Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

wireless client traffic


my question is how the end user or client's device like (laptop or any other device) with wireless lan card built-in

go to the internet over the wireless network?

for example one WLC control 5 LAPs and there is one ssid like WLAN1

when any one connects to that ssid how the data packets go to the internet?

are the packets go through the WLC or wired network like where access points are connect in switches ?

what about wlc is this only to control the access points or it has any role in sending and recieving of data too?



Re: wireless client traffic

The WLC will do both the data processing as well as the AP control

AP to WLC there is a CAPWAP tunnel , through which the data reaches the WLC. The WLC removes the tunnel encapsulation header and tag it with the respective vlan infromation and send it to the infrastructure switch. The switch just process it like any other wired frame

New Member

Re: wireless client traffic

Hi Nikhil ,

I have one query.

Doesn't the switch directly connected to the AP , ( Client--------->AP ------> "Switch" ) , tag the frame with the VLAN ID , that the switch port is configured as.

I am a bit confused as to how do things work  " Post Acces Point  to the rest of the network  ".

Thanks ,


New Member

Re: wireless client traffic

Switch that hosts the AP can tag traffic comming from the AP with VLAN information - that is true.

But regardless of that part, the client traffic will be first encapsulated in to CAPWAP, then if there is tagging at the switch will that CAPWAP packet will be tagged with VLAN, then it will be sent towards the WLC. Once WLC receives that packet it will strip CAPWAP and place client packet in to assigned VLAN (according to SSID-to-VLAN mapping).

VIP Purple

Re: wireless client traffic

Below is common physical connectivity in most deployment scenario & flow of a packet in the path.

client <----> AP <---> Access Switch <--->Distribuition Switch <---> WLC

1. Client original IP packet  encapsulate with wireless headers and comes as 802.11 wireless frames upto AP.

2. AP will remove wireless headers & encapsulate original IP packet with CAPWAP (another IP header) & send it to WLC as destination.

3. When this packet leaves Access switch (to distribution) there will be layer 2 tag (dot1q) added to indicate this traffic coming from access vlan configure for AP

4. Distribution switch will send it to WLC as a tagged frame

5. WLC remove this layer 2 tag & remove the CAPWAP headers as well prior to send it to wired network (again through Distribution switch)

6. Then WLC send original IP packet with layer 2 tags back to distribution switch with destination address as wired side IP.

7. Distribution switch send it to next hop in wired network.

Bottom line is ALL traffic is traversing via WLC (except CAPWAP control traffic which will terminate on WLC). Also traffic is enpsulated with additional IP header(CAPWAP) between the AP <--> WLC. While packet in that path switches cannot see the original IP packet & only see the outer CAPWAP IP header information.



Re: wireless client traffic

In addition to controlling AP’s WLC also do control data through anchor-mobility-

For inter-controller CAPWAP data and control traffic for releases 5.0, 6.0, and 7.0, you must open the ports 5247 and 5246


For inter-controller LWAPP data and control traffic for prior releases to 5.0, do not open ports 12222 and 12223.

Re: wireless client traffic

Hello guys, please go through Cisco Unified Wireless Technology and Architecture . In the below link you will get packet level explaination with the roles of AP/ wlc and how tunnels work b/w them.

New Member

Re: wireless client traffic

Hi guys ,

I came across a screenshot of a capwap wireshark capture .

I am not sure what devices the Ip-addresses/Mac-addresses belong to.

A. I am assuming the outermost Ethernet Address should be of :

    Source : AP & Destination : Controller.

B. The Outermost IP Header source and destination should be of :

     AP ip address and WLC Ip address.

C. I can find another ip address ( Inner header).

I am confused as to what are the Source/Destination IP/MAC addresses .

Need your suggestions.

VIP Purple

Re: wireless client traffic

Hi Rahul,

yes, your answers are correct for A & B.

for C, Inner address belong to original IP packect came to access point from client. According to the capture is client IP address & is the destination IP address client trying to reach.

When this packet comes to AP it will add this additional CAPWAP hearder with source as AP IP & destination as WLC ap-mgr IP (or mgt IP if no seperate ap-mgr interface)



**** Pls rate all useful responses ****

New Member

Re: wireless client traffic

Thanx Rasika & Jha..!

Its clear now. !

Cisco Employee

Re: wireless client traffic

Hi got your query answered in FAQ please find below:-

Q.    Does all network traffic from and to a WLAN client tunnel through a   Wireless LAN Controller (WLC) once the access point (AP) gets registered with   the controller?

A. When the AP joins a WLC, a Control and Provisioning of Wireless Access       Points protocol (CAPWAP) tunnel is formed between the two devices. All traffic,       which includes all client traffic, is sent through the CAPWAP tunnel.

The only exception to this is when an AP is in hybrid-REAP mode. The       hybrid-REAP access points can switch client data traffic locally and perform       client authentication locally when their connection to the controller is lost.       When they are connected to the controller, they can also send traffic back to       the controller.

CreatePlease to create content