o When the AC receives Key Update Request with the SessionID message the AC.
element, the AC randomly generates 4 random session keys. The o The AC generates a 32 byte random session key. The first 16
four keys are (in order) a 16 byte Transmission AES key, a 16 byte bytes, K1 are used to protect the LWAPP traffic while the latter
Reception AES Key, a 20 byte HMAC-SHA1 Transmission Key and a 20 16 bytes, K2 are used to keywrap the keys in the Key Update
byte HMAC-SHA1 Reception Key. These four keys are concatenated Response using RFC 3394 [10].
into a single bit string, which is now referred to as KeyMaterial.
The directionality of these keys is from the standpoint of the AC.
o The AC encrypts the key into cipher-text (C), using E-wtp{Kpub , o The AC encrypts the key into cipher-text (C), using E-wtp{Kpub ,
PKCS1(KeyMaterial)}. This encrypts the PKCS#1-encoded key PKCS1(KeyMaterial)}. This encrypts the PKCS#1-encoded key
material with the public key of the WTP, so that only the WTP can material with the public key of the WTP, so that only the WTP can
decrypt it and determine the session keys. decrypt it and determine the session keys.
o The AC compute a signature (S), using S-ac{SessionID|C} of the o The AC encrypts the concatenation of sessionID and cipher text (C)
cipher-text; this computes the AC's digital signature over the into cipher text(CĒ), using E-ac{Kpriv, SessionID|C}. This
concatenation of the 32-bit SessionID and the encrypted key encrypts using the private key of AC and can be decrypted using
material (C), and can be verified using the public key of the AC, the public key of AC, proving that AC produced this; this forms
"proving" that the AC produced this; this forms the basis of trust the basis of trust for WTP with respect to the the source of the
for the WTP with respect to the source of the session keys session keys. The cipher-text (CĒ) is then copied into the
(KeyMaterial). session key field within the Session Key message element.
o AC then sends a Key Update Response message to the WTP using the o AC creates the Key Update Response message, and includes the
old session key. Once the message has been sent, the new session Session Key message element with the Security field set to one (1
key is plumbed into the AC's crypto engine. - X.509 Certificate Based), and the cipher-text (CĒ) is included
in the Session Key field. The resulting encrypted Key Update
Response is sent to the WTP.
o WTP computes D-ac{Kpub, CĒ}, where CĒ is the conten of Session Key
field in Session Key Message element. The resulting data includes
the SessionID and cipher text (C). SessionID is validated against
the SessionID that was sent in the Join Request.
o WTP computes PKCS1(KeyMaterial) = D-ac{Kpriv , C}, decrypting the
session keys using its private key, where C is the cipher text
retrieved by decrypting the session key field in earlier step.
Since these were encrypted with the WTP's public key, only the WTP
can successfully decrypt the session key. The resulting 32 octet
KeyMaterial is split into two 16 octet keys, K1 and K2,
respectively.
o K1 is now plumbed into the crypto engine as the AES-CCM session
key. From this point on, all control protocol payloads between
the WTP and AC are encrypted and authenticated using the new
session key.
If WTP does not receive the Key Update Response by the time the
ResponseTimeout timer expires (see Section 12), the WTP MUST delete
the new and old session information, and reset the state machine to
the Idle state.
Following a rekey process, both the WTP and the AC keep the previous
encryption for one second in order to be able to process packets that
arrive out of order.
10.3.2 Pre-Shared Key Approach
This section details the key management protocol which makes use of
pre-shared secrets.
The following notations are used throughout this section:
o PSK - the pre-shared key shared between the WTP and the AC
o K0 - the result of a KDF using the PSK and the WTP's MAC Address
o K1 - the confirmation Key
o K2 - the encryption Key
o K3 - the keywrap Key (see RFC 3394 [10])
o KeyMaterial - concatenation of K1, K2 and K3
o SessionID - randomly generated LWAPP session identifier, provided
by the WTP in the Join Request
o MIC(K1, packet) - A message integrity check, using HMAC-SHA1 and
K1, of the complete LWAPP packet, with the sequence number field
set to zero.
o E(K0E, plaintext) - Plaintext is encrypted with K0E, using
AES-CBC.
o D(K0E, cryptotext) - Cryptotext is decrypted with K0E, using
AES-CBC.
o WNonce - The WTP's randomly generated Nonce.
o ANonce - The AC's randomly generated Nonce.
o EWNonce - The payload of the WNonce message element, which
includes the WNonce.
o EANonce - The payload of the ANonce message element, which
includes the ANonce.
o WTP-MAC - The WTP's MAC Address.
o AC-MAC - The AC's MAC Address.
10.3.2.1 Session Key Generation
The AC and WTP accomplish mutual authentication and a cryptographic
key exchange in a dual round trip using the Join Request, Join
Response, Join ACK and Join Confirm (see Section 6.1).
The following text describes the exchange between the WTP and the AC
that creates a session key, which is used to secure LWAPP control
messages.
o The WTP creates K0 through the following algorithm: K0 =
KDF-256{PSK, "LWAPP PSK Top K0" || Session ID || WTP-MAC ||
AC-MAC}, where WTP-MAC is the WTP's MAC Address in the form
"xx:xx:xx:xx:xx:xx". Similarly, the AC-MAC is an ASCII encoding
of the AC's MAC Address, of the form "xx:xx:xx:xx:xx:xx". The
first 16 octets is the K0 encryption key (K0E), and the second 16
octets is the K0 Derivation key (K0D).
o The WTP creates a random nonce, known as WNonce, and encrypts it
using the following algorithm: EWNonce = E{K0E, WNonce}. The
encrypted nonce is added to the Join Request's WNonce message
element (see Section 6.1.9).
o The WTP adds the Session ID message element (see Section 6.1.7)
with the contents set to a randomly generated session identifer
(see RFC 1750 [4]) in the Join Request. The WTP MUST save the
Session ID in order to validate the Join Response.
o Upon receiving the Join Request, the AC creates K0, using K0 =
KDF-256{PSK, "LWAPP PSK Top K0" || Session ID || WTP-MAC ||
AC-MAC}. WNonce = D{K0E, EWNonce}, where EWNonce is found in the
WNonce message element.
o The AC then creates its own random nonce, known as ANonce. The
WANonce is then created, through E{K0E, NOT WNonce || ANonce}.
"NOT WNonce" means that the AC takes WNonce and inverts all of the
bits within the field. The results of the encryption is inserted
in the Join Response's ANonce message element (see Section 6.1.9).
o The AC then uses the KDF function to create a 48 octet session
key. The KDF function used is as follows: KDF-384{K0D, "LWAPP Key
Generation", WNonce || ANonce || WTP-MAC || AC-MAC}. The KDF
function is defined in [7]. The resulting octets are split into
three 16 octet keys (K1, K2 and K3, in that exact order).
o The AC creates the PSK-MIC (see Section 6.2.8) message element
whose payload includes MIC{K1, Join Response} using K1 as the
confirmation key, which is added to the Join Response. The
resulting Join Response is sent to the WTP.
o Upon receiving the Join Response, the WTP decrypts ANonce from the
contents of the ANonce message element, using ANonce = D{K0E,
WANonce}
o The WTP uses a KDF function to create a 48 octet session key. The
KDF function used is as follows: KDF-384{K0D, "LWAPP Key
Generation", WNonce || ANonce || WTP-MAC || AC-MAC}. The KDF
function is defined in [7]. The resulting octets are split into
three 16 octet keys (K1, K2 and K3, in that exact order).
o WTP verifies authenticity of the PSK-MIC field by using MIC{K1,
Join Response}.
o The WTP creates the PSK-MIC message element whose payload includes
MIC{K1, Join ACK}, which is added to the Join ACK, as well as the
WNonce message element. The resulting Join ACK is sent to the AC.
o AC verifies that WTP's Nonce in the Join ACK's WNonce message
element matches the value it had received in the Join Request.
o AC verifies authenticity of the PSK-MIC message element, by using
its own saved version of K1. It then creates another PSK-MIC
message element, whose payload includes MIC{K1, Join Confirm},
which is added to the Join Confirm, as well as the Session ID
message element. The resulting Join Confirm is sent to the WTP.
o WTP verifies authenticity of the PSK-MIC message element, by using
its own saved version of K1, using the SessionID it had used in
the original Join Request.
o K2 is now plumbed into the crypto engine as the AES-CCM session
key. From this point on, all control protocol payloads between
the WTP and AC are encrypted and authenticated using the new
session key.
10.3.2.2 Refreshing Cryptographic Keys
Since AC-WTP associations will tend to be relatively long-lived, it
is sensible to periodically refresh the encryption and authentication
keys; this is referred to as "rekeying". When the key lifetime
reaches 95% of the configured value, identified in the KeyLifetime
timer (see Section 12), the rekeying will proceed as follows:
o WTP generates a fresh random Session identier value and encodes it
within the Key Update Request's Session ID message element. The
new session identifier is saved on the WTP in order to verify the
Key Update Response. The Key Update Request is sent to the AC.
o The AC generates 2 new random 16 octet, which are the new K2 and
K3. This new K3 is the AES Key Wrap key that will be used in the
next rekey event. These two session keys are concatenated into a
32 octet value, which is encrypted using the AES Key Wrap (see RFC
3384 [9]), and using K3, which was either created in the KDF
function during the Join phase, or communicated in the previous
Key Update Response to the WTP. The output of the AES Key Wrap
function is used as the Payload of the Session Key message
element.
o AC then sends a protected Key Update Response message to the WTP
using the old session key. Once the message has been sent, the
new K2 session key is plumbed into the AC's crypto engine.
o WTP verifies that SessionID in the Key Update Response's Session o WTP verifies that SessionID in the Key Update Response's Session
Key message element matches an outstanding request Key message element matches an outstanding request
o WTP computes V-ac{S, SessionID|C}, where S is the Session Key o WTP uses the AES Key Wrap function, with the K3 which it had
field of the Session Key message element, verifying the AC's received from the AC in the original Join phase, or mututally
signature over the session identifier and the encrypted key generated in the previous Join Update Request exchange. The
material output of the Key Wrap function is a 32 octet value, which is
o WTP computes PKCS1(KeyMaterial) = D-ac{Kpriv , C}, decrypting the split into two separate 16 octet session keys, K2 and K3.
session keys using its private key; since these were encrypted o K2 is now plumbed into the crypto engine as the AES-CCM session
with the WTP's public key, only the WTP can successfully decrypt key. From this point on, all control protocol payloads between
this. the WTP and AC are encrypted and authenticated using the new
o KeyMaterial is divided into the four transmission and reception session key.
AES and HMAC-SHA1 session keys. From this point on, all control
protocol payloads between the WTP and AC are encrypted and
authenticated using the new session keys. The related payloads
are described in the sections above.
If WTP does not receive the Key Update Response by the time the If WTP does not receive the Key Update Response by the time the
ResponseTimeout timer expires (see Section 12), the WTP MUST delete ResponseTimeout timer expires (see Section 12), the WTP MUST delete
the new and old session information, and reset the state machine to the new and old session information, and reset the state machine to
the Idle state. the Idle state.
Following a rekey process, both the WTP and the AC keep the previous
encryption for one second in order to be able to process packets that
arrive out of order.
11. IEEE 802.11 Binding 11. IEEE 802.11 Binding
11.1 Transport specific bindings This section defines the extensions required for the LWAPP protocol
to be used with the IEEE 802.11 protocol.
11.1 Division of labor
The LWAPP protocol, when used with IEEE 802.11 devices, requires a
specific behavior from the WTP and the AC, specifically in terms of
which 802.11 protocol functions are handled.
11.1.1 Split MAC
This section discusses the roles and responsibilities of the WTP and
the AC when the LWAPP protocol is used in a Split MAC mode.
The responsibility of the WTP is to handle the following functions:
o 802.11 Control Protocol. These functions are very latency
sensitive, and include such functions as packet acknowledgement,
retransmissions, etc.
o 802.11 Beacons. The information elements to be included in the
beacon is controlled by the AC. Since inter-beacon timing is very
critical, the actual beacons are generated by the WTP. Any 802.11
protocol extension that requires changes within the beacon on a
per frame basis (e.g., 802.11e's QBSS) must be handled solely
within the WTP.
o 802.11 Probe Response. As with the beacons, the information to
include in the probe responses is sent by the AC. Stations
generally expect probe requests to be responded to within 3 to 10
milliseconds, and as a consequence it is very difficult to provide
this function in the AC. Note that the WTP does forward the Probe
Requests received to the AC, for its own information. Whether the
AC makes use of these frames is implementation dependent, and is
outside the scope of this document.
o 802.11e Frame Queuing. The 802.11e standard defines a control
protocol, which is carried within the 802.11 MAC management
protocol, as well as defines how packet prioritization is handled
through various timing parameters. The actual packet
prioritization must be handled in the WTP, since only the WTP has
complete visibility into the RF.
o 802.11i Frame Encryption. The 802.11i standard defines a control
protocol used for the establishment of a security association, as
well as a means to encrypt and decrypt 802.11 data frames. The
actual encryption and decryption services MAY occur in the WTP.
The responsibility of the AC is to handle the following functions:
o 802.11 MAC Management. All 802.11 MAC Management frames not
listed above are handled exclusively within the AC. This includes
the 802.11 (re)association request, action frames, etc.
o 802.11 Data. The WTP simply encapsulates all 802.11 data frames
received, and forwards them to the AC.
o 802.11e Resource Reservat. The 802.11e standard defines a control
protocol, which is carried within the 802.11 MAC management
protocol, as well as defines how packet prioritization is handled
through various timing parameters. The signaling defined in this
specification is handled within the AC.
o 802.11i Authentication and Key Exchange. The 802.11i standard
defines a control protocol used for the establishment of a
security association, as well as a means to encrypt and decrypt
802.11 data frames. The authentication (802.1X/EAP) and key
exchange component of this standard is handled within the AC.
11.1.2 Local MAC
This section discusses the roles and responsibilities of the WTP and
the AC when the LWAPP protocol is used in a Local MAC mode.
TBD
11.2 Transport specific bindings
All LWAPP transports have the following IEEE 802.11 specific All LWAPP transports have the following IEEE 802.11 specific
bindings: bindings:
11.1.1 Status and WLANS field 11.2.1 Status and WLANS field
The interpretation of this 16 bit field depends on the direction of The interpretation of this 16 bit field depends on the direction of
transmission of the packet. Refer to the figure in Section transmission of the packet. Refer to the figure in Section
Section 3.1. Section 3.1.
Status Status
When an LWAPP packet is transmitted from an WTP to an AC, this field When an LWAPP packet is transmitted from an WTP to an AC, this field
is called the status field and indicates radio resource information is called the status field and indicates radio resource information
associated with the frame. When the message is an LWAPP control associated with the frame. When the message is an LWAPP control
skipping to change at page 67, line 35 skipping to change at page 80, line 8
The status field is divided into the signal strength and signal to The status field is divided into the signal strength and signal to
noise ratio with which an IEEE 802.11 frame was received, encoded in noise ratio with which an IEEE 802.11 frame was received, encoded in
the following manner: the following manner:
0 1 0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| RSSI | SNR | | RSSI | SNR |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
RSSI RSSI: RSSI is a signed, 8-bit value. It is the received signal
strength indication, in dBm.
RSSI is a signed, 8-bit value. It is the received signal strength SNR: SNR is a signed, 8-bit value. It is the signal to noise ratio
indication, in dBm. of the received IEEE 802.11 frame, in dB.
WLANs field: When an LWAPP data message is transmitted from an AC to
SNR an WTP, this 16 bit field indicates on which WLANs the
encapsulated IEEE 802.11 frame is to be transmitted. For unicast
SNR is a signed, 8-bit value. It is the signal to noise ratio of the packets, this field is not used by the WTP. For broadcast or
received IEEE 802.11 frame, in dB. multicast packets, the WTP might require this information if it
provides encryption services.
WLANS field
When an LWAPP data message is transmitted from an AC to an WTP, this
16 bit field indicates on which WLANs the encapsulated IEEE 802.11
frame is to be transmitted. For unicast packets, this field is not
used by the WTP. For broadcast or multicast packets, the WTP might
require this information if it provides encryption services.
Given that a single broadcast or multicast packet might need to be Given that a single broadcast or multicast packet might need to be
sent to multiple wireless LANs (presumably each with a different sent to multiple wireless LANs (presumably each with a different
broadcast key), this field is defined as a bit field. A bit set broadcast key), this field is defined as a bit field. A bit set
indicates a WLAN ID (see Section Section 11.4.1.1) which will be sent indicates a WLAN ID (see Section Section 11.5.1.1) which will be
the data. The WLANS field is encoded in the following manner: sent the data. The WLANS field is encoded in the following
manner:
0 1 0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| WLAN ID(s) | | WLAN ID(s) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
11.2 Data Message bindings 11.3 Data Message bindings
There are no LWAPP Data Message bindings for IEEE 802.11. There are no LWAPP Data Message bindings for IEEE 802.11.
11.3 Control Message bindings 11.4 Control Message bindings
The IEEE 802.11 binding has the following Control Message The IEEE 802.11 binding has the following Control Message
definitions. definitions.
11.3.1 Mobile Config Request 11.4.1 Mobile Config Request
This section contains the 802.11 specific message elements that are This section contains the 802.11 specific message elements that are
used with the Mobile Config Request. used with the Mobile Config Request.
11.3.1.1 Add Mobile 11.4.1.1 Add Mobile
The Add Mobile Request is used by the AC to inform an WTP that it The Add Mobile Request is used by the AC to inform an WTP that it
should forward traffic from a particular mobile station. The add should forward traffic from a particular mobile station. The add
mobile request may also include security parameters that must be mobile request may also include security parameters that must be
enforced by the WTP for the particular mobile. enforced by the WTP for the particular mobile.
When the AC sends an Add Mobile Request, it includes any security When the AC sends an Add Mobile Request, it includes any security
parameters that may be required. An AC that wishes to update a parameters that may be required. An AC that wishes to update a
mobile's policy on an WTP may be done by simply sending a new Add mobile's policy on an WTP may be done by simply sending a new Add
Mobile message element. Mobile message element.
skipping to change at page 69, line 19 skipping to change at page 81, line 33
the 802.11e priority tag to ensure that it does not exceed the value the 802.11e priority tag to ensure that it does not exceed the value
provided by the AC. provided by the AC.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | Association ID | MAC Address | | Radio ID | Association ID | MAC Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MAC Address | | MAC Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MAC Address |E| Encryption Policy | | MAC Address |E|C| Encryption Policy |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Encrypt Policy | Session Key... | |Encrypt Policy | Session Key... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Pairwise TSC... | | Pairwise TSC... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Pairwise RSC... | | Pairwise RSC... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Capabilities | WLAN ID | WME Mode | | Capabilities | WLAN ID | WME Mode |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 802.11e Mode | Qos | Supported Rates | | 802.11e Mode | Qos | Supported Rates |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Supported Rates | | Supported Rates |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 29 for Add Mobile Type: 29 for Add Mobile
Length: 36 Length: 36
Radio ID: An 8-bit value representing the radio Radio ID: An 8-bit value representing the radio
Association ID: A 16-bit value specifying the 802.11 Association Association ID: A 16-bit value specifying the 802.11 Association
Identifier Identifier
MAC Address: The mobile station's MAC Address MAC Address: The mobile station's MAC Address
E: The one bit field is set by the AR to inform the WTP that is MUST E: The one bit field is set by the AC to inform the WTP that is MUST
NOT accept any 802.11 data frames, other than 802.1X frames. This NOT accept any 802.11 data frames, other than 802.1X frames. This
is the equivalent of the WTP's 802.1X port for the mobile station is the equivalent of the WTP's 802.1X port for the mobile station
to be in the closed state. When set, the WTP MUST drop any to be in the closed state. When set, the WTP MUST drop any
non-802.1X packets it receives from the mobile station. non-802.1X packets it receives from the mobile station.
C: The one bit field is set by the AC to inform the WTP that
encryption services will be provided by the AC. When set, the WTP
SHOULD police frames received from stations to ensure that they
comply to the stated encryption policy, but does not need to take
specific cryptographic action on the frame. Similarly, for
transmitted frames, the WTP only needs to forward already
encrypted frames.
Encryption Policy: The policy field informs the WTP how to handle Encryption Policy: The policy field informs the WTP how to handle
packets from/to the mobile station. The following values are packets from/to the mobile station. The following values are
supported: supported:
0 - Encrypt WEP 104: All packets to/from the mobile station must 0 - Encrypt WEP 104: All packets to/from the mobile station must
be encrypted using standard 104 bit WEP. be encrypted using standard 104 bit WEP.
1 - Clear Text: All packets to/from the mobile station do not 1 - Clear Text: All packets to/from the mobile station do not
require any additional crypto processing by the WTP. require any additional crypto processing by the WTP.
2 - Encrypt WEP 40: All packets to/from the mobile station must 2 - Encrypt WEP 40: All packets to/from the mobile station must
be encrypted using standard 40 bit WEP. be encrypted using standard 40 bit WEP.
3 - Encrypt WEP 128: All packets to/from the mobile station must 3 - Encrypt WEP 128: All packets to/from the mobile station must
be encrypted using standard 128 bit WEP. be encrypted using standard 128 bit WEP.
4 - Encrypt AES-CCMP 128: All packets to/from the mobile station 4 - Encrypt AES-CCMP 128: All packets to/from the mobile station
must be encrypted using 128 bit AES CCMP [7] must be encrypted using 128 bit AES CCMP [7]
5 - Encrypt TKIP-MIC: All packets to/from the mobile station must 5 - Encrypt TKIP-MIC: All packets to/from the mobile station must
be encrypted using TKIP and authenticated using Michael [12] be encrypted using TKIP and authenticated using Michael [15]
Session Key: A 32 octet session key the WTP is to use when Session Key: A 32 octet session key the WTP is to use when
encrypting traffic to or decrypting traffic from the mobile encrypting traffic to or decrypting traffic from the mobile
station. The type of key is determined based on the Encryption station. The type of key is determined based on the Encryption
Policy field. Policy field.
Pairwise TSC: The TSC to use for unicast packets transmitted to the Pairwise TSC: The TSC to use for unicast packets transmitted to the
mobile. mobile.
Pairwise RSC: The RSC to use for unicast packets received from the Pairwise RSC: The RSC to use for unicast packets received from the
mobile. mobile.
Capabilities: A 16-bit field containing the 802.11 capabilities to Capabilities: A 16-bit field containing the 802.11 capabilities to
use with the mobile. use with the mobile.
WLAN ID: An 8-bit value specifying the WLAN Identifier WLAN ID: An 8-bit value specifying the WLAN Identifier
WME Mode: A 8-bit boolean used to identify whether the station is WME Mode: A 8-bit boolean used to identify whether the station is
WME capable. A value of zero is used to indicate that the station
is not WME capable, while a value of one means that the station is
WME capable. WME capable.
802.11e Mode: A 8-bit boolean used to identify whether the station 802.11e Mode: A 8-bit boolean used to identify whether the station
is 802.11e capable. is 802.11e capable. A value of zero is used to indicate that the
station is not 802.11e capable, while a value of one means that
the station is 802.11e capable.
QoS: An 8-bit value specifying the QoS policy to enforce for the QoS: An 8-bit value specifying the QoS policy to enforce for the
station. The following values are supported: PRC: TO CHECK station. The following values are supported: PRC: TO CHECK
0 - Silver (Best Effort) 0 - Silver (Best Effort)
1 - Gold (Video) 1 - Gold (Video)
2 - Platinum (Voice) 2 - Platinum (Voice)
3 - Bronze (Background) 3 - Bronze (Background)
Supported Rates: The supported rates to be used with the mobile Supported Rates: The supported rates to be used with the mobile
station. station.
11.3.1.2 IEEE 802.11 Mobile Session Key 11.4.1.2 IEEE 802.11 Mobile Session Key
The Mobile Session Key Payload message element is sent when the AC The Mobile Session Key Payload message element is sent when the AC
determines that encryption of a mobile station must be performed in determines that encryption of a mobile station must be performed in
the WTP. This message element MUST NOT be present without the Add the WTP. This message element MUST NOT be present without the Add
Mobile (see Section 11.3.1.1) message element, and MUST NOT be sent Mobile (see Section 11.4.1.1) message element, and MUST NOT be sent
if the WTP had not specifically advertised support for the requested if the WTP had not specifically advertised support for the requested
encryption scheme (see ???). encryption scheme (see ???).
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MAC Address | | MAC Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MAC Address | Encryption Policy | | MAC Address | Encryption Policy |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 71, line 29 skipping to change at page 84, line 4
packets from/to the mobile station. The following values are packets from/to the mobile station. The following values are
supported: supported:
0 - Encrypt WEP 104: All packets to/from the mobile station must 0 - Encrypt WEP 104: All packets to/from the mobile station must
be encrypted using standard 104 bit WEP. be encrypted using standard 104 bit WEP.
1 - Clear Text: All packets to/from the mobile station do not 1 - Clear Text: All packets to/from the mobile station do not
require any additional crypto processing by the WTP. require any additional crypto processing by the WTP.
2 - Encrypt WEP 40: All packets to/from the mobile station must 2 - Encrypt WEP 40: All packets to/from the mobile station must
be encrypted using standard 40 bit WEP. be encrypted using standard 40 bit WEP.
3 - Encrypt WEP 128: All packets to/from the mobile station must 3 - Encrypt WEP 128: All packets to/from the mobile station must
be encrypted using standard 128 bit WEP. be encrypted using standard 128 bit WEP.
4 - Encrypt AES-CCMP 128: All packets to/from the mobile station 4 - Encrypt AES-CCMP 128: All packets to/from the mobile station
must be encrypted using 128 bit AES CCMP [7] must be encrypted using 128 bit AES CCMP [7]
5 - Encrypt TKIP-MIC: All packets to/from the mobile station must 5 - Encrypt TKIP-MIC: All packets to/from the mobile station must
be encrypted using TKIP and authenticated using Michael [12] be encrypted using TKIP and authenticated using Michael [15]
Session Key: The session key the WTP is to use when encrypting Session Key: The session key the WTP is to use when encrypting
traffic to/from the mobile station. traffic to/from the mobile station.
11.3.1.3 QoS Profile 11.4.1.3 QoS Profile
The QoS Profile Payload message element contains the maximum 802.11e The QoS Profile Payload message element contains the maximum 802.11e
priority tag that may be used by the station. Any packets received priority tag that may be used by the station. Any packets received
that exceeds the value encoded in this message element must either be that exceeds the value encoded in this message element must either be
dropped or tagged using the maximum value permitted by to the user. dropped or tagged using the maximum value permitted by to the user.
The priority tag must be between zero (0) and seven (7). The priority tag must be between zero (0) and seven (7).
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 72, line 4 skipping to change at page 84, line 27
dropped or tagged using the maximum value permitted by to the user. dropped or tagged using the maximum value permitted by to the user.
The priority tag must be between zero (0) and seven (7). The priority tag must be between zero (0) and seven (7).
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MAC Address | | MAC Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MAC Address | 802.1P Precedence Tag | | MAC Address | 802.1P Precedence Tag |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: TBD for IEEE 802.11 QOS Profile Type: TBD for IEEE 802.11 QOS Profile
Length: 12 Length: 12
MAC Address: The mobile station's MAC Address MAC Address: The mobile station's MAC Address
802.1P Precedence Tag: The maximum 802.1P precedence value that the 802.1P Precedence Tag: The maximum 802.1P precedence value that the
WTP will allow in the TID field in the extended 802.11e QOS Data WTP will allow in the TID field in the extended 802.11e QOS Data
header. header.
11.3.1.4 IEEE 802.11 Update Mobile QoS 11.4.1.4 IEEE 802.11 Update Mobile QoS
The Update Mobile QoS message element is used to change the Quality The Update Mobile QoS message element is used to change the Quality
of Service policy on the WTP for a given mobile station. of Service policy on the WTP for a given mobile station.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | Association ID | MAC Address | | Radio ID | Association ID | MAC Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MAC Address | | MAC Address |
skipping to change at page 72, line 45 skipping to change at page 85, line 21
the station. The following values are supported: the station. The following values are supported:
0 - Silver (Best Effort) 0 - Silver (Best Effort)
1 - Gold (Video) 1 - Gold (Video)
2 - Platinum (Voice) 2 - Platinum (Voice)
3 - Bronze (Background) 3 - Bronze (Background)
VLAN Identifier: PRC. VLAN Identifier: PRC.
DSCP Tag: The DSCP label to use if packets are to be DSCP tagged. DSCP Tag: The DSCP label to use if packets are to be DSCP tagged.
802.1P Tag: The 802.1P precedence value to use if packets are to be 802.1P Tag: The 802.1P precedence value to use if packets are to be
802.1P tagged. 802.1P tagged.
11.3.2 WTP Event Request 11.4.2 WTP Event Request
This section contains the 802.11 specific message elements that are This section contains the 802.11 specific message elements that are
used with the WTP Event Request message. used with the WTP Event Request message.
11.3.2.1 IEEE 802.11 Statistics 11.4.2.1 IEEE 802.11 Statistics
The statistics message element is sent by the WTP to transmit it's The statistics message element is sent by the WTP to transmit it's
current statistics. The value contains the following fields. current statistics. The value contains the following fields.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | Tx Fragment Count | | Radio ID | Tx Fragment Count |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Tx Fragment Cnt| Multicast Tx Count | |Tx Fragment Cnt| Multicast Tx Count |
skipping to change at page 74, line 30 skipping to change at page 87, line 26
fragmented frames received. fragmented frames received.
Multicast RX Count: A 32-bit value representing the number of Multicast RX Count: A 32-bit value representing the number of
multicast frames received. multicast frames received.
FCS Error Count: A 32-bit value representing the number of FCS FCS Error Count: A 32-bit value representing the number of FCS
failures. failures.
Decryption Errors: A 32-bit value representing the number of Decryption Errors: A 32-bit value representing the number of
Decryption errors that occured on the WTP. Note that this field Decryption errors that occured on the WTP. Note that this field
is only valid in cases where the WTP provides is only valid in cases where the WTP provides
encryption/decryption services. encryption/decryption services.
11.4 802.11 Control Messages 11.5 802.11 Control Messages
This section will define LWAPP Control Messages that are specific to This section will define LWAPP Control Messages that are specific to
the IEEE 802.11 binding. the IEEE 802.11 binding.
11.4.1 IEEE 802.11 WLAN Config Request 11.5.1 IEEE 802.11 WLAN Config Request
The IEEE 802.11 WLAN Configuration Request is sent by the AC to the The IEEE 802.11 WLAN Configuration Request is sent by the AC to the
WTP in order to change services provided by the WTP. This control WTP in order to change services provided by the WTP. This control
message is used to either create, update or delete a WLAN on the WTP. message is used to either create, update or delete a WLAN on the WTP.
The IEEE 802.11 WLAN Configuration Request is sent as a result of The IEEE 802.11 WLAN Configuration Request is sent as a result of
either some manual admistrative process (e.g., deleting a WLAN), or either some manual admistrative process (e.g., deleting a WLAN), or
automatically to create a WLAN on an WTP. When sent automatically to automatically to create a WLAN on an WTP. When sent automatically to
create a WLAN, this control message is sent after the LWAPP create a WLAN, this control message is sent after the LWAPP
Configuration Request message has been received by the WTP. Configuration Request message has been received by the WTP.
skipping to change at page 75, line 17 skipping to change at page 88, line 14
Since the index is the primary identifier for a WLAN, an AC SHOULD Since the index is the primary identifier for a WLAN, an AC SHOULD
attempt to ensure that the same WLAN is identified through the same attempt to ensure that the same WLAN is identified through the same
index number on all of its WTPs. An AC that does not follow this index number on all of its WTPs. An AC that does not follow this
approach MUST find some other means of maintaining a WLAN Identifier approach MUST find some other means of maintaining a WLAN Identifier
to SSID mapping table. to SSID mapping table.
The following subsections define the message elements that are value The following subsections define the message elements that are value
for this LWAPP operation. Only one message MUST be present. for this LWAPP operation. Only one message MUST be present.
11.4.1.1 IEEE 802.11 Add WLAN 11.5.1.1 IEEE 802.11 Add WLAN
The Add WLAN message element is used by the AC to define a wireless The Add WLAN message element is used by the AC to define a wireless
LAN on the WTP. The value contains the following format: LAN on the WTP. The value contains the following format:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | WLAN Capability | WLAN ID | | Radio ID | WLAN Capability | WLAN ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Encryption Policy | | Encryption Policy |
skipping to change at page 76, line 4 skipping to change at page 88, line 47
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
Type: 7 for IEEE 802.11 Add WLAN Type: 7 for IEEE 802.11 Add WLAN
Length: >= 298 Length: >= 298
Radio ID: An 8-bit value representing the radio. Radio ID: An 8-bit value representing the radio.
WLAN Capability: A 16-bit value containing the capabilities to be WLAN Capability: A 16-bit value containing the capabilities to be
advertised by the WTP within the Probe and Beacon messages. advertised by the WTP within the Probe and Beacon messages.
WLAN ID: A 16-bit value specifying the WLAN Identifier. WLAN ID: A 16-bit value specifying the WLAN Identifier.
Encryption Policy: A 32-bit value specifying the encryption scheme Encryption Policy: A 32-bit value specifying the encryption scheme
to apply to traffic to and from the mobile station. to apply to traffic to and from the mobile station.
The following values are supported: The following values are supported:
0 - Encrypt WEP 104: All packets to/from the mobile station must 0 - Encrypt WEP 104: All packets to/from the mobile station must
be encrypted using standard 104 bit WEP. be encrypted using standard 104 bit WEP.
1 - Clear Text: All packets to/from the mobile station do not 1 - Clear Text: All packets to/from the mobile station do not
require any additional crypto processing by the WTP. require any additional crypto processing by the WTP.
2 - Encrypt WEP 40: All packets to/from the mobile station must 2 - Encrypt WEP 40: All packets to/from the mobile station must
be encrypted using standard 40 bit WEP. be encrypted using standard 40 bit WEP.
3 - Encrypt WEP 128: All packets to/from the mobile station must 3 - Encrypt WEP 128: All packets to/from the mobile station must
be encrypted using standard 128 bit WEP. be encrypted using standard 128 bit WEP.
4 - Encrypt AES-CCMP 128: All packets to/from the mobile station 4 - Encrypt AES-CCMP 128: All packets to/from the mobile station
must be encrypted using 128 bit AES CCMP [7] must be encrypted using 128 bit AES CCMP [7]
5 - Encrypt TKIP-MIC: All packets to/from the mobile station must 5 - Encrypt TKIP-MIC: All packets to/from the mobile station must
be encrypted using TKIP and authenticated using Michael [12] be encrypted using TKIP and authenticated using Michael [15]
6 - Encrypt CKIP: All packets to/from the mobile station must be 6 - Encrypt CKIP: All packets to/from the mobile station must be
encrypted using Cisco TKIP. encrypted using Cisco TKIP.
Key: A 32 byte Session Key to use with the encryption policy. Key: A 32 byte Session Key to use with the encryption policy.
Key-Index: The Key Index associated with the key. Key-Index: The Key Index associated with the key.
Shared Key: A 1 byte boolean that specifies whether the key included Shared Key: A 1 byte boolean that specifies whether the key included
in the Key field is a shared WEP key. in the Key field is a shared WEP key. A value of zero is used to
state that the key is not a shared WEP key, while a value of one
is used to state that the key is a shared WEP key.
WPA Data Len: Length of the WPA IE. WPA Data Len: Length of the WPA IE.
WPA IE: A 32 byte field containing the WPA Information Element. WPA IE: A 32 byte field containing the WPA Information Element.
RSN Data Len: Length of the RSN IE. RSN Data Len: Length of the RSN IE.
RSN IE: A 64 byte field containing the RSN Information Element. RSN IE: A 64 byte field containing the RSN Information Element.
Reserved: A 49 byte reserved field, which MUST be set to zero (0). Reserved: A 49 byte reserved field, which MUST be set to zero (0).
WME Data Len: Length of the WME IE. WME Data Len: Length of the WME IE.
WME IE: A 32 byte field containing the WME Information Element. WME IE: A 32 byte field containing the WME Information Element.
DOT11E Data Len: Length of the 802.11e IE. DOT11E Data Len: Length of the 802.11e IE.
DOT11E IE: A 32 byte field containing the 802.11e Information DOT11E IE: A 32 byte field containing the 802.11e Information
Element. Element.
skipping to change at page 76, line 49 skipping to change at page 89, line 48
2 - Platinum (Voice) 2 - Platinum (Voice)
3 - Bronze (Background) 3 - Bronze (Background)
Auth Type: An 8-bit value specifying the station's authentication Auth Type: An 8-bit value specifying the station's authentication
type. type.
The following values are supported: The following values are supported:
0 - Open System 0 - Open System
1 - WEP Shared Key 1 - WEP Shared Key
2 - WPA/WPA2 802.1X 2 - WPA/WPA2 802.1X
3 - WPA/WPA2 PSK 3 - WPA/WPA2 PSK
Broadcast SSID: A boolean indicating whether the SSID is to be Broadcast SSID: A boolean indicating whether the SSID is to be
broadcast by the WTP. broadcast by the WTP. A value of zero disables SSID broadcast,
while a value of one enables it.
Reserved: A 40 byte reserved field. Reserved: A 40 byte reserved field.
SSID: The SSID attribute is the service set identifier that will be SSID: The SSID attribute is the service set identifier that will be
advertised by the WTP for this WLAN. advertised by the WTP for this WLAN.
11.4.1.2 IEEE 802.11 Delete WLAN 11.5.1.2 IEEE 802.11 Delete WLAN
The delete WLAN message element is used to inform the WTP that a The delete WLAN message element is used to inform the WTP that a
previously created WLAN is to be deleted. The value contains the previously created WLAN is to be deleted. The value contains the
following fields: following fields:
0 1 2 0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | WLAN ID | | Radio ID | WLAN ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 28 for IEEE 802.11 Delete WLAN Type: 28 for IEEE 802.11 Delete WLAN
Length: 3 Length: 3
Radio ID: An 8-bit value representing the radio Radio ID: An 8-bit value representing the radio
WLAN ID: A 16-bit value specifying the WLAN Identifier WLAN ID: A 16-bit value specifying the WLAN Identifier
11.4.1.3 IEEE 802.11 Update WLAN 11.5.1.3 IEEE 802.11 Update WLAN
The Update WLAN message element is used by the AC to define a The Update WLAN message element is used by the AC to define a
wireless LAN on the WTP. The value contains the following format: wireless LAN on the WTP. The value contains the following format:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | WLAN ID |Encrypt Policy | | Radio ID | WLAN ID |Encrypt Policy |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Encryption Policy | Key... | | Encryption Policy | Key... |
skipping to change at page 78, line 16 skipping to change at page 91, line 16
be encrypted using standard 104 bit WEP. be encrypted using standard 104 bit WEP.
1 - Clear Text: All packets to/from the mobile station do not 1 - Clear Text: All packets to/from the mobile station do not
require any additional crypto processing by the WTP. require any additional crypto processing by the WTP.
2 - Encrypt WEP 40: All packets to/from the mobile station must 2 - Encrypt WEP 40: All packets to/from the mobile station must
be encrypted using standard 40 bit WEP. be encrypted using standard 40 bit WEP.
3 - Encrypt WEP 128: All packets to/from the mobile station must 3 - Encrypt WEP 128: All packets to/from the mobile station must
be encrypted using standard 128 bit WEP. be encrypted using standard 128 bit WEP.
4 - Encrypt AES-CCMP 128: All packets to/from the mobile station 4 - Encrypt AES-CCMP 128: All packets to/from the mobile station
must be encrypted using 128 bit AES CCMP [7] must be encrypted using 128 bit AES CCMP [7]
5 - Encrypt TKIP-MIC: All packets to/from the mobile station must 5 - Encrypt TKIP-MIC: All packets to/from the mobile station must
be encrypted using TKIP and authenticated using Michael [12] be encrypted using TKIP and authenticated using Michael [15]
6 - Encrypt CKIP: All packets to/from the mobile station must be 6 - Encrypt CKIP: All packets to/from the mobile station must be
encrypted using Cisco TKIP. encrypted using Cisco TKIP.
Key: A 32 byte Session Key to use with the encryption policy. Key: A 32 byte Session Key to use with the encryption policy.
Key-Index: The Key Index associated with the key. Key-Index: The Key Index associated with the key.
Shared Key: A 1 byte boolean that specifies whether the key included Shared Key: A 1 byte boolean that specifies whether the key included
in the Key field is a shared WEP key. in the Key field is a shared WEP key. A value of zero means that
the key is not a shared WEP key, while a value of one is used to
state that the key is a shared WEP key.
WLAN Capability: A 16-bit value containing the capabilities to be WLAN Capability: A 16-bit value containing the capabilities to be
advertised by the WTP within the Probe and Beacon messages. advertised by the WTP within the Probe and Beacon messages.
11.4.2 IEEE 802.11 WLAN Config Response 11.5.2 IEEE 802.11 WLAN Config Response
The IEEE 802.11 WLAN Configuration Response is sent by the WTP to the The IEEE 802.11 WLAN Configuration Response is sent by the WTP to the
AC as an acknowledgement of the receipt of an IEEE 802.11 WLAN AC as an acknowledgement of the receipt of an IEEE 802.11 WLAN
Configuration Request. Configuration Request.
This LWAPP control message does not include any message elements. This LWAPP control message does not include any message elements.
11.4.3 IEEE 802.11 WTP Event 11.5.3 IEEE 802.11 WTP Event
The IEEE 802.11 WTP Event LWAPP message is used by the WTP in order The IEEE 802.11 WTP Event LWAPP message is used by the WTP in order
to report asynchronous events to the AC. There is no reply message to report asynchronous events to the AC. There is no reply message
expected from the AC, except that the message is acknowledged via the expected from the AC, except that the message is acknowledged via the
reliable transport. reliable transport.
When the AC receives the IEEE 802.11 WTP Event, it will take whatever When the AC receives the IEEE 802.11 WTP Event, it will take whatever
action is necessary, depending upon the message elements present in action is necessary, depending upon the message elements present in
the message. the message.
The IEEE 802.11 WTP Event message MUST contain one of the following The IEEE 802.11 WTP Event message MUST contain one of the following
message element described in the next subsections. message element described in the next subsections.
11.4.3.1 IEEE 802.11 MIC Countermeasures 11.5.3.1 IEEE 802.11 MIC Countermeasures
The MIC Countermeasures message element is sent by the WTP to the AC The MIC Countermeasures message element is sent by the WTP to the AC
to indicate the occurrence of a MIC failure. to indicate the occurrence of a MIC failure.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | WLAN ID | MAC Address | | Radio ID | WLAN ID | MAC Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MAC Address | | MAC Address |
skipping to change at page 79, line 22 skipping to change at page 92, line 23
Type: 61 for IEEE 802.11 MIC Countermeasures Type: 61 for IEEE 802.11 MIC Countermeasures
Length: 8 Length: 8
Radio ID: The Radio Identifier, typically refers to some interface Radio ID: The Radio Identifier, typically refers to some interface
index on the WTP. index on the WTP.
WLAN ID: This 8-bit unsigned integer includes the WLAN Identifier, WLAN ID: This 8-bit unsigned integer includes the WLAN Identifier,
on which the MIC failure occurred. on which the MIC failure occurred.
MAC Address: The MAC Address of the mobile station that caused the MAC Address: The MAC Address of the mobile station that caused the
MIC failure. MIC failure.
11.4.3.2 IEEE 802.11 WTP Radio Fail Alarm Indication 11.5.3.2 IEEE 802.11 WTP Radio Fail Alarm Indication
The WTP Radio Fail Alarm Indication message element is sent by the The WTP Radio Fail Alarm Indication message element is sent by the
WTP to the AC when it detects a radio failure. WTP to the AC when it detects a radio failure.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | Type | Status | Pad | | Radio ID | Type | Status | Pad |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 95 for WTP Radio Fail Alarm Indication Type: 95 for WTP Radio Fail Alarm Indication
Length: 4 Length: 4
Radio ID: The Radio Identifier, typically refers to some interface Radio ID: The Radio Identifier, typically refers to some interface
index on the WTP index on the WTP
Type: The type of radio failure detected. The following values are Type: The type of radio failure detected. The following values are
supported: supported:
1 - Receiver 1 - Receiver
2 - Transmitter 2 - Transmitter
Status: An 8-bit boolean indicating whether the radio failure is Status: An 8-bit boolean indicating whether the radio failure is
being reported or cleared. being reported or cleared. A value of zero is used to clear the
event, while a value of one is used to report the event.
Pad: Reserved field MUST be set to zero (0). Pad: Reserved field MUST be set to zero (0).
11.5 Message Element Bindings 11.6 Message Element Bindings
The IEEE 802.11 Message Element binding has the following The IEEE 802.11 Message Element binding has the following
definitions: definitions:
Conf Conf Conf Add Conf Conf Conf Add
Req Resp Upd Mobile Req Resp Upd Mobile
IEEE 802.11 WTP WLAN Radio Configuration X X X IEEE 802.11 WTP WLAN Radio Configuration X X X
IEEE 802.11 Rate Set X X IEEE 802.11 Rate Set X X
IEEE 802.11 Multi-domain Capability X X X IEEE 802.11 Multi-domain Capability X X X
skipping to change at page 80, line 27 skipping to change at page 93, line 27
IEEE 802.11 Antenna X X X IEEE 802.11 Antenna X X X
IEEE 802.11 CFP Status X X IEEE 802.11 CFP Status X X
IEEE 802.11 Broadcast Probe Mode X X IEEE 802.11 Broadcast Probe Mode X X
IEEE 802.11 WTP Mode and Type X? X IEEE 802.11 WTP Mode and Type X? X
IEEE 802.11 WTP Quality of Service X X IEEE 802.11 WTP Quality of Service X X
IEEE 802.11 MIC Error Report From Mobile X IEEE 802.11 MIC Error Report From Mobile X
IEEE 802.11 Update Mobile QoS X IEEE 802.11 Update Mobile QoS X
IEEE 802.11 Mobile Session Key X IEEE 802.11 Mobile Session Key X
VOIP STUFF VOIP STUFF
11.5.1 IEEE 802.11 WTP WLAN Radio Configuration 11.6.1 IEEE 802.11 WTP WLAN Radio Configuration
The WTP WLAN radio configuration is used by the AC to configure a The WTP WLAN radio configuration is used by the AC to configure a
Radio on the WTP. The message element value contains the following Radio on the WTP. The message element value contains the following
Fields: Fields:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | Reserved | Occupancy Limit | | Radio ID | Reserved | Occupancy Limit |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 81, line 40 skipping to change at page 94, line 40
two character country code as described in document ISO/IEC 3166- two character country code as described in document ISO/IEC 3166-
1. The third octet MUST be one of the following: 1. The third octet MUST be one of the following:
1. an ASCII space character, if the regulations under which the 1. an ASCII space character, if the regulations under which the
station is operating encompass all environments in the station is operating encompass all environments in the
country, country,
2. an ASCII 'O' character, if the regulations under which the 2. an ASCII 'O' character, if the regulations under which the
station is operating are for an outdoor environment only, or station is operating are for an outdoor environment only, or
3. an ASCII 'I' character, if the regulations under which the 3. an ASCII 'I' character, if the regulations under which the
station is operating are for an indoor environment only station is operating are for an indoor environment only
11.5.2 IEEE 802.11 Rate Set 11.6.2 IEEE 802.11 Rate Set
The rate set message element value is sent by the AC and contains the The rate set message element value is sent by the AC and contains the
supported operational rates. It contains the following fields. supported operational rates. It contains the following fields.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | Rate Set | | Radio ID | Rate Set |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 16 for IEEE 802.11 Rate Set Type: 16 for IEEE 802.11 Rate Set
Length: 4 Length: 4
Radio ID: An 8-bit value representing the radio to configure. Radio ID: An 8-bit value representing the radio to configure.
Rate Set: The AC generates the Rate Set that the WTP is to include Rate Set: The AC generates the Rate Set that the WTP is to include
in it's Beacon and Probe messages. in it's Beacon and Probe messages.
11.5.3 IEEE 802.11 Multi-domain Capability 11.6.3 IEEE 802.11 Multi-domain Capability
The multi-domain capability message element is used by the AC to The multi-domain capability message element is used by the AC to
inform the WTP of regulatory limits. The value contains the inform the WTP of regulatory limits. The value contains the
following fields. following fields.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | Reserved | First Channel # | | Radio ID | Reserved | First Channel # |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 82, line 38 skipping to change at page 95, line 38
First Channnel #: This attribute indicates the value of the lowest First Channnel #: This attribute indicates the value of the lowest
channel number in the subband for the associated domain country channel number in the subband for the associated domain country
string. string.
Number of Channels: This attribute indicates the value of the total Number of Channels: This attribute indicates the value of the total
number of channels allowed in the subband for the associated number of channels allowed in the subband for the associated
domain country string. domain country string.
Max Tx Power Level: This attribute indicates the maximum transmit Max Tx Power Level: This attribute indicates the maximum transmit
power, in dBm, allowed in the subband for the associated domain power, in dBm, allowed in the subband for the associated domain
country string. country string.
11.5.4 IEEE 802.11 MAC Operation 11.6.4 IEEE 802.11 MAC Operation
The MAC operation message element is sent by the AC to set the 802.11 The MAC operation message element is sent by the AC to set the 802.11
MAC parameters on the WTP. The value contains the following fields. MAC parameters on the WTP. The value contains the following fields.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | Reserved | RTS Threshold | | Radio ID | Reserved | RTS Threshold |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Short Retry | Long Retry | Fragmentation Threshold | | Short Retry | Long Retry | Fragmentation Threshold |
skipping to change at page 84, line 5 skipping to change at page 97, line 5
MUST never be less than 256. MUST never be less than 256.
Tx MSDU Lifetime: This attribute speficies the elapsed time in TU, Tx MSDU Lifetime: This attribute speficies the elapsed time in TU,
after the initial transmission of an MSDU, after which further after the initial transmission of an MSDU, after which further
attempts to transmit the MSDU MUST be terminated. The default attempts to transmit the MSDU MUST be terminated. The default
value of this attribute MUST be 512. value of this attribute MUST be 512.
Rx MSDU Lifetime: This attribute specifies the elapsed time in TU, Rx MSDU Lifetime: This attribute specifies the elapsed time in TU,
after the initial reception of a fragmented MMPDU or MSDU, after after the initial reception of a fragmented MMPDU or MSDU, after
which further attempts to reassemble the MMPDU or MSDU MUST be which further attempts to reassemble the MMPDU or MSDU MUST be
terminated. The default value MUST be 512. terminated. The default value MUST be 512.
11.5.5 IEEE 802.11 Tx Power 11.6.5 IEEE 802.11 Tx Power
The Tx power message element value is bi-directional. When sent by The Tx power message element value is bi-directional. When sent by
the WTP, it contains the current power level of the radio in the WTP, it contains the current power level of the radio in
question. When sent by the AC, it contains the power level the WTP question. When sent by the AC, it contains the power level the WTP
MUST adhere to. MUST adhere to.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | Reserved | Current Tx Power | | Radio ID | Reserved | Current Tx Power |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 12 for IEEE 802.11 Tx Power Type: 12 for IEEE 802.11 Tx Power
Length: 4 Length: 4
Radio ID: An 8-bit value representing the radio to configure. Radio ID: An 8-bit value representing the radio to configure.
Reserved: MUST be set to zero Reserved: MUST be set to zero
Current Tx Power: This attribute contains the transmit output power Current Tx Power: This attribute contains the transmit output power
in mW. in mW.
11.5.6 IEEE 802.11 Tx Power Level 11.6.6 IEEE 802.11 Tx Power Level
The Tx power level message element is sent by the WTP and contains The Tx power level message element is sent by the WTP and contains
the different power levels supported. The value contains the the different power levels supported. The value contains the
following fields. following fields.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | Num Levels | Power Level [n] | | Radio ID | Num Levels | Power Level [n] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 13 for IEEE 802.11 Tx Power Level Type: 13 for IEEE 802.11 Tx Power Level
Length: >= 4 Length: >= 4
Radio ID: An 8-bit value representing the radio to configure. Radio ID: An 8-bit value representing the radio to configure.
Num Levels: The number of power level attributes. Num Levels: The number of power level attributes.
Power Level: Each power level fields contains a supported power Power Level: Each power level fields contains a supported power
level, in mW. level, in mW.
11.5.7 IEEE 802.11 Direct Sequence Control 11.6.7 IEEE 802.11 Direct Sequence Control
The direct sequence control message element is a bi-directional The direct sequence control message element is a bi-directional
element. When sent by the WTP, it contains the current state. When element. When sent by the WTP, it contains the current state. When
sent by the AC, the WTP MUST adhere to the values. This element is sent by the AC, the WTP MUST adhere to the values. This element is
only used for 802.11b radios. The value has the following fields. only used for 802.11b radios. The value has the following fields.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | Reserved | Current Chan | Current CCA | | Radio ID | Reserved | Current Chan | Current CCA |
skipping to change at page 85, line 28 skipping to change at page 98, line 28
frequency channel of the DSSS PHY. frequency channel of the DSSS PHY.
Current CCA: The current CCA method in operation. Valid values are: Current CCA: The current CCA method in operation. Valid values are:
1 - energy detect only (edonly) 1 - energy detect only (edonly)
2 - carrier sense only (csonly) 2 - carrier sense only (csonly)
4 - carrier sense and energy detect (edandcs) 4 - carrier sense and energy detect (edandcs)
8 - carrier sense with timer (cswithtimer) 8 - carrier sense with timer (cswithtimer)
16 - high rate carrier sense and energy detect (hrcsanded) 16 - high rate carrier sense and energy detect (hrcsanded)
Energy Detect Threshold: The current Energy Detect Threshold being Energy Detect Threshold: The current Energy Detect Threshold being
used by the DSSS PHY. used by the DSSS PHY.
11.5.8 IEEE 802.11 OFDM Control 11.6.8 IEEE 802.11 OFDM Control
The OFDM control message element is a bi-directional element. When The OFDM control message element is a bi-directional element. When
sent by the WTP, it contains the current state. When sent by the AC, sent by the WTP, it contains the current state. When sent by the AC,
the WTP MUST adhere to the values. This element is only used for the WTP MUST adhere to the values. This element is only used for
802.11a radios. The value contains the following fields: 802.11a radios. The value contains the following fields:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | Reserved | Current Chan | Band Support | | Radio ID | Reserved | Current Chan | Band Support |
skipping to change at page 86, line 14 skipping to change at page 99, line 14
capable of operating in the lower (5.15-5.25 GHz) U-NII band capable of operating in the lower (5.15-5.25 GHz) U-NII band
capable of operating in the middle (5.25-5.35 GHz) U-NII band capable of operating in the middle (5.25-5.35 GHz) U-NII band
capable of operating in the upper (5.725-5.825 GHz) U-NII band capable of operating in the upper (5.725-5.825 GHz) U-NII band
For example, for an implementation capable of operating in the For example, for an implementation capable of operating in the
lower and mid bands this attribute would take the value lower and mid bands this attribute would take the value
TI Threshold: The Threshold being used to detect a busy medium TI Threshold: The Threshold being used to detect a busy medium
(frequency). CCA MUST report a busy medium upon detecting the (frequency). CCA MUST report a busy medium upon detecting the
RSSI above this threshold. RSSI above this threshold.
11.5.9 IEEE 802.11 Antenna 11.6.9 IEEE 802.11 Antenna
The antenna message element is communicated by the WTP to the AC to The antenna message element is communicated by the WTP to the AC to
provide information on the antennas available. The AC MAY use this provide information on the antennas available. The AC MAY use this
element to reconfigure the WTP's antennas. The value contains the element to reconfigure the WTP's antennas. The value contains the
following fields: following fields:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | Diversity | Combiner | Antenna Cnt | | Radio ID | Diversity | Combiner | Antenna Cnt |
skipping to change at page 86, line 50 skipping to change at page 99, line 50
2 - Sectorized (Right) 2 - Sectorized (Right)
3 - Omni 3 - Omni
4 - Mimo 4 - Mimo
Antenna Count: An 8-bit value specifying the number of Antenna Antenna Count: An 8-bit value specifying the number of Antenna
Selection fields. Selection fields.
Antenna Selection: One 8-bit antenna configuration value per antenna Antenna Selection: One 8-bit antenna configuration value per antenna
in the WTP. The following values are supported: in the WTP. The following values are supported:
1 - Internal Antenna 1 - Internal Antenna
2 - External Antenna 2 - External Antenna
11.5.10 IEEE 802.11 Supported Rates 11.6.10 IEEE 802.11 Supported Rates
The supported rates message element is sent by the WTP to indicate The supported rates message element is sent by the WTP to indicate
the rates that it supports. The value contains the following fields. the rates that it supports. The value contains the following fields.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | Supported Rates | | Radio ID | Supported Rates |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 16 for IEEE 802.11 Supported Rates Type: 16 for IEEE 802.11 Supported Rates
Length: 4 Length: 4
Radio ID: An 8-bit value representing the radio. Radio ID: An 8-bit value representing the radio.
Supported Rates: The WTP includes the Supported Rates that it's Supported Rates: The WTP includes the Supported Rates that it's
hardware supports. The format is identical to the Rate Set hardware supports. The format is identical to the Rate Set
message element. message element.
11.5.11 IEEE 802.11 CFP Status 11.6.11 IEEE 802.11 CFP Status
The CFP Status message element is sent to provide the CF Polling The CFP Status message element is sent to provide the CF Polling
configuration. configuration.
0 1 0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | Status | | Radio ID | Status |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 48 for IEEE 802.11 CFP Status Type: 48 for IEEE 802.11 CFP Status
Length: 2 Length: 2
Radio ID: The Radio Identifier, typically refers to some interface Radio ID: The Radio Identifier, typically refers to some interface
index on the WTP index on the WTP
Status: An 8-bit boolean containing the status of the CF Polling Status: An 8-bit boolean containing the status of the CF Polling
feature. feature. A value of zero disables CFP Status, while a value of
one enables it.
11.5.12 IEEE 802.11 WTP Mode and Type 11.6.12 IEEE 802.11 WTP Mode and Type
The WTP Mode and Type message element is used to configure an WTP to The WTP Mode and Type message element is used to configure an WTP to
operate in a specific mode. operate in a specific mode.
0 1 0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Mode | Type | | Mode | Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 54 for IEEE 802.11 WTP Mode and Type Type: 54 for IEEE 802.11 WTP Mode and Type
Length: 2 Length: 2
Mode: An 8-bit value the type of information being sent. The Mode: An 8-bit value the type of information being sent. The
following values are supported: following values are supported:
0 - Normal Mode 0 - Normal Mode
1 - Monitoring Mode 1 - Monitoring Mode
2 - REAP Mode 2 - REAP Mode
3 - Rogue Detector Mode 3 - Rogue Detector Mode
4 - Sniffer Mode 4 - Sniffer Mode
Type: The type field is not currently used. Type: The type field is not currently used.
skipping to change at page 88, line 14 skipping to change at page 101, line 15
Length: 2 Length: 2
Mode: An 8-bit value the type of information being sent. The Mode: An 8-bit value the type of information being sent. The
following values are supported: following values are supported:
0 - Normal Mode 0 - Normal Mode
1 - Monitoring Mode 1 - Monitoring Mode
2 - REAP Mode 2 - REAP Mode
3 - Rogue Detector Mode 3 - Rogue Detector Mode
4 - Sniffer Mode 4 - Sniffer Mode
Type: The type field is not currently used. Type: The type field is not currently used.
11.5.13 IEEE 802.11 Broadcast Probe Mode 11.6.13 IEEE 802.11 Broadcast Probe Mode
The Broadcast Probe Mode message element indicates whether an WTP The Broadcast Probe Mode message element indicates whether an WTP
will respond to NULL SSID probe requests. Since broadcast NULL will respond to NULL SSID probe requests. Since broadcast NULL
probes are not sent to a specific BSSID, the WTP cannot know which probes are not sent to a specific BSSID, the WTP cannot know which
SSID the sending station is querying. Therefore, this behavior must SSID the sending station is querying. Therefore, this behavior must
be global to the WTP. be global to the WTP.
0 0
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
| Status | | Status |
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
Type: 51 for IEEE 802.11 Broadcast Probe Mode Type: 51 for IEEE 802.11 Broadcast Probe Mode
Length: 1 Length: 1
Status: An 8-bit boolean indicating the status of whether an WTP Status: An 8-bit boolean indicating the status of whether an WTP
shall response to a NULL SSID probe request. shall response to a NULL SSID probe request. A value of zero
disables NULL SSID probe response, while a value of one enables
it.
11.5.14 IEEE 802.11 WTP Quality of Service 11.6.14 IEEE 802.11 WTP Quality of Service
The WTP Quality of Service message element value is sent by the AC to The WTP Quality of Service message element value is sent by the AC to
the WTP to communicate quality of service configuration information. the WTP to communicate quality of service configuration information.
0 1 0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | Tag Packets | | Radio ID | Tag Packets |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 57 for IEEE 802.11 WTP Quality of Service Type: 57 for IEEE 802.11 WTP Quality of Service
Length: 12 Length: 12
Radio ID: The Radio Identifier, typically refers to some interface Radio ID: The Radio Identifier, typically refers to some interface
index on the WTP index on the WTP
Tag Packets: An 8-bit unsigned boolean indicating whether LWAPP Tag Packets: An value indicating whether LWAPP packets should be
packets should be tagged with for QoS purposes. The following tagged with for QoS purposes. The following values are currently
values are currently supported: supported:
0 - Untagged 0 - Untagged
1 - 802.1P 1 - 802.1P
2 - DSCP 2 - DSCP
Immediately following the above header is the following data Immediately following the above header is the following data
structure. This data structure will be repeated five times; once structure. This data structure will be repeated five times; once
for every QoS profile. The order of the QoS profiles are Uranium, for every QoS profile. The order of the QoS profiles are Uranium,
Platinum, Gold, Silver and Bronze. Platinum, Gold, Silver and Bronze.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
skipping to change at page 89, line 36 skipping to change at page 102, line 40
queue. queue.
CWMax: The Contention Window maximum value for the QoS transmit CWMax: The Contention Window maximum value for the QoS transmit
queue. queue.
AIFS: The Arbitration Inter Frame Spacing to use for the QoS AIFS: The Arbitration Inter Frame Spacing to use for the QoS
transmit queue. transmit queue.
CBR: The CBR value to observe for the QoS transmit queue. CBR: The CBR value to observe for the QoS transmit queue.
Dot1P Tag: The 802.1P precedence value to use if packets are to be Dot1P Tag: The 802.1P precedence value to use if packets are to be
802.1P tagged. 802.1P tagged.
DSCP Tag: The DSCP label to use if packets are to be DSCP tagged. DSCP Tag: The DSCP label to use if packets are to be DSCP tagged.
11.5.15 IEEE 802.11 MIC Error Report From Mobile 11.6.15 IEEE 802.11 MIC Error Report From Mobile
The MIC Error Report From Mobile message element is sent by an AC to The MIC Error Report From Mobile message element is sent by an AC to
an WTP when it receives a MIC failure notification, via the Error bit an WTP when it receives a MIC failure notification, via the Error bit
in the EAPOL-Key frame. in the EAPOL-Key frame.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Client MAC Address | | Client MAC Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 90, line 4 skipping to change at page 103, line 16
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Client MAC Address | | Client MAC Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Client MAC Address | BSSID | | Client MAC Address | BSSID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| BSSID | | BSSID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | WLAN ID | | Radio ID | WLAN ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 79 for IEEE 802.11 MIC Error Report From Mobile Type: 79 for IEEE 802.11 MIC Error Report From Mobile
Length: 14 Length: 14
Client MAC Address: The Client MAC Address of the station reporting Client MAC Address: The Client MAC Address of the station reporting
the MIC failure. the MIC failure.
BSSID: The BSSID on which the MIC failure is being reported. BSSID: The BSSID on which the MIC failure is being reported.
Radio ID: The Radio Identifier, typically refers to some interface Radio ID: The Radio Identifier, typically refers to some interface
index on the WTP index on the WTP
WLAN ID: The WLAN ID on which the MIC failure is being reported. WLAN ID: The WLAN ID on which the MIC failure is being reported.
11.6 IEEE 802.11 Message Element Values 11.7 IEEE 802.11 Message Element Values
This section lists IEEE 802.11 specific values for any generic LWAPP This section lists IEEE 802.11 specific values for any generic LWAPP
message elements which include fields whose values are technology message elements which include fields whose values are technology
specific. specific.
IEEE 802.11 uses the following values: IEEE 802.11 uses the following values:
4 - Encrypt AES-CCMP 128: WTP supports AES-CCMP, as defined in [7]. 4 - Encrypt AES-CCMP 128: WTP supports AES-CCMP, as defined in [7].
5 - Encrypt TKIP-MIC: WTP supports TKIP and Michael, as defined in 5 - Encrypt TKIP-MIC: WTP supports TKIP and Michael, as defined in
[12]. [15].
12. LWAPP Protocol Timers 12. LWAPP Protocol Timers
An WTP or AC that implements LWAPP discovery MUST implement the An WTP or AC that implements LWAPP discovery MUST implement the
following timers. following timers.
12.1 MaxDiscoveryInterval 12.1 MaxDiscoveryInterval
The maximum time allowed between sending discovery requests from the The maximum time allowed between sending discovery requests from the
interface, in seconds. Must be no less than 2 seconds and no greater interface, in seconds. Must be no less than 2 seconds and no greater
skipping to change at page 92, line 18 skipping to change at page 105, line 18
The minimum time, in seconds, which an LWAPP Request message must be The minimum time, in seconds, which an LWAPP Request message must be
responded to. responded to.
Default: 1 Default: 1
12.8 KeyLifetime 12.8 KeyLifetime
The maximum time, in seconds, which an LWAPP session key is valid. The maximum time, in seconds, which an LWAPP session key is valid.
Default: 86400 Default: 28800
13. LWAPP Protocol Variables 13. LWAPP Protocol Variables
An WTP or AC that implements LWAPP discovery MUST allow for the An WTP or AC that implements LWAPP discovery MUST allow for the
following variables to be configured by system management; default following variables to be configured by system management; default
values are specified so as to make it unnecessary to configure any of values are specified so as to make it unnecessary to configure any of
these variables in many cases. these variables in many cases.
13.1 MaxDiscoveries 13.1 MaxDiscoveries
skipping to change at page 94, line 7 skipping to change at page 107, line 7
13.4 MaxRetransmit 13.4 MaxRetransmit
The maximum number of retransmissions for a given LWAPP packet before The maximum number of retransmissions for a given LWAPP packet before
the link layer considers the peer dead. the link layer considers the peer dead.
Default: 5 Default: 5
14. Security Considerations 14. Security Considerations
LWAPP uses either an authenticated key exchange or key agreement
mechanism to ensure peer authenticity and establish fresh session
keys to protect the LWAPP communications.
Fresh keying material is ensured in certificated based construction
as the AC generates new keying material in either the Join Response
or Key Update Response (see RFC 1750 [4]. In the PSK construction
both parties, WTP and AC mutually derive new keying material through
the exchange of the nonces in the Join Request/Response exchange.
The rekeys are ensured new keying material through the Key Update
Response.
It is important to note that Perfect Forward Secrecy is not a
requirement for the LWAPP protocol.
14.1 Certificate based Session Key establishment
LWAPP uses public key cryptography to ensure trust between the WTP LWAPP uses public key cryptography to ensure trust between the WTP
and the AC. During the Join phase, the AC generates a session key, and the AC. During the Join phase, the AC generates a session key,
which is used to secure future control messages. The WTP does not which is used to secure future control messages. The WTP does not
participate in the key generation, but public key cryptography is participate in the key generation, but public key cryptography is
used to authenticate the resulting key material. A secured delivery used to authenticate the resulting key material. A secured delivery
mechanism to place the certificate in the devices is required. In mechanism to place the certificate in the devices is required. In
order to maximize session key security, the WTP and AC periodically order to maximize session key security, the WTP and AC periodically
update the session keys, which are encrypted using public key update the session keys, which are encrypted using public key
cryptography. This ensures that a potentially previously compromised cryptography. This ensures that a potentially previously compromised
key does not affect the security of communication with new key key does not affect the security of communication with new key
material. material.
[TODO: talk about why keying material is not reused]
One question that periodically arises is why the Join Request is not One question that periodically arises is why the Join Request is not
signed. It was felt that requiring a signature in this messages was signed. It was felt that requiring a signature in this messages was
not required for the following reasons: not required for the following reasons:
1. The Join Request is replayable, so requiring a signature doesn't 1. The Join Request is replayable, so requiring a signature doesn't
provide much protection unless the switches keep track of all provide much protection unless the switches keep track of all
previous Join Requests from a given WTP. One alternative would previous Join Requests from a given WTP. One alternative would
have been to add a timestamp, but this introduces clock have been to add a timestamp, but this introduces clock
synchronization issues. Further, authentication occurs in a later synchronization issues. Further, authentication occurs in a later
exchange anyway (see point 2 below). exchange anyway (see point 2 below).
2. The WTP is authenticated by virtue of the fact that it can 2. The WTP is authenticated by virtue of the fact that it can
decrypt and then use the session keys (encrypted with its own decrypt and then use the session keys (encrypted with its own
public key), so it *is* ultimately authenticated. public key), so it *is* ultimately authenticated.
3. A signed Join Request provides a potential Denial of Service 3. A signed Join Request provides a potential Denial of Service
attack on the AC, which would have to authenticate each attack on the AC, which would have to authenticate each
(potentially malicious) message. (potentially malicious) message.
The WTP-Certificate that is included in the Join Request MUST be
validated by the AC. It is also good practice that the AC perform
some form of authorization, ensuring that the WTP in question is
allowed to establish an LWAPP session with it.
14.2 PSK based Session Key establishment
Use of a fixed shared secret of limited entropy (for example, a PSK
that is relatively short, or was chosen by a human and thus may
contain less entropy than its length would imply) may allow an
attacker to perform a brute-force or dictionary attack to recover the
secret.
It is RECOMMENDED that implementations that allow the administrator
to manually configure the PSK also provide a functionality for
generating a new random PSK, taking RFC 1750 [4] into account.
Since the key generation does not expose the nonces in plaintext,
there are no practical passive attacks possible.
15. IANA Considerations 15. IANA Considerations
This document requires no action by IANA. This document requires no action by IANA.
16. IPR Statement 16. IPR Statement
The IETF has been notified of intellectual property rights claimed in The IETF has been notified of intellectual property rights claimed in
regard to some or all of the specification contained in this regard to some or all of the specification contained in this
document. For more information consult the online list of claimed document. For more information consult the online list of claimed
rights. rights.
skipping to change at page 97, line 30 skipping to change at page 111, line 30
Recommendations for Security", RFC 1750, December 1994. Recommendations for Security", RFC 1750, December 1994.
[5] Manner, J. and M. Kojo, "Mobility Related Terminology", [5] Manner, J. and M. Kojo, "Mobility Related Terminology",
RFC 3753, June 2004. RFC 3753, June 2004.
[6] "Information technology - Telecommunications and information [6] "Information technology - Telecommunications and information
exchange between systems - Local and metropolitan area networks exchange between systems - Local and metropolitan area networks
- Specific requirements - Part 11: Wireless LAN Medium Access - Specific requirements - Part 11: Wireless LAN Medium Access
Control (MAC) and Physical Layer (PHY) specifications", Control (MAC) and Physical Layer (PHY) specifications",
IEEE Standard 802.11, 1999, IEEE Standard 802.11, 1999,
<http://standards.ieee.org/getieee802/download/802.11-1999.pdf>. <http://standards.ieee.org/getieee802/download/802.11-1999.pdf>
.
[7] "Information technology - Telecommunications and information [7] "Information technology - Telecommunications and information
exchange between systems - Local and metropolitan area networks exchange between systems - Local and metropolitan area networks
- Specific requirements - Part 11: Wireless LAN Medium Access - Specific requirements - Part 11: Wireless LAN Medium Access
Control (MAC) and Physical Layer (PHY) specifications Amendment Control (MAC) and Physical Layer (PHY) specifications Amendment
6: Medium Access Control (MAC) Security Enhancements", 6: Medium Access Control (MAC) Security Enhancements",
IEEE Standard 802.11i, July 2004, IEEE Standard 802.11i, July 2004,
<http://standards.ieee.org/getieee802/download/802.11i-2004.pdf> <http://standards.ieee.org/getieee802/download/802.11i-2004.pdf
. >.
[8] Clark, D., "IP datagram reassembly algorithms", RFC 815, July [8] Clark, D., "IP datagram reassembly algorithms", RFC 815, July
1982. 1982.
[9] Stokes, E., Weiser, R., Moats, R. and R. Huber, "Lightweight
Directory Access Protocol (version 3) Replication
Requirements", RFC 3384, October 2002.
[10] Schaad, J. and R. Housley, "Advanced Encryption Standard (AES)
Key Wrap Algorithm", RFC 3394, September 2002.
17.2 Informational References 17.2 Informational References
[9] Reynolds, J., "Assigned Numbers: RFC 1700 is Replaced by an [11] Reynolds, J., "Assigned Numbers: RFC 1700 is Replaced by an
On-line Database", RFC 3232, January 2002. On-line Database", RFC 3232, January 2002.
[10] Bradner, S., "The Internet Standards Process -- Revision 3", [12] Bradner, S., "The Internet Standards Process -- Revision 3",
BCP 9, RFC 2026, October 1996. BCP 9, RFC 2026, October 1996.
[11] Kent, S. and R. Atkinson, "Security Architecture for the [13] Kent, S. and R. Atkinson, "Security Architecture for the
Internet Protocol", RFC 2401, November 1998. Internet Protocol", RFC 2401, November 1998.
[12] "WiFi Protected Access (WPA) rev 1.6", April 2003. [14] Krawczyk, H., Bellare, M. and R. Canetti, "HMAC: Keyed-Hashing
for Message Authentication", RFC 2104, February 1997.
[15] "WiFi Protected Access (WPA) rev 1.6", April 2003.
Authors' Addresses Authors' Addresses
Pat R. Calhoun Pat R. Calhoun
Airespace Airespace
110 Nortech Parkway 110 Nortech Parkway
San Jose, CA 95134 San Jose, CA 95134
Phone: +1 408-635-2000 Phone: +1 408-635-2000
Email: pcalhoun@airespace.com Email: pcalhoun@airespace.com
skipping to change at page 100, line 5 skipping to change at page 113, line 28
Email: Michael.G.Williams@Nokia.com Email: Michael.G.Williams@Nokia.com
Sue Hares Sue Hares
Nexthop Technologies, Inc. Nexthop Technologies, Inc.
825 Victors Way, Suite 100 825 Victors Way, Suite 100
Ann Arbor, MI 48108 Ann Arbor, MI 48108
Phone: +1 734 222 1610 Phone: +1 734 222 1610
Email: shares@nexthop.com Email: shares@nexthop.com
Nancy
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
Phone: +1 408-853-0532
Email: ncamwing@cisco.com
Intellectual Property Statement Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79. found in BCP 78 and BCP 79.
 End of changes. 

This html diff was produced by rfcdiff 1.25, available from http://www.levkowetz.com/ietf/tools/rfcdiff/