This MIB is intended to be implemented on all those
devices operating as Central Controllers (CC) that
terminate the Light Weight Access Point Protocol
tunnel from Light-weight LWAPP Access Points.
        
This MIB provides configuration and status information
about the ACLs on the controller.
        
Particularly this mib covers the CPU ACLs for the wireless
controllers.
        
Traffic to the controller CPU comes from the NPU (Network
Processing Unit).
        
Using CPU ACLs, the user can place restrictions on type of
traffic reaching the CPU of the controller from the NPU.      
        
        
        
CPU ACLs introduce an ACL for the traffic to the CPU of
controller. With this ACL the type of packets reaching the
CPU can be controlled. The mode of operation is as follows.
        
The administrator designates one ACL for the traffic to the
CPU. The ACL kicks in for packets from the NPU to the CPU.
Each ACL is an ordered set of rules. If a rule matches then
action for that rule is applied to the packet. The decision
to send or drop the packet is taken based on the action
parameter of the ACL.
        
There will be no ACL for the packets from the CPU to the
NPU.
        
        
        
                        GLOSSARY                              
        
        
Access Control List ( ACL )
        
A list of rules used to restrict the traffic reaching an
interface or the CPU.  Each ACL is an ordered set of rules
and actions.  If a rule matches then the action for that 
rule is applied to the packet.
        
        
        
Access Point ( AP )
        
An entity that contains an 802.11 medium access control 
( MAC ) and physical layer ( PHY ) interface and provides
acess to the distribution services via the wireless medium
for associated clients.
        
        
CPU ACL ( CPU ACL )
        
The ACL applied to the CPU.  This controls the type of 
traffic reaching the CPU of the controller.
        
        
        
Network Processing Unit ( NPU )
        
This entity is responsible for forwarding traffic to the
CPU. The only exceptions are data coming thorugh the 
console port and the Service port i.e. these communicate
directly with the CPU and not via the NPU.
        
        
Light Weight Access Point Protocol ( LWAPP )
        
This is a generic protocol that defines the communciation
between the Access Points and the Central Controller.
        
Cryptographically Generated Addresses (CGA)
        
Cryptographically Generated Addresses (CGAs) are IPv6 
addresses, which allow for a secure association of an 
IPv6 address, the CGA, with a public key.
        
Internet Protocol Version 6(IPV6)
        
An IPv6 address is a numerical label that is used to 
identify a network interface of a computer or other 
network node participating in an IPv6 computer network.
        
An IP address serves the purpose of uniquely identifying 
an individual network interface of a host, locating it on 
the network, and thus permitting the routing of IP packets 
between hosts. For routing, IP addresses are present in 
fields of the packet header where they indicate source and 
destination of the packet.
        
IPv6 is the successor to the first addressing infrastructure 
of the Internet, Internet Protocol version 4 (IPv4). In 
contrast to IPv4, which defined an IP address as a 32-bit 
value, IPv6 addresses have a size of 128 bits. Therefore, 
IPv6 has a vastly enlarged address space compared to IPv4.
        
Neighbor Discovery Protocol (NDP)
        
The NDP is a protocol in the Internet protocol suite used 
with IPv6. It operates in the Link Layer of the Internet 
model, and is responsible for address autoconfiguration 
of nodes, discovery of other nodes on the link, determining 
the addresses of other nodes, duplicate address detection, 
finding available routers and Domain Name System (DNS) servers, 
address prefix discovery, and maintaining reachability 
information of other active neighbor nodes.
        
NDP defines five ICMPv6 packet types for the purpose of 
router solicitation, router advertisement, neighbor 
solicitation, neighbor advertisement, and network redirects.
        
Router Solicitation(RS)
Hosts inquire with Router Solicitation messages to 
locate routers on an attached link. Routers which 
forward packets not addressed to them generate Router 
Advertisements immediately upon receipt of this message 
rather than at their next scheduled time.
        
Router Advertisement(RA)
Routers advertise their presence together with various
link and Internet parameters either periodically, or 
in response to a Router Solicitation message.
        
Neighbor Solicitation (NS)
Neighbor solicitations are used by nodes to determine 
the link layer address of a neighbor, or to verify 
that a neighbor is still reachable via a cached link 
layer address.
        
Neighbor Advertisement(NA)
Neighbor advertisements are used by nodes to respond 
to a Neighbor Solicitation message.
        
Redirect
Routers may inform hosts of a better first hop router 
for a destination.
        
REFERENCE
        
[1] Part 11 Wireless LAN Medium Access Control ( MAC ) and
Physical Layer ( PHY ) Specifications.