capwap-2----Page:5
1 2 3 4 5 6 7 8 9 10 11 12 13
|
Document Overview Introduction A little background on original fat AP mode Provides important context CAPWAP splits this fat AP functionality in two WTP implements WLAN edge functions with respect to user AC implements edge functions with respect to LAN, AAA Variable splits of MAC functions between WTP/AC Splitting in itself introduces nothing new in terms of security if the same assumptions hold as for fat AP model But often, they don’t Fat AP model typically assumes wired LAN is “safe” CAPWAP may run across “unsafe” hop(s) Ideally, CAPWAP should introduce no new vulnerabilities which are not intrinsic to WLANs (i.e. present in fat AP scenarios) Practically, this is not achievable, but we must strive to minimize new exposures introduced by the act of splitting the AP function |