Sorry if I'm not using the correct forum to post my question...
I'm trying to connect two FortiAP 220B together by using a mesh topology but as I'm using FortiCloud and it seems I'm missing something. I'm trying to replicate the diagram below less the FortiGate as it is replaced by FortiCloud.
FortiAP units used as both mesh root AP and leaf AP
In my configuration, the first AP (A), the mess root, is directly connected to an Ethernet network with an access to the Internet. The second AP (B) should only be able to reach the Internet thru AP "A" because it is not connected physically. The mesh configuration has been made in Forticloud with the 5Ghz radio and the mesh SSID is the only one on this interface.
When looking at the AP "B" in the CLI I can see that both APs are connected together correctly and running (see below) but the IP traffic is never going thru as I'm not able to ping the other AP nor the Internet. I can also see on AP "A" that a client is connected to the mesh network SSID. It is AP "B" but it is displaying the IP address of my Internet service provider?!?!
I've read about everything I can find on the web for configuring a Fortinet wireless mesh network but to be honest I'm out of ideas because nothing I found explain how to do it in FortiCloud. I'm pretty sure I have to authorized the meshed AP "B" somehow but I can't find anything about this in any menus FortiCloud has to offer.
I wouldn't be any helpful while this is one of my test items with FortiCloud 3.3.0 and I haven't made any progress yet. By the way, one thing I noticed in your diagram was you don't have to configure mesh SSID on "leaf" AP profile. It just looks for mesh SSID an upstream AP (root or branch) broadcasts. But even if you configured it, it wouldn't prohibit it from acting as "branch" AP. At a glance, only thing we can configure at FortiCloud site seems to be the "Mesh Link" checkbox in SSID config, which should be all we need.
So I don't know why it wouldn't work at this moment. The admin guide is almost useless, which doesn't explain any of "how to configure" but only saying "supported". What kind of "guide" is it if it doesn't tell how? When I tried to figure out what "MAC Access Control" does, I found the guide said "per AP". But the fact seems to be configuring the list of MAC addresses to allow access and attach it to an SSID(s). So not "per AP" but "per SSID".
By the way, I asked this TAC person, who is still researching, but can you tell me how MAC access control work? Is it based on DHCP like FGT wirless-controller's MAC filter? Or special mechanism on the AP to block/filter MAC so that NAT mode/Bridge mode doesn't matter?
I wish that kind of info were available on the 3.3.0 admin guide.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.