Presentation is loading. Please wait.

Presentation is loading. Please wait.

Light Weight Access Point Protocol (LWAPP) Pat R. Calhoun draft-ohara-capwap-lwapp-01.txt.

Published byCharleen Patrick Modified over 8 years ago

Similar presentations

Presentation on theme: "Light Weight Access Point Protocol (LWAPP) Pat R. Calhoun draft-ohara-capwap-lwapp-01.txt."— Presentation transcript:

1 Light Weight Access Point Protocol (LWAPP) Pat R. Calhoun draft-ohara-capwap-lwapp-01.txt

2 Introduction Components of protocol: –Discovery phase –Control Channel Management Join (binding phase) –Creates LWAPP security association Watchdog Key Update –WTP Configuration WTP initiated Configuration Request AC initiated Configuration Update WTP Config Clear

3 Introduction (cont.) Components of protocol: –Device Management Operations WTP Reset WTP Firmware Download WTP Event Notification (Unsolicited events, such as statistics) –Mobile Management Create forwarding policies on WTP –IEEE 802.11 Technology Binding WLAN (service) Configuration

4 WTP/AC Communication Discovery Phase Join Phase Security Association Established – encryption enabled WTP Configuration AP Advertises service Image Data Transfer AP Reboots with new firmware Either: 1) or 2) WTPAC

5 New LWAPP State Machine /------------\ | v | +------------+ | C| Idle | +------------+ | | / | C| Run | | Key Update | | | / | r+-----------+ +-------+ | | b+--------------+ +-------------+ | Reset | | | |d f| ^ | Configure |------->+-------+ | | | | | +-------------+p ^ | |e v | | ^ ^ | | +---------+ v |i |k 2| | | C| Sulking | +------------+ +--------------+ | | +---------+ C| Join |--->| Join-Confirm | | | g+------------+z +--------------+ | | |h m| 3| |4 | | | | | v |o |\ | | | +------------+ \\-----------------/ \--------+---->| Image Data |C \------------------------------------/ +------------+n

6 New LWAPP State Machine State machine is now consistent with text throughout the document New text in -01 now has explicit text about state machine behavior, for instance: Idle to Discovery (a): This is the initialization state. WTP: The WTP enters the Discovery state prior to transmitting the first Discovery Request (see Section 5.1). Upon entering this state, the WTP sets the DiscoveryInterval timer (see Section 12). The WTP resets the DiscoveryCount counter to zero (0) (see Section 13). The WTP also clears all information from ACs (e.g., AC Addresses) it may have received during a previous Discovery phase. AC: The AC does not need to maintain state information for the WTP upon reception of the Discovery Request, but it MUST respond with a Discovery Response (see Section 5.2).

7 Technology Bindings Added text about how to add new technology bindings (section 2.1) Moved and renamed all 802.11 specific protocol components to 802.11 binding (section 11) Defined IEEE 802.11 specific message elements in binding section –Mobile Config Request (section 11.4.1) –WTP Event Request (section 11.4.2)

8 Technology Bindings (cont.) Introduced IEEE 802.11 specific commands –IEEE 802.11 WLAN Config Request –IEEE 802.11 WLAN Config Response –IEEE 802.11 WTP Event Many IEEE 802.11 specific message elements are defined in section 11

9 LWAPP Transport LWAPP is transport agnostic. Specification defines IP/UDP and IEEE 802.3 –New text (01) now a single transport header IEEE 802.3 and IP/UDP refer back to single header figure 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |VER| RID |C|F|L| Frag ID | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Status/WLANs | Payload... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

10 Division of Labor – Split MAC WTP –802.11 control protocol –802.11 beacons –802.11 probe responses –802.11e frame queuing –802.11i frame encryption AC –802.11 MAC management e.g., Association, Action –802.11 Data Frames –802.11e resource reservation –802.11i Auth/Key Exchange Local MAC behavior will be added in -03.

11 LWAPP Data Frames –LWAPP defines the following format for the IEEE 802.11 technology binding: +-----------------------------------------------------------+ |Transport Header | LWAPP Header [C=0] | 802.11 Frame... +-----------------------------------------------------------+

12 LWAPP Control Messages LWAPP defines a specific header for Control messages: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Message Type | Seq Num | Msg Element Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Session ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Msg Element [0..N] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

13 LWAPP Messages Increased the readability of every LWAPP Control message: –Section now includes all message elements allowed: 5.2 Discovery Response............... 33 5.2.1 AC Address............... 34 5.2.2 AC Descriptor............. 34 5.2.3 AC Name................ 35 5.2.4 WTP Manager Control IP Address..... 36 –Includes complete instructions on WTP and AC behavior, and ties back into state machine –Refers to all necessary timers and variables (sections 12 and 13)

14 Message Elements Significant formatting changes –Removed large message element table –Each message element now includes identifier number and length. 5.1.1 Discovery Type The Discovery message element is used to configure an WTP to operate in a specific mode. 0 0 1 2 3 4 5 6 7 +-+-+-+-+-+-+-+-+ | Discovery Type| +-+-+-+-+-+-+-+-+ Type: 58 for Discovery Type Length: 1 Discovery Type: An 8-bit value indicating how the AC was discovered. The following values are supported: 0 - Broadcast 1 - Configured

15 Security Significant cleanup in text detailing certificate based LWAPP security –Message elements clearly spell out their contents Introduction of PSK –State machine changes –Changes to certain message elements to handle both modes of operation –Specific text detailing DH/PRF security approach AC Advertises security modes supported in AC Descriptor (section 5.2.2) New Security Considerations section for both modes of operation.

16 Certificate Based Security Join request (WTP-Cert, SID) Join Response (AC-Cert, SID, cipher-text) AC Creates session keys (KeyMaterial) Data = E-wtp{Kpub, PKCS1(KeyMaterial)} Cipher-text = E-ac{Kpriv, SID|Data} WTPAC Data = D-ac{Kpub, Cipher-text} PKCS1(KeyMaterial) = D-ac{Kpriv, data} AES-CCM Encrypted Control Channel

17 PSK Based Security Join request (DH-Params(g, p, g^x mod p), WNonce, SID) Join Response (DH-Params(g^y mod p), SID, ANonce, PSK-MIC) AC chooses exponent y and creates ANonce PMS = LEN_16(Z) | Z | LEN_16(PSK) | PSK KeyMaterial = PRF(PMS, "master secret", Wnonce + Anonce) Key Material is split into K1 (KCK), K2 (KEK) and K3 (Rekey key) WTPAC WTP computes key PSK-MIC validation provides key confirmation AES-CCM Encrypted Control Channel Join ACK (SID, PSK-MIC) Join Confirm (SID, PSK-MIC) PSK-MIC validation provides key confirmation Authenticated Join Confirm closes the state machine loop AC chooses exponent x and creates WNonce

Download ppt "Light Weight Access Point Protocol (LWAPP) Pat R. Calhoun draft-ohara-capwap-lwapp-01.txt."

Similar presentations

Secure Socket Layer.

Secure Socket Layer.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
Doc.: IEEE 15-13-0677-02-0009-tg9-proposed-document-changes Submission Nov 2013 Robert Moskowitz, VerizonSlide 1 Project: IEEE P802.15 Working Group for.

Doc.: IEEE tg9-proposed-document-changes Submission Nov 2013 Robert Moskowitz, VerizonSlide 1 Project: IEEE P Working Group for.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
Internetworking Different networks –Different bit rates –Frame lengths –Protocols.

Internetworking Different networks –Different bit rates –Frame lengths –Protocols.
Chapter 13 Mobile IP. Outline  ADDRESSING  AGENTS  THREE PHASES  AGENT DISCOVERY  REGISTRATION  DATA TRANSFER  INEFFICIENCY IN MOBILE IP.

Chapter 13 Mobile IP. Outline  ADDRESSING  AGENTS  THREE PHASES  AGENT DISCOVERY  REGISTRATION  DATA TRANSFER  INEFFICIENCY IN MOBILE IP.
Light Weight Access Point Protocol (LWAPP) Pat R. Calhoun Bob O’Hara Rohit Suri Nancy Cam Winget Scott Kelly Michael Williams Sue Hares draft-ohara-capwap-lwapp-03.txt.

Light Weight Access Point Protocol (LWAPP) Pat R. Calhoun Bob O’Hara Rohit Suri Nancy Cam Winget Scott Kelly Michael Williams Sue Hares draft-ohara-capwap-lwapp-03.txt.
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
VLAN Trunking Protocol (VTP) W.lilakiatsakun. VLAN Management Challenge (1) It is not difficult to add new VLAN for a small network.

VLAN Trunking Protocol (VTP) W.lilakiatsakun. VLAN Management Challenge (1) It is not difficult to add new VLAN for a small network.
OSI Model Routing Connection-oriented/Connectionless Network Services.

OSI Model Routing Connection-oriented/Connectionless Network Services.
CAPWAP Editor’s Report Pat R. Calhoun Cisco Systems, Inc.

CAPWAP Editor’s Report Pat R. Calhoun Cisco Systems, Inc.
Light Weight Access Point Protocol (LWAPP) IETF 57 Pat Calhoun, Airespace.

Light Weight Access Point Protocol (LWAPP) IETF 57 Pat Calhoun, Airespace.
VLAN Trunking Protocol (VTP)

VLAN Trunking Protocol (VTP)
Speaker:Yi-Jie Pan Advisor:Dr. Kai-Wei Ke 2014/04/28

Speaker:Yi-Jie Pan Advisor:Dr. Kai-Wei Ke 2014/04/28
1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.
Yang Shi, Chris Elliott, Yong Zhang IETF 73 rd 18 Nov 2008, Minneapolis CAPWAP WG MIB Drafts Report.

Yang Shi, Chris Elliott, Yong Zhang IETF 73 rd 18 Nov 2008, Minneapolis CAPWAP WG MIB Drafts Report.
Lecture 14 ISAKMP / IKE Internet Security Association and Key Management Protocol / Internet Key Exchange CIS 4362 - CIS 5357 Network Security.

Lecture 14 ISAKMP / IKE Internet Security Association and Key Management Protocol / Internet Key Exchange CIS CIS 5357 Network Security.
Doc.: IEEE 802.11-14/0158r2 Submission TGaq Pre-Association Discovery Protocol for ANDSF Discovery Service Date: 2014-05-14 May 2014 Joe Kwak, InterDigitalSlide.

Doc.: IEEE /0158r2 Submission TGaq Pre-Association Discovery Protocol for ANDSF Discovery Service Date: May 2014 Joe Kwak, InterDigitalSlide.
20 November 2015 RE Meyers, Ms.Ed., CCAI CCNA Discovery Curriculum Review Networking for Home and Small Businesses Chapter 7: Wireless Technologies.

20 November 2015 RE Meyers, Ms.Ed., CCAI CCNA Discovery Curriculum Review Networking for Home and Small Businesses Chapter 7: Wireless Technologies.
March 2007 CAPWAP Protocol Specification Editors' Report March 2007

March 2007 CAPWAP Protocol Specification Editors' Report March 2007

Similar presentations

Ads by Google