Solved: CAPWAP process

AndreasGrossen · ‎03-15-2020

Hi All

I have some question about the CAPWAP process.

So in our company the access points need the dns entry to find the wireless controller.

So the AP receive the IP of the active WLC. Then the AP will connect. But is there something like a handshake between the AP and the WLC?

Cheers

Andi

Rasika Nayanajith · ‎03-16-2020

Hi Andi,

Yes, once AP discover a WLC to join, it will go through the Join process. Prior to send Join Request, AP has to establish DTLS tunnel with WLC. Here is that flow of those packet in DTLS handshake. Refer this post for detail

https://mrncciew.com/2013/03/17/ap-registration/

HTH

Rasika

*** Pls rate all useful responses ***

View solution in original post

Leo Laohoo · ‎03-15-2020

I haven't used DNS to do this function for a long time.
I've been using the recommended DHCP Option 43.

Cristian Matei · ‎03-16-2020

Hi,

Regardless of how you setup the AP to learn about the WLC, in the end they build a DTLS control-plane tunnel (CAPWAP), based on certificates, so the session is secure. As long as NTP is working correctly and certificates are valid, the AP is allowed to join the WLC; if required, you can configure in the WLC some kind of authorization, to control which LAP's can actually join the WLC, so that there is no way that someone plugs in a rogue LAP, knows about the WLC address, and it's instantly allowed to join.

Regards,

Cristian Matei.

Rasika Nayanajith · ‎03-16-2020

Hi Andi,

Yes, once AP discover a WLC to join, it will go through the Join process. Prior to send Join Request, AP has to establish DTLS tunnel with WLC. Here is that flow of those packet in DTLS handshake. Refer this post for detail

https://mrncciew.com/2013/03/17/ap-registration/

HTH

Rasika

*** Pls rate all useful responses ***