Capwap Study Notes-first knowledge of capwap (5)

3. capwap binding for IEEE 802.11.

The capwap protocol itself does not include any specified wireless technology. It relies on binding protocols to expand support for specific wireless technologies.

￠ Rfc5416 is used to extend capwap's support for IEEE 802.11 networks. The Control Message field, a new control message, and a message element are defined.

Attention: This Protocol only supports the IEEE 802.11-2007 specification and does not support the Ad Hoc network mode (point-to-point mode, that is, IBSS) defined in the IEEE 802.11-2007 standard ), it is also not applicable to data frames in the four-address format (such data frames are generally used for bridges and are not specified in the IEEE 802.11-2007 standard ). The Protocol does not support IEEE 802.11n.

Some terms:

Basic Service Set (BSS): Basic Service Set (central control basic service set ). A wireless network consisting of a controlled STA and its control structure.

Independent basic service set (IBSS): An Independent basic service set, also known as a special network. It is a 802.11 network composed of a series of interconnected sites with no infrastructure, is designed for point-to-point connections. The IBSS mode does not have wireless infrastructure backbone, but requires at least two Stas.

3.1 bind an identifier

According to the capwap header described in Chapter 4.3 of rfc5415, The wbid field identifies the bound wireless technology. The value of this field is 1 for 802.11.

3.2 function division

Because capwap is protocol-independent, when binding 802.11, You need to divide the functions required by 802.11, that is, the functions provided by 802.11 are provided by the provider (AC or WTP) to clarify the functions that need to be implemented. In short, it refers to the 802.11 functions that AC and WTP need to implement.

3.2.1 split Mac

Unzip split Mac

In, the division of AC and WTP in the split Mac is as follows:

As we can see from this, in the split Mac, the distribution and integration services are completed in the AC, so all user data is transmitted in a tunnel between the WTP and the AC. However, all real-time 802.11 services, including beacon and probe response frames, are processed in WTP.

Associated requests and other 802.1x EAP protocols and rnsa key management functions are also completed on the AC. This indicates that authentication, authorization, and accounting (AAA) are also completed on the AC.

The control modules of are all completed on the AC, and the real-time scheduling and queue functions are all completed on the WTP. Note: This does not mean that the AC cannot provide additional policies and scheduling functions.

Use 802.1x end user authentication and Advanced Encryption Standard-counter mode with CBC-MAC protocol (AES-CCMP) encryption.

'(-)' Indicates that frames are processed on WTP.

The process is as follows:

WTP generates an IEEE 802.11 beacon frame, including robust security network information element (rsnie), which supports 802.1x and AES-CCMP.

WTP processes the probe request and responds to the corresponding probe response. WTP can choose whether to forward this request to the AC.

WTP forwards ieeee 802.11 authentication and associated frames to the AC.

Once the association is successful, AC sends a station configuration request to WTP.

If WTP provides the encryption and decryption service, once the client completes the key exchange, the AC sends another station configuration request.

WTP forwards all received IEEE 802.11 management frames to WTP.

All IEEE 802.11 station data frames are transmitted through tunnel between WTP and AC.

Note: When the encryption and decryption of 802.11 is completed in WTP, WTP must parse the data frame sent to the AC, and ensure that the format of the frame is consistent with the unprotected 802.11 frame format. For data frames sent by the AC to WTP, the AC must set the protection field in the frame to 0 to ensure that WTP can correctly process the frames. When 802.11 of encryption and decryption is completed by the AC, WTP should not parse the data frames sent to the AC.

3.2.2 local Mac

￠ Local Mac

In, the division of AC and WTP in local Mac is as follows:

In local mac mode, the integration service is completed on WTP, and the distribution service can be completed on WTP or AC. If it is in the AC, the messages generated by the station are not forwarded to the AC in the original format, but encapsulated into a 802.3 frame format.

IEEE 802.1x [IEEE.802-1X.2004], EAP, and ieee rsna key management [IEEE.802-11.2007] functions are all in AC. Therefore, WTP must forward all IEEE 802.1x, EAP, and RSNA key management packets to the AC and forward the AC response to the station.

Use a AES-CCMP for encryption:

WTP generates IEEE 802.11 beacon packets

WTP processes the probe request and answers a probe response

WTP forwards IEEE 802.11 authentication and association to AC.

Once the association is successful, AC sends a station configuration request to WTP.

WTP forwards all EEE 802.1x and IEEE 802.11 Key Exchange packets to the AC.

WTP forwards all IEEE 802.11 management action packets to the AC.

WTP can also use the 802.3 or 802.11 Message format to send client data packets to the AC through tunnel.

3.3 sta roaming

Once a client has successfully associated with the network in

Secure fashion, it is likely to attempt to roam to another WTP.

Figure 6 shows an example of a currently associated station moving

From its "Old WTP" to a "new WTP". The figure is valid for multiple

Different security protocols ies, including IEEE 802.1x and Wireless

Protected Access (WPA) or wireless protected access 2 (wpa2) [WPA].

If a sta that has been successfully connected to WTP wants to move to the new WTP, this behavior is called "Roaming ".

3.4 group key refresh

Because the Group Key (GTK) of BSS needs to be refreshed at intervals. In the case of split Mac, the AC needs to copy all the broadcast packets and update the key index so that the packets are repeatedly sent in the current and new GTK methods, to ensure that all stations on the BSS can receive broadcast packets. In local Mac, this process is completed by WTP.

Basic Service Set (BSS): a set of stations controlled by a single coordination function.

The AC uses the IEEE 802.11 configuration request as the signal, indicating that GTK needs to be updated. Then, the AC starts to update GTK for each station. In this process, the AC (split Mac) or WTP (local Mac) must copy broadcast packets and use new and current GTK encryption. When the AC completes GTK update, the AC transmits an IEEE 802.11 configuration request with a new GTK.

3.5 capwap Data Channel QoS Behavior

The capwap IEEE 802.11 binding specification provides QoS support for WTP for data packets.

3.5.1 IEEE 802.11 data frames

When creating a WLAN on WTP, a default QoS service policy is used to enable WTP to use the default QoS value for each associated station.

The AC can modify this QoS policy by sending an update station QoS message.

In addition to the Default policy, the IEEE 802.11 Protocol also allows each station to require a special QoS policy, which is implemented through the tspec information element.

WTP uses Differentiated Services Code Point (dscp) or 802.1p to implement QoS. However, these two methods cannot coexist. AC can require WTP not to be used, use either or both of them.

802.11 the tagging policy field of WTP Quality of Service message is used to indicate the selected QoS policy, as shown below:

0 1 2 3 4 5 6 7

+-+

| Rsvd | p | q | d | o | I |

+-+

P indicates that WTP uses the 802.1p mechanism to implement QoS, and D indicates that WTP uses the dscp mechanism to implement QoS, for the meanings of the remaining three fields, see Section 2.6.1.1 and section 2.6.1.2 of RFC 5416.

Dscp

Dscp differential service code point (Differentiated Service Code Point). In December 1998, IETF released the QoS classification standard for diff-SERV (differentiated service. in the service class TOS mark byte in the IP header of each packet, it uses 6 bits in use and 2 bits in use to identify the priority by encoding value.

Dscp is a combination of "ip priority" and "service type" fields. To use an old router that only supports "ip first", the dscp value is used because the dscp value is compatible with the "ip first" field.

Each dscp encoding value is mapped to a defined PHB (Per-hop-behavior) identifier.

You can enter a dscp value to identify the traffic on the phone, Windows client, server, and other terminal devices.

IEEE 802.1 p

IEEE 802.1 p: L2 QoS/COS protocol for LAN traffic priority

IEEE 802.1 p: Lan Layer 2 QoS/COS protocol for traffic prioritization

The IEEE 802.1 p specification enables L2 switches to provide traffic priority and Dynamic Multicast filtering services. Priority rules work on the Media Access Control (MAC) frame layer (Layer 2 of the OSI reference model ). The 802.1 p standard also provides the multicast traffic filtering function to ensure that the traffic does not exceed the second layer switching network range.

The 802.1 p protocol header contains a three-bit priority field, which supports grouping data packets into various traffic types. IEEE strongly recommends network administrators to implement these traffic types, but it does not require mandatory use. The traffic type can also be defined as the second-level service quality (QOS) or service class (COS) and implemented on network adapters and switches without any reserved settings. 802.1 p of traffic is simply classified and sent to the destination, without the Bandwidth Reservation Mechanism.

802.1 p is an extended protocol of IEEE 802.1Q (VLAN label technology), which works collaboratively. The IEEE 802.1Q standard defines the labels added for Ethernet MAC frames. VLAN tags have two parts: vlan id (12 bits) and priority (3 bits ). The IEEE 802.1Q VLAN standard does not define or use a priority field, which is defined in 802.1 p.

There are 8 priorities defined in 802.1 p. Although the network administrator must determine the actual ing, IEEE still makes a lot of suggestions. The highest priority is 7, which is applied to key network traffic, such as route selection Information Protocol (RIP) and Open Shortest Path priority (OSPF) protocol route table update. Priority 6 and 5 are mainly used for delay-sensitive applications, such as interactive videos and speech. Priority 4 to 1 is mainly used for controlled-load applications, such as streaming multimedia and business-critical traffic. For example, SAP data-and "loss eligible" traffic. Priority 0 is the default value and is automatically enabled if other priority values are not set.

3.6 run state operation

The run status is the normal status of AC and WTP.

When WTP receives a WLAN configuration request message, it must respond to a WLAN configuration Response Message and stay in the run state;

When the AC sends a WLAN configuration request message or receives a response from the WTP, it must also stay in the run status.

PS: WLAN configuration request message and WLAN configuration Response Message. For more information, see section 3.7.

3.7 IEEE 802.11 specific capwap Control Messages

This chapter defines some capwap control messages, which are only applicable to binding 802.11.

IEEE 802.11 WLAN configuration request

The token is sent by the AC to the WTP to change the services provided on the WTP. This message can be used to create, upgrade, or delete wtp wlan.

The message may be caused by manual management configuration (for example, deleting a WLAN), or automatically creating a WLAN on WTP. If it is the latter, the message will be sent after the AC receives the capwap configuration update response (refer to chapter [rfc5415] 8.5.

After receiving the control packet, the hacker will make required changes and then send an IEEE 802.11 WLAN configuration response.

￠ WTP may provide multiple WLANs, so each WLAN is defined by a digital index. For example, a WTP that supports 16 SSID can accept 16 IEEE 802.11 WLAN configuration requests to create a WLAN.

The secondary index is the basic identifier of a WLAN. The AC may try to define the same WLAN on all WTP managed by it with the same index number. If the AC does not support this method, you must use other methods to maintain a WLAN-Identifier-to-SSID ing table.

IEEE 802.11 WLAN configuration response

WTP sends the request to the AC, which is used to respond to the IEEE 802.11 WLAN configuration request and tell whether the request configuration is successful or an error occurs.