In this example, a second FortiAP are used to extend the range of a WiFi network. The second FortiAP is connected to the FortiGate WiFi controller through a dedicated WiFi backhaul network.
In this example, both FortiAPs provide the example-staff network to clients that are in range.
More mesh-connected FortiAPs could be added to further expand the coverage range of the network. Each AP must be within range of at least one other FortiAP. Mesh operation requires FortiAP models with two radios, such as the FortiAP-221C units used here.
Find this recipe for other [glossary_exclude]FortiOS[/glossary_exclude] versions
5.2 | 5.4
1. Create the backhaul SSID |
|
|
Go to WiFi Controller > SSID. Create a new SSID. Set Traffic Mode to Mesh Downlink. You will need the pre-shared key when configuring the mesh-connected FortiAP. |
 |
2. Create the client SSID |
|
| Go to WiFi Controller > SSID. Create the WiFi network (SSID) that clients will use. |  |
| Configure DHCP for your clients. |  |
3. Create the FortiAP Profile |
|
|
Go to WiFi Controller > FortiAP Profiles and create a profile for the Platform (FortiAP model) that you are using. Configure Radio 1 for the client channel on the 2.4GHz 802.11n/g Band. Configure Radio 2 for the backhaul channel on the 5GHz 802.11ac/n Band. |
 |
4. Configure the security policy |
|
| Go to Policy & Objects > IPv4 Policy and create a new policy. |  |
5. Configure an interface dedicated to FortiAP |
|
| Go to Network > Interfaces and edit an available interface (in this example, port 15). Set Addressing mode to Dedicate to Extension Device. |  |
6. Preauthorize FortiAP-1 |
|
|
Go to WiFi Controller > Managed FortiAPs and create a new entry. Enter the serial number of the FortiAP unit and give it a name. Select the FortiAP profile that you created earlier. |
 |
6. Configure FortiAP-2 for mesh operation |
|
| Connect FortiAP-2’s Ethernet port to the FortiGate network interface that you configured for FortiAPs. | |
| Go to WiFi Controller > Managed FortiAPs. Click Refresh every 15 seconds until FortiAP-2 is listed. Do not authorize the device. Note the IP address. |  |
|
In the CLI Console, enter Disconnect FortiAP-2. |
cfg -a MESH_AP_TYPE=1cfg -a MESH_AP_SSID=fortinet.mesh.rootcfg -a MESH_AP_PASSWD=hardtoguesscfg -cexit |
7. Connect and authorize the FortiAPs |
|
|
Connect FortiAP-1. Go to WiFi Controller > Managed FortiAPs. Click Refresh every 15 seconds until FortiAP-1 is listed. |
 |
| Power up FortiAP-2. Periodically click Refresh. With a minute or two, Radio 2 of FortiAP-1 will indicate 1 client and FortiAP-2 will be listed as mesh-connected. |  |
|
Go to WiFi Controller > Managed FortiAPs. Select FortiAP-2 entry (identified by serial number) and edit it. Enter the Name and select the FortiAP Profile that you created earlier. |
 |
|
Authorize FortiAP-2. Click Refresh to update the display as needed. Within a minute or two, FortiAP-2 will be listed as Online. |
 |
ResultsGo to Monitor > WiFi Client Monitor. Both backhaul and client SSIDs are shown. Click Refresh as needed to see updated information. |
|
|
Connect to the network near FortiAP-2. The FortiAP column shows the client is associated with the mesh-connected FortiAP-2. |
 |
|
Connect to the network near FortiAP-1. The FortiAP column shows the client is associated with FortiAP-1. |
 |
The post Extending WiFi range with mesh topology appeared first on Fortinet Cookbook.