Chapter 12 Common Configuration Examples
146
Aerohive
This example assumes that you have already accepted the HiveAPs for HiveManager management, assigned them to
a WLAN policy that includes a hive and at least one SSID, and pushed that configuration to them. In other words, the
HiveAPs are already under HiveManager management by the time you begin the configuration in this example. If
that is not yet the case, see
"Basic Configuration Examples" on page 123
before continuing.
VLANs and User Profiles
To begin, you create two VLAN objects and then two user profiles, each of which references one of the VLANs. When
you configure the SSID later, you reference both user profiles in the SSID configuration. With this approach, the
HiveAPs apply different VLANs to traffic from different users based on their corresponding user profiles.
1. To create a VLAN object for employee traffic, click Configuration > Advanced Configuration > Network
Objects > VLANs > New, and then enter the following in the VLANs dialog box:
VLAN Name: VLAN-10
Enter the following, and then click Apply:
VLAN ID: 10
Type: Global
Setting the type as "Global" means that HiveManager applies the VLAN entry to all HiveAPs that
include the VLAN object in their configuration—unless you add another VLAN entry to this VLAN
object and assign it a more specific classification type such as a classifier tag, map, or HiveAP. Then
the HiveAP applies the other VLAN entry if it has the same classifier tag, is on the specified map, or
is the specified HiveAP.
Description: VLAN for employees
2. To save the configuration and close the VLANs dialog box, click Save.
3. To create a VLAN object for IT staff traffic, select the check box for the newly created VLAN object "VLAN-10" in
the list on the Configuration > Advanced Configuration > Network Objects > VLANs page, and then click Clone.
The VLANs dialog box appears with the settings for VLAN-10.
4. For VLAN Name, enter VLAN-20; in the VLAN ID field, change 10 to 20; modify the Description field to VLAN for
IT staff; and then click Save.
You can see the two newly created VLAN objects on the Configuration > Advanced Configuration > Network
Objects > VLANs page.
5. To create a user profile for employees, click Configuration > User Profiles > New, enter the following, leave
the other settings as they are, and then click Save:
Name: Emp(1)
Including the attribute number "(1)" as part of the user profile name is helpful when troubleshooting
and when configuring the RADIUS server. The name "Emp(1)" serves as reminder to use 1 as the
Tunnel-Private-Group-ID attribute when configuring the RADIUS server. HiveAPs use a combination
of three RADIUS attributes to determine which user profile to assign to an authenticated user:
Tunnel-Type = GRE (10), Tunnel-Medium-Type = IP (1), and Tunnel-Private-Group-ID = <number>. If a
HiveAP receives all three attributes and the third one matches a user profile attribute, it then
applies that user profile to traffic from the authenticated user. Including the attribute number in
the user profile name makes configuring the RADIUS server a bit simpler.
Attribute Number: 1
Default VLAN: VLAN-10
Description: For employees to use VLAN 10
Summary of Contents for access point
Page 1: ...Aerohive Deployment Guide ...
Page 7: ...HiveAP Compliance Information 6 Aerohive ...
Page 13: ...Contents 12 Aerohive ...
Page 37: ...Chapter 2 The HiveAP 20 ag Platform 36 Aerohive ...
Page 71: ...Chapter 4 The HiveAP 340 Platform 70 Aerohive ...
Page 81: ...Chapter 5 The HiveAP 320 Platform 80 Aerohive ...
Page 105: ...Chapter 8 The High Capacity HiveManager Platform 104 Aerohive ...
Page 123: ...Chapter 10 Using HiveManager 122 Aerohive ...
Page 209: ...Chapter 14 Deployment Examples CLI 208 Aerohive ...