AOS-W 6.5.3.x | User Guide Remote Access Points | 695
Chapter 31
Remote Access Points
The Secure Remote Access Point Service allows AP users, at remote locations, to connect to an Alcatel-Lucent
switch over the Internet. Because the Internet is involved, data traffic between the switch and the remote AP is
VPN encapsulated. That is, the traffic between the switch and AP is encrypted. Remote AP operations are
supported on all of Alcatel-Lucent’s APs.
Topics in this chapter include:
n About Remote Access Points on page 695
n Configuring the Secure Remote Access Point Service on page 697
n Deploying a Branch/Home Office Solution on page 703
n Enabling Remote AP Advanced Configuration Options on page 709
n Understanding Split Tunneling on page 723
n Understanding Bridge on page 729
n Provisioning Wi-Fi Multimedia on page 734
n Reserving Uplink Bandwidth on page 734
n Provisioning 4G USB Modems on Remote Access Points on page 735
n Configuring OAW-RAP3WN and OAW-RAP3WNP Access Points on page 740
n Converting an IAP to RAP or CAP on page 741
n Enabling Bandwidth Contract Support for RAPs on page 742
n RAP TFTP Image Upgrade
About Remote Access Points
Remote APs connect to a switch using Extended Authentication and Internet Protocol Security (XAuth/IPSec).
AP control and 802.11 data traffic are carried through this tunnel. Secure Remote Access Point Service extends
the corporate office to the remote site. Remote users can use the same features as corporate office users. For
example, voice over IP (VoIP) applications can be extended to remote sites while the servers and the PBX
remain secure in the corporate office.
For both RAPs and CAPs, tunneled SSIDs will be brought down eight seconds after the AP detects that there is
no connectivity to the switch. However, RAP bridge-mode SSIDs are configurable to stay up indefinitely
(always-on / persistent). For CAP bridge-mode SSIDs, the CAP will be brought down after the keepalive times
out (default 3.5 minutes).
Secure Remote Access Point Service can also be used to secure control traffic between an AP and the switch in a
corporate environment. In this case, both the AP and switch are in the company’s private address space.
The remote AP must be configured with the IPSec VPN tunnel termination point. Once the VPN tunnel is
established, the AP bootstraps and becomes operational. The tunnel termination point used by the remote AP
depends upon the AP deployment, as shown in the following scenarios:
n Deployment Scenario 1: The remote AP and switch reside in a private network which secures AP-to-switch
communication. (This deployment is recommended when AP-to-switch communications on a private
network need to be secured.) In this scenario, the remote AP uses the switch’s IP address on the private
network to establish the IPSec VPN tunnel.
To Next Page
Loading...