Introduction to CAPWAP
CAPWAP is an IEEE standard protocol that enables a WLC to manage multiple APs and WLANs. CAPWAP is also responsible for the encapsulation and forwarding of WLAN client traffic between an AP and a WLC.
CAPWAP is based on LWAPP but adds additional security with Datagram Transport Layer Security (DTLS). CAPWAP establishes tunnels on User Datagram Protocol (UDP) ports. CAPWAP can operate either over IPv4 or IPv6, as shown in the figure, but uses IPv4 by default.
IPv4 and IPv6 both use UDP ports 5246 and 5247. Port 5246 is for CAPWAP control messages used by the WLC to manage the AP. Port 5247 is used by CAPWAP to encapsulate data packets traveling to and from wireless clients. However, CAPWAP tunnels use different IP protocols in the packet header. IPv4 uses IP protocol 17 and IPv6 uses IP protocol 136.
The figure shows a small IPv4 or IPv6 network in the cloud. A WLC connects to three APs using CAPWAP.