Research And Implementation Of CAPWAP Protocol Security

With the rapid development of wireless local area network, and the expansion ofwireless network in size and coverage, centralized wireless network architecture hasbeen gradually replacing the traditional autonomous network architecture. As thenetwork architecture matures and upgrades, access point control protocol forcentralized wireless LAN is continuously improved. The wireless access point’scontrol and configuration protocol released by IETF’s CAPWAP (Control andProvisioning of Wireless Access Points, CAPWAP) working group in April2009isdefined as an international standard. Meanwhile, with the further popularization of theInternet, the effects of network have penetrated into people’s daily life. Since the useof the Internet for illegal activities is becoming more rampant, network securityproblems now attract increasing attention.This paper analyzes the CAPWAP protocol security technology in-depth, andpresents the CAPWAP security principles and design ideas. Under the originalframework of the CAPWAP protocol, draw on DTLS encryption technology fromOpenssl source code to achieve the integration of the security module and the originalprotocol state machine, which enables CAPWAP tunnel transmit cipher texts.Meanwhile, as a standardized protocol, CAPWAP allows private achievement forcompanies, and based on H3C’s two private functions--intrusion detection technologyand black list filtering, this paper discusses privatization ideas and design methodsunder the framework of the CAPWAP protocol.Finally, the paper discusses system testing ideas and methods for the CAPWAPsecurity module. Combined with the actual test network environment, the analysis andsolutions of the various problems encountered in the testing process are given. Theresults show that the system meets the project requirements and standards, andachieves the original design goals. CAPWAP tunnel itself has the advantage ofcompatibility and stability, and security module provides a reliable protection for theCAPWAP tunnel, thus the CAPWAP system has reached the commercial standard.