7-2
Cisco Wireless LAN Controller Configuration Guide
OL-17037-01
Chapter 7 Controlling Lightweight Access Points
Access Point Communication Protocols
Access Point Communication Protocols
In controller software release 5.2 or later, Cisco lightweight access points use the IETF standard Control
and Provisioning of Wireless Access Points protocol (CAPWAP) to communicate between the controller
and other lightweight access points on the network. Controller software releases prior to 5.2 use the
Lightweight Access Point Protocol (LWAPP) for these communications.
CAPWAP, which is based on LWAPP, is a standard, interoperable protocol that enables a controller to
manage a collection of wireless access points. CAPWAP is being implemented in controller software
release 5.2 for these reasons:
•
To provide an upgrade path from Cisco products that use LWAPP to next-generation Cisco products
that use CAPWAP
•
To manage RFID readers and similar devices
•
To enable controllers to interoperate with third-party access points in the future
LWAPP-enabled access points can discover and join a CAPWAP controller, and conversion to a
CAPWAP controller is seamless. For example, the controller discovery process and the firmware
downloading process when using CAPWAP are the same as when using LWAPP. The one exception is
for Layer 2 deployments, which are not supported by CAPWAP.
You can deploy CAPWAP controllers and LWAPP controllers on the same network. The
CAPWAP-enabled software allows access points to join either a controller running CAPWAP or LWAPP.
The only exception is the Cisco Aironet 1140 Series Access Point, which supports only CAPWAP and
therefore joins only controllers running CAPWAP. For example, an 1130 series access point can join a
controller running either CAPWAP or LWAPP whereas an 1140 series access point can join only a
controller running CAPWAP.
Guidelines for Using CAPWAP
Follow these guidelines when using CAPWAP:
•
If your firewall is currently configured to allow traffic only from access points using LWAPP, you
must change the rules of the firewall to allow traffic from access points using CAPWAP.
•
Make sure that the CAPWAP UDP ports 5246 and 5247 (similar to the LWAPP UDP ports 12222
and 12223) are enabled and are not blocked by an intermediate device that could prevent an access
point from joining the controller.
•
If access control lists (ACLs) are in the control path between the controller and its access points,
you need to open new protocol ports to prevent access points from being stranded.
The Controller Discovery Process
In a CAPWAP environment, a lightweight access point discovers a controller by using CAPWAP
discovery mechanisms and then sends the controller a CAPWAP join request. The controller sends the
access point a CAPWAP join response allowing the access point to join the controller. When the access
point joins the controller, the controller manages its configuration, firmware, control transactions, and
data transactions.
Upgrade and downgrade paths from LWAPP to CAPWAP or from CAPWAP to LWAPP are supported.
An access point with an LWAPP image starts the discovery process in LWAPP. If it finds an LWAPP
controller, it starts the LWAPP discovery process to join the controller. If it does not find a LWAPP
controller, it starts the discovery in CAPWAP. If the number of times that the discovery process starts