You can create a
point-to-point bridge to connect two wired network segments using a
WiFi link. The effect is the same as connecting the two network
segments to the same wired switch. Both wired and WiFi users on the
leaf AP side are connected to the LAN segment on the root mesh
side.
One of the APs, the
112B is an outdoor AP, for the purpose of the lab, the second AP
was a 221C.
This configuration would typically be done using 2 outdoor APs with
line of sight.
Network topology:
The AP connects to the FortiGate on an interface with CAPWAP enabled and it will show up in the Managed Access Points list.
WiFi Controller > Managed Access Points > Managed FortiAPs
Select each AP and Click Authorize for the FortiGate to manage the AP.
It will take a few minutes for the APs to authorize.
Create the Mesh SSID
We will configure a regular SSID that can be broadcast on the remote location as well.
But we want this SSID to bridge with the LAN , so we will create it as a Local bridge.
Now that we created the SSIDs, we want to configure the APs.
The 112B will be our Mesh branch AP.
We will create a FortiAP profile and configure it to broadcast the Mesh SSID.
We then apply the profile to the AP.
The 221C is going to be our remote AP.
We need to log into the AP via its IP to manage it and configure it to connect to the Mesh.
We want the 221C to broadcast a SSID as well, in the remote location. To do so we will need to configure the FortiAP Profile.
We then apply the profile to the AP.
After this is done, we will view the managed FortiAPs.
The remote AP (in this case the 221C), will be grayed out while the mesh is formed, when the State will show a green circle with a check mark. This can take up to 5 min.
Once the meshed is formed, we will unplug the Ethernet cable from the FortiGate and the AP will stay connected.
Once we confirm the connection is stable, we will power down the AP and place it in its final location within line of site to the local AP (112B).
Now we will plug a switch into the LAN port of the AP. In this case it is an unmanaged switch.
We will plug a Laptop into the switch. At this time the WiFi is disabled and the LAN NIC is being utilized.
The laptop shows up in the DHCP monitor with the IP address as 192.168.1.106.
Now we will enable the wireless and connect to the SSID that the remote AP (221C) is broadcasting.
We can ping Google while connected to the wired and wireless network.
We can ping a computer on the local subnet that has an IP of 192.168.1.101
We can ping from 192.168.1.101 to the remote computer, 192.168.1.106.
Related Articles
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.