This MIB is intended to be implemented on all those
devices operating as Central Controllers (CC)  that
terminate the Light Weight Access Point Protocol
tunnel from Cisco Light-weight LWAPP Access Points.

This MIB helps to manage the RLANs on the controller.

The relationship between CC and the LWAPP APs
can be depicted as follows:

+......+     +......+     +......+           +......+
+      +     +      +     +      +           +      +
+  CC  +     +  CC  +     +  CC  +           +  CC  +
+      +     +      +     +      +           +      +
+......+     +......+     +......+           +......+
..            .             .                 .
..            .             .                 .
.  .            .             .                 .
.    .            .             .                 .
.      .            .             .                 .
.        .            .             .                 .
+......+ +......+     +......+      +......+          +......+
+      + +      +     +      +      +      +          +      +
+  AP  + +  AP  +     +  AP  +      +  AP  +          +  AP  +
+      + +      +     +      +      +      +          +      +
+......+ +......+     +......+      +......+          +......+
.              .             .                 .
.  .              .             .                 .
.    .              .             .                 .
.      .              .             .                 .
.        .              .             .                 .
+......+ +......+     +......+      +......+          +......+
+      + +      +     +      +      +      +          +      +
+  MN  + +  MN  +     +  MN  +      +  MN  +          +  MN  +
+      + +      +     +      +      +      +          +      +
+......+ +......+     +......+      +......+          +......+

The LWAPP tunnel exists between the controller and
the APs.  The MNs communicate with the APs through
the protocol defined by the 802.11 standard.

LWAPP APs, upon bootup, discover and join one of the
controllers and the controller pushes the configuration,
that includes the RLAN parameters, to the LWAPP APs.
The APs then encapsulate all the 802.11 frames from
wireless clients inside LWAPP frames and forward
the LWAPP frames to the controller.

                   GLOSSARY

Access Point ( AP )

An entity that contains an 802.11 medium access
control ( MAC ) and physical layer ( PHY ) interface
and provides access to the distribution services via
the wireless medium for associated clients.  

LWAPP APs encapsulate all the 802.11 frames in
LWAPP frames and sends it to the controller to which
it is logically connected to.

Central Controller ( CC )

The central entity that terminates the LWAPP protocol
tunnel from the LWAPP APs.  Throughout this MIB,
this entity also referred to as 'controller'.

Light Weight Access Point Protocol ( LWAPP ) 

This is a generic protocol that defines the
communication between the Access Points and the
controllers.

Mobile Node ( MN )

A roaming 802.11 wireless device in a wireless
network associated with an access point. 

Access Control List ( ACL )

A list of rules used to restrict the traffic reaching 
an interface or the CPU or RLAN.  Each ACL is an ordered
set of rules and actions.  If a rule matches then the 
action for that rule is applied to the packet.

802.1x

The IEEE ratified standard for enforcing port based
access control.  This was originally intended for
use on wired LANs and later extended for use in
802.11 RLAN environments.  This defines an
architecture with three main parts - a supplicant
(Ex. an 802.11 wireless client), an authenticator
(the AP) and an authentication server(a Radius
server).  The authenticator passes messages back
and forth between the supplicant and the
authentication server to enable the supplicant
get authenticated to the network.

Temporal Key Integrity Protocol ( TKIP )

A security protocol defined to enhance the limitations
of WEP.  Message Integrity Check and per-packet keying
on all WEP-encrypted frames are two significant
enhancements provided by TKIP to WEP.

Cisco Key Integrity Protocol ( CKIP )

A proprietary implementation similar to TKIP.  CKIP
implements key permutation for protecting the CKIP
key against attacks.  Other features of CKIP include
expansion of encryption key to 16 bytes of length for
key protection and MIC to ensure data integrity.

Wired Equivalent Privacy ( WEP )

A security method defined by 802.11. WEP uses a
symmetric key stream cipher called RC4 to encrypt the
data packets.

Wi-Fi Protected Access ( WPA )

Wi-Fi Protected Access (WPA and WPA2) are security
systems created in response to several serious
weaknesses found in Wired Equivalent Privacy (WEP).
WPA implements the majority of the IEEE 802.11i
standard, and was intended as an intermediate
measure to take the place of WEP while 802.11i was
prepared. WPA is designed to work with all wireless
network interface cards, but not necessarily with
first generation wireless access points.

RLAN Layer 2 Security

RLAN layer 2 (MAC) security defines the encryption and 
authentication approaches such as 802.1x, WPA, 
WPA2, CKIP and WEP.                

POE (Power Over Ethernet)

Power over Ethernet or PoE describes any of 
several standardized or ad-hoc systems which 
pass electrical power along with data on 
Ethernet cabling. This allows a single cable 
to provide both data connection and electrical 
power to devices such as wireless
access points or IP cameras.

Multicast Domain Name System (mDNS)

This is the underlying protocol that is used for Service advertisement  
and discovery in technologies like Bonjour, Zero Touch Configuration 

REFERENCE

[1] Wireless LAN Medium Access Control ( MAC ) and
Physical Layer ( PHY ) Specifications.

[2] Draft-obara-capwap-lwapp-00.txt, IETF Light 
Weight Access Point Protocol 

[3] IEEE 802.11 - The original 1 Mbit/s and 2 Mbit/s, 
2.4 GHz RF and IR standard.