Capwap Mailing List: RE: BSSID-WLAN mappings

[Bob O'Hara (boohara) (boohara]

There are also security issues when there is not a 1:1 mapping of WLAN to BSSID.  Without this restriction, a station will not have any assurance that traffic it believes is encrypted and protected according to the policy of the WLAN to which it is associated is not being decrypted by an oracle (the AP) and rebroadcast to other stations without the same requirements for abiding with the same security policies.

 

We should not be implementing, or requiring an CAPWAP implementation to implement a method that lowers the security of the WLAN.

 -Bob
 

 

---

From: Puneet [mailto:pb.ietf [at] gmail.com]
Sent: Sunday, April 16, 2006 4:47 PM
To: Saravanan Govindan
Cc: capwap [at] frascone.com
Subject: Re: [Capwap] BSSID-WLAN mappings

Hi Saravanan,

I see your point, but this seems to address a 
very specific deployment scenario (service providers sharing WLAN equipment). If 
nothing else in the CAPWAP messages is dependent on this, then this should be a 
recommendation instead of a mandate. That way the protocol remains inclusive, 
and also meets its objective.

I think it is very important that existing 
implementations are not excluded just because they dont seem to meet one 
specific need in a specific deployment 
scenario.

Thanks,
Puneet

On 4/15/06, Saravanan Govindan <saravanang [at] hotmail.com> wrote:

Hi Puneet,

My concern regarding the BSSID - WLAN mapping is based on the mandatory
Objective "Logical Groups" (Section 5.1.1 of CAPWAP Objectives).

The Objective requires that WTP traffic be kept logically distinct among
logical groups. This arises from the commercial need of service providers
sharing WLAN infrastructure equipment. Service providers want their traffic
to be distinguished both over the wireless environment (e.g. BSSIDS) and
over the AC-WTP environment (e.g. WLANs).

The BSSID-WLAN mapping issue is the technical requirement coming from this
commercial need. It allows an AC - or WTP - to decide how logical groups are
separated over the wireless and AC-WTP segments. So by making this mapping,
CAPWAP frames of different logical groups (WLANs) can be distinctly
exchanged.

I agree with others that this mapping should not exclude any implementation
- my concern is that the mapping be including in the first place.

Cheers,

Saravanan




>  ------------------------------
> *From:* Puneet [mailto:pb.ietf [at] gmail.com]
> *Sent:* Friday, April 14, 2006 12:29 AM
> *To:* capwap [at] frascone.com
> *Subject:* [Capwap] BSSID-WLAN mappings
>
> the BSSID description in Section 11.9.1 'WTP Radio Configuration' notes
> that a WTP that supports 16 WLANS MUST have 16 MAC addresses reserved for
> it. Why? ie. what part of the protocol does not work if we have multiple
> SSIDs on a single BSSID? (whether thats good design or bad is a different
> matter). Since the WLAN ID could be used in all such places to convey
WLAN
> information back to the AC, why do we need to mandate this 1:1 BSSID-WLAN
> mapping?
>
> Thanks,
> Puneet
>
> _________________________________________________________________
> To unsubscribe or modify your subscription options, please visit:
> http://lists.frascone.com/mailman/listinfo/capwap
>
> Archives: http://lists.frascone.com/pipermail/capwap
>

_________________________________________________________________
Get an advanced look at the new version of MSN Messenger.
http://messenger.msn.com.sg/Beta/Default.aspx