■ Security management
■ QoS policies
■ VLAN tagging
■ Forwarding of user traffic
The Lightweight Access Point Protocol (LWAP) supports the split MAC
function in traffic between a lightweight AP and its controller. LWAP uses
AES-encrypted control messages and encapsulates, but does not encrypt,
data traffic. LWAP operates at Layer 2, and also at Layer 3 over UDP.
(However, Layer 2 operation has been deprecated by Cisco.) The controller
can be either in the same broadcast domain and IP subnet or in a different
broadcast domain and IP subnets for Layer 3 operation. The AP follows this
process to discover its controller:
Step 1. The AP requests a DHCP address. The DHCP response includes
the management IP address of one or more WLCs.
Step 2. The AP sends an LWAPP Discovery Request message to each
WLC.
Step 3. The WLCs respond with an LWAPP Discovery Response that
includes the number of APs currently associated to it.
Step 4. The AP sends a Join Request to the WLC with the fewest APs
associated to it.
Step 5. The WLC responds with a Join Response message, the AP and
the controller mutually authenticate each other and derive encryption
keys to be used with future control messages. The WLC then
configures the AP with settings, such as SSIDs, channels, security
settings, and 802.11 parameters.
The Cisco Aironet 2000 series WLC can handle up to six APs; thus, it is
sized for small- to medium-sized operations.
The Cisco Aironet 4400 series WLC supports medium to large facilities with
the 4402 handling up to 50 APs, and the 4404 handling up to 100 APs.