This MIB is intended to be implemented on all those devices operating as Central Controllers (CC) that terminate the Light Weight Access Point Protocol tunnel from Light-weight LWAPP Access Points. This MIB provides configuration and status information about the 802.11 WLAN mobility. The relationship between CC and the LWAPP APs can be depicted as follows: +......+ +......+ +......+ +......+ + + + + + + + + + CC + + CC + + CC + + CC + + + + + + + + + +......+ +......+ +......+ +......+ .. . . . .. . . . . . . . . . . . . . . . . . . . . . . . +......+ +......+ +......+ +......+ +......+ + + + + + + + + + + + AP + + AP + + AP + + AP + + AP + + + + + + + + + + + +......+ +......+ +......+ +......+ +......+ . . . . . . . . . . . . . . . . . . . . . . . . +......+ +......+ +......+ +......+ +......+ + + + + + + + + + + + MN + + MN + + MN + + MN + + MN + + + + + + + + + + + +......+ +......+ +......+ +......+ +......+ The LWAPP tunnel exists between the controller and the APs. The MNs communicate with the APs through the protocol defined by the 802.11 standard. LWAPP APs, upon bootup, discover and join one of the controllers and the controller pushes the configuration, that includes the WLAN parameters, to the LWAPP APs. The APs then encapsulate all the 802.11 frames from wireless clients inside LWAPP frames and forward the LWAPP frames to the controller. GLOSSARY Access Point ( AP ) An entity that contains an 802.11 medium access control ( MAC ) and physical layer ( PHY ) interface and provides access to the distribution services via the wireless medium for associated clients. LWAPP APs encapsulate all the 802.11 frames in LWAPP frames and sends it to the controller to which it is logically connected. Basic Service Set Identifier (BSSID) The identifier for the service set comprising of all the 802.11 stations under the control of one coordinating Access Point. This identifier happens to be the MAC address of the dot11 radio interface of the Access Point. The wireless clients that associate with the Access Point get the wired uplink through this particular dot11 interface. Central Controller ( CC ) The central entity that terminates the LWAPP protocol tunnel from the LWAPP APs. Throughout this MIB, this entity also referred to as 'controller'. Light Weight Access Point Protocol ( LWAPP ) This is a generic protocol that defines the communication between the Access Points and the Central Controller. Mobile Node ( MN ) A roaming 802.11 wireless device in a wireless network associated with an access point. Mobility Concept by which a Mobile Node can roam from one Access Point to another Access Point, across multiple Central Controllers, without need for repeated authentication. Mobility Group A set of Central Controllers which exchange Mobile Node's authentication information, so that the Mobile Node upon roaming need not re-authenticate. Mobility Anchor When a Central Controller in the Mobility Group is designated as Mobility Anchor, then all the Mobile Node's traffic is tunnelled to it by other Controllers in the Mobility Group. Guest Tunneling (GT) The concept of designating a Central Controller in the Mobility Group as Mobility Anchor, so that all the Mobile Node's traffic is tunnelled to it by other Controllers in the Mobility Group. Station Management (SMT) This term refers to the internal management of the 802.11 protocol operations by the AP to work cooperatively with the other APs and 802.11 devices in the network. Ethernet over Internet Protocol (EoIP) Ethernet over IP (EoIP) is a protocol that creates an Ethernet tunnel between two routers on top of an IP connection. The EoIP interface appears as an Ethernet interface. Reverse path filtering (RPF) Reverse path filtering (RPF) is a feature provided by most modern Internet Protocol routers, which may be used to reduce the risk of customers attacking other internet hosts. One of the problems network service providers face today is hackers generating packets with fake source IP addresses, a technique known as spoofing. This is often done in order to initiate a denial-of-service attack against another internet host or network. Since the source IP addresses of the incoming packets change, often randomly, and for every packet, the target of such an attack can't easily filter out the attacking packets. However, the source of the attack, i.e. the network service provider of the attacking host, has a simple way to stop such packets from ever leaving its network. A router always knows which networks are reachable via any of its interfaces. By checking the source IP address of all packets coming in via an interface against the networks known to be behind that interface, the router can simply drop packets that aren't supposed to come from there. Hence, reverse path filtering filters packets according to the 'reverse path' to their source address. If the path back to the source address does not match the path the packet is coming from, it is dropped. REFERENCE  Part 11 Wireless LAN Medium Access Control ( MAC ) and Physical Layer ( PHY ) Specifications.  Draft-obara-capwap-lwapp-00.txt, IETF Light Weight Access Point Protocol.