Aerohive HiveAP 20 ag Скачать руководство пользователя страница 79 | Manualshive

Страница: 79 / 90

background image

Deployment Guide

79

Step 1

Define the RADIUS server on the HiveAP-1

Configure the settings for the RADIUS server (IP address and shared secret) on HiveAP-1.

aaa radius-server first 10.1.1.10 shared-secret s3cr3741n4bl0X

The IP address of the RADIUS server is 10.1.1.10, and the shared secret that HiveAP-1 and the RADIUS
server use to authenticate each other is "s3cr3741n4b10X". You must also enter the same shared secret
on the RADIUS server when you define the HiveAPs as access devices (see step 5).

Step 2

Change the SSID on HiveAP-1

1. Change the authentication method in the SSID.

ssid employee security protocol-suite wpa-auto-8021x

save config

The protocol suite requires WPA (Wi-Fi Protected Access) or WPA2 security protocol for authentication
and key management, AES or TKIP encryption, and user authentication through IEEE 802.1X.

2. Enter the

show interface mgt0

command and note the dynamically assigned IP address of the mgt0

interface. You need to know this address to define HiveAP-1 as an access device on the RADIUS server in step 5.

exit

Step 3

Configure HiveAP-2 and HiveAP-3

1. Log in to HiveAP-2 through its console port.
2. Configure HiveAP-2 with the same commands that you used for HiveAP-1:

aaa radius-server first 10.1.1.10 shared-secret s3cr3741n4bl0X

ssid employee security protocol-suite wpa-auto-8021x

save config

3. Enter the

show interface mgt0

command to learn its IP address. You need this address for step 5.

exit

4. Log in to HiveAP-3 and enter the same commands.

Step 4

Modify the SSID on the wireless clients

Modify the "employee" SSID on all the wireless clients in wireless network-2 and -3. Specify WPA or WPA2 for network
authentication, AES or TKIP for data encryption, and PEAP (Protected EAP) for user authentication.

Note:

This example assumes that the RADIUS and AD servers were previously configured and populated with user
accounts that have been in use on a wired network (not shown). The only additional configuration on these
servers is to enable the RADIUS server to accept authentication requests from the HiveAPs.

Note:

Although all HiveAPs in this example use the same shared secret, they can also use different secrets.

«
...
77
78
79
80
81
...
»

Содержание HiveAP 20 ag

Страница 1: ...Aerohive Deployment Guide...

Страница 2: ...marks and registered trademarks are the property of their respective companies Information in this document is subject to change without notice No part of this document may be reproduced or transmitte...

Страница 3: ...pareils Num riques NMB 003 dict e par l Industrie EC Conformance Declaration Marking by the above symbol indicates compliance with the Essential Requirements of the R TTE Directive of the European Uni...

Страница 4: ...z Channels in Each European Community Country Allowed Frequency Bands Allowed Channel Numbers Countries 5 15 5 25 GHz 36 40 44 48 Austria Belgium 5 15 5 35 GHz 36 40 44 48 52 56 60 64 France Switzerla...

Страница 5: ...r SELV Bedingungen betrieben werden Power Cord Set U S A and Canada The cord set must be UL approved and CSA certified Minimum specifications for the flexible cord No 18 AWG not longer than 2 meters o...

Страница 6: ...HiveAP Compliance Information 6 Aerohive...

Страница 7: ...nager 23 Installing and Connecting to the HiveManager GUI 25 Introduction the the HiveManager GUI 28 Detaching Windows 29 Cloning Configurations 29 Sorting Displayed Data 30 Multiselecting 30 HiveMana...

Страница 8: ...iveOS 65 Common Default Settings and Commands 66 Configuration Overview 67 Device Level Configurations 67 Policy Level Configurations 68 Chapter 6 Deployment Examples CLI 69 Example 1 Deploying a Sing...

Страница 9: ...ibuted control WLAN solution that offers greater mobility security quality of service and radio control This guide combines product information with installation instructions This chapter covers the f...

Страница 10: ...operate at either of the two radio frequencies 2 4 GHz for IEEE 802 11b g and 5 GHz for IEEE 802 11a For details see Antennas on page 14 Status LEDs The status LEDs convey operational states for syste...

Страница 11: ...justs for 802 3af Alternative A and B methods of PoE Reset Button The reset button allows you to reboot the device or reset the HiveAP to its factory default settings Insert a paper clip or something...

Страница 12: ...able with an RJ 45 Connector 802 3af Alternative A Data and Power on the Same Wires 802 3af Alternative B Data and Power on Separate Wires Pin Data Signal MDI MDI X MDI or MDI X 1 Transmit DC DC 2 Tra...

Страница 13: ...ined below Power Dark No power Steady green Powered on and the firmware is running normally Steady amber Firmware is booting up or is being updated Blinking amber Alarm indicating firmware failure LAN...

Страница 14: ...ional Radiation Pattern The pair of fixed dual band antennas can operate at different frequencies concurrently one antenna at 2 4 GHz IEEE 802 11b g and the other at 5 GHz IEEE 802 11a and they can al...

Страница 15: ...command If you do not enter this command the subinterface uses the remaining fixed antenna that remains connected to radio 2 the external antenna only disables the adjacent fixed antenna MOUNTING THE...

Страница 16: ...x 2 5 cm H x 12 5 cm D Weight 1 5 lb 0 68 kg Antennas Two fixed dual band 802 11a b g antennas and two RP SMA connectors for detachable single band 802 11a or 802 11b g antennas Serial port DB 9 bits...

Страница 17: ...llations of HiveAPs Template based configurations that simplify the deployment of large numbers of HiveAPs Scheduled firmware upgrades on HiveAPs by location Exportation of detailed information on Hiv...

Страница 18: ...make a console connection using an RS 232 or null modem cable The pin assignments are the same as those on the HiveAP see Ethernet and Console Ports on page 12 The management station from which you m...

Страница 19: ...ptimum operating temperature Be sure that air flow through the system fan vents is not obstructed Serial Number The serial number AC Power Inlet The three prong AC power inlet is a C14 chassis plug th...

Страница 20: ...follows Bits per second 9600 Data bits 8 Parity none Stop bits 1 Flow control none Status LEDs The two status LEDs on the front of the HiveManager indicate various states of activity through their co...

Страница 21: ...ending on the layout of your equipment rack you might need to mount the HiveManager in reverse To do that move the brackets to the left and right sides near the rear before mounting it Figure 5 Mounti...

Страница 22: ...H x 15 13 16 D 42 7 cm W x 4 4 cm H x 40 2 cm D Weight 13 75 lb 6 24 kg Serial port male DB 9 RS 232 port bits per second 9600 data bits 8 parity none stop bits 1 flow control none USB port standard T...

Страница 23: ...roaming and automatic RF radio frequency management On the management plane the HiveManager provides centralized configuration monitoring and reporting of multiple HiveAPs These three planes are shown...

Страница 24: ...the HiveManager GUI including a summary of the configuration workflow Finally the chapter concludes with the procedures for updating HiveAP firmware and HiveManager software The sections are as follow...

Страница 25: ...able to connect the HiveManager to the network you must first set the IP address netmask of its MGT interface so that it is in the subnet to which you plan to cable it To do this you can use the star...

Страница 26: ...traffic Both the HiveManager and HiveAP management traffic would need to flow on the operational network because the MGT interface would need to be on that network so that the HiveManager could commun...

Страница 27: ...owser window might appear blank for several seconds at the start This is normal After a few seconds a download status bar appears onscreen that allows you to monitor the progress of the download and i...

Страница 28: ...nfigurations to multiple HiveAPs at once A brief overview of this functionality is presented in the following sections Main Window This is the primary window in which you set and view various paramete...

Страница 29: ...Window Cloning Configurations When you need to configure multiple similar objects you can save time by configuring just the first object cloning it and then making slight modifications to the subseque...

Страница 30: ...to make the same modifications to all of them at one time Figure 8 Selecting Two User Profiles to Change the Comment By default displayed objects are sorted alphabetically by name By clicking the head...

Страница 31: ...ain and is enabled by default on all HiveAPs If the HiveAPs and HiveManager are in different subnets then you must configure the DHCP server to include option 225 in its responses to DHCPDISCOVER and...

Страница 32: ...e file If the file is in the root directory of the TFTP server you can leave this field empty Image Name Type the name of the HiveOS image file 5 Click HiveAP Management Managed HiveAPs 6 In the Manag...

Страница 33: ...ype the directory path and software file name or click Browse navigate to the software file and select it 2 Click OK to save the new software and reboot the HiveManager later or Reset to reboot the Hi...

Страница 34: ...server the default port number for TFTP is 69 Image Path Enter the path to the HiveOS image file If the file is in the root directory of the TFTP server you can leave this field empty Image Name Type...

Страница 35: ...s The general design of the deployment is shown in Figure 1 Figure 1 Deployment Overview You can look at any of the following examples individually to study how to configure a specific feature or view...

Страница 36: ...e 49 Define sets of authentication and encryption services that wireless clients and HiveAPs use when communicating with each other Example 5 Setting Management Service Parameters on page 52 Configure...

Страница 37: ...r GUI you create a png file showing the three buildings HQ B1 HQ B2 and Branch 1 By using this drawing at the top level you can display icons for each floor of each building You can then click an icon...

Страница 38: ...level names Default Icon floor Default Map Click Browse select corp_offices png and then click Select Level 2 Level Name HQ B1 F1 Note that spaces are not allowed in map level names Default Icon floo...

Страница 39: ...lect the icon drag it to the position where you want it to be and then click Save After adding the CorpOffices map really an illustration showing three buildings two floor plans for the first and seco...

Страница 40: ...format and string2 is the name of the map snmp location string1 string2 For example if you install a HiveAP in the northwest corner on the first floor of building 1 enter snmp location northwest_corn...

Страница 41: ...e 000120 to be able to distinguish it from other HiveAPs later 1 Make copies of the maps you uploaded to the HiveManager label them and take them with you when installing the HiveAPs 2 When you instal...

Страница 42: ...o that they can prioritize it see Example 3 Defining User Profiles and QoS Settings on page 45 You also define a MAC filter using the same OUI for use when configuring an SSID to which you only want V...

Страница 43: ...ss 6 Although all these services are critical for IP telephony to function properly voice traffic is the least resistant to delay and TFTP and HTTP file downloads are the most resistant Therefore you...

Страница 44: ...n Permit Map to Class 2 Best Effort 1 Comment For phone file downloads Logging Select the check box to enable the logging of traffic classified to this class Clear the check box to disable logging 9 T...

Страница 45: ...and visiting guests The user profile settings maximum traffic forwarding rates and the WRR weighted round robin weights for each user profile is shown in Figure 7 Figure 7 User Profiles and their For...

Страница 46: ...The weight defines a preference for forwarding traffic It does not specify a percentage or an amount Its value is relative to other weights However you can see an automatically calculated percentage...

Страница 47: ...ile 1 Click HiveAP Configuration QoS Policies User Profiles IT Clone button The Clone User Profile dialog box appears 2 In the Profile Name field type Emp and then click OK The Emp User Profile dialog...

Страница 48: ...bandwidth that all users belonging to this profile can use This setting provides guests with a basic amount of available traffic Entire User Profile Weight 5 Because wireless access for guests is main...

Страница 49: ...n method CCMP AES Authentication method EAP 802 1X Employees use the RADIUS server specified in Setting AAA RADIUS Settings on page 55 to authenticate themselves using IEEE 802 1X guest Key method Aut...

Страница 50: ...sts can only associate with the guest SSID because that is the only one the receptionist tells them about when they arrive voip SSID 1 Click HiveAP Configuration SSID Profiles Add button The New SSID...

Страница 51: ...is is read only because the key management choice requires this authentication method guest SSID 1 Click HiveAP Configuration SSID Profiles Add button The New SSID Profile dialog box appears 2 On the...

Страница 52: ...agement services set hq you define parameters for the following services Two DNS Domain Name Service servers one primary and one secondary DNS server both at headquarters One syslog server and one SNM...

Страница 53: ...e critical the HiveAP sends the syslog server all messages whose severity level is critical alert or emergency If you choose emergency the HiveAPs send only emergency level messages Comment Type a use...

Страница 54: ...tem clock with the server The default interval is 1440 minutes once a day The possible range is from 60 minutes once an hour to 10 080 minutes once a week NTP Server Configuration Click Add enter the...

Страница 55: ...Process 1 Click HiveAP Configuration AAA RADIUS Add button The New RADIUS Profile dialog box appears 2 Enter the following RADIUS Configuration Name auth 1 You cannot use spaces in the RADIUS profile...

Страница 56: ...ialog box click OK RADIUS Server Attributes On the two RADIUS servers also referred to as RADIUS home servers define the HiveAPs as RADIUS clients 1 Also configure the following attributes for the rea...

Страница 57: ...ations are more appropriately applied to smaller sets of devices or at the individual device level itself In this example you create device group hq1 for the corporate headquarters and add user group...

Страница 58: ...ed to a different radio operating in separate frequency bands Radio 1 supports IEEE 802 11b g and operates in the 2 4 GHz band and radio 2 supports IEEE 802 11a and operates in the 5 GHz band This is...

Страница 59: ...Bind Radio Mode 11b g 13 Click in the empty User Profile cell to activate the drop down list choose Guests select Default set the VLAN ID as 3 and then click OK The New SSID User Profile VLAN Mapping...

Страница 60: ...racters If the string has any blank spaces enclose the entire string within double quotation marks for example password string Hive2 1 Click HiveAP Configuration Hive Profiles Hive1 Clone button The C...

Страница 61: ...re 13 Figure 13 Assigning Device Settings to HiveAPs In addition to assigning device settings to the HiveAPs you also change their login settings Finally you update the HiveAPs with the new configurat...

Страница 62: ...In the HiveAP dialog box click the General tab and then enter the following Device Group Choose the device group that you want to assign to the selected HiveAPs In this example there are two device gr...

Страница 63: ...selected HiveAPs The password can be any alphanumeric string from 5 to 8 characters Confirm Password To confirm the accuracy of the password enter it again The HiveManager sends the new login setting...

Страница 64: ...Chapter 4 HiveManager Examples 64 Aerohive...

Страница 65: ...n provide the following services that autonomous APs cannot Consistent QoS quality of service policy enforcement across all hive members Coordinated and predictive wireless access control that provide...

Страница 66: ...mode access backhaul wifi0 radio profile radio_g0 wifi1 radio profile radio_a0 To change the radio profile of the wifi0 or wifi1 interface to a different previously defined profile interface wifi0 wi...

Страница 67: ...he management of a HiveAP and its connectivity to wireless clients the wired network and other hive members The following list contains some key areas of device level configurations and relevant comma...

Страница 68: ...ation authorization and accounting settings for IEEE 802 1X authentication aaa radius server While the configuration of most HiveOS features involves one or more related commands to define and apply a...

Страница 69: ...hem sequentially Doing so will help build an understanding of the fundamentals involved in configuring HiveAPs If you want to view just the CLI commands used in the examples see CLI Commands for Examp...

Страница 70: ...twork Step 1 Log in through the console port 1 Connect the power cable from the DC power connector on the HiveAP to the AC DC power adaptor that ships with the device as an option and connect that to...

Страница 71: ...ne its protocol suite and preshared key N38bu7Adr0n3 in standard ASCII American Standard Code for Information Interchange text interface wifi0 1 ssid employee You assign the SSID to the subinterface w...

Страница 72: ...led POE for Power over Ethernet on the chassis automatically receives its IP address through DHCP Dynamic Host Configuration Protocol Step 5 Check that clients can form associations and access the net...

Страница 73: ...HiveAP 1 and 2 over a wireless link see Figure 2 Figure 2 Three HiveAPs in a Hive Note The security protocol suite for hive communications is WPA AES psk Note If all hive members can communicate over...

Страница 74: ...ement for QoS Quality of Service and security hive hive1 password s1r70ckH07m3s You define the password that hive members use to derive the preshared key for securing backhaul communications with each...

Страница 75: ...2 to send backhaul communications to each other wirelessly as a backup path in case either member loses its wired connection to the network 2 Connect an Ethernet cable from the PoE port on HiveAP 2 to...

Страница 76: ...Chapter 6 Deployment Examples CLI 76 Aerohive 6 Check that HiveAP 3 has associated with the other members at the wireless level...

Страница 77: ...ty with each other associate a client in wireless network 1 with HiveAP 1 the SSID employee is already defined on clients in wireless network 1 see Deploying a Single HiveAP Then check if HiveAP 1 for...

Страница 78: ...the following modifications to the hive set up in Deploying a Hive Configure settings for the RADIUS server on the HiveAPs Change the SSID parameters on the HiveAPs and wireless clients to use IEEE 8...

Страница 79: ...define HiveAP 1 as an access device on the RADIUS server in step 5 exit Step 3 Configure HiveAP 2 and HiveAP 3 1 Log in to HiveAP 2 through its console port 2 Configure HiveAP 2 with the same commands...

Страница 80: ...on and connect to the employee SSID Then contact a network resource such as a web server 2 Log in to the HiveAP CLI and check that you can see the MAC address or the associated client and an indicatio...

Страница 81: ...Protocol version 3 on TCP port 110 Then you create classifier profiles that reference these traffic to class mappings You bind the profiles to the wifi0 1 and eth0 interfaces so that hive members map...

Страница 82: ...dicate the user group to which the hive members then assign users Note The HiveAP assigns all traffic that you do not specifically map to an Aerohive class to class 2 which by default uses WRR with a...

Страница 83: ...ou can prioritize e mail traffic above other types of traffic that the HiveAP assigns to class 2 by default 3 Map services to Aerohive classes qos classifier map service mms qos 5 qos classifier map s...

Страница 84: ...fic When you enter any one of the above commands the HiveAP automatically sets the maximum bandwidth for all members of the user group to which you later apply this policy and the bandwidth for any in...

Страница 85: ...ing to the user profile employee net with group ID 2 On the RADIUS server you must configure group ID 2 as one of the RADIUS attributes that the RADIUS server returns when authenticating users see ste...

Страница 86: ...ve config exit 3 Log in to HiveAP 3 and enter the same commands Step 5 Configure RADIUS server attributes 1 Log in to the RADIUS server and define the three HiveAPs as RADIUS clients 2 Configure the f...

Страница 87: ...on page 70 ssid employee ssid employee security protocol suite wpa auto psk ascii key N38bu7Adr0n3 interface wifi0 1 ssid employee save config Commands for Example 2 Enter the following commands to c...

Страница 88: ...nfigure the hive members to support IEEE 802 1X authentication in Using IEEE 802 1X Authentication on page 78 HiveAP 1 aaa radius server first 10 1 1 10 shared secret s3cr3741n4bl0X ssid employee secu...

Страница 89: ...s classifier profile wifi0 1 voice service qos classifier profile eth0 voice mac qos classifier profile eth0 voice service interface wifi0 1 qos classifier wifi0 1 voice interface eth0 qos classifier...

Страница 90: ...vice mms tcp 1755 service smtp tcp 25 service pop3 tcp 110 qos classifier map service mms qos 5 qos classifier map service smtp qos 3 qos classifier map service pop3 qos 3 qos classifier profile wifi0...

Отзывы:

Нет отзывов

Похожие инструкции для HiveAP 20 ag

Бренд: D-Link Страницы: 61

Бренд: Lanpro Страницы: 34

Бренд: Vyyo Inc. Страницы: 59

Бренд: HPE Страницы: 4

Бренд: HPE Страницы: 4

PowerBeam AC PBE-5AC-620

Бренд: Ubiquiti Страницы: 28

Бренд: H3C Страницы: 36

Бренд: Sapido Страницы: 84

Бренд: Ebyte Страницы: 22

Бренд: Browan Страницы: 75

Бренд: Browan Страницы: 75

Бренд: D-Link Страницы: 18

Бренд: Juniper Страницы: 12

Бренд: Atag Страницы: 16

Бренд: ICC Страницы: 125

Бренд: Laird Страницы: 13

Бренд: Baicells Страницы: 86

Бренд: Olive Страницы: 47

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды