The CAPWAP Tunnel is when the AP joins a WLC, a Control and Provisioning of Wireless Access Points protocol (CAPWAP) tunnel is formed between the two devices. All traffic, which includes all client traffic, is sent through the CAPWAP tunnel.
its a protocol that enables an access controller (AC) to manage a collection of wireless termination points. CAPWAP is defined in RFC 5415.
The IETF developed CAPWAP with three goals in mind: to centralize authentication and policy enforcement functions in wireless networks, to shift higher-level protocol processing away from access points and to provide an extensible protocol that could be used with various types of access points
When supported and enabled, CAPWAP's first function is to initiate a discovery phase. Wireless APs search for a controller by sending discovery request messages. Upon receiving a discovery request, the controller replies with a discovery response. At this point, the two devices establish a secure connection using the Datagram Transport Layer Security (DTLS) protocol to exchange CAPWAP control and data messages. Control messages contain information and instructions related to WLAN management, while Data messages encapsulate forwarded wireless frames. Each is sent over a different User Datagram Protocol udp port.
According to the IETF, CAPWAP supports two modes of operation: split and local MAC. In split MAC mode, the CAPWAP protocol encapsulates all Layer 2 wireless data and management frames, which are then exchanged between the controller and AP. Local MAC mode enables data frames to be locally bridged or tunneled as Ethernet frames. In either mode, the AP processes Layer 2 wireless management frames locally, then forwards them to the controller.
