Solved: Re: CAPWAP vs LWAPP

alexey.murkaev · ‎05-28-2009

Hello all. I have WLC 4402 and Aironet 1522 AP's. Implementation includes mesh topology and ethernet bridging. I have configured LWAPP L2 in the very beginning. But then I have read that for ethernet bridging LWAPP L3 must be configured. Till now mesh is working fine, but AP that provides ethernet bridging some times goes down. Few minutes ago I have found this http://www.cisco.com/en/US/docs/wireless/technology/mesh/design/guide/MeshAP_52.html#wp1167834 where it says that in release 5.2 (and that release is on my WLC) CAPWAP replaces LWAPP.

So, what should I do?

Should I configure for ethernet bridging LWAPP L3 or what?

Thanks in advance!

dennischolmes · ‎06-02-2009

Although CAPWAP is based on LWAPP there are some critical differences to note. First, control traffic is no longer contained in a AES encrpted LWAPP tunnel and data traffic in the clear. On a WLC 4400 data traffic is still in the clear and control traffic is in a DTLS encrypted tunnel. In the upcoming controllers it is proposed to enhance security by including ALL traffic in the DTLS tunnel. Second, the CAPWAP discovery process is much more robust than LWAPP. Third, dynamic MTU is part of CAPWAP. This allows for better communication between the controller and the network. This was a big issue with LWAPP and a much needed improvement.

Layer 3 is the ONLY method I would deploy in either LWAPP or CAPWAP as it truly enables the functionality of IP. I was a big proponent early on of Layer 2 for small offices but as IP Voice communications and applications continued to develope, the need for Layer 3 in all deployments became more evident. This became Cisco's plan as well and layer 2 is considered a out of date legacy method of configuring a WLAN.

View solution in original post

jeff.kish · ‎06-01-2009

L2 LWAPP was always a legacy protocol that Cisco never intended for anyone to use. Not that you can't, clearly you're running it well in L2. I would consider trying to get to L3 though, just in case you make changes to your network that require aspects of L3 LWAPP. L2 requires that all controllers and APs be on the same subnet, which is rarely the best design practice.

As for LWAPP vs CAPWAP, the upgrade is mostly transparent to the user. It's a change in protocol between the APs and controller, but that's it. I do not know whether there's a L2 CAPWAP mode or not, though.

Leo Laohoo · ‎06-01-2009

Hi Jeff,

CAPWAP was recently introduced in firmware 5.2.X and Cisco also removed L2. So I guess, CAPWAP is only valid in L3 mode.

dennischolmes · ‎06-02-2009

Although CAPWAP is based on LWAPP there are some critical differences to note. First, control traffic is no longer contained in a AES encrpted LWAPP tunnel and data traffic in the clear. On a WLC 4400 data traffic is still in the clear and control traffic is in a DTLS encrypted tunnel. In the upcoming controllers it is proposed to enhance security by including ALL traffic in the DTLS tunnel. Second, the CAPWAP discovery process is much more robust than LWAPP. Third, dynamic MTU is part of CAPWAP. This allows for better communication between the controller and the network. This was a big issue with LWAPP and a much needed improvement.

Layer 3 is the ONLY method I would deploy in either LWAPP or CAPWAP as it truly enables the functionality of IP. I was a big proponent early on of Layer 2 for small offices but as IP Voice communications and applications continued to develope, the need for Layer 3 in all deployments became more evident. This became Cisco's plan as well and layer 2 is considered a out of date legacy method of configuring a WLAN.