User Guide
Secure Remote Access Points 11
CHAPTER 2
Secure Remote Access Points
The Secure Remote Access Point Service allows users to connect
APs on remote sites over the Internet to an Alcatel Mobility
Controller. This capability allows remote locations equipped with
Remote Access Points to connect to a corporate office, for
example, over the Internet.
The Remote AP uses L2TP/IPSEC to connect to the Alcatel
Mobility Controller with NAT-T (UDP port 4500 only) support. All
of the AP control traffic and 802.11 data are carried through this
tunnel to the Switch.
Since the Internet is involved, securing data between the AP and
switch becomes key. Also most branch/home office deployments
sit behind a firewall or a NAT device. In case of Remote AP, all
traffic between the switch and the Remote AP is VPN
encapsulated, and all control traffic between the switch and AP
is encrypted. Administrators have a choice of encrypting the data
in addition to the control traffic as additional security.
The advantage of using the Secure Remote Access Point Service
as a Remote Access Point is the corporate office is now extended
to the Remote Site. The users can enjoy similar feature sets as the
corporate office users, VoIP application can be extended to
remote sites while the servers and the PBX sit securely in the
corporate office. The corporate network is virtually extended to
the remote user.
Deploying a Branch Office/Home Office Solution
To deploy the Remote AP in a branch office or home office as
shown in the illustration below, the following requirements need
to be met: