The present disclosure relates generally to data path encapsulation between an IEEE 802.11 Wireless LAN (WLAN) AP (Access Point) and an access switch.
Data received from an access point on a wired interface of a wireless aware switch or network device is typically encapsulated in accordance with a standards based protocol such as Lightweight Access Point Protocol (LWAPP) or Control And Provisioning of Wireless Access Points (CAPWAP). LWAPP/CAPWAP enables control and data frames to be exchanged between the AP and a wireless controller over any arbitrary underlying enterprise network. With conventional implementation, unicast IP packets are transmitted from a wireless station over a tunnel. The AP and the wireless controller share the tunnel and the original IP datagram packets are fragmented and encapsulated in Ethernet or other types of packets.
The security of a wireless LAN (Local Area Network) is very important. WEP (Wired Equivalent Privacy), WPA (Wi-Fi Protected Access), WPA2 (Wi-Fi Protected Access-2), etc are some of the optional encryption alternatives for IEEE 802.11 and related WLAN standard and are implemented in the MAC layer that most APs support. If a user activates WEP/WPA/WPA2, the payload of each 802.11 frame is encrypted before transmission to the AP. The AP performs decryption upon arrival of the frame. As a result, WEP, WPA, WPA2, etc only encrypts data between 802.11 stations (e.g., wireless client and AP). Once the frame enters the wired side of the network, such as between an access point and a switch, the wireless cryptographic protection no longer applies. Therefore, transfer of data from an AP to the switch is typically not secure and susceptible to message forgeries and other active attacks. In addition to the above drawbacks, performing cryptographic operations on the AP increases the cost, complexity, and power requirements of the AP. Managing per client keys and performing re-keying on the AP also adds to the client roaming time.
Corresponding reference characters indicate corresponding parts throughout the several views of the drawings.