New to the forum here and couldn't find what I was looking for so sorry if it has been posted before -....
I am trying to set up a point to point bridge to extend my wired network into a remote part of the office that has little access for running cable/fiber at this time without too much cost. So current set up is a 60E gate with a 224D switch and 221E AP's running multiple VLANS. I have an additional switch and 2 AP's that I am trying to use to do this.
I have gotten the root mesh AP and the "leaf" AP to talk however I can't get the switch to link and program, and if I just test with a dumb switch wired devices pick up the AP device LAN not any of the other VLAN they should be on. I have seen in some documentation that if you run CLI on the leaf AP you should tell it which VLAN's to pass but can't get that cmd to work and documentation says you shouldn't have to in the first place.
Maybe what I am trying to do wont work, but seems like it is possible. If someone can help with getting all VLANs to pass to the second switch that would be awesome and much appreciated.
If you set up the remote AP as "AP", the devices connected to the ethernet port would never be clients to be able to forward traffic to the root AP then to the FGT. Only WiFi clients connected to the AP would be able to send traffic to uplink.
In your case, you need to set "FortiAP as a client" like below:
That makes sense in theory, but what SSID do I connect it to?
For example, I have the following 4 VLANs - Work network (wired and SSID), Smart/IoT network (wired and SSID), security for access control and cameras (wired), and personal/guest devices (SSID). I wish to provide a solution to extend wireless access and provide wired access to at least the work and security VLANs.
So if I understand I get rid of the MESH programming I started and put the remote AP in client mode and connect it to one of the existing AP's, but then what SSID do I connect to? Do I set up a new one just for the link?
I haven't tested it myself so I can't tell if this really works for your specific requirement. But I would try creating 4 SSIDs with tunnel mode to see if they can carry those vlan traffic separately. If the "client" AP doesn't support multiple SSIDs to connect to, it wouldn't work as you intend. Then you need to change your network design. Or you might want to look for different vendor devices to do exactly what you want. Meraki or Aruba/HPE might do that.
Looked at the doc I referred before closer and found it was not for FortiAP as a client but for FortiWiFi as a client. So I think it's not supported by any FortiAP. You need to look for a different vendor's product that does it.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.