Skip to content
Last update: 2022-03-11

Mesh networks

A mesh network is a network topology in which each node relays data for the network, allowing the network to extend over a large area. In a mesh network, access points can act as root or as mesh nodes. You can deploy a mesh network as a wireless repeater or as a wireless bridge.

Repeater configuration

When an access point starts, it attempts to connect to the firewall through a wired LAN connection. If it can do so, it assumes the role of root access point. If it cannot, it assumes the role of a mesh access point and joins the network as a client. Mesh access points broadcast the SSID from the root access point.

Network diagram: Root and mesh access points in repeater configuration

Bridge configuration

In a bridge configuration, you use a mesh network as a wireless connection between two Ethernet networks. To establish a wireless bridge, you connect the second Ethernet segment to the Ethernet interface of the mesh access point.

Network diagram: Wireless bridge configuration

General settings

Mesh-ID

Unique ID for the mesh network. Access points look for others advertising the same mesh ID.

Frequency band

Band on which the mesh network operates.

Access points

Access points to include in the mesh network.

Things to know about mesh networks

  • You can create a mesh network only with Sophos access points.
  • For setting up a mesh network, you must create a new SSID.
  • You can have only one mesh SSID.
  • At least one access point must have a LAN connection.
  • Mesh access points must be on the same channel.
  • Don't use dynamic channel selection since channels of access points may differ after a restart.
  • A mesh network may need up to five minutes after configuration to be available.
  • There is no automatic takeover of the root access point. You need to restart one of the mesh access points.
  • Mesh networks can only be created between access points of the same series. For example, APX access points can only create a mesh network with other APX access points.
  • For APX access points, there's no need to specify the mesh role. If the mesh-enabled SSID is pushed to two APXs, the one with the existing Ethernet connection to the Sophos Firewall becomes the root AP. Once the mesh-enabled SSIDs are pushed to the APXs, it’s advisable to restart them.
  • You can only set up a mesh network using APs with VLANs assigned if the VLANs don't use a Bridge to VLAN configuration.

More resources

Back to top