draft-ohara-capwap-lwapp-02.txt   draft-ohara-capwap-lwapp-03.txt 
Network Working Group P. Calhoun Network Working Group P. Calhoun
Internet-Draft B. O'Hara Internet-Draft B. O'Hara
Expires: October 2, 2005 Airespace Expires: December 26, 2005 R. Suri
N. Cam Winget
Cisco Systems, Inc.
S. Kelly S. Kelly
Facetime Communications Facetime Communications
R. Suri
Airespace
M. Williams M. Williams
Nokia, Inc. Nokia, Inc.
S. Hares S. Hares
Nexthop Technologies, Inc. Nexthop Technologies, Inc.
N. Cam Winget June 24, 2005
Cisco Systems, Inc.
March 31, 2005
Light Weight Access Point Protocol (LWAPP) Light Weight Access Point Protocol
draft-ohara-capwap-lwapp-02 draft-ohara-capwap-lwapp-03.txt
Status of this Memo Status of this Memo
This document is an Internet-Draft and is subject to all provisions By submitting this Internet-Draft, each author represents that any
of Section 3 of RFC 3667. By submitting this Internet-Draft, each applicable patent or other IPR claims of which he or she is aware
author represents that any applicable patent or other IPR claims of have been or will be disclosed, and any of which he or she becomes
which he or she is aware have been or will be disclosed, and any of aware will be disclosed, in accordance with Section 6 of BCP 79.
which he or she become aware will be disclosed, in accordance with
RFC 3668.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as other groups may also distribute working documents as Internet-
Internet-Drafts. Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on October 2, 2005. This Internet-Draft will expire on December 26, 2005.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2005). Copyright (C) The Internet Society (2005).
Abstract Abstract
In the recent years, there has been a shift in wireless LAN product In the recent years, there has been a shift in wireless LAN product
architectures from autonomous access points to centralized control of architectures from autonomous access points to centralized control of
light weight access points. The general goal has been to move most light weight access points. The general goal has been to move most
of the traditional wireless functionality such as access control of the traditional wireless functionality such as access control
(user authentication and authorization), mobility and radio (user authentication and authorization), mobility and radio
management out of the access point into a centralized controller. management out of the access point into a centralized controller.
The IETF's CAPWAP WG has identified that a standards based protocol The IETF's CAPWAP WG has identified that a standards based protocol
is necessary between a wireless Access Controller and Wireless is necessary between a wireless Access Controller and Wireless
Termination Points (the latter are also commonly referred to as Light Termination Points (the latter are also commonly referred to as Light
skipping to change at page 3, line 12 skipping to change at page 3, line 12
specific document describes the base protocol, and an extension that specific document describes the base protocol, and an extension that
allows it to be used with the IEEE's 802.11 wireless LAN protocol. allows it to be used with the IEEE's 802.11 wireless LAN protocol.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 8 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 8
1.1 Conventions used in this document . . . . . . . . . . . 9 1.1 Conventions used in this document . . . . . . . . . . . 9
2. Protocol Overview . . . . . . . . . . . . . . . . . . . . . 10 2. Protocol Overview . . . . . . . . . . . . . . . . . . . . . 10
2.1 Wireless Binding Definition . . . . . . . . . . . . . . 11 2.1 Wireless Binding Definition . . . . . . . . . . . . . . 11
2.2 LWAPP State Machine Definition . . . . . . . . . . . . . 12 2.2 LWAPP State Machine Definition . . . . . . . . . . . . . 12
3. LWAPP Transport Layers . . . . . . . . . . . . . . . . . . . 20 3. LWAPP Transport Layers . . . . . . . . . . . . . . . . . . . 21
3.1 LWAPP Transport Header . . . . . . . . . . . . . . . . . 20 3.1 LWAPP Transport Header . . . . . . . . . . . . . . . . . 21
3.1.1 VER Field . . . . . . . . . . . . . . . . . . . . . 20 3.1.1 VER Field . . . . . . . . . . . . . . . . . . . . . 21
3.1.2 RID Field . . . . . . . . . . . . . . . . . . . . . 20 3.1.2 RID Field . . . . . . . . . . . . . . . . . . . . . 21
3.1.3 C Bit . . . . . . . . . . . . . . . . . . . . . . . 20 3.1.3 C Bit . . . . . . . . . . . . . . . . . . . . . . . 21
3.1.4 F Bit . . . . . . . . . . . . . . . . . . . . . . . 20 3.1.4 F Bit . . . . . . . . . . . . . . . . . . . . . . . 21
3.1.5 L Bit . . . . . . . . . . . . . . . . . . . . . . . 21 3.1.5 L Bit . . . . . . . . . . . . . . . . . . . . . . . 22
3.1.6 Fragment ID . . . . . . . . . . . . . . . . . . . . 21 3.1.6 Fragment ID . . . . . . . . . . . . . . . . . . . . 22
3.1.7 Length . . . . . . . . . . . . . . . . . . . . . . . 21 3.1.7 Length . . . . . . . . . . . . . . . . . . . . . . . 22
3.1.8 Status and WLANS . . . . . . . . . . . . . . . . . . 21 3.1.8 Status and WLANS . . . . . . . . . . . . . . . . . . 22
3.1.9 Payload . . . . . . . . . . . . . . . . . . . . . . 21 3.1.9 Payload . . . . . . . . . . . . . . . . . . . . . . 22
3.2 Using IEEE 802.3 MAC as LWAPP transport . . . . . . . . 21 3.2 Using IEEE 802.3 MAC as LWAPP transport . . . . . . . . 22
3.2.1 Framing . . . . . . . . . . . . . . . . . . . . . . 22 3.2.1 Framing . . . . . . . . . . . . . . . . . . . . . . 23
3.2.2 AC Discovery . . . . . . . . . . . . . . . . . . . . 22 3.2.2 AC Discovery . . . . . . . . . . . . . . . . . . . . 23
3.2.3 LWAPP Message Header format over IEEE 802.3 MAC 3.2.3 LWAPP Message Header format over IEEE 802.3 MAC
transport . . . . . . . . . . . . . . . . . . . . . 22 transport . . . . . . . . . . . . . . . . . . . . . 23
3.2.4 Fragmentation/Reassembly . . . . . . . . . . . . . . 22 3.2.4 Fragmentation/Reassembly . . . . . . . . . . . . . . 23
3.2.5 Multiplexing . . . . . . . . . . . . . . . . . . . . 23 3.2.5 Multiplexing . . . . . . . . . . . . . . . . . . . . 24
3.3 Using IPv4/UDP as LWAPP transport . . . . . . . . . . . 23 3.3 Using IP/UDP as LWAPP transport . . . . . . . . . . . . 24
3.3.1 Framing . . . . . . . . . . . . . . . . . . . . . . 23 3.3.1 Framing . . . . . . . . . . . . . . . . . . . . . . 24
3.3.2 AC Discovery . . . . . . . . . . . . . . . . . . . . 23 3.3.2 AC Discovery . . . . . . . . . . . . . . . . . . . . 24
3.3.3 LWAPP Message Header format over IPv4/UDP transport 24 3.3.3 LWAPP Message Header format over IP/UDP transport . 25
3.3.4 Fragmentation/Reassembly . . . . . . . . . . . . . . 24 3.3.4 Fragmentation/Reassembly for IPv4 . . . . . . . . . 26
3.3.5 Multiplexing . . . . . . . . . . . . . . . . . . . . 25 3.3.5 Fragmentation/Reassembly for IPv6 . . . . . . . . . 26
4. LWAPP Packet Definitions . . . . . . . . . . . . . . . . . . 26 3.3.6 Multiplexing . . . . . . . . . . . . . . . . . . . . 26
4.1 LWAPP Data Messages . . . . . . . . . . . . . . . . . . 26 4. LWAPP Packet Definitions . . . . . . . . . . . . . . . . . . 27
4.2 LWAPP Control Messages Overview . . . . . . . . . . . . 26 4.1 LWAPP Data Messages . . . . . . . . . . . . . . . . . . 27
4.2.1 Control Message Format . . . . . . . . . . . . . . . 27 4.2 LWAPP Control Messages Overview . . . . . . . . . . . . 27
4.2.2 Message Element Format . . . . . . . . . . . . . . . 29 4.2.1 Control Message Format . . . . . . . . . . . . . . . 28
5. LWAPP Discovery Operations . . . . . . . . . . . . . . . . . 31 4.2.2 Message Element Format . . . . . . . . . . . . . . . 30
5.1 Discovery Request . . . . . . . . . . . . . . . . . . . 31 4.2.3 Quality of Service . . . . . . . . . . . . . . . . . 31
5.1.1 Discovery Type . . . . . . . . . . . . . . . . . . . 32 5. LWAPP Discovery Operations . . . . . . . . . . . . . . . . . 32
5.1.2 WTP Descriptor . . . . . . . . . . . . . . . . . . . 32 5.1 Discovery Request . . . . . . . . . . . . . . . . . . . 32
5.1.3 WTP Radio Information . . . . . . . . . . . . . . . 33 5.1.1 Discovery Type . . . . . . . . . . . . . . . . . . . 33
5.2 Discovery Response . . . . . . . . . . . . . . . . . . . 33 5.1.2 WTP Descriptor . . . . . . . . . . . . . . . . . . . 33
5.2.1 AC Address . . . . . . . . . . . . . . . . . . . . . 34 5.1.3 WTP Radio Information . . . . . . . . . . . . . . . 34
5.2.2 AC Descriptor . . . . . . . . . . . . . . . . . . . 34 5.2 Discovery Response . . . . . . . . . . . . . . . . . . . 35
5.2.3 AC Name . . . . . . . . . . . . . . . . . . . . . . 35 5.2.1 AC Address . . . . . . . . . . . . . . . . . . . . . 35
5.2.4 WTP Manager Control IP Address . . . . . . . . . . . 35 5.2.2 AC Descriptor . . . . . . . . . . . . . . . . . . . 36
5.3 Primary Discovery Request . . . . . . . . . . . . . . . 36 5.2.3 AC Name . . . . . . . . . . . . . . . . . . . . . . 37
5.3.1 Discovery Type . . . . . . . . . . . . . . . . . . . 36 5.2.4 WTP Manager Control IPv4 Address . . . . . . . . . . 37
5.3.2 WTP Descriptor . . . . . . . . . . . . . . . . . . . 36 5.2.5 WTP Manager Control IPv6 Address . . . . . . . . . . 38
5.3.3 WTP Radio Information . . . . . . . . . . . . . . . 36 5.3 Primary Discovery Request . . . . . . . . . . . . . . . 38
5.4 Primary Discovery Response . . . . . . . . . . . . . . . 36 5.3.1 Discovery Type . . . . . . . . . . . . . . . . . . . 39
5.4.1 AC Descriptor . . . . . . . . . . . . . . . . . . . 37 5.3.2 WTP Descriptor . . . . . . . . . . . . . . . . . . . 39
5.4.2 AC Name . . . . . . . . . . . . . . . . . . . . . . 37 5.3.3 WTP Radio Information . . . . . . . . . . . . . . . 39
5.4.3 WTP Manager Control IP Address . . . . . . . . . . . 37 5.4 Primary Discovery Response . . . . . . . . . . . . . . . 39
6. Control Channel Management . . . . . . . . . . . . . . . . . 38 5.4.1 AC Descriptor . . . . . . . . . . . . . . . . . . . 39
6.1 Join Request . . . . . . . . . . . . . . . . . . . . . . 38 5.4.2 AC Name . . . . . . . . . . . . . . . . . . . . . . 40
6.1.1 WTP Descriptor . . . . . . . . . . . . . . . . . . . 39 5.4.3 WTP Manager Control IPv4 Address . . . . . . . . . . 40
6.1.2 AC Address . . . . . . . . . . . . . . . . . . . . . 39 5.4.4 WTP Manager Control IPv6 Address . . . . . . . . . . 40
6.1.3 WTP Name . . . . . . . . . . . . . . . . . . . . . . 39 6. Control Channel Management . . . . . . . . . . . . . . . . . 41
6.1.4 Location Data . . . . . . . . . . . . . . . . . . . 39 6.1 Join Request . . . . . . . . . . . . . . . . . . . . . . 41
6.1.5 WTP Radio Information . . . . . . . . . . . . . . . 39 6.1.1 WTP Descriptor . . . . . . . . . . . . . . . . . . . 42
6.1.6 Certificate . . . . . . . . . . . . . . . . . . . . 40 6.1.2 AC Address . . . . . . . . . . . . . . . . . . . . . 42
6.1.7 Session ID . . . . . . . . . . . . . . . . . . . . . 40 6.1.3 WTP Name . . . . . . . . . . . . . . . . . . . . . . 42
6.1.8 Test . . . . . . . . . . . . . . . . . . . . . . . . 40 6.1.4 Location Data . . . . . . . . . . . . . . . . . . . 42
6.1.9 WNonce . . . . . . . . . . . . . . . . . . . . . . . 41 6.1.5 WTP Radio Information . . . . . . . . . . . . . . . 43
6.1.10 DH-Params . . . . . . . . . . . . . . . . . . . . . 41 6.1.6 Certificate . . . . . . . . . . . . . . . . . . . . 43
6.2 Join Response . . . . . . . . . . . . . . . . . . . . . 42 6.1.7 Session ID . . . . . . . . . . . . . . . . . . . . . 43
6.2.1 Result Code . . . . . . . . . . . . . . . . . . . . 42 6.1.8 Test . . . . . . . . . . . . . . . . . . . . . . . . 44
6.2.2 Status . . . . . . . . . . . . . . . . . . . . . . . 43 6.1.9 XNonce . . . . . . . . . . . . . . . . . . . . . . . 44
6.2.3 Certificate . . . . . . . . . . . . . . . . . . . . 43 6.2 Join Response . . . . . . . . . . . . . . . . . . . . . 44
6.2.4 Session Key . . . . . . . . . . . . . . . . . . . . 43 6.2.1 Result Code . . . . . . . . . . . . . . . . . . . . 45
6.2.5 WTP Manager Data IP Address . . . . . . . . . . . . 44 6.2.2 Status . . . . . . . . . . . . . . . . . . . . . . . 46
6.2.6 AC List . . . . . . . . . . . . . . . . . . . . . . 44 6.2.3 Certificate . . . . . . . . . . . . . . . . . . . . 46
6.2.7 ANonce . . . . . . . . . . . . . . . . . . . . . . . 45 6.2.4 WTP Manager Data IPv4 Address . . . . . . . . . . . 46
6.2.8 PSK-MIC . . . . . . . . . . . . . . . . . . . . . . 45 6.2.5 WTP Manager Data IPv6 Address . . . . . . . . . . . 47
6.2.9 DH-Params . . . . . . . . . . . . . . . . . . . . . 46 6.2.6 AC IPv4 List . . . . . . . . . . . . . . . . . . . . 47
6.3 Join ACK . . . . . . . . . . . . . . . . . . . . . . . . 46 6.2.7 AC IPv6 List . . . . . . . . . . . . . . . . . . . . 48
6.3.1 Session ID . . . . . . . . . . . . . . . . . . . . . 46 6.2.8 ANonce . . . . . . . . . . . . . . . . . . . . . . . 48
6.3.2 WNonce . . . . . . . . . . . . . . . . . . . . . . . 46 6.2.9 PSK-MIC . . . . . . . . . . . . . . . . . . . . . . 49
6.3.3 PSK-MIC . . . . . . . . . . . . . . . . . . . . . . 46 6.3 Join ACK . . . . . . . . . . . . . . . . . . . . . . . . 50
6.4 Join Confirm . . . . . . . . . . . . . . . . . . . . . . 46 6.3.1 Session ID . . . . . . . . . . . . . . . . . . . . . 50
6.4.1 Session ID . . . . . . . . . . . . . . . . . . . . . 47 6.3.2 WNonce . . . . . . . . . . . . . . . . . . . . . . . 50
6.4.2 ANonce . . . . . . . . . . . . . . . . . . . . . . . 47 6.3.3 PSK-MIC . . . . . . . . . . . . . . . . . . . . . . 51
6.4.3 PSK-MIC . . . . . . . . . . . . . . . . . . . . . . 47 6.4 Join Confirm . . . . . . . . . . . . . . . . . . . . . . 51
6.5 Echo Request . . . . . . . . . . . . . . . . . . . . . . 47 6.4.1 Session ID . . . . . . . . . . . . . . . . . . . . . 51
6.6 Echo Response . . . . . . . . . . . . . . . . . . . . . 47 6.4.2 PSK-MIC . . . . . . . . . . . . . . . . . . . . . . 52
6.7 Key Update Request . . . . . . . . . . . . . . . . . . . 48 6.5 Echo Request . . . . . . . . . . . . . . . . . . . . . . 52
6.7.1 Session ID . . . . . . . . . . . . . . . . . . . . . 48 6.6 Echo Response . . . . . . . . . . . . . . . . . . . . . 52
6.8 Key Update Response . . . . . . . . . . . . . . . . . . 48 6.7 Key Update Request . . . . . . . . . . . . . . . . . . . 52
6.8.1 Session Key . . . . . . . . . . . . . . . . . . . . 49 6.7.1 Session ID . . . . . . . . . . . . . . . . . . . . . 53
6.9 Key Update Trigger . . . . . . . . . . . . . . . . . . . 49 6.7.2 XNonce . . . . . . . . . . . . . . . . . . . . . . . 53
6.9.1 Session ID . . . . . . . . . . . . . . . . . . . . . 49 6.8 Key Update Response . . . . . . . . . . . . . . . . . . 53
7. WTP Configuration Management . . . . . . . . . . . . . . . . 50 6.8.1 Session ID . . . . . . . . . . . . . . . . . . . . . 53
7.1 Configure Request . . . . . . . . . . . . . . . . . . . 50 6.8.2 ANonce . . . . . . . . . . . . . . . . . . . . . . . 53
7.1.1 Administrative State . . . . . . . . . . . . . . . . 50 6.8.3 PSK-MIC . . . . . . . . . . . . . . . . . . . . . . 53
7.1.2 AC Name . . . . . . . . . . . . . . . . . . . . . . 51 6.9 Key Update ACK . . . . . . . . . . . . . . . . . . . . . 53
7.1.3 AC Name with Index . . . . . . . . . . . . . . . . . 51 6.9.1 WNonce . . . . . . . . . . . . . . . . . . . . . . . 54
7.1.4 WTP Board Data . . . . . . . . . . . . . . . . . . . 51 6.9.2 PSK-MIC . . . . . . . . . . . . . . . . . . . . . . 54
7.1.5 Statistics Timer . . . . . . . . . . . . . . . . . . 52 6.10 Key Update Confirm . . . . . . . . . . . . . . . . . . . 54
7.1.6 WTP Static IP Address Information . . . . . . . . . 52 6.10.1 PSK-MIC . . . . . . . . . . . . . . . . . . . . . . 54
7.1.7 WTP Reboot Statistics . . . . . . . . . . . . . . . 53 6.11 Key Update Trigger . . . . . . . . . . . . . . . . . . . 54
7.2 Configure Response . . . . . . . . . . . . . . . . . . . 53 6.11.1 Session ID . . . . . . . . . . . . . . . . . . . . . 54
7.2.1 Decryption Error Report Period . . . . . . . . . . . 54 7. WTP Configuration Management . . . . . . . . . . . . . . . . 55
7.2.2 Change State Event . . . . . . . . . . . . . . . . . 54 7.1 Configuration Consistency . . . . . . . . . . . . . . . 55
7.2.3 LWAPP Timers . . . . . . . . . . . . . . . . . . . . 55 7.2 Configure Request . . . . . . . . . . . . . . . . . . . 56
7.2.4 AC List . . . . . . . . . . . . . . . . . . . . . . 55 7.2.1 Administrative State . . . . . . . . . . . . . . . . 56
7.2.5 WTP Fallback . . . . . . . . . . . . . . . . . . . . 55 7.2.2 AC Name . . . . . . . . . . . . . . . . . . . . . . 57
7.2.6 Idle Timeout . . . . . . . . . . . . . . . . . . . . 56 7.2.3 AC Name with Index . . . . . . . . . . . . . . . . . 57
7.3 Configuration Update Request . . . . . . . . . . . . . . 56 7.2.4 WTP Board Data . . . . . . . . . . . . . . . . . . . 57
7.3.1 WTP Name . . . . . . . . . . . . . . . . . . . . . . 56 7.2.5 Statistics Timer . . . . . . . . . . . . . . . . . . 58
7.3.2 Change State Event . . . . . . . . . . . . . . . . . 57 7.2.6 WTP Static IP Address Information . . . . . . . . . 59
7.3.3 Administrative State . . . . . . . . . . . . . . . . 57 7.2.7 WTP Reboot Statistics . . . . . . . . . . . . . . . 59
7.3.4 Statistics Timer . . . . . . . . . . . . . . . . . . 57 7.3 Configure Response . . . . . . . . . . . . . . . . . . . 60
7.3.5 Location Data . . . . . . . . . . . . . . . . . . . 57 7.3.1 Decryption Error Report Period . . . . . . . . . . . 61
7.3.6 Decryption Error Report Period . . . . . . . . . . . 57 7.3.2 Change State Event . . . . . . . . . . . . . . . . . 61
7.3.7 AC List . . . . . . . . . . . . . . . . . . . . . . 57 7.3.3 LWAPP Timers . . . . . . . . . . . . . . . . . . . . 62
7.3.8 Add Blacklist Entry . . . . . . . . . . . . . . . . 57 7.3.4 AC IPv4 List . . . . . . . . . . . . . . . . . . . . 62
7.3.9 Delete Blacklist Entry . . . . . . . . . . . . . . . 58 7.3.5 AC IPv6 List . . . . . . . . . . . . . . . . . . . . 63
7.3.10 Add Static Blacklist Entry . . . . . . . . . . . . . 58 7.3.6 WTP Fallback . . . . . . . . . . . . . . . . . . . . 63
7.3.11 Delete Static Blacklist Entry . . . . . . . . . . . 59 7.3.7 Idle Timeout . . . . . . . . . . . . . . . . . . . . 63
7.3.12 LWAPP Timers . . . . . . . . . . . . . . . . . . . . 59 7.4 Configuration Update Request . . . . . . . . . . . . . . 64
7.3.13 AC Name with Index . . . . . . . . . . . . . . . . . 59 7.4.1 WTP Name . . . . . . . . . . . . . . . . . . . . . . 64
7.3.14 WTP Fallback . . . . . . . . . . . . . . . . . . . . 59 7.4.2 Change State Event . . . . . . . . . . . . . . . . . 64
7.3.15 Idle Timeout . . . . . . . . . . . . . . . . . . . . 59 7.4.3 Administrative State . . . . . . . . . . . . . . . . 64
7.4 Configuration Update Response . . . . . . . . . . . . . 59 7.4.4 Statistics Timer . . . . . . . . . . . . . . . . . . 64
7.4.1 Result Code . . . . . . . . . . . . . . . . . . . . 60 7.4.5 Location Data . . . . . . . . . . . . . . . . . . . 64
7.5 Change State Event Request . . . . . . . . . . . . . . . 60 7.4.6 Decryption Error Report Period . . . . . . . . . . . 64
7.5.1 Change State Event . . . . . . . . . . . . . . . . . 60 7.4.7 AC IPv4 List . . . . . . . . . . . . . . . . . . . . 64
7.6 Change State Event Response . . . . . . . . . . . . . . 60 7.4.8 AC IPv6 List . . . . . . . . . . . . . . . . . . . . 65
7.7 Clear Config Indication . . . . . . . . . . . . . . . . 61 7.4.9 Add Blacklist Entry . . . . . . . . . . . . . . . . 65
8. Device Management Operations . . . . . . . . . . . . . . . . 62 7.4.10 Delete Blacklist Entry . . . . . . . . . . . . . . . 65
8.1 Image Data Request . . . . . . . . . . . . . . . . . . . 62 7.4.11 Add Static Blacklist Entry . . . . . . . . . . . . . 66
8.1.1 Image Download . . . . . . . . . . . . . . . . . . . 62 7.4.12 Delete Static Blacklist Entry . . . . . . . . . . . 66
8.1.2 Image Data . . . . . . . . . . . . . . . . . . . . . 62 7.4.13 LWAPP Timers . . . . . . . . . . . . . . . . . . . . 67
8.2 Image Data Response . . . . . . . . . . . . . . . . . . 63 7.4.14 AC Name with Index . . . . . . . . . . . . . . . . . 67
8.3 Reset Request . . . . . . . . . . . . . . . . . . . . . 63 7.4.15 WTP Fallback . . . . . . . . . . . . . . . . . . . . 67
8.4 Reset Response . . . . . . . . . . . . . . . . . . . . . 63 7.4.16 Idle Timeout . . . . . . . . . . . . . . . . . . . . 67
8.5 WTP Event Request . . . . . . . . . . . . . . . . . . . 63 7.5 Configuration Update Response . . . . . . . . . . . . . 67
8.5.1 Decryption Error Report . . . . . . . . . . . . . . 64 7.5.1 Result Code . . . . . . . . . . . . . . . . . . . . 68
8.5.2 Duplicate IP Address . . . . . . . . . . . . . . . . 64 7.6 Change State Event Request . . . . . . . . . . . . . . . 68
8.6 WTP Event Response . . . . . . . . . . . . . . . . . . . 65 7.6.1 Change State Event . . . . . . . . . . . . . . . . . 68
8.7 Data Transfer Request . . . . . . . . . . . . . . . . . 65 7.7 Change State Event Response . . . . . . . . . . . . . . 68
8.7.1 Data Transfer Mode . . . . . . . . . . . . . . . . . 65 7.8 Clear Config Indication . . . . . . . . . . . . . . . . 68
8.7.2 Data Transfer Data . . . . . . . . . . . . . . . . . 66 8. Device Management Operations . . . . . . . . . . . . . . . . 70
8.8 Data Transfer Response . . . . . . . . . . . . . . . . . 66 8.1 Image Data Request . . . . . . . . . . . . . . . . . . . 70
9. Mobile Session Management . . . . . . . . . . . . . . . . . 67 8.1.1 Image Download . . . . . . . . . . . . . . . . . . . 70
9.1 Mobile Config Request . . . . . . . . . . . . . . . . . 67 8.1.2 Image Data . . . . . . . . . . . . . . . . . . . . . 70
9.1.1 Delete Mobile . . . . . . . . . . . . . . . . . . . 67 8.2 Image Data Response . . . . . . . . . . . . . . . . . . 71
9.2 Mobile Config Response . . . . . . . . . . . . . . . . . 68 8.3 Reset Request . . . . . . . . . . . . . . . . . . . . . 71
9.2.1 Result Code . . . . . . . . . . . . . . . . . . . . 68 8.4 Reset Response . . . . . . . . . . . . . . . . . . . . . 71
10. Session Key Generation . . . . . . . . . . . . . . . . . . 69 8.5 WTP Event Request . . . . . . . . . . . . . . . . . . . 72
10.1 Securing WTP-AC communications . . . . . . . . . . . . . 69 8.5.1 Decryption Error Report . . . . . . . . . . . . . . 72
10.2 LWAPP Frame Encryption . . . . . . . . . . . . . . . . . 70 8.5.2 Duplicate IPv4 Address . . . . . . . . . . . . . . . 72
10.3 Authenticated Key Exchange . . . . . . . . . . . . . . . 71 8.5.3 Duplicate IPv6 Address . . . . . . . . . . . . . . . 73
10.3.1 Certificate Based Approach . . . . . . . . . . . . . 71 8.6 WTP Event Response . . . . . . . . . . . . . . . . . . . 74
10.3.2 Pre-Shared Key Approach . . . . . . . . . . . . . . 74 8.7 Data Transfer Request . . . . . . . . . . . . . . . . . 74
11. IEEE 802.11 Binding . . . . . . . . . . . . . . . . . . . 78 8.7.1 Data Transfer Mode . . . . . . . . . . . . . . . . . 74
11.1 Division of labor . . . . . . . . . . . . . . . . . . . 78 8.7.2 Data Transfer Data . . . . . . . . . . . . . . . . . 75
11.1.1 Split MAC . . . . . . . . . . . . . . . . . . . . . 78 8.8 Data Transfer Response . . . . . . . . . . . . . . . . . 75
11.1.2 Local MAC . . . . . . . . . . . . . . . . . . . . . 79 9. Mobile Session Management . . . . . . . . . . . . . . . . . 77
11.2 Transport specific bindings . . . . . . . . . . . . . . 79 9.1 Mobile Config Request . . . . . . . . . . . . . . . . . 77
11.2.1 Status and WLANS field . . . . . . . . . . . . . . . 79 9.1.1 Delete Mobile . . . . . . . . . . . . . . . . . . . 77
11.3 Data Message bindings . . . . . . . . . . . . . . . . . 80 9.2 Mobile Config Response . . . . . . . . . . . . . . . . . 78
11.4 Control Message bindings . . . . . . . . . . . . . . . . 80 9.2.1 Result Code . . . . . . . . . . . . . . . . . . . . 78
11.4.1 Mobile Config Request . . . . . . . . . . . . . . . 80 10. LWAPP Security . . . . . . . . . . . . . . . . . . . . . . 79
11.4.2 WTP Event Request . . . . . . . . . . . . . . . . . 85 10.1 Securing WTP-AC communications . . . . . . . . . . . . . 79
11.5 802.11 Control Messages . . . . . . . . . . . . . . . . 87 10.2 LWAPP Frame Encryption . . . . . . . . . . . . . . . . . 80
11.5.1 IEEE 802.11 WLAN Config Request . . . . . . . . . . 87 10.3 Authenticated Key Exchange . . . . . . . . . . . . . . . 80
11.5.2 IEEE 802.11 WLAN Config Response . . . . . . . . . . 91 10.3.1 Terminology . . . . . . . . . . . . . . . . . . . . 81
11.5.3 IEEE 802.11 WTP Event . . . . . . . . . . . . . . . 91 10.3.2 Initial Key Generation . . . . . . . . . . . . . . . 82
11.6 Message Element Bindings . . . . . . . . . . . . . . . . 92 10.3.3 Refreshing Cryptographic Keys . . . . . . . . . . . 86
11.6.1 IEEE 802.11 WTP WLAN Radio Configuration . . . . . . 93 10.4 Certificate Usage . . . . . . . . . . . . . . . . . . . 87
11.6.2 IEEE 802.11 Rate Set . . . . . . . . . . . . . . . . 94 11. IEEE 802.11 Binding . . . . . . . . . . . . . . . . . . . 88
11.6.3 IEEE 802.11 Multi-domain Capability . . . . . . . . 95 11.1 Division of labor . . . . . . . . . . . . . . . . . . . 88
11.6.4 IEEE 802.11 MAC Operation . . . . . . . . . . . . . 95 11.1.1 Split MAC . . . . . . . . . . . . . . . . . . . . . 88
11.6.5 IEEE 802.11 Tx Power . . . . . . . . . . . . . . . . 97 11.1.2 Local MAC . . . . . . . . . . . . . . . . . . . . . 90
11.6.6 IEEE 802.11 Tx Power Level . . . . . . . . . . . . . 97 11.2 Roaming Behavior and 802.11 security . . . . . . . . . . 93
11.6.7 IEEE 802.11 Direct Sequence Control . . . . . . . . 97 11.3 Transport specific bindings . . . . . . . . . . . . . . 94
11.6.8 IEEE 802.11 OFDM Control . . . . . . . . . . . . . . 98 11.3.1 Status and WLANS field . . . . . . . . . . . . . . . 94
11.6.9 IEEE 802.11 Antenna . . . . . . . . . . . . . . . . 99 11.4 BSSID to WLAN ID Mapping . . . . . . . . . . . . . . . . 95
11.6.10 IEEE 802.11 Supported Rates . . . . . . . . . . . 99 11.5 Quality of Service . . . . . . . . . . . . . . . . . . . 95
11.6.11 IEEE 802.11 CFP Status . . . . . . . . . . . . . . 100 11.6 Data Message bindings . . . . . . . . . . . . . . . . . 95
11.6.12 IEEE 802.11 WTP Mode and Type . . . . . . . . . . 100 11.7 Control Message bindings . . . . . . . . . . . . . . . . 95
11.6.13 IEEE 802.11 Broadcast Probe Mode . . . . . . . . . 101 11.7.1 Mobile Config Request . . . . . . . . . . . . . . . 96
11.6.14 IEEE 802.11 WTP Quality of Service . . . . . . . . 101 11.7.2 WTP Event Request . . . . . . . . . . . . . . . . . 102
11.6.15 IEEE 802.11 MIC Error Report From Mobile . . . . . 102 11.8 802.11 Control Messages . . . . . . . . . . . . . . . . 104
11.7 IEEE 802.11 Message Element Values . . . . . . . . . . . 103 11.8.1 IEEE 802.11 WLAN Config Request . . . . . . . . . . 104
12. LWAPP Protocol Timers . . . . . . . . . . . . . . . . . . 104 11.8.2 IEEE 802.11 WLAN Config Response . . . . . . . . . . 109
12.1 MaxDiscoveryInterval . . . . . . . . . . . . . . . . . . 104 11.8.3 IEEE 802.11 WTP Event . . . . . . . . . . . . . . . 109
12.2 SilentInterval . . . . . . . . . . . . . . . . . . . . . 104 11.9 Message Element Bindings . . . . . . . . . . . . . . . . 111
12.3 NeighborDeadInterval . . . . . . . . . . . . . . . . . . 104 11.9.1 IEEE 802.11 WTP WLAN Radio Configuration . . . . . . 111
12.4 EchoInterval . . . . . . . . . . . . . . . . . . . . . . 104 11.9.2 IEEE 802.11 Rate Set . . . . . . . . . . . . . . . . 113
12.5 DiscoveryInterval . . . . . . . . . . . . . . . . . . . 104 11.9.3 IEEE 802.11 Multi-domain Capability . . . . . . . . 114
12.6 RetransmitInterval . . . . . . . . . . . . . . . . . . . 104 11.9.4 IEEE 802.11 MAC Operation . . . . . . . . . . . . . 114
12.7 ResponseTimeout . . . . . . . . . . . . . . . . . . . . 105 11.9.5 IEEE 802.11 Tx Power . . . . . . . . . . . . . . . . 116
12.8 KeyLifetime . . . . . . . . . . . . . . . . . . . . . . 105 11.9.6 IEEE 802.11 Tx Power Level . . . . . . . . . . . . . 117
13. LWAPP Protocol Variables . . . . . . . . . . . . . . . . . 106 11.9.7 IEEE 802.11 Direct Sequence Control . . . . . . . . 117
13.1 MaxDiscoveries . . . . . . . . . . . . . . . . . . . . . 106 11.9.8 IEEE 802.11 OFDM Control . . . . . . . . . . . . . . 118
13.2 DiscoveryCount . . . . . . . . . . . . . . . . . . . . . 106 11.9.9 IEEE 802.11 Antenna . . . . . . . . . . . . . . . . 119
13.3 RetransmitCount . . . . . . . . . . . . . . . . . . . . 106 11.9.10 IEEE 802.11 Supported Rates . . . . . . . . . . . 120
13.4 MaxRetransmit . . . . . . . . . . . . . . . . . . . . . 106 11.9.11 IEEE 802.11 CFP Status . . . . . . . . . . . . . . 120
14. Security Considerations . . . . . . . . . . . . . . . . . 107 11.9.12 IEEE 802.11 WTP Mode and Type . . . . . . . . . . 121
14.1 Certificate based Session Key establishment . . . . . . 107 11.9.13 IEEE 802.11 Broadcast Probe Mode . . . . . . . . . 121
14.2 PSK based Session Key establishment . . . . . . . . . . 108 11.9.14 IEEE 802.11 WTP Quality of Service . . . . . . . . 122
15. IANA Considerations . . . . . . . . . . . . . . . . . . . 109 11.9.15 IEEE 802.11 MIC Error Report From Mobile . . . . . 123
16. IPR Statement . . . . . . . . . . . . . . . . . . . . . . 110 11.10 IEEE 802.11 Message Element Values . . . . . . . . . . 124
17. References . . . . . . . . . . . . . . . . . . . . . . . . 111 12. LWAPP Protocol Timers . . . . . . . . . . . . . . . . . . 125
17.1 Normative References . . . . . . . . . . . . . . . . . . 111 12.1 MaxDiscoveryInterval . . . . . . . . . . . . . . . . . . 125
17.2 Informational References . . . . . . . . . . . . . . . . 112 12.2 SilentInterval . . . . . . . . . . . . . . . . . . . . . 125
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 112 12.3 NeighborDeadInterval . . . . . . . . . . . . . . . . . . 125
Intellectual Property and Copyright Statements . . . . . . . 114 12.4 EchoInterval . . . . . . . . . . . . . . . . . . . . . . 125
12.5 DiscoveryInterval . . . . . . . . . . . . . . . . . . . 125
12.6 RetransmitInterval . . . . . . . . . . . . . . . . . . . 125
12.7 ResponseTimeout . . . . . . . . . . . . . . . . . . . . 126
12.8 KeyLifetime . . . . . . . . . . . . . . . . . . . . . . 126
13. LWAPP Protocol Variables . . . . . . . . . . . . . . . . . 127
13.1 MaxDiscoveries . . . . . . . . . . . . . . . . . . . . . 127
13.2 DiscoveryCount . . . . . . . . . . . . . . . . . . . . . 127
13.3 RetransmitCount . . . . . . . . . . . . . . . . . . . . 127
13.4 MaxRetransmit . . . . . . . . . . . . . . . . . . . . . 127
14. NAT Considerations . . . . . . . . . . . . . . . . . . . . 128
15. Security Considerations . . . . . . . . . . . . . . . . . 130
15.1 Certificate based Session Key establishment . . . . . . 131
15.2 PSK based Session Key establishment . . . . . . . . . . 131
16. IANA Considerations . . . . . . . . . . . . . . . . . . . 132
17. Acknowledgements . . . . . . . . . . . . . . . . . . . . . 133
18. IPR Statement . . . . . . . . . . . . . . . . . . . . . . 134
19. References . . . . . . . . . . . . . . . . . . . . . . . . 135
19.1 Normative References . . . . . . . . . . . . . . . . . . 135
19.2 Informational References . . . . . . . . . . . . . . . . 136
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 136
Intellectual Property and Copyright Statements . . . . . . . 138
1. Introduction 1. Introduction
Unlike wired network elements, Wireless Termination Points (WTPs) Unlike wired network elements, Wireless Termination Points (WTPs)
require a set of dynamic management and control functions related to require a set of dynamic management and control functions related to
their primary task of connecting the wireless and wired mediums. their primary task of connecting the wireless and wired mediums.
Today, protocols for managing WTPs are either manual static Today, protocols for managing WTPs are either manual static
configuration via HTTP, proprietary Layer 2 specific or non-existent configuration via HTTP, proprietary Layer 2 specific or non-existent
(if the WTPs are self-contained). The emergence of simple 802.11 (if the WTPs are self-contained). The emergence of simple 802.11
WTPs that are managed by a WLAN appliance or switch (also known as an WTPs that are managed by a WLAN appliance or switch (also known as an
skipping to change at page 11, line 39 skipping to change at page 11, line 39
wireless access point radio technology. Elements of the protocol are wireless access point radio technology. Elements of the protocol are
designed to accommodate specific needs of each wireless technology in designed to accommodate specific needs of each wireless technology in
a standard way. Implementation of this standard for a particular a standard way. Implementation of this standard for a particular
wireless technology must follow the binding requirements defined for wireless technology must follow the binding requirements defined for
that technology. This specification includes a binding for the IEEE that technology. This specification includes a binding for the IEEE
802.11 (see Section 11). 802.11 (see Section 11).
When defining a binding for other technologies, the authors MUST When defining a binding for other technologies, the authors MUST
include any necessary definitions for technology-specific messages include any necessary definitions for technology-specific messages
and all technology-specific message elements for those messages. At and all technology-specific message elements for those messages. At
a minimum, a binding MUST provide the definition for a a minimum, a binding MUST provide the definition for a binding-
binding-specific Statistics message element, which is carried in the specific Statistics message element, which is carried in the WTP
WTP Event Request message, and Add Mobile message element, which is Event Request message, and Add Mobile message element, which is
carried in the Mobile Configure Request. If any technology specific carried in the Mobile Configure Request. If any technology specific
message elements are required for any of the existing LWAPP messages message elements are required for any of the existing LWAPP messages
defined in this specification, they MUST also be defined in the defined in this specification, they MUST also be defined in the
technology binding document. technology binding document.
The naming of binding-specific message elements MUST begin with the The naming of binding-specific message elements MUST begin with the
name of the technology type, e.g., the binding for IEEE 802.11, name of the technology type, e.g., the binding for IEEE 802.11,
provided in this standard, begins with "IEEE 802.11"." provided in this standard, begins with "IEEE 802.11"."
2.2 LWAPP State Machine Definition 2.2 LWAPP State Machine Definition
skipping to change at page 12, line 17 skipping to change at page 12, line 17
The following state diagram represents the lifecycle of an WTP-AC The following state diagram represents the lifecycle of an WTP-AC
session: session:
/-------------\ /-------------\
| v | v
| +------------+ | +------------+
| C| Idle |<-----------------------------------\ | C| Idle |<-----------------------------------\
| +------------+<-----------------------\ | | +------------+<-----------------------\ |
| ^ |a ^ | | | ^ |a ^ | |
| | | \----\ | | | | | \----\ | |
| | | |t u | | | | | | +------------+ |
| | | +-----------+------>+------------+ | | | | | -------| Key Confirm| |
| | | | w/ +------------+ |
| | | | | ^ |
| | | |t V |5 |
| | | +-----------+ +------------+ |
| / | C| Run | | Key Update | | | / | C| Run | | Key Update | |
| / | r+-----------+<------+------------+ | | / | r+-----------+------>+------------+ |
| / | ^ |s w x| | | / | ^ |s u x| |
| | v | | | | | | v | | | |
| | +--------------+ | | v |y | | +--------------+ | | v |y
| | C| Discovery | q| \--------------->+-------+ | | C| Discovery | q| \--------------->+-------+
| | b+--------------+ +-------------+ | Reset | | | b+--------------+ +-------------+ | Reset |
| | |d f| ^ | Configure |------->+-------+ | | |d f| ^ | Configure |------->+-------+
| | | | | +-------------+p ^ | | | | | +-------------+p ^
| |e v | | ^ ^ | | |e v | | ^ |
| +---------+ v |i |k 2| | | +---------+ v |i 2| |
| C| Sulking | +------------+ +--------------+ | | C| Sulking | +------------+ +--------------+ |
| +---------+ C| Join |--->| Join-Confirm | | | +---------+ C| Join |--->| Join-Confirm | |
| g+------------+z +--------------+ | | g+------------+z +--------------+ |
| |h m| 3| |4 | | |h m| 3| |4 |
| | | | v |o | | | | v |o
|\ | | | +------------+ |\ | | | +------------+
\\-----------------/ \--------+---->| Image Data |C \\-----------------/ \--------+---->| Image Data |C
\------------------------------------/ +------------+n \------------------------------------/ +------------+n
Figure 2: LWAPP State Machine Figure 2: LWAPP State Machine
skipping to change at page 13, line 5 skipping to change at page 13, line 9
permitted to be sent and received. In all of the LWAPP control permitted to be sent and received. In all of the LWAPP control
messages defined in this document, the state for which each command messages defined in this document, the state for which each command
is valid is specified. is valid is specified.
Note that in the state diagram figure above, the 'C' character is Note that in the state diagram figure above, the 'C' character is
used to represent a condition that causes the state to remain the used to represent a condition that causes the state to remain the
same. same.
The following text discusses the various state transitions, and the The following text discusses the various state transitions, and the
events that cause them. events that cause them.
Idle to Discovery (a): This is the initialization state. Idle to Discovery (a): This is the initialization state.
WTP: The WTP enters the Discovery state prior to transmitting the WTP: The WTP enters the Discovery state prior to transmitting the
first Discovery Request (see Section 5.1). Upon entering this first Discovery Request (see Section 5.1). Upon entering this
state, the WTP sets the DiscoveryInterval timer (see state, the WTP sets the DiscoveryInterval timer (see
Section 12). The WTP resets the DiscoveryCount counter to zero Section 12). The WTP resets the DiscoveryCount counter to zero
(0) (see Section 13). The WTP also clears all information from (0) (see Section 13). The WTP also clears all information from
ACs (e.g., AC Addresses) it may have received during a previous ACs (e.g., AC Addresses) it may have received during a previous
Discovery phase. Discovery phase.
AC: The AC does not need to maintain state information for the WTP AC: The AC does not need to maintain state information for the WTP
upon reception of the Discovery Request, but it MUST respond upon reception of the Discovery Request, but it MUST respond
with a Discovery Response (see Section 5.2). with a Discovery Response (see Section 5.2).
Discovery to Discovery (b): This is the state the WTP uses to Discovery to Discovery (b): This is the state the WTP uses to
determine which AC it wishes to connect to. determine which AC it wishes to connect to.
WTP: This event occurs when the DiscoveryInterval timer expires. WTP: This event occurs when the DiscoveryInterval timer expires.
The WTP transmits a Discovery Request to every AC which the WTP The WTP transmits a Discovery Request to every AC which the WTP
hasn't received a response to. For every transition to this hasn't received a response to. For every transition to this
event, the WTP increments DisoveryCount counter. See event, the WTP increments DisoveryCount counter. See
Section 5.1) for more information on how the WTP knows which Section 5.1) for more information on how the WTP knows which
ACs it should transmit the Discovery Requests to. The WTP ACs it should transmit the Discovery Requests to. The WTP
restarts the DiscoveryInterval timer. restarts the DiscoveryInterval timer.
AC: This is a noop. AC: This is a noop.
Discovery to Sulking (d): This state occurs on a WTP when Discovery Discovery to Sulking (d): This state occurs on a WTP when Discovery
or connectivity to the AC fails. or connectivity to the AC fails.
WTP: The WTP enters this state when the DiscoveryInterval timer WTP: The WTP enters this state when the DiscoveryInterval timer
expires and the DiscoveryCount variable is equal to the expires and the DiscoveryCount variable is equal to the
MaxDiscoveries variable (see Section 13). Upon entering this MaxDiscoveries variable (see Section 13). Upon entering this
state, the WTP will start the SilentInterval timer. While in state, the WTP will start the SilentInterval timer. While in
the Sulking state, all LWAPP messages received are ignored. the Sulking state, all LWAPP messages received are ignored.
AC: This is a noop. AC: This is a noop.
Sulking to Idle (e): This state occurs on a WTP when it must restart Sulking to Idle (e): This state occurs on a WTP when it must restart
the discovery phase. the discovery phase.
WTP: The WTP enters this state when the SilentInterval timer (see WTP: The WTP enters this state when the SilentInterval timer (see
Section 12) expires. Section 12) expires.
AC: This is a noop. AC: This is a noop.
Discovery to Join (f): This state is used by the WTP to confirm its Discovery to Join (f): This state is used by the WTP to confirm its
commitment to an AC that it wishes to be provided service. commitment to an AC that it wishes to be provided service.
WTP: The WTP selects the best AC based on the information it WTP: The WTP selects the best AC based on the information it
gathered during the Discovery Phase. It then transmits a Join gathered during the Discovery Phase. It then transmits a Join
Request (see Section 6.1 to its preferred AC. The WTP starts Request (see Section 6.1 to its preferred AC. The WTP starts
the WaitJoin Timer (see Section 12). the WaitJoin Timer (see Section 12).
AC: The AC enters this state for the given WTP upon reception of a AC: The AC enters this state for the given WTP upon reception of a
Join Request. The AC processes the request and responds with a Join Request. The AC processes the request and responds with a
Join Response. Join Response.
Join to Join (g): This state transition occurs during the join phase. Join to Join (g): This state transition occurs during the join phase.
WTP: The WTP enters this state when the WaitJoin timer expires, WTP: The WTP enters this state when the WaitJoin timer expires,
and the underlying transport requires LWAPP MTU detection and the underlying transport requires LWAPP MTU detection
Section 3). Section 3).
AC: This state occurs when the AC receives a retransmission of a AC: This state occurs when the AC receives a retransmission of a
Join Request. The WTP processes the request and responds with Join Request. The AC processes the request and responds with
the Join Response.. the Join Response..
Join to Idle (h): This state is used when the join process failed. Join to Idle (h): This state is used when the join process failed.
WTP: This state transition occurs if the WTP is configured to use WTP: This state transition occurs if the WTP is configured to use
PSK security and receives a Join Response that includes an PSK security and receives a Join Response that includes an
invalid PSK-MIC message element. invalid PSK-MIC message element.
AC: The AC enters this state when it transmits an unsuccessful AC: The AC enters this state when it transmits an unsuccessful
Join Response. Join Response.
Join to Discovery (i): This state is used when the join process Join to Discovery (i): This state is used when the join process
failed. failed.
WTP: The WTP enters this state when it receives an unsuccessful WTP: The WTP enters this state when it receives an unsuccessful
Join Response. Upon entering this state, the WTP sets the Join Response. Upon entering this state, the WTP sets the
DiscoveryInterval timer (see Section 12). The WTP resets the DiscoveryInterval timer (see Section 12). The WTP resets the
DiscoveryCount counter to zero (0) (see Section 13). This DiscoveryCount counter to zero (0) (see Section 13). This
state transition may also occur if the PSK-MIC (see state transition may also occur if the PSK-MIC (see
Section 6.2.8) message element is invalid. Section 6.2.9) message element is invalid.
AC: This state transition is invalid. AC: This state transition is invalid.
Join to Join-Confirm (z): This state is used solely with the LWAPP
PSK Mode, and is used for the purposes of key confirmation. Join to Join-Confirm (z): This state is used to provide key
WTP: This state is entered when the WTP receives a Join Response confirmation during the join process.
that includes a valid PSK-MIC message element. The WTP MUST
respond with a Join ACK, which is used to provide key WTP: This state is entered when the WTP receives a Join Response.
confirmation. In the event that certificate based security is utilized, this
AC: The AC enters this state when it receives a Join ACK that transition will occur if the Certificate message element is
includes a valid PSK-MIC message element. The AC MUST respond present and valid in the Join Response. For pre-shared key
with a Join Confirm message, which includes the Session Key security, the Join Response must include a valdd and
message element. authenticated PSK-MIC message element. The WTP MUST respond
Join to Configure (k): This state is used by the WTP and the AC to with a Join ACK, which is used to provide key confirmation.
exchange configuration information.
WTP: The WTP enters this state when it receives a successful Join AC: The AC enters this state when it receives a valid Join ACK.
Response, and determines that its version number and the For certificate based security, the Join ACK MUST include a
version number advertised by the AC are the same. The WTP valid and authenticated PSK-MIC message element. For pre-
transmits the Configure Request (see Section 7.1) message to shared key security, the message must include a valid PSK-MIC
the AC with a snapshot of its current configuration. This message element. The AC MUST respond with a Join Confirm
state transition is only valid when the Certificate message message, which includes the Session Key message element.
element is present in the Join Response, and not if the PSK-MIC
message element is present. The WTP also starts the
ResponseTimeout timer (see Section 12).
AC: This state transition occurs when the AC receives the
Configure Request from the WTP. Note that the AC MUST only
allow this state transition if the Join process used
certificate based security, through the presence on the
Certificate message element. The AC must transmit a Configure
Response (see Section 7.2) to the WTP, and may include specific
message elements to override the WTP's configuration.
Join to Image Data (m): This state is used by the WTP and the AC to
download executable firmware.
WTP: The WTP enters this state when it receives a successful Join
Response, and determines that its version number and the
version number advertised by the AC are different. This state
transition is only valid when the Certificate message element
is present in the Join Response, and not if the PSK-MIC message
element is present. The WTP transmits the Image Data Request
(see Section 8.1) message requesting that the AC's latest
firmware be initiated.
AC: This state transition occurs when the AC receives the Image
Data Request from the WTP. Note that the AC MUST only allow
this state transition if the Join process used certificate
based security, through the presence on the Certificate message
element. The AC must transmit a Image Data Response (see
Section 8.2) to the WTP, which includes a portion of the
firmware.
Join-Confirm to Idle (3): This state is used when the join process Join-Confirm to Idle (3): This state is used when the join process
failed. failed.
WTP: This state transition occurs when the WTP receives an invalid WTP: This state transition occurs when the WTP receives an invalid
Join Confirm. Join Confirm.
AC: The AC enters this state when it receives an invalid Join ACK. AC: The AC enters this state when it receives an invalid Join ACK.
Join-Confirm to Configure (2): This state is used by the WTP and the Join-Confirm to Configure (2): This state is used by the WTP and the
AC to exchange configuration information. AC to exchange configuration information.
WTP: The WTP enters this state when it receives a successful Join WTP: The WTP enters this state when it receives a successful Join
Confirm, and determines that its version number and the version Confirm, and determines that its version number and the version
number advertised by the AC are the same. The WTP transmits number advertised by the AC are the same. The WTP transmits
the Configure Request (see Section 7.1) message to the AC with the Configure Request (see Section 7.2) message to the AC with
a snapshot of its current configuration. The WTP also starts a snapshot of its current configuration. The WTP also starts
the ResponseTimeout timer (see Section 12). the ResponseTimeout timer (see Section 12).
AC: This state transition occurs when the AC receives the AC: This state transition occurs when the AC receives the
Configure Request from the WTP. The AC must transmit a Configure Request from the WTP. The AC must transmit a
Configure Response (see Section 7.2) to the WTP, and may Configure Response (see Section 7.3) to the WTP, and may
include specific message elements to override the WTP's include specific message elements to override the WTP's
configuration. configuration.
Join-Confirm to Image Data (4): This state is used by the WTP and the Join-Confirm to Image Data (4): This state is used by the WTP and the
AC to download executable firmware. AC to download executable firmware.
WTP: The WTP enters this state when it receives a successful Join WTP: The WTP enters this state when it receives a successful Join
Confirm, and determines that its version number and the version Confirm, and determines that its version number and the version
number advertised by the AC are different. The WTP transmits number advertised by the AC are different. The WTP transmits
the Image Data Request (see Section 8.1) message requesting the Image Data Request (see Section 8.1) message requesting
that the AC's latest firmware be initiated. that the AC's latest firmware be initiated.
AC: This state transition occurs when the AC receives the Image AC: This state transition occurs when the AC receives the Image
Data Request from the WTP. The AC must transmit a Image Data Data Request from the WTP. The AC must transmit a Image Data
Response (see Section 8.2) to the WTP, which includes a portion Response (see Section 8.2) to the WTP, which includes a portion
of the firmware. of the firmware.
Image Data to Image Data (n): This state is used by WTP and the AC Image Data to Image Data (n): This state is used by WTP and the AC
during the firmware download phase. during the firmware download phase.
WTP: The WTP enters this state when it receives a Image Data WTP: The WTP enters this state when it receives a Image Data
Response that indicates that the AC has more data to send. Response that indicates that the AC has more data to send.
AC: This state transition occurs when the AC receives the Image AC: This state transition occurs when the AC receives the Image
Data Request from the WTP while already in this state, and it Data Request from the WTP while already in this state, and it
detects that the firmware download has not completed. detects that the firmware download has not completed.
Image Data to Reset (o): This state is used when the firmware Image Data to Reset (o): This state is used when the firmware
download is completed. download is completed.
WTP: The WTP enters this state when it receives a Image Data WTP: The WTP enters this state when it receives a Image Data
Response that indicates that the AC has no more data to send, Response that indicates that the AC has no more data to send,
or if the underlying LWAPP transport indicates a link failure. or if the underlying LWAPP transport indicates a link failure.
At this point, the WTP reboots itself. At this point, the WTP reboots itself.
AC: This state transition occurs when the AC receives the Image AC: This state transition occurs when the AC receives the Image
Data Request from the WTP while already in this state, and it Data Request from the WTP while already in this state, and it
detects that the firmware download has completed, or if the detects that the firmware download has completed, or if the
underlying LWAPP transport indicates a link failure. Note that underlying LWAPP transport indicates a link failure. Note that
the AC itself does not reset, but it places the specific WTPs the AC itself does not reset, but it places the specific WTPs
context it is communicating with in the reset state, meaning context it is communicating with in the reset state, meaning
that it clears all state associated with the WTP. that it clears all state associated with the WTP.
Configure to Reset (p): This state transition occurs if the Configure Configure to Reset (p): This state transition occurs if the Configure
phase fails. phase fails.
WTP: The WTP enters this state when the reliable transport fails WTP: The WTP enters this state when the reliable transport fails
to deliver the Configure Request, or if the ResponseTimeout to deliver the Configure Request, or if the ResponseTimeout
Timer (see Section 12)expires. Timer (see Section 12)expires.
AC: This state transition occurs if the AC is unable to transmit AC: This state transition occurs if the AC is unable to transmit
the Configure Response to a specific WTP. Note that the AC the Configure Response to a specific WTP. Note that the AC
itself does not reset, but it places the specific WTPs context itself does not reset, but it places the specific WTPs context
it is communicating with in the reset state, meaning that it it is communicating with in the reset state, meaning that it
clears all state associated with the WTP. clears all state associated with the WTP.
Configure to Run (q): This state transition occurs when the WTP and Configure to Run (q): This state transition occurs when the WTP and
AC enters their normal state of operation. AC enters their normal state of operation.
WTP: The WTP enters this state when it receives a successful WTP: The WTP enters this state when it receives a successful
Configure Response from the AC. The WTP initializes the Configure Response from the AC. The WTP initializes the
HeartBeat Timer (see Section 12), and transmits the Change HeartBeat Timer (see Section 12), and transmits the Change
State Event Request message (see Section 7.5). State Event Request message (see Section 7.6).
AC: This state transition occurs when the AC receives the Change AC: This state transition occurs when the AC receives the Change
State Event Request (see Section 7.5) from the WTP. The AC State Event Request (see Section 7.6) from the WTP. The AC
responds with a Change State Event Response (see Section 7.6) responds with a Change State Event Response (see Section 7.7)
message. The AC must start the Session ID and Neighbor Dead message. The AC must start the Session ID and Neighbor Dead
timers (see Section 12). timers (see Section 12).
Run to Run (r): This is the normal state of operation. Run to Run (r): This is the normal state of operation.
WTP: This is the WTP's normal state of operation, and there are WTP: This is the WTP's normal state of operation, and there are
many events that cause this to occur: many events that cause this to occur:
Configuration Update: The WTP receives a Configuration Update Configuration Update: The WTP receives a Configuration Update
Request (see Section 7.3). The WTP MUST respond with a Request (see Section 7.4). The WTP MUST respond with a
Configuration Update Response (see Section 7.4). Configuration Update Response (see Section 7.5).
Change State Event: The WTP receives a Change State Event Change State Event: The WTP receives a Change State Event
Response, or determines that it must initiate a Change State Response, or determines that it must initiate a Change State
Event Request, as a result of a failure or change in the Event Request, as a result of a failure or change in the
state of a radio. state of a radio.
Echo Request: The WTP receives an Echo Request message Echo Request: The WTP receives an Echo Request message
Section 6.5), which it MUST respond with an Echo Response Section 6.5), which it MUST respond with an Echo Response
(see Section 6.6). (see Section 6.6).
Clear Config Indication: The WTP receives a Clear Config Clear Config Indication: The WTP receives a Clear Config
Indication message Section 7.7). The WTP MUST reset its Indication message Section 7.8). The WTP MUST reset its
configuration back to manufacturer defaults. configuration back to manufacturer defaults.
WTP Event: The WTP generates a WTP Event Request to send WTP Event: The WTP generates a WTP Event Request to send
information to the AC Section 8.5). The WTP receives a WTP information to the AC Section 8.5). The WTP receives a WTP
Event Response from the AC Section 8.6). Event Response from the AC Section 8.6).
Data Transfer: The WTP generates a Data Transfer Request to the Data Transfer: The WTP generates a Data Transfer Request to the
AC Section 8.7). The WTP receives a Data Transfer Response AC Section 8.7). The WTP receives a Data Transfer Response
from the AC Section 8.8). from the AC Section 8.8).
WLAN Config Request: The WTP receives an WLAN Config Request WLAN Config Request: The WTP receives an WLAN Config Request
message Section 11.5.1), which it MUST respond with an WLAN message Section 11.8.1), which it MUST respond with an WLAN
Config Response (see Section 11.5.2). Config Response (see Section 11.8.2).
Mobile Config Request: The WTP receives an Mobile Config Mobile Config Request: The WTP receives an Mobile Config
Request message Section 9.1), which it MUST respond with an Request message Section 9.1), which it MUST respond with an
Mobile Config Response (see Section 9.2). Mobile Config Response (see Section 9.2).
AC: This is the AC's normal state of operation, and there are many AC: This is the AC's normal state of operation, and there are many
events that cause this to occur: events that cause this to occur:
Configuration Update: The AC sends a Configuration Update Configuration Update: The AC sends a Configuration Update
Request (see Section 7.3) to the WTP to update its Request (see Section 7.4) to the WTP to update its
configuration. The AC receives a Configuration Update configuration. The AC receives a Configuration Update
Response (see Section 7.4) from the WTP. Response (see Section 7.5) from the WTP.
Change State Event: The AC receives a Change State Event Change State Event: The AC receives a Change State Event
Request (see Section 7.5), which it MUST respond to with the Request (see Section 7.6), which it MUST respond to with the
Change State Event Response (see Section 7.6). Change State Event Response (see Section 7.7).
Echo: The AC sends an Echo Request message Section 6.5) or Echo: The AC sends an Echo Request message Section 6.5) or
receives the associated Echo Response (see Section 6.6) from receives the associated Echo Response (see Section 6.6) from
the WTP. the WTP.
Clear Config Indication: The AC sends a Clear Config Indication Clear Config Indication: The AC sends a Clear Config Indication
message Section 7.7). message Section 7.8).
WLAN Config: The AC sends an WLAN Config Request message WLAN Config: The AC sends an WLAN Config Request message
Section 11.5.1) or receives the associated WLAN Config Section 11.8.1) or receives the associated WLAN Config
Response (see Section 11.5.2) from the WTP. Response (see Section 11.8.2) from the WTP.
Mobile Config: The AC sends an Mobile Config Request message Mobile Config: The AC sends an Mobile Config Request message
Section 9.1) or receives the associated Mobile Config Section 9.1) or receives the associated Mobile Config
Response (see Section 9.2) from the WTP. Response (see Section 9.2) from the WTP.
Data Transfer: The AC receives a Data Transfer Request from the Data Transfer: The AC receives a Data Transfer Request from the
AC (see Section 8.7) and MUST generate the associated Data AC (see Section 8.7) and MUST generate the associated Data
Transfer Response message (see Section 8.8). Transfer Response message (see Section 8.8).
WTP Event: The AC receives a WTP Event Request from the AC (see WTP Event: The AC receives a WTP Event Request from the AC (see
Section 8.5) and MUST generate the associated WTP Event Section 8.5) and MUST generate the associated WTP Event
Response message (see Section 8.6). Response message (see Section 8.6).
Run to Reset (s): This event occurs when the AC wishes for the WTP to Run to Reset (s): This event occurs when the AC wishes for the WTP to
reboot. reboot.
WTP: The WTP enters this state when it receives a Reset Request WTP: The WTP enters this state when it receives a Reset Request
(see Section 8.3). It must respond with a Reset Response (see (see Section 8.3). It must respond with a Reset Response (see
Section 8.4), and once the reliable transport acknowledgement Section 8.4), and once the reliable transport acknowledgement
has been received, it must reboot itself. has been received, it must reboot itself.
AC: This state transition occurs either through some AC: This state transition occurs either through some
administrative action, or via some internal event on the AC administrative action, or via some internal event on the AC
that causes it to request that the WTP disconnect. Note that that causes it to request that the WTP disconnect. Note that
the AC itself does not reset, but it places the specific WTPs the AC itself does not reset, but it places the specific WTPs
context it is communicating with in the reset state. context it is communicating with in the reset state.
Run to Idle (t): This event occurs when an error occurs in the Run to Idle (t): This event occurs when an error occurs in the
communication between the WTP and the AC. communication between the WTP and the AC.
WTP: The WTP enters this state when the underlying reliable WTP: The WTP enters this state when the underlying reliable
transport in unable to transmit a message within the transport in unable to transmit a message within the
RetransmitInterval timer (see Section 12), and the maximum RetransmitInterval timer (see Section 12), and the maximum
number of RetransmitCount counter has reached the MaxRetransmit number of RetransmitCount counter has reached the MaxRetransmit
variable (see Section 13). variable (see Section 13).
AC: The AC enters this state when the underlying reliable AC: The AC enters this state when the underlying reliable
transport in unable to transmit a message within the transport in unable to transmit a message within the
RetransmitInterval timer (see Section 12), and the maximum RetransmitInterval timer (see Section 12), and the maximum
number of RetransmitCount counter has reached the MaxRetransmit number of RetransmitCount counter has reached the MaxRetransmit
variable (see Section 13). variable (see Section 13).
Run to Key Update (u): This event occurs when the WTP and the AC are Run to Key Update (u): This event occurs when the WTP and the AC are
to exchange new keying material, with which it must use to protect to exchange new keying material, with which it must use to protect
all future messages. all future messages.
WTP: This state transition occurs when the KeyLifetime timer WTP: This state transition occurs when the KeyLifetime timer
expires (see Section 12). expires (see Section 12).
AC: The WTP enters this state when it receives a Key Update AC: The WTP enters this state when it receives a Key Update
Request (see Section 6.7). It must create new keying material Request (see Section 6.7).
and include it in the Key Update Response (see Section 6.8).
Key Update to Run (w): This event occurs when the key exchange phase Key Update to Key Confirm (w): This event occurs during the rekey
is completed. phase and is used to complete the loop.
WTP: This state transition occurs when the WTP receives the Key WTP: This state transition occurs when the WTP receives the Key
Update Response. The WTP must plumb the new keys in its crypto Update Response. The WTP MUST only accept the message if it is
module, allowing it to communicate with the AC using the new authentic. The WTP responds to this response with a Key Update
key. ACK.
AC: The AC enters this state when it receives an authenticated Key
Update ACK message.
Key Confirm to Run (5): This event occurs when the rekey exchange
phase is completed.
WTP: This state transition occurs when the WTP receives the Key
Update Confirm. The newly derived encryption key and IV must
be plumbed into the crypto module after validating the
message's authentication.
AC: The AC enters this state when it transmits the Key Update AC: The AC enters this state when it transmits the Key Update
Response message. The key is then plumbed into its crypto Confirm message. The newly derived encryption key and IV must
module, allowing it to communicate with the WTP using the new be plumbed into the crypto module after transmitting a Key
key. Update Confirm message.
Key Update to Reset (x): This event occurs when the key exchange Key Update to Reset (x): This event occurs when the key exchange
phase times out. phase times out.
WTP: This state transition occurs when the WTP does not receive a WTP: This state transition occurs when the WTP does not receive a
Key Update Response from the AC. Key Update Response from the AC.
AC: The AC enters this state when it is unable to process a Key AC: The AC enters this state when it is unable to process a Key
Update Request. Update Request.
Reset to Idle (y): This event occurs when the state machine is Reset to Idle (y): This event occurs when the state machine is
restarted. restarted.
WTP: The WTP reboots itself. After reboot the WTP will start its WTP: The WTP reboots itself. After reboot the WTP will start its
LWAPP state machine in the Idle state. LWAPP state machine in the Idle state.
AC: The AC clears out any state associated with the WTP. The AC AC: The AC clears out any state associated with the WTP. The AC
generally does this as a result of the reliable link layer generally does this as a result of the reliable link layer
timing out. timing out.
3. LWAPP Transport Layers 3. LWAPP Transport Layers
The LWAPP protocol can operate at layer 2 or 3. For layer 2 support, The LWAPP protocol can operate at layer 2 or 3. For layer 2 support,
the LWAPP messages are carried in a native Ethernet frame. As such, the LWAPP messages are carried in a native Ethernet frame. As such,
the protocol is not routable and depends upon layer 2 connectivity the protocol is not routable and depends upon layer 2 connectivity
between the WTP and the AC. Layer 3 support is provided by between the WTP and the AC. Layer 3 support is provided by
skipping to change at page 23, line 15 skipping to change at page 24, line 15
single packet to be fragmented into 2, which is sufficient for a single packet to be fragmented into 2, which is sufficient for a
frame that exceeds MTU due to LWAPP encapsulation. When used with frame that exceeds MTU due to LWAPP encapsulation. When used with
layer 2 (Ethernet) transport, both fragments MUST include the LWAPP layer 2 (Ethernet) transport, both fragments MUST include the LWAPP
header. header.
3.2.5 Multiplexing 3.2.5 Multiplexing
LWAPP control messages and data messages are distinguished by the C LWAPP control messages and data messages are distinguished by the C
Bit in the LWAPP message header. Bit in the LWAPP message header.
3.3 Using IPv4/UDP as LWAPP transport 3.3 Using IP/UDP as LWAPP transport
This section defines how LWAPP makes use of IPV4/UDP transport This section defines how LWAPP makes use of IP/UDP transport between
between the WTP and the AC. When this transport is used, the MAC the WTP and the AC. When this transport is used, the MAC layer is
layer is controlled by the IPv4 stack, and there are therefore no controlled by the IP stack, and there are therefore no special MAC
special MAC layer requirements. The following figure provides an layer requirements. The following figure provides an example of the
example of the frame formats used when LWAPP is used over the frame formats used when LWAPP is used over the IP/UDP transport. IP
IPv4/UDP transport. stacks can be either IPv4 or IPv6.
Layer 3 LWAPP Data Frame Layer 3 LWAPP Data Frame
+--------------------------------------------+ +--------------------------------------------+
| MAC Header | IP | UDP | LWAPP Header [C=0] | | MAC Header | IP | UDP | LWAPP Header [C=0] |
+--------------------------------------------+ +--------------------------------------------+
|Forwarded Data ... | |Forwarded Data ... |
+-------------------+ +-------------------+
Layer 3 LWAPP Control Frame Layer 3 LWAPP Control Frame
+--------------------------------------------+ +--------------------------------------------+
skipping to change at page 23, line 48 skipping to change at page 24, line 48
3.3.1 Framing 3.3.1 Framing
Communication between WTP and AC is established according to the Communication between WTP and AC is established according to the
standard UDP client/server model. The connection is initiated by the standard UDP client/server model. The connection is initiated by the
WTP (client) to the well-known UDP port of the AC (server) used for WTP (client) to the well-known UDP port of the AC (server) used for
control messages. This UDP port number of the AC is 12222 for LWAPP control messages. This UDP port number of the AC is 12222 for LWAPP
data and 12223 for LWAPP control frames. data and 12223 for LWAPP control frames.
3.3.2 AC Discovery 3.3.2 AC Discovery
When LWAPP is run over routed IPv4 networks, the WTP and the AC do When LWAPP is run over routed IP networks, the WTP and the AC do not
not need to reside in the same IP subnet (broadcast domain). need to reside in the same IP subnet (broadcast domain). However, in
However, in the event the peers reside on separate subnets, there the event the peers reside on separate subnets, there must exist a
must exist a mechanism for the WTP to discover the AC. mechanism for the WTP to discover the AC.
As the WTP attempts to establish communication with the AC, it sends As the WTP attempts to establish communication with the AC, it sends
the Discovery Request message and receives the corresponding response the Discovery Request message and receives the corresponding response
message from the AC. The WTP must send the Discovery Request message message from the AC. The WTP must send the Discovery Request message
to either the limited broadcast IP address (255.255.255.255), a well to either the limited broadcast IP address (255.255.255.255), a well
known multicast address or to the unicast IP address of the AC. Upon known multicast address or to the unicast IP address of the AC. Upon
receipt of the message, the AC issues a Discovery Response message to receipt of the message, the AC issues a Discovery Response message to
the unicast IP address of the WTP, regardless of whether Discovery the unicast IP address of the WTP, regardless of whether Discovery
Request was sent as a broadcast, multicast or unicast message. Request was sent as a broadcast, multicast or unicast message.
skipping to change at page 24, line 23 skipping to change at page 25, line 23
Request was sent as a broadcast, multicast or unicast message. Request was sent as a broadcast, multicast or unicast message.
Whether the WTP uses a limited IP broadcast, multicast or unicast IP Whether the WTP uses a limited IP broadcast, multicast or unicast IP
address is implementation dependent. address is implementation dependent.
In order for a WTP to transmit a Discovery Request to a unicast In order for a WTP to transmit a Discovery Request to a unicast
address, the WTP must first obtain the IP address of the AC. Any address, the WTP must first obtain the IP address of the AC. Any
static configuration of an AC's IP address on the WTP non-volatile static configuration of an AC's IP address on the WTP non-volatile
storage is implementation dependent. However, additional dynamic storage is implementation dependent. However, additional dynamic
schemes are possible, for example: schemes are possible, for example:
DHCP: A comma delimited ASCII encoded list of AC IP addresses is DHCP: A comma delimited ASCII encoded list of AC IP addresses is
embedded inside a DHCP vendor specific option 43 extension. An embedded inside a DHCP vendor specific option 43 extension. An
example of the actual format of the vendor specific payload is of example of the actual format of the vendor specific payload for
the form "10.1.1.1, 10.1.1.2". IPv4 is of the form "10.1.1.1, 10.1.1.2".
DNS: The DNS name "LWAPP-AC-Address" MAY be resolvable to or more AC DNS: The DNS name "LWAPP-AC-Address" MAY be resolvable to or more AC
addresses addresses
3.3.3 LWAPP Message Header format over IPv4/UDP transport 3.3.3 LWAPP Message Header format over IP/UDP transport
All of the fields described in Section 3.1 are used when LWAPP uses All of the fields described in Section 3.1 are used when LWAPP uses
the IPv4/UDP transport, with the following exceptions: the IPv4/UDP or IPv6/UDP transport, with the following exceptions:
3.3.3.1 F Bit 3.3.3.1 F Bit
This flag field is not used with this transport, and MUST be set to This flag field is not used with this transport, and MUST be set to
zero. zero.
3.3.3.2 L Bit 3.3.3.2 L Bit
This flag field is not used with this transport, and MUST be set to This flag field is not used with this transport, and MUST be set to
zero. zero.
3.3.3.3 Frag ID 3.3.3.3 Frag ID
This field is not used with this transport, and MUST be set to zero. This field is not used with this transport, and MUST be set to zero.
3.3.4 Fragmentation/Reassembly 3.3.4 Fragmentation/Reassembly for IPv4
When LWAPP is implemented at L3, the transport layer uses IP When LWAPP is implemented at L3, the transport layer uses IP
fragmentation to fragment and reassemble LWAPP messages that are fragmentation to fragment and reassemble LWAPP messages that are
longer than MTU size used by either WTP or AC. The details of IP longer than MTU size used by either WTP or AC. The details of IP
fragmentation are covered in [8]. When used with the IP transport, fragmentation are covered in [8]. When used with the IP transport,
only the first fragment would include the LWAPP header only the first fragment would include the LWAPP header
[ed: IP fragmentation may raise security concerns and bring [ed: IP fragmentation may raise security concerns and bring
additional configuration requirements for certain firewalls and NATs. additional configuration requirements for certain firewalls and NATs.
One alternative is to re-use the layer 2 (application layer) One alternative is to re-use the layer 2 (application layer)
fragmentation reassembly. Comments are welcomed.] fragmentation reassembly. Comments are welcomed.]
3.3.5 Multiplexing 3.3.5 Fragmentation/Reassembly for IPv6
IPv6 does MTU discovery so fragmentation and re-assembly is not
necessary for UDP packets.
3.3.6 Multiplexing
LWAPP messages convey control information between WTP and AC, as well LWAPP messages convey control information between WTP and AC, as well
as binding specific data frames or binding specific management as binding specific data frames or binding specific management
frames. As such, LWAPP messages need to be multiplexed in the frames. As such, LWAPP messages need to be multiplexed in the
transport sub-layer and be delivered to the proper software entities transport sub-layer and be delivered to the proper software entities
in the endpoints of the protocol. However, the 'C' bit is still used in the endpoints of the protocol. However, the 'C' bit is still used
to differentiate between data and control frames. to differentiate between data and control frames.
In case of Layer 3 connection, multiplexing is achieved by use of In case of Layer 3 connection, multiplexing is achieved by use of
different UDP ports for control and data packets (see Section 3.3.1. different UDP ports for control and data packets (see Section 3.3.1.
skipping to change at page 28, line 43 skipping to change at page 29, line 43
Data Transfer Request 34 Data Transfer Request 34
Data Transfer Response 35 Data Transfer Response 35
Clear Config Indication 36 Clear Config Indication 36
WLAN Config Request 37 WLAN Config Request 37
WLAN Config Response 38 WLAN Config Response 38
Mobile Config Request 39 Mobile Config Request 39
Mobile Config Response 40 Mobile Config Response 40
4.2.1.2 Sequence Number 4.2.1.2 Sequence Number
The Sequence Number Field is an identifier value to match The Sequence Number Field is an identifier value to match request/
request/response packet exchanges. When an LWAPP packet with a response packet exchanges. When an LWAPP packet with a request
request message type is received, the value of the sequence number message type is received, the value of the sequence number field is
field is copied into the corresponding response packet. copied into the corresponding response packet.
When an LWAPP control frame is sent, its internal sequence number When an LWAPP control frame is sent, its internal sequence number
counter is monotonically incremented, ensuring that no two requests counter is monotonically incremented, ensuring that no two requests
pending have the same sequence number. This field will wrap back to pending have the same sequence number. This field will wrap back to
zero. zero.
4.2.1.3 Message Element Length 4.2.1.3 Message Element Length
The Length field indicates the number of bytes following the Session The Length field indicates the number of bytes following the Session
ID field. If the LWAPP packet is encrypted, the length field ID field. If the LWAPP packet is encrypted, the length field
skipping to change at page 29, line 28 skipping to change at page 30, line 28
4.2.1.5 Message Element[0..N] 4.2.1.5 Message Element[0..N]
The message element(s) carry the information pertinent to each of the The message element(s) carry the information pertinent to each of the
control message types. Every control message in this specification control message types. Every control message in this specification
specifies which message elements are permitted. specifies which message elements are permitted.
4.2.2 Message Element Format 4.2.2 Message Element Format
The message element is used to carry information pertinent to a The message element is used to carry information pertinent to a
control message. Every message element is identified by the Type control message. Every message element is identified by the Type
field, whose numbering space is managed via IANA (see Section 15). field, whose numbering space is managed via IANA (see Section 16).
The total length of the message elements is indicated in the Message The total length of the message elements is indicated in the Message
Element Length field. Element Length field.
All of the message element definitions in this document use a diagram All of the message element definitions in this document use a diagram
similar to the one below in order to depict its format. Note that in similar to the one below in order to depict its format. Note that in
order to simplify this specification, these diagrams do not include order to simplify this specification, these diagrams do not include
the header fields (Type and Length). However, in every message the header fields (Type and Length). However, in every message
element description, the header's fields values will be defined. element description, the header's fields values will be defined.
Note that additional message elements may be defined in separate IETF Note that additional message elements may be defined in separate IETF
skipping to change at page 30, line 25 skipping to change at page 31, line 25
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Vendor Identifier | | Vendor Identifier |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Element ID | Value... | | Element ID | Value... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 104 for Vendor Specific Type: 104 for Vendor Specific
Length: >= 7 Length: >= 7
Vendor Identifier: A 32-bit value containing the IANA assigned "SMI Vendor Identifier: A 32-bit value containing the IANA assigned "SMI
Network Management Private Enterprise Codes" [11] Network Management Private Enterprise Codes" [14]
Element ID: A 16-bit Element Identifier which is managed by the Element ID: A 16-bit Element Identifier which is managed by the
vendor. vendor.
Value: The value associated with the vendor specific element. Value: The value associated with the vendor specific element.
4.2.3 Quality of Service
It is recommended that LWAPP control messages be sent by both the AC
and the WTP with an appropriate Quality of Service precedence value,
ensuring that congestion in the network minimizes occurences of LWAPP
control channel disconnects. Therefore, a Quality of Service enabled
LWAPP device should use:
802.1P: The precedence value of 7 SHOULD be used.
DSCP: The dscp tag value of 46 SHOULD be used.
5. LWAPP Discovery Operations 5. LWAPP Discovery Operations
The Discovery messages are used by an WTP to determine which ACs are The Discovery messages are used by an WTP to determine which ACs are
available to provide service, as well as the capabilities and load of available to provide service, as well as the capabilities and load of
the ACs. the ACs.
5.1 Discovery Request 5.1 Discovery Request
The Discovery Request is used by the WTP to automatically discover The Discovery Request is used by the WTP to automatically discover
potential ACs available in the network. An WTP must transmit this potential ACs available in the network. An WTP must transmit this
skipping to change at page 33, line 17 skipping to change at page 34, line 30
communicate it's capabilities to the AC. Since most WTPs support communicate it's capabilities to the AC. Since most WTPs support
link layer encryption, the AC may make use of these services. link layer encryption, the AC may make use of these services.
There are binding dependent encryption capabilites. An WTP that There are binding dependent encryption capabilites. An WTP that
does not have any encryption capabilities would set this field to does not have any encryption capabilities would set this field to
zero (0). Refer to the specific binding for the specification. zero (0). Refer to the specific binding for the specification.
5.1.3 WTP Radio Information 5.1.3 WTP Radio Information
The WTP radios information message element is used to communicate the The WTP radios information message element is used to communicate the
radio information in a specific slot. The Discovery Request MUST radio information in a specific slot. The Discovery Request MUST
include one such message element per radio in the WTP. The include one such message element per radio in the WTP. The Radio-
Radio-Type field is used by the AC in order to determine which Type field is used by the AC in order to determine which technology
technology specific binding is to be used with the WTP. specific binding is to be used with the WTP.
The value contains two fields, as shown. The value contains two fields, as shown.
0 1 0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | Radio Type | | Radio ID | Radio Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 4 for WTP Radio Information Type: 4 for WTP Radio Information
skipping to change at page 34, line 48 skipping to change at page 36, line 32
| HW Ver | Software Version ... | | HW Ver | Software Version ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SW Ver | Stations | Limit | | SW Ver | Stations | Limit |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Limit | Radios | Max Radio | | Limit | Radios | Max Radio |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Max Radio | Security | | Max Radio | Security |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 6 for AC Descriptor Type: 6 for AC Descriptor
Length: 17 Length: 17
Reserved: MUST be set to zero Reserved: MUST be set to zero
Hardware Version: A 32-bit integer representing the AC's hardware Hardware Version: A 32-bit integer representing the AC's hardware
version number version number
Software Version: A 32-bit integer representing the AC's Firmware Software Version: A 32-bit integer representing the AC's Firmware
version number version number
Stations: A 16-bit integer representing number of mobile stations Stations: A 16-bit integer representing number of mobile stations
currently associated with the AC currently associated with the AC
Limit: A 16-bit integer representing the maximum number of stations Limit: A 16-bit integer representing the maximum number of stations
supported by the AC supported by the AC
Radios: A 16-bit integer representing the number of WTPs currently Radios: A 16-bit integer representing the number of WTPs currently
attached to the AC attached to the AC
Max Radio: A 16-bit integer representing the maximum number of WTPs Max Radio: A 16-bit integer representing the maximum number of WTPs
supported by the AC supported by the AC
Security: A 8 bit bit mask specifying the security schemes supported Security: A 8 bit bit mask specifying the security schemes supported
by the AC. The following values are supported: by the AC. The following values are supported (see Section 10):
1 - X.509 Certificate Based (Section 10.3.1)
2 - Pre-Shared Secret (Section 10.3.2) 1 - X.509 Certificate Based
2 - Pre-Shared Secret
5.2.3 AC Name 5.2.3 AC Name
The AC name message element contains an ASCII representation of the The AC name message element contains an ASCII representation of the
AC's identity. The value is a variable length byte string. The AC's identity. The value is a variable length byte string. The
string is NOT zero terminated. string is NOT zero terminated.
0 0
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
skipping to change at page 35, line 35 skipping to change at page 37, line 30
AC's identity. The value is a variable length byte string. The AC's identity. The value is a variable length byte string. The
string is NOT zero terminated. string is NOT zero terminated.
0 0
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
| Name ... | Name ...
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
Type: 31 for AC Name Type: 31 for AC Name
Length: > 0 Length: > 0
Name: A variable length ASCII string containing the AC's name Name: A variable length ASCII string containing the AC's name
5.2.4 WTP Manager Control IP Address 5.2.4 WTP Manager Control IPv4 Address
The WTP Manager Control IP Address message element is sent by the AC The WTP Manager Control IPv4 Address message element is sent by the
to the WTP during the discovery process and is used by the AC to AC to the WTP during the discovery process and is used by the AC to
provide the interfaces available on the AC, and their current load. provide the interfaces available on the AC, and their current load.
This message elemenet is useful for the WTP to perform load balancing This message element is useful for the WTP to perform load balancing
across multiple interfaces. across multiple interfaces.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address | | IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| WTP Count | | WTP Count |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 99 for WTP Manager Control IPv4 Address
Type: 99 for WTP Manager Control IP Address
Length: 6 Length: 6
IP Address: The IP Address of an interface.
WTP Count: The number of WTPs currently connected to the interface.
5.2.5 WTP Manager Control IPv6 Address
The WTP Manager Control IPv6 Address message element is sent by the
AC to the WTP during the discovery process and is used by the AC to
provide the interfaces available on the AC, and their current load.
This message element is useful for the WTP to perform load balancing
across multiple interfaces.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| WTP Count |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 142 for WTP Manager Control IPv6 Address
Length: 18
IP Address: The IP Address of an interface. IP Address: The IP Address of an interface.
WTP Count: The number of WTPs currently connected to the interface. WTP Count: The number of WTPs currently connected to the interface.
5.3 Primary Discovery Request 5.3 Primary Discovery Request
The Primary Discovery Request is sent by the WTP in order to The Primary Discovery Request is sent by the WTP in order to
determine whether its preferred (or primary) AC is available. determine whether its preferred (or primary) AC is available.
Primary Discovery Request are sent by an WTP when it has a primary AC Primary Discovery Request are sent by an WTP when it has a primary AC
configured, and is connected to another AC. This generally occurs as configured, and is connected to another AC. This generally occurs as
a result of a failover, and is used by the WTP as a means to discover a result of a failover, and is used by the WTP as a means to discover
skipping to change at page 37, line 25 skipping to change at page 40, line 10
5.4.1 AC Descriptor 5.4.1 AC Descriptor
The Discovery Type message element is defined in section The Discovery Type message element is defined in section
Section 5.2.2. Section 5.2.2.
5.4.2 AC Name 5.4.2 AC Name
The AC Name message element is defined in section Section 5.2.3. The AC Name message element is defined in section Section 5.2.3.
5.4.3 WTP Manager Control IP Address 5.4.3 WTP Manager Control IPv4 Address
An WTP Radio Information message element MAY be present for every
radio in the WTP which are reachable via IPv4. This message element
is defined in section Section 5.2.4.
5.4.4 WTP Manager Control IPv6 Address
An WTP Radio Information message element must be present for every An WTP Radio Information message element must be present for every
radio in the WTP. This message element is defined in section radio in the WTP which are reachable via IPv6. This message element
Section 5.2.4. is defined in section Section 5.2.5.
6. Control Channel Management 6. Control Channel Management
The Control Channel Management messages are used by the WTP and AC to The Control Channel Management messages are used by the WTP and AC to
create and maintain a channel of communication on which various other create and maintain a channel of communication on which various other
commands may be transmitted, such as configuration, firmware update, commands may be transmitted, such as configuration, firmware update,
etc. etc.
6.1 Join Request 6.1 Join Request
skipping to change at page 41, line 4 skipping to change at page 44, line 16
6.1.8 Test 6.1.8 Test
The test message element is used as padding to perform MTU discovery, The test message element is used as padding to perform MTU discovery,
and MAY contain any value, of any length. and MAY contain any value, of any length.
0 0
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
| Padding ... | Padding ...
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
Type: 18 for Test Type: 18 for Test
Length: > 0 Length: > 0
Padding: A variable length pad. Padding: A variable length pad.
6.1.9 WNonce 6.1.9 XNonce
The wnonce message element is sent by a WTP that is configured to The XNonce is used by the WTP to communicate its random nonce during
make use of the pre-shared key security mechanism. See the join or rekey phase. See Section 10 for more information.
Section 10.3.2 for more information.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Nonce | | Nonce |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Nonce | | Nonce |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Nonce | | Nonce |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Nonce | | Nonce |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 107 for WNonce Type: 111 for XNonce
Length: 16
Nonce: A 16 octet random nonce.
6.1.10 DH-Params
The DH-Params message element is used in order for the WTP and the AC
to perform a Diffie Hellman exchange. This message element contains
the g, p, g^x mod p - where x is the exponent chosen by the sender.
See Section 10.3.2 for more information.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Nonce |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Nonce |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Nonce |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Nonce |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 111 for DH-Params
Length: 16 Length: 16
Nonce: Contains g, p, g^x mod p, where 'x' is the exponent chosen by
the sender. Nonce: 1 16 octet random nonce.
6.2 Join Response 6.2 Join Response
The Join Response is sent by the AC to indicate to an WTP whether it The Join Response is sent by the AC to indicate to an WTP whether it
is capable and willing to provide service to it. is capable and willing to provide service to it.
Join Responses are sent by the AC after receiving a Join Request. Join Responses are sent by the AC after receiving a Join Request.
Once the Join Response has been sent, the heartbeat timer is Once the Join Response has been sent, the heartbeat timer is
initiated for the session to EchoInterval. Expiration of the timer initiated for the session to EchoInterval. Expiration of the timer
will result in deletion of the AC-WTP session. The timer is will result in deletion of the AC-WTP session. The timer is
skipping to change at page 43, line 4 skipping to change at page 45, line 41
sequence number in the message. The Result Code is included in a sequence number in the message. The Result Code is included in a
successful Join Response. successful Join Response.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Result Code | | Result Code |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 2 for Result Code Type: 2 for Result Code
Length: 4 Length: 4
Result Code: The following values are defined: Result Code: The following values are defined:
0 Success 0 Success
1 Failure (AC List message element MUST be present) 1 Failure (AC List message element MUST be present)
6.2.2 Status 6.2.2 Status
The Status message element is sent by the AC to the WTP in a The Status message element is sent by the AC to the WTP in a non-
non-successful Join Response message. This message element is used successful Join Response message. This message element is used to
to indicate the reason for the failure and should only be accompanied indicate the reason for the failure and should only be accompanied
with a Result Code message element that indicates a failure. with a Result Code message element that indicates a failure.
0 0
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
| Status | | Status |
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
Type: 60 for Status Type: 60 for Status
Length: 1 Length: 1
Status: The status field indicates the reason for an LWAPP failure. Status: The status field indicates the reason for an LWAPP failure.
The following values are supported: The following values are supported:
1 - Reserved - do not use 1 - Reserved - do not use
2 - Resource Depletion 2 - Resource Depletion
3 - Unknown Source 3 - Unknown Source
4 - Incorrect Data 4 - Incorrect Data
6.2.3 Certificate 6.2.3 Certificate
The Certificate message element is defined in section Section 6.1.6. The Certificate message element is defined in section Section 6.1.6.
Note this message element is only included if the WTP and the AC make Note this message element is only included if the WTP and the AC make
use of certificate based security as defined in section Section 10. use of certificate based security as defined in section Section 10.
6.2.4 Session Key 6.2.4 WTP Manager Data IPv4 Address
The Session Key message element is sent by the AC to the WTP and The WTP Manager Data IPv4 Address message element is optionally sent
includes the randomly generated session key, which is used to protect by the AC to the WTP during the join phase. If present, the IP
the LWAPP control messages. More details are available in Address contained in this message element is the address the WTP is
Section 10. The value contains the following fields. to use when sending any of its LWAPP data frames.
Note this message element is only valid when LWAPP uses the IP/UDP
layer 3 transport
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Security | Session Key .... | IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 46 for Session Key
Length: > 1
Security: The LWAPP security model used. The following values are
supported:
0 - Unused
1 - X.509 Certificate Based (Section 10.3.1)
2 - Pre-Shared Secret (Section 10.3.2)
Session Key: An Encrypted Session Key. The encryption procedures
used for this field depends upon the security model used, which
are defined in section Section 10.
6.2.5 WTP Manager Data IP Address Type: 143 for WTP Manager Data IPv4 Address
The WTP Manager Data IP Address message element is optionally sent by Length: 4
the AC to the WTP during the join phase. If present, the IP Address
contained in this message element is the address the WTP is to use IP Address: The IP Address of an interface.
when sending any of its LWAPP data frames.
6.2.5 WTP Manager Data IPv6 Address
The WTP Manager Data IPv6 Address message element is optionally sent
by the AC to the WTP during the join phase. If present, the IP
Address contained in this message element is the address the WTP is
to use when sending any of its LWAPP data frames.
Note this message element is only valid when LWAPP uses the IP/UDP Note this message element is only valid when LWAPP uses the IP/UDP
layer 3 transport layer 3 transport
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address | | IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 139 for WTP Manager Data IPv6 Address
Length: 16
Type: TBD for WTP Manager Data IP Address
Length: 4
IP Address: The IP Address of an interface. IP Address: The IP Address of an interface.
6.2.6 AC List 6.2.6 AC IPv4 List
The AC List message element is used to configure an WTP with the The AC List message element is used to configure an WTP with the
latest list of ACs in a cluster. This message element MUST be latest list of ACs in a cluster. This message element MUST be
included if the Join Response returns a failure indicating that the included if the Join Response returns a failure indicating that the
AC cannot handle the WTP at this time, allowing the WTP to find an AC cannot handle the WTP at this time, allowing the WTP to find an
alternate AC to connect to. alternate AC to connect to.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 45, line 4 skipping to change at page 48, line 11
latest list of ACs in a cluster. This message element MUST be latest list of ACs in a cluster. This message element MUST be
included if the Join Response returns a failure indicating that the included if the Join Response returns a failure indicating that the
AC cannot handle the WTP at this time, allowing the WTP to find an AC cannot handle the WTP at this time, allowing the WTP to find an
alternate AC to connect to. alternate AC to connect to.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| AC IP Address[] | | AC IP Address[] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 59 for AC List Type: 59 for AC List
Length: >= 4 Length: >= 4
AC IP Address: An array of 32-bit integers containing an AC's IP
AC IP Address: An array of 32-bit integers containing an AC's IPv4
Address. Address.
6.2.7 ANonce 6.2.7 AC IPv6 List
The anonce message element is sent by a AC that is configured to make The AC List message element is used to configure an WTP with the
use of the pre-shared key security method. See Section 10.3.2 for latest list of ACs in a cluster. This message element MUST be
more information. included if the Join Response returns a failure indicating that the
AC cannot handle the WTP at this time, allowing the WTP to find an
alternate AC to connect to.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| AC IP Address[] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| AC IP Address[] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| AC IP Address[] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| AC IP Address[] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 141 for AC List
Length: >= 16
AC IP Address: An array of 32-bit integers containing an AC's IPv6
Address.
6.2.8 ANonce
The ANonce message element is sent by a AC during the join or rekey
phase. The contents of the ANonce are encrypted as described in
section Section 10 for more information.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Nonce | | Nonce |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Nonce | | Nonce |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Nonce | | Nonce |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Nonce | | Nonce |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 108 for Test Type: 108 for ANonce
Length: 16 Length: 16
Nonce: A 16 octet random nonce.
6.2.8 PSK-MIC Nonce: An encrypted 16 octet random nonce.
6.2.9 PSK-MIC
The PSK-MIC message element includes a message integrity check, whose The PSK-MIC message element includes a message integrity check, whose
purpose is to provide confirmation to the peer that the sender has purpose is to provide confirmation to the peer that the sender has
the proper session key. This message element is only included if the the proper session key. This message element is only included if the
security method used between the WTP and the AC is the pre-shared security method used between the WTP and the AC is the pre-shared
secret mechanism. See Section 10.3.2 for more information. secret mechanism. See Section 10 for more information.
When present, the PSK-MIC message element MUST be the last message When present, the PSK-MIC message element MUST be the last message
element in the message. The MIC is computed over the complete LWAPP element in the message. The MIC is computed over the complete LWAPP
packet, from the LWAPP control header as defined in Section 4.2.1 to packet, from the LWAPP control header as defined in Section 4.2.1 to
the end of the packet (which MUST be this PSK-MIC message element). the end of the packet (which MUST be this PSK-MIC message element).
The MIC field in this message element and the sequence number field The MIC field in this message element and the sequence number field
in the LWAPP control header MUST be set to zeroes prior to computing in the LWAPP control header MUST be set to zeroes prior to computing
the MIC. The length field in the LWAPP control header must already the MIC. The length field in the LWAPP control header must already
include this message element prior to computing the MIC. include this message element prior to computing the MIC.
skipping to change at page 46, line 4 skipping to change at page 49, line 45
the end of the packet (which MUST be this PSK-MIC message element). the end of the packet (which MUST be this PSK-MIC message element).
The MIC field in this message element and the sequence number field The MIC field in this message element and the sequence number field
in the LWAPP control header MUST be set to zeroes prior to computing in the LWAPP control header MUST be set to zeroes prior to computing
the MIC. The length field in the LWAPP control header must already the MIC. The length field in the LWAPP control header must already
include this message element prior to computing the MIC. include this message element prior to computing the MIC.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SPI | MIC ... | SPI | MIC ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 109 for PSK-MIC Type: 109 for PSK-MIC
Length: > 1 Length: > 1
SPI: The SPI field specifies the cryptographic algorithm used to SPI: The SPI field specifies the cryptographic algorithm used to
create the message integrity check. The following values are create the message integrity check. The following values are
supported: supported:
0 - Unused 0 - Unused
1 - HMAC-SHA-1 (RFC 2104 [14])
MIC: A 20 octet Message Integrity Check.
6.2.9 DH-Params 1 - HMAC-SHA-1 (RFC 2104 [17])
The Certificate message element is defined in section Section 6.1.10. 1 - AES-CMAC ([13])
Note this message element is only included if the WTP and the AC make
use of pre-shared key based security as defined in section MIC: A 20 octet Message Integrity Check.
Section 10.3.2.
6.3 Join ACK 6.3 Join ACK
The Join ACK message is sent by the WTP upon receiving a Join The Join ACK message is sent by the WTP upon receiving a Join
Response, which has a valid PSK-MIC message element, as a means of Response, which has a valid PSK-MIC message element, as a means of
providing key confirmation to the AC. The Join ACK is only used in providing key confirmation to the AC. The Join ACK is only used in
the case where the WTP makes use of the pre-shared key LWAPP mode the case where the WTP makes use of the pre-shared key LWAPP mode
(See Section 10.3.2 for more information). (See Section 10 for more information).
Note that the AC should never receive this message unless the Note that the AC should never receive this message unless the
security method used between the WTP and the AC is pre-shared secret security method used between the WTP and the AC is pre-shared secret
based. based.
The following subsections define the message elements that MUST be The following subsections define the message elements that MUST be
included in this LWAPP operation. included in this LWAPP operation.
6.3.1 Session ID 6.3.1 Session ID
The Session ID message element is defined in section Section 6.1.7. The Session ID message element is defined in section Section 6.1.7.
6.3.2 WNonce 6.3.2 WNonce
The WNonce message element is defined in section Section 6.1.9. The WNonce message element is sent by a WTP during the join or rekey
phase. The contents of the ANonce are encrypted as described in
section Section 10 for more information.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Nonce |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Nonce |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Nonce |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Nonce |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 107 for WNonce
Length: 16
Nonce: An encrypted 16 octet random nonce.
6.3.3 PSK-MIC 6.3.3 PSK-MIC
The PSK-MIC message element is defined in section Section 6.2.8. The PSK-MIC message element is defined in section Section 6.2.9.
6.4 Join Confirm 6.4 Join Confirm
The Join Confirm message is sent by the AC upon receiving a Join ACK, The Join Confirm message is sent by the AC upon receiving a Join ACK,
which has a valid PSK-MIC message element, as a means of providing which has a valid PSK-MIC message element, as a means of providing
key confirmation to the WTP. The Join Confirm is only used in the key confirmation to the WTP. The Join Confirm is only used in the
case where the WTP makes use of the pre-shared key LWAPP mode (See case where the WTP makes use of the pre-shared key LWAPP mode (See
Section 10.3.2 for more information). Section 10 for more information).
If the security method used is pre-shared key based, when an WTP If the security method used is pre-shared key based, when an WTP
receives a Join Confirm it enters the Joined state and initiates receives a Join Confirm it enters the Joined state and initiates
either a Configure Request or Image Data to the AC to which it is now either a Configure Request or Image Data to the AC to which it is now
joined. Upon entering the Joined state, the WTP begins timing an joined. Upon entering the Joined state, the WTP begins timing an
interval equal to NeighborDeadInterval. Expiration of the timer will interval equal to NeighborDeadInterval. Expiration of the timer will
result in the transmission of the Echo Request. result in the transmission of the Echo Request.
This message is never received, or sent, when the security type used This message is never received, or sent, when the security type used
between the WTP and the AC is certificated based. between the WTP and the AC is certificated based.
The following subsections define the message elements that MUST be The following subsections define the message elements that MUST be
included in this LWAPP operation. included in this LWAPP operation.
6.4.1 Session ID 6.4.1 Session ID
The Session ID message element is defined in section Section 6.1.7. The Session ID message element is defined in section Section 6.1.7.
6.4.2 ANonce 6.4.2 PSK-MIC
The ANonce message element is defined in section Section 6.2.7.
6.4.3 PSK-MIC
The PSK-MIC message element is defined in section Section 6.2.8. The PSK-MIC message element is defined in section Section 6.2.9.
6.5 Echo Request 6.5 Echo Request
The Echo Request message is a keepalive mechanism for the LWAPP The Echo Request message is a keepalive mechanism for the LWAPP
control message. control message.
Echo Requests are sent periodically by an WTP in the Run state (see Echo Requests are sent periodically by an WTP in the Run state (see
Figure 2) to determine the state of the connection between the WTP Figure 2) to determine the state of the connection between the WTP
and the AC. The Echo Request is sent by the WTP when the Heartbeat and the AC. The Echo Request is sent by the WTP when the Heartbeat
timer expires, and it MUST start its NeighborDeadInterval timer. timer expires, and it MUST start its NeighborDeadInterval timer.
skipping to change at page 48, line 23 skipping to change at page 52, line 46
When an WTP receives an Echo Response it stops the When an WTP receives an Echo Response it stops the
NeighborDeadInterval timer, and starts the Heartbeat timer to NeighborDeadInterval timer, and starts the Heartbeat timer to
EchoInterval. EchoInterval.
If the NeighborDeadInterval timer expires prior to receiving an Echo If the NeighborDeadInterval timer expires prior to receiving an Echo
Response, the WTP enters the Idle state. Response, the WTP enters the Idle state.
6.7 Key Update Request 6.7 Key Update Request
The Key Update Request updates the LWAPP session key used to secure The Key Update Request is used by the WTP to initiate the rekeying
messages between the WTP and the AC. phase. This message is sent by a WTP when in the Run state and MUST
include a new unique Session Identifier. This message MUST also
Key Update Requests are sent by an WTP in the Run state to update a include a unique Nonce in the XNonce message element, which is used
session key. The Session ID message element MUST include a new to protect against replay attacks (see Section 10).
session identifier.
When an AC receives a Key Update Request it generates a new key (see
Section 10) and responds with a Key Update Response.
The following subsections define the message elements that MUST be The following subsections define the message elements that MUST be
included in this LWAPP operation. included in this LWAPP operation.
6.7.1 Session ID 6.7.1 Session ID
The Session ID message element is defined in section Section 6.1.7. The Session ID message element is defined in section Section 6.1.7.
6.7.2 XNonce
The XNonce message element is defined in section Section 6.1.9.
6.8 Key Update Response 6.8 Key Update Response
The Key Update Response updates the LWAPP session key used to secure The Key Update Response is sent by the AC in response to the request
messages between the WTP and the AC, and acknowledges the Key Update message, and includes an encrypted ANonce, which is used to derive
Request. new session keys. This message MUST include a Session Identifier
message element, whose value MUST be identical to the one found in
the Key Update Request.
Key Update Responses are sent by a AC after receiving a Key Update The AC MUST include a PSK-MIC message element, which provides message
Request. The Key Update Responses is secured using public key integrity over the whole message.
cryptography when certificates were used in the Join Request/Response
exchange. However, the session keys are AES Key-wrapped when the AC
and WTP invoked PSK-mode to establish the first session key.
When an WTP receives a Key Update Response it will use the The following subsections define the message elements that MUST be
information contained in the Session Key message element to determine included in this LWAPP operation.
the keying material used to encrypt the LWAPP communications between
the WTP and the AC. 6.8.1 Session ID
The Session ID message element is defined in section Section 6.1.7.
6.8.2 ANonce
The ANonce message element is defined in section Section 6.2.8.
6.8.3 PSK-MIC
The PSK-MIC message element is defined in section Section 6.2.9.
6.9 Key Update ACK
The Key Update ACK is sent by the WTP and includes an encryption
version of the WTP's Nonce, which is used in the key derivation
process. The session keys derived are then used as new LWAPP control
message encryption keys (see Section 10).
The WTP MUST include a PSK-MIC message element, which provides
message integrity over the whole message.
The following subsections define the message elements that MUST be The following subsections define the message elements that MUST be
included in this LWAPP operation. included in this LWAPP operation.
6.8.1 Session Key 6.9.1 WNonce
The Session Key message element is defined in section Section 6.2.4. The WNonce message element is defined in section Section 6.3.2.
6.9 Key Update Trigger 6.9.2 PSK-MIC
The PSK-MIC message element is defined in section Section 6.2.9.
6.10 Key Update Confirm
The Key Update Confirm closes the rekeying loop, and allows the WTP
to recognize that the AC has received and processed the key update
messages. At this point, the WTP updates its session key in its
crypto engine, and the associated Initialization Vector, ensuring
that all future LWAPP control frames are encrypted with the newly
derived encryption key.
The WTP MUST include a PSK-MIC message element, which provides
message integrity over the whole message.
The following subsections define the message elements that MUST be
included in this LWAPP operation.
6.10.1 PSK-MIC
The PSK-MIC message element is defined in section Section 6.2.9.
6.11 Key Update Trigger
The Key Update Trigger is used by the AC to request that a Key Update The Key Update Trigger is used by the AC to request that a Key Update
Request be initiated by the WTP. Request be initiated by the WTP.
Key Update Trigger are sent by an AC in the Run state to inform the Key Update Trigger are sent by an AC in the Run state to inform the
WTP to initiate a Key Update Request message. WTP to initiate a Key Update Request message.
When a WTP receives a Key Update Trigger it generates a key Update When a WTP receives a Key Update Trigger it generates a key Update
Request. Request.
The following subsections define the message elements that MUST be The following subsections define the message elements that MUST be
included in this LWAPP operation. included in this LWAPP operation.
6.9.1 Session ID 6.11.1 Session ID
The Session ID message element is defined in section Section 6.1.7. The Session ID message element is defined in section Section 6.1.7.
7. WTP Configuration Management 7. WTP Configuration Management
The Wireless Termination Point Configuration messages are used to The Wireless Termination Point Configuration messages are used to
exchange configuration between the AC and the WTP. exchange configuration between the AC and the WTP.
7.1 Configure Request 7.1 Configuration Consistency
The LWAPP protocol provides flexibility in how WTP configuration is
managed. To put it simply, a WTP has one of two options:
1. WTP retain no configuration and simply abides by the configuration
provided by the AC.
2. WTP retain the configuration of parameters provided by the AC that
are non-default values.
If the WTP opts to save configuration locally, the LWAPP protocol
state machine defines the "configure" state, which is used during the
initial binding WTP-AC phase, which allows for configuration
exchange. During this period, the WTP sends its current
configuration overrides to the AC via the COnfigure Request message.
A configuration override is a parameter that is non-default. One
example is that in the LWAPP protocol the default antenna
configuration is internal omni antenna. However, a WTP that either
has no internal antennas, or has been explicitely configured by the
AC to use external antennas, would send its antenna configuration
during the configure phase, allowing the AC to become aware of the
WTP's current configuration.
Once the WTP has provided its configuration to the AC, the AC sends
down its own configuration. This allows the WTP to inherit the
configuration and policies on the AC.
An LWAPP AC maintains a copy of each active WTP's configuration.
There is no need for versioning or other means to identify
configuration changes. If a WTP becomes inactive, the AC MAY delete
the configuration associated with it. If a WTP were to fail, and
connect to a new AC, it would provide its overriden configuration
parameters, allowing the new AC to be aware of the WTP's
configuration.
As a consequence, this model allows for relisiency, whereby in light
of an AC failure, another AC could provide service to the WTP. In
this scenario, the new AC would be automatically updated on any
possible WTP configuration changes - eliminating the need for
inter-AC communication or the need for all ACs to be aware of the
configuration of all WTPs in the network.
Once the LWAPP protocol enters the Run state, the WTPs begin to
provide service. However, it is quite common for administrators to
require that configuration changes be made while the network is
operational. Therefore, the Configuration Update Request is sent by
the AC to the WTP in order to make these changes at run-time.
7.2 Configure Request
The Configure Request message is sent by an WTP to send its current The Configure Request message is sent by an WTP to send its current
configuration to its AC. configuration to its AC.
Configure Requests are sent by an WTP after receiving a Join Configure Requests are sent by an WTP after receiving a Join
Response, while in the Configure state. Response, while in the Configure state.
The Configure Request carries binding specific message elements. The Configure Request carries binding specific message elements.
Refer to the appropriate binding for the definition of this Refer to the appropriate binding for the definition of this
structure. structure.
skipping to change at page 50, line 32 skipping to change at page 56, line 33
When an AC receives a Configure Request it will act upon the content When an AC receives a Configure Request it will act upon the content
of the packet and respond to the WTP with a Configure Response. of the packet and respond to the WTP with a Configure Response.
The Configure Request includes multiple Administrative State message The Configure Request includes multiple Administrative State message
Elements. There is one such message element for the WTP, and then Elements. There is one such message element for the WTP, and then
one per radio in the WTP. one per radio in the WTP.
The following subsections define the message elements that MUST be The following subsections define the message elements that MUST be
included in this LWAPP operation. included in this LWAPP operation.
7.1.1 Administrative State 7.2.1 Administrative State
The administrative event message element is used to communicate the The administrative event message element is used to communicate the
state of a particular radio. The value contains the following state of a particular radio. The value contains the following
fields. fields.
0 1 0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | Admin State | | Radio ID | Admin State |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 50, line 45 skipping to change at page 56, line 46
state of a particular radio. The value contains the following state of a particular radio. The value contains the following
fields. fields.
0 1 0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | Admin State | | Radio ID | Admin State |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 27 for Administrative State Type: 27 for Administrative State
Length: 2 Length: 2
Radio ID: An 8-bit value representing the radio to configure. The Radio ID: An 8-bit value representing the radio to configure. The
Radio ID field may also include the value of 0xff, which is used Radio ID field may also include the value of 0xff, which is used
to identify the WTP itself. Therefore, if an AC wishes to change to identify the WTP itself. Therefore, if an AC wishes to change
the administrative state of an WTP, it would include 0xff in the the administrative state of an WTP, it would include 0xff in the
Radio ID field. Radio ID field.
Admin State: An 8-bit value representing the administrative state of Admin State: An 8-bit value representing the administrative state of
the radio. The following values are supported: the radio. The following values are supported:
1 - Enabled 1 - Enabled
2 - Disabled 2 - Disabled
7.1.2 AC Name 7.2.2 AC Name
The AC Name message element is defined in section Section 5.2.3. The AC Name message element is defined in section Section 5.2.3.
7.1.3 AC Name with Index 7.2.3 AC Name with Index
The AC Name with Index message element is sent by the AC to the WTP The AC Name with Index message element is sent by the AC to the WTP
to configure preferred ACs. The number of instances where this to configure preferred ACs. The number of instances where this
message element would be present is equal to the number of ACs message element would be present is equal to the number of ACs
configured on the WTP. configured on the WTP.
0 1 0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Index | AC Name... | Index | AC Name...
skipping to change at page 51, line 28 skipping to change at page 57, line 31
message element would be present is equal to the number of ACs message element would be present is equal to the number of ACs
configured on the WTP. configured on the WTP.
0 1 0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Index | AC Name... | Index | AC Name...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 90 for AC Name with Index Type: 90 for AC Name with Index
Length: 5 Length: 5
Index: The index of the preferred server (e.g., 1=primary, Index: The index of the preferred server (e.g., 1=primary,
2=secondary). 2=secondary).
AC Name: A variable length ASCII string containing the AC's name. AC Name: A variable length ASCII string containing the AC's name.
7.1.4 WTP Board Data 7.2.4 WTP Board Data
The WTP Board Data message element is sent by the WTP to the AC and The WTP Board Data message element is sent by the WTP to the AC and
contains information about the hardware present. contains information about the hardware present.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Card ID | Card Revision | | Card ID | Card Revision |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| WTP Model | | WTP Model |
skipping to change at page 52, line 8 skipping to change at page 58, line 24
| WTP Serial Number ... | | WTP Serial Number ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved | | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Ethernet MAC Address | | Ethernet MAC Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Ethernet MAC Address | | Ethernet MAC Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 50 for WTP Board Data Type: 50 for WTP Board Data
Length: 26 Length: 26
Card ID: A hardware identifier. Card ID: A hardware identifier.
Card Revision: 4 byte Revision of the card. Card Revision: 4 byte Revision of the card.
WTP Model: 8 byte WTP Model Number. WTP Model: 8 byte WTP Model Number.
WTP Serial Number: 24 byte WTP Serial Number. WTP Serial Number: 24 byte WTP Serial Number.
Reserved: A 4 byte reserved field that MUST be set to zero (0). Reserved: A 4 byte reserved field that MUST be set to zero (0).
Ethernet MAC Address: MAC Address of the WTP's Ethernet interface. Ethernet MAC Address: MAC Address of the WTP's Ethernet interface.
7.1.5 Statistics Timer 7.2.5 Statistics Timer
The statistics timer message element value is used by the AC to The statistics timer message element value is used by the AC to
inform the WTP of the frequency which it expects to receive updated inform the WTP of the frequency which it expects to receive updated
statistics. statistics.
0 1 0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Statistics Timer | | Statistics Timer |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 52, line 27 skipping to change at page 59, line 4
The statistics timer message element value is used by the AC to The statistics timer message element value is used by the AC to
inform the WTP of the frequency which it expects to receive updated inform the WTP of the frequency which it expects to receive updated
statistics. statistics.
0 1 0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Statistics Timer | | Statistics Timer |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 37 for Statistics Timer Type: 37 for Statistics Timer
Length: 2 Length: 2
Statistics Timer: A 16-bit unsigned integer indicating the time, in Statistics Timer: A 16-bit unsigned integer indicating the time, in
seconds seconds
7.1.6 WTP Static IP Address Information 7.2.6 WTP Static IP Address Information
The WTP Static IP Address Information message element is used by an The WTP Static IP Address Information message element is used by an
AC to configure or clear a previously configured static IP address on AC to configure or clear a previously configured static IP address on
an WTP. an WTP.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address | | IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 53, line 4 skipping to change at page 59, line 28
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address | | IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Netmask | | Netmask |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Gateway | | Gateway |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Static | | Static |
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
Type: 82 for WTP Static IP Address Information Type: 82 for WTP Static IP Address Information
Length: 13 Length: 13
IP Address: The IP Address to assign to the WTP. IP Address: The IP Address to assign to the WTP.
Netmask: The IP Netmask. Netmask: The IP Netmask.
Gateway: The IP address of the gateway. Gateway: The IP address of the gateway.
Netmask: The IP Netmask. Netmask: The IP Netmask.
Static: An 8-bit boolean stating whether the WTP should use a static Static: An 8-bit boolean stating whether the WTP should use a static
IP address or not. A value of zero disables the static IP IP address or not. A value of zero disables the static IP
address, while a value of one enables it. address, while a value of one enables it.
7.1.7 WTP Reboot Statistics 7.2.7 WTP Reboot Statistics
The WTP Reboot Statistics message element is sent by the WTP to the The WTP Reboot Statistics message element is sent by the WTP to the
AC to communicate information about reasons why reboots have AC to communicate information about reasons why reboots have
occurred. occurred.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Crash Count | LWAPP Initiated Count | | Crash Count | LWAPP Initiated Count |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 53, line 29 skipping to change at page 60, line 14
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Crash Count | LWAPP Initiated Count | | Crash Count | LWAPP Initiated Count |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Link Failure Count | Failure Type | | Link Failure Count | Failure Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 67 for WTP Reboot Statistics Type: 67 for WTP Reboot Statistics
Length: 7 Length: 7
Crash Count: The number of reboots that have occurred due to an WTP Crash Count: The number of reboots that have occurred due to an WTP
crash. crash.
LWAPP Initiated Count: The number of reboots that have occured at LWAPP Initiated Count: The number of reboots that have occured at
the request of some LWAPP message, such as a change in the request of some LWAPP message, such as a change in
configuration that required a reboot or an explicit LWAPP reset configuration that required a reboot or an explicit LWAPP reset
request. request.
Link Failure Count: The number of times that an LWAPP connection Link Failure Count: The number of times that an LWAPP connection
with an AC has failed. with an AC has failed.
Failure Type: The last WTP failure. The following values are Failure Type: The last WTP failure. The following values are
supported: supported:
0 - Link Failure 0 - Link Failure
1 - LWAPP Initiated 1 - LWAPP Initiated
2 - WTP Crash 2 - WTP Crash
7.2 Configure Response 7.3 Configure Response
The Configure Response message is sent by an AC and provides an The Configure Response message is sent by an AC and provides an
opportunity for the AC to override an WTP's requested configuration. opportunity for the AC to override an WTP's requested configuration.
Configure Responses are sent by an AC after receiving a Configure Configure Responses are sent by an AC after receiving a Configure
Request. Request.
The Configure Response carries binding specific message elements. The Configure Response carries binding specific message elements.
Refer to the appropriate binding for the definition of this Refer to the appropriate binding for the definition of this
structure. structure.
skipping to change at page 54, line 19 skipping to change at page 61, line 11
When an WTP receives a Configure Response it acts upon the content of When an WTP receives a Configure Response it acts upon the content of
the packet, as appropriate. If the Configure Response message the packet, as appropriate. If the Configure Response message
includes a Change State Event message element that causes a change in includes a Change State Event message element that causes a change in
the operational state of one of the Radio, the WTP will transmit a the operational state of one of the Radio, the WTP will transmit a
Change State Event to the AC, as an acknowledgement of the change in Change State Event to the AC, as an acknowledgement of the change in
state. state.
The following subsections define the message elements that MUST be The following subsections define the message elements that MUST be
included in this LWAPP operation. included in this LWAPP operation.
7.2.1 Decryption Error Report Period 7.3.1 Decryption Error Report Period
The Decryption Error Report Period message element value is used by The Decryption Error Report Period message element value is used by
the AC to inform the WTP how frequently it should send decryption the AC to inform the WTP how frequently it should send decryption
error report messages. error report messages.
0 1 2 0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | Report Interval | | Radio ID | Report Interval |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 54, line 32 skipping to change at page 61, line 24
the AC to inform the WTP how frequently it should send decryption the AC to inform the WTP how frequently it should send decryption
error report messages. error report messages.
0 1 2 0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | Report Interval | | Radio ID | Report Interval |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 38 for Decryption Error Report Period Type: 38 for Decryption Error Report Period
Length: 3 Length: 3
Radio ID: The Radio Identifier, typically refers to some interface Radio ID: The Radio Identifier, typically refers to some interface
index on the WTP index on the WTP
Report Interval: A 16-bit unsigned integer indicating the time, in Report Interval: A 16-bit unsigned integer indicating the time, in
seconds seconds
7.2.2 Change State Event 7.3.2 Change State Event
The WTP radios information message element is used to communicate the The WTP radios information message element is used to communicate the
operational state of a radio. The value contains two fields, as operational state of a radio. The value contains two fields, as
shown. shown.
0 1 0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | State | Cause | | Radio ID | State | Cause |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 55, line 4 skipping to change at page 61, line 44
The WTP radios information message element is used to communicate the The WTP radios information message element is used to communicate the
operational state of a radio. The value contains two fields, as operational state of a radio. The value contains two fields, as
shown. shown.
0 1 0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | State | Cause | | Radio ID | State | Cause |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 26 for Change State Event Type: 26 for Change State Event
Length: 3 Length: 3
Radio ID: The Radio Identifier, typically refers to some interface Radio ID: The Radio Identifier, typically refers to some interface
index on the WTP. index on the WTP.
State: An 8-bit boolean value representing the state of the radio. State: An 8-bit boolean value representing the state of the radio.
A value of one disables the radio, while a value of two enables A value of one disables the radio, while a value of two enables
it. it.
Cause: In the event of a radio being inoperable, the cause field Cause: In the event of a radio being inoperable, the cause field
would contain the reason the radio is out of service. would contain the reason the radio is out of service.
Cause: In the event of a radio being inoperable, the cause field Cause: In the event of a radio being inoperable, the cause field
would contain the reason the radio is out of service. The would contain the reason the radio is out of service. The
following values are supported: following values are supported:
0 - Normal 0 - Normal
1 - Radio Failure 1 - Radio Failure
2 - Software Failure 2 - Software Failure
7.2.3 LWAPP Timers 7.3.3 LWAPP Timers
The LWAPP Timers message element is used by an AC to configure LWAPP The LWAPP Timers message element is used by an AC to configure LWAPP
timers on an WTP. timers on an WTP.
0 1 0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Discovery | Echo Request | | Discovery | Echo Request |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 55, line 32 skipping to change at page 62, line 36
The LWAPP Timers message element is used by an AC to configure LWAPP The LWAPP Timers message element is used by an AC to configure LWAPP
timers on an WTP. timers on an WTP.
0 1 0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Discovery | Echo Request | | Discovery | Echo Request |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 68 for LWAPP Timers Type: 68 for LWAPP Timers
Length: 2 Length: 2
Discovery: The number of seconds between LWAPP Discovery packets, Discovery: The number of seconds between LWAPP Discovery packets,
when the WTP is in the discovery mode. when the WTP is in the discovery mode.
Echo Request: The number of seconds between WTP Echo Request LWAPP Echo Request: The number of seconds between WTP Echo Request LWAPP
messages. messages.
7.2.4 AC List 7.3.4 AC IPv4 List
The AC List message element is defined in section Section 6.2.6. The AC List message element is defined in section Section 6.2.6.
7.2.5 WTP Fallback 7.3.5 AC IPv6 List
The AC List message element is defined in section Section 6.2.7.
7.3.6 WTP Fallback
The WTP Fallback message element is sent by the AC to the WTP to The WTP Fallback message element is sent by the AC to the WTP to
enable or disable automatic LWAPP fallback in the event that an WTP enable or disable automatic LWAPP fallback in the event that an WTP
detects its preferred AC, and is not currently connected to it. detects its preferred AC, and is not currently connected to it.
0 0
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
| Mode | | Mode |
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
skipping to change at page 56, line 7 skipping to change at page 63, line 22
enable or disable automatic LWAPP fallback in the event that an WTP enable or disable automatic LWAPP fallback in the event that an WTP
detects its preferred AC, and is not currently connected to it. detects its preferred AC, and is not currently connected to it.
0 0
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
| Mode | | Mode |
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
Type: 91 for WTP Fallback Type: 91 for WTP Fallback
Length: 1 Length: 1
Mode: The 8-bit boolean value indicates the status of automatic Mode: The 8-bit boolean value indicates the status of automatic
LWAPP fallback on the WTP. A value of zero disables the fallback LWAPP fallback on the WTP. A value of zero disables the fallback
feature, while a value of one enables it. When enabled, if the feature, while a value of one enables it. When enabled, if the
WTP detects that its primary AC is available, and it is not WTP detects that its primary AC is available, and it is not
connected to it, it SHOULD automatically disconnect from its connected to it, it SHOULD automatically disconnect from its
current AC and reconnect to its primary. If disabled, the WTP current AC and reconnect to its primary. If disabled, the WTP
will only reconnect to its primary through manual intervention will only reconnect to its primary through manual intervention
(e.g., through the Reset Request command). (e.g., through the Reset Request command).
7.2.6 Idle Timeout 7.3.7 Idle Timeout
The Idle Timeout message element is sent by the AC to the WTP to The Idle Timeout message element is sent by the AC to the WTP to
provide it with the idle timeout that it should enforce on its active provide it with the idle timeout that it should enforce on its active
mobile station entries. mobile station entries.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Timeout | | Timeout |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 56, line 30 skipping to change at page 63, line 47
provide it with the idle timeout that it should enforce on its active provide it with the idle timeout that it should enforce on its active
mobile station entries. mobile station entries.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Timeout | | Timeout |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 97 for Idle Timeout Type: 97 for Idle Timeout
Length: 4 Length: 4
Timeout: The current idle timeout to be enforced by the WTP. Timeout: The current idle timeout to be enforced by the WTP.
7.3 Configuration Update Request 7.4 Configuration Update Request
Configure Update Requests are sent by the AC to provision the WTP Configure Update Requests are sent by the AC to provision the WTP
while in the Run state. This is used to modify the configuration of while in the Run state. This is used to modify the configuration of
the WTP while it is operational. the WTP while it is operational.
When an AC receives a Configuration Update Request it will respond When an AC receives a Configuration Update Request it will respond
with a Configuration Update Response, with the appropriate Result with a Configuration Update Response, with the appropriate Result
Code. Code.
The following subsections define the message elements introduced by The following subsections define the message elements introduced by
this LWAPP operation. this LWAPP operation.
7.3.1 WTP Name 7.4.1 WTP Name
The WTP Name message element is defined in section Section 6.1.3. The WTP Name message element is defined in section Section 6.1.3.
7.3.2 Change State Event 7.4.2 Change State Event
The Change State Event message element is defined in section The Change State Event message element is defined in section
Section 7.2.2. Section 7.3.2.
7.3.3 Administrative State 7.4.3 Administrative State
The Administrative State message element is defined in section The Administrative State message element is defined in section
Section 7.1.1. Section 7.2.1.
7.3.4 Statistics Timer 7.4.4 Statistics Timer
The Statistics Timer message element is defined in section The Statistics Timer message element is defined in section
Section 7.1.5. Section 7.2.5.
7.3.5 Location Data 7.4.5 Location Data
The Location Data message element is defined in section The Location Data message element is defined in section
Section 6.1.4. Section 6.1.4.
7.3.6 Decryption Error Report Period 7.4.6 Decryption Error Report Period
The Decryption Error Report Period message element is defined in The Decryption Error Report Period message element is defined in
section Section 7.2.1. section Section 7.3.1.
7.3.7 AC List 7.4.7 AC IPv4 List
The AC List message element is defined in section Section 6.2.6. The AC List message element is defined in section Section 6.2.6.
7.3.8 Add Blacklist Entry 7.4.8 AC IPv6 List
The AC List message element is defined in section Section 6.2.7.
7.4.9 Add Blacklist Entry
The Add Blacklist Entry message element is used by an AC to add a The Add Blacklist Entry message element is used by an AC to add a
blacklist entry on an WTP, ensuring that the WTP no longer provides blacklist entry on an WTP, ensuring that the WTP no longer provides
any service to the MAC addresses provided in the message. The MAC any service to the MAC addresses provided in the message. The MAC
Addresses provided in this message element are not expected to be Addresses provided in this message element are not expected to be
saved in non-volative memory on the WTP. saved in non-volative memory on the WTP.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 58, line 4 skipping to change at page 65, line 24
Addresses provided in this message element are not expected to be Addresses provided in this message element are not expected to be
saved in non-volative memory on the WTP. saved in non-volative memory on the WTP.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Num of Entries| MAC Address[] | | Num of Entries| MAC Address[] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MAC Address[] | | MAC Address[] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 65 for Add Blacklist Entry Type: 65 for Add Blacklist Entry
Length: >= 7 Length: >= 7
Num of Entries: The number of MAC Addresses in the array. Num of Entries: The number of MAC Addresses in the array.
MAC Address: An array of MAC Addresses to add to the blacklist MAC Address: An array of MAC Addresses to add to the blacklist
entry. entry.
7.3.9 Delete Blacklist Entry 7.4.10 Delete Blacklist Entry
The Delete Blacklist Entry message element is used by an AC to delete The Delete Blacklist Entry message element is used by an AC to delete
a previously added blacklist entry on an WTP, ensuring that the WTP a previously added blacklist entry on an WTP, ensuring that the WTP
provides service to the MAC addresses provided in the message. provides service to the MAC addresses provided in the message.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Num of Entries| MAC Address[] | | Num of Entries| MAC Address[] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 58, line 23 skipping to change at page 66, line 4
a previously added blacklist entry on an WTP, ensuring that the WTP a previously added blacklist entry on an WTP, ensuring that the WTP
provides service to the MAC addresses provided in the message. provides service to the MAC addresses provided in the message.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Num of Entries| MAC Address[] | | Num of Entries| MAC Address[] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MAC Address[] | | MAC Address[] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 66 for Delete Blacklist Entry Type: 66 for Delete Blacklist Entry
Length: >= 7 Length: >= 7
Num of Entries: The number of MAC Addresses in the array. Num of Entries: The number of MAC Addresses in the array.
MAC Address: An array of MAC Addresses to delete from the blacklist MAC Address: An array of MAC Addresses to delete from the blacklist
entry. entry.
7.3.10 Add Static Blacklist Entry 7.4.11 Add Static Blacklist Entry
The Add Static Blacklist Entry message element is used by an AC to The Add Static Blacklist Entry message element is used by an AC to
add a permanent blacklist entry on an WTP, ensuring that the WTP no add a permanent blacklist entry on an WTP, ensuring that the WTP no
longer provides any service to the MAC addresses provided in the longer provides any service to the MAC addresses provided in the
message. The MAC Addresses provided in this message element are message. The MAC Addresses provided in this message element are
expected to be saved in non-volative memory on the WTP. expected to be saved in non-volative memory on the WTP.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 58, line 47 skipping to change at page 66, line 30
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Num of Entries| MAC Address[] | | Num of Entries| MAC Address[] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MAC Address[] | | MAC Address[] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 70 for Delete Blacklist Entry Type: 70 for Delete Blacklist Entry
Length: >= 7 Length: >= 7
Num of Entries: The number of MAC Addresses in the array. Num of Entries: The number of MAC Addresses in the array.
MAC Address: An array of MAC Addresses to add to the permanent MAC Address: An array of MAC Addresses to add to the permanent
blacklist entry. blacklist entry.
7.3.11 Delete Static Blacklist Entry 7.4.12 Delete Static Blacklist Entry
The Delete Static Blacklist Entry message element is used by an AC to The Delete Static Blacklist Entry message element is used by an AC to
delete a previously added static blacklist entry on an WTP, ensuring delete a previously added static blacklist entry on an WTP, ensuring
that the WTP provides service to the MAC addresses provided in the that the WTP provides service to the MAC addresses provided in the
message. message.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Num of Entries| MAC Address[] | | Num of Entries| MAC Address[] |
skipping to change at page 59, line 24 skipping to change at page 67, line 14
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Num of Entries| MAC Address[] | | Num of Entries| MAC Address[] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MAC Address[] | | MAC Address[] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 71 for Delete Blacklist Entry Type: 71 for Delete Blacklist Entry
Length: >= 7 Length: >= 7
Num of Entries: The number of MAC Addresses in the array. Num of Entries: The number of MAC Addresses in the array.
MAC Address: An array of MAC Addresses to delete from the static MAC Address: An array of MAC Addresses to delete from the static
blacklist entry. blacklist entry.
7.3.12 LWAPP Timers 7.4.13 LWAPP Timers
The LWAPP Timers message element is defined in section Section 7.2.3. The LWAPP Timers message element is defined in section Section 7.3.3.
7.3.13 AC Name with Index 7.4.14 AC Name with Index
The AC Name with Index message element is defined in section The AC Name with Index message element is defined in section
Section 7.1.3. Section 7.2.3.
7.3.14 WTP Fallback 7.4.15 WTP Fallback
The WTP Fallback message element is defined in section Section 7.2.5. The WTP Fallback message element is defined in section Section 7.3.6.
7.3.15 Idle Timeout 7.4.16 Idle Timeout
The Idle Timeout message element is defined in section Section 7.2.6. The Idle Timeout message element is defined in section Section 7.3.7.
7.4 Configuration Update Response 7.5 Configuration Update Response
The Configuration Update Response is the acknowledgement message for The Configuration Update Response is the acknowledgement message for
the Configuration Update Request. the Configuration Update Request.
Configuration Update Responses are sent by an WTP after receiving a Configuration Update Responses are sent by an WTP after receiving a
Configuration Update Request. Configuration Update Request.
When an AC receives a Configure Update Response the result code When an AC receives a Configure Update Response the result code
indicates if the WTP successfully accepted the configuration. indicates if the WTP successfully accepted the configuration.
The following subsections define the message elements that must be The following subsections define the message elements that must be
present in this LWAPP operation. present in this LWAPP operation.
7.4.1 Result Code 7.5.1 Result Code
The Result Code message element is defined in section Section 6.2.1. The Result Code message element is defined in section Section 6.2.1.
7.5 Change State Event Request 7.6 Change State Event Request
The Change State Event is used by the WTP to inform the AC of a The Change State Event is used by the WTP to inform the AC of a
change in the operational state. change in the operational state.
The Change State Event message is sent by the WTP when it receives a The Change State Event message is sent by the WTP when it receives a
Configuration Response that includes a Change State Event message Configuration Response that includes a Change State Event message
element. It is also sent in the event that the WTP detects an element. It is also sent in the event that the WTP detects an
operational failure with a radio. The Change State Event may be sent operational failure with a radio. The Change State Event may be sent
in either the Configure or Run state (see Figure 2. in either the Configure or Run state (see Figure 2.
When an AC receives a Change State Event it will respond with a When an AC receives a Change State Event it will respond with a
Change State Event Response and make any necessary modifications to Change State Event Response and make any necessary modifications to
internal WTP data structures. internal WTP data structures.
The following subsections define the message elements that must be The following subsections define the message elements that must be
present in this LWAPP operation. present in this LWAPP operation.
7.5.1 Change State Event 7.6.1 Change State Event
The Change State Event message element is defined in section The Change State Event message element is defined in section
Section 7.2.2. Section 7.3.2.
7.6 Change State Event Response 7.7 Change State Event Response
The Change State Event Response acknowledges the Change State Event. The Change State Event Response acknowledges the Change State Event.
Change State Event Response are sent by an WTP after receiving a Change State Event Response are sent by an WTP after receiving a
Change State Event. Change State Event.
The Change State Event Response carries no message elements. Its The Change State Event Response carries no message elements. Its
purpose is to acknowledge the receipt of the Change State Event. purpose is to acknowledge the receipt of the Change State Event.
The WTP does not need to perform any special processing of the Change The WTP does not need to perform any special processing of the Change
State Event Response message. State Event Response message.
7.7 Clear Config Indication 7.8 Clear Config Indication
The Clear Config Indication is used to reset an WTP's configuration. The Clear Config Indication is used to reset an WTP's configuration.
The Clear Config Indication is sent by an AC to request that an WTP The Clear Config Indication is sent by an AC to request that an WTP
reset its configuration to manufacturing defaults. The Clear Config reset its configuration to manufacturing defaults. The Clear Config
Indication message is sent while in the Run LWAPP state. Indication message is sent while in the Run LWAPP state.
The Reset Request carries no message elements. The Reset Request carries no message elements.
When an WTP receives a Clear Config Indication it will reset its When an WTP receives a Clear Config Indication it will reset its
skipping to change at page 64, line 27 skipping to change at page 72, line 34
0 1 2 0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID |Num Of Entries | Mobile MAC Address | | Radio ID |Num Of Entries | Mobile MAC Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Mobile MAC Address[] | | Mobile MAC Address[] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 39 for Decryption Error Report Type: 39 for Decryption Error Report
Length: >= 8 Length: >= 8
Radio ID: The Radio Identifier, typically refers to some interface Radio ID: The Radio Identifier, typically refers to some interface
index on the WTP index on the WTP
Num Of Entries: An 8-bit unsigned integer indicating the number of Num Of Entries: An 8-bit unsigned integer indicating the number of
mobile MAC addresses. mobile MAC addresses.
Mobile MAC Address: An array of mobile station MAC addresses that Mobile MAC Address: An array of mobile station MAC addresses that
have caused decryption errors. have caused decryption errors.
8.5.2 Duplicate IP Address 8.5.2 Duplicate IPv4 Address
The Duplicate IP Address message element is used by an WTP to inform The Duplicate IPv4 Address message element is used by an WTP to
an AC that it has detected another host using the same IP address it inform an AC that it has detected another host using the same IP
is currently using. address it is currently using.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address | | IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MAC Address | | MAC Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MAC Address | | MAC Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 77 for Duplicate IP Address
Type: 77 for Duplicate IPv4 Address
Length: 10 Length: 10
IP Address: The IP Address currently used by the WTP. IP Address: The IP Address currently used by the WTP.
MAC Address: The MAC Address of the offending device.
8.5.3 Duplicate IPv6 Address
The Duplicate IPv6 Address message element is used by an WTP to
inform an AC that it has detected another host using the same IP
address it is currently using.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MAC Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MAC Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 77 for Duplicate IPv6 Address
Length: 10
IP Address: The IP Address currently used by the WTP.
MAC Address: The MAC Address of the offending device. MAC Address: The MAC Address of the offending device.
8.6 WTP Event Response 8.6 WTP Event Response
WTP Event Response acknowledges the WTP Event Request. WTP Event Response acknowledges the WTP Event Request.
WTP Event Response are sent by an AC after receiving a WTP Event WTP Event Response are sent by an AC after receiving a WTP Event
Request. Request.
The WTP Event Response carries no message elements. The WTP Event Response carries no message elements.
skipping to change at page 69, line 5 skipping to change at page 79, line 5
This message requires no special processing, and is only used to This message requires no special processing, and is only used to
acknowledge the Mobile Configuration Request. acknowledge the Mobile Configuration Request.
The data transfer request message MUST contain the message elements The data transfer request message MUST contain the message elements
described in the next subsection. described in the next subsection.
9.2.1 Result Code 9.2.1 Result Code
The Result Code message element is defined in section Section 6.2.1. The Result Code message element is defined in section Section 6.2.1.
10. Session Key Generation 10. LWAPP Security
Note: This version only defines a certificate and a shared secret Note: This version only defines a certificate and a shared secret
based mechanism to secure control LWAPP traffic exchanged between the based mechanism to secure control LWAPP traffic exchanged between the
WTP and the AC. WTP and the AC.
10.1 Securing WTP-AC communications 10.1 Securing WTP-AC communications
While it is generally straightforward to produce network While it is generally straightforward to produce network
installations in which the communications medium between the WTP and installations in which the communications medium between the WTP and
AC is not accessible to the casual user (e.g. these LAN segments are AC is not accessible to the casual user (e.g. these LAN segments are
skipping to change at page 69, line 38 skipping to change at page 79, line 38
access to the building(s) in which such LANs exist, and that they access to the building(s) in which such LANs exist, and that they
must be able to "plug in" to the LAN in order to access the network. must be able to "plug in" to the LAN in order to access the network.
With these things in mind, we can begin to assess the general With these things in mind, we can begin to assess the general
security requirements for AC-WTP communications. While an in-depth security requirements for AC-WTP communications. While an in-depth
security analysis of threats and risks to these communication is security analysis of threats and risks to these communication is
beyond the scope of this document, some discussion of the motivation beyond the scope of this document, some discussion of the motivation
for various security-related design choices is useful. The for various security-related design choices is useful. The
assumptions driving the security design thus far include the assumptions driving the security design thus far include the
following: following:
o WTP-AC communications take place over a wired connection which may
be accessible to a sophisticated attacker o WTP-AC communications may be accessible to a sophisticated
o access to this connection is not trivial for an outsider (i.e. attacker. For instance, if LWAPP is used in a mesh environment,
someone who does not "belong" in the building) to access where LWAPP is run over the air, additional link layer security,
such as 802.11i, may be required.
o if authentication and/or privacy of end to end traffic for which o if authentication and/or privacy of end to end traffic for which
the WTP and AC are intermediaries is required, this may be the WTP and AC are intermediaries is required, this may be
provided via IPsec [13]. provided via IPsec [16].
o privacy and authentication for at least some WTP-AC control o privacy and authentication for at least some WTP-AC control
traffic is required (e.g. WEP keys for user sessions, passed from traffic is required (e.g. WEP keys for user sessions, passed from
AC to WTP) AC to WTP)
o the AC can be trusted to generate strong cryptographic keys o the AC can be trusted to generate strong cryptographic keys
AC-WTP traffic can be considered to consist of two types: data AC-WTP traffic can be considered to consist of two types: data
traffic (e.g. to or from an end user), and control traffic which is traffic (e.g. to or from an end user), and control traffic which is
strictly between the AC and WTP. Since data traffic may be secured strictly between the AC and WTP. Since data traffic may be secured
using IPsec (or some other end-to-end security mechanism), we confine using IPsec (or some other end-to-end security mechanism), we confine
our solution to control traffic. The resulting security consists of our solution to control traffic. The resulting security consists of
skipping to change at page 70, line 20 skipping to change at page 80, line 25
cryptographic keys used for CCM is described below. cryptographic keys used for CCM is described below.
10.2 LWAPP Frame Encryption 10.2 LWAPP Frame Encryption
While, the LWAPP protocol uses AES-CCM to encrypt control traffic, it While, the LWAPP protocol uses AES-CCM to encrypt control traffic, it
is important to note that not all control frames are encrypted. The is important to note that not all control frames are encrypted. The
LWAPP discovery and join phase are not encrypted. The Discovery LWAPP discovery and join phase are not encrypted. The Discovery
messages are sent in the clear since there does not exist a security messages are sent in the clear since there does not exist a security
association between the WTP and the AC during the discovery phase. association between the WTP and the AC during the discovery phase.
The Join phase is an authenticated exchange used to negotiate The Join phase is an authenticated exchange used to negotiate
symmetric session keys (see Section 6.2.4). symmetric session keys (see Section 10.3).
Once the join phase has been successfully completed, the LWAPP state Once the join phase has been successfully completed, the LWAPP state
machine Figure 2 will move to the Configure state, at which time all machine Figure 2 will move to the Configure state, at which time all
LWAPP control frames are encrypted using AES-CCM. LWAPP control frames are encrypted using AES-CCM.
Encryption of a control message begins at the Message Element field, Encryption of a control message begins at the Message Element field,
meaning the Msg Type, Seq Num, Msg Element Length and Session ID meaning the Msg Type, Seq Num, Msg Element Length and Session ID
fields are left intact (see Section 4.2.1). fields are left intact (see Section 4.2.1).
The AES-CCM 12 byte authentication data is appended to the end of the The AES-CCM 12 byte authentication data is appended to the end of the
message. The authentication data is calculated from the start of the message. The authentication data is calculated from the start of the
LWAPP packet, and includes the complete LWAPP control header (see LWAPP packet, and includes the complete LWAPP control header (see
Section 4.2.1). Section 4.2.1).
The AES-CCM block cipher protocol requires an initialization vector. The AES-CCM block cipher protocol requires an initialization vector.
The LWAPP protocol requires that the WTP and the AC maintain two The LWAPP protocol requires that the WTP and the AC maintain two
separate IVs, one for transmission and one for reception. The IV is separate IVs, one for transmission and one for reception. The IV
initialized on both the WTP and the AC to the Session ID, and the IV derived during the key exchange phase by both the WTP and the AC is
is monotonically increased for every packet transmitted. Note that used as the base for all encrypted packets with a new key.
the IV is implicit, and is not transmitted in the LWAPP header, and
therefore an LWAPP device MUST keep track of both bi-directional IVs.
The IV is 13 bytes long, and the first byte is set to zero, while the
remaining twelve bytes are set to the monotonically increasing 32 bit
counter previously mentioned. The following pseudo code provides an
example of how the IVs are managed for a transmitted packet.
void SetNonce(char *buffer, int sessionId, int xmitIv)
{
if (xmitIv == 0) {
xmitIv = sessionId;
memset(buffer, '\0', 13);
/* Initialize the IV Buffer */
buffer[1] = (xmitIv >> 24) & 0xff;
buffer[2] = (xmitIv >> 16) & 0xff;
buffer[3] = (xmitIv >> 8) & 0xff;
buffer[4] = (xmitIv & 0xff);
buffer[5] = (xmitIv >> 24) & 0xff;
buffer[6] = (xmitIv >> 16) & 0xff;
buffer[7] = (xmitIv >> 8) & 0xff;
buffer[8] = (xmitIv & 0xff);
buffer[9] = (xmitIv >> 24) & 0xff;
buffer[10] = (xmitIv >> 16) & 0xff;
buffer[11] = (xmitIv >> 8) & 0xff;
buffer[12] = (xmitIv & 0xff);
} else {
xmitIv = bignuminc-12(xmitIv);
}
return;
}
10.3 Authenticated Key Exchange 10.3 Authenticated Key Exchange
This section describes the key management component of the LWAPP This section describes the key management component of the LWAPP
protocol. There are two modes supported by LWAPP; certificate and protocol. There are two modes supported by LWAPP; certificate and
pre-shared key. pre-shared key.
10.3.1 Certificate Based Approach 10.3.1 Terminology
This section details the key management protocol which makes use of This section details the key management protocol which makes use of
X.509 certificates. pre-shared secrets.
The following notations are used throughout this section: The following notations are used throughout this section:
o PSK - the pre-shared key shared between the WTP and the AC
o Kpriv - the private key of a public-private key pair o Kpriv - the private key of a public-private key pair
o Kpub - the public key of the pair o Kpub - the public key of the pair
o KeyMaterial - output of KDF-256(key, WTP-MAC)
o K1 - AES-CCM Encryption Key
o K2 - AES Key-Wrap Key
o SessionID - randomly generated LWAPP session identifier, provided o SessionID - randomly generated LWAPP session identifier, provided
by the WTP in the Join Request by the WTP in the Join Request
o M - a clear-text message
o C - a cipher-text message.
o S - signed cipher-text message.
o PKCS1(z) - the PKCS#1 encapsulation of z
o E-x{Kpriv, M} - RSA encryption of M using X's private key
o E-x{Kpub, M} - RSA encryption of M using X's public key o E-x{Kpub, M} - RSA encryption of M using X's public key
o S-x{M} - an RSA digital signature over M produced by X
o V-x{S-x, M} - RSA verification of X's digital signature over M
o D-x{Kpriv, C} - RSA decryption of C using X's private key o D-x{Kpriv, C} - RSA decryption of C using X's private key
o D-x{Kpub, C} - RSA decryption of C using X's public key
o Certificate-AC - AC's Certificate
o Certificate-WTP - WTP's Certificate
10.3.1.1 Session Key Generation o AES-CMAC(key, packet) - A message integrity check, using AES-CMAC
and key, of the complete LWAPP packet, with the sequence number
field and the payload of the PSK-MIC message element set to zero.
The AC and WTP accomplish mutual authentication and a cryptographic o AES-E(key, plaintext) - Plaintext is encrypted with key, using
key exchange in a single round trip using the Join Request and AES.
Response pair (see Section 6.1).
Note that the constant 'x' is used in the above notations to o AES-D(key, ciphertext) - ciphertext is decrypted with key, using
represent one of the parties in the LWAPP exchange. For instance, if AES.
the WTP must encrypt some text, it would use its own private key, and
therefore the notation "E-wtp{Kpriv, M}" would be used.
The following text describes the exchange between the WTP and the AC o Certificate-AC - AC's Certificate
that creates a session key, which is used to secure LWAPP control
messages.
o The WTP adds the Certificate message element (see Section 6.1.6)
with the contents set to Certificate-WTP in the Join Request.
o The WTP adds the Session ID message element (see Section 6.1.7)
with the contents set to a randomly generated session identifer
(see RFC 1750 [4]) in the Join Request. The WTP MUST save the
Session ID in order to validate the Join Response.
o Upon receiving the Join Request, the AC verifies Certificate-WTP,
encoded in the Certificate message element. The AC SHOULD also
perform some authorization check, ensuring that the WTP is allowed
to connect to the AC.
o The AC generates a 32 byte random session key. The first 16
bytes, K1 are used to protect the LWAPP traffic while the latter
16 bytes, K2 are used to keywrap the keys in the Key Update
Response using RFC 3394 [10].
o The AC encrypts the key into cipher-text (C), using E-wtp{Kpub ,
PKCS1(KeyMaterial)}. This encrypts the PKCS#1-encoded key
material with the public key of the WTP, so that only the WTP can
decrypt it and determine the session keys.
o The AC encrypts the concatenation of sessionID and cipher text (C) o Certificate-WTP - WTP's Certificate
into cipher text(CĒ), using E-ac{Kpriv, SessionID|C}. This
encrypts using the private key of AC and can be decrypted using
the public key of AC, proving that AC produced this; this forms
the basis of trust for WTP with respect to the source of the
session keys. The cipher-text (CĒ) is then copied into the
session key field within the Session Key message element.
o AC creates the Join Response, and includes two message elements.
Certificate-AC is included in the Certificate message element.
The Session Key message element is added, with the Security field
set to one (1 - X.509 Certificate Based), and the cipher-text (CĒ)
is included in the Session Key field. The resulting Join Response
is sent to the WTP.
o WTP verifies authenticity of Certificate-AC in the Join Response's
Certificate message element.
o WTP computes D-ac{Kpub, 'CĒ}, where 'CĒ is the content of Session
Key field in Session Key Message element. The resulting data
includes the SessionID and cipher text (C). SessionID is
validated against the SessionID that was sent in the Join Request.
o WTP computes PKCS1(KeyMaterial) = D-ac{Kpriv , C}, decrypting the
session keys using its private key, where C is the cipher text
retrieved by decrypting the session key field in earlier step.
Since these were encrypted with the WTP's public key, only the WTP
can successfully decrypt the session key. The resulting 32 octet
KeyMaterial is split into two 16 octet keys, K1 and K2,
respectively.
o K1 is now plumbed into the crypto engine as the AES-CCM session
key. From this point on, all control protocol payloads between
the WTP and AC are encrypted and authenticated using the new
session key.
10.3.1.2 Refreshing Cryptographic Keys o WTP-MAC - The WTP's MAC Address.
Since AC-WTP associations will tend to be relatively long-lived, it o AC-MAC - The AC's MAC Address.
is sensible to periodically refresh the encryption and authentication
keys; this is referred to as "rekeying". When the key lifetime
reaches 95% of the configured value, identified in the KeyLifetime
timer (see Section 12), the rekeying will proceed as follows:
o WTP generates a fresh random Session identier value and encodes it
within the Key Update Request's Session ID message element. The
new session identifier is saved on the WTP in order to verify the
Key Update Response. The protected Key Update Request is sent to
the AC.
o The AC generates a 32 byte random session key. The first 16
bytes, K1 are used to protect the LWAPP traffic while the latter
16 bytes, K2 are used to keywrap the keys in the Key Update
Response using RFC 3394 [10].
o The AC encrypts the key into cipher-text (C), using E-wtp{Kpub , o RK0 - the root key, which is created through a KDF function.
PKCS1(KeyMaterial)}. This encrypts the PKCS#1-encoded key
material with the public key of the WTP, so that only the WTP can
decrypt it and determine the session keys.
o The AC encrypts the concatenation of sessionID and cipher text (C)
into cipher text(CĒ), using E-ac{Kpriv, SessionID|C}. This
encrypts using the private key of AC and can be decrypted using
the public key of AC, proving that AC produced this; this forms
the basis of trust for WTP with respect to the the source of the
session keys. The cipher-text (CĒ) is then copied into the
session key field within the Session Key message element.
o AC creates the Key Update Response message, and includes the
Session Key message element with the Security field set to one (1
- X.509 Certificate Based), and the cipher-text (CĒ) is included
in the Session Key field. The resulting encrypted Key Update
Response is sent to the WTP.
o WTP computes D-ac{Kpub, CĒ}, where CĒ is the conten of Session Key
field in Session Key Message element. The resulting data includes
the SessionID and cipher text (C). SessionID is validated against
the SessionID that was sent in the Join Request.
o WTP computes PKCS1(KeyMaterial) = D-ac{Kpriv , C}, decrypting the
session keys using its private key, where C is the cipher text
retrieved by decrypting the session key field in earlier step.
Since these were encrypted with the WTP's public key, only the WTP
can successfully decrypt the session key. The resulting 32 octet
KeyMaterial is split into two 16 octet keys, K1 and K2,
respectively.
o K1 is now plumbed into the crypto engine as the AES-CCM session
key. From this point on, all control protocol payloads between
the WTP and AC are encrypted and authenticated using the new
session key.
If WTP does not receive the Key Update Response by the time the o RK0E - the root Encryption key, derived from RK0.
ResponseTimeout timer expires (see Section 12), the WTP MUST delete
the new and old session information, and reset the state machine to
the Idle state.
Following a rekey process, both the WTP and the AC keep the previous o RK0M - the root MIC key, derived from RK0.
encryption for one second in order to be able to process packets that
arrive out of order.
10.3.2 Pre-Shared Key Approach o SK1 - the session Key
o SK1C - the session confirmation Key, derived from SK
This section details the key management protocol which makes use of o SK1E - the session encryption Key, derived from SK
pre-shared secrets.
The following notations are used throughout this section: o SK1W - the session keywrap Key, derived from SK (see RFC 3394 [9])
o PSK - the pre-shared key shared between the WTP and the AC
o K0 - the result of a KDF using the PSK and the WTP's MAC Address
o K1 - the confirmation Key
o K2 - the encryption Key
o K3 - the keywrap Key (see RFC 3394 [10])
o KeyMaterial - concatenation of K1, K2 and K3
o SessionID - randomly generated LWAPP session identifier, provided
by the WTP in the Join Request
o MIC(K1, packet) - A message integrity check, using HMAC-SHA1 and
K1, of the complete LWAPP packet, with the sequence number field
set to zero.
o E(K0E, plaintext) - Plaintext is encrypted with K0E, using
AES-CBC.
o D(K0E, cryptotext) - Cryptotext is decrypted with K0E, using
AES-CBC.
o WNonce - The WTP's randomly generated Nonce. o WNonce - The WTP's randomly generated Nonce.
o ANonce - The AC's randomly generated Nonce. o ANonce - The AC's randomly generated Nonce.
o EWNonce - The payload of the WNonce message element, which o EWNonce - The payload of the WNonce message element, which
includes the WNonce. includes the WNonce.
o EANonce - The payload of the ANonce message element, which o EANonce - The payload of the ANonce message element, which
includes the ANonce. includes the ANonce.
o WTP-MAC - The WTP's MAC Address.
o AC-MAC - The AC's MAC Address.
10.3.2.1 Session Key Generation 10.3.2 Initial Key Generation
The AC and WTP accomplish mutual authentication and a cryptographic The AC and WTP accomplish mutual authentication and a cryptographic
key exchange in a dual round trip using the Join Request, Join key exchange in a dual round trip using the Join Request, Join
Response, Join ACK and Join Confirm (see Section 6.1). Response, Join ACK and Join Confirm (see Section 6.1).
The following text describes the exchange between the WTP and the AC The following text describes the exchange between the WTP and the AC
that creates a session key, which is used to secure LWAPP control that creates a session key, which is used to secure LWAPP control
messages. messages.
o The WTP creates K0 through the following algorithm: K0 =
KDF-256{PSK, "LWAPP PSK Top K0" || Session ID || WTP-MAC ||
AC-MAC}, where WTP-MAC is the WTP's MAC Address in the form
"xx:xx:xx:xx:xx:xx". Similarly, the AC-MAC is an ASCII encoding
of the AC's MAC Address, of the form "xx:xx:xx:xx:xx:xx". The
first 16 octets is the K0 encryption key (K0E), and the second 16
octets is the K0 Derivation key (K0D).
o The WTP creates a random nonce, known as WNonce, and encrypts it
using the following algorithm: EWNonce = E{K0E, WNonce}. The
encrypted nonce is added to the Join Request's WNonce message
element (see Section 6.1.9).
o The WTP adds the Session ID message element (see Section 6.1.7)
with the contents set to a randomly generated session identifer
(see RFC 1750 [4]) in the Join Request. The WTP MUST save the
Session ID in order to validate the Join Response.
o Upon receiving the Join Request, the AC creates K0, using K0 = o The WTP creates a Join Request using the following process:
KDF-256{PSK, "LWAPP PSK Top K0" || Session ID || WTP-MAC ||
AC-MAC}. WNonce = D{K0E, EWNonce}, where EWNonce is found in the
WNonce message element.
o The AC then creates its own random nonce, known as ANonce. The
WANonce is then created, through E{K0E, NOT WNonce || ANonce}.
"NOT WNonce" means that the AC takes WNonce and inverts all of the
bits within the field. The results of the encryption is inserted
in the Join Response's ANonce message element (see Section 6.1.9).
o The AC then uses the KDF function to create a 48 octet session
key. The KDF function used is as follows: KDF-384{K0D, "LWAPP Key
Generation", WNonce || ANonce || WTP-MAC || AC-MAC}. The KDF
function is defined in [7]. The resulting octets are split into
three 16 octet keys (K1, K2 and K3, in that exact order).
o The AC creates the PSK-MIC (see Section 6.2.8) message element
whose payload includes MIC{K1, Join Response} using K1 as the
confirmation key, which is added to the Join Response. The
resulting Join Response is sent to the WTP.
o Upon receiving the Join Response, the WTP decrypts ANonce from the
contents of the ANonce message element, using ANonce = D{K0E,
WANonce}
o The WTP uses a KDF function to create a 48 octet session key. The
KDF function used is as follows: KDF-384{K0D, "LWAPP Key
Generation", WNonce || ANonce || WTP-MAC || AC-MAC}. The KDF
function is defined in [7]. The resulting octets are split into
three 16 octet keys (K1, K2 and K3, in that exact order).
o WTP verifies authenticity of the PSK-MIC field by using MIC{K1,
Join Response}.
o The WTP creates the PSK-MIC message element whose payload includes
MIC{K1, Join ACK}, which is added to the Join ACK, as well as the
WNonce message element. The resulting Join ACK is sent to the AC.
o AC verifies that WTP's Nonce in the Join ACK's WNonce message
element matches the value it had received in the Join Request.
o AC verifies authenticity of the PSK-MIC message element, by using
its own saved version of K1. It then creates another PSK-MIC
message element, whose payload includes MIC{K1, Join Confirm},
which is added to the Join Confirm, as well as the Session ID
message element. The resulting Join Confirm is sent to the WTP.
o WTP verifies authenticity of the PSK-MIC message element, by using
its own saved version of K1, using the SessionID it had used in
the original Join Request.
o K2 is now plumbed into the crypto engine as the AES-CCM session
key. From this point on, all control protocol payloads between
the WTP and AC are encrypted and authenticated using the new
session key.
10.3.2.2 Refreshing Cryptographic Keys o If Certificate based security is used, the WTP adds the
Certificate message element (see Section 6.1.6) with its
contents set to Certificate-WTP.
o Adds the Session ID message element (see Section 6.1.7) with
the contents set to a randomly generated session identifer (see
RFC 1750 [4]). The WTP MUST save the Session ID in order to
validate the Join Response.
o Creates a random Nonce, included in the XNonce message element
(see Section 6.1.9). The WTP MUST save the XNonce to validate
the Join Response.
o The WTP transmits the Join Request to the AC.
o Upon receiving the Join Request the AC uses the following process:
o The AC creates the Join Response, and ensures that the Session
ID message element matches the value found in the Join Request.
o If Certificate based security is used, the AC:
o Adds the Certificate-AC to the Certificate message element.
o Creates a random 'AC Nonce' and encrypts it using the
following algorithm E-wtp(Kpub, XNonce XOR 'AC Nonce'). The
encrypted contents are added to the ANonce's message element
payload.
o If pre-shared key based security is used, the AC:
o Creates RK0 through the following algorithm: RK0 = KDF-
256{PSK, "LWAPP PSK Top K0" || Session ID || WTP-MAC || AC-
MAC}, where WTP-MAC is the WTP's MAC Address in the form
"xx:xx:xx:xx:xx:xx". Similarly, the AC-MAC is an ASCII
encoding of the AC's MAC Address, of the form "xx:xx:xx:xx:
xx:xx". The resulting K0 is split into the following:
o The first 16 octets is known as RK0E, and is used as an
encryption key
o The second 16 octets is known as RK0M, and is used for
MIC'ing purposes
o Creates a random 'AC Nonce' and encrypts it using the
following algorithm AES-E(RK0E, XNonce XOR 'AC Nonce'). The
encrypted contents are added to the ANonce's message element
payload.
o The AC adds a MIC to the contents of the Join Response using
AES-CMAC(RK0M, Join Response) and adds the resulting hash to
the PSK-MIC (Section 6.2.9) message element.
o Upon receiving the Join Response the WTP uses the following
process:
o If Pre-shared key is used, the WTP authenticates the Join
Response's PSK-MIC message element. If authentication fails,
the packet is dropped.
o The WTP decrypts the ANonce message element and XOR's the value
with XNonce to retrieve the 'AC Nonce'. The ANonce payload is
referred to as ciphertext below:
o If Pre-shared key is used, use AES-D(RK0E, ciphertext). The
'AC Nonce' is then recovered using XNonce XOR plaintext.
o If certificates are used, use d-wtp(Kpriv, ciphertext). The
'AC Nonce' is then recovered using XNonce XOR plaintext.
o The WTP creates a random 'WTP Nonce'.
o The WTP uses the KDF function to create a 64 octet session key
(SK). The KDF function used is as follows: KDF-512{'WTP Nonce'
|| 'AC Nonce', "LWAPP Key Generation", WTP-MAC || AC-MAC}. The
KDF function is defined in [7].
o SK is then broken down into three separate session keys with
different purposes:
o The first 16 octets is known as SK1C, and is used as a
confirmation key
o The second 16 octets is known as SK1E, and is as the
encryption key
o The third 16 octets is known as SK1D, and is used as the
keywrap key
o The fourth 16 octets is known as IV, and is used as the
Initialization Vector during encryption
o The WTP creates the Join ACK message.
o If Certificate based security is used, the AC:
o Encrypt the 'WTP Nonce' using following algorithm E-ac(Kpub,
'WTP Nonce'). The encrypted contents are added to the
WNonce's message element payload.
o If pre-shared key based security is used, the AC:
o Encrypt the 'WTP Nonce' using following algorithm AES-
E(RK0E, 'WTP Nonce'). The encrypted contents are added to
the WNonce's message element payload.
o The WTP adds a MIC to the contents of the Join ACK using AES-
CMAC(SK1M, Join ACK) and adds the resulting hash to the PSK-MIC
(Section 6.2.9) message element.
o The WTP then transmits the Join ACK to the AC.
o Upon receiving the Join ACK the AC uses the following process:
o The AC authenticates the Join ACK through the PSK-MIC message
element. If authentic, the AC decrypts the WNonce message
element to retrieve the 'WTP Nonce'. If the Join ACK could not
be authenticated, the packet is dropped.
o The AC decrypts the WNonce message element to retrieve the 'WTP
Nonce'. The WNonce payload is referred to as ciphertext below:
o If Pre-shared key is used, use AES-D(RK0E, ciphertext). The
plaintext is then considered the 'WTP Nonce'.
o If certificates are used, use d-ac(Kpriv, ciphertext). The
plaintext is then considered the 'WTP Nonce'.
o The AC then uses the KDF function to create a 64 octet session
key (SK). The KDF function used is as follows: KDF-512{'WTP
Nonce' || 'AC Nonce', "LWAPP Key Generation", WTP-MAC || AC-
MAC}. The KDF function is defined in [7]. The SK is split
into SK1C, SK1E, SK1D and IV as previously noted.
o The AC creates the Join Confirm.
o The AC adds a MIC to the contents of the Join Confirm using
AES-CMAC(SK1M, Join Confirm) and adds the resulting hash to the
MIC (Section 6.2.9) message element.
o The AC then transmits the Join Confirm to the WTP.
o Upon receiving the Join Confirm the WTP uses the following
process:
o The WTP authenticates the Join Confirm through the PSK-MIC
message element. If the Join Confirm could not be
authenticated, the packet is dropped.
o SK1E is now plumbed into the AC and WTP's crypto engine as the
AES-CCM LWAPP control encryption session key. Furthermore, the
random IV is used as the base Initialization Vector. From this
point on, all control protocol payloads between the WTP and AC are
encrypted and authenticated using the new session key.
10.3.3 Refreshing Cryptographic Keys
Since AC-WTP associations will tend to be relatively long-lived, it Since AC-WTP associations will tend to be relatively long-lived, it
is sensible to periodically refresh the encryption and authentication is sensible to periodically refresh the encryption and authentication
keys; this is referred to as "rekeying". When the key lifetime keys; this is referred to as "rekeying". When the key lifetime
reaches 95% of the configured value, identified in the KeyLifetime reaches 95% of the configured value, identified in the KeyLifetime
timer (see Section 12), the rekeying will proceed as follows: timer (see Section 12), the rekeying will proceed as follows:
o WTP generates a fresh random Session identier value and encodes it
within the Key Update Request's Session ID message element. The o The WTP creates RK0 through the previously defined KDF algorithm:
new session identifier is saved on the WTP in order to verify the RK0 = KDF-256{SK1D, "LWAPP PSK Top K0" || Session ID || WTP-MAC ||
Key Update Response. The Key Update Request is sent to the AC. AC-MAC}. Note the difference in this specific instance is that
o The AC generates 2 new random 16 octet, which are the new K2 and SK1D that was previously generated is used instead of the PSK.
K3. This new K3 is the AES Key Wrap key that will be used in the Note this is used in both the certificate and pre-shared key
next rekey event. These two session keys are concatenated into a modes. The resulting RK0 create RK0E, RK0M.
32 octet value, which is encrypted using the AES Key Wrap (see RFC
3384 [9]), and using K3, which was either created in the KDF o The remaining steps used are identical as the join process, with
function during the Join phase, or communicated in the previous the exception that the rekey messages are used instead of join
Key Update Response to the WTP. The output of the AES Key Wrap messages, and the fact that the messages are encrypted using the
function is used as the Payload of the Session Key message previously created SK1E. This means the Join Request is replaced
element. with the Rekey Request, the Join Response is replaced with the
o AC then sends a protected Key Update Response message to the WTP Rekey Response, etc. The two differences between the rekey and
using the old session key. Once the message has been sent, the the join process are:
new K2 session key is plumbed into the AC's crypto engine.
o WTP verifies that SessionID in the Key Update Response's Session o The Certificate-WTP and Certificate-AC are not included in the
Key message element matches an outstanding request Rekey-Request and Rekey-Response, respectively.
o WTP uses the AES Key Wrap function, with the K3 which it had
received from the AC in the original Join phase, or mututally o Regardless of whether certificates or pre-shared key was used
generated in the previous Join Update Request exchange. The in the initial key derivation, the process now uses the pre-
output of the Key Wrap function is a 32 octet value, which is shared key mode only, using SK1D as the "PSK".
split into two separate 16 octet session keys, K2 and K3.
o K2 is now plumbed into the crypto engine as the AES-CCM session o The Key Update Request is sent to the AC.
key. From this point on, all control protocol payloads between
o The newly created SK1E is now plumbed into the AC and WTP's crypto
engine as the AES-CCM LWAPP control encryption session key.
Furthermore, the new random IV is used as the base Initialization
Vector. From this point on, all control protocol payloads between
the WTP and AC are encrypted and authenticated using the new the WTP and AC are encrypted and authenticated using the new
session key. session key.
If WTP does not receive the Key Update Response by the time the If either the WTP or the AC do not receive an expected response by
ResponseTimeout timer expires (see Section 12), the WTP MUST delete the time the ResponseTimeout timer expires (see Section 12), the
the new and old session information, and reset the state machine to WTP MUST delete the new and old session information, and reset the
the Idle state. state machine to the Idle state.
Following a rekey process, both the WTP and the AC keep the previous Following a rekey process, both the WTP and the AC keep the
encryption for one second in order to be able to process packets that previous encryption for 5-10 seconds in order to be able to
arrive out of order. process packets that arrive out of order.
10.4 Certificate Usage
Validation of the certificates by the AC and WTP is required so that
only an AC may perform the functions of an AC and that only a WTP may
perform the functions of a WTP. This restriction of functions to the
AC or WTP requires that the certificates used by the AC MUST be
distinguishable from the certificate used by the WTP. To accomplish
this differentiation, the x.509v3 certificates MUST include the
Extensions field [10] and MUST include the NetscapeComment [11]
extension.
For an AC, the value of the NetscapeComment extension MUST be the
string "CAPWAP AC Device Certificate". For a WTP, the value of the
NetscapeComment extension MUST be the string "CAPWAP WTP Device
Certificate".
Part of the LWAPP certificate validation process includes ensuring
that the proper string is included in the NetscapeComment extension,
and only allowing the LWAPP session to be established if the
extension does not represent the same role as the device validating
the certificate. For instance, a WTP MUST NOT accept a certificate
whose NetscapeComment field is set to "CAPWAP WTP Device
Certificate".
11. IEEE 802.11 Binding 11. IEEE 802.11 Binding
This section defines the extensions required for the LWAPP protocol This section defines the extensions required for the LWAPP protocol
to be used with the IEEE 802.11 protocol. to be used with the IEEE 802.11 protocol.
11.1 Division of labor 11.1 Division of labor
The LWAPP protocol, when used with IEEE 802.11 devices, requires a The LWAPP protocol, when used with IEEE 802.11 devices, requires a
specific behavior from the WTP and the AC, specifically in terms of specific behavior from the WTP and the AC, specifically in terms of
which 802.11 protocol functions are handled. which 802.11 protocol functions are handled.
For both the Split and Local MAC approaches, the CAPWAP functions, as
defined in the taxonomy specification, reside in the AC.
11.1.1 Split MAC 11.1.1 Split MAC
This section discusses the roles and responsibilities of the WTP and This section shows the division of labor between the WTP and the AC
the AC when the LWAPP protocol is used in a Split MAC mode. in a Split MAC architecture. Figure 3 shows the clear separation of
functionality among LWAPP components.
The responsibility of the WTP is to handle the following functions: Function Location
o 802.11 Control Protocol. These functions are very latency Distribution Service AC
sensitive, and include such functions as packet acknowledgement, Integration Service AC
retransmissions, etc. Beacon Generation WTP
o 802.11 Beacons. The information elements to be included in the Probe Response WTP
beacon is controlled by the AC. Since inter-beacon timing is very Power Mgmt/Packet Buffering WTP
critical, the actual beacons are generated by the WTP. Any 802.11 Fragmentation/Defragmentation WTP
protocol extension that requires changes within the beacon on a Assoc/Disassoc/Reassoc AC
per frame basis (e.g., 802.11e's QBSS) must be handled solely
within the WTP.
o 802.11 Probe Response. As with the beacons, the information to
include in the probe responses is sent by the AC. Stations
generally expect probe requests to be responded to within 3 to 10
milliseconds, and as a consequence it is very difficult to provide
this function in the AC. Note that the WTP does forward the Probe
Requests received to the AC, for its own information. Whether the
AC makes use of these frames is implementation dependent, and is
outside the scope of this document.
o 802.11e Frame Queuing. The 802.11e standard defines a control
protocol, which is carried within the 802.11 MAC management
protocol, as well as defines how packet prioritization is handled
through various timing parameters. The actual packet
prioritization must be handled in the WTP, since only the WTP has
complete visibility into the RF.
o 802.11i Frame Encryption. The 802.11i standard defines a control
protocol used for the establishment of a security association, as
well as a means to encrypt and decrypt 802.11 data frames. The
actual encryption and decryption services MAY occur in the WTP.
The responsibility of the AC is to handle the following functions: 802.11e
Classifying AC
Scheduling WTP/AC
Queuing WTP
o 802.11 MAC Management. All 802.11 MAC Management frames not 802.11i
listed above are handled exclusively within the AC. This includes 802.1X/EAP AC
the 802.11 (re)association request, action frames, etc. Key Management AC
o 802.11 Data. The WTP simply encapsulates all 802.11 data frames 802.11 Encryption/Decryption WTP or AC
received, and forwards them to the AC.
o 802.11e Resource Reservat. The 802.11e standard defines a control Figure 3: Mapping of 802.11 Functions for Split MAC Architecture
protocol, which is carried within the 802.11 MAC management
protocol, as well as defines how packet prioritization is handled The Distribution and Integration services reside on the AC, and
through various timing parameters. The signaling defined in this therefore all user data is tunneled between the WTP and the AC. As
specification is handled within the AC. noted above, all real-time 802.11 services, including the control
o 802.11i Authentication and Key Exchange. The 802.11i standard protocol and the beacon and probe response frames, are handled on the
defines a control protocol used for the establishment of a WTP.
security association, as well as a means to encrypt and decrypt
802.11 data frames. The authentication (802.1X/EAP) and key All remaining 802.11 MAC management frames are supported on the AC,
exchange component of this standard is handled within the AC. including the Association Request which allows the AC to be involved
in the access policy enforcement portion of the 802.11 protocol. The
802.1X and 802.11i key management function are also located on the
AC.
While the admission control component of 802.11e resides on the AC,
the real time scheduling and queuing functions are on the WTP. Note
this does not exclude the AC from providing additional policing and
scheduling functionality.
Note that in the following figure, the use of '( - )' indicates that
processing of the frames is done on the WTP.
Client WTP AC
Beacon
<-----------------------------
Probe Request
----------------------------( - )------------------------->
Probe Response
<-----------------------------
802.11 AUTH/Association
<--------------------------------------------------------->
Add Mobile (Clear Text, 802.1X Only)
<------------------------->
802.1X Authentication & 802.11i Key Exchange
<--------------------------------------------------------->
Add Mobile (AES-CCMP, PTK=x)
<------------------------->
802.11 Action Frames
<--------------------------------------------------------->
802.11 DATA (1)
<---------------------------( - )------------------------->
Figure 4: Split MAC Message Flow
Figure 4 provides an illustration of the division of labor in a Split
MAC architecture. In this example, a WLAN has been created that is
configured for 802.11i, using AES-CCMP for privacy. The following
process occurs:
o The WTP generates the 802.11 beacon frames, using information
provided to it through the Add WLAN (see Section Section 11.8.1.1)
message element.
o The WTP processes the probe request and responds with a
corresponding probe response. The problem request is then
forwarded to the AC for optional processing.
o The WTP forwards the 802.11 Authentication and Association frames
to the AC, which is responsible for responding to the client.
o Once the association is complete, the AC transmits an LWAPP Add
Mobile request to the WTP (see section Section 11.7.1.1. In the
above example, the WLAN is configured for 802.1X, and therefore
the '802.1X only' policy bit is enabled.
o If the WTP is providing encryption/decryption services, once the
client has completed the 802.11i key exchange, the AC transmits
another Add Mobile request to the WTP, stating the security policy
to enforce for the client (in this case AES-CCMP), as well as the
encryption key to use. If encryption/decryption is handled in the
AC, the Add Mobile request would have the encryption policy set to
"Clear Text".
o The WTP forwards any 802.11 Action frames received to the AC.
o All client data frames are tunneled between the WTP and the AC.
Note that the WTP is responsible for encrypting and decrypting
frames, if it was indicated in the Add Mobile request.
11.1.2 Local MAC 11.1.2 Local MAC
This section discusses the roles and responsibilities of the WTP and This section shows the division of labor between the WTP and the AC
the AC when the LWAPP protocol is used in a Local MAC mode. in a Local MAC architecture. Figure 5 shows the clear separation of
functiionality among LWAPP components.
TBD Function Location
Distribution Service WTP
Integration Service WTP
Beacon Generation WTP
Probe Response WTP
Power Mgmt/Packet Buffering WTP
Fragmentation/Defragmentation WTP
Assoc/Disassoc/Reassoc WTP
11.2 Transport specific bindings 802.11e
Classifying WTP
Scheduling WTP
Queuing WTP
802.11i
802.1X/EAP AC
Key Management AC
802.11 Encryption/Decryption WTP
Figure 5: Mapping of 802.11 Functions for Local AP Architecture
Given the Distribution and Integration Services exist on the WTP,
client data frames are not forwarded to the AC, with the exception
listed in the following paragraphs.
While the MAC is terminated on the WTP, it is necessary for the AC to
be aware of mobility events within the WTPs. As a consequence, the
WTP MUST forward the 802.11 Association Requests to the AC, and the
AC MAY reply with a failed Association Response if it deems it
necessary.
The 802.1X and 802.11i Key Management function resides in the AC.
Therefore, the WTP MUST forward all 802.1X/Key Management frames to
the AC and forward the associated responses to the station.
Note that in the following figure, the use of '( - )' indicates that
processing of the frames is done on the WTP.
Client WTP AC
Beacon
<-----------------------------
Probe
<---------------------------->
802.11 AUTH
<-----------------------------
802.11 Association
<---------------------------( - )------------------------->
Add Mobile (Clear Text, 802.1X Only)
<------------------------->
802.1X Authentication & 802.11i Key Exchange
<--------------------------------------------------------->
802.11 Action Frames
<--------------------------------------------------------->
Add Mobile (AES-CCMP, PTK=x)
<------------------------->
802.11 DATA
<----------------------------->
Figure 6: Local MAC Message Flow
Figure 6 provides an illustration of the division of labor in a Local
MAC architecture. In this example, a WLAN has been created that is
configured for 802.11i, using AES-CCMP for privacy. The following
process occurs:
o The WTP generates the 802.11 beacon frames, using information
provided to it through the Add WLAN (see Section Section 11.8.1.1)
message element.
o The WTP processes the probe request and responds with a
corresponding probe response.
o The WTP forwards the 802.11 Authentication and Association frames
to the AC, which is responsible for responding to the client.
o Once the association is complete, the AC transmits an LWAPP Add
Mobile request to the WTP (see section Section 11.7.1.1. In the
above example, the WLAN is configured for 802.1X, and therefore
the '802.1X only' policy bit is enabled.
o The WTP forwards all 802.1X and 802.11i key exchange messages to
the AC for processing.
o The AC transmits another Add Mobile request to the WTP, stating
the security policy to enforce for the client (in this case AES-
CCMP), as well as the encryption key to use. The Add Mobile
request MAY include a VLAN name, which when present is used by the
WTP to identify the VLAN on which the user's data frames are to be
bridged.
o The WTP forwards any 802.11 Action frames received to the AC.
o The WTP locally bridges all client data frames, and provides the
necessary encryption and decryption services.
11.2 Roaming Behavior and 802.11 security
It is important that LWAPP implementations react properly to mobile
devices associating to the networks in how they generate Add Mobile
and Delete Mobile messages. This section expands upon the examples
provided in the previous section, and describes how the LWAPP control
protocol is used in order to provide secure roaming.
Once a client has successfully associated with the network in a
secure fashion, it is likely to attempt to roam to another access
point. Figure 7 shows an example of a currently associated station
moving from its "Old WTP" to a new WTP. The figure is useful for
multiple different security policies, including standard 802.1X and
dynamic WEP keys, WPA or even WPA2 both with key caching (where the
802.1x exchange would be bypassed) and without.
Client Old WTP WTP AC
Association Request/Response
<--------------------------------------( - )-------------->
Add Mobile (Clear Text, 802.1X Only)
<---------------->
802.1X Authentication (if no key cache entry exists)
<--------------------------------------( - )-------------->
802.11i 4-way Key Exchange
<--------------------------------------( - )-------------->
Delete Mobile
<---------------------------------->
Add Mobile (AES-CCMP, PTK=x)
<---------------->
Figure 7: Client Roaming Example
11.3 Transport specific bindings
All LWAPP transports have the following IEEE 802.11 specific All LWAPP transports have the following IEEE 802.11 specific
bindings: bindings:
11.2.1 Status and WLANS field 11.3.1 Status and WLANS field
The interpretation of this 16 bit field depends on the direction of The interpretation of this 16 bit field depends on the direction of
transmission of the packet. Refer to the figure in Section transmission of the packet. Refer to the figure in Section
Section 3.1. Section 3.1.
Status Status
When an LWAPP packet is transmitted from an WTP to an AC, this field When an LWAPP packet is transmitted from an WTP to an AC, this field
is called the status field and indicates radio resource information is called the status field and indicates radio resource information
associated with the frame. When the message is an LWAPP control associated with the frame. When the message is an LWAPP control
skipping to change at page 80, line 10 skipping to change at page 94, line 35
the following manner: the following manner:
0 1 0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| RSSI | SNR | | RSSI | SNR |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
RSSI: RSSI is a signed, 8-bit value. It is the received signal RSSI: RSSI is a signed, 8-bit value. It is the received signal
strength indication, in dBm. strength indication, in dBm.
SNR: SNR is a signed, 8-bit value. It is the signal to noise ratio SNR: SNR is a signed, 8-bit value. It is the signal to noise ratio
of the received IEEE 802.11 frame, in dB. of the received IEEE 802.11 frame, in dB.
WLANs field: When an LWAPP data message is transmitted from an AC to WLANs field: When an LWAPP data message is transmitted from an AC to
an WTP, this 16 bit field indicates on which WLANs the an WTP, this 16 bit field indicates on which WLANs the
encapsulated IEEE 802.11 frame is to be transmitted. For unicast encapsulated IEEE 802.11 frame is to be transmitted. For unicast
packets, this field is not used by the WTP. For broadcast or packets, this field is not used by the WTP. For broadcast or
multicast packets, the WTP might require this information if it multicast packets, the WTP might require this information if it
provides encryption services. provides encryption services.
Given that a single broadcast or multicast packet might need to be Given that a single broadcast or multicast packet might need to be
sent to multiple wireless LANs (presumably each with a different sent to multiple wireless LANs (presumably each with a different
broadcast key), this field is defined as a bit field. A bit set broadcast key), this field is defined as a bit field. A bit set
indicates a WLAN ID (see Section Section 11.5.1.1) which will be indicates a WLAN ID (see Section Section 11.8.1.1) which will be
sent the data. The WLANS field is encoded in the following sent the data. The WLANS field is encoded in the following
manner: manner:
0 1 0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| WLAN ID(s) | | WLAN ID(s) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
11.3 Data Message bindings 11.4 BSSID to WLAN ID Mapping
The LWAPP protocol makes assumptions regarding the BSSIDs used on the
WTP. It is a requirement for the WTP to use a contiguous block of
BSSIDs. The WLAN Identifier field, which is managed by the AC, is
used as an offset into the BSSID list.
For instance, if a WTP had a base BSSID address of 00:01:02:00:00:00,
and the AC sent an Add WLAN message with a WLAN Identifier of 2 (see
Section Section 11.8.1.1), the BSSID for the specific WLAN on the WTP
would be 00:01:02:00:00:02.
The WTP communicates the maximum number of BSSIDs that it supports
during the Config Request within the IEEE 802.11 WTP WLAN Radio
Configuration message element (see Section 11.9.1).
11.5 Quality of Service
It is recommended that 802.11 MAC management be sent by both the AC
and the WTP with appropriate Quality of Service values, ensuring that
congestion in the network minimizes occurences of packet loss.
Therefore, a Quality of Service enabled LWAPP device should use:
802.1P: The precedence value of 6 SHOULD be used for all 802.11 MAC
management messages, except for Probe Requests which SHOULD use 4.
DSCP: The dscp tag value of 46 SHOULD be used for all 802.11 MAC
management messages, except for Probe Requests which SHOULD use
34.
11.6 Data Message bindings
There are no LWAPP Data Message bindings for IEEE 802.11. There are no LWAPP Data Message bindings for IEEE 802.11.
11.4 Control Message bindings 11.7 Control Message bindings
The IEEE 802.11 binding has the following Control Message The IEEE 802.11 binding has the following Control Message
definitions. definitions.
11.4.1 Mobile Config Request 11.7.1 Mobile Config Request
This section contains the 802.11 specific message elements that are This section contains the 802.11 specific message elements that are
used with the Mobile Config Request. used with the Mobile Config Request.
11.4.1.1 Add Mobile 11.7.1.1 Add Mobile
The Add Mobile Request is used by the AC to inform an WTP that it The Add Mobile Request is used by the AC to inform an WTP that it
should forward traffic from a particular mobile station. The add should forward traffic from a particular mobile station. The add
mobile request may also include security parameters that must be mobile request may also include security parameters that must be
enforced by the WTP for the particular mobile. enforced by the WTP for the particular mobile.
When the AC sends an Add Mobile Request, it includes any security When the AC sends an Add Mobile Request, it includes any security
parameters that may be required. An AC that wishes to update a parameters that may be required. An AC that wishes to update a
mobile's policy on an WTP may be done by simply sending a new Add mobile's policy on an WTP may be done by simply sending a new Add
Mobile message element. Mobile message element.
skipping to change at page 81, line 47 skipping to change at page 97, line 26
| Pairwise TSC... | | Pairwise TSC... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Pairwise RSC... | | Pairwise RSC... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Capabilities | WLAN ID | WME Mode | | Capabilities | WLAN ID | WME Mode |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 802.11e Mode | Qos | Supported Rates | | 802.11e Mode | Qos | Supported Rates |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Supported Rates | | Supported Rates |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| VLAN Name...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 29 for Add Mobile Type: 29 for Add Mobile
Length: 36 Length: 36
Radio ID: An 8-bit value representing the radio Radio ID: An 8-bit value representing the radio
Association ID: A 16-bit value specifying the 802.11 Association Association ID: A 16-bit value specifying the 802.11 Association
Identifier Identifier
MAC Address: The mobile station's MAC Address MAC Address: The mobile station's MAC Address
E: The one bit field is set by the AC to inform the WTP that is MUST E: The one bit field is set by the AC to inform the WTP that is MUST
NOT accept any 802.11 data frames, other than 802.1X frames. This NOT accept any 802.11 data frames, other than 802.1X frames. This
is the equivalent of the WTP's 802.1X port for the mobile station is the equivalent of the WTP's 802.1X port for the mobile station
to be in the closed state. When set, the WTP MUST drop any to be in the closed state. When set, the WTP MUST drop any non-
non-802.1X packets it receives from the mobile station. 802.1X packets it receives from the mobile station.
C: The one bit field is set by the AC to inform the WTP that C: The one bit field is set by the AC to inform the WTP that
encryption services will be provided by the AC. When set, the WTP encryption services will be provided by the AC. When set, the WTP
SHOULD police frames received from stations to ensure that they SHOULD police frames received from stations to ensure that they
comply to the stated encryption policy, but does not need to take comply to the stated encryption policy, but does not need to take
specific cryptographic action on the frame. Similarly, for specific cryptographic action on the frame. Similarly, for
transmitted frames, the WTP only needs to forward already transmitted frames, the WTP only needs to forward already
encrypted frames. encrypted frames.
Encryption Policy: The policy field informs the WTP how to handle Encryption Policy: The policy field informs the WTP how to handle
packets from/to the mobile station. The following values are packets from/to the mobile station. The following values are
supported: supported:
0 - Encrypt WEP 104: All packets to/from the mobile station must 0 - Encrypt WEP 104: All packets to/from the mobile station must
be encrypted using standard 104 bit WEP. be encrypted using standard 104 bit WEP.
1 - Clear Text: All packets to/from the mobile station do not 1 - Clear Text: All packets to/from the mobile station do not
require any additional crypto processing by the WTP. require any additional crypto processing by the WTP.
2 - Encrypt WEP 40: All packets to/from the mobile station must 2 - Encrypt WEP 40: All packets to/from the mobile station must
be encrypted using standard 40 bit WEP. be encrypted using standard 40 bit WEP.
3 - Encrypt WEP 128: All packets to/from the mobile station must 3 - Encrypt WEP 128: All packets to/from the mobile station must
be encrypted using standard 128 bit WEP. be encrypted using standard 128 bit WEP.
4 - Encrypt AES-CCMP 128: All packets to/from the mobile station 4 - Encrypt AES-CCMP 128: All packets to/from the mobile station
must be encrypted using 128 bit AES CCMP [7] must be encrypted using 128 bit AES CCMP [7]
5 - Encrypt TKIP-MIC: All packets to/from the mobile station must 5 - Encrypt TKIP-MIC: All packets to/from the mobile station must
be encrypted using TKIP and authenticated using Michael [15] be encrypted using TKIP and authenticated using Michael [18]
Session Key: A 32 octet session key the WTP is to use when Session Key: A 32 octet session key the WTP is to use when
encrypting traffic to or decrypting traffic from the mobile encrypting traffic to or decrypting traffic from the mobile
station. The type of key is determined based on the Encryption station. The type of key is determined based on the Encryption
Policy field. Policy field.
Pairwise TSC: The TSC to use for unicast packets transmitted to the Pairwise TSC: The TSC to use for unicast packets transmitted to the
mobile. mobile.
Pairwise RSC: The RSC to use for unicast packets received from the Pairwise RSC: The RSC to use for unicast packets received from the
mobile. mobile.
Capabilities: A 16-bit field containing the 802.11 capabilities to Capabilities: A 16-bit field containing the 802.11 capabilities to
use with the mobile. use with the mobile.
WLAN ID: An 8-bit value specifying the WLAN Identifier WLAN ID: An 8-bit value specifying the WLAN Identifier
WME Mode: A 8-bit boolean used to identify whether the station is WME Mode: A 8-bit boolean used to identify whether the station is
WME capable. A value of zero is used to indicate that the station WME capable. A value of zero is used to indicate that the station
is not WME capable, while a value of one means that the station is is not WME capable, while a value of one means that the station is
WME capable. WME capable.
802.11e Mode: A 8-bit boolean used to identify whether the station 802.11e Mode: A 8-bit boolean used to identify whether the station
is 802.11e capable. A value of zero is used to indicate that the is 802.11e capable. A value of zero is used to indicate that the
station is not 802.11e capable, while a value of one means that station is not 802.11e capable, while a value of one means that
the station is 802.11e capable. the station is 802.11e capable.
QoS: An 8-bit value specifying the QoS policy to enforce for the QoS: An 8-bit value specifying the QoS policy to enforce for the
station. The following values are supported: PRC: TO CHECK station. The following values are supported: PRC: TO CHECK
0 - Silver (Best Effort) 0 - Silver (Best Effort)
1 - Gold (Video) 1 - Gold (Video)
2 - Platinum (Voice) 2 - Platinum (Voice)
3 - Bronze (Background) 3 - Bronze (Background)
Supported Rates: The supported rates to be used with the mobile Supported Rates: The supported rates to be used with the mobile
station. station.
11.4.1.2 IEEE 802.11 Mobile Session Key VLAN Name: An optional variable string containing the VLAN Name on
which the WTP is to locally bridge user data. Note this field is
only valid with Local MAC WTPs.
11.7.1.2 IEEE 802.11 Mobile Session Key
The Mobile Session Key Payload message element is sent when the AC The Mobile Session Key Payload message element is sent when the AC
determines that encryption of a mobile station must be performed in determines that encryption of a mobile station must be performed in
the WTP. This message element MUST NOT be present without the Add the WTP. This message element MUST NOT be present without the Add
Mobile (see Section 11.4.1.1) message element, and MUST NOT be sent Mobile (see Section 11.7.1.1) message element, and MUST NOT be sent
if the WTP had not specifically advertised support for the requested if the WTP had not specifically advertised support for the requested
encryption scheme (see ???). encryption scheme (see ???).
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MAC Address | | MAC Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MAC Address | Encryption Policy | | MAC Address | Encryption Policy |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 83, line 38 skipping to change at page 99, line 43
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MAC Address | | MAC Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MAC Address | Encryption Policy | | MAC Address | Encryption Policy |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Encryption Policy | Session Key... | | Encryption Policy | Session Key... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 105 for IEEE 802.11 Mobile Session Key Type: 105 for IEEE 802.11 Mobile Session Key
Length: >= 11 Length: >= 11
MAC Address: The mobile station's MAC Address MAC Address: The mobile station's MAC Address
Encryption Policy: The policy field informs the WTP how to handle Encryption Policy: The policy field informs the WTP how to handle
packets from/to the mobile station. The following values are packets from/to the mobile station. The following values are
supported: supported:
0 - Encrypt WEP 104: All packets to/from the mobile station must 0 - Encrypt WEP 104: All packets to/from the mobile station must
be encrypted using standard 104 bit WEP. be encrypted using standard 104 bit WEP.
1 - Clear Text: All packets to/from the mobile station do not 1 - Clear Text: All packets to/from the mobile station do not
require any additional crypto processing by the WTP. require any additional crypto processing by the WTP.
2 - Encrypt WEP 40: All packets to/from the mobile station must 2 - Encrypt WEP 40: All packets to/from the mobile station must
be encrypted using standard 40 bit WEP. be encrypted using standard 40 bit WEP.
3 - Encrypt WEP 128: All packets to/from the mobile station must 3 - Encrypt WEP 128: All packets to/from the mobile station must
be encrypted using standard 128 bit WEP. be encrypted using standard 128 bit WEP.
4 - Encrypt AES-CCMP 128: All packets to/from the mobile station 4 - Encrypt AES-CCMP 128: All packets to/from the mobile station
must be encrypted using 128 bit AES CCMP [7] must be encrypted using 128 bit AES CCMP [7]
5 - Encrypt TKIP-MIC: All packets to/from the mobile station must 5 - Encrypt TKIP-MIC: All packets to/from the mobile station must
be encrypted using TKIP and authenticated using Michael [15] be encrypted using TKIP and authenticated using Michael [18]
Session Key: The session key the WTP is to use when encrypting Session Key: The session key the WTP is to use when encrypting
traffic to/from the mobile station. traffic to/from the mobile station.
11.4.1.3 QoS Profile 11.7.1.3 Station QoS Profile
The QoS Profile Payload message element contains the maximum 802.11e The Station QoS Profile Payload message element contains the maximum
priority tag that may be used by the station. Any packets received 802.11e priority tag that may be used by the station. Any packets
that exceeds the value encoded in this message element must either be received that exceeds the value encoded in this message element must
dropped or tagged using the maximum value permitted by to the user. either be dropped or tagged using the maximum value permitted by to
The priority tag must be between zero (0) and seven (7). the user. The priority tag must be between zero (0) and seven (7).
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MAC Address | | MAC Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MAC Address | 802.1P Precedence Tag | | MAC Address | 802.1P Precedence Tag |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: TBD for IEEE 802.11 QOS Profile Type: 140 for IEEE 802.11 Station QOS Profile
Length: 12 Length: 12
MAC Address: The mobile station's MAC Address MAC Address: The mobile station's MAC Address
802.1P Precedence Tag: The maximum 802.1P precedence value that the 802.1P Precedence Tag: The maximum 802.1P precedence value that the
WTP will allow in the TID field in the extended 802.11e QOS Data WTP will allow in the TID field in the extended 802.11e QOS Data
header. header.
11.4.1.4 IEEE 802.11 Update Mobile QoS 11.7.1.4 IEEE 802.11 Update Mobile QoS
The Update Mobile QoS message element is used to change the Quality The Update Mobile QoS message element is used to change the Quality
of Service policy on the WTP for a given mobile station. of Service policy on the WTP for a given mobile station.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | Association ID | MAC Address | | Radio ID | Association ID | MAC Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MAC Address | | MAC Address |
skipping to change at page 85, line 4 skipping to change at page 101, line 21
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | Association ID | MAC Address | | Radio ID | Association ID | MAC Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MAC Address | | MAC Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MAC Address | QoS Profile | Vlan Identifier | | MAC Address | QoS Profile | Vlan Identifier |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| DSCP Tag | 802.1P Tag | | DSCP Tag | 802.1P Tag |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 106 for IEEE 802.11 Update Mobile QoS Type: 106 for IEEE 802.11 Update Mobile QoS
Length: 14 Length: 14
Radio ID: The Radio Identifier, typically refers to some interface Radio ID: The Radio Identifier, typically refers to some interface
index on the WTP index on the WTP
Association ID: The 802.11 Association Identifier. Association ID: The 802.11 Association Identifier.
MAC Address: The mobile station's MAC Address. MAC Address: The mobile station's MAC Address.
QoS Profile: An 8-bit value specifying the QoS policy to enforce for QoS Profile: An 8-bit value specifying the QoS policy to enforce for
the station. The following values are supported: the station. The following values are supported:
0 - Silver (Best Effort) 0 - Silver (Best Effort)
1 - Gold (Video) 1 - Gold (Video)
2 - Platinum (Voice) 2 - Platinum (Voice)
3 - Bronze (Background) 3 - Bronze (Background)
VLAN Identifier: PRC. VLAN Identifier: PRC.
DSCP Tag: The DSCP label to use if packets are to be DSCP tagged. DSCP Tag: The DSCP label to use if packets are to be DSCP tagged.
802.1P Tag: The 802.1P precedence value to use if packets are to be 802.1P Tag: The 802.1P precedence value to use if packets are to be
802.1P tagged. 802.1P tagged.
11.4.2 WTP Event Request 11.7.2 WTP Event Request
This section contains the 802.11 specific message elements that are This section contains the 802.11 specific message elements that are
used with the WTP Event Request message. used with the WTP Event Request message.
11.4.2.1 IEEE 802.11 Statistics 11.7.2.1 IEEE 802.11 Statistics
The statistics message element is sent by the WTP to transmit it's The statistics message element is sent by the WTP to transmit it's
current statistics. The value contains the following fields. current statistics. The value contains the following fields.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | Tx Fragment Count | | Radio ID | Tx Fragment Count |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Tx Fragment Cnt| Multicast Tx Count | |Tx Fragment Cnt| Multicast Tx Count |
skipping to change at page 86, line 38 skipping to change at page 103, line 4
|Rx Fragment Cnt| Multicast RX Count | |Rx Fragment Cnt| Multicast RX Count |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Mcast Rx Cnt | FCS Error Count | | Mcast Rx Cnt | FCS Error Count |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| FCS Error Cnt| Tx Frame Count | | FCS Error Cnt| Tx Frame Count |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Tx Frame Cnt | Decryption Errors | | Tx Frame Cnt | Decryption Errors |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Decryption Errs| |Decryption Errs|
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
Type: 38 for Statistics Type: 38 for Statistics
Length: 57 Length: 57
Radio ID: An 8-bit value representing the radio. Radio ID: An 8-bit value representing the radio.
Tx Fragment Count: A 32-bit value representing the number of Tx Fragment Count: A 32-bit value representing the number of
fragmented frames transmitted. fragmented frames transmitted.
Multicast Tx Count: A 32-bit value representing the number of Multicast Tx Count: A 32-bit value representing the number of
multicast frames transmitted. multicast frames transmitted.
Failed Count: A 32-bit value representing the transmit excessive Failed Count: A 32-bit value representing the transmit excessive
retries. retries.
Retry Count: A 32-bit value representing the number of transmit Retry Count: A 32-bit value representing the number of transmit
retries. retries.
Multiple Retry Count: A 32-bit value representing the number of Multiple Retry Count: A 32-bit value representing the number of
transmits that required more than one retry. transmits that required more than one retry.
Frame Duplicate Count: A 32-bit value representing the duplicate Frame Duplicate Count: A 32-bit value representing the duplicate
frames received. frames received.
RTS Success Count: A 32-bit value representing the number of RTS Success Count: A 32-bit value representing the number of
successfully transmitted Ready To Send (RTS). successfully transmitted Ready To Send (RTS).
RTS Failure Count: A 32-bit value representing the failed RTS Failure Count: A 32-bit value representing the failed
transmitted RTS. transmitted RTS.
ACK Failure Count: A 32-bit value representing the number of failed ACK Failure Count: A 32-bit value representing the number of failed
acknowledgements. acknowledgements.
Rx Fragment Count: A 32-bit value representing the number of Rx Fragment Count: A 32-bit value representing the number of
fragmented frames received. fragmented frames received.
Multicast RX Count: A 32-bit value representing the number of Multicast RX Count: A 32-bit value representing the number of
multicast frames received. multicast frames received.
FCS Error Count: A 32-bit value representing the number of FCS FCS Error Count: A 32-bit value representing the number of FCS
failures. failures.
Decryption Errors: A 32-bit value representing the number of Decryption Errors: A 32-bit value representing the number of
Decryption errors that occured on the WTP. Note that this field Decryption errors that occured on the WTP. Note that this field
is only valid in cases where the WTP provides is only valid in cases where the WTP provides encryption/
encryption/decryption services. decryption services.
11.5 802.11 Control Messages 11.8 802.11 Control Messages
This section will define LWAPP Control Messages that are specific to This section will define LWAPP Control Messages that are specific to
the IEEE 802.11 binding. the IEEE 802.11 binding.
11.5.1 IEEE 802.11 WLAN Config Request 11.8.1 IEEE 802.11 WLAN Config Request
The IEEE 802.11 WLAN Configuration Request is sent by the AC to the The IEEE 802.11 WLAN Configuration Request is sent by the AC to the
WTP in order to change services provided by the WTP. This control WTP in order to change services provided by the WTP. This control
message is used to either create, update or delete a WLAN on the WTP. message is used to either create, update or delete a WLAN on the WTP.
The IEEE 802.11 WLAN Configuration Request is sent as a result of The IEEE 802.11 WLAN Configuration Request is sent as a result of
either some manual admistrative process (e.g., deleting a WLAN), or either some manual admistrative process (e.g., deleting a WLAN), or
automatically to create a WLAN on an WTP. When sent automatically to automatically to create a WLAN on an WTP. When sent automatically to
create a WLAN, this control message is sent after the LWAPP create a WLAN, this control message is sent after the LWAPP
Configuration Request message has been received by the WTP. Configuration Request message has been received by the WTP.
skipping to change at page 88, line 14 skipping to change at page 104, line 41
Since the index is the primary identifier for a WLAN, an AC SHOULD Since the index is the primary identifier for a WLAN, an AC SHOULD
attempt to ensure that the same WLAN is identified through the same attempt to ensure that the same WLAN is identified through the same
index number on all of its WTPs. An AC that does not follow this index number on all of its WTPs. An AC that does not follow this
approach MUST find some other means of maintaining a WLAN Identifier approach MUST find some other means of maintaining a WLAN Identifier
to SSID mapping table. to SSID mapping table.
The following subsections define the message elements that are value The following subsections define the message elements that are value
for this LWAPP operation. Only one message MUST be present. for this LWAPP operation. Only one message MUST be present.
11.5.1.1 IEEE 802.11 Add WLAN 11.8.1.1 IEEE 802.11 Add WLAN
The Add WLAN message element is used by the AC to define a wireless The Add WLAN message element is used by the AC to define a wireless
LAN on the WTP. The value contains the following format: LAN on the WTP. The value contains the following format:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | WLAN Capability | WLAN ID | | Radio ID | WLAN Capability | WLAN ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Encryption Policy | | Encryption Policy |
skipping to change at page 88, line 40 skipping to change at page 105, line 26
| RSN Data Len |RSN IE Data ...| Reserved .... | | RSN Data Len |RSN IE Data ...| Reserved .... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| WME Data Len |WME IE Data ...| 11e Data Len |11e IE Data ...| | WME Data Len |WME IE Data ...| 11e Data Len |11e IE Data ...|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| QoS | Auth Type |Broadcast SSID | Reserved... | | QoS | Auth Type |Broadcast SSID | Reserved... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SSID ... | | SSID ... |
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
Type: 7 for IEEE 802.11 Add WLAN Type: 7 for IEEE 802.11 Add WLAN
Length: >= 298 Length: >= 298
Radio ID: An 8-bit value representing the radio. Radio ID: An 8-bit value representing the radio.
WLAN Capability: A 16-bit value containing the capabilities to be WLAN Capability: A 16-bit value containing the capabilities to be
advertised by the WTP within the Probe and Beacon messages. advertised by the WTP within the Probe and Beacon messages.
WLAN ID: A 16-bit value specifying the WLAN Identifier. WLAN ID: A 16-bit value specifying the WLAN Identifier.
Encryption Policy: A 32-bit value specifying the encryption scheme Encryption Policy: A 32-bit value specifying the encryption scheme
to apply to traffic to and from the mobile station. to apply to traffic to and from the mobile station.
The following values are supported: The following values are supported:
0 - Encrypt WEP 104: All packets to/from the mobile station must 0 - Encrypt WEP 104: All packets to/from the mobile station must
be encrypted using standard 104 bit WEP. be encrypted using standard 104 bit WEP.
1 - Clear Text: All packets to/from the mobile station do not 1 - Clear Text: All packets to/from the mobile station do not
require any additional crypto processing by the WTP. require any additional crypto processing by the WTP.
2 - Encrypt WEP 40: All packets to/from the mobile station must 2 - Encrypt WEP 40: All packets to/from the mobile station must
be encrypted using standard 40 bit WEP. be encrypted using standard 40 bit WEP.
3 - Encrypt WEP 128: All packets to/from the mobile station must 3 - Encrypt WEP 128: All packets to/from the mobile station must
be encrypted using standard 128 bit WEP. be encrypted using standard 128 bit WEP.
4 - Encrypt AES-CCMP 128: All packets to/from the mobile station 4 - Encrypt AES-CCMP 128: All packets to/from the mobile station
must be encrypted using 128 bit AES CCMP [7] must be encrypted using 128 bit AES CCMP [7]
5 - Encrypt TKIP-MIC: All packets to/from the mobile station must 5 - Encrypt TKIP-MIC: All packets to/from the mobile station must
be encrypted using TKIP and authenticated using Michael [15] be encrypted using TKIP and authenticated using Michael [18]
6 - Encrypt CKIP: All packets to/from the mobile station must be 6 - Encrypt CKIP: All packets to/from the mobile station must be
encrypted using Cisco TKIP. encrypted using Cisco TKIP.
Key: A 32 byte Session Key to use with the encryption policy. Key: A 32 byte Session Key to use with the encryption policy.
Key-Index: The Key Index associated with the key. Key-Index: The Key Index associated with the key.
Shared Key: A 1 byte boolean that specifies whether the key included Shared Key: A 1 byte boolean that specifies whether the key included
in the Key field is a shared WEP key. A value of zero is used to in the Key field is a shared WEP key. A value of zero is used to
state that the key is not a shared WEP key, while a value of one state that the key is not a shared WEP key, while a value of one
is used to state that the key is a shared WEP key. is used to state that the key is a shared WEP key.
WPA Data Len: Length of the WPA IE. WPA Data Len: Length of the WPA IE.
WPA IE: A 32 byte field containing the WPA Information Element. WPA IE: A 32 byte field containing the WPA Information Element.
RSN Data Len: Length of the RSN IE. RSN Data Len: Length of the RSN IE.
RSN IE: A 64 byte field containing the RSN Information Element. RSN IE: A 64 byte field containing the RSN Information Element.
Reserved: A 49 byte reserved field, which MUST be set to zero (0). Reserved: A 49 byte reserved field, which MUST be set to zero (0).
WME Data Len: Length of the WME IE. WME Data Len: Length of the WME IE.
WME IE: A 32 byte field containing the WME Information Element. WME IE: A 32 byte field containing the WME Information Element.
DOT11E Data Len: Length of the 802.11e IE. DOT11E Data Len: Length of the 802.11e IE.
DOT11E IE: A 32 byte field containing the 802.11e Information DOT11E IE: A 32 byte field containing the 802.11e Information
Element. Element.
QOS: An 8-bit value specifying the QoS policy to enforce for the QOS: An 8-bit value specifying the QoS policy to enforce for the
station. station.
The following values are supported: The following values are supported:
0 - Silver (Best Effort) 0 - Silver (Best Effort)
1 - Gold (Video) 1 - Gold (Video)
2 - Platinum (Voice) 2 - Platinum (Voice)
3 - Bronze (Background) 3 - Bronze (Background)
Auth Type: An 8-bit value specifying the station's authentication Auth Type: An 8-bit value specifying the station's authentication
type. type.
The following values are supported: The following values are supported:
0 - Open System 0 - Open System
1 - WEP Shared Key 1 - WEP Shared Key
2 - WPA/WPA2 802.1X 2 - WPA/WPA2 802.1X
3 - WPA/WPA2 PSK 3 - WPA/WPA2 PSK
Broadcast SSID: A boolean indicating whether the SSID is to be Broadcast SSID: A boolean indicating whether the SSID is to be
broadcast by the WTP. A value of zero disables SSID broadcast, broadcast by the WTP. A value of zero disables SSID broadcast,
while a value of one enables it. while a value of one enables it.
Reserved: A 40 byte reserved field. Reserved: A 40 byte reserved field.
SSID: The SSID attribute is the service set identifier that will be SSID: The SSID attribute is the service set identifier that will be
advertised by the WTP for this WLAN. advertised by the WTP for this WLAN.
11.5.1.2 IEEE 802.11 Delete WLAN 11.8.1.2 IEEE 802.11 Delete WLAN
The delete WLAN message element is used to inform the WTP that a The delete WLAN message element is used to inform the WTP that a
previously created WLAN is to be deleted. The value contains the previously created WLAN is to be deleted. The value contains the
following fields: following fields:
0 1 2 0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | WLAN ID | | Radio ID | WLAN ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 90, line 23 skipping to change at page 108, line 5
following fields: following fields:
0 1 2 0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | WLAN ID | | Radio ID | WLAN ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 28 for IEEE 802.11 Delete WLAN Type: 28 for IEEE 802.11 Delete WLAN
Length: 3 Length: 3
Radio ID: An 8-bit value representing the radio Radio ID: An 8-bit value representing the radio
WLAN ID: A 16-bit value specifying the WLAN Identifier WLAN ID: A 16-bit value specifying the WLAN Identifier
11.5.1.3 IEEE 802.11 Update WLAN 11.8.1.3 IEEE 802.11 Update WLAN
The Update WLAN message element is used by the AC to define a The Update WLAN message element is used by the AC to define a
wireless LAN on the WTP. The value contains the following format: wireless LAN on the WTP. The value contains the following format:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | WLAN ID |Encrypt Policy | | Radio ID | WLAN ID |Encrypt Policy |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Encryption Policy | Key... | | Encryption Policy | Key... |
skipping to change at page 90, line 44 skipping to change at page 108, line 28
| Radio ID | WLAN ID |Encrypt Policy | | Radio ID | WLAN ID |Encrypt Policy |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Encryption Policy | Key... | | Encryption Policy | Key... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Key ... | | Key ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Key Index | Shared Key | WLAN Capability | | Key Index | Shared Key | WLAN Capability |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 34 for IEEE 802.11 Update WLAN Type: 34 for IEEE 802.11 Update WLAN
Length: 43 Length: 43
Radio ID: An 8-bit value representing the radio. Radio ID: An 8-bit value representing the radio.
WLAN ID: A 16-bit value specifying the WLAN Identifier. WLAN ID: A 16-bit value specifying the WLAN Identifier.
Encryption Policy: A 32-bit value specifying the encryption scheme Encryption Policy: A 32-bit value specifying the encryption scheme
to apply to traffic to and from the mobile station. to apply to traffic to and from the mobile station.
The following values are supported: The following values are supported:
0 - Encrypt WEP 104: All packets to/from the mobile station must 0 - Encrypt WEP 104: All packets to/from the mobile station must
be encrypted using standard 104 bit WEP. be encrypted using standard 104 bit WEP.
1 - Clear Text: All packets to/from the mobile station do not 1 - Clear Text: All packets to/from the mobile station do not
require any additional crypto processing by the WTP. require any additional crypto processing by the WTP.
2 - Encrypt WEP 40: All packets to/from the mobile station must 2 - Encrypt WEP 40: All packets to/from the mobile station must
be encrypted using standard 40 bit WEP. be encrypted using standard 40 bit WEP.
3 - Encrypt WEP 128: All packets to/from the mobile station must 3 - Encrypt WEP 128: All packets to/from the mobile station must
be encrypted using standard 128 bit WEP. be encrypted using standard 128 bit WEP.
4 - Encrypt AES-CCMP 128: All packets to/from the mobile station 4 - Encrypt AES-CCMP 128: All packets to/from the mobile station
must be encrypted using 128 bit AES CCMP [7] must be encrypted using 128 bit AES CCMP [7]
5 - Encrypt TKIP-MIC: All packets to/from the mobile station must 5 - Encrypt TKIP-MIC: All packets to/from the mobile station must
be encrypted using TKIP and authenticated using Michael [15] be encrypted using TKIP and authenticated using Michael [18]
6 - Encrypt CKIP: All packets to/from the mobile station must be 6 - Encrypt CKIP: All packets to/from the mobile station must be
encrypted using Cisco TKIP. encrypted using Cisco TKIP.
Key: A 32 byte Session Key to use with the encryption policy. Key: A 32 byte Session Key to use with the encryption policy.
Key-Index: The Key Index associated with the key. Key-Index: The Key Index associated with the key.
Shared Key: A 1 byte boolean that specifies whether the key included Shared Key: A 1 byte boolean that specifies whether the key included
in the Key field is a shared WEP key. A value of zero means that in the Key field is a shared WEP key. A value of zero means that
the key is not a shared WEP key, while a value of one is used to the key is not a shared WEP key, while a value of one is used to
state that the key is a shared WEP key. state that the key is a shared WEP key.
WLAN Capability: A 16-bit value containing the capabilities to be WLAN Capability: A 16-bit value containing the capabilities to be
advertised by the WTP within the Probe and Beacon messages. advertised by the WTP within the Probe and Beacon messages.
11.5.2 IEEE 802.11 WLAN Config Response 11.8.2 IEEE 802.11 WLAN Config Response
The IEEE 802.11 WLAN Configuration Response is sent by the WTP to the The IEEE 802.11 WLAN Configuration Response is sent by the WTP to the
AC as an acknowledgement of the receipt of an IEEE 802.11 WLAN AC as an acknowledgement of the receipt of an IEEE 802.11 WLAN
Configuration Request. Configuration Request.
This LWAPP control message does not include any message elements. This LWAPP control message does not include any message elements.
11.5.3 IEEE 802.11 WTP Event 11.8.3 IEEE 802.11 WTP Event
The IEEE 802.11 WTP Event LWAPP message is used by the WTP in order The IEEE 802.11 WTP Event LWAPP message is used by the WTP in order
to report asynchronous events to the AC. There is no reply message to report asynchronous events to the AC. There is no reply message
expected from the AC, except that the message is acknowledged via the expected from the AC, except that the message is acknowledged via the
reliable transport. reliable transport.
When the AC receives the IEEE 802.11 WTP Event, it will take whatever When the AC receives the IEEE 802.11 WTP Event, it will take whatever
action is necessary, depending upon the message elements present in action is necessary, depending upon the message elements present in
the message. the message.
The IEEE 802.11 WTP Event message MUST contain one of the following The IEEE 802.11 WTP Event message MUST contain one of the following
message element described in the next subsections. message element described in the next subsections.
11.5.3.1 IEEE 802.11 MIC Countermeasures 11.8.3.1 IEEE 802.11 MIC Countermeasures
The MIC Countermeasures message element is sent by the WTP to the AC The MIC Countermeasures message element is sent by the WTP to the AC
to indicate the occurrence of a MIC failure. to indicate the occurrence of a MIC failure.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | WLAN ID | MAC Address | | Radio ID | WLAN ID | MAC Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MAC Address | | MAC Address |
skipping to change at page 92, line 15 skipping to change at page 110, line 19
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | WLAN ID | MAC Address | | Radio ID | WLAN ID | MAC Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MAC Address | | MAC Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 61 for IEEE 802.11 MIC Countermeasures Type: 61 for IEEE 802.11 MIC Countermeasures
Length: 8 Length: 8
Radio ID: The Radio Identifier, typically refers to some interface Radio ID: The Radio Identifier, typically refers to some interface
index on the WTP. index on the WTP.
WLAN ID: This 8-bit unsigned integer includes the WLAN Identifier, WLAN ID: This 8-bit unsigned integer includes the WLAN Identifier,
on which the MIC failure occurred. on which the MIC failure occurred.
MAC Address: The MAC Address of the mobile station that caused the MAC Address: The MAC Address of the mobile station that caused the
MIC failure. MIC failure.
11.5.3.2 IEEE 802.11 WTP Radio Fail Alarm Indication 11.8.3.2 IEEE 802.11 WTP Radio Fail Alarm Indication
The WTP Radio Fail Alarm Indication message element is sent by the The WTP Radio Fail Alarm Indication message element is sent by the
WTP to the AC when it detects a radio failure. WTP to the AC when it detects a radio failure.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Radio ID | Type | Status | Pad | | Radio ID | Type | Status | Pad |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+