Help
FortiAP
FortiAP devices are thin wireless access points (AP) supporting the latest Wi-Fi technologies (multi-user MIMO 802.11ac Wave 1 and Wave 2, 4x4), as well as 802.11n, 802.11AX , and the demand for plug and play deployment.
rmittal
Staff
Staff

Created on ‎07-18-2022 08:01 AM Edited on ‎10-28-2024 11:14 AM By Moderator

Article Id 217863

Technical Tip: How to configure MESH with FortiAP on FortiGate

Description This article describes how to configure MESH with FortiAP on FortiGate.
Scope FortiAP, FortiAPU, FortiAPS, FortiAP-W2 (6.2.2 and above).
Solution

Creating the mesh root SSID.

 

  1. Go to WiFi and Switch Controller -> SSIDs and select Create New -> SSID.
  2. Enter a Name for the WiFi interface.
  3. In Traffic Mode, select Mesh.
  4. Enter the SSID. In this example, the name will be MESH.
  5. Set Security Mode to WPA2 Personal and enter the Pre-shared key.
  6. Select OK.

 

rmittal_0-1658137560287.png

 

Create the FortiAP profile.

 

rmittal_1-1658137560307.png

 

rmittal_2-1658137560327.png

 

Configure FortiAP.

 

Get the Root and Leaf AP online on FortiGate as normal APs.

 

Add the FortiAP profile to Root and Leaf FortiAP.

 

Once both the FortiAPs are online, configure the leaf FortiAP.


Get CLI access to the Leaf FortiAP. See How to enable SSH access to FortiAP managed by FortiGate.

  1. Assign static IP to leaf FortiAP.

 

cfg -a ADDR_MODE=STATIC

cfg -a AP_IPADDR=x.x.x.x <--- AP IP address

cfg -a AP_NETMASK=y.y.y.y <--- AP Netmask

cfg -a  IPGW=z.z.z.z <--- AP Gateway

 

 

  1. Set type to leaf and enter mesh SSID name and password:

 

 

cfg -a MESH_AP_TYPE=1 <- WiFi Mesh.

cfg -a MESH_AP_SSID=MESH <- SSID name.

cfg -a MESH_AP_SECURITY=1 <- Mesh configured with WPA/WPA2-Personal.

cfg -a MESH_AP_PASSWD=test1234 <- SSID Mesh password.

 

See FortiAP CLI configuration and diagnostics commands.

 

 

  1. To save the above changes on Leaf FortiAP:

 

cfg -c

 

When the root FortiAP is connected and online, apply power to the preconfigured leaf FortiAPs. At this point, user can disconnect the FortiAP Leaf from the network and take it somewhere else, where the SSID Mesh can be used. Then energize the leaf FortiAP, which will connect wirelessly to the WiFi Controller through the mesh network.


Viewing the status of the mesh network.

 

rmittal_3-1658137560331.png

 

The user can also see the APs connected to the mesh by checking the FortiAP Clients and filtering by SSID Mesh. The user should be able to see the Leaf APs IP on the FortiAP Client column 'IP Address'.

 

Note: It is possible that user do not see the FortiAP displayed as a 'Leaf' AP on 'Managed FortiAPs' if no additional SSIDs different than MESH are configured. Try overriding the SSIDs configured on the Leaf APs and refresh the GUI.
Labels:
4253
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.