Extending WiFi range with mesh topology

In this example, two FortiAPs are used to extend the range of a single WiFi network. The second FortiAP is connected to the FortiGate WiFi controller through a dedicated WiFi backhaul network.

In this example, both FortiAPs provide the example-staff network to clients that are in range.

More mesh-connected FortiAPs could be added to further expand the coverage range of the network. Each AP must be within range of at least one other FortiAP. Mesh operation requires FortiAP models with two radios, such as the FortiAP-221C units used here.

Find this recipe for other FortiOS versions
5.2 | 5.4

1. Create the backhaul SSID

Go to WiFi Controller > WiFi Network > SSID.

Create a new SSID. Set Traffic Mode to Mesh Downlink.

You will need the pre-shared key when configuring the mesh-connected FortiAP.


2. Create the client SSID

Go to WiFi Controller > WiFi Network > SSID. Create the WiFi network (SSID) that clients will use.  
Configure DHCP for your clients.  

3. Create the FortiAP Profile

Go to WiFi Controller > WiFi Network > FortiAP Profiles and create a profile for the Platform (FortiAP model) that you are using.

Configure Radio 1 for the client channel on the 2.4GHz 802.11n/g Band.

Configure Radio 2 for the backhaul channel on the 5GHz 802.11ac/n Band.


4. Configure the security policy

Go to Policy & Objects > Policy > IPv4 and create a new policy.

5. Configure an interface dedicated to FortiAP

Go to System > Network > Interfaces and edit an available interface (in this example, port 15). Set Addressing mode to Dedicate to Extension Device.


6. Preauthorize FortiAP-1

Go to WiFi Controller > Managed Devices > Managed FortiAPs and create a new entry.

Enter the serial number of the FortiAP unit and give it a name. Select the FortiAP profile that you created earlier.


7. Configure FortiAP-2 for mesh operation

Connect FortiAP-2 to Port 15.

Go to WiFi Controller > Managed Devices > Managed FortiAPs. FortiAP-2, identified by serial number, will be listed within two minutes. Note the Connected Via IP address.


Go to System > Dashboard > Status.

In the CLI Console, enter
exec telnet
(your address might be different) to log in to the FortiAP as admin. Enter the commands to change the AP to mesh uplink on the backhaul-ssid network. Enter exit to end.

Disconnect FortiAP-2 from the FortiGate. Install it in its planned location and apply power.

Connect FortiAP-1 to Port 15 and apply power.


FP221C3X14019926 login: admin

FP221C3X14019926 # cfg -a MESH_AP_TYPE=1
FP221C3X14019926 # cfg -a MESH_AP_SSID=backhaul-ssid
FP221C3X14019926 # cfg -a MESH_AP_PASSWD=backhaul-ssid-passwd
FP221C3X14019926 # cfg -c
FP221C3X14019926 # exit

Go to WiFi Controller > Managed Devices > Managed FortiAPs. Select the FortiAP-2 entry (identified by serial number) and edit the new entry. Enter the Name, FortiAP-2. Select the FortiAP Profile that you created earlier. Click Authorize. Click OK.  

8. Connect and authorize the FortiAPs

Go to WiFi Controller > Managed Devices > Managed FortiAPs. The FortiAPs will be listed as online within about two minutes. (Click Refresh to update the display.)


9. Results

Go to WiFi Controller > Monitor > Client Monitor. Click Refresh to see updated information.

Use a mobile device near FortiAP-2 to connect to the example-staff network. The monitor shows the mobile user rgreen as a client of FortiAP-2.

Disconnect from the example-staff network and then reconnect near FortiAP-1. The monitor shows the mobile user rgreen as a client of FortiAP-1.  
Notice that in both cases FortiAP-2 is listed on backhaul-ssid as a client of FortiAP-1.

For further reading, check out Wireless Mesh in the FortiOS 5.2 Handbook.

Fortinet Technical Documentation

Contact Fortinet Technical Documentation at techdoc@fortinet.com.
Fortinet Technical Documentation

Latest posts by Fortinet Technical Documentation (see all)