Mesh Network
Enterprise Mesh is an optional wireless alternative for the Ethernet links connecting APs to controllers. Deploy the Enterprise Mesh system to replace a switched wired backbone with a completely wireless 802.11 backbone, while providing similar levels of throughput, QoS, and service fidelity.
The following are Enterprise Mesh features:
- Hierarchical bandwidth architecture
- Dynamic allocation and balancing of the RF spectrum
- Full duplex capability
- Extend virtual cell, QoS, and RF coordination over backbone
- Wireless DS-to-DS (WDS) encapsulation of the Enterprise Mesh traffic
- Dataplane Encryption (affects performance because encryption/decryption is in software)
Mesh deployments are not intended for use in:
- Metropolitan or municipal Wi-Fi networks
- High throughput, density, or quality video/audio applications
Mesh Restrictions
The following restrictions apply to the design and implementation of Fortinet mesh networks.
- Enterprise Mesh APs require L3 connectivity to the controller.
- Monitoring of backhaul links via SAM is not supported.
- A radio that is not actively used for mesh cannot be used for SAM purposes.
- Bridged mode is not supported for wireless clients in Enterprise Mesh—only tunneled mode is supported.
- Gateway and mesh APs support a maximum of 4 backhaul links.
- From the gateway (i.e., an AP physically connected to the network), a maximum of 3 hops is supported with no more than 16 APs per cloud.
- A maximum of 500 stations can be active on a mesh cloud at any given time.
- Minimum channel separation guidelines are to use non-overlapping channels.
431
- Mesh operation on DFS channels is not recommended.
- Aggregation of multiple uplink connections is not supported.
- A single AP cannot be assigned to multiple mesh clouds.
- A maximum of 64 mesh profiles can be created on a controller. Each mesh profile can contain a maximum 16 APs.
- Since OAP832 has only radio 1 in 5GHz, mesh can be established only on that radio.
Enterprise Mesh Design
Enterprise Mesh is typically composed of hub-and-spoke configurations (as shown in Figure 72), chain configurations (as shown in Figure 73), or a variation of these.
In a dense network, hub-and-spoke (all APs point to the gateway) is the best topology, although collisions can occur.
- For optimal performance, avoid collisions between adjacent small clouds by creating each cloud on a separate channel. A cloud is defined as a set of APs communicating along a backhaul topology path to/from a gateway AP.
Figure 72: Enterprise Mesh Network – Hub and Spoke Design
Figure 73: Three Hop Enterprise Mesh – Chain Design
Gateway APs
A gateway AP is located at the wired edge of the Enterprise Mesh network, and provides the link between wired and wireless service. The gateway AP is the only AP that has a wired connection to the network.
Mesh APs
Mesh APs refer to all APs that are not acting as gateway APs. They can provide intermediate service between other mesh APs or used as the endpoint in a mesh chain (as shown in Figure 73).Mesh APs can have wired connection to the network.
The unused Ethernet port on a Mesh AP can be configured and used in the same manner as a wired port on an Ethernet switch. As such, users can connect a hub/switch with other wired devices to it in order to access the corporate network. In order to use the port, a Port Profile must be configured for it. Refer to Configuring Port Profiles for details.
Leaf APs
An AP that is connected to the controller via a wireless back haul connection but cannot provide wireless back haul service to other nodes.
Wired Clients
Unused Ethernet port (interface 1) of an AP400, AP332, AP122, AP832, AP832, AP822 and FAP-U421EV, and FAP-U423EV configured as a Mesh AP can be used to connect up to 512 wired clients.
Equipment Requirements
Any controller model can be used for a mesh deployment. The following AP models currently support mesh operation:
- AP1000 series
- AP332e/i
- AP832, AP800
- AP433
- FAP-U421EV
- FAP-U423EV
Mesh Discovery
The following are the various discovery scenarios in a mesh network:
Scenario 1: Regular Discovery
In a regular discovery process, a mesh AP uses the process as mentioned in the “CAPWAP and Legacy Reference” on page 335 .
Scenario 2: L2/L3 discovery failure.
In L2/L3 discovery failure, the AP switches to mesh discovery. In this mode, the AP searches (on 5G for AP122, 822, FAP-U4xx, OAP832 and for other supported APs, on 5G and then followed by 2.4G) for a mesh beacon (a hidden ESS-Id). When it finds this hidden ESS-Id, it creates an association. After the association is complete, the AP starts the DHCP process to get an IP address from the controller. However, this AP (mesh AP) must be in the same mesh cloud in order to establish a connection.
NOTE: Backhaul links are always encrypted.
Refer to the online help for more information on creating mesh cloud
Scenario 3: AP is Unable to find a suitable backhaul service
If the AP is unable to find a suitable backhaul service or if key exchange fails, the AP scans to wireless medium for recovery service.
When a recovery service is found, the AP completes key exchange and 4-way handshake to discover the controller. After the discovery is complete, the configuration is downloaded. However, this AP does not provide any WLAN services.
To enable WLAN services, this AP must be added to a mesh cloud.
NOTE: A mesh AP can be part of only one cloud at a time.
Failover / Re-discovery
In a mesh cloud, if a mesh AP or a leaf AP loses contact with its parent, the AP switches to discovery mode. The discovery process begins with scenario 1-regular AP discovery process..
Parent Selection Mechanism
In a mesh cloud, an AP selects its best parent AP using a match to the following parameters and values.
- snr-weight: 3
- child-weight: 1
- hop-weight: 10
The above are default values and they can be customized to your RF environment using the following AP-CLI commands: mesh {parent_selection | psel}
Set/Get weights for parent selection parameters
To set:
mesh parent_selection [snr|child|hop] <integer>
To get:
mesh parent_selection
To reset:
mesh parent_selection reset