Capwap Mailing List

View Index by: Date - Thread - Author
Re: Issue 155: WTP/AC ACL Synchronization Issue
From: Pat Calhoun (pacalhou) (pcalhouncisco.com)
Date: Wed, 6 Aug 2008 09:18:43 -0700 (PDT) 
OK, great. Here is the proposed changes.

I am deleting the following text:

<deleted text>
4.6.  CAPWAP Protocol Message Elements
[...]
   Add Static MAC ACL Entry                              9
[...]
   Delete Static MAC ACL Entry                          19


4.6.9.  Add Static MAC ACL Entry

   The Add Static MAC ACL Entry message element is used by an AC to add
   a permanent ACL entry on a WTP, ensuring that the WTP no longer
   provides any service to the MAC addresses provided in the message.
   The MAC Addresses provided in this message element are expected to be
   saved in non-volatile memory on the WTP.

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     | Num of Entries|     Length    |          MAC Address ...
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type:   9 for Add Static MAC ACL Entry

   Length:   >= 8

   Num of Entries:   The number of instances of the Length/MAC Addresses
      fields in the array.  This value MUST NOT exceed 255.

   Length:  The length of the MAC Address field.  The following formats,
      and lengths, are supported [EUI-48] and [EUI-64].

   MAC Address:   MAC Addresses to add to the permanent ACL.

4.6.22.  Delete Static MAC ACL Entry

   The Delete Static MAC ACL Entry message element is used by an AC to
   delete a previously added static MAC ACL entry on a WTP, ensuring
   that the WTP provides service to the MAC addresses provided in the
   message.

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     | Num of Entries|     Length    |         MAC Address ...
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type:   19 for Delete Static MAC ACL Entry

   Length:   >= 8

   Num of Entries:   The number of instances of the Length/MAC Addresses
      fields in the array.  This field MUST NOT exceed the value of
      1024.

   Length:  The length of the MAC Address field.  The following formats,
      and lengths, are supported [EUI-48] and [EUI-64].

   MAC Address:   An array of MAC Addresses to delete from the static
      MAC ACL entry.


4.9.7.  Static ACL Table

   The static ACL table saved on the WTP, as configured by the Add
   Static MAC ACL Entry message element, see Section 4.6.9.

8.4.  Configuration Update Request
[...]
   o  Add MAC ACL Entry, see Section 4.6.7
[...]
   o  Delete Static MAC ACL Entry, see Section 4.6.22
</delete text> 

And have made the following changes, including adding a sentence to the
end of 4.6.7:

<new text>
4.6.  CAPWAP Protocol Message Elements
[...]
   Reserved                                              9
[...]
   Reserved                                             19

4.6.7.  Add MAC ACL Entry

   The Add MAC Access Control List (ACL) Entry message element is used
   by an AC to add a MAC ACL list entry on a WTP, ensuring that the WTP
   no longer provides service to the MAC addresses provided in the
   message.  The MAC Addresses provided in this message element are not
   expected to be saved in non-volatile memory on the WTP.  The MAC ACL
   table on the WTP is cleared everytime the WTP establishes a new
   session with an AC.
[...]
</new text>

PatC

-----Original Message-----
From: Nathan J. Williams [mailto:nathan.williams [at] thingmagic.com] 
Sent: Tuesday, August 05, 2008 3:35 PM
To: Pat Calhoun (pacalhou)
Cc: Nathan Williams; capwap [at] frascone.com; Pasi.Eronen [at] nokia.com
Subject: Re: [Capwap] Issue 155: WTP/AC ACL Synchronization Issue

"Pat Calhoun (pacalhou)" <pcalhoun [at] cisco.com> writes:

> Second, the way it works is that the AC *always* sends an updated list

> to the WTP at reboot. However, some WTPs *could* conceptually operate 
> without an AC (such as the case where the WAN link between the WTP and

> the AC is down). Obviously, such WTPs could only operate this way when

> configured for Local mode. Split mode requires an AC.
>
> So the WTP stores the ACL, and can use it even if it reboots and it is

> unable to connect to the AC. However, it always gets an updated list 
> from the AC when it does connect.
>
> So... Given that we've never discussed the concept of a WTP operating 
> without an AC, does it really make sense to leave this functionality 
> in the spec? I think we should pull out the Add/Delete Static message 
> elements, and deal with this in a future rev of the spec if the need 
> arises (because it will likely require more than just some verbage 
> here and there).
>
> Thoughts?

Deleting the Add/Delete Static message elements sounds good to me.
Should we spell out when the WTP's list is reset to zero? At the time of
association with an AC seems right, otherwise things like Primary
Discovery could re-introduce the problem of losing sync of the ACL.

        - Nathan

Results generated by Tiger Technologies using MHonArc.