Network Working Group P. Calhoun Request for Comments: 5417 Cisco Systems, Inc. Category: Standards Track March 2009
Control And Provisioning of Wireless Access Points (CAPWAP) Access Controller DHCP Option
Status of This Memo
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents in effect on the date of publication of this document (http://trustee.ietf.org/license-info). Please review these documents carefully, as they describe your rights and restrictions with respect to this document.
This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English.
Abstract
The Control And Provisioning of Wireless Access Points Protocol allows a Wireless Termination Point to use DHCP to discover the Access Controllers to which it is to connect. This document describes the DHCP options to be used by the CAPWAP Protocol.
Calhoun Standards Track [Page 1]
RFC 5417 CAPWAP AC DHCP Option March 2009
Table of Contents
1. Introduction ....................................................2 1.1. Conventions Used in This Document ..........................2 1.2. Terminology ................................................2 2. CAPWAP AC DHCPv4 Option .........................................2 3. CAPWAP AC DHCPv6 Option .........................................3 4. IANA Considerations .............................................5 5. Security Considerations .........................................5 6. Acknowledgments .................................................5 7. References ......................................................5 7.1. Normative References .......................................5 7.2. Informative References .....................................6
The Control And Provisioning of Wireless Access Points Protocol (CAPWAP) [RFC5415] allows a Wireless Termination Point (WTP) to use DHCP to discover the Access Controllers (AC) to which it is to connect.
Prior to the CAPWAP Discovery process, the WTP may use one of many methods to identify the proper AC with which to establish a CAPWAP connection. One of these methods is through the DHCP protocol. This is done through the CAPWAP AC DHCPv4 or CAPWAP AC DHCPv6 Option.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].
option-length: Length of the 'options' field in octets; MUST be a multiple of four (4).
AC IPv4 Address: IPv4 address of a CAPWAP AC that the WTP may use. The ACs are listed in the order of preference for use by the WTP.
A DHCPv4 client, acting on behalf of a CAPWAP WTP, MUST request the CAPWAP AC DHCPv4 Option in a Parameter Request List Option, as described in [RFC2131] and [RFC2132].
A DHCPv4 server returns the CAPWAP AC Option to the client if the server policy is configured appropriately and the server is configured with a list of CAPWAP AC addresses.
A CAPWAP WTP, acting as a DHCPv4 client, receiving the CAPWAP AC DHCPv4 Option MAY use the (list of) IP address(es) to locate an AC. The CAPWAP Protocol [RFC5415] provides guidance on the WTP's discovery process.
The WTP, acting as a DHCPv4 client, SHOULD try the records in the order listed in the CAPWAP AC DHCPv4 Option received from the DHCPv4 server.
option-length: Length of the 'options' field in octets; MUST be a multiple of sixteen (16).
AC IPv6 Address: IPv6 address of a CAPWAP AC that the WTP may use. The ACs are listed in the order of preference for use by the WTP.
A DHCPv6 client, acting on behalf of a CAPWAP WTP, MUST request the CAPWAP AC DHCPv6 Option in a Parameter Request List Option, as described in [RFC3315].
A DHCPv6 server returns the CAPWAP AC Option to the client if the server policy is configured appropriately and the server is configured with a list of CAPWAP AC addresses.
A CAPWAP WTP, acting as a DHCPv6 client, receiving the CAPWAP AC DHCPv6 Option MAY use the (list of) IP address(es) to locate an AC. The CAPWAP Protocol [RFC5415] provides guidance on the WTP's discovery process.
The WTP, acting as a DHCPv6 client, SHOULD try the records in the order listed in the CAPWAP AC DHCPv6 Option received from the DHCPv6 server.
The security considerations in [RFC2131], [RFC2132], and [RFC3315] apply. If an adversary manages to modify the response from a DHCP server or insert its own response, a WTP could be led to contact a rogue CAPWAP AC, possibly one that then intercepts call requests or denies service. CAPWAP's use of Datagram Transport Layer Security (DTLS) MUST be used to authenticate the CAPWAP peers in the establishment of the session.
In most of the networks, the DHCP exchange that delivers the options prior to network access authentication is neither integrity protected nor origin authenticated. Therefore, in security sensitive environments, the options defined in this document SHOULD NOT be the only methods used to determine to which AC a WTP should connect. The CAPWAP protocol [RFC5415] defines other AC discovery procedures a WTP MAY utilize.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2131] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, March 1997.
Calhoun Standards Track [Page 5]
RFC 5417 CAPWAP AC DHCP Option March 2009
[RFC2132] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor Extensions", RFC 2132, March 1997.
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and M. Carney, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003.
[RFC5415] Montemurro, M., Stanley, D., and P. Calhoun, "CAPWAP Protocol Specification", RFC 5415, March 2009.