background image

Chapter 14 Deployment Examples (CLI)

202

Aerohive

Step 2

Save the bootstrap config to a TFTP server

1. Check the configurations to make sure the settings are accurate.

show config bootstrap

Check that the settings are those you entered in the previous step for the bootstrap config.

show config backup

Note that the backup config is the previous current config. This is the configuration that has all your 
previously defined settings.

2. Return to the previous current config.

load config backup

reboot

3. When HiveAP-1 finishes rebooting, log back in using the login parameters you set in 

"Example 1: Deploying a 

Single HiveAP" on page 182

 (mwebster3fF8ha).

4. Check that the current config is the same as your previous current config.

show config current

5. Save the file as bootstrap-hive1.txt to the root directory of your TFTP server running on your management 

system at 10.1.1.31, an address received by the same DHCP server and in the same subnet as the HiveAP 
addresses.

save config bootstrap tftp://10.1.1.31:bootstrap-hive1.txt

Step 3

Load the bootstrap config file on HiveAP-2 and HiveAP-3

1. Make a serial connection to the console port on HiveAP-2 and log in.
2. Upload the bootstrap-hive1.txt config file from the TFTP server to HiveAP-2 as a bootstrap config.

save config tftp://10.1.1.31:bootstrap-hive1.txt bootstrap

3. Check that the uploaded config file is now the bootstrap config.

show config bootstrap

4. Repeat the procedure to load the bootstrap config on HiveAP-3.

The bootstrap configs are now in place on all three HiveAPs.

Summary of Contents for access point

Page 1: ...Aerohive Deployment Guide ...

Page 2: ... trademarks of Aerohive Networks Inc All other trademarks and registered trademarks are the property of their respective companies Information in this document is subject to change without notice No part of this document may be reproduced or transmitted in any form or by any means electronic or mechanical for any purpose without receiving written permission from Aerohive Networks Inc 3150 C Corona...

Page 3: ...rom 36 to 48 is 15 dBm in the FCC region Because this maximum is enforced by HiveOS the HiveAP automatically limits the power to 15 dBm even if the setting is greater than that Because radar systems use some bands in the 5 GHz spectrum WLAN devices operating in these bands must use DFS Dynamic Frequency Selection to detect radar activity and switch channels automatically to avoid interfering with ...

Page 4: ...ribed in this section HiveAPs can be operated indoors or outdoors in all countries of the European Community using the 2 4 GHz band Channels 1 13 except where noted below In Italy and Luxembourg you must apply for a license from the national spectrum authority to operate a HiveAP outside your own premises and for public use or service In Belgium outdoor operation is only permitted using the 2 46 t...

Page 5: ...nne également selon cette norme Un point d accès HiveAP alimenté par son interface réseau Ethernet en mode POE Power over Ethernet doit être physiquement dans le même bâtiment que l équipement réseau qui lui fournit l électricité France et Pérou uniquement Un point d accès HiveAP ne peut pas être alimenté par un dispositif à impédance à la terre Si vos alimentations sont du type impédance à la ter...

Page 6: ...doit être agréé dans le pays d utilisation Etats Unis et Canada Le cordon doit avoir reçu l homologation des UL et un certificat de la CSA Les spécifications minimales pour un cable flexible AWG No 18 ou AWG No 16 pour un cable de longueur inférieure à 2 mètres Type SV ou SJ 3 conducteurs Le cordon doit être en mesure d acheminer un courant nominal d au moins 10 A La prise femelle de branchement d...

Page 7: ...HiveAP Compliance Information 6 Aerohive ...

Page 8: ... Impediments 19 Preparing the Wired Network for Wireless 21 Operational Considerations 22 Tuning 22 Troubleshooting 22 Management 22 Deploying with Confidence 22 Basic Wi Fi Concepts 23 Chapter 2 The HiveAP 20 ag Platform 27 HiveAP 20 Product Overview 28 Ethernet and Console Ports 30 Status LEDs 31 Antennas 32 Mounting the HiveAP 20 33 Ceiling Mount 33 Surface Mount 34 Device Power and Environment...

Page 9: ...Smart PoE 53 Aggregate and Redundant Interfaces 53 Console Port 55 Status LEDs 56 Antennas 56 MIMO 57 Using MIMO with Legacy Clients 59 Mounting the HiveAP 340 60 Ceiling Mount 61 Locking the HiveAP 340 62 Plenum Mount 63 Suspended Mount 66 Surface Mount 68 Device Power and Environmental Specifications 69 Chapter 5 The HiveAP 320 Platform 71 HiveAP 320 Product Overview 72 Ethernet and Console Port...

Page 10: ...ger Platform 89 Product Overview 90 Ethernet and Console Ports 91 Status LEDs 92 Rack Mounting the HiveManager 93 Device Power and Environmental Specifications 94 Chapter 8 The High Capacity HiveManager Platform 95 Product Overview 96 Rack Mounting the High Capacity HiveManager 98 Replacing Power Supplies 101 Replacing Hard Disk Drives 102 Device Power and Environmental Specifications 103 Chapter ...

Page 11: ...WLAN Policy 128 Example 4 Connecting HiveAPs to HiveManager 129 Example 5 Assigning the Configuration to HiveAPs 135 Chapter 12 Common Configuration Examples 139 Example 1 Mapping Locations and Installing HiveAPs 140 Setting Up Topology Maps 140 Preparing the HiveAPs 144 Using MAC Addresses 144 Using SNMP 144 Example 2 IEEE 802 1X with an External RADIUS Server 145 Example 3 Providing Guest Access...

Page 12: ...ples CLI 181 Example 1 Deploying a Single HiveAP 182 Example 2 Deploying a Hive 185 Example 3 Using IEEE 802 1X Authentication 190 Example 4 Applying QoS 194 Example 5 Loading a Bootstrap Configuration 200 CLI Commands for Examples 203 Commands for Example 1 203 Commands for Example 2 203 Commands for Example 3 204 Commands for Example 4 205 Commands for Example 5 207 Chapter 15 Traffic Types 209 ...

Page 13: ...Contents 12 Aerohive ...

Page 14: ...Deployment on page 15 Site Surveys on page 16 Budgeting Wi Fi The Chicken and Egg Problem on page 17 Bandwidth Assumptions for Wi Fi on page 18 Overcoming Physical Impediments on page 19 Operational Considerations on page 22 Preparing the Wired Network for Wireless on page 21 Deploying with Confidence on page 22 Although this guide assumes an understanding of corporate data networking previous exp...

Page 15: ...account any bandwidth intensive applications if you expect your mobile workforce to be accessing the WLAN while these applications or services are occurring Considering the above issues will result in a more informed and therefore more successful deployment plan PLANNING This section reviews the fundamental elements for planning your WLAN deployment This includes conducting a site survey both for ...

Page 16: ...crowave ovens Commercial grade microwaves are a particularly bad source of interference Is there a wireless telephone or video surveillance system not using Wi Fi Is there a radar installation nearby If you cannot find the answer to these questions easily consider employing a spectrum analysis product such as the AirMagnet Spectrum Analyzer Are building blueprints available With blueprints you can...

Page 17: ...tors do a quick site survey If they need to provide greater coverage they deploy additional access points If there are areas where access points are interfering with each other they then relocate one or more of them With the Aerohive cooperative RF control HiveAPs automatically adjust their channel and power to compensate for coverage gaps and areas of interference The deploy and check approach is...

Page 18: ... plan to support an average of 5 to 15 clients per access point While the specifications of most access points state that they can support up to about 120 clients a significantly lower density is recommended to get an acceptable throughput for standard office applications If you expect to support voice over Wi Fi in the enterprise account for those phones as well With the addition of voice the cli...

Page 19: ...rMagnet pay for themselves very quickly These products enable the validation of a deployment and allow you to troubleshoot client and access point issues For more information see the section on Operational Considerations on page 22 Professional Services When deploying wireless LANs professional services are often required perform site surveys Client Software Depending on the deployment users can u...

Page 20: ...an end cap Additionally metal shelves and high ceilings can be challenges to propagation To resolve with these issues it is wise to put at least one access point per aisle to ensure coverage for that aisle This usually requires a higher density of access points than would otherwise be required Configuring Antennas As anyone who has administered a WLAN system in the past knows proper configuration ...

Page 21: ...ey often broadcast slightly in other directions than the primary one These extra lobes can be seen in both of the patterns shown below Figure 2 Directional antenna patterns The following are some quick hints for deploying access points Standard sheetrock walls and dropped ceilings are the best locations for mounting access points When deploying WLANs in retail stores doing a site survey at each st...

Page 22: ... sense for some deployments For example you might want to add additional VLANs or security settings This section covers a few of the more common considerations that IT departments are handling 802 1Q VLANs HiveAPs can segment users into VLANs if an administrator wants This decision can be made by a returned RADIUS attribute or it can be configured as part of a user profile or SSID Enterprises ofte...

Page 23: ...ng networks Aerohive recommends two tools Ethereal Warehouser http www wireshark org and AirMagnet Laptop Analyzer http www airmagnet com products laptop htm Management Current Wi Fi networks typically span an entire company and have complex security policies Fortunately the HiveManager Network Management System makes it simple to manage large networks from a central location It provides a single ...

Page 24: ...ncrease using a log10 math function Rather than dusting off your old math books and pulling out your calculator look at the dBm to milliwatt converter that appears below Often in Wi Fi dBm and milliwatts mW and microwatts W are used interchangeably The following table converts between the two units of measurement In RF there is also a relative measurement that you can use to compare two numbers Th...

Page 25: ...B Signal strength not only diminishes over distance but it can also be affected by objects in the way see Figure 4 This can be a wall a tree or even a person There is a fairly predictable dB drop through most objects that also decreases the SNR thus decreasing the data rate While this appears to be a bad thing clever Wi Fi installers use it to their advantage It allows them to place more access po...

Page 26: ...e in 802 11a g or the 300 Mbps speeds in 80211n rather than each being capable of 54 or 300 Mbps speeds independently This essentially halves the bandwidth for each access point To manage this situation make sure that neighboring APs are on different channels and that their power is adjusted so that it does not overlap that of other APs with the same channel In the 2 4 GHz spectrum there are 11 ch...

Page 27: ...al As the RF signals bounce about while propagating one or more of the secondary paths can interfere with the primary path causing the signal strength of the direct path to diminish In doing so multipath can greatly decrease signal to noise ratio with legacy 802 11a g radios With 802 11n a certain amount of multipath is desirable and increases performance Figure 7 Multipath radio waves Note There ...

Page 28: ...r mobility security quality of service and radio control This guide combines product information installation instructions and configuration examples for both the HiveAP and HiveManager platforms This chapter covers the following topics relating to the HiveAP HiveAP 20 Product Overview on page 28 Ethernet and Console Ports on page 30 Status LEDs on page 31 Antennas on page 32 Mounting the HiveAP 2...

Page 29: ...te at two radio frequencies 2 4 GHz for IEEE 802 11b g and 5 GHz for IEEE 802 11a For details see Antennas on page 32 Status LEDs The status LEDs convey operational states for system power and the LAN Access and Mesh interfaces For details see Status LEDs on page 31 802 11a RP SMA Connector You can connect a detachable single band antenna such as the Pulse W1028 dipole antenna for the 5 GHz band t...

Page 30: ...30 Reset Button The reset button allows you to reboot the device or reset the HiveAP to its factory default settings Insert a paper clip or something similar into the Reset pinhole and press the reset button To reboot the device hold the button down between 1 and 5 seconds To return the configuration to the factory default settings hold it down for at least 5 seconds After releasing the button the...

Page 31: ...ernet Cable with an RJ 45 Connector 802 3af Alternative A Data and Power on the Same Wires 802 3af Alternative B Data and Power on Separate Wires Pin Data Signal MDI MDI X MDI or MDI X 1 Transmit DC DC 2 Transmit DC DC 3 Receive DC DC 4 unused DC 5 unused DC 6 Receive DC DC 7 unused DC 8 unused DC MDI Medium dependent interface for straight through connections MDI X Medium dependent interface for ...

Page 32: ... below Power Dark No power Steady green Powered on and the firmware is running normally Steady amber Firmware is booting up or is being updated Blinking amber Alarm indicating firmware failure LAN Dark Ethernet link is down or disabled Steady green Ethernet link is up but inactive Blinking green Ethernet link is up and active Access Dark Wireless link is disabled Steady green Wireless link is up b...

Page 33: ...EEE 802 11b g and 5 GHz IEEE 802 11a Using two different frequency ranges reduces the probability of interference that can occur when numerous channels operate within the same range Conceptually the relationship of antennas and radios is shown in Figure 5 Figure 5 Antennas and radios If you connect an external antenna to an RP SMA connector you must enter the following command to move the appropri...

Page 34: ...d ceiling grid Using just the mounting plate you can mount the HiveAP to any surface that can support its weight 1 5 lb 0 68 kg Ceiling Mount To mount the HiveAP 20 to a track in a dropped ceiling you need the mounting plate track clip and two cross head screws that ship with the track clip You also need a cross head screw driver and most likely a ladder Attach the track clip to the mounting plate...

Page 35: ...iveAP on a wall Press the track clip against the ceiling track so that the the track contacts the two pressure tabs and pushes them flush with the track clip Rotate the HiveAP and the mounting accessories attached to it until the two clipping tabs grip the ceiling track 5 6 bird s eye view with ceiling tiles removed for clarity Use the mounting screw to secure the HiveAP 20 to the plate Insert the...

Page 36: ...16 D 21 cm W x 2 5 cm H x 12 5 cm D Weight 1 5 lb 0 68 kg Antennas Two fixed dual band 802 11a b g antennas and two RP SMA connectors for detachable single band 802 11a or 802 11b g antennas Serial port DB 9 bits per second 9600 data bits 8 parity none stop bits 1 flow control none Ethernet port autosensing 10 100Base T TX Mbps with IEEE 802 3af compliant PoE Power over Ethernet Power Specificatio...

Page 37: ...Chapter 2 The HiveAP 20 ag Platform 36 Aerohive ...

Page 38: ...on instructions and configuration examples for both the HiveAP and HiveManager platforms This chapter covers the following topics relating to the HiveAP 28 HiveAP 28 Product Overview on page 38 Ethernet Port on page 39 Power Connector on page 40 Antennas on page 41 Mounting the HiveAP 28 and Attaching Antennas on page 42 Pole Mount on page 43 Strand Mount on page 44 Surface Mount on page 45 Attach...

Page 39: ...aching Antennas on page 46 Waterproof Power Connector Using the power connector is one of two methods through which you can power the HiveAP 28 To connect it to a 100 240 volt AC power source use the power cable that ships with the product as an extra option Because the HiveAP does not have an on off switch connecting it to a power source automatically powers on the device The power source must ha...

Page 40: ...ges and wraps itself around the Ethernet cable The Ethernet connection is now sealed and waterproof 10 100 Mbps PoE Port The 10 100 Mbps Ethernet port supports IEEE 802 3af PoE Power over Ethernet and receives RJ 45 connectors The HiveAP can receive its power through an Ethernet connection to PSE power sourcing equipment that is 802 3af compatible such as one of the PoE injectors available as an o...

Page 41: ...eaving some slack in the cord lets water run away from the connections at each end Use only a weatherproof power cord such as the cord that ships with the HiveAP 28 5 Strip the other end of the power cord and wire it directly to a power source such as a junction box that has a service disconnect switch that you can use to turn the power on and off Also because the HiveAP 28 does not have short cir...

Page 42: ...tennas operate concurrently in two different frequency ranges 2 4 GHz IEEE 802 11b g and 5 GHz IEEE 802 11a Using two different frequency ranges reduces the probability of interference that can occur when numerous channels operate within the same range Conceptually the relationship of antennas and radios is shown in Figure 4 For information about attaching the antennas to the HiveAP 28 see Attachi...

Page 43: ...d antennas Do not connect or disconnect antennas or cables from the HiveAP 28 during periods of lightning activity If you need to place the HiveAP 28 in an explosive environment such as in an oil refinery mine or any place where there is flammable gas it must first be encased in an ATEX enclosure To comply with RF radio frequency exposure limits do not place antennas within 6 56 feet 2 meters of p...

Page 44: ...ng end of the bracket in the opposite direction of the first one for better stability For example if you attached the first bracket with its long end positioned toward the outside edge of the device install this second bracket with the long end of the bracket toward the middle Note One of the holes in the bracket is arc shaped so that you can adjust the angle of the mounted device if necessary Not...

Page 45: ... bolt and split washer to secure the strand between the clamp and chassis 3 Attach the 90 degree type N adapters to the two 2 4 GHz antenna connectors and then attach the antennas to the adapters so that the antennas face downward For details see Attaching Antennas on page 46 Note Repeat the preceding steps to fasten the other end of the HiveAP 28 to the cable or wire strand 5 GHz 2 4 GHz Strand C...

Page 46: ... Attach four 5 16 screws to a wall or beam They must be 8 1 8 206 mm apart vertically and 7 7 8 200 mm apart horizontally to accommodate the keyholes on the mounting plates 3 Guide the keyholes over the screws fastened to the wall and push downward after the screw heads have cleared the keyholes Note Because the metal in a wall can degrade the radio signal pattern Aerohive recommends using sector ...

Page 47: ...s follows 2 1 Starting at one end of the threads on one of the connectors stretch the tape and wrap it in half lap layers until you cover the threads completely 2 2 Wrap the tape in the opposite direction to bring it back onto itself for one full wrap 2 3 Place one thumb on the tape at the point of termination and stretch the tape until it breaks 2 4 Repeat the preceding steps to cover all the con...

Page 48: ...he pole thread the V bolt through the holes on the attachment the washers and nuts and use the wrenches to tighten the nuts to the bolt Optional For added stability fasten the top of the antenna to the pole with the hose clamp To mount the antenna directly to a flat surface run bolts or screws not included through the two holes in the attachment clamp and fasten them firmly to the surface Attachme...

Page 49: ...3 13 16 W x 4 3 8 H x 8 3 8 D 35 cm W x 11 cm H x 21 cm D Weight 9 lbs 4 08 kg Antennas Two detachable single band 8dBi 802 11b g antennas and two detachable single band 10dBi 802 11a antennas Maximum Transmission Power 20 dBm Ethernet port autosensing 10 100Base T TX Mbps with IEEE 802 3af compliant PoE Power over Ethernet Power Specifications AC DC power adapter Input 100 240 VAC Output 17 watts...

Page 50: ...smart PoE Power over Ethernet to adjust its power consumption automatically in response the available power in different environments Smart PoE supports the IEEE 802 3af standard and the 802 3at pre standard This chapter covers the following topics relating to the HiveAP 340 HiveAP 340 Product Overview on page 50 Ethernet and Console Ports on page 52 Status LEDs on page 56 Antennas on page 56 Moun...

Page 51: ...notebook lock to the device lock slot or by using the lock adapter that is included in the mounting kit and a padlock For more information see Locking the HiveAP 340 on page 62 802 11a b g n RP SMA Connectors You can connect up to six detachable single band antennas to the male 802 11a b g n RP SMA reverse polarity subminiature version A connectors Connect the longer antennas which support 2 4 GHz...

Page 52: ... is available as an extra option Because the HiveAP does not have an on off switch connecting it to a power source automatically powers on the device Console Port You can access the CLI by making a serial connection to the RJ 45 console port The management station from which you make a serial connection to the HiveAP must have a VT100 emulation program such as Tera Term Pro a free terminal emulato...

Page 53: ... Wiring Options Pin Data Signal MDI MDI X MDI or MDI X 1 2 3 4 1 Transmit DC DC DC1 DC1 DC1 DC1 2 Transmit DC DC DC1 DC1 DC1 DC1 3 Receive DC DC DC1 DC1 DC1 DC1 4 unused DC DC2 DC2 DC2 DC2 5 unused DC DC2 DC2 DC2 DC2 6 Receive DC DC DC1 DC1 DC1 DC1 7 unused DC DC2 DC2 DC2 DC2 8 unused DC DC2 DC2 DC2 DC2 MDI Medium dependent interface for straight through connections MDI X Medium dependent interfac...

Page 54: ...ess interfaces ETH0 ETH1 and all wireless subinterfaces in access mode In addition to using ETH0 and ETH1 as individual interfaces you can combine them into an aggregate interface agg0 to increase throughput or combine them into a redundant interface red0 to increase reliability The logical red0 and agg0 interfaces support all the settings that you can configure for Ethernet interfaces except thos...

Page 55: ...s primary is the one that the HiveAP uses when both interfaces have network connectivity Because the HiveAP uses eth0 as the primary interface by default it is unnecessary to specify primary in the first command above However it is included to make the role of eth0 as the primary interface obvious Interface Selection for the Default Route In cases where there are multiple active interfaces in back...

Page 56: ... Pin Signal Direction 1 RTS Request to Send Output unused 2 DTR Data Terminal Ready Output unused 3 TXD Transmitted Data Output 4 Ground Ground 5 Ground Ground 6 RXD Received Data Input 7 DSR Data Set Ready Input unused 8 CTS Clear to Send Input unused RJ 45 Console Port View of the console port on the HiveAP Because this is a console port only pins 3 4 5 and 6 are currently in use Console Port Pi...

Page 57: ...y amber Wireless interface is in backhaul mode but inactive Pulsing amber Wireless interface is in backhaul mode and is connected with other hive members Alternating green and amber Wireless interface is in backhaul mode and is searching for other hive members Antennas Antennas are an integral part of the HiveAP 340 The HiveAP 340 can accept up to six detachable dipole antennas The three shorter a...

Page 58: ... from all the spatial streams and reassemble them into a single data stream once again see Figure 6 Figure 6 2x2 MIMO 2 transmit antennas x 2 receive antennas 5 GHz Antenna for IEEE 802 11a n Length when fully extended 5 15 16 15 cm 2 4 GHz Antenna for IEEE 802 11b g n Length when fully extended 7 7 8 20 cm The base of the antennas hinge up to 90 degrees so that you can orient the antennas indepen...

Page 59: ...f signals for the receive chains to use in their processing To set the transmit and receive RF chains for a radio profile enter the following commands radio profile name transmit chain 2 3 radio profile name receive chain 2 3 There are two sets of antennas three antennas per set that operate concurrently in two different frequency ranges 2 4 GHz IEEE 802 11b g n and 5 GHz IEEE 802 11a n Using two ...

Page 60: ...n benefit somewhat from an 802 11n access point using MIMO supporting such legacy clients along with 802 11n clients can have a negative impact on 802 11n client traffic Legacy clients take longer to send the same amount of data as 802 11n clients Consequently legacy clients consume more airtime than 802 11n clients do causing greater congestion in the WLAN and reducing 802 11n performance By defa...

Page 61: ...e ceiling Plenum Mount on page 63 Using the mounting plate hanger clip and hanger frame you can mount it in the plenum above a dropped ceiling Suspended Mount on page 66 Using the mounting plate cable quad toggle and locking device you can suspend the device from a beam bracket or any object that can support its weight 3 3 lb 1 5 kg Surface Mount on page 68 Using just the mounting plate and some s...

Page 62: ...ed strips on the mounting plate to prevent them from being pulled out of their connections accidentally Mounting Plate 1 2 Press the track clips against the ceiling track and swivel them until they snap into place gripping the edges of the track If necessary slide one or both of the clips along the track to position them at the proper distance 2 1 4 or 7 cm to fit through the holes in the mounting...

Page 63: ...the slot in the mounting plate see Figure 10 Figure 10 Locking the HiveAP 340 to the mounting plate 2 Link a padlock through the opening in the adapter and engage the lock to secure the HiveAP 340 to the mounting plate The opening is 1 8 0 3 cm in diameter at its narrowest With the HiveAP 340 upside down align its port side with the bottom end of the plate Push the HiveAP 340 upward inserting the ...

Page 64: ...P 340 to the mounting plate and then attach the antennas to the connectors see Figure 12 Figure 12 Attaching the HiveAP 340 to the mounting plate Insert the hanger clip through the large hole in the mounting plate Squeeze the hanger clip to pull the tabs on its feet inward until they snap upward into the two holes on either side of the larger hole Hanger Clip Mounting Plate 1 2 With the HiveAP 340...

Page 65: ...rips the track below the top ridge see Figure 13 Figure 13 Clipping the hanger frame onto the track 6 Insert the hanger clip upward through the center slot in the hanger frame and then twist it counterclockwise until the clip snaps into a locked position against the sides of the crossbar see Figure 14 on page 65 5 Remove the ceiling tile and enter the plenum 4 Press the hanger frame onto the ceili...

Page 66: ...rce 8 Replace the ceiling tile to complete the installation bird s eye view with the ceiling tiles and ceiling tracks removed for clarity Insert the hanger clip upward through the center slot in the hanger frame Rotate the HiveAP 340 and the attached mounting accessories counterclockwise until the clip locks in place against the sides of the crossbar HiveAP 340 attached to the mounting plate Hange...

Page 67: ...ack through the center hole in the locking device and then continue pulling it through the locking device until the HiveAP 340 is suspended at the height you want see Figure 16 on page 67 The center tube that runs through the locking device is designed to allow you to pull the rope wire up through it while preventing the rope from slipping back down If you ever pull too much rope through and need ...

Page 68: ...While maintaining pressure on the tube adjust the rope until the HiveAP 340 is at the height you want When you are satisfied stop pressing against the tube so that it can regain its grip on the rope Figure 17 Releasing the wire rope from the locking device Clip 3 Wrap the wire rope around a beam clip the hook to the rope and then pull the rope downward until it is taut against the beam Pull downwa...

Page 69: ...tally Mounting Plate HiveAP 340 Wall Insert the tabs on the mounting plate into the slots on the underside of the HiveAP 340 Then push the HiveAP 340 downward to lock it in place With the two wings at the sides of the plate extending away from the surface attach the mounting plate to a secure object such as a wall or beam Use 8 screws for the oblong holes and 10 for the larger round ones 1 3 Note ...

Page 70: ... Weight 3 lb 1 36 kg Antennas Three omnidirectional 802 11b g n antennas and three omnidirectional 802 11a n antennas Serial port RJ 45 bits per second 9600 data bits 8 parity none stop bits 1 flow control none Ethernet ports autosensing 10 100 1000 Base T TX Mbps both ports are compliant with the IEEE 802 3af standard and the forthcoming 802 at standard for PoE Power over Ethernet Power Specifica...

Page 71: ...Chapter 4 The HiveAP 340 Platform 70 Aerohive ...

Page 72: ...vailable power in different environments Smart PoE supports the IEEE 802 3af standard and the 802 3at pre standard This chapter covers the following topics relating to the HiveAP 320 HiveAP 320 Product Overview on page 72 Ethernet and Console Ports on page 74 Status LEDs on page 74 Antennas on page 75 Mounting the HiveAP 320 on page 76 Ceiling Mount on page 76 Surface Mount on page 78 Device Power...

Page 73: ...system power firmware Ethernet interfaces and radios For details see Status LEDs on page 74 ETH0 10 100 1000 Mbps PoE Port and ETH1 10 100 1000 Mbps Port The two 10 100 1000 Mbps Ethernet ports ETH0 and ETH1 receive RJ 45 connectors The HiveAP can receive power through an Ethernet connection to the ETH0 port from PSE power sourcing equipment that is compatible with the 802 3af standard and the for...

Page 74: ...ttings bits per second 9600 data bits 8 parity none stop bits 1 flow control none For details see Ethernet and Console Ports on page 74 Device Lock Slot You can physically secure the HiveAP by attaching it to a mounting plate that is clipped to a ceiling track and then using a screw with a unique head design to fasten the HiveAP to the mounting plate through the device lock slot The screw and spec...

Page 75: ...nsole port you can make a serial connection between your management system and the HiveAP The pin to signal mapping of the RJ 45 console port is the same as that for the HiveAP 340 which is shown shown in Figure 3 on page 55 Similarly cabling and connection details for the HiveAP 320 are same as those for the HiveAP 340 see Figure 4 on page 55 Status LEDs The five status LEDs on the top of the Hiv...

Page 76: ...equency range 2 4 GHz for IEEE 802 11b g and the wifi1 interface links to radio 2 frequency range 5 GHz for IEEE 802 11a These interface to radio relationships are permanent Although hive members automatically adjust their signal strength according to their environments you can resize the area of coverage by increasing or decreasing the signal strength manually by entering the interface wifi0 wifi...

Page 77: ...hrough the hole and attach them to the HiveAP 320 leaving some slack so that you can easily maneuver the HiveAP into place attaching it to the mounting plate as shown in Figure 5 on page 77 Note In addition to these methods you can also mount the HiveAP 320 on a table using the set of four rubber feet that ship with the product Simply peel the rubber feet off the adhesive sheet and press them agai...

Page 78: ...iveAP 320 and begin to thread it into the hole in the mounting plate see Figure 6 Figure 6 Locking the HiveAP 320 to the Mounting Plate 2 With the insert bit in a screw driver tighten the screw into place securing the HiveAP to the mounting plate Push HiveAP With the HiveAP 320 upside down align the round tab and security screw hole extension on the mounting plate with the keyhole opening and secu...

Page 79: ... plate For information see Locking the HiveAP 320 on page 77 Insert the tabs on the mounting plate into the slots on the underside of the HiveAP 320 Then push the HiveAP 320 downward to lock it in place Orient the mounting plate as shown and attach it to a secure object such as a wall post or beam Use 6 screws 1 3 Note There are a variety of holes through which you can screw or nail the plate in p...

Page 80: ...lb 0 9 kg Antennas Three omnidirectional 802 11b g n antennas and three omnidirectional 802 11a n antennas Serial port RJ 45 bits per second 9600 data bits 8 parity none stop bits 1 flow control none Ethernet ports two autosensing 10 100 1000 Base T TX Mbps ports the ETH0 port is compliant with the IEEE 802 3af standard and the forthcoming 802 at standard for PoE Power over Ethernet Power Specific...

Page 81: ...Chapter 5 The HiveAP 320 Platform 80 Aerohive ...

Page 82: ... follows the IEEE 802 3af standard or the 802 3at pre standard Optionally they can be powered by an AC DC desktop power adapter This chapter covers the following topics relating to the HiveAP 100 series HiveAP 110 and 120 Product Overview on page 82 Ethernet Port on page 83 Status Indicator on page 84 Antennas on page 84 Mounting a HiveAP 100 Series Device on page 85 Ceiling Mount on page 85 Surfa...

Page 83: ...WPA Wi Fi Protected Access and WPA2 You can see the hardware components on the HiveAP in Figure 1 Each component is described in Table 1 Figure 1 HiveAP 110 and 120 hardware components Table 1 HiveAP 110 and 120 component descriptions Component Description Status Indicator The status indicator conveys operational states for system power firmware updates Ethernet and wireless interface activity and...

Page 84: ...ready to serve clients the status indicator glows white To disable the reset button from resetting the configuration enter this command no reset button reset config enable Pressing the button between 1 and 5 seconds will still reboot the HiveAP but pressing it for more than 5 seconds will not reset its configuration ETH0 PoE Port The 10 100 1000 Mbps Ethernet port ETH0 receives an RJ 45 connector ...

Page 85: ...t its brightness level from bright the default to soft to dim You can even turn it off completely In HiveManager choose the brightness level that you want from the LED Brightness drop down list on the Configuration Management Services Management Options page Through the CLI enter no system led brightness soft dim off The four settings are represented graphically in Figure 2 Figure 2 Adjustable sta...

Page 86: ... 4 Keeping the prongs away from the track edges until both tabs grip the track ensures that the clip does not snap into place prematurely with only one tab in position Figure 4 Attaching the track clip to the ceiling track Note In addition to these methods you can also mount the HiveAP on a table using the set of four rubber feet that ship with the product Simply peel the rubber feet off the adhes...

Page 87: ...ttach them to the HiveAP 6 When done adjust the ceiling tiles back into their former position Note You can also mount the HiveAP 100 series device to a solid ceiling or the underside of any horizontal object such as a cross beam using three 6 or 8 screws Position the three screws in a T shaped layout two screws 2 5 cm apart from each other and the third screw center aligned between them and 4 75 1...

Page 88: ...HiveAP which is located at the top of the device when it is mounted on a wall Note You can use a Kensington lock to secure the HiveAP to a stationary object For information see Locking the HiveAP on page 87 Device Lock Slot Kensington Security Lock Loop the cable around a secure object such as a support beam and then insert the T bar component of the lock into the device lock slot on the HiveAP an...

Page 89: ...D 16 3 cm W x 4 6 cm H x 16 3 cm D Weight 1 75 lb 0 8 kg Antennas HiveAP 110 two dual band omnidirectional 802 11a b g n antennas HiveAP 120 two omnidirectional 802 11b g n antennas and two omnidirectional 802 11a n antennas Ethernet port one autosensing 10 100 1000 Base T TX Mbps port compliant with the IEEE 802 3af standard and the forthcoming 802 at standard for PoE Power over Ethernet Power Sp...

Page 90: ...ent of up to 500 HiveAPs Profile based configurations that simplify the deployment of large numbers of HiveAPs Scheduled firmware upgrades on HiveAPs by location Exportation of detailed information on HiveAPs for reporting This chapter covers the following topics related to the HiveManager platform Product Overview on page 90 Ethernet and Console Ports on page 91 Status LEDs on page 92 Rack Mounti...

Page 91: ...ake a console connection using an RS 232 or null modem cable The pin assignments are the same as those on the HiveAP see Ethernet and Console Ports on page 30 The management station from which you make a serial connection to the HiveManager must have a VT100 emulation program such as Tera Term Pro a free terminal emulator or Hilgraeve Hyperterminal provided with Windows operating systems The follo...

Page 92: ...m fan vents is not obstructed Serial Number Label The serial number label contains the FCC compliance stamp model number input power specifications and serial number for the device AC Power Inlet The three prong AC power inlet is a C14 chassis plug through which you can connect a HiveManager to a 100 240 volt AC power source using the 10 amp 125 volt IEC power cord that ships with the product On O...

Page 93: ...s follows Bits per second 9600 Data bits 8 Parity none Stop bits 1 Flow control none Status LEDs The two status LEDs on the front of the HiveManager indicate various states of activity through their color dark green amber and illumination patterns steady glow or blinking The meanings of the various color illumination patterns for each LED are shown in Figure 4 Figure 4 Status LEDs 1 2 3 4 5 6 7 8 ...

Page 94: ...pending on the layout of your equipment rack you might need to mount the HiveManager in reverse To do that move the brackets to the left and right sides near the rear before mounting it Figure 5 Mounting the HiveManager in an equipment rack 1 Position the HiveManager so that the holes in the mounting brackets align with two mounting holes in the equipment rack rails 2 Insert a screw through a wash...

Page 95: ...H x 15 13 16 D 42 7 cm W x 4 4 cm H x 40 2 cm D Weight 13 75 lb 6 24 kg Serial port male DB 9 RS 232 port bits per second 9600 data bits 8 parity none stop bits 1 flow control none USB port standard Type A USB 2 0 port Ethernet ports MGT and LAN autosensing 10 100 1000Base T Mbps Power Specifications ATX Advanced Technology Extended autoswitching power supply with PFC power factor corrector Input ...

Page 96: ...d configurations that simplify the deployment of large numbers of HiveAPs Scheduled firmware upgrades on HiveAPs by location Exportation of detailed information on HiveAPs for reporting Hot swappable power supplies Cold swappable hard disk drives This chapter covers the following topics related to the High Capacity HiveManager platform Product Overview on page 96 Rack Mounting the High Capacity Hi...

Page 97: ...AID Redundant Array of Independent Drives mirrored hard disk drives to provide fault tolerance data reliability and increased performance Front Mounting Brackets When used with the rack mounting kit the two front mounting brackets allow you to mount the High Capacity HiveManager in a standard 19 48 26 cm equipment rack For rack mounting instructions see Rack Mounting the High Capacity HiveManager ...

Page 98: ... as that on the standard capacity HiveManager see Ethernet and Console Ports on page 91 Reset Button The reset button allows you to reboot the High Capacity HiveManager Insert a paper clip or something similar into the hole and press the reset button between 1 and 5 seconds After releasing the button the Power LED goes dark and then glows steady amber while the software loads and the system perfor...

Page 99: ...round holes 1 After checking that the mounting kit contains the above parts separate the chassis rails from each slide set as shown in Figure 2 Figure 2 Separating the chassis rail from the nested slides 2 Position one of the chassis rails so that the slide stop is near the HiveManager mounting bracket near the front panel and the front and rear holes in the chassis rail align with the holes in th...

Page 100: ... rack For round holes use the cross head screws to fasten the brackets through the holes in the rack rails to the bar nuts You can use the locator pins to help keep the bar nuts aligned to the holes See Figure 5 Figure 5 Fastening the rear mounting brackets to the rack rails Place the slide stop against the front mounting bracket Chassis Rail cross head machine screws with 10 32 threads Outer Slid...

Page 101: ...n the HiveManager to the equipment rack as shown in Figure 6 If the rack has round holes use the two remaining nut bars and locator pins and thread the screws through the rack rails into them Figure 6 Mounting the HiveManager in an equipment rack The HiveManager is now securely mounted to the front and rear rails of the equipment rack Screws Front Mounting Bracket Rack Rails Outer Slide Inner Slid...

Page 102: ...from the power source 2 Lower the handle to a horizontal position 3 With your index finger press the red release lever to the left 4 While holding the release lever to the left grip the handle between your thumb and second finger and pull the power supply straight out See Figure 7 Figure 7 Removing a power supply 5 Insert a working power supply into the vacant bay and push it straight in until it ...

Page 103: ... door and lock it again 6 Connect a serial cable to the console port 7 Connect one end of an RS 232 serial cable to the male DB 9 console port on the HiveManager and other end to the serial port or COM port on your management system 8 Start a serial connection as explained in Changing Network Settings on page 109 9 Turn on the HiveManager 10 While it is booting up press and hold down the CTRL A ke...

Page 104: ...13 16 W x 3 1 2 H x 17 D 42 7 cm W x 8 9 cm H x 43 2 cm D Weight 34 lb 15 42 kg Serial port male DB 9 RS 232 port bits per second 9600 data bits 8 parity none stop bits 1 flow control none USB port standard Type A USB 2 0 port Ethernet ports MGT and LAN autosensing 10 100 1000Base T Mbps Power Specifications Redundant ATX Advanced Technology Extended autoswitching power supplies with PFC power fac...

Page 105: ...Chapter 8 The High Capacity HiveManager Platform 104 Aerohive ...

Page 106: ...e HiveManager hardware and updating the HiveManager software as new releases become available You receive access to a VHM virtual HiveManager running on the HiveManager hardware Each VHM is an independent management system with its own administrators managing their own set of HiveAPs Without the expense of buying a physical appliance or HiveManager Virtual Appliance HiveManager Online can be the m...

Page 107: ...ou load onto a computer of your choice HM VA ships as VMware on a USB flash drive Figure 3 HiveManager Virtual Appliance ships as VMware on a USB flash drive You must first install a VMware product such as VMware Workstation or VMware Player on your computer Then install HM VA on the VMware workstation or player where it runs like a virtual server inside your computer HM VA forms a virtual layer 2...

Page 108: ...Manager and the HiveAPs it manages only affects HiveAP manageability such a loss has no impact on communications occurring on the control and data planes The management plane is the logical division of administrative traffic relating to the configuration and monitoring of HiveAPs From a management system an admin can use the HiveManager to configure maintain and monitor multiple HiveAPs essentiall...

Page 109: ...tion workflow Finally the chapter concludes with procedures for updating HiveManager software and HiveAP firmware The sections are as follows Installing and Connecting to the HiveManager GUI on page 109 Introduction to the HiveManager GUI on page 113 Viewing Reports on page 114 Searching on page 115 Multiselecting on page 116 Cloning Configurations on page 116 Sorting Displayed Data on page 117 Hi...

Page 110: ...iveManager system ID Aerohive will send you back an order ID or license key Changing Network Settings To connect HiveManager to the network you must first set the IP address netmask of its MGT interface so that it is in the subnet to which you plan to cable it To do this you can use the HiveManager console port 1 Connect the power cable to a 100 240 volt power source and turn on HiveManager The po...

Page 111: ...eparation of both types of traffic is not an issue then using just the MGT interface is a simple approach to consider Figure 3 Using just the MGT interface 8 After you finish configuring the network settings restart network services by entering 6 6 Restart Network Services and then enter yes to confirm the action You can now disconnect the serial cable Note To set static routes after you log in to...

Page 112: ... after logging in Then the prompt to enter an order ID appears after you click the HiveManager Online button For a HiveManager appliance with Internet access select Enter Order ID Copy the order ID text string that Aerohive sent you in an email message paste it in the Order ID field and then click Enter For HiveManager Online and HiveManager Virtual Appliance copy the order ID text string paste it...

Page 113: ...and if you agree with its content click Agree You are now logged in to the complete HiveManager GUI Later after completing the Start Here page in the next steps you can check details about the order ID and licenses you installed on the Home Administration License Management page You can also enter more licenses there such as a User Manager license if necessary 7 On the Start Here page HiveManager ...

Page 114: ...s needed to deploy manage and monitor large numbers of HiveAPs The configuration workflow is described in HiveManager Configuration Workflow Enterprise Mode on page 118 The GUI consists of several important sections which are shown in Figure 4 Figure 4 Important sections of the HiveManager GUI Menu Bar The items in the menu bar open the major sections of the GUI You can then use the navigation tre...

Page 115: ...ief overviews of these functions are presented in the following sections Viewing Reports When viewing reports that contain graphs Monitor Reports you can use your mouse to control what information HiveManager displays Moving your mouse over a measurement point on any line in a graph displays the type of data being reported and the date time and value of the measurement In the graph for active clie...

Page 116: ...igure 6 Figure 6 Search tool The following items are ignored when using the search tool The names of fields in dialog boxes The settings on the following Home Administration pages HiveManager Settings HiveManager Services and HM Notification Mail List Certificates captive web portal web page files and image files Reports When you enter a word or phrase in the search field and then click the Search...

Page 117: ... repeated data Figure 9 Cloning a hive Here you use the shift click multiselection method to select a set of the topmost eight HiveAPs in the list that is you select the check box for the top HiveAP and hold down the SHIFT key while selecting the check box for the eighth HiveAP from the top Select the check boxes to select multiple noncontiguous objects or shift click to select check boxes for mul...

Page 118: ...g event log entries by HiveAP host name and then chronologically Indicates that the list appears in descending order from the top Indicates that the list appears in ascending order from the bottom By default displayed objects are sorted alphanumerically from the top by name If you click the name again the order is reversed that is the objects are ordered alphanumerically from the bottom By clickin...

Page 119: ...el settings to one or more HiveAPs and then push the configurations to physical HiveAP devices across the network 2 When HiveAPs are in the same subnet as HiveManager they can use CAPWAP Control and Provisioning of Wireless Access Points to discover HiveManager on the network CAPWAP works within a layer 2 broadcast domain and is enabled by default on all HiveAPs If the HiveAPs and HiveManager are ...

Page 120: ...date and clear alarm and event logs or Full update to keep existing log entries after the upgrade and then enter the following File from local host select type the directory path and a file name or click Browse navigate to the software file and select it or To load a file from an SCP server File from remote server select IP Address Enter the IP address of the SCP server SCP Port Enter the port num...

Page 121: ... SCP is 22 File Path Enter the path to the HiveOS image file and the file name If the file is in the root directory of the SCP server you can simply enter the file name User Name Type a user name with which HiveManager can access the SCP server Password Type a password that HiveManager can use to log in securely to the SCP server 7 Click Upload 8 Close the dialog box by clicking the Close icon X i...

Page 122: ...e the uploaded content first and then forward it to mesh points the reboot will interrupt the data transfer to the mesh point This can also happen if a mesh point linking HiveManager to another mesh point reboots before the more distant mesh point completes its upload As a result of such an interruption the affected mesh point receives an incomplete firmware or configuration file and aborts the up...

Page 123: ...Chapter 10 Using HiveManager 122 Aerohive ...

Page 124: ...ed in the first two examples Example 4 Connecting HiveAPs to HiveManager on page 129 Cable two HiveAPs to the network to act as portals and set up a third one as a mesh point Put the HiveAPs on the same subnet as HiveManager and allow them to make a CAPWAP connection to HiveManager Example 5 Assigning the Configuration to HiveAPs on page 135 Assign the WLAN policy to the HiveAPs Also change HiveAP...

Page 125: ...n page 139 For the present goal of showing how to use HiveManager to configure an SSID the PSK method works well To configure the SSID log in to the HiveManager GUI see Installing and Connecting to the HiveManager GUI on page 109 click Configuration SSIDs New enter the following and then click Save Profile Name test1 psk A profile name does not support spaces although an SSID name does The profile...

Page 126: ...and 2 4 GHz 11n b g HiveAPs have two radios a 2 4 GHz radio which supports 802 11n b g and a 5 GHz radio which supports 802 11n a On all HiveAP models except the HiveAP 110 both radios can function concurrently This setting broadcasts the SSID on the wifi0 interface which is bound to the 2 4 GHz radio There is an assumption that your clients support at least one of the following IEEE standards 802...

Page 127: ...me information as that in its beacons The client sends an authentication request and because WPA and WPA2 use open authentication the response always accepts the request The client sends its capabilities and the HiveAP replies if these are acceptable or not If they are it creates an association ID and sends it to the client The HiveAP and client exchange the preshared key and other information to ...

Page 128: ...ample In this example you define a hive and name it hive test1 Later in Example 3 Creating a WLAN Policy on page 128 you assign the hive to a WLAN policy which in turn you assign to HiveAP devices in Example 5 Assigning the Configuration to HiveAPs on page 135 Click Configuration Advanced Configuration Hives New enter the following leave the other options at their default settings and then click S...

Page 129: ...that includes the SSID and hive configured in the previous two examples Although the New WLAN Policy dialog box consists of several pages for this basic configuration you only need to configure items on the first page see Figure 2 Figure 2 WLAN policy general settings Click Configuration WLAN Policies New enter the following on the first page of the new WLAN policy dialog box leave all the other s...

Page 130: ...P Control and Provisioning of Wireless Access Points protocol HiveAPs act as CAPWAP clients and HiveManager as a CAPWAP server Because all devices are in the same subnet in this example the clients can broadcast CAPWAP Discovery Request messages to discover and establish a secure connection with the server automatically During the connection process each client proceeds through a series of CAPWAP ...

Page 131: ...nt returns to the Discovery state and sends Discovery Request messages The CAPWAP server receives the Discovery Request message and responds with a Discovery Response Discovery State Sulking State The client sends a Join Request Join State Run State Idle State When the client determines its neighbor is dead it transitions from the Run state to the Idle state The CAPWAP client and server perform a ...

Page 132: ...t a DHCP server To see that the mesh point HiveAP3 has successfully formed a link with a portal using the default hive hive0 enter show hive hive0 neighbor and check the Hstate column If at least one other HiveAP is listed as a neighbor and its hive state is Auth the mesh point has successfully formed a link and can access the network If the hive state is anything else it might still be in the pro...

Page 133: ...Manager GUI What is the status of the CAPWAP client running on the HiveAP To check the CAPWAP status of a HiveAP enter the show capwap client command Compare the RUN state with the CAPWAP states explained in Figure 4 on page 130 Check that the HiveAP has an IP address for itself and the correct address for HiveManager If for some reason the HiveAP does not have the correct address for HiveManager ...

Page 134: ... options 225 and 226 by default when it broadcasts DHCPDISCOVER and DHCPREQUEST messages If HiveManager continues to use its default domain name hivemanager plus the name of the local domain to which it and the HiveAPs belong configure an authoritative DNS server with an A record that resolves hivemanager local_domain to an IP address If a HiveAP does not have an IP address or domain name configur...

Page 135: ...a DHCP server supplied to the HiveAP If a DNS server has been configured with an A record to resolve that domain name to an IP address the HiveAP and HiveManager then form a secure CAPWAP connection If the first two searches for a local HiveManager produce no results the HiveAP broadens its search even wider and tries to contact HiveManager Online at staging aerohive com 12222 If the staging serve...

Page 136: ... down list choose wlan policy test1 This is the WLAN policy that you created in Example 3 Creating a WLAN Policy on page 128 Do not modify any of the other basic settings 5 In the Optional Settings section expand Credentials and then enter the following in the Root Admin Configuration section New Admin Name testadmin1 This is the root admin name that HiveManager uses to make SSH connections and up...

Page 137: ...e after field set an interval in seconds after which the HiveAP reboots to activate the updated country code settings Make sure that the check box for HiveAP3 is selected HiveManager updates the country code on HiveAP3 and then reboots it after the activation interval that you set elapses After HiveAP3 reboots it puts the appropriate radio settings for the updated country code into effect 3 Select...

Page 138: ...nfiguration to HiveAPs HiveManager must perform a complete upload which it does automatically After that it automatically performs a delta upload by comparing the current configuration for the HiveAP stored on HiveManager with that running on the HiveAP and then uploading only the parts that are different The three options found in the Settings section for uploading configurations are as follows C...

Page 139: ...n it tries to reconnect with HiveManager However it cannot do so because it is a mesh point that now belongs to the hive1 test hive while its portals HiveAP1 and 2 are still using their original configurations in which they are members of hive0 This loss of connectivity will continue until you update the portals which you do next 5 Repeat the previous steps to update HiveAP1 and HiveAP2 After they...

Page 140: ...Manager and use one of two ways to associate physical HiveAPs with their corresponding icons on the maps Example 2 IEEE 802 1X with an External RADIUS Server on page 145 Configure an IEEE 802 1X SSID and enable HiveAPs to act as RADIUS authenticators forwarding authentication requests from their wireless clients to an external RADIUS authentication server Example 3 Providing Guest Access through a...

Page 141: ... Topology Maps In this example you upload maps to HiveManager showing floor plans for three office buildings and organize them in a hierarchical structure You need to make png of jpg files of drawings or blueprints showing the layout of each floor Also as an easy means of organizing the maps in the HiveManager GUI you create a file showing the three buildings HQ B1 HQ B2 and Branch 1 By using this...

Page 142: ... Installation Height Because the corp_offices png depicts buildings instead of a floor plan it is not necessary to specify the size of the image or the HiveAP installation height 3 To add maps below the root map click Topology right click CorpOffices and then choose Add Delete Image from the pop up menu that appears In the Add Delete Image window click Upload navigate to the directory containing t...

Page 143: ...gth and attenuation shown in the heat maps Background Image Choose HQ B1 F1 png from the drop down list Map Width optional 120 feet HiveManager automatically calculates map height using the aspect ratio of the image HiveAP Installation Height 13 feet a fairly standard ceiling height in offices A floor icon labeled HQ B1 F1 appears on the CorpOffices image and a new entry named HQ B1 F1 appears nes...

Page 144: ... 2 maps HQ B1 F1 and HQ B1 F2 7 Repeat this process until you have arranged all the maps and icons in place as shown in Figure 5 Figure 5 CorpOffice map with links to all level 2 maps Note You can add up to seven levels to the map hierarchy You can also remove maps as long as they do not have any submaps or HiveAP icons on them To remove a map from the hierarchy right click it in the Map Hierarchy...

Page 145: ...f the SNMP Simple Network Management Protocol sysLocation MIB Management Information Base object which you define on HiveAPs HiveManager can use this information to associate a HiveAP with a map and provide a description of where on the map each HiveAP belongs 1 Make copies of the maps you uploaded to HiveManager label them and take them with you for reference when installing the HiveAPs 2 For eac...

Page 146: ...VLANs See Figure 6 Figure 6 Authentication requests and replies for wireless clients on two HiveAPs Note The first approach using MAC addresses makes the deployment considerably easier for installers whereas the second approach using SNMP makes new HiveAP management easier for the HiveManager administrator You can decide which approach makes the most sense for your team Note This example makes sev...

Page 147: ...e specified map or is the specified HiveAP Description VLAN for employees 2 To save the configuration and close the VLANs dialog box click Save 3 To create a VLAN object for IT staff traffic select the check box for the newly created VLAN object VLAN 10 in the list on the Configuration Advanced Configuration Network Objects VLANs page and then click Clone The VLANs dialog box appears with the sett...

Page 148: ... New icon to the right of the IP Address Domain Name drop down list and define the IP address of the RADIUS authentication server in the IP Objects Host Names dialog box that appears IP Address select this setting automatically applies a netmask of 255 255 255 255 Object Name AuthServer 10 1 1 10 Enter the following and then click Apply to add the IP address to the address configuration IP Entry 1...

Page 149: ...m of the page to modify additional settings pertaining to RADIUS however the default settings work well for this example and do not need to be changed Retry Interval 600 seconds the default setting This field is only relevant when both primary and backup RADIUS authentication servers are configured The retry interval defines how long a HiveAP RADIUS authenticator waits before retrying a previously...

Page 150: ...ributes returned from RADIUS after successful authentication Click IT 2 in the Available User Profiles list and then click the right arrow to move it to the Selected User Profiles list The HiveAP RADIUS authenticator applies the IT 2 user profile only if the RADIUS authentication server returns a Tunnel Private Group ID attribute matching the attribute for this user profile 2 Only the selected use...

Page 151: ... Connect Because most PC based supplicants use their Windows login credentials to authenticate the client with the domain the 802 1X authentication process happens automatically If the supplicant is Windows based and you are not on a domain 1 Configure the SSID on your client as follows Network name SSID corp wifi Network authentication WPA2 Data encryption AES Enable IEEE 802 1X authentication fo...

Page 152: ... User Authentication With this option users must enter and submit a valid user name and password to log in The HiveAP acts as a RADIUS authenticator or RADIUS client and forwards the submitted login credentials to a RADIUS server for authentication The RADIUS authentication server can either be an internal server on a HiveAP or an external RADIUS server on the network This is a good choice when yo...

Page 153: ...s the HiveAP stores the client s MAC address as a registered user applies the appropriate user profile to the visitor and stops keeping the client captive that is the HiveAP no longer intercepts HTTP and HTTPS traffic from that MAC address but allows the client to access external web servers The entire process is shown in Figure 8 Figure 8 Captive web portal exchanges using external DHCP and DNS s...

Page 154: ...s registration page The user must agree to an acceptable use policy fill in some fields and then submit the form The HiveAP allows DNS queries and replies between the client of an ungregistered user and a DNS server DNS Query DNS Reply HTTP Client HTTP Server Wireless Client Servers Registration DHCP DNS and HTTP forwarding 5 6 Wireless Acess Point After a guest agrees to the acceptable use policy...

Page 155: ...ssociation Response 1 2 DHCP Request DHCP ACK DHCP Discover DHCP Offer SSID guest The client forms an association with the HiveAP but the visitor has not yet registered The HiveAP directs all DHCP DNS and HTTP traffic from unregistered guests to itself instead of allowing it to the rest of the network IP Address 172 16 1 2 Netmask 255 255 255 0 Default Gateway 172 16 1 1 DHCP Server 172 16 1 1 DNS...

Page 156: ...cess html the page that appears after registering successfully aerohive_3d jpg default main image on the web pages failure html the page that appears after an unsuccessful registration attempt aerohive_hex_light jpg optional background image reg php a file that the HiveAP generates automatically and stores on its internal web server aerohive_hex_dark jpg optional background image aerohive_spacer p...

Page 157: ...to accept a network usage policy before accessing the network There is also a fifth option External Authentication which redirects unregistered users HTTP and HTTPS traffic to a captive web portal on an external server instead of redirecting it to an internal captive web portal on a HiveAP For information about configuring it see the HiveManager online Help Note You can use Aerohive GuestManager o...

Page 158: ...ace this with a different image make sure it has the same or nearly the same dimensions to avoid distortion Use Policy This is a text file that states the company policy for network usage A user can view the policy by clicking the Acceptable Use Policy link on the registration page during the captive web portal registration process A generic policy is provided in the use policy txt file You can ex...

Page 159: ...f registration page The guests must complete a form and accept a network usage policy before being allowed to access the public network Registered visitors activity can be tracked and stored in historical logs on a syslog server for security and compliance auditing Captive Web Portal To create a captive web portal requiring users to self register to gain network access click Configuration Advanced...

Page 160: ...es New enter the following and then click Apply Network select Object Name 10 0 0 0 8 In the IP Entry field enter 10 0 0 0 for the IP address 255 0 0 0 for the netmask choose Global for the type enter a useful description such as Deny RFC 1918 private addresses and then click Apply To save the address and close the dialog box click Save Repeat the above to create two more address objects one for 1...

Page 161: ...able logging for packets that HiveManager drops due to the enforcement of rules that deny traffic Dropped Packets and the logging of session initiation and termination Both for traffic permitted by policy rules Action any any Because the source for DHCPDISCOVER and DHCPREQUEST messages does not yet have an IP address and the destination is 255 255 255 255 for broadcast traffic both the source and ...

Page 162: ...rofiles with the same attribute number in HiveManager the attribute number must be unique for each user profile that appears in the same WLAN policy You can set an attribute number between 1 and 4095 The default user profile default profile which cannot be deleted uses attribute 0 In this example you only associate the user profile to an SSID that authenticates users with a preshared key so the at...

Page 163: ...Kbps 2000 Policing Rate Limit 11n mode 0 2000000 Kbps 2000 The maximum traffic policing rate for the entire user profile is the same as that for an individual user By keeping the two rates the same a single online user is not restricted to a smaller rate than that of the profile to which he or she belongs These rates can be the same as or greater than the individual user rates Setting a rate limit...

Page 164: ...m employees who associate with other SSIDs so that you can apply one group of settings for visitors and another for employees In addition by assigning employees and guests to different VLANs you can separate their traffic To create an SSID for guest access click Configuration SSIDs New enter the following leave all other values at their default settings and then click Save Profile Name guest SSID ...

Page 165: ...lt column To test the captive web portal 1 Take a wireless client near one of the HiveAPs and form an association with the guest SSID entering guest123 when prompted for the preshared key 2 After the client has formed an association open a web browser The HiveAP intercepts the HTTP or HTTPS traffic from your browser to the URL of its home page and redirects it to the login page registration html o...

Page 166: ...gle private PSK user for visitors You then email the private PSK user data to the lobby ambassador to hand out to all visitors that arrive that week If you set the validity period so that it recurs on a weekly basis HiveManager and the HiveAPs generate a new PSK for that private PSK user each week With this approach the HiveAPs update the PSK automatically at the start of each new week and you sim...

Page 167: ...ame Contractors 35 Attribute Number 35 Default VLAN 1 Description short term contractors Expand Firewalls and enter the following in the IP Firewall Policy section From Access Click the New icon to open the IP Firewall Policy dialog box and then enter the following Policy Name contractors outgoing IP policy Description Apply to contractor user profiles Policy Rules To add rules permitting only DHC...

Page 168: ...on a RADIUS server and a reauthorization interval is not set on the server for those users If user accounts are stored on a RADIUS server that returns a reauthorization interval attribute the HiveAPs use that value instead of this one If user accounts are stored locally on HiveAPs the HiveAPs ignore this setting To create a private PSK user group for contractors click Configuration Advanced Config...

Page 169: ...ple who will use them but those for contractors are sent to a department manager for dissemination All definitions are also sent to the HiveManager administrator as a backup 2 Click Configuration Advanced Configuration Authentication Local Users Import Browse navigate to the file containing the private PSK user definitions select it and then click Import Private PSK SSID To configure an SSID for t...

Page 170: ...e web portal files first followed by the configuration The HiveAP Update Results page appears so that you can monitor the progress of the upload procedure When complete 100 appears in the Upload Rate column and Successful appears in the Update Result column Email Notification To distribute the private PSK user definitions to the employees and the manager in charge of the contractors click Configur...

Page 171: ...offices However the network at each office uses a different VLAN for its wireless clients Branch office 1 VLAN 10 Branch office 2 VLAN 20 Branch office 3 VLAN 30 To continue using a single WLAN policy for all branch offices while supporting their different VLANs you use HiveAP classifiers You do not classify HiveAPs at branch office 1 As a result they will use the VLAN definition classified as glo...

Page 172: ...to all the maps at branch office 3 click Modify expand Advanced Settings enter branch3 in the Tag1 field and then click Save Create a VLAN Object with Three Definitions Click Configuration Advanced Configuration Network Objects VLANs New enter the following and then click Apply VLAN Name branchVLAN 10 20 30 VLAN ID 10 Type Global Description VLAN at branch office 1 Click New enter the following an...

Page 173: ...lected on the Monitor Access Points HiveAPs page select The HiveAP Update Results page appears so that you can monitor the progress of the upload procedure When complete 100 appears in the Upload Rate column and Successful appears in the Update Result column Check that the VLANs are being applied properly In the Upload and Activate Configuration dialog box click the host name of a HiveAP at branch...

Page 174: ...tonomous APs cannot Consistent QoS Quality of Service policy enforcement across all hive members Coordinated and predictive wireless access control that provides fast roaming to clients moving from one hive member to another Best path routing for optimized data forwarding Automatic radio frequency and power selection Figure 1 HiveAPs in a hive HiveOS is the operating system that runs on HiveAPs Hi...

Page 175: ...et the native untagged VLAN that the switch infrastructure in the surrounding wired and wireless backhaul network uses interface mgt0 native vlan number VLAN ID 1 To set the VLAN for administrative access to the HiveAP management traffic between HiveAPs and HiveManager and control traffic among hive members interface mgt0 vlan number wifi0 and wifi1 interfaces wifi0 mode access wifi1 mode backhaul...

Page 176: ... network and other hive members The following list contains some key areas of device level configurations and relevant commands Management Administrators admin authentication method login parameters and admin privileges admin auth manager ip min password length read only read write root admin Logging settings log buffered console debug facility flash server trap Connectivity settings Interfaces in...

Page 177: ...red on the RADIUS Server Returned Attributes Tunnel Type GRE value 10 Tunnel Medium Type IPv4 value 1 Tunnel Private Group ID user_profile_number First configure a QoS policy that you want to apply to wireless traffic from a group of users The HiveAP applies the QoS policy to all wireless clients that associate with the SSID ssid string ssid string default user profile attr number 3 The attributes...

Page 178: ...nd or if both the current and backup config files fail to load See Figure 6 on page 180 When using the CLI the two most frequently accessed config types are the running config and current config When you enter a command in the running config the HiveAP performs it immediately However because the running config is stored in volatile memory DRAM the commands are not yet permanent and will be lost wh...

Page 179: ...re 5 Relationship between current and backup config files while rebooting a HiveAP Config File Current Config When you upload a config file from HiveManager or a TFTP or SCP server the HiveAP saves the uploaded file as a backup config This file replaces any previous backup config file that might have been there TFTP Server SCP Server HiveManager or or HiveAP Previous Backup Config overwritten New ...

Page 180: ...HCP nor be able to communicate with HiveManager assuming that you are managing it through HiveManager In this case you would have to make a serial connection to the console port on the HiveAP and reconfigure its hive settings through the CLI To avoid the above situation you can use a bootstrap config A bootstrap config is typically a small config file that comes last in the boot order current back...

Page 181: ...on To return to your previous current config file enter the following commands load config backup reboot Note Similar to the way that a current config consists of the commands you added on top of the default config a bootstrap config consists of default definitions and settings plus whatever other settings you configure When you enter the reset config reset config command or press the reset button...

Page 182: ...ows how using a bootstrap config can help minimize theft and increase convenience Because each example builds on the previous one it is recommended to read them sequentially Doing so will help build an understanding of the fundamentals involved in configuring HiveAPs If you want to view just the CLI commands used in the examples see CLI Commands for Examples on page 203 Having the commands in bloc...

Page 183: ... DC power adaptor that ships with the device as an option and connect that to a 100 240 volt power source The Power LED glows steady amber during the bootup process After the bootup process completes it then glows steady green to indicate that the firmware is loaded and running 2 Connect one end of an RS 232 serial or null modem cable to the serial port or Com port on your management system 3 Conn...

Page 184: ...tandard Code for Information Interchange text interface wifi0 ssid employee You assign the SSID to the wifi0 interface which is in access mode by default When you make this assignment the HiveAP automatically creates subinterface wifi0 1 and uses that for the SSID The HiveAP 20 series supports up to seven subinterfaces per Wi Fi interface for a possible maximum total of 14 SSIDs when both wifi0 an...

Page 185: ... access the network open a wireless client application and connect to the employee SSID Then contact a network resource such as a web server 2 Log in to the HiveAP CLI and check that you can see the MAC address of the associated client and an indication that the correct SSID is in use by entering the following command The setup of a single HiveAP is complete Wireless clients can now associate with...

Page 186: ... 2 connect to the wired network they act as portals In contrast HiveAP 3 is a mesh point Figure 2 Three HiveAPs in a hive Note The security protocol suite for hive communications is WPA AES psk Note If all hive members can communicate over wired backhaul links you can then use both radios for access The wifi0 interface is already in access mode by default To put wifi1 in access mode enter this com...

Page 187: ...l that HiveAP 1 uses on its backhaul interface which by default is wifi1 HiveAP 1 is set to use wireless interface wifi1 and its subinterface wifi1 1 for backhaul communications Write down the radio channel for future reference in this example it is 149 When configuring HiveAP 2 and 3 make sure that they also use this channel for backhaul communications exit The wifi1 interface and the wifi1 1 sub...

Page 188: ...fig exit 5 Repeat the above steps for HiveAP 3 Step 3 Connect HiveAP 2 and HiveAP 3 to the network 1 Place HiveAP 2 within range of its clients and within range of HiveAP 1 This allows HiveAP 1 and 2 to send backhaul communications to each other wirelessly as a backup path in case either member loses its wired connection to the network 2 Connect an Ethernet cable from the PoE In port on HiveAP 2 t...

Page 189: ...019 7700 0028 149 54M 54M 16 psk aes ccm 00 04 15 Auth 11a hive1 0019 7700 0438 149 54M 54M 16 psk aes ccm 00 04 16 Auth 11a hive1 Log in to HiveAP 3 and enter this command to see its neighbors in hive1 HiveAP 3 In the output of the show hive hive1 neighbor command you can see hive level and member level information On HiveAPs supporting 802 11n the channel width for hive communications 20 or 40 M...

Page 190: ...is command HiveAP 1 HiveAP 2 show roaming cache Roaming Cache Table UID User profile group ID PMK Pairwise Master Key TLC PMK Time Left in Cache Life PMK Life A authenticated L CWP Logged In Roaming for this HiveAP enabled Maximum Caching Time 3600 seconds Caching update interval 60 seconds Caching update times 60 Roaming hops 1 SSID employee Maximum Caching Time 3600 seconds Caching update interv...

Page 191: ...ke the following modifications to the hive set up in Deploying a Hive Configure settings for the RADIUS server on the HiveAPs Change the SSID parameters on the HiveAPs and wireless clients to use IEEE 802 1X The basic network design is shown in Figure 3 Figure 3 Hive and 802 1X authentication Wireless Network 1 Switch Firewall Internet DHCP Server Wireless Network 2 Wireless Network 3 Wired Hive B...

Page 192: ...e HiveAP 1 as an access device on the RADIUS server in step 4 exit Step 3 Configure HiveAP 2 and HiveAP 3 1 Log in to HiveAP 2 through its console port 2 Configure HiveAP 2 with the same commands that you used for HiveAP 1 aaa radius server first 10 1 1 10 shared secret s3cr3741n4bl0X ssid employee security protocol suite wpa auto 8021x save config 3 Enter the show interface mgt0 command to learn ...

Page 193: ...ticate as computer when computer information is available clear Authenticate as guest when user or computer information is unavailable clear Validate server certificate clear Select Authentication Method Secured password EAP MSCHAP v2 Automatically use my WIndows logon name and password and domain if any clear 2 View the available SSIDs in the area and select employee 3 Click Connect 4 When the pr...

Page 194: ...e authenticate themselves through IEEE 802 1X to a RADIUS server and access the network Note You can also enter the following commands to check the association status of a wireless client show auth show roaming cache and show roaming cache mac mac_addr Check that the MAC and IP addresses in the table match those of the wireless client Check that the authentication and encryption modes match those ...

Page 195: ...erence these traffic to class mappings You bind the profiles to the wifi0 1 and eth0 interfaces so that hive members map the traffic matching these profiles that arrives at these interfaces to the proper Aerohive classes You next define a QoS policy that defines how the hive members prioritize and process the traffic mapped to Aerohive classes 6 5 and 3 The QoS policy named voice is shown in Figur...

Page 196: ...without queuing it Voice qos policy voice qos 5 wrr 20000 90 Because streaming media class 5 needs more bandwidth than voice does the policy defines a higher forwarding rate for it 20 000 Kbps It sorts streaming media into forwarding queues using the WRR weighted round robin mechanism It also prioritizes streaming media by assigning a higher weight 90 than it assigns data traffic class 3 60 class ...

Page 197: ... By doing so you can prioritize e mail traffic above other types of traffic that the HiveAP assigns to class 2 by default 3 Map services to Aerohive classes qos classifier map service mms qos 5 qos classifier map service smtp qos 3 qos classifier map service pop3 qos 3 Unless you map a specific service to an Aerohive QoS class a HiveAP maps all traffic to class 2 In this example you prioritize voi...

Page 198: ...veAPs supporting 802 11n data rates the default user profile rate is 20 000 Kbps for class 6 traffic so you change it to 512 Kbps For classes 5 and 3 you limit the rate of traffic and set WRR weighted round robin weights so that the HiveAP can control how to put the rate limited traffic into forwarding queues You use the default settings for class 2 traffic When you enter any one of the above comm...

Page 199: ...es the maximum amount for any single user The user rate can be equal to but not greater than the user profile rate Note The maximums shown here are for HiveAPs that support 802 11n data rates For other HiveAPs the maximum rates are 54 000 Kbps show qos policy voice Policy name voice user rate limit 1000000kbps User profile rate 1000000kbps user profile weight 10 Class 0 mode wrr weight 10 limit 10...

Page 200: ...ier profile employee voice mac qos classifier profile employee voice service qos classifier profile eth0 voice mac qos classifier profile eth0 voice service ssid employee qos classifier employee voice interface eth0 qos classifier eth0 voice For HiveAPs supporting IEEE 802 11a b g qos policy voice qos 5 wrr 20000 90 qos policy voice qos 3 wrr 54000 60 For HiveAPs supporting IEEE 802 11a b g n qos ...

Page 201: ...nfigs fail to load on a HiveAP acting as a mesh point in a hard to reach location such as a ceiling crawlspace the HiveAP would revert to the default config Because a mesh point needs to join a hive before it can access the network and the default config does not contain the hive settings that the mesh point needs to join the hive an administrator would need to crawl to the device to make a consol...

Page 202: ...in network connectivity By default mgt0 is a DHCP client You leave the eth0 interface up so that Hive 1 and Hive 2 can retain an open path to the wired network However with the two interfaces in access mode wifi0 and wifi0 1 in the down state none of the HiveAPs will be able provide network access to any wireless clients Wireless clients cannot form associations through wifi1 1 nor can a computer ...

Page 203: ...he current config is the same as your previous current config show config current 5 Save the file as bootstrap hive1 txt to the root directory of your TFTP server running on your management system at 10 1 1 31 an address received by the same DHCP server and in the same subnet as the HiveAP addresses save config bootstrap tftp 10 1 1 31 bootstrap hive1 txt Step 3 Load the bootstrap config file on H...

Page 204: ...on the single HiveAP in Deploying a Single HiveAP on page 182 ssid employee ssid employee security protocol suite wpa auto psk ascii key N38bu7Adr0n3 interface wifi0 1 ssid employee save config Commands for Example 2 Enter the following commands to configure three HiveAPs as members of hive1 in Deploying a Hive on page 185 HiveAP 1 hive hive1 hive hive1 password s1r70ckH07m3s interface mgt0 hive h...

Page 205: ...configure the hive members to support IEEE 802 1X authentication in Using IEEE 802 1X Authentication on page 190 HiveAP 1 aaa radius server first 10 1 1 10 shared secret s3cr3741n4bl0X ssid employee security protocol suite wpa auto 8021x save config HiveAP 2 aaa radius server first 10 1 1 10 shared secret s3cr3741n4bl0X ssid employee security protocol suite wpa auto 8021x save config HiveAP 3 aaa ...

Page 206: ... classifier profile eth0 voice mac qos classifier profile eth0 voice service ssid employee qos classifier employee voice interface eth0 qos classifier eth0 voice For HiveAPs supporting IEEE 802 11a b g qos policy voice qos 5 wrr 20000 90 qos policy voice qos 3 wrr 54000 60 For HiveAPs supporting IEEE 802 11a b g n qos policy voice qos 6 strict 512 0 qos policy voice qos 5 wrr 20000 90 qos policy v...

Page 207: ...3 qos classifier map oui 00 12 3b qos 6 service mms tcp 1755 service smtp tcp 25 service pop3 tcp 110 qos classifier map service mms qos 5 qos classifier map service smtp qos 3 qos classifier map service pop3 qos 3 qos classifier profile employee voice mac qos classifier profile employee voice service qos classifier profile eth0 voice mac qos classifier profile eth0 voice service ssid employee qos...

Page 208: ...otstrap security txt admin root admin Cwb12o11siNIm8vhD2hs password 8wDamKC1Lo53Ku71 hive hive1 hive hive1 password s1r70ckH07m3s interface mgt0 hive hive1 HiveAP 1 save config tftp 10 1 1 31 bootstrap security txt bootstrap show config bootstrap HiveAP 2 save config tftp 10 1 1 31 bootstrap security txt bootstrap show config bootstrap HiveAP 3 save config tftp 10 1 1 31 bootstrap meshpoint txt bo...

Page 209: ...Chapter 14 Deployment Examples CLI 208 Aerohive ...

Page 210: ...24 65535 53 Required for captive web portal functionality GRE HiveAP mgt0 interface HiveAP mgt0 interface 47 GRE N A N A Required to support DNX and layer 3 roaming between members of different hives HTTP unregistered wireless client HiveAP wifi subinterface in access mode 6 TCP 1024 65535 80 Required for captive web portal functionality HTTPS unregistered wireless client HiveAP wifi subinterface ...

Page 211: ...buted HiveOS image download HiveAP mgt0 interface HiveAP mgt0 interface 6 TCP 1024 65535 3007 Required for downloading a HiveOS image from HiveManager to one HiveAP and from there to all others Iperf mgt0 interface on Iperf client mgt0 interface on Iperf server 6 TCP 1024 65535 5001 This is the default destination port number You can change it to a different port number from 1 to 65535 Required fo...

Page 212: ...used for uploading image files for maps to HiveManager Online HTTP management system HiveManager MGT port 6 TCP 1024 65535 8080 Redirected to HTTPS 8443 when accessing the HiveManager GUI used for uploading image files for maps to HiveManager HTTPS management system HiveManager MGT port 6 TCP 1024 65535 443 Redirected to HTTPS 8443 when accessing the HiveManager GUI and loading image files for cap...

Page 213: ...d network access to the HiveAP CLI TFTP TFTP server or mgt0 HiveAP mgt0 or TFTP server 17 UDP 1024 65535 69 Used for uploading files to HiveAPs and downloading files from them This is the default port number You can change it to a different port number from 1024 to 65535 Service Source Destination Protocol SRC Port DST Port Notes ...

Page 214: ...s available for the country code that you have set on the HiveAP enter the following command show interface wifi0 wifi1 channel For example the output for the show interface wifi0 channel command on a HiveAP whose region code is FCC and country code is 840 United States shows that channels 1 through 11 are available If a channel does not appear in this list you cannot configure the radio to use it...

Page 215: ...an10 J10 4010 Japan11 J11 4011 Japan12 J12 4012 Japan13 J13 4013 Japan14 J14 4014 Japan15 J15 4015 Japan16 J16 4016 Japan17 J17 4017 Japan18 J18 4018 Japan19 J19 4019 Japan20 J20 4020 Japan21 J21 4021 Japan22 J22 4022 Japan23 J23 4023 Japan24 J24 4024 Jordan 400 Kazakhstan 398 Kenya 404 Korea North Korea 408 Korea South Korea ROC 410 Korea South Korea ROC2 411 Korea South Korea ROC3 412 Kuwait 414...

Page 216: ...ico 630 Qatar 634 Romania 642 Russia 643 Saudi Arabia 682 Singapore 702 Slovakia Slovak Republic 703 Slovenia 705 South Africa 710 Spain 724 Sri Lanka 144 Sweden 752 Switzerland 756 Syria 760 Taiwan 158 Thailand 764 Trinidad y Tobago 780 Tunisia 788 Turkey 792 U A E 784 Ukraine 804 United Kingdom 826 United States 840 United States Public Safety FCC49 842 Uruguay 858 Uzbekistan 860 Venezuela 862 V...

Page 217: ...Appenidix A Country Codes 216 Aerohive ...

Page 218: ... HiveManager CLI admin system requirements 181 admins creating 175 common commands 174 default user profile 174 disabling the reset button 179 layer 2 and 3 forwarding 175 logging 175 QoS settings 176 radio profiles 174 resetting the configuration 29 51 73 83 179 updating HiveAP country codes 183 uploading a configuration file 179 user profiles 176 clock synchronization 118 configuration file type...

Page 219: ...gement 131 changing HiveAP login credentials 135 classifier tags 146 170 172 CLI shell 109 cloning configuration objects 116 complete configuration uploads 137 configuration workflow 118 connecting HiveAPs to HiveManager 129 133 console 90 92 94 109 default IP addresses 109 default login credentials 111 delta configuration uploads 137 device level configuration objects 118 environmental specificat...

Page 220: ...P 118 210 211 P PoE 129 smart PoE 53 portals 121 129 137 private PSK 165 169 groups of users 165 overview 165 SSID 168 user groups 167 user profiles 166 PSK 124 Q QoS applying QoS CLI 194 200 classifier maps 196 classifier profiles 196 data traffic 194 policing rate limit 162 rate limiting 158 scheduling weight 162 streaming media 194 strict forwarding 194 voice traffic 194 WRR weighted round robi...

Page 221: ...user groups attribute number 167 manually created private PSK users 167 reauth time 167 VLAN ID 167 User Manager 156 161 user profiles attribute number 146 161 creating 161 default user profile 174 V VLAN 21 146 classified VLAN object definitions HiveManager 171 default VLAN 174 mgt0 interface CLI 175 native VLAN 174 user profiles CLI 175 W WEEE compliance 3 Wi Fi certification 3 WLAN deployment a...

Reviews: