A little review… In previous CAPWAP episodes we saw that… There are many interdependent security protocols running between the station and the network CAPWAP potentially introduces new exposure by breaking the original fat AP model into two pieces and connecting them with a channel which may traverse hostile hops Want to do all we reasonably can to ensure that this architectural change does not degrade existing WLAN security (don’t introduce a weak link) |