AP discovery is done with L2 multicast/broadcast in order for controller to see it. The adoption is done by controller SSH into AP to tell the AP where the controller is. After that, it's all AP calling home to perform tasks controller asks it to do. All the AP-controller management traffic goes un-tagged.
The Controller manages the AP using a proprietary TR-069-like management protocol. The main idea, for scalability, is for AP to phone home periodically via L3. And to support instant notifications from controller->AP, STUN is also used. The protocol is encrypted.
In basic terms, the process is as follows:
- By default, AP “discovery” occurs via Layer-2 broadcast / multicast traffic in order for a “local” controller to see it. UAP beacons, controller replies.
- Once “discovered”, the “adoption” takes place via SSH, whereby the controller tells the AP where it’s located on the network. (Layer-3 is possible too)
- After that, it's all AP “calling home” to perform tasks that the controller asks it to do.
Note: All the AP-controller management traffic goes un-tagged. The design has L3-management in mind where you can set up controller in the cloud.
There's an initial handshake that needs to occur between UAP beaconing and controller.
- When an AP is in factory default (LED shows steady amber/orange), it will obtain an IP from DHCP server and send out beacons - "I'm at factory default settings. Who can manage me?"
- Controller hears the beacon. As this device is in default state, shows the AP as PENDING.
- When the user decides to adopt the AP, controller will adopt the AP via SSH (using the IP information in the beacon and the default username/password)
- AP sends initial inform to http://controller_ip:8080/inform, the binding of controller-AP is now completed
After the UAP is adopted, communication changes slightly.
- When an UAP has been adopted (LED Color Patterns) but the controller is not present, the AP sends a slightly different beacon - "I'm here. When you (the controller) are up/ready. Come pick me up."
- When the original controller comes up, it hears the AP's beacon and finds that the AP is under its management. It will readopt the AP automatically via SSH (using the IP information in the beacon and with the non-default credential).