| Re: Issue 155: WTP/AC ACL Synchronization Issue | <– Date –> <– Thread –> |
From: Pat Calhoun (pacalhou) (pcalhoun cisco.com)
|
|
| Date: Thu, 31 Jul 2008 14:43:53 -0700 (PDT) | |
Sorry for the delay, had to talk to some of the developers to make sure that I understood what was going on. So, first, yes, this is a blacklist, and not an ACL. I think we opted to use the term ACL vs. blacklist because of it is less offensive to some. Second, the way it works is that the AC *always* sends an updated list to the WTP at reboot. However, some WTPs *could* conceptually operate without an AC (such as the case where the WAN link between the WTP and the AC is down). Obviously, such WTPs could only operate this way when configured for Local mode. Split mode requires an AC. So the WTP stores the ACL, and can use it even if it reboots and it is unable to connect to the AC. However, it always gets an updated list from the AC when it does connect. So... Given that we've never discussed the concept of a WTP operating without an AC, does it really make sense to leave this functionality in the spec? I think we should pull out the Add/Delete Static message elements, and deal with this in a future rev of the spec if the need arises (because it will likely require more than just some verbage here and there). Thoughts? PatC -----Original Message----- From: Nathan J. Williams [mailto:nathan.williams [at] thingmagic.com] Sent: Tuesday, July 29, 2008 9:37 AM To: Pat Calhoun (pacalhou) Cc: capwap [at] frascone.com; Pasi.Eronen [at] nokia.com Subject: Re: [Capwap] Issue 155: WTP/AC ACL Synchronization Issue "Pat Calhoun (pacalhou)" <pcalhoun [at] cisco.com> writes: > The protocol allows the AC to add and delete static MAC ACL > entries, but it > seems the AC can't check what the current ACL entries are. > This means the WTP and AC could get out-of-sync, right? (The AC > can't delete > the unneeded static MAC ACL entries if it doesn't know what they > are.) > > Well.... When a WTP comes up, it provides its configuration to the AC, > and at that point it would include its ACL table. Does it? I don't think the protocol has a message for communicating that state, and there certainly isn't one required or permitted in the Configuration Status message. Rereading around this, I'm reminded that the MAC ACL definition, at least as far as it can be understood from the add/remove message elements, is a little weird. It's a blacklist, and describing that as an ACL seems odd. As a blacklist, I would expect it to be empty by default, but that doesn't help the fact that the AC doesn't know the existing set of static entries. - Nathan
-
Issue 155: WTP/AC ACL Synchronization Issue Pat Calhoun (pacalhou), July 29 2008
- Re: Issue 155: WTP/AC ACL Synchronization Issue Pasi.Eronen, July 29 2008
-
Re: Issue 155: WTP/AC ACL Synchronization Issue Nathan J. Williams, July 29 2008
- Re: Issue 155: WTP/AC ACL Synchronization Issue Pat Calhoun (pacalhou), July 31 2008
- Re: Issue 155: WTP/AC ACL Synchronization Issue Nathan J. Williams, August 5 2008
- Re: Issue 155: WTP/AC ACL Synchronization Issue Pat Calhoun (pacalhou), August 6 2008
Results generated by Tiger Technologies using MHonArc.