The CAPWAP protocol (Control And Provisioning of Wireless Access Points) introduced by the IETF (Internet Engineering Task Force) is a draft standard for the centralized management of large WLAN infrastructures.
CAPWAP uses two channels for data transfer:
- Control channel,
encrypted with Datagram
Transport Layer Security (DTLS). This channel is used to exchange administration information
between the WLAN controller and the access point.Note: DTLS is an encryption protocol is based on TLS but, in contrast to TLS itself, it can be used for transfers over connectionless, unsecured transport protocols such as UDP. DTLS therefore combines the advantages of the high security provided by TLS with the fast transfer via UDP. This also makes DTLS suitable for the transfer of VoIP packets (unlike TLS) because, even after the loss of a packet, the subsequent packets can be authenticated again.
- Data channel, optionally also encrypted with DTLS. The payload data from the WLAN is transferred through this channel from the access point via the WLAN controller into the LAN—encapsulated in the CAPWAP protocol.