Network Working Group S. Govindan, Ed. Request for Comments: 4564 H. Cheng Category: Informational Panasonic ZH. Yao Huawei WH. Zhou China Mobile L. Yang Intel July 2006
Network Working Group S. Govindan, Ed. Request for Comments: 4564 H. Cheng Category: Informational Panasonic ZH. Yao Huawei WH. Zhou China Mobile L. Yang Intel July 2006
Objectives for Control and Provisioning of Wireless Access Points (CAPWAP)
无线接入点(CAPWAP)的控制和供应目标
Status of This Memo
关于下段备忘
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2006).
版权所有(C)互联网协会(2006年)。
Abstract
摘要
This document presents objectives for an interoperable protocol for the Control and Provisioning of Wireless Access Points (CAPWAP). The document aims to establish a set of focused requirements for the development and evaluation of a CAPWAP protocol. The objectives address architecture, operation, security, and network operator requirements that are necessary to enable interoperability among Wireless Local Area Network (WLAN) devices of alternative designs.
本文档介绍了用于控制和提供无线接入点(CAPWAP)的可互操作协议的目标。本文件旨在为CAPWAP协议的开发和评估确定一套重点要求。这些目标涉及架构、操作、安全性和网络运营商要求,这些要求对于实现备选设计的无线局域网(WLAN)设备之间的互操作性是必要的。
Table of Contents
目录
1. Introduction ....................................................3 2. Terminology .....................................................3 3. Requirements Notation ...........................................4 4. Objectives Overview .............................................4 5. Objectives ......................................................5 5.1. Mandatory and Accepted Objectives ..........................5 5.1.1. Logical Groups ......................................5 5.1.2. Support for Traffic Separation ......................6 5.1.3. Wireless Terminal Transparency ......................8 5.1.4. Configuration Consistency ...........................8 5.1.5. Firmware Trigger ....................................9 5.1.6. Monitoring and Exchange of System-wide Resource State .....................................10 5.1.7. Resource Control Objective .........................11 5.1.8. CAPWAP Protocol Security ...........................12 5.1.9. System-wide Security ...............................14 5.1.10. IEEE 802.11i Considerations .......................15 5.1.11. Interoperability Objective .......................17 5.1.12. Protocol Specifications ..........................18 5.1.13. Vendor Independence ..............................19 5.1.14. Vendor Flexibility ...............................19 5.1.15. NAT Traversal ....................................20 5.2. Desirable Objectives ......................................21 5.2.1. Multiple Authentication Mechanisms .................21 5.2.2. Support for Future Wireless Technologies ...........21 5.2.3. Support for New IEEE Requirements ..................22 5.2.4. Interconnection Objective ..........................23 5.2.5. Access Control ....................................24 5.3. Non-Objectives ............................................25 5.3.1. Support for Non-CAPWAP WTPs ........................25 5.3.2. Technical Specifications ...........................26 5.4. Operator Requirements .....................................27 5.4.1. AP Fast Handoff ....................................27 6. Summary and Conclusion .........................................27 7. Security Considerations ........................................28 8. Acknowledgements ...............................................29 9. Normative References ...........................................29 10. Informative References ........................................29
1. Introduction ....................................................3 2. Terminology .....................................................3 3. Requirements Notation ...........................................4 4. Objectives Overview .............................................4 5. Objectives ......................................................5 5.1. Mandatory and Accepted Objectives ..........................5 5.1.1. Logical Groups ......................................5 5.1.2. Support for Traffic Separation ......................6 5.1.3. Wireless Terminal Transparency ......................8 5.1.4. Configuration Consistency ...........................8 5.1.5. Firmware Trigger ....................................9 5.1.6. Monitoring and Exchange of System-wide Resource State .....................................10 5.1.7. Resource Control Objective .........................11 5.1.8. CAPWAP Protocol Security ...........................12 5.1.9. System-wide Security ...............................14 5.1.10. IEEE 802.11i Considerations .......................15 5.1.11. Interoperability Objective .......................17 5.1.12. Protocol Specifications ..........................18 5.1.13. Vendor Independence ..............................19 5.1.14. Vendor Flexibility ...............................19 5.1.15. NAT Traversal ....................................20 5.2. Desirable Objectives ......................................21 5.2.1. Multiple Authentication Mechanisms .................21 5.2.2. Support for Future Wireless Technologies ...........21 5.2.3. Support for New IEEE Requirements ..................22 5.2.4. Interconnection Objective ..........................23 5.2.5. Access Control ....................................24 5.3. Non-Objectives ............................................25 5.3.1. Support for Non-CAPWAP WTPs ........................25 5.3.2. Technical Specifications ...........................26 5.4. Operator Requirements .....................................27 5.4.1. AP Fast Handoff ....................................27 6. Summary and Conclusion .........................................27 7. Security Considerations ........................................28 8. Acknowledgements ...............................................29 9. Normative References ...........................................29 10. Informative References ........................................29
The growth in large-scale Wireless Local Area Network (WLAN) deployments has brought into focus a number of technical challenges. Among them is the complexity of managing large numbers of Wireless Termination Points (WTPs), which is further exacerbated by variations in their design. Another challenge is the maintenance of consistent configurations among the numerous WTPs of a system. The dynamic nature of the wireless medium is also a concern together with WLAN security. The challenges affecting large-scale WLAN deployments have been highlighted in [RFC3990].
大规模无线局域网(WLAN)部署的增长带来了许多技术挑战。其中包括管理大量无线终端点(WTP)的复杂性,其设计的变化进一步加剧了这种复杂性。另一个挑战是在一个系统的众多WTP之间保持一致的配置。无线媒体的动态特性与WLAN安全性也是一个值得关注的问题。[RFC3990]中强调了影响大规模WLAN部署的挑战。
Many vendors have addressed these challenges by developing new architectures and solutions. A survey of the various developments was conducted to better understand the context of these challenges. This survey is a first step towards designing interoperability among the solutions. The Architecture Taxonomy [RFC4118] is a result of this survey in which major WLAN architecture families are classified. Broadly, these are the autonomous, centralized WLAN, and distributed mesh architectures.
许多供应商通过开发新的体系结构和解决方案来应对这些挑战。对各种发展情况进行了调查,以便更好地了解这些挑战的背景。此调查是设计解决方案之间互操作性的第一步。架构分类法[RFC4118]是本次调查的结果,其中对主要WLAN架构系列进行了分类。从广义上讲,它们是自治的、集中式的WLAN和分布式网状体系结构。
The Architecture Taxonomy identified the centralized WLAN architecture as one in which portions of the wireless medium access control (MAC) operations are centralized in a WLAN controller. This centralized WLAN architecture is further classified into remote-MAC, split-MAC, and local-MAC designs. Each differs in the degree of separation of wireless MAC layer capabilities between WTPs and WLAN controller.
架构分类将集中式WLAN架构识别为其中无线介质访问控制(MAC)操作的部分集中在WLAN控制器中的架构。这种集中式WLAN架构进一步分为远程MAC、拆分MAC和本地MAC设计。WTP和WLAN控制器之间的无线MAC层功能分离程度各不相同。
This document puts forward critical objectives for achieving interoperability in the CAPWAP framework. It presents requirements that address the challenges of controlling and provisioning large-scale WLAN deployments. The realization of these objectives in a CAPWAP protocol will ensure that WLAN equipment of major design types may be integrally deployed and managed.
本文件提出了在CAPWAP框架中实现互操作性的关键目标。它提出了解决控制和提供大规模WLAN部署的挑战的要求。在CAPWAP协议中实现这些目标将确保主要设计类型的WLAN设备可以整体部署和管理。
This document uses terminology defined in [RFC4118], [802.11], [802.11i], and [802.11e]. Additionally, the following terms are defined.
本文件使用[RFC4118]、[802.11]、[802.11i]和[802.11e]中定义的术语。此外,定义了以下术语。
Centralized WLAN: A WLAN based on the centralized WLAN Architecture [RFC4118].
集中式WLAN:基于集中式WLAN架构的WLAN[RFC4118]。
Switching Segment: Those aspects of a centralized WLAN that primarily deal with switching or routing of control and data information between Wireless Termination Points (WTPs) and the WLAN controller.
交换段:集中式WLAN的那些方面,主要处理无线终端点(WTP)和WLAN控制器之间控制和数据信息的交换或路由。
Wireless Medium Segment: Those aspects of a centralized WLAN that primarily deal with the wireless interface between WTPs and wireless terminals. The Wireless Medium Segment is specific to layer 2 wireless technology, such as IEEE 802.11.
无线媒体段:集中式WLAN的那些方面,主要处理WTP和无线终端之间的无线接口。无线媒体段特定于第2层无线技术,如IEEE 802.11。
CAPWAP Framework: A term that covers the local-MAC and split-MAC designs of the Centralized WLAN Architecture. Standardization efforts are focused on these designs.
CAPWAP框架:一个涵盖集中式WLAN架构的本地MAC和拆分MAC设计的术语。标准化工作的重点是这些设计。
CAPWAP Protocol: The protocol between WLAN controller and WTPs in the CAPWAP framework. It facilitates control, management, and provisioning of WTPs in an interoperable manner.
CAPWAP协议:CAPWAP框架中WLAN控制器和WTP之间的协议。它以可互操作的方式促进WTP的控制、管理和供应。
Logical Group: A logical separation of a physical WTP is termed logical group. So a single physical WTP will operate a number of logical groups. Virtual access points (APs) are examples of logical groups. Here, each Basic Service Set Identifier (BSSID) and constituent wireless terminals' radios are denoted as distinct logical groups of a physical WTP. Logical groups are maintained without conflicting with the CAPWAP objectives, particularly the 'Wireless Terminal Transparency' objective.
逻辑组:物理WTP的逻辑分离称为逻辑组。因此,单个物理WTP将操作多个逻辑组。虚拟接入点(AP)是逻辑组的示例。这里,每个基本服务集标识符(BSSID)和组成无线终端的无线电被表示为物理WTP的不同逻辑组。逻辑组的维护不与CAPWAP目标相冲突,尤其是“无线终端透明度”目标。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC2119]中所述进行解释。
The objectives for CAPWAP have been broadly classified to address architecture, operation, and security requirements of managing large-scale WLAN deployments.
CAPWAP的目标已被广泛分类,以解决管理大规模WLAN部署的体系结构、操作和安全需求。
Architecture objectives deal with system-level aspects of the CAPWAP protocol. They address issues of protocol extensibility, diversity in network deployments and architecture designs, and differences in transport technologies.
体系结构目标涉及CAPWAP协议的系统级方面。它们解决了协议可扩展性、网络部署和体系结构设计的多样性以及传输技术的差异等问题。
Operational objectives address the control and management features of the CAPWAP protocol. They deal with operations relating to WLAN monitoring, resource management, Quality of Service (QoS), and access control.
运营目标涉及CAPWAP协议的控制和管理功能。它们处理与WLAN监控、资源管理、服务质量(QoS)和访问控制相关的操作。
Security objectives address potential threats to WLANs and their containment. In the CAPWAP context, security requirements cover the protocol between the WLAN controller and WTPs and also the WLAN system as a whole.
安全目标解决无线局域网及其遏制的潜在威胁。在CAPWAP上下文中,安全要求包括WLAN控制器和WTP之间的协议,以及整个WLAN系统。
Additionally, a general classification is used for objectives relating to the overall impact of the CAPWAP protocol specifications.
此外,与CAPWAP协议规范的总体影响相关的目标使用一般分类。
The objectives described in this document have been prioritized based on their immediate significance in the development and evaluation of a control and provisioning protocol for large-scale WLAN deployments. The priorities are:
本文档中描述的目标已根据其在开发和评估大规模WLAN部署的控制和供应协议中的直接意义进行了优先排序。优先事项是:
i. Mandatory and Accepted Objectives ii. Desirable Objectives iii. Non-Objectives
i. 强制性和公认的目标2。理想目标三.非目标
The priorities have been assigned to individual objectives in accordance with working group discussions.
根据工作组的讨论,已将优先事项分配给各个目标。
Furthermore, a distinct category of objectives is provided based on requirements gathered from network service operators. These are specific needs that arise from operators' experiences in deploying and managing large-scale WLANs.
此外,根据从网络服务运营商收集的需求,提供了一个不同的目标类别。这些是运营商在部署和管理大规模无线局域网方面的经验所产生的特定需求。
a. Operator Requirements
a. 操作员要求
Objectives prioritized as mandatory and accepted have been deemed crucial for the control and provisioning of WTPs. They directly address the challenges of large-scale WLAN deployments and MUST be realized by a CAPWAP protocol.
被视为强制性和可接受的优先目标对于WTP的控制和供应至关重要。它们直接解决了大规模WLAN部署的挑战,必须通过CAPWAP协议实现。
Classification: Architecture
分类:建筑
Description:
说明:
Large WLAN deployments are complex and expensive. Furthermore, enterprises deploying such networks are under pressure to improve the efficiency of their expenditures.
大型WLAN部署既复杂又昂贵。此外,部署此类网络的企业面临着提高支出效率的压力。
Shared WLAN deployments, where a single physical WLAN infrastructure supports a number of logical networks, are increasingly used to address these two issues of large-scale WLANs. These are popular as they allow deployment and management costs to be spread across businesses.
共享WLAN部署(单个物理WLAN基础设施支持多个逻辑网络)越来越多地用于解决大规模WLAN的这两个问题。它们很受欢迎,因为它们允许部署和管理成本在企业间分摊。
In traditional WLANs, each physical WTP represents one complete subset of a larger WLAN system. Shared WLANs differ in that each physical WTP represents a number of logical subsets of possibly a number of larger WLAN systems. Each logical division of a physical WTP is referred to as a logical group (see definition in Section 2). So WLANs are managed in terms of logical groups instead of physical WTPs. Logical groups are based on BSSIDs and other types of virtual APs.
在传统WLAN中,每个物理WTP代表一个更大WLAN系统的一个完整子集。共享WLAN的不同之处在于,每个物理WTP代表可能多个较大WLAN系统的多个逻辑子集。物理WTP的每个逻辑分区称为逻辑组(参见第2节中的定义)。因此,WLAN是按照逻辑组而不是物理WTP进行管理的。逻辑组基于BSSID和其他类型的虚拟AP。
Protocol Requirement:
协议要求:
The CAPWAP protocol MUST be capable of controlling and managing physical WTPs in terms of logical groups including BSSID-based groups.
CAPWAP协议必须能够按照逻辑组(包括基于BSSID的组)控制和管理物理WTP。
For all operating modes, including those in which the WTP performs local bridging and those in which the Access Controller (AC) performs centralized bridging, the protocol MUST provide provisions for configuring logical groups at the WTP.
对于所有操作模式,包括WTP执行本地桥接的模式和访问控制器(AC)执行集中桥接的模式,协议必须提供在WTP配置逻辑组的规定。
Motivation and Protocol Benefits:
动机和协议好处:
Commercial realities necessitate that WLANs be manageable in terms of their logical groups. This allows separation of logical services and underlying infrastructure management. A protocol that realizes this need ensures simpler and cost-effective WLANs, which directly address the requirements of network service operators.
商业现实要求无线局域网在其逻辑组方面是可管理的。这允许将逻辑服务和基础架构管理分离。实现这一需求的协议确保了更简单和经济高效的wlan,它直接满足网络服务运营商的需求。
Relation to Problem Statement:
与问题陈述的关系:
This objective addresses the problem of management complexity in terms of costs. Cost complexity is reduced by sharing WLAN deployments. Consequently, deployment and management cost-efficiencies are realized.
这一目标解决了成本方面的管理复杂性问题。通过共享WLAN部署降低了成本复杂性。因此,实现了部署和管理成本效率。
Classification: Operations
分类:业务
Description:
说明:
The centralized WLAN architecture simplifies complexity associated with large-scale deployments by consolidating portions of wireless MAC functionality at a central WLAN controller and distributing the remaining across WTPs. As a result, WTPs and WLAN controller exchange control and data information between them. This objective
集中式WLAN体系结构通过在中央WLAN控制器上整合部分无线MAC功能并将其余功能分布在WTP上,简化了与大规模部署相关的复杂性。因此,WTP和WLAN控制器在它们之间交换控制和数据信息。这一目标
states that control and data aspects of the exchanges be mutually separated for further simplicity. This will allow solutions for each type of exchange to be independently optimized.
声明交换的控制和数据方面应相互分离,以进一步简化。这将允许对每种类型的交换机的解决方案进行独立优化。
Furthermore, in the context of shared WLAN deployments, the mutual separation of control and data also addresses security concerns. In particular, given the likelihood of different logical groups, such as those established by different virtual APs, being managed by different administrators, separation of control and data is a first step towards individually containing and securing the logical groups.
此外,在共享WLAN部署的环境中,控制和数据的相互分离也解决了安全问题。特别是,考虑到不同的逻辑组(如由不同虚拟AP建立的逻辑组)可能由不同的管理员管理,控制和数据分离是单独包含和保护逻辑组的第一步。
It is also important to ensure that traffic from each logical group is mutually separated to maintain the integrity and independence of the logical groups.
确保每个逻辑组的通信量相互分离以保持逻辑组的完整性和独立性也很重要。
Protocol Requirement:
协议要求:
The CAPWAP protocol MUST define transport control messages such that the transport of control messages is separate from the transport of data messages.
CAPWAP协议必须定义传输控制消息,以便控制消息的传输与数据消息的传输分开。
Motivation and Protocol Benefits:
动机和协议好处:
The aim of separating data and control aspects of the protocol is to simplify the protocol. It also allows for the flexibility of addressing each type of traffic in the most appropriate manner.
分离协议的数据和控制方面的目的是简化协议。它还允许以最适当的方式灵活地处理每种类型的流量。
Furthermore, this requirement will help remotely located WTPs to handle data traffic in alternative ways without the need for forwarding them across a wide network to the WLAN controller.
此外,这一要求将有助于远程定位的WTP以替代方式处理数据流量,而无需将数据流量通过宽网络转发到WLAN控制器。
Separation of WTP control and data also aids in the secure realization of shared WLAN deployments.
WTP控制和数据的分离也有助于安全实现共享WLAN部署。
Relation to Problem Statement:
与问题陈述的关系:
Broadly, this objective relates to the challenge of managing complexity in large-scale WLANs. The requirement for traffic separation simplifies control as this is separated from the task of data transport.
从广义上讲,这一目标与管理大规模无线局域网中的复杂性有关。流量分离的要求简化了控制,因为它与数据传输任务分离。
Classification: Operations
分类:业务
Description:
说明:
The CAPWAP protocol is applicable between a centralized WLAN controller and a number of WTPs; i.e., it affects only the switching segment of the centralized WLAN architecture. Its operations should therefore be independent of the wireless terminal. Wireless terminals should not be required to be aware of the existence of the CAPWAP protocol.
CAPWAP协议适用于集中式WLAN控制器和多个WTP之间;i、 例如,它只影响集中式WLAN体系结构的交换段。因此,其操作应独立于无线终端。无线终端不需要知道CAPWAP协议的存在。
Protocol Requirement:
协议要求:
Wireless terminals MUST NOT be required to recognize or be aware of the CAPWAP protocol.
无线终端无需识别或了解CAPWAP协议。
Motivation and Protocol Benefits:
动机和协议好处:
IEEE 802.11-based wireless terminals are mature and widely available. It would be beneficial for CAPWAP not to impose new requirements on these wireless terminals. In effect, this requirement ensures that the setup cost of the protocol is reduced as the numerous existing wireless terminals need not be altered.
基于ieee802.11的无线终端已经成熟并广泛可用。CAPWAP不在这些无线终端上强加新的要求将是有益的。实际上,这一要求确保了协议的设置成本降低,因为许多现有无线终端不需要改变。
Relation to Problem Statement:
与问题陈述的关系:
The Problem Statement highlights the challenges faced by large WLANs consisting of many WTPs. It does not refer to the operations of wireless terminals and this objective emphasizes the independence.
问题陈述强调了由许多WTP组成的大型WLAN所面临的挑战。它不涉及无线终端的操作,这一目标强调了独立性。
Classification: Operations
分类:业务
Description:
说明:
WLANs in the CAPWAP framework contain numerous WTPs, each of them needing to be configured and managed in a consistent manner. The main concern in ensuring consistency is availability of appropriate information corresponding to WTP configuration states. So configuration consistency can be achieved by providing the centralized WLAN controller with regular updates on the state of WTP operations. The centralized WLAN controller can in turn apply information from the regular updates to ensure consistently among the WTPs.
CAPWAP框架中的WLAN包含许多WTP,每个WTP都需要以一致的方式进行配置和管理。确保一致性的主要问题是与WTP配置状态相对应的适当信息的可用性。因此,通过向集中式WLAN控制器提供WTP操作状态的定期更新,可以实现配置一致性。集中式WLAN控制器可以反过来应用来自定期更新的信息,以确保WTP之间的一致性。
Protocol Requirement:
协议要求:
The CAPWAP protocol MUST include support for regular exchanges of state information between WTPs and the WLAN controller. Examples of state information include WTP processing load and memory utilization.
CAPWAP协议必须支持WTP和WLAN控制器之间定期交换状态信息。状态信息的示例包括WTP处理负载和内存利用率。
Motivation and Protocol Benefits:
动机和协议好处:
A protocol that provides access to regular state information can in turn be used to enhance WLAN configuration and performance. The CAPWAP protocol will be better equipped to address configuration-related problems with the regularly available state information. So with greater state information, control and management operations can be improved.
提供对常规状态信息访问的协议反过来可以用于增强WLAN配置和性能。CAPWAP协议将更好地利用定期可用的状态信息解决与配置相关的问题。因此,通过更多的状态信息,可以改进控制和管理操作。
Relation to Problem Statement:
与问题陈述的关系:
One of the major challenges described in the Problem Statement is that of maintaining consistent configuration across the numerous WTPs of a WLAN. This objective addresses the fundamental issue behind this -- availability of timely state information.
问题陈述中描述的主要挑战之一是在WLAN的多个WTP之间保持一致的配置。这一目标解决了其背后的根本问题——及时获取状态信息。
Classification: Operations
分类:业务
Description:
说明:
One specific aspect of configuration consistency is the firmware used by various WTPs. The scale of large WLANs introduces possibilities for variations in the firmware used among WTPs. This objective highlights the need for the CAPWAP protocol to trigger the delivery of appropriate versions of firmware to WTPs. The actual delivery of firmware need not be inclusive to the protocol.
配置一致性的一个具体方面是各种WTP使用的固件。大型WLAN的规模引入了WTP之间所用固件的变化可能性。该目标强调了CAPWAP协议触发向WTP交付适当版本固件的必要性。固件的实际交付不需要包含在协议中。
Protocol Requirement:
协议要求:
The CAPWAP protocol MUST support a trigger for delivery of firmware updates.
CAPWAP协议必须支持固件更新交付的触发器。
Motivation and Protocol Benefits:
动机和协议好处:
The CAPWAP protocol interfaces many WTPs to a centralized WLAN controller. Firmware distribution allows these interfaces to be compatible. This in turn results in consistent configuration and simplified management. So the protocol benefits by including triggers for the distribution of firmware updates.
CAPWAP协议将许多WTP连接到集中式WLAN控制器。固件分发允许这些接口兼容。这反过来导致一致的配置和简化的管理。因此,该协议通过包含固件更新分发的触发器而受益。
Relation to Problem Statement:
与问题陈述的关系:
Inconsistencies in the configuration of WTPs have been identified as a major challenge for large-scale WTPs. This objective helps overcome the challenge by providing a way for the CAPWAP protocol to initiate delivery of firmware updates that are compatible among all WTPs.
水处理厂的配置不一致已被确定为大规模水处理厂面临的主要挑战。这一目标通过为CAPWAP协议提供一种方式来启动所有WTP之间兼容的固件更新的交付,从而帮助克服这一挑战。
Classification: Operations
分类:业务
Description:
说明:
The centralized WLAN architecture is made up of a switching segment and wireless medium segment. In the switching segment, network congestion, WTP status, and firmware information have to be monitored. In the wireless medium segment, the dynamic nature of the medium itself has to be monitored. Overall, there are also various statistics that need to be considered for efficient WLAN operation.
集中式WLAN体系结构由交换段和无线媒体段组成。在交换段中,必须监控网络拥塞、WTP状态和固件信息。在无线媒体领域,必须监控媒体本身的动态特性。总的来说,为了实现高效的WLAN运行,还需要考虑各种统计数据。
The CAPWAP protocol should be capable of monitoring the various information sources and deliver the resulting information to the relevant WLAN devices -- either WTPs or the WLAN controller. Moreover, given the relationship among information sources, the CAPWAP protocol should combine state information from them. For example, statistics information and status signals from WTPs may be merged before being exchanged.
CAPWAP协议应该能够监控各种信息源,并将产生的信息传送到相关的WLAN设备——WTP或WLAN控制器。此外,考虑到信息源之间的关系,CAPWAP协议应该结合来自它们的状态信息。例如,来自wtp的统计信息和状态信号可以在交换之前被合并。
Examples of statistics information that the CAPWAP protocol should monitor and exchange include congestion state, interference levels, loss rates, and various delay factors.
CAPWAP协议应监控和交换的统计信息示例包括拥塞状态、干扰级别、丢失率和各种延迟因素。
Protocol Requirement:
协议要求:
The CAPWAP protocol MUST allow for the exchange of statistics, congestion, and other WLAN state information.
CAPWAP协议必须允许交换统计数据、拥塞和其他WLAN状态信息。
Motivation and Protocol Benefits:
动机和协议好处:
The effectiveness of a protocol is based on the relevance of information on which it operates. This requirement for resource monitoring and exchange can provide the appropriate information to the CAPWAP protocol.
议定书的效力取决于其运作所依据的信息的相关性。对资源监控和交换的要求可以为CAPWAP协议提供适当的信息。
Relation to Problem Statement:
与问题陈述的关系:
The Problem Statement highlights the challenge of dealing with large numbers of WTPs and the dynamic nature of the wireless medium. Information on the state of WTPs and the medium is important to deal with them effectively. So this objective relates to the problem of managing consistency in large WLANs.
问题陈述强调了处理大量WTP的挑战以及无线媒体的动态特性。有关水处理厂和介质状态的信息对于有效处理这些问题非常重要。因此,这个目标与管理大型wlan中的一致性问题有关。
Classification: Operations
分类:业务
Description:
说明:
Integral to the success of any wireless network system is the performance and quality it can offer its subscribers. Since CAPWAP-based WLANs combine a switching segment and a wireless medium segment, performance and quality need to be coordinated across both of these segments. So QoS performance must be enforced system-wide.
任何无线网络系统的成功都离不开它能为用户提供的性能和质量。由于基于CAPWAP的无线局域网结合了交换网段和无线媒体网段,因此需要在这两个网段之间协调性能和质量。因此,必须在系统范围内实施QoS性能。
This objective highlights QoS over the entire WLAN system, which includes the switching segment and the wireless medium segment. Given the fundamental differences between the two, it is likely that there are alternate QoS mechanisms between WTPs and wireless service subscribers and between WTPs and WLAN controllers. For instance, the former will be based on IEEE 802.11e, whereas the latter will be an alternative. So resources need to be adjusted in a coordinated fashion over both segments. The CAPWAP protocol should ensure that these adjustments are appropriately exchanged between WLAN controllers and WTPs.
该目标强调了整个WLAN系统的QoS,包括交换段和无线媒体段。鉴于两者之间的根本区别,WTP和无线服务订户之间以及WTP和WLAN控制器之间可能存在备用QoS机制。例如,前者将基于IEEE 802.11e,而后者将是替代方案。因此,这两个部门的资源需要以协调的方式进行调整。CAPWAP协议应确保在WLAN控制器和WTP之间适当交换这些调整。
In addition to IEEE 802.11e, there are a number of other IEEE 802.11 task groups that may affect network resources. These include IEEE 802.11 TGk, TGu, and TGv, which are currently in progress. CAPWAP should therefore not be restricted to IEEE 802.11e-based mapping.
除IEEE 802.11e外,还有许多其他IEEE 802.11任务组可能会影响网络资源。其中包括IEEE 802.11 TGk、TGu和TGv,目前正在进行中。因此,CAPWAP不应仅限于基于IEEE 802.11e的映射。
Protocol Requirement:
协议要求:
The CAPWAP protocol MUST map the IEEE 802.11e QoS priorities to equivalent QoS priorities across the switching and wireless medium segments.
CAPWAP协议必须将IEEE 802.11e QoS优先级映射到交换和无线媒体段的等效QoS优先级。
Motivation and Protocol Benefits:
动机和协议好处:
A protocol that addresses QoS aspects of WLAN systems will deliver high performance thereby being beneficial for subscribers and for resource utilization efficiency. Since CAPWAP deals with WTPs directly and with the wireless medium indirectly, both of these must be considered for performance.
解决WLAN系统的QoS方面的协议将提供高性能,从而有利于用户和资源利用效率。由于CAPWAP直接与WTP打交道,间接与无线媒体打交道,因此必须考虑这两者的性能。
For the wireless medium segment, QoS aspects in the protocol enable high-quality communications within the domain of a WLAN controller. Since each domain generally covers an enterprise or a group of service providers, such protocol performance has wide-ranging effects.
对于无线媒体段,协议中的QoS方面支持WLAN控制器域内的高质量通信。由于每个域通常覆盖一个企业或一组服务提供商,因此这种协议性能具有广泛的影响。
Within the switching segment of CAPWAP, a QoS-enabled protocol minimizes the adverse effects of dynamic traffic characteristics so as to ensure system-wide performance.
在CAPWAP的交换段内,支持QoS的协议将动态流量特性的不利影响降至最低,从而确保系统范围内的性能。
Relation to Problem Statement:
与问题陈述的关系:
QoS control is critical to large WLANs and relates to a number of aspects. In particular, this objective can help address the problem of managing dynamic conditions of the wireless medium.
QoS控制对于大型WLAN来说至关重要,涉及到许多方面。特别是,这一目标有助于解决管理无线媒体动态条件的问题。
Furthermore, traffic characteristics in large-scale WLANs are constantly varying. So network utilization becomes inefficient, and user experience is unpredictable.
此外,大规模wlan中的业务特性是不断变化的。因此,网络利用率变得低效,用户体验也不可预测。
The interaction and coordination between the two aspects of system-wide QoS are therefore critical for performance.
因此,系统范围QoS的两个方面之间的交互和协调对于性能至关重要。
Classification: Security
类别:保安
Description:
说明:
This objective addresses the security of the CAPWAP protocol.
该目标涉及CAPWAP协议的安全性。
The CAPWAP protocol MUST first provide for the participating entities -- the WLAN controller and WTPs -- to be explicitly mutually authenticated. This is to ensure that rogue elements do not gain access to the WLAN system. Rogue WTPs should not be allowed to breach legitimate WLANs, and at the same time rogue WLAN controllers should not be allowed to gain control of legitimate WTPs. For example, WTPs may need to regularly renew their authentication state with the WLAN controller and similarly for WLAN controllers.
CAPWAP协议必须首先为参与实体(WLAN控制器和WTP)提供明确的相互认证。这是为了确保恶意元素不会访问WLAN系统。不应允许流氓WTP破坏合法的WLAN,同时不应允许流氓WLAN控制器控制合法的WTP。例如,WTP可能需要定期使用WLAN控制器更新其身份验证状态,对于WLAN控制器也是如此。
If authentication is performed via an authenticated key exchange, future knowledge of derived keys is not sufficient for authentication.
如果通过经过身份验证的密钥交换执行身份验证,则将来对派生密钥的了解不足以进行身份验证。
Any session keys used between the WLAN controller and WTPs MUST be mutually derived using entropy contributed by both parties. This ensures that no one party has control over the resulting session keys.
WLAN控制器和WTP之间使用的任何会话密钥必须使用双方贡献的熵相互派生。这确保没有任何一方可以控制生成的会话密钥。
Once WTPs and the WLAN controller have been mutually authenticated, information exchanges between them must be secured against various security threats. So the CAPWAP protocol MUST provide integrity protection and replay protection. The protocol SHOULD provide confidentiality through encryption. This should cover illegitimate modifications to protocol exchanges, eavesdropping, and Denial of Service (DoS) attacks, among other potential compromises. So the protocol must provide confidentiality, integrity, and authenticity for those exchanges.
一旦WTP和WLAN控制器经过相互认证,它们之间的信息交换必须针对各种安全威胁进行保护。因此,CAPWAP协议必须提供完整性保护和重播保护。协议应通过加密提供机密性。这应该包括对协议交换的非法修改、窃听和拒绝服务(DoS)攻击,以及其他潜在的危害。因此,协议必须为这些交换提供机密性、完整性和真实性。
As a result of realizing this objective, it should not be possible for individual WTP breaches to affect the security of the WLAN as a whole. So WTP misuse will be protected against.
作为实现这一目标的结果,个人WTP违规不可能影响WLAN整体的安全性。因此,WTP的滥用将受到保护。
Additionally, the key establishment protocol for authentication and securing CAPWAP exchanges must be designed to minimize the possibility of future compromises after the keys are established.
此外,用于身份验证和保护CAPWAP交换的密钥建立协议必须设计为在密钥建立后将未来泄露的可能性降至最低。
CAPWAP MUST NOT prevent the use of asymmetric authentication. The security considerations of such asymmetric authentication are described in the Security Considerations section.
CAPWAP不得阻止使用非对称身份验证。此类非对称身份验证的安全注意事项在安全注意事项部分中进行了描述。
If the CAPWAP protocol meets the criteria to require automated key management per BCP 107 [RFC4107], then mutual authentication MUST be accomplished via an authenticated key exchange.
如果CAPWAP协议符合要求根据BCP 107[RFC4107]进行自动密钥管理的标准,则必须通过经过身份验证的密钥交换完成相互身份验证。
Protocol Requirement:
协议要求:
The CAPWAP protocol MUST support mutual authentication of WTPs and the centralized controller. It also MUST ensure that information exchanges are integrity protected and SHOULD ensure confidentiality through encryption.
CAPWAP协议必须支持WTP和中央控制器的相互认证。它还必须确保信息交换受到完整性保护,并应通过加密确保机密性。
Motivation and Protocol Benefits:
动机和协议好处:
WLANs are increasingly deployed in critical aspects of enterprise and consumer networks. In these contexts, protocol security is crucial to ensure the privacy and integrity expected from network administrators and end-users. So securing the CAPWAP protocol has direct benefits in addressing these concerns.
无线局域网越来越多地部署在企业和消费者网络的关键方面。在这些情况下,协议安全对于确保网络管理员和最终用户的隐私和完整性至关重要。因此,保护CAPWAP协议对于解决这些问题具有直接的好处。
In many cases, the network path between a WTP and WLAN controller contains untrusted links. Such links could be leveraged by rogue WTPs to gain access to the WLAN system. They could also be used by rogue WLAN controllers to gain control of legitimate WTPs and their associated terminals to either redirect or compromise terminal traffic. These security concerns can be mitigated with this objective.
在许多情况下,WTP和WLAN控制器之间的网络路径包含不受信任的链路。流氓WTP可以利用这些链路访问WLAN系统。流氓WLAN控制器还可以使用它们来控制合法的WTP及其相关终端,从而重定向或破坏终端流量。通过这一目标,可以缓解这些安全问题。
Relation to Problem Statement:
与问题陈述的关系:
Security problems in large-scale WLANs are detailed in the Problem Statement. These include complications arising from rogue WTPs and compromised interfaces between WTPs and the WLAN controller. The requirement for protocol security addresses these problems and highlights the importance of protecting against them.
大规模无线局域网中的安全问题在问题声明中有详细说明。这些问题包括恶意WTP和WTP与WLAN控制器之间的接口受损引起的复杂性。协议安全性要求解决了这些问题,并强调了防范这些问题的重要性。
Classification: Security
类别:保安
Description:
说明:
The emphasis of this objective is on the security threats external to the centralized CAPWAP segment of a WLAN system. The focus is therefore on rogue wireless clients and other illegitimate wireless interferences. There are a number of specific external threats that need to be addressed within the CAPWAP framework.
该目标的重点是WLAN系统集中CAPWAP段外部的安全威胁。因此,重点是恶意无线客户端和其他非法无线干扰。有许多具体的外部威胁需要在CAPWAP框架内解决。
i. PMK Sharing
i. PMK共享
One aspect of this objective relates to recent discussions on Pairwise Master Key (PMK) sharing in the CAPWAP framework. This objective highlights the need to prevent exploitation of this ambiguity by rogue wireless clients. It is to ensure that any ambiguities arising from the CAPWAP framework are not cause for security breaches.
这一目标的一个方面涉及最近在CAPWAP框架中关于成对主密钥(PMK)共享的讨论。这一目标突出了防止恶意无线客户端利用这种模糊性的必要性。这是为了确保CAPWAP框架产生的任何歧义不会导致安全漏洞。
Protocol Requirement:
协议要求:
The design of the CAPWAP protocol MUST NOT allow for any compromises to the WLAN system by external entities.
CAPWAP协议的设计不得允许外部实体对WLAN系统造成任何损害。
Motivation and Protocol Benefits:
动机和协议好处:
The external threats to the centralized WLAN architecture become increasingly crucial given the low cost of wireless clients. Since it is relatively inexpensive for rogue individuals to mount attacks, it is important that WLAN systems are protected against them. Adequate mechanisms to thwart such external threats will be of tremendous benefit to the WLAN systems controlled and managed with the CAPWAP protocol.
考虑到无线客户端的低成本,集中式WLAN架构的外部威胁变得越来越重要。由于流氓个人发动攻击的成本相对较低,因此保护WLAN系统免受攻击非常重要。足够的机制来阻止这种外部威胁,将对使用CAPWAP协议控制和管理的WLAN系统产生巨大的好处。
Relation to Problem Statement:
与问题陈述的关系:
This objective is based on the security needs highlighted in the Problem Statement. Specifically, the Problem Statement discusses the effects of the shared wireless medium. This represents the external aspects of the CAPWAP framework from which certain threats can arise. The system-wide security objective addresses such threats in relation to the Problem Statement.
该目标基于问题陈述中强调的安全需求。具体而言,问题陈述讨论了共享无线媒体的影响。这代表了CAPWAP框架的外部方面,其中可能产生某些威胁。全系统安全目标解决了与问题陈述相关的此类威胁。
Classification: Operations
分类:业务
Description:
说明:
The CAPWAP protocol must support authentication in the centralized WLAN architecture in which the authenticator and encryption points can be located on distinct entities, i.e., WLAN controller or WTP. The Architecture Taxonomy illustrates a number of variants, in both local-MAC and split-MAC designs, in which the authenticator is located at the WLAN controller and the encryption points are at the WTPs. The CAPWAP protocol must be applicable to these variants and allow authentication mechanisms and their constituent processes to be operable in these cases.
CAPWAP协议必须支持集中式WLAN体系结构中的认证,其中认证器和加密点可以位于不同的实体上,即WLAN控制器或WTP。架构分类说明了本地MAC和拆分MAC设计中的许多变体,其中认证器位于WLAN控制器,加密点位于WTP。CAPWAP协议必须适用于这些变体,并允许认证机制及其组成过程在这些情况下可操作。
An important issue to consider in this case is the exchange of key information when authenticator and encryption points are located on distinct entities. For example, consider the case where IEEE 802.11i is used in a WLAN in which the WLAN controller realizes the authenticator, some WTPs realize encryption (possibly local-MAC WTPs), and other WTPs rely on the WLAN controller for encryption (possibly split-MAC WTPs).
在这种情况下要考虑的一个重要问题是当认证器和加密点位于不同实体上时密钥信息的交换。例如,考虑在WLAN控制器实现认证器的WLAN中使用IEEE 802.11i的情况下,一些WTPS实现加密(可能是本地MAC WTPS),并且其他WTPS依赖于WLAN控制器进行加密(可能是分离的MAC WTPS)。
Here, CAPWAP will first need to identify the location of the authenticator and encryption points between each WLAN controller-WTP pair. This will likely be part of the initial WTP configuration. Subsequently, the WTPs that realize encryption will need CAPWAP to exchange key information with the authenticator at the WLAN controller. For the WTPs that do not realize encryption, CAPWAP needs to adapt its control to bypass the key exchange phase.
在这里,CAPWAP首先需要确定每个WLAN控制器WTP对之间的认证器和加密点的位置。这可能是初始WTP配置的一部分。随后,实现加密的WTP将需要CAPWAP与WLAN控制器上的验证器交换密钥信息。对于未实现加密的WTP,CAPWAP需要调整其控制以绕过密钥交换阶段。
Clearly, the centralized WLAN architecture presents a different platform for authentication mechanisms compared to legacy WLANs in which a WTP realized both authenticator and encryption roles. So this objective highlights the need for CAPWAP to support authentication and key management in the centralized WLAN architecture.
显然,集中式WLAN体系结构为身份验证机制提供了不同于传统WLAN的平台,在传统WLAN中,WTP实现了身份验证者和加密角色。因此,这一目标强调了CAPWAP在集中式WLAN体系结构中支持身份验证和密钥管理的必要性。
Protocol Requirement:
协议要求:
The CAPWAP protocol MUST determine the exact structure of the centralized WLAN architecture in which authentication needs to be supported, i.e., the location of major authentication components. This may be achieved during WTP initialization where major capabilities are distinguished.
CAPWAP协议必须确定需要支持认证的集中式WLAN体系结构的确切结构,即主要认证组件的位置。这可以在WTP初始化期间实现,在该初始化过程中,主要功能会得到区分。
The protocol MUST allow for the exchange of key information when authenticator and encryption roles are located in distinct entities.
当认证者和加密角色位于不同的实体中时,协议必须允许密钥信息的交换。
Motivation and Protocol Benefits:
动机和协议好处:
The immediate focus of CAPWAP is on supporting IEEE 802.11-based WLANs. As such, it is necessary for the protocol to recognize the major distinction in WLAN design with respect to IEEE 802.11i authenticator and encryption points. This represents a significant variation that has been highlighted in the Architecture Taxonomy. The CAPWAP protocol benefits by accommodating such a major consideration from IEEE 802.11i.
CAPWAP的直接重点是支持基于IEEE 802.11的无线局域网。因此,协议必须识别WLAN设计中关于IEEE 802.11i认证器和加密点的主要区别。这代表了架构分类法中强调的一个重要变化。CAPWAP协议的优势在于它适应了IEEE 802.11i的主要考虑因素。
These requirements will be common for all authentication mechanisms over the centralized WLAN architecture. So they are applicable to IEEE 802.11i, Universal Access Method (UAM), and other mechanisms.
这些要求对于集中式WLAN体系结构上的所有认证机制都是通用的。因此,它们适用于IEEE 802.11i、通用访问方法(UAM)和其他机制。
Relation to Problem Statement:
与问题陈述的关系:
The Problem Statement highlights the availability of different WTP designs and the need to ensure interoperability among them. In this regard, operational changes occurring due to the separation of the IEEE 802.11i authenticator and encryption points need to be accommodated within the CAPWAP protocol.
问题陈述强调了不同WTP设计的可用性以及确保它们之间互操作性的必要性。在这方面,由于IEEE 802.11i认证器和加密点的分离而发生的操作变化需要在CAPWAP协议中适应。
Classification: Architecture
分类:建筑
Description:
说明:
Two major designs of the centralized WLAN architecture are local-MAC and split-MAC. With the focusing of standardization efforts on these two designs, it is crucial to ensure mutual interoperation among them.
集中式WLAN架构的两种主要设计是本地MAC和拆分MAC。确保这两种设计之间的互操作性至关重要。
This objective for the CAPWAP protocol is to ensure that WTPs of both local-MAC and split-MAC architecture designs are capable of interoperation within a single WLAN. Consequently, a single WLAN controller will be capable of controlling both types of WTPs using a single CAPWAP protocol. Integral support for these designs comprises a number of protocol aspects.
CAPWAP协议的目标是确保本地MAC和拆分MAC架构设计的WTP能够在单个WLAN内进行互操作。因此,单个WLAN控制器将能够使用单个CAPWAP协议控制两种类型的WTP。对这些设计的整体支持包括许多协议方面。
i. Capability negotiations between WLAN controller and WTPs
i. WLAN控制器和WTP之间的能力协商
WTP designs differ in the degree of IEEE 802.11 MAC functionalities that each type of WTP realizes. The major distinctions, split-MAC and local-MAC, differ in the processing of IEEE 802.11 MAC frames. In this regard, the CAPWAP protocol should include functionality that allows for negotiations of significant capabilities between WTPs and the WLAN controller.
WTP设计在每种类型的WTP实现的IEEE 802.11 MAC功能的程度上有所不同。分割MAC和本地MAC的主要区别在于IEEE 802.11 MAC帧的处理不同。在这方面,CAPWAP协议应包括允许WTP和WLAN控制器之间协商重要功能的功能。
As a first step, such negotiations could cover the type of WTP, split-MAC or local-MAC, as this provides substantial information on their respective capabilities.
作为第一步,此类谈判可能涉及WTP、拆分MAC或本地MAC的类型,因为这提供了有关其各自能力的大量信息。
ii. Establishment of alternative interfaces
二、建立替代接口
The capability differences among different WTPs essentially equate to alternative interfaces with a WLAN controller. So the CAPWAP protocol should be capable of adapting its operations to the major different interfaces. In a first case, this would include accommodating capability differences between local-MAC and split-MAC WTPs.
不同WTP之间的能力差异本质上等同于与WLAN控制器的替代接口。因此,CAPWAP协议应该能够使其操作适应主要的不同接口。在第一种情况下,这将包括适应本地MAC和分离MAC WTP之间的能力差异。
The definition of these interfaces in terms of finer granularity of functionalities will be based on AP functionality documents produced by the IEEE 802.11 AP Functionality (APF) Ad-Hoc Committee.
这些接口在更精细的功能粒度方面的定义将基于IEEE 802.11 AP功能(APF)特设委员会编制的AP功能文件。
Protocol Requirement:
协议要求:
The CAPWAP protocol MUST include sufficient capabilities negotiations to distinguish between major types of WTPs.
CAPWAP协议必须包含足够的功能,以区分主要类型的WTP。
Motivation and Protocol Benefits:
动机和协议好处:
The benefits of realizing this architecture objective are both technical and practical. First, there are substantial overlaps in the control operations of local-MAC and split-MAC architecture designs. The Architecture Taxonomy tabulates major common features of the two designs. As a result, it is technically practical to devise a single protocol that manages both types of devices.
实现此体系结构目标的好处是技术性和实用性。首先,本地MAC和分割MAC架构设计的控制操作存在大量重叠。体系结构分类法列出了这两种设计的主要共同特征。因此,设计管理这两种设备的单一协议在技术上是可行的。
Next, the ability to operate a CAPWAP protocol for both types of architectural designs enhances its practical prospects as it will have wider appeal.
其次,为两种类型的架构设计运行CAPWAP协议的能力增强了其实际应用前景,因为它将具有更广泛的吸引力。
Furthermore, the additional complexity resulting from such alternative interfaces is marginal. Consequently, the benefits of this objective will far outweigh any cost of realizing it.
此外,由此类替代接口产生的额外复杂性是微乎其微的。因此,这一目标的好处将远远超过实现这一目标的任何成本。
Relation to Problem Statement:
与问题陈述的关系:
The objective for supporting both local-MAC and split-MAC WTPs is fundamental to addressing the Problem Statement. It forms the basis for those problems to be uniformly addressed across the major WLAN architectures. This is the ultimate aim of standardization efforts. The realization of this objective will ensure the development of a comprehensive set of mechanisms that address the challenges of large-scale WLAN deployments.
支持本地MAC和拆分MAC WTP的目标对于解决问题陈述至关重要。它构成了跨主要WLAN架构统一解决这些问题的基础。这是标准化工作的最终目标。实现这一目标将确保开发一套全面的机制,以应对大规模WLAN部署的挑战。
Classification: General
类别:一般
Description:
说明:
WLAN equipment vendors require sufficient details from protocol specifications so that implementing them will allow for compatibility with other equipment that runs the same protocol. In this light, it is important for the CAPWAP protocol specifications to be reasonably complete for realization.
WLAN设备供应商要求协议规范提供足够的详细信息,以便实现这些规范将允许与运行相同协议的其他设备兼容。有鉴于此,CAPWAP协议规范的合理完善对于实现非常重要。
Protocol Requirement:
协议要求:
Any WTP or WLAN controller vendor or any person MUST be able to implement the CAPWAP protocol from the specification itself and by that it is required that all such implementations do interoperate.
任何WTP或WLAN控制器供应商或任何人员必须能够根据规范本身实施CAPWAP协议,并且要求所有此类实施能够互操作。
Motivation and Protocol Benefits:
动机和协议好处:
It is beneficial for WLAN equipment vendors to refer to a single set of specifications while implementing the CAPWAP protocol. This helps to ease and quicken the development process.
WLAN设备供应商在实施CAPWAP协议时参考一组规范是有益的。这有助于缓解和加快开发过程。
Relation to Problem Statement:
与问题陈述的关系:
This requirement is based on WG discussions that have been determined to be important for CAPWAP.
该要求基于工作组的讨论,这些讨论已被确定为对CAPWAP很重要。
Classification: General
类别:一般
Description:
说明:
Rapid developments in WLAN technologies result in equipment vendors constantly modifying their devices. In many cases, developments are independently made for WLAN controllers and WTPs. The CAPWAP protocol should not affect the independence of device modifications.
无线局域网技术的快速发展导致设备供应商不断修改其设备。在许多情况下,WLAN控制器和WTP的开发是独立进行的。CAPWAP协议不应影响设备修改的独立性。
Protocol Requirement:
协议要求:
A WTP vendor SHOULD be able to make modifications to hardware without any WLAN controller vendor involvement.
WTP供应商应能够在没有任何WLAN控制器供应商参与的情况下对硬件进行修改。
Motivation and Protocol Benefits:
动机和协议好处:
Independence in the type of hardware for WLAN equipment ensures that new developments do not hamper protocol operation.
WLAN设备硬件类型的独立性确保了新的发展不会妨碍协议的运行。
Relation to Problem Statement:
与问题陈述的关系:
This requirement is based on WG discussions that have been determined to be important for CAPWAP.
该要求基于工作组的讨论,这些讨论已被确定为对CAPWAP很重要。
Classification: General
类别:一般
Description:
说明:
The CAPWAP protocol must not be specified for a particular type of wireless MAC design. It should be compatible with both local-MAC and split-MAC WTPs.
不得为特定类型的无线MAC设计指定CAPWAP协议。它应该与本地MAC和拆分MAC WTP兼容。
Protocol Requirement:
协议要求:
The CAPWAP protocol MUST NOT limit WTP vendors in their choice of local-MAC or split-MAC WTPs. It MUST be compatible with both types of WTPs.
CAPWAP协议不得限制WTP供应商选择本地MAC或拆分MAC WTP。它必须与两种类型的WTP兼容。
Motivation and Protocol Benefits:
动机和协议好处:
This requirement is to ensure that WTP vendors have sufficient flexibility in selecting the type of wireless MAC design that they consider best for deployments.
这一要求是为了确保WTP供应商在选择他们认为最适合部署的无线MAC设计的类型方面有足够的灵活性。
Relation to Problem Statement:
与问题陈述的关系:
This requirement is based on WG discussions that have been determined to be important for CAPWAP.
该要求基于工作组的讨论,这些讨论已被确定为对CAPWAP很重要。
Classification: General
类别:一般
Description:
说明:
WLAN deployments may involve WTPs and the WLAN controller communicating across Network Address Translators (NATs). The CAPWAP protocol must be capable of operating across topologies that contain known NAT configurations. It requires appropriate discovery and identification mechanisms for NAT traversal.
WLAN部署可能涉及WTP和WLAN控制器通过网络地址转换器(NAT)进行通信。CAPWAP协议必须能够跨包含已知NAT配置的拓扑运行。它需要适当的NAT遍历发现和识别机制。
Protocol Requirement:
协议要求:
The CAPWAP protocol MUST NOT prevent the operation of established methods of NAT traversal.
CAPWAP协议不得阻止已建立的NAT穿越方法的操作。
Motivation and Protocol Benefits:
动机和协议好处:
The widespread adoption of WLANs raises the possibility for WLAN topologies containing NATs. It is important for the CAPWAP protocol to be applicable within such topologies. This requirement aims to make the CAPWAP protocol relevant for NAT traversal.
无线局域网的广泛采用增加了包含NAT的无线局域网拓扑的可能性。CAPWAP协议必须适用于此类拓扑结构。该要求旨在使CAPWAP协议与NAT穿越相关。
Relation to Problem Statement:
与问题陈述的关系:
This requirement is based on WG discussions that have been determined to be important for CAPWAP.
该要求基于工作组的讨论,这些讨论已被确定为对CAPWAP很重要。
These objectives have been determined to be desirable for a CAPWAP protocol but not mandatory. Realizing these objectives may help improve control of WLANs but need not necessarily be required for all networks or scenarios.
这些目标已被确定为CAPWAP协议的理想目标,但不是强制性的。实现这些目标可能有助于改善对wlan的控制,但并非所有网络或场景都需要实现这些目标。
Classification: Architecture
分类:建筑
Description:
说明:
Shared WLAN infrastructure raises the issue of multiple authentication mechanisms. This is because each logical group is likely to be associated with different service providers or WLAN domains. As a result, the authentication needs within them will be different. Although CAPWAP is required to support IEEE 802.11i, it is also necessary for it to support other authentication mechanisms. For example, one logical group may use IEEE 802.11i, whereas another may use web authentication. CAPWAP must be able to operate in such shared WLANs.
共享WLAN基础设施引发了多重身份验证机制的问题。这是因为每个逻辑组可能与不同的服务提供商或WLAN域相关联。因此,它们内部的身份验证需求将有所不同。尽管CAPWAP需要支持IEEE 802.11i,但它也需要支持其他身份验证机制。例如,一个逻辑组可以使用IEEE 802.11i,而另一个逻辑组可以使用web身份验证。CAPWAP必须能够在这种共享WLAN中运行。
Protocol Requirement:
协议要求:
The CAPWAP protocol MUST support different authentication mechanisms in addition to IEEE 802.11i.
除了IEEE 802.11i之外,CAPWAP协议还必须支持不同的身份验证机制。
Motivation and Protocol Benefits:
动机和协议好处:
The benefit of supporting various authentication mechanisms is that the protocol then becomes flexible for use in various deployments. The protocol will therefore not mandate the use of any particular mechanisms that may not be appropriate for a particular deployment.
支持各种身份验证机制的好处是,协议可以灵活地用于各种部署。因此,《议定书》将不要求使用可能不适合某一部署的任何特定机制。
Relation to Problem Statement:
与问题陈述的关系:
This objective relates to the problem of management complexity. Shared WLAN deployments simplify management of large networks.
这一目标涉及管理复杂性问题。共享WLAN部署简化了大型网络的管理。
Classification: Architecture
分类:建筑
Description:
说明:
The rapid pace of technology developments means that new advances need to be catered to in current analyses. Among these is the
技术发展的快速步伐意味着当前的分析需要迎合新的进步。其中包括
support for new wireless technologies within the CAPWAP protocol, such as IEEE 802.16. The protocol should therefore not rely on specifics of IEEE 802.11 technology.
支持CAPWAP协议中的新无线技术,如IEEE 802.16。因此,该协议不应依赖于IEEE 802.11技术的细节。
In all cases where the CAPWAP protocol messages contain specific layer 2 information elements, the definition of the protocol needs to provide for extensibility so that these elements can be defined for specific layer 2 wireless protocols. This may entail assigning a layer 2 wireless protocol type and version field to the message PDU. Examples of other wireless protocols that might be supported include but are not limited to 802.16e, 802.15.x, etc.
在CAPWAP协议消息包含特定第2层信息元素的所有情况下,协议的定义需要提供可扩展性,以便可以为特定第2层无线协议定义这些元素。这可能需要为消息PDU分配第2层无线协议类型和版本字段。可能支持的其他无线协议的示例包括但不限于802.16e、802.15.x等。
Protocol Requirement:
协议要求:
CAPWAP protocol messages MUST be designed to be extensible for specific layer 2 wireless technologies. It should not be limited to the transport of elements relating to IEEE 802.11.
CAPWAP协议消息必须设计为可扩展用于特定的第2层无线技术。它不应限于与IEEE 802.11相关的元件的传输。
Motivation and Protocol Benefits:
动机和协议好处:
There are many benefits to an extensible protocol. It allows for application in different networks and provides greater scope. Furthermore, service providers require WLAN solutions that will be able to meet current and future market requirements.
可扩展协议有很多好处。它允许在不同的网络中应用,并提供更大的范围。此外,服务提供商需要能够满足当前和未来市场需求的WLAN解决方案。
Relation to Problem Statement:
与问题陈述的关系:
The Problem Statement describes some of the advances taking place in other standards bodies like the IEEE. It is important for the CAPWAP protocol to reflect the advances and provide a framework in which they can be supported.
问题陈述描述了其他标准机构(如IEEE)所取得的一些进展。CAPWAP协议必须反映这些进步,并提供支持这些进步的框架。
Classification: Architecture
分类:建筑
Description:
说明:
The IEEE 802.11 APF Ad-Hoc Committee has reviewed IEEE 802.11 functionality and has made more thorough definitions for the new requirements. The CAPWAP protocol must be able to incorporate these definitions with minimal change. Furthermore, a number of extensions for IEEE 802.11 are currently being standardized. The CAPWAP protocol must also be able to incorporate these new extensions with minimal change.
IEEE 802.11 APF特设委员会已审查了IEEE 802.11功能,并对新要求做出了更全面的定义。CAPWAP协议必须能够以最小的更改将这些定义合并。此外,IEEE 802.11的许多扩展目前正在标准化。CAPWAP协议还必须能够将这些新的扩展与最小的更改结合起来。
Protocol Requirement:
协议要求:
The CAPWAP protocol MUST be openly designed to support new IEEE 802.11 definitions and extensions.
CAPWAP协议必须公开设计,以支持新的IEEE 802.11定义和扩展。
Motivation and Protocol Benefits:
动机和协议好处:
There are a number of advances being made within the IEEE regarding the functionality of IEEE 802.11 technology. Since this represents one of the major wireless technologies in use today, it will be beneficial for CAPWAP to incorporate the relevant new extensions.
关于IEEE 802.11技术的功能,IEEE内部正在取得许多进展。由于这是当今使用的主要无线技术之一,因此CAPWAP加入相关的新扩展将是有益的。
Relation to Problem Statement:
与问题陈述的关系:
The Problem Statement presents an overview of the task of the IEEE 802.11 working group. This group is focused on defining the functional architecture of WTPs and new extensions for it. It is necessary for the CAPWAP protocol to reflect these definitions and extensions.
问题陈述概述了IEEE 802.11工作组的任务。该小组专注于定义WTP的功能架构和新的扩展。CAPWAP协议必须反映这些定义和扩展。
Classification: Architecture
分类:建筑
Description:
说明:
Large-scale WLAN deployments are likely to use a variety of interconnection technologies between different devices of the network. It should therefore be possible for the CAPWAP protocol to operate over various interconnection technologies.
大规模WLAN部署可能会在网络的不同设备之间使用各种互连技术。因此,CAPWAP协议应能在各种互连技术上运行。
As a result of realizing this objective, the protocol will be capable of operation over both IPv4 and IPv6. It will also be designed such that it can operate within tightly administered networks, such as enterprise networks, or on open, public access networks. For example, VLAN tunnels can be used across different types of networks over which CAPWAP will operate.
由于实现了这一目标,该协议将能够在IPv4和IPv6上运行。它的设计也将使其能够在严格管理的网络(如企业网络)内运行,或在开放的公共接入网络上运行。例如,VLAN隧道可以跨CAPWAP将运行的不同类型的网络使用。
Protocol Requirement:
协议要求:
The CAPWAP protocol MUST NOT be constrained to specific underlying transport mechanisms.
CAPWAP协议不得局限于特定的底层传输机制。
Motivation and Protocol Benefits:
动机和协议好处:
The main aim of the CAPWAP protocol is to achieve interoperability among various WTPs and WLAN controllers. As such, the motivation for this requirement is for the protocol to be operable independent of underlying interconnection technologies.
CAPWAP协议的主要目的是实现各种WTP和WLAN控制器之间的互操作性。因此,该要求的动机是使协议独立于底层互连技术进行操作。
Relation to Problem Statement:
与问题陈述的关系:
The Problem Statement discusses the complexity of configuring large WLANs. The selection of available interconnection technologies for large-scale deployments further intensifies this complexity. This requirement avoids part of the complexity by advocating independence of the operational aspects of the protocol from underlying transport.
问题陈述讨论了配置大型WLAN的复杂性。为大规模部署选择可用的互连技术进一步加剧了这种复杂性。这一要求通过提倡协议的操作方面独立于底层传输来避免部分复杂性。
Classification: Operations
分类:业务
Description:
说明:
This objective focuses on the informational needs of WLAN access control and specifically the role of the CAPWAP protocol in transporting this information between WTPs and their WLAN controller.
该目标主要关注WLAN访问控制的信息需求,特别是CAPWAP协议在WTP及其WLAN控制器之间传输信息的作用。
The following are some specific information aspects that need to be transported by the CAPWAP protocol:
以下是CAPWAP协议需要传输的一些特定信息方面:
i. IEEE 802.11 association and authentication
i. IEEE 802.11关联和认证
The association of wireless clients is distinct for initial and roaming cases. As a result, access control mechanisms require specific contextual information regarding each case. Additionally, load balancing, QoS, security, and congestion information in both wireless medium segments and switching segments need to be considered.
对于初始和漫游情况,无线客户端的关联是不同的。因此,访问控制机制需要关于每个案例的特定上下文信息。此外,还需要考虑无线媒体段和交换段中的负载平衡、QoS、安全性和拥塞信息。
ii. WTP Access Control
二、访问控制
In addition to controlling access for wireless clients, it is also necessary to control admission of new WTPs. Given the threat of rogue WTPs, it is important for CAPWAP to relay appropriate authentication information between new WTPs and the WLAN controller.
除了控制无线客户端的访问外,还需要控制新WTP的准入。鉴于恶意WTP的威胁,CAPWAP必须在新WTP和WLAN控制器之间中继适当的身份验证信息。
Protocol Requirement:
协议要求:
The CAPWAP protocol MUST be capable of exchanging information required for access control of WTPs and wireless terminals.
CAPWAP协议必须能够交换WTP和无线终端访问控制所需的信息。
Motivation and Protocol Benefits:
动机和协议好处:
Due to the scale of deployments in which CAPWAP will be employed, comprehensive access control is crucial. The effectiveness of access control in turn is affected by the information on which such control is based. As a result, this objective has critical relevance to a CAPWAP protocol.
由于CAPWAP的部署规模,全面的访问控制至关重要。访问控制的有效性反过来又受到这种控制所依据的信息的影响。因此,该目标与CAPWAP协议具有关键相关性。
Relation to Problem Statement:
与问题陈述的关系:
This objective addresses the issue of access control in large WLANs. Broadly, it relates the problem of managing the complexity scale of such networks. With collective information of both switching and wireless medium segments, realizing this objective will help control and manage complexity.
该目标解决了大型无线局域网中的访问控制问题。从广义上讲,它涉及管理此类网络的复杂性规模的问题。通过收集交换和无线媒体段的信息,实现这一目标将有助于控制和管理复杂性。
The following objectives have been prioritized as non-objectives during the course of working group consultations. They have been prioritized so in the context of CAPWAP and its considerations. They may, however, be applicable in alternative contexts.
在工作组磋商过程中,下列目标被列为非目标。在CAPWAP及其考虑因素的背景下,它们被列为优先事项。然而,它们可能适用于其他情况。
Classification: Architecture
分类:建筑
Description:
说明:
The CAPWAP protocol should provide an engine-mechanism to spring WTP auto-configuration and/or software version updates and should support integration with existing network management system. WLAN controller as a management agent is optional.
CAPWAP协议应为spring WTP自动配置和/或软件版本更新提供引擎机制,并应支持与现有网络管理系统的集成。WLAN控制器作为管理代理是可选的。
If entities other than WLAN controllers manage some aspects of WTPs, such as software downloads, the CAPWAP protocol may be used for WTPs to notify WLAN controllers of any changes made by the other entities.
如果WLAN控制器以外的实体管理WTP的某些方面,例如软件下载,则CAPWAP协议可用于WTP,以通知WLAN控制器其他实体所做的任何更改。
Protocol Requirement:
协议要求:
The CAPWAP protocol SHOULD be capable of recognizing legacy WTPs and existing network management systems.
CAPWAP协议应能够识别传统WTP和现有网络管理系统。
Motivation and Protocol Benefits:
动机和协议好处:
It is expected that in many cases, the centralized WLAN architecture will be deployed incrementally with legacy systems. In this regard, it is necessary for the protocol to be used in scenarios with mixed WLAN devices.
预计在许多情况下,集中式WLAN架构将与遗留系统一起增量部署。在这方面,有必要在混合WLAN设备的场景中使用该协议。
Relation to Problem Statement:
与问题陈述的关系:
The Problem Statement highlights management complexity as a major issue with large WLANs. One part of this complexity can be related to the incremental deployment of centralized WLAN devices for which this objective is applicable.
问题陈述强调管理复杂性是大型WLAN的一个主要问题。这种复杂性的一部分可能与此目标适用的集中式WLAN设备的增量部署有关。
Classification: General
类别:一般
Description:
说明:
The CAPWAP protocol must not require AC and WTP vendors to share technical specifications to establish compatibility. The protocol specifications alone must be sufficient for compatibility.
CAPWAP协议不得要求AC和WTP供应商共享技术规范以建立兼容性。仅协议规范就必须足以实现兼容性。
Protocol Requirement:
协议要求:
WTP vendors SHOULD NOT have to share technical specifications for hardware and software to AC vendors in order for interoperability to be achieved.
为了实现互操作性,WTP供应商不必向AC供应商共享硬件和软件的技术规范。
Motivation and Protocol Benefits:
动机和协议好处:
It is beneficial for WLAN equipment vendors to refer to a single set of specifications while implementing the CAPWAP protocol. This helps to ease and quicken the development process.
WLAN设备供应商在实施CAPWAP协议时参考一组规范是有益的。这有助于缓解和加快开发过程。
Relation to Problem Statement:
与问题陈述的关系:
This requirement is based on WG discussions that have been determined to be important for CAPWAP.
该要求基于工作组的讨论,这些讨论已被确定为对CAPWAP很重要。
This objective has been prioritized as a non-objective as it is a duplicate of the Protocol Specifications objective (Section 5.1.12).
该目标已被列为非目标,因为它与协议规范目标(第5.1.12节)重复。
The following objectives have been provided by network service operators. They represent the requirements from those ultimately deploying the CAPWAP protocol in their WLANs.
网络服务运营商提供了以下目标。它们代表了最终在其WLAN中部署CAPWAP协议的用户的需求。
Classification: Operations
分类:业务
Description:
说明:
Network service operators consider handoffs crucial because of the mobile nature of their customers. In this regard, the CAPWAP protocol should not adversely affect AP fast-handoff procedures. The protocol may support optimizations for fast handoff procedures so as to allow better support for real-time services during handoffs.
网络服务运营商认为,切换是至关重要的,因为他们的客户的移动性质。在这方面,CAPWAP协议不应对AP快速切换程序产生不利影响。该协议可以支持对快速切换过程的优化,以便允许在切换期间更好地支持实时服务。
Protocol Requirement:
协议要求:
CAPWAP protocol operations MUST NOT impede or obstruct the efficacy of AP fast-handoff procedures.
CAPWAP协议操作不得妨碍或妨碍AP快速切换程序的有效性。
The objectives presented in this document address three main aspects of the CAPWAP protocol, namely:
本文件中提出的目标涉及CAPWAP协议的三个主要方面,即:
i. Architecture ii. Operations iii. Security
i. 建筑2。行动三.安保
These requirements are aimed at focusing standardization efforts on a simple, interoperable protocol for managing large-scale WLANs. The architecture requirements specify the structural features of the protocol such as those relating to WTP types (local-MAC and split-MAC) and WTP structures (logical groups). The operations requirements address the functional aspects dealing with WTP configuration and management. Finally, the security requirements cover authentication and integrity aspects of protocol exchanges.
这些要求旨在将标准化工作集中在一个简单、可互操作的协议上,用于管理大规模wlan。体系结构要求规定了协议的结构特征,例如与WTP类型(本地MAC和拆分MAC)和WTP结构(逻辑组)相关的结构特征。操作要求涉及处理WTP配置和管理的功能方面。最后,安全要求涵盖协议交换的身份验证和完整性方面。
The objectives have additionally been prioritized to reflect their immediate significance to the development and evaluation of an interoperable CAPWAP protocol. The priorities are Mandatory and Accepted, Desirable, and Non-Objectives. They reflect working group consensus on the effectiveness of the requirements in the context of protocol design.
此外,还对这些目标进行了优先排序,以反映它们对开发和评估可互操作的CAPWAP协议的直接意义。优先事项是强制性的、可接受的、可取的和非目标的。它们反映了工作组在协议设计背景下对要求有效性的共识。
Additionally, this document includes requirements from network service operators that have been derived based on their experience in operating large-scale WLANs.
此外,本文件还包括网络服务运营商的要求,这些要求是根据他们在运营大规模无线局域网方面的经验得出的。
The resulting requirements from this document will be used in conjunction with the CAPWAP Problem Statement [RFC3990] and CAPWAP Architecture Taxonomy [RFC4118] to develop and evaluate an interoperable protocol for the control and provisioning of WTPs in large-scale WLANs.
本文件产生的要求将与CAPWAP问题声明[RFC3990]和CAPWAP体系结构分类[RFC4118]结合使用,以开发和评估用于控制和提供大规模WLAN中WTP的可互操作协议。
The CAPWAP framework highlights support for both local-MAC and split-MAC WTPs. In deployments where both types of WTPs are used, it is crucial to ensure that each be secured in consideration of its capabilities. The Architecture Taxonomy illustrates how different WTPs incorporate varying levels of functionalities. Development of the CAPWAP protocol should ensure that the deployment of both local-MAC and split-MAC WTPs within a single WLAN do not present loopholes for security compromises.
CAPWAP框架强调了对本地MAC和拆分MAC WTP的支持。在同时使用两种类型WTP的部署中,确保每种WTP的安全性(考虑到其功能)至关重要。架构分类说明了不同的WTP如何结合不同级别的功能。CAPWAP协议的开发应确保在单个WLAN中部署本地MAC和拆分MAC WTP不会出现安全漏洞。
In shared WLAN deployments made of a number of logical groups, traffic from each group needs to be mutually separated. So in addition to protocol-related exchanges, data traffic from wireless terminals should also be segregated with respect to the logical groups to which they belong. It should not be possible for data or control traffic from one logical group to stray to or influence another logical group.
在由多个逻辑组组成的共享WLAN部署中,来自每个组的流量需要相互分离。因此,除了与协议相关的交换之外,来自无线终端的数据流量还应该根据它们所属的逻辑组进行隔离。一个逻辑组中的数据或控制流量不应偏离或影响另一个逻辑组。
The use of IEEE 802.11i over the centralized WLAN architecture allows for implementations in which the PMK is shared across WTPs. This raises the ambiguity between legitimate sharing and illegitimate copies. Wireless terminals may unknowingly fall prey to or exploit this ambiguity. The resolution of this issue is currently being evaluated by the IEEE 802 and IETF liaisons.
在集中式WLAN架构上使用IEEE 802.11i允许在WTP之间共享PMK的实现。这引起了合法共享和非法复制之间的模糊性。无线终端可能会不知不觉地成为这种模糊性的牺牲品或利用这种模糊性。IEEE 802和IETF联络人目前正在评估该问题的解决方案。
The low cost of launching attacks on WLANs makes the CAPWAP protocol a target. A first step in securing against any form of attacks is to continuously monitor the WLAN for conditions of potential threats from rogue WTPs or wireless terminals. For example, profiles for DoS and replay attacks need to be considered for the CAPWAP protocol to effectively monitor security conditions.
对WLAN发起攻击的低成本使CAPWAP协议成为攻击目标。防范任何形式攻击的第一步是持续监控WLAN,以了解来自恶意WTP或无线终端的潜在威胁。例如,CAPWAP协议需要考虑DoS和replay攻击的配置文件,以有效监控安全状况。
The open environment of many WLAN deployments makes physical security breaches highly probable. Compromises resulting from theft and physical damage must be considered during protocol development. For instance, it should not be possible for a single compromised WTP to affect the WLAN as a whole.
许多WLAN部署的开放环境极有可能导致物理安全漏洞。在协议开发过程中,必须考虑盗窃和物理损坏造成的损害。例如,单个受损WTP不可能影响整个WLAN。
Considering asymmetric, non-mutual authentication between WTPs and the WLAN controller, there is a risk of a rogue participant exploiting such an arrangement. It is preferable to avoid non-mutual authentication. In some cases, the legitimacy of the protocol exchange participants may be verified externally, for example, by means of physical containment within a close environment. Asymmetric authentication may be appropriate here without risk of security compromises.
考虑到WTP和WLAN控制器之间的非对称、非相互认证,存在恶意参与者利用这种安排的风险。最好避免非相互认证。在某些情况下,协议交换参与者的合法性可以在外部进行验证,例如,通过在封闭环境中进行物理限制。非对称身份验证在这里可能是合适的,不会有安全隐患。
The authors would like to thank the working group chairs, Dorothy Gellert and Mahalingam Mani, for their support and patience with this document. We would also like to thank participants of the working group who have helped shape the objectives. In particular, the authors thank James Kempf, Pat Calhoun, Inderpreet Singh, Dan Harkins, T. Sridhar, Charles Clancy, and Emek Sadot for their invaluable inputs. We also extend our gratitude to the IEEE 802.11 Ad-Hoc Committee for its evaluation of the document. The authors also acknowledge the contributions from Meimei Dang, Satoshi Iino, Mikihito Sugiura, and Dong Wang.
作者感谢工作组主席Dorothy Gellert和Mahalingam Mani对本文件的支持和耐心。我们还要感谢工作组的与会者,他们帮助制定了目标。特别是,作者感谢詹姆斯·肯普夫、帕特·卡尔霍恩、因德普里特·辛格、丹·哈金斯、T·斯里达尔、查尔斯·克兰西和埃梅克·萨多的宝贵投入。我们还感谢IEEE 802.11特设委员会对该文件的评估。作者还感谢Dang Meimei、Satoshi Iino、Mikihito Sugiura和Dong Wang的贡献。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC3990] O'Hara, B., Calhoun, P., and J. Kempf, "Configuration and Provisioning for Wireless Access Points (CAPWAP) Problem Statement", RFC 3990, February 2005.
[RFC3990]O'Hara,B.,Calhoun,P.,和J.Kempf,“无线接入点(CAPWAP)配置和配置问题声明”,RFC 39902005年2月。
[RFC4118] Yang, L., Zerfos, P., and E. Sadot, "Architecture Taxonomy for Control and Provisioning of Wireless Access Points (CAPWAP)", RFC 4118, June 2005.
[RFC4118]Yang,L.,Zerfos,P.,和E.Sadot,“无线接入点控制和供应(CAPWAP)的体系结构分类”,RFC 4118,2005年6月。
[802.11] IEEE Standard 802.11, "Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications", June 2003.
[802.11]IEEE标准802.11,“无线局域网介质访问控制(MAC)和物理层(PHY)规范”,2003年6月。
[802.11i] IEEE Standard 802.11i, "Medium Access Control (MAC) Security Enhancements", July 2004.
[802.11i]IEEE标准802.11i,“媒体访问控制(MAC)安全增强”,2004年7月。
[802.11e] IEEE Standard 802.11e, "Medium Access Control (MAC) Quality of Service Enhancements", November 2005.
[802.11e]IEEE标准802.11e,“介质访问控制(MAC)服务质量增强”,2005年11月。
[RFC4107] Bellovin, S. and R. Housley, "Guidelines for Cryptographic Key Management", BCP 107, RFC 4107, June 2005.
[RFC4107]Bellovin,S.和R.Housley,“加密密钥管理指南”,BCP 107,RFC 4107,2005年6月。
Authors' Addresses
作者地址
Saravanan Govindan Panasonic Singapore Laboratories Block 1022, Tai Seng Industrial Estate #06-3530, Tai Seng Avenue Singapore 534 415 Singapore
Saravanan Govindan Panasonic新加坡实验室新加坡大圣工业区1022座#新加坡大圣大道06-3530号新加坡534 415
Phone: +65 6550 5441 EMail: saravanan.govindan@sg.panasonic.com
Phone: +65 6550 5441 EMail: saravanan.govindan@sg.panasonic.com
Zhonghui Yao Huawei Longgang Production Base Shenzhen 518 129 P. R. China
中汇姚华为龙岗生产基地中国深圳518129
Phone: +86 755 2878 0808 EMail: yaoth@huawei.com
Phone: +86 755 2878 0808 EMail: yaoth@huawei.com
Wenhui Zhou China Mobile 53A, Xibianmen Ave, Xuanwu District Beijing 100 053 P. R. China
中国移动北京市宣武区西边门大街53A号文汇周100 053
Phone: +86 10 6600 6688 ext.3061 EMail: zhouwenhui@chinamobile.com
Phone: +86 10 6600 6688 ext.3061 EMail: zhouwenhui@chinamobile.com
L. Lily Yang Intel Corp. JF3-206, 2111 NE 25th Ave. Hilsboro, OR 97124 USA
L.Lily Yang Intel Corp.JF3-206,地址:美国希尔斯伯罗东北25大道2111号,邮编:97124
Phone: +1 503 264 8813 EMail: lily.l.yang@intel.com
Phone: +1 503 264 8813 EMail: lily.l.yang@intel.com
Hong Cheng Panasonic Singapore Laboratories Block 1022, Tai Seng Industrial Estate #06-3530, Tai Seng Avenue Singapore 534 415 Singapore
新加坡泰生大道06-3530号泰生工业区1022号宏诚松下新加坡实验室新加坡534 415
Phone: +65 6550 5447 EMail: hong.cheng@sg.panasonic.com
Phone: +65 6550 5447 EMail: hong.cheng@sg.panasonic.com
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (2006).
版权所有(C)互联网协会(2006年)。
This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。
This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件及其包含的信息是按“原样”提供的,贡献者、他/她所代表或赞助的组织(如有)、互联网协会和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Intellectual Property
知识产权
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.
Acknowledgement
确认
Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA).
RFC编辑器功能的资金由IETF行政支持活动(IASA)提供。