The CAPWAP protocol (Control And Provisioning of Wireless Access Points) introduced by the IETF (Internet Engineering Task Force) is a standard for the centralized management of large WLAN infrastructures.
CAPWAP uses two channels for data transfer:
- Control channel, encrypted with Datagram Transport Layer Security (DTLS). This channel is used to exchange administration information between the WLC and the AP.Note: DTLS is an encryption protocol is based on TLS but, in contrast to TLS itself, it can be used for transfers over connectionless, unsecured transport protocols such as UDP. DTLS therefore combines the advantages of the high security provided by TLS with the fast transfer via UDP. This also makes DTLS suitable for the transfer of VoIP packets (unlike TLS) because, even after the loss of a packet, the subsequent packets can be authenticated again.
- The payload data from the WLAN is transferred through this data channel from the AP via the WLC into the LAN—encapsulated in the CAPWAP protocol.
