FortiWLC – Installing and Configuring an Enterprise Mesh System

Installing and Configuring an Enterprise Mesh System

Determine Antenna Placement

An Enterprise Mesh uses APs (as repeaters) to extend the range of wireless coverage. An AP in a Enterprise Mesh configuration is directed to look for a signal from a Parent AP. As such, antenna placement and reception is important for the optimum performance of the system.

If there are obstacles in the radio path, the quality and strength of the radio signal are degraded. Calculating the maximum clearance from objects on a path is important and should affect the decision on antenna placement and height. It is especially critical for long-distance links, where the radio signal could easily be lost.

When planning the radio path for a wireless hop, consider these factors:

  • Be cautious of trees or other foliage that may be near the path between nodes, or ones that may grow to obstruct the path.
  • Be sure there is enough clearance from buildings and that no building construction may eventually block the path.
  • Check the topology of the land between the antennas using topographical maps, aerial photos, or even satellite image data (software packages are available that may include this information for your area).
  • Avoid a path that may incur temporary blockage due to the movement of cars, trains, or aircraft.
Installing the Fortinet Enterprise Mesh

Enterprise Mesh APs are configured in five phases.

These steps assume that the deployment is not being configured via the PlugNPlay functionality. See “Adding Mesh APs Via PlugNPlay” on page 440 for additional details.

  • Phase 1: Connect Controller and APs with an Ethernet Switch
  • Phase 2: Create a Mesh Profile
  • Phase 3: Add APs to the Mesh
  • Phase 4: Configure the APs for Mesh Operation
  • Phase 5: Remove the Cables and Deploy the APs
Phase 1: Connect Controller and APs with an Ethernet Switch

In a standard initial mesh setup, the user can configure all mesh APs desired at once via wired connection through a local switch. (This configuration is intended to happen prior to remote deployment.) For an alternative mechanism that allows APs to be deployed remotely prior to them being configured locally, refer to Adding Mesh APs Via PlugNPlay.

  1. Connect all APs directly to a controller through a switch or hub.
  2. Power on the controller.
  3. Connect the APs to a power source using either separate power supplies or Power over Ethernet (PoE) connections.
  4. If the controller does not have an assigned IP address, configure with the following; otherwise, skip to step 5:
    • Connect a computer to the controller using a serial cable.
    • Using a PC terminal program with the settings 115200 baud, 8 bit, no parity, access the controller and log in with the default admin/admin username/password.
    • Use the setup command to assign the controller an IP address. Reboot the controller and log in again as admin.
  5. Log into the controller’s CLI under the admin account (if not already logged in).
  6. For the APs that will be in the Enterprise mesh, verify they are connected to the controller (enabled and online) and ensure that their runtime version is the same version of FortiWLC (SD) as the controller’s:
    • Check the FortiWLC (SD) version with the command show controller
    • Verify the APs with the command show ap
Phase 2: Create a Mesh Profile

A single controller can manage multiple separate meshes as desired. Follow these steps to create a mesh profile.

  1. From the WebUI (accessed by opening an Internet browser and navigating to your controller’s IP address), navigate to Configuration > Wireless > Mesh. The Mesh Configuration screen appears. (The screen will be empty unless a mesh profile is already present.)
  2. Click Add.
  3. On the Mesh Configuration – Add screen, provide the following details:
    • Name: Enter a name for the mesh profile.
    • Description: Enter a brief description for the profile (e.g., its location).
    • Pre-shared Key: Enter an encryption key for mesh communications. This key will be shared automatically between APs that have been added to the mesh profile; the user will not be required to input it manually later on. This key must be between 8 and 63 characters.
    • Admin Mode: Setting this field to Enable activates the mesh profile. If the profile needs to be disabled for any reason, set this field to Disable.
    • PlugNPlay Status: This option allows APs to be added to the mesh by eliminating the need to have them wired connected during mesh configuration. See Adding Mesh APs Via PlugNPlay for details.
  4. Click OK when all fields have been configured. The new mesh profile is listed in the mesh table.
Phase 3: Add APs to the Mesh

Now that the mesh has been created, you can add your APs to it. Follow the instructions below.

The mesh APs must exist in the controller’s AP table (i.e., they must be added manually or have been connected to the controller as performed in previous steps) before they can be added to the mesh.

  1. From the Configuration > Wireless > Mesh screen, check the box alongside the mesh profile to be modified and click Settings. A summary of the configured mesh settings will be displayed.

Figure 74: Modifying the Mesh

  1. Click the Mesh AP Table tab provided. Since no APs have been added yet, the table will be blank.
  2. Click Add.
  3. In the resulting page, use the AP ID drop-down to specify the desired AP.
  4. Click OK to add the AP. It will be displayed in the Mesh AP table.

Repeat these steps for all desired APs. Once all APs have been added, they can be configured to utilize mesh operation.

Phase 4: Configure the APs for Mesh Operation

Despite the fact that the APs have been added to a mesh profile, they still must be configured to utilize mesh operation. Follow the steps below.

  1. From the WebUI, navigate to Configuration > Devices > APs.
  2. Check the box alongside one of the mesh APs and click the pencil icon.
  3. Click the Wireless Interface tab to display the available wireless interfaces on the AP.
  4. Check the box alongside one of the interfaces and click Settings. Either interface can be selected, but dual interface mesh is not currently supported.
  5. From the Wireless Interface tab, click the drop-down box for Mesh Service Admin Status and select Enable.

Figure 75: Enabling Mesh Service

  1. Click OK to save the configuration change.

Repeat these steps for all APs that are part of the mesh. Verify that they are all displayed in the Mesh-AP member table, as shown in Figure 76. Figure 76: Mesh AP Member Table

Phase 5: Remove the Cables and Deploy the APs

Phase 5 consists of removing the cables, deploying the APs in their final locations, and turning them on. They will then be picked up by the controller as wireless APs.

To deploy the APs, follow these steps:

  1. Ensure that each AP has a power source; if you are using PoE, you need to provide a power adapter for mesh nodes before they can be activated.
  2. Unplug the APs and physically install them in the desired locations.
  3. Power up the APs in order (i.e., power up the gateway AP first, then any mesh nodes connecting directly to the gateway, etc.). Make sure each AP is online before powering up the next one.
  4. From the controller’s CLI, use the copy running-config startup-config command to save your configuration.
  5. Create ESSIDs for clients and connect clients. Try pinging, browsing, etc. with the clients.

Once deployed, the APs will automatically determine the appropriate parent configurations to provide backhaul access. Provided the APs are in range with each other as per design, they should appear online automatically with no further settings. Your installation is complete.

Adding Mesh APs Via PlugNPlay

As mentioned in “Phase 2: Create a Mesh Profile” on page 437, the PlugNPlay option allows mesh nodes to be connected to an existing mesh, without requiring them to be wired directly to the controller. This function is disabled by default.

With PlugNPlay enabled on an existing mesh, deploying a mesh-capable AP to its intended location allows the AP to automatically seek out a mesh within range and add itself to the controller. In effect, this means that a user can set up a mesh profile with only one AP configured for mesh service (by following the instructions earlier in this chapter) and then install additional mesh-capable APs to their intended locations. Once the new APs are powered up, they will link with the previously-configured mesh AP and add themselves to the controller’s AP database.

This does not mean that the new AP automatically assumes mesh operation. PlugNPlay operation allows it to add itself to the database directly, but it must still be added to the Mesh AP table on the controller and configured for mesh operation. PlugNPlay simply allows the AP to sync with the controller without requiring a physical connection.

Follow the steps below to install a new mesh AP using the PlugNPlay mechanism. Note that this scenario assumes that a mesh profile has already been created and has at least one active mesh AP added to it and configured via the steps detailed in “Phase 2: Create a Mesh Profile” on page 437 and “Phase 3: Add APs to the Mesh” on page 438 above.

  1. Unbox the new mesh-capable AP and install it within range of the existing mesh node.
  2. Connect its power source and allow it to come online. Note that since it will connect to the controller automatically, it may require some time to download new firmware and configurations.
  3. Use a computer to access the controller’s WebUI.
  4. From the web browser, navigate to Configuration > Wireless > Mesh.
  5. Check the box next to your existing mesh and click Settings.
  6. Click the Mesh AP Table tab.
  7. Click Add and select the newly-added AP from the drop-down list. Since it has just been connected, it is likely the most recent (or highest) AP ID number in the list.
  8. Click OK to add the new AP to the table.

Now that the AP is part of the mesh, you can enable mesh service on it by performing the following steps.

  1. Navigate to Configuration > Devices > APs.
  2. Check the box alongside the new mesh AP and click Settings.

 

  1. Click the Wireless Interface tab to display the available wireless interfaces on the AP.
  2. Check the box alongside one of the interfaces and click Settings. Either interface can be selected, but dual interface mesh is not currently supported.
  3. From the Wireless Interface Configuration – Update screen, click the drop-down box for Mesh Service Admin Status and select Enable as shown in Figure 75
  4. Click OK to save the configuration change.

These steps can be repeated for as many new mesh nodes need to be configured. Once all the desired nodes have been added, it is recommended that PlugNPlay be disabled on the mesh until additional nodes are needed.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Don't Forget To Buy Your Fortinet Hardware From The Fortinet GURU