Mesh Networks
On the Wireless Protection > Mesh Networks page you can define mesh networks, and associate access points that should broadcast them. In general, in a mesh network multiple access points communicate with each other and broadcast a common wireless network. On the one hand, access points connected via a mesh network can broadcast the same wireless network to clients, thus working as a single access point, while covering a wider area. On the other hand, a mesh network can be used to bridge Ethernet networks without laying cables.
Access points associated with a mesh network can play one of two roles: root access point or mesh access point. Both broadcast the mesh network, thus the amount of other wireless networks they can broadcast is reduced by one.
You cannot create a mesh network between Sophos AP series and Sophos APX series access points. Also, you cannot create a mesh network in Sophos APX series access points if both radios are using the 5 GHz band.
- Root access point: It has a wired connection to Sophos UTM on AWS and provides a mesh network. An access point can be root access point for multiple mesh networks.
- Mesh access point: It needs a mesh network to connect to Sophos UTM on AWS via a root access point. An access point can be mesh access point for only one single mesh network at a time.
A mesh network can be used for two main use cases: you can implement a wireless bridge or a wireless repeater:
- Wireless bridge: Using two access points, you can establish a wireless connection between two Ethernet segments. A wireless bridge is useful when you cannot lay a cable to connect those Ethernet segments. While the first Ethernet segment with your Sophos UTM on AWS is connected to the Ethernet interface of the root access point, the second Ethernet segment has to be connected to the Ethernet interface of the mesh access point. Using multiple mesh access points, you can connect more Ethernet segments.
Mesh Network Use Case Wireless Bridge
- Wireless repeater: Your Ethernet with your Sophos UTM on AWS is connected to the Ethernet interface of a root access point. The root access point has a wireless connection via the mesh network to a mesh access point, which broadcasts wireless networks to wireless clients.
Mesh Network Use Case Wireless Repeater
To define a new mesh network, do the following:
-
On the Mesh Networks page, click Add Mesh Network.
The Add Mesh Network dialog box opens.
-
Specify the following settings:
Mesh-ID: Enter a unique ID for the mesh network.
Frequency band: Access points assigned to this network will transmit the mesh network on the selected frequency band. Generally, it is a good idea to use a different frequency band for the mesh network than for the broadcasted wireless networks.
Note – Except for AP 50, all mesh network-capable APs transmit the mesh network on 2.4 GHz only. If an AP 50 transmits on 5 GHz, it is not compatible to other APs which transmit on 2.4 GHz.
Comment (optional): Add a description or other information.
Access points: Click the Plus icon to select access points that should broadcast the mesh network. A dialog window Add Mesh Role opens:
- AP: Select an access point. All APs which can be used for broadcasting mesh networks are listed under Wireless Protection> "Access Points".
-
Role: Define the access point's role for the selected mesh network. You must designate at least one access point as root. You can select either Sophos access points or Sophos APX series access points. A root access point is directly connected to Sophos UTM on AWS. A mesh access point, after having received its initial configuration, once unplugged from Sophos UTM on AWS will connect to a root access point via the mesh network. Note that an access point can be mesh access point only for one single mesh network.
Note – You don’t need to specify a mesh network role for Sophos APX series access points.
Note – It is crucial for the initial configuration to plug the mesh access point like every other access point into one of the Ethernet segments selected in the Allowed interfaces box on the Global Settings tab.
Use the Delete icon in the Access Points list to delete an access point from the list.
Important Note – If you delete a mesh access point from the Access Points list, you have to plug the access point into your Ethernet again to get its initial configuration. To change the mesh network without having to plug the access point into your Ethernet again, do not delete the access point but instead click the access point's Edit button on the Access Points > Overview tab, click the Edit icon in the Mesh Networks section, and select the desired mesh network.
The access point icon designates an access point's role. You can search the access point list by using the filter field in the list header.
-
Click Save.
Your settings will be saved. The mesh network appears on the Mesh Networks list.