Welcome to Cisco Support Community. We would love to have your feedback.
For an introduction to the new site, click here. And see here for current known issues.
The WLC v4.1 Config Guide says,
"all Layer 2 wired communications between
controllers and lightweight access points are secured by passing data through LWAPP tunnels."
Is it correct that this is only true for the LWAPP Control channel which is encrypted - the LWAPP Data channel is in clear text which WireShark has no problem parsing, right?
Only LWAPP control message payloads are encrypted. As you've stated however LWAPP data payaloads are not encrypted as the wired network is assumed to be relatively secure (compared to wireless).
Additional Reference Appendix B in this document: