Client data encryption is normally not done. LDPE feature is Licensed Data Payload Encryption (LDPE). Data Payload Encryption allows for the data that travels between the Access Point and the WLC to be Datagram Transport Layer Security (DTLS) encrypted.
Note: Non Russian customers using Cisco 5508 Series Controller do not need data DTLS license. If your controller does not have a data DTLS license and if the access point associated with the controller has DTLS enabled, the data path will be unencrypted
AIR-CT5500-K9-7-0-116-0.aes (Regular image)
· AIR-CT5500-LDPE-K9-7-0-116-0.aes (LDPE image)
It would appear that Russia has some requirements to encrypt their AP to WLC traffic internally.
NOTE: I came across a post by blogger/friend Sam C. @ sc-wifi.com that covers this subject in more detail. Thanks SAM! I should have called and opened a ticket with you instead! LOL