In this example, two FortiAPs are used to extend the range of a single WiFi network. The second FortiAP is connected to the FortiGate WiFi controller through a dedicated WiFi backhaul network.
In this example, both FortiAPs provide the example-staff network to clients that are in range.
More mesh-connected FortiAPs could be added to further expand the coverage range of the network. Each AP must be within range of at least one other FortiAP. Mesh operation requires FortiAP models with two radios, such as the FortiAP-221C units used here.
Find this recipe for other FortiOS versions
5.2 | 5.4
1. Create the backhaul SSID |
|
|
Go to WiFi Controller > WiFi Network > SSID. Create a new SSID. Set Traffic Mode to Mesh Downlink. You will need the pre-shared key when configuring the mesh-connected FortiAP. |
 |
2. Create the client SSID |
|
| Go to WiFi Controller > WiFi Network > SSID. Create the WiFi network (SSID) that clients will use. |  |
| Configure DHCP for your clients. |  |
3. Create the FortiAP Profile |
|
|
Go to WiFi Controller > WiFi Network > FortiAP Profiles and create a profile for the Platform (FortiAP model) that you are using. Configure Radio 1 for the client channel on the 2.4GHz 802.11n/g Band. Configure Radio 2 for the backhaul channel on the 5GHz 802.11ac/n Band. |
 |
4. Configure the security policy |
|
| Go to Policy & Objects > Policy > IPv4 and create a new policy. |  |
5. Configure an interface dedicated to FortiAP |
|
|
Go to System > Network > Interfaces and edit an available interface (in this example, port 15). Set Addressing mode to Dedicate to Extension Device. |
 |
6. Preauthorize FortiAP-1 |
|
|
Go to WiFi Controller > Managed Devices > Managed FortiAPs and create a new entry. Enter the serial number of the FortiAP unit and give it a name. Select the FortiAP profile that you created earlier. |
 |
7. Configure FortiAP-2 for mesh operation |
|
|
Connect FortiAP-2 to Port 15. Go to WiFi Controller > Managed Devices > Managed FortiAPs. FortiAP-2, identified by serial number, will be listed within two minutes. Note the Connected Via IP address. |
 |
|
Go to System > Dashboard > Status. In the CLI Console, enter Disconnect FortiAP-2 from the FortiGate. Install it in its planned location and apply power. Connect FortiAP-1 to Port 15 and apply power. |
|
| Go to WiFi Controller > Managed Devices > Managed FortiAPs. Select the FortiAP-2 entry (identified by serial number) and edit the new entry. Enter the Name, FortiAP-2. Select the FortiAP Profile that you created earlier. Click Authorize. Click OK. |  |
8. Connect and authorize the FortiAPs |
|
|
Go to WiFi Controller > Managed Devices > Managed FortiAPs. The FortiAPs will be listed as online within about two minutes. (Click Refresh to update the display.) |
 |
9. Results |
|
|
Go to WiFi Controller > Monitor > Client Monitor. Click Refresh to see updated information. Use a mobile device near FortiAP-2 to connect to the example-staff network. The monitor shows the mobile user rgreen as a client of FortiAP-2. |
 |
| Disconnect from the example-staff network and then reconnect near FortiAP-1. The monitor shows the mobile user rgreen as a client of FortiAP-1. |  |
| Notice that in both cases FortiAP-2 is listed on backhaul-ssid as a client of FortiAP-1. | |
For further reading, check out Wireless Mesh in the FortiOS 5.2 Handbook.
The post Extending WiFi range with mesh topology appeared first on Fortinet Cookbook.
