Trying to get some additional details about the query here.
You have a switch connected to the mesh point's ethernet port and it is showing up on the controller's user-table?
Is the wired port on mesh-point trusted or untrusted?
Is this switch meant to host wired clients via the mesh link?
How is the wan link connectivity coming into the controller? Is there a public ip interface configured directly on the controller vlan interface or does the controller do uplink connectivity to a firewall and the firewall NAT's the traffic into public domain?