If a mesh point connects to a parent using the recovery profile, it may immediately exit recovery if the parent is
actively using one of its provisioned mesh cluster profiles. Once in recovery, a mesh point periodically exits
recovery to see if it can connect using an available provisioned mesh cluster profile. The recovery profile is
read-only; it cannot be modified or deleted.
The recovery profile is stored in the master switch’s configuration file and is unique to that master switch. If
necessary, you can transfer your configuration to another switch. If you do so, make sure your new mesh
cluster is running and you have re-provisioned the mesh nodes before deleting your previous configuration.
The APs learn the new recovery profile after they are provisioned with the new switch. This is also true if you
provision a mesh node with one master switch and use it with a different master switch. In this case, the
recovery profile does not work on the mesh node until you re-provision it with the new master switch.
Understanding Remote Mesh Portals (RMPs)
You can deploy mesh portals to create a hybrid mesh/remote AP environment to extend network coverage to
remote locations; this feature is called remote mesh portal, or RMP. The RMP feature integrates the functions
of a remote AP (RAP) and the Mesh portal. As a RAP, it sets up a VPN tunnel back to the corporate switch that
secures control traffic between the RAP and the switch.
The Remote Mesh Portal feature allows you to configure a remote AP at a branch office to operate as a mesh
portal for a mesh cluster. Other mesh points belonging to that cluster get their IP address and configuration
settings from the main office via an IPsec tunnel between the remote mesh portal and the main office switch.
This feature is useful for deploying an all-wireless branch office or creating a complete wireless network in
locations where there is no wired infrastructure in place.
When the client at the branch office associates to a virtual AP in split-tunnel forwarding mode, the client’s
DHCP requests are forwarded over a GRE tunnel (split tunnel) to the corporate network. This communication is
done over a secure VPN tunnel. The IPs are assigned from the corporate pool based on the VLAN tag
information, which helps to determine the corresponding VLAN. The VLAN tag also determines the subnet
from which the DHCP address has assigned.
A mesh point sends the DHCP request with the mesh private VLAN (MPV) parameter. The mesh point learns
the MPV value from the response during the mesh association. When the split tunnel is setup for the RMP on
the switch, the VLAN of the tunnel should be the MPV.A DHCP pool for the MPV should be setup on the switch.
The use of MPV makes it easy for the RMP to decide which requests to forward over the split tunnel. All
requests tagged with the MPV are sent over the split tunnel. Hence the MPV should be different from any user
VLAN that is bridged using the mesh network.
The RMP configuration requires an AP license. For more information about Alcatel-Lucent software licenses, see
Software Licenses on page 79.
AOS-W 6.5.3.x | User Guide Secure Enterprise Mesh | 603
To Next Page
Loading...