Aerohive access point Deployment Manual
  1. Manuals
  2. Brands
  3. Aerohive Manuals
  4. Wireless Access Point
  5. access point
  6. Deployment manual

Aerohive access point Deployment Manual

Hiveap series wireless access point
Hide thumbs
Table of Contents

Advertisement

Quick Links

Aerohive Deployment Guide

Advertisement

Table of Contents
loading

Related Manuals for Aerohive access point

Summary of Contents for Aerohive access point

  • Page 1 Aerohive Deployment Guide...
  • Page 2 Copyright Notice Copyright © 2010 Aerohive Networks, Inc. All rights reserved. Aerohive Networks, the Aerohive Networks logo, HiveOS, HiveAP, and HiveManager are trademarks of Aerohive Networks, Inc. All other trademarks and registered trademarks are the property of their respective companies.

  • Page 3: Industry Canada

    Selection) to detect radar activity and switch channels automatically to avoid interfering with radar operations. For the ETSI region, the HiveAP Aerohive products that show an FCC identifier on the product label 300 series is certified for the latest ETSI EN 301 893 v1.5.1 DFS (FCC ID: WBV-<model_name>) comply with part 15 of the FCC Rules...

  • Page 4: Ec Conformance Declaration

    – In Russia, you can only use the 5.15 to 5.35 GHz band at 100 mW (20 dBm) indoors, in closed industrial and warehouse At end of life, customers are requested to contact Aerohive to make areas, and on board aircraft for local network and crew arrangements for WEEE collection of their products.
  • Page 5 ("SCHUKO"). 1999/5/CE. The mains cord must be <HAR> or <BASEC> marked and Spanish Por medio de la presente Aerohive declara que el be of type HO3VVF3GO.75 (minimum). Radio LAN device cumple con los requisitos esenciales cualesquiera...
  • Page 6 • Der Gerätestecker (der Anschluß an das Gerät, nicht der Wandsteckdosenstecker) muß einen gemäß EN 60320/IEC 320 Installation of Aerohive equipment must comply with local and national konfigurierten Geräteeingang haben. electrical codes and with other regulations governing this type of installation.
  • Page 7 HiveAP Compliance Information Aerohive...

  • Page 8: Table Of Contents

    New WLAN Deployment ..............15 Site Surveys ................16 Budgeting Wi-Fi: The Chicken and Egg Problem........17 Planning Tools................. 17 Associated Access Point Costs ............18 Bandwidth Assumptions for Wi-Fi............18 Overcoming Physical Impediments ............. 19 Preparing the Wired Network for Wireless ..........21 Operational Considerations ............22...
  • Page 9 HiveAP 320 Product Overview ............72 Ethernet and Console Ports.............. 74 Status LEDs ................. 74 Antennas..................75 Mounting the HiveAP 320 ............76 Ceiling Mount ................76 Locking the HiveAP 320 .............. 77 Surface Mount ................78 Device, Power, and Environmental Specifications ......79 Aerohive...
  • Page 10 Chapter 6 HiveAP 100 Series Platforms............. 81 HiveAP 110 and 120 Product Overview ..........82 Ethernet Port ................83 Status Indicator................84 Antennas..................84 Mounting a HiveAP 100 Series Device..........85 Ceiling Mount ................85 Locking the HiveAP ..............87 Surface Mount ................87 Device, Power, and Environmental Specifications ......88 Chapter 7 The HiveManager Platform ............
  • Page 11 Captive Web Portal with External DHCP and DNS Servers....152 Captive Web Portal with Internal DHCP and DNS Servers ....154 Modifying Captive Web Portal Pages ..........155 Configuring a Captive Web Portal ............ 158 Example 4: Private PSKs ............165 Example 5: Using HiveAP Classifiers ..........170 Aerohive...
  • Page 12 Chapter 13 HiveOS ................173 Common Default Settings and Commands ........174 Configuration Overview............175 Device-Level Configurations ............175 Policy-Level Configurations............176 HiveOS Configuration File Types ..........177 Chapter 14 Deployment Examples (CLI) ..........181 Example 1: Deploying a Single HiveAP .......... 182 Example 2: Deploying a Hive............
  • Page 13 Contents Aerohive...

  • Page 14: Chapter 1 Preparing For A Wlan Deployment

    Chapter 1 Preparing for a WLAN Deployment To ensure a smooth WLAN deployment, you need to begin with a bit of planning. A straightforward review of your deployment plan before you begin will result in optimal results more quickly. The goals of this chapter are to assist you in assessing your readiness for WLAN implementation and to provide tips and tricks to resolve any issues that might arise in your environment.

  • Page 15: Assessing Your Requirements

    "thin" AP, most of the intelligence has been removed and replaced in a centralized WAN controller. An upgrade from fat APs to Aerohive HiveAPs is very natural. Generally, with fat APs you simply need to unplug the existing ones and plug in the new HiveAPs and provision them.

  • Page 16: New Wlan Deployment

    Conversely, if it is a warehouse with a low client density of mostly barcode scanners, a lower access point density might be suitable. Finally it is important to consider voice, or the future use of voice. If some or all people will use VoWLAN (Voice over WLAN) devices, that can affect how many users each access point can accommodate.

  • Page 17: Site Surveys

    In a site survey, the administrator walks around the facility with a site survey tool to measure the RF (radio frequency) coverage of a test access point or the existing WLAN infrastructure. Whether or not you decide to do a site survey for your enterprise depends on the cost of the survey and the complexity of the environment.

  • Page 18: Budgeting Wi-Fi: The Chicken And Egg Problem

    With the addition of voice, the client density substantially increases, requiring you to plan for an average of 5 to 10 data clients and 5 to 10 voice clients for each access point. Remember that voice clients consume virtually zero bandwidth when they are not on a call. However, when they are on a call, it is imperative that the traffic goes through.

  • Page 19: Associated Access Point Costs

    RF signal can travel (coverage), but how to deliver enough bandwidth to meet the demands of business applications (capacity). In other words, you might be able to cover an office of 50 people with one access point, but if all 50 people choose to access it at the same time, it might become overloaded.

  • Page 20: Overcoming Physical Impediments

    (such as tinsel or a stack of soda cans on an end cap). Additionally, metal shelves and high ceilings can be challenges to propagation. To resolve with these issues, it is wise to put at least one access point per aisle to ensure coverage for that aisle.
  • Page 21 Be aware of metal-lined firewalls, steel pillars, and other metallic surfaces. RF signals can reflect off metal surfaces, which can cause unexpected coverage patterns. Also watch out for objects that can block or reflect signals, such as mirrors, plants, walls, steel doors, elevator shafts, and bathroom stalls. Aerohive...

  • Page 22: Preparing The Wired Network For Wireless

    Preparing the Wired Network for Wireless One of the advantages of moving to an Aerohive WLAN is that you do not have to make changes to the underlying network, such as putting controllers into wiring closets. This can save you considerable time and effort during installation.

  • Page 23: Operational Considerations

    RF interference on your network. You should schedule and perform periodic walkthroughs to ensure that the design goals of the wireless network continue to be met. The Aerohive HiveManager provides quick views into how the network is behaving, which HiveAPs are the most heavily loaded, and which have the most clients.

  • Page 24: Basic Wi-Fi Concepts

    It also shows noise. In general, noise is considered to be low-level background RF signals that can interfere with a WLAN. This noise tends to be the garbled background RF that comes from everything from the sun and stars to man-made interfering devices like Bluetooth headsets.
  • Page 25 It allows them to place more access points in a tighter spot by using pre-existing walls and other impediments to Wi-Fi propagation to keep them from interfering with each other. Figure 4 Path loss through a wall Received Signal Wall Signal-to-Noise Ratio Noise Distance Aerohive...
  • Page 26 80211n rather than each being capable of 54- or 300-Mbps speeds independently. This essentially halves the bandwidth for each access point. To manage this situation, make sure that neighboring APs are on different channels and that their power is adjusted so that it does not overlap that of other APs with the same channel.
  • Page 27 The last topic to cover is the concept of multipath. When a client receives a transmission from an access point (or vice versa), the RF signal reaches the client first through a "direct path", but then shortly thereafter by the "indirect paths"...

  • Page 28: Chapter 2 The Hiveap 20 Ag Platform

    Chapter 2 The HiveAP 20 ag Platform The Aerohive HiveAP 20 ag is a new generation wireless access point. HiveAPs have the unique ability to self-organize and coordinate with each other, creating a distributed-control WLAN solution that offers greater mobility, security, quality of service, and radio control.

  • Page 29: Hiveap 20 Product Overview

    RODUCT VERVIEW The HiveAP 20 ag is a multi-channel wireless AP (access point). It is compatible with IEEE 802.11b/g (2.4 GHz) and IEEE 802.11a (5 GHz) standards and supports a variety of Wi-Fi (wireless fidelity) security protocols, including WPA (Wi-Fi Protected Access) and WPA2.
  • Page 30 Ethernet connection to PSE (power sourcing equipment) that is 802.3af-compatible, such as one of the PoE injectors available as an optional accessory from Aerohive. (If you connect the HiveAP to a power source through the power connector and PoE port simultaneously, the device draws power through the power connector and automatically disables PoE.)

  • Page 31: Ethernet And Console Ports

    RJ-45 Connector White/Orange end. Orange For cross-over Ethernet cables, the wires terminate at one end according White/Green to the T568A standard and at the Blue other according to T568B. White/Blue Green White/Brown Brown Aerohive...

  • Page 32: Status Leds

    AP 20 P RODUCT VERVIEW The pin assignments in the male DB-9 console port follow the EIA (Electronic Industries Alliance) RS-232 standard. To make a serial connection between your management system and the console port on the HiveAP, you can use a null modem serial cable, use another serial cable that complies with the RS-232 standard, or refer to the pin-to-signal mapping shown in Figure 3...

  • Page 33: Antennas

    If you connect an external antenna to an RP-SMA connector, you must enter the following command to move the appropriate interface from the adjacent fixed antenna to the external antenna: interface interface radio antenna external Aerohive...

  • Page 34: Mounting The Hiveap 20

    AP 20 OUNTING THE The wifi0 interface links to radio 1 (frequency range = 2.4 GHz for IEEE 802.11b/g), and the wifi1 interface links to radio 2 (frequency range = 5 GHz for IEEE 802.11a). These interface-to-radio relationships are permanent. However, the interface-to-antenna relationships can be shifted.

  • Page 35: Surface Mount

    HiveAP 20 into the two slots. Note: There are a variety of holes through which you can screw or nail the plate in place. Choose the two or three that best suit the object to which you are attaching it. Aerohive...

  • Page 36: Device, Power, And Environmental Specifications

    EVICE OWER NVIRONMENTAL PECIFICATIONS EVICE OWER NVIRONMENTAL PECIFICATIONS Understanding the range of specifications for the HiveAP 20 is necessary for optimal deployment and device operation. The following specifications describe the physical features and hardware components, the power adapter and PoE (Power over Ethernet) electrical requirements, and the temperature and humidity ranges in which the device can operate.
  • Page 37 Chapter 2 The HiveAP 20 ag Platform Aerohive...

  • Page 38: Chapter 3 The Hiveap 28 Outdoor Platform

    Chapter 3 The HiveAP 28 Outdoor Platform The Aerohive HiveAP 28 is a new generation wireless access point that is customized for outdoor use. It is mountable in any direction and on any hard surface, post, or wire strand. It can receive power either through an Ethernet cable or power cord.

  • Page 39: Hiveap 28 Product Overview

    RODUCT VERVIEW The HiveAP 28 is a multi-channel wireless AP (access point) for outdoor use. It is compatible with IEEE 802.11b/g (2.4 GHz) and IEEE 802.11a (5 GHz) standards and supports a variety of Wi-Fi (wireless fidelity) security protocols, including WPA (Wi-Fi Protected Access) and WPA2.

  • Page 40: Ethernet Port

    Ethernet connection to PSE (power sourcing equipment) that is 802.3af-compatible, such as one of the PoE injectors available as an optional accessory from Aerohive. (If you connect the HiveAP to a power source through the power connector and PoE port simultaneously, the device draws power through the power connector and automatically disables PoE.)

  • Page 41: Power Connector

    Power Connector The HiveAP 28 can receive power through an Ethernet cable using PoE or through a power cord. Aerohive recommends using either PoE or wiring the power cord directly to a 100 – 240-volt AC power source. Only plug the power cord into an electric outlet when configuring the device before deployment or when testing it in the lab.

  • Page 42: Antennas

    AP 28 P RODUCT VERVIEW Antennas The HiveAP 28 includes two detachable single-band antennas with 8dBi gains (802.11b/g) and two detachable single-band antennas with 10dBi gains (802.11a). These antennas are omnidirectional, providing fairly equal coverage in all directions in a toroidal (donut-shaped) pattern around each antenna. When the antennas are vertically positioned, coverage expands primarily on the horizontal plane, extending horizontally much more than vertically.

  • Page 43: Mounting The Hiveap 28 And Attaching Antennas

    (Canada); and if local or national electrical codes are not available, refer to IEC (International Electrotechnical Commission) 364, Part 1 through 7 (other countries). • To prevent damage, avoid over-tightening the connectors, nuts, and screws used to mount the HiveAP 28 and antennas. Aerohive...

  • Page 44: Pole Mount

    AP 28 OUNTING THE TTACHING NTENNAS Pole Mount To mount the HiveAP 28 to a pole with a 1.5-inch diameter, you need two sets of the L-shaped brackets, two 2" U-bolts, saddle clamps, and the nuts, bolts, and washers shown in Figure 5.

  • Page 45: Strand Mount

    Note: Repeat the preceding steps to fasten the other end of the HiveAP 28 to the cable or wire strand. 3. Attach the 90-degree type N adapters to the two 2.4 GHz antenna connectors and then attach the antennas to the adapters so that the antennas face downward. For details, see "Attaching Antennas" on page Aerohive...

  • Page 46: Surface Mount

    Note: Because the metal in a wall can degrade the radio signal pattern, Aerohive recommends using sector antennas instead of omnidirectional antennas when mounting the device on a wall.

  • Page 47: Attaching Antennas

    The two 2.4 GHz and two 5 GHz antennas that ship with the HiveAP 28 have male Type N connectors that you can connect directly to the female Type N antenna connectors on the HiveAP 28. You can also use self-amalgamating PTFE (polytetrafluoroethylene) tape, which is available separately from Aerohive, to create a waterproof seal at the points of attachment.
  • Page 48 PVC (polyvinyl chloride)—so that it does not distort the signal. Aerohive recommends that antennas be installed away from power lines and obstructions that can interfere with radio coverage.

  • Page 49: Device, Power, And Environmental Specifications

    Peak Power Output (dBm) 17.80 17.40 17.60 Environmental Specifications • Operating temperature: -40 to 140 degrees F (-40 to 60 degrees C) • Storage temperature: -40 to 194 degrees F (-40 to 90 degrees C) • Relative Humidity: Maximum 100% Aerohive...

  • Page 50: Chapter 4 The Hiveap 340 Platform

    Chapter 4 The HiveAP 340 Platform The Aerohive HiveAP 340 is a high-performance and highly reliable 802.11n wireless access point. The HiveAP 340 provides dual concurrent 802.11b/g/n and 802.11a/n radios for 3x3 MIMO (Multiple In, Multiple Out) and dual 10/100/1000 Ethernet ports for link aggregation or link redundancy. Its power management system uses a concept called smart PoE (Power over Ethernet) to adjust its power consumption automatically in response the available power in different environments.

  • Page 51: Hiveap 340 Product Overview

    RODUCT VERVIEW The HiveAP 340 is a multi-channel wireless access point. It is compatible with IEEE 802.11b/g/n (2.4 GHz) and IEEE 802.11a/n (5 GHz) standards and supports a variety of Wi-Fi (wireless fidelity) security protocols, including WPA (Wi-Fi Protected Access) and WPA2.
  • Page 52 PSE (power sourcing equipment) that is compatible with the 802.3af standard and the forthcoming 802.3at standard, such as one of the PoE injectors available as an optional accessory from Aerohive. (If you connect the HiveAP to a power source through the power connector and PoE ports simultaneously, the device draws power through the power connector and automatically disables PoE.)

  • Page 53: Ethernet And Console Ports

    RJ-45 Connector White/Orange end. Orange For cross-over Ethernet cables, the wires terminate at one end according White/Green to the T568A standard and at the Blue other according to T568B. White/Blue Green White/Brown Brown Aerohive...

  • Page 54: Smart Poe

    Smart PoE The HiveAP 300 series applies the Aerohive concept of smart PoE to adjust power consumption as necessitated by varying levels of available power. No adjustments are needed when the power level is 20 W (watts) or higher. If the available power drops to a range between 18 and 20 W, the HiveAP disables the ETH1 interface.
  • Page 55 It uses ETH0 if neither red0 nor agg0 has any member interfaces and the link state for ETH0 is UP. • It uses ETH1 if neither red0 nor agg0 has any member interfaces, the link state for ETH0 is DOWN, and the link state for ETH1 is UP. Aerohive...

  • Page 56: Console Port

    AP 340 P RODUCT VERVIEW Console Port The pin-to-signal mapping in the RJ-45 console port is shown shown in Figure Figure 3 Console port pin assignments RJ-45 Console Port Console Port Pin Assignments Signal Direction RTS (Request to Send) Output, unused DTR (Data Terminal Ready) Output, unused TXD (Transmitted Data)

  • Page 57: Status Leds

    { wifi0 | wifi1 } radio power <number> command, where <number> can be from 1 to 20 and represents a value in dBm. Aerohive...

  • Page 58: Mimo

    AP 340 P RODUCT VERVIEW Figure 5 HiveAP 340 antennas Generally, orient the antennas vertically for improved radio coverage, as shown here: When mounting the HiveAP 340 on a ceiling, orient its antennas downward. 5 GHz Antenna for IEEE 2.4 GHz Antenna for 802.11a/n IEEE 802.11b/g/n When mounting the HiveAP...
  • Page 59 HiveAP 340 radio functioning in access mode might be configured to use two RF chains for transmitting and three for receiving. In that case, its configuration can be presented as "2x3". In general, the number of receive antennas is equal to or greater than the number of transmit antennas. Aerohive...

  • Page 60: Using Mimo With Legacy Clients

    48- or 36-Mbps speeds due to multipath interface. However, because MIMO technology makes better use of multipath, an access point using MIMO can continue transmitting at 54 Mbps, or at least at a better rate than it would in a pure 802.11a/b/g environment, thus improving the reliability and speed of 802.11a/b/g client traffic.

  • Page 61: Mounting The Hiveap 340

    Using the mounting plate and track clips, you can mount the HiveAP 340 to the tracks of a dropped ceiling grid. Using just the mounting plate, you can mount the HiveAP to any surface that can support its weight (3.3 lb., 1.5 kg). ® ® his document covers the following methods for mounting the Aerohive HiveAP 340: •...

  • Page 62: Ceiling Mount

    AP 340 OUNTING THE Ceiling Mount To mount the HiveAP 340 to a standard 1"-wide track in a dropped ceiling, you need the mounting plate, two track clips, and two Keps nuts that ship with the HiveAP 340. You also need a drill, a wrench, and—most likely—a ladder. Nudge the ceiling tiles slightly away from the track to clear some space.

  • Page 63: Locking The Hiveap 340

    Mounting Plate through the opening. 2. Link a padlock through the opening in the adapter and engage the lock to secure the HiveAP 340 to the mounting plate. The opening is 1/8" (0.3 cm) in diameter at its narrowest. Aerohive...

  • Page 64: Plenum Mount

    AP 340 OUNTING THE Plenum Mount To mount the HiveAP 340 in the plenum space above a dropped ceiling grid, you need the mounting plate, hanger clip, and a standard 24"-wide hanger frame, which can be ordered separately (SKU# AH-ACC-BKT-PLENUM). 1.
  • Page 65 6. Insert the hanger clip upward through the center slot in the hanger frame, and then twist it counterclockwise until the clip snaps into a locked position against the sides of the crossbar (see Figure 14 on page 65). Aerohive...
  • Page 66 AP 340 OUNTING THE Figure 14 Securing the HiveAP 340 to the hanger frame (bird’s eye view with the ceiling tiles HiveAP 340 attached to and ceiling tracks removed for clarity) the mounting plate Hanger Frame Insert the hanger clip upward through the center slot in the hanger frame.

  • Page 67: Suspended Mount

    If you ever pull too much rope through and need to pull it back down, use a tool such as a screw driver to press against the inner tube in the locking device to release the rope. Then you can pull it back out (see "Height Correction" on page 67). Aerohive...
  • Page 68 AP 340 OUNTING THE Figure 16 Suspending the HiveAP 340 Wrap the wire rope around a beam, clip the hook to the rope, and then pull the rope downward until it is taut against the beam. Push the wire rope through the side hole in the locking device Locking Beam...

  • Page 69: Surface Mount

    Ethernet cables and a power cable. Note: There are a variety of holes through which you can screw or nail the plate in place. Choose the two or three that best suit the object to which you are attaching it. Aerohive...

  • Page 70: Device, Power, And Environmental Specifications

    EVICE OWER NVIRONMENTAL PECIFICATIONS EVICE OWER NVIRONMENTAL PECIFICATIONS Understanding the range of specifications for the HiveAP 340 is necessary for optimal deployment and device operation. The following specifications describe the physical features and hardware components, the power adapter and PoE (Power over Ethernet) electrical requirements, and the temperature and humidity ranges in which the device can operate.
  • Page 71 Chapter 4 The HiveAP 340 Platform Aerohive...

  • Page 72: Chapter 5 The Hiveap 320 Platform

    Chapter 5 The HiveAP 320 Platform The Aerohive HiveAP 320 is a high-performance and highly reliable 802.11n wireless access point. The HiveAP 320 provides dual concurrent 802.11b/g/n and 802.11a/n radios for 3x3 MIMO (Multiple In, Multiple Out) and dual 10/100/1000 Ethernet ports for link aggregation or link redundancy. Its power management system uses a concept called smart PoE (Power over Ethernet) to adjust its power consumption automatically in response the available power in different environments.

  • Page 73: Hiveap 320 Product Overview

    RODUCT VERVIEW The HiveAP 320 is a multi-channel wireless access point. It is compatible with IEEE 802.11b/g/n (2.4 GHz) and IEEE 802.11a/n (5 GHz) standards and supports a variety of Wi-Fi (wireless fidelity) security protocols, including WPA (Wi-Fi Protected Access) and WPA2.
  • Page 74 AP 320 P RODUCT VERVIEW Component Description You can configure ETH0 and ETH1 as two individual Ethernet interfaces, combine them into an aggregate interface to increase throughput, or combine them into a redundant interface to increase reliability. You can connect the HiveAP 320 to a wired network or to a wired device (such as a security camera) through these ports using bridging.

  • Page 75: Ethernet And Console Ports

    Steady amber: Wireless interface is in backhaul mode but inactive • Pulsing amber: Wireless interface is in backhaul mode and is connected with other hive members • Alternating green and amber: Wireless interface is in backhaul mode and is searching for other hive members Aerohive...

  • Page 76: Antennas

    AP 320 P RODUCT VERVIEW Antennas Antennas are an integral part of the HiveAP 320. The HiveAP 320 has six internal single-band antennas. Three of the antennas operate in the 2.4-GHz band (IEEE 802.11b/g/n) and have a 2-dBi gain. The other three antennas operate in the 5-GHz band (IEEE 802.11a/n) and have a 3-dBi gain.

  • Page 77: Mounting The Hiveap 320

    HiveAP into place, attaching it to the mounting plate as shown in Figure 5 on page Note: For clarity, the power and Ethernet cables are not shown in the illustrations. Aerohive...

  • Page 78: Locking The Hiveap 320

    Torx tri-wing torsion insert bit for size #1 tri-wing security screws and a screw driver that will accept the bit. The correct bits are available from Aerohive in sets of three (AH-ACC-SEC-BIT-3PK). 1. Insert the security screw through the hole in the HiveAP 320 and begin to thread it into the hole in the mounting...

  • Page 79: Surface Mount

    The rubber feet provide clearance for the cables to pass. Connect the cables to the ETH0 and ETH1 ports and power connector. Attach the HiveAP 320 to the mounting plate. (side view) Attach the four rubber feet here. Aerohive...

  • Page 80: Device, Power, And Environmental Specifications

    EVICE OWER NVIRONMENTAL PECIFICATIONS EVICE OWER NVIRONMENTAL PECIFICATIONS Understanding the range of specifications for the HiveAP 320 is necessary for optimal deployment and device operation. The following specifications describe the physical features and hardware components, the power adapter and PoE (Power over Ethernet) electrical requirements, and the temperature and humidity ranges in which the device can operate.
  • Page 81 Chapter 5 The HiveAP 320 Platform Aerohive...

  • Page 82: Chapter 6 Hiveap 100 Series Platforms

    Chapter 6 HiveAP 100 Series Platforms The Aerohive HiveAP 110 and 120 platforms are high-performance wireless access points suitable for small offices, mobile employees, and telecommuters. The HiveAP 110 has one dual-band 802.11a/b/g/n radio, and the HiveAP 120 has two radios—one for 802.11a/n and one for 802.11b/g/n, which can both operate concurrently. Both platforms provide 2x2 MIMO (Multiple In, Multiple Out) and a single 10/100/1000 Ethernet port through which they can be powered using PoE (Power over Ethernet) that follows the IEEE 802.3af standard or the 802.3at pre-standard.

  • Page 83: Hiveap 110 And 120 Product Overview

    Ethernet and wireless interface activity, and major alarms. For details, see "Status Indicator" on page Device Lock Slot You can physically secure the HiveAP by attaching a Kensington lock and cable to the device lock slot. For more information, see "Locking the HiveAP" on page Aerohive...

  • Page 84: Ethernet Port

    ETH0 port from PSE (power sourcing equipment) that is compatible with the 802.3af standard and the forthcoming 802.3at standard. Aerohive provides suitable PoE injectors as an optional accessory. (If you connect the HiveAP to a power source through the power connector and the ETH0 PoE port simultaneously, the device draws power through the power connector and automatically disables PoE.)

  • Page 85: Status Indicator

    Status Indicator The status indicator has been incorporated into the Aerohive logo on the top of the HiveAP 110 and 120. It is illuminated by various colors to indicate different states of activity. The meanings of the colors are as follows: •...

  • Page 86: Mounting A Hiveap 100 Series Device

    AP 100 S OUNTING A ERIES EVICE Figure 3 Antennas and radios (Cut-away views of the HiveAP 110 and 120 showing the relationship of the internal antennas and radios) HiveAP 110 HiveAP 120 2.4GHz / 5 GHz Dual Band Antenna 5 GHz 2.4 GHz Antenna...
  • Page 87 #6 or #8 screws. Position the three screws in a T-shaped layout: two screws 2" (5 cm) apart from each other and the third screw center-aligned between them and 4.75" (12 cm) away. Then attach the HiveAP to the screws as explained in "Surface Mount" on page Aerohive...

  • Page 88: Locking The Hiveap

    AP 100 S OUNTING A ERIES EVICE Locking the HiveAP To lock the HiveAP to a secure object, use a Kensington lock and cable. Loop the cable around a securely anchored object, insert the Kensington lock in the device lock slot in the HiveAP , and engage the locking mechanism (Figure Figure 7 Locking the HiveAP with a Kensington security lock HiveAP mounted to...

  • Page 89: Device, Power, And Environmental Specifications

    RJ-45 power input pins: Wires 4, 5, 7, 8 or 1, 2, 3, 6 Environmental Specifications • Operating temperature: 32 to 104 degrees F (0 to 40 degrees C) • Storage temperature: -40 to 185 degrees F (-40 to 85 degrees C) • Relative Humidity: Maximum 95% noncondensing Aerohive...

  • Page 90: Chapter 7 The Hivemanager Platform

    Chapter 7 The HiveManager Platform The HiveManager Network Management System provides centralized configuration, monitoring, and reporting for multiple HiveAPs. The following are a few of the many benefits that a HiveManager offers: • Simplified installations and management of up to 500 HiveAPs •...

  • Page 91: Product Overview

    Chapter 7 The HiveManager Platform RODUCT VERVIEW The Aerohive HiveManager is a central management system for configuring and monitoring HiveAPs. You can see its hardware components in Figure 1 and read a description of each component in Table Figure 1 HiveManager hardware components...

  • Page 92: Ethernet And Console Ports

    RODUCT VERVIEW Component Description USB Port The USB port is reserved for internal use. Status LEDs The status LEDs convey operational states for the system power and hard disk drive. For details, see "Status LEDs" on page MGT and LAN Ethernet Ports The MGT and LAN Ethernet ports are compatible with 10/100/1000-Mbps connections, automatically negotiate half- and full-duplex mode with the connecting devices, and support RJ-45 connectors.

  • Page 93: Status Leds

    (steady glow or blinking). The meanings of the various color + illumination patterns for each LED are shown in Figure Figure 4 Status LEDs System Power Hard Disk Drive Dark: No power Dark: Idle Steady illumination: Powered on Blinking: Active Aerohive...

  • Page 94: Rack Mounting The Hivemanager

    OUNTING THE ANAGER OUNTING THE ANAGER You can mount the HiveManager in a standard 19" (48 cm) equipment rack with two rack screws—typically 3/4", 1/2", or 3/8" long with 10-32 threads. The HiveManager ships with mounting brackets already attached to its left and right sides near the front panel (see Figure 1 on page 90).

  • Page 95: Device, Power, And Environmental Specifications

    Power supply cord: Standard three conductor SVT 18AWG cord with an NEMA5-15P three-prong male plug and three-pin socket Environmental Specifications • Operating temperature: 32 to 140 degrees F (0 to 60 degrees C) • Storage temperature: -4 to 176 degrees F (-20 to 80 degrees C) • Relative Humidity: 10% – 90% (noncondensing) Aerohive...

  • Page 96: Chapter 8 The High Capacity Hivemanager Platform

    Chapter 8 The High Capacity HiveManager Platform The High Capacity HiveManager is a management system that provides centralized configuration, monitoring, and reporting for multiple HiveAPs. The following are a few of the many benefits that a HiveManager offers: • Simplified installations and management of up to 5000 HiveAPs •...

  • Page 97: Product Overview

    Chapter 8 The High Capacity HiveManager Platform RODUCT VERVIEW The Aerohive High Capacity HiveManager is a central management system for configuring and monitoring HiveAPs. You can see its hardware components in Figure 1 and read a description of each component in...
  • Page 98 9600, data bits: 8, parity: none, stop bits: 1, flow control: none. The default login name is admin and the password is aerohive. After making a connection, you can access the Linux operating system. MGT and LAN Ethernet Ports...

  • Page 99: Rack Mounting The High Capacity Hivemanager

    HiveManager. Use three of the cross-head screws to secure the chassis rail to the HiveManager chassis as shown in Figure 3 on page Aerohive...
  • Page 100 OUNTING THE APACITY ANAGER Figure 3 Attaching the chassis rail to the HiveManager Place the slide stop against the front Chassis Rail mounting bracket. cross head machine screws with 10 32 threads 3. Secure the other chassis rail to the other side of the HiveManager. 4.
  • Page 101 Outer Slide Outer Slide Inner Slide (over Inner Slide (over the chassis rail) the chassis rail) Screws Screws Front Front Mounting Bracket Mounting Bracket The HiveManager is now securely mounted to the front and rear rails of the equipment rack. Aerohive...

  • Page 102: Replacing Power Supplies

    EPLACING OWER UPPLIES EPLACING OWER UPPLIES The high capacity HiveManager has a pair of redundant, hot-swappable power supplies. If one of the power supplies fails, the other will continue to power the device. When a a power supply fails, a continuous beeping alarm sounds and the power LED glows amber.

  • Page 103: Replacing Hard Disk Drives

    13. Press CTRL+R to rebuild it. The rebuild process takes about 30 minutes. When done, the utility console notifies you with a message. 14. Confirm that the process is complete. The HiveManager continues booting up with the new HDD replacement in operation. Aerohive...

  • Page 104: Device, Power, And Environmental Specifications

    EVICE OWER NVIRONMENTAL PECIFICATIONS EVICE OWER NVIRONMENTAL PECIFICATIONS Understanding the range of specifications for the high capacity HiveManager is necessary for the optimal deployment and operation of the device. The following specifications describe the physical features and hardware components, the electrical requirements for the power supply and cord, and the temperature and humidity ranges in which the device can operate.
  • Page 105 Chapter 8 The High Capacity HiveManager Platform Aerohive...

  • Page 106: Chapter 9 Hivemanager Online And Hivemanager Virtual Appliance

    In addition to a physical HiveManager appliance, the HiveManager network management system is available in two other forms. HiveManager Online is a cloud-based service running on hardware hosted and maintained by Aerohive and HiveManager Virtual Appliance is VMware that you can install and run on a computer on your network (see Figure 1).

  • Page 107: Hivemanager Virtual Appliance

    2 connection to your computer—much as if the two were connected by a layer 2 switch internally—and shares the Ethernet connection with your computer. Note: You can find full installation instructions on Aerohive Networks HiveManager Virtual Appliance QuickStart, which is also included on the USB flash drive.

  • Page 108: Chapter 10 Using Hivemanager

    Chapter 10 Using HiveManager You can conceptualize the Aerohive cooperative control architecture as consisting of three broad planes of communication. On the data plane, wireless clients gain network access by forming associations with HiveAPs. On the control plane, HiveAPs communicate with each other to coordinate functions such as best-path forwarding, fast roaming, and automatic RF (radio frequency) management.
  • Page 109 "Sorting Displayed Data" on page 117 • "HiveManager Configuration Workflow (Enterprise Mode)" on page 118 • "Updating Software on HiveManager" on page 119 • "Updating HiveOS Firmware" on page 120 • "Updating HiveAPs in a Mesh Environment" on page 121 Aerohive...

  • Page 110: Installing And Connecting To The Hivemanager Gui

    You also need an order ID or, for a physical HiveManager appliance, a license key. You can obtain these by sending an email request to Aerohive Support at orders@aerohive.com. Include your sales order ID and—for a physical HiveManager appliance or HiveManager Virtual Appliance—a HiveManager system ID. Aerohive will send you back an order ID or license key.
  • Page 111 10.1.1.1 (HiveManager sends all traffic to the default gateway.) 8. After you finish configuring the network settings, restart network services by entering 6 (6 Restart Network Services) and then enter yes to confirm the action. You can now disconnect the serial cable. Aerohive...
  • Page 112 For a HiveManager appliance with Internet access, select Enter Order ID. Copy the order ID text string that Aerohive sent you in an email message, paste it in the Order ID field, and then click Enter. For HiveManager Online and HiveManager Virtual Appliance, copy the order ID text string, paste it in the Order ID field, and then click Enter.
  • Page 113 Chapter 10 Using HiveManager If you do not have an order ID or license yet, you can request that Aerohive send it to you. To accomplish this, HiveManager must have Internet access and email settings configured. If this is the first time to log in to HiveManager, you can access a limited area of the GUI to configure its email settings.

  • Page 114: Introduction To The Hivemanager Gui

    NTRODUCTION TO THE ANAGER 9. To save your settings and enter the HiveManager GUI in Enterprise mode, click Save. 10. A message appears prompting you to confirm your selection of Enterprise mode. After reading the confirmation message, click Yes. HiveManager displays the Guided Configuration page to assist you with the main configuration steps: •...

  • Page 115: Viewing Reports

    Help: Access a comprehensive online context-sensitive Help system. Internet access is required to view the Help files at their default location. You can also download the Help files from Aerohive Support and post them on a local HTTP server if you like. In addition to Help files, you can also access product documentation and online computer-based training modules by clicking the down arrow to the right of the Help button.

  • Page 116: Searching

    NTRODUCTION TO THE ANAGER Searching The HiveManager GUI provides a search feature that you can use to find text strings throughout the HiveManager database and the entire GUI (except in Reports and Topology) or within one or more specified sections of the GUI. By default, HiveManager searches through the following sections of the GUI: Configuration, Access Points, Clients, Administration, and Tools.

  • Page 117: Multiselecting

    Figure 9 Cloning a hive To clone an object, select it in an open window, and then click the Clone button. Retain the settings you want to keep, and modify those you want to change. 2. Click 1. Select Aerohive...

  • Page 118: Sorting Displayed Data

    NTRODUCTION TO THE ANAGER Sorting Displayed Data You can control how the GUI displays data in the main panel by clicking a column header. This causes the displayed content to reorder itself alphanumerically or chronologically in either ascending or descending order. Clicking the header a second time reverses the order in which the data is displayed.

  • Page 119: Hivemanager Configuration Workflow (Enterprise Mode)

    HiveAPs. If the HiveAPs and HiveManager are in different subnets, then you can use one of several approaches to enable HiveAPs to connect to HiveManager. For information about these options, see "How HiveAPs Connect to HiveManager" on page 133. Aerohive...

  • Page 120: Updating Software On Hivemanager

    SCP server, you can direct HiveManager to log in and load it from a directory there. 1. If you do not yet have an account on the Aerohive Support portal, send an email request to (support@aerohive.com) to set one up.

  • Page 121: Updating Hiveos Firmware

    HiveManager makes it easy to update HiveOS firmware running on managed HiveAPs. First, you obtain new HiveAP firmware from Aerohive Support and upload it onto HiveManager. Then you push the firmware to the HiveAPs and activate it by rebooting them.

  • Page 122: Updating Hiveaps In A Mesh Environment

    OS F PDATING IRMWARE In the Activation Time section, select one of the following options, depending on when you want to activate the firmware—by rebooting the HiveAPs—after HiveManager finishes loading it: • Activate at: Select and set the time at which you want the HiveAPs to activate the firmware. To use this option accurately, make sure that both HiveManager and managed HiveAP clocks are synchronized.
  • Page 123 Chapter 10 Using HiveManager Aerohive...

  • Page 124: Chapter 11 Basic Configuration Examples

    Chapter 11 Basic Configuration Examples This chapter introduces the HiveManager GUI in Enterprise mode through a series of examples showing how to create a basic configuration of an SSID, hive, and WLAN policy. It then explains how to connect several HiveAPs to HiveManager, accept them for management, and push the configuration to them over the network.

  • Page 125: Example 1: Defining An Ssid

    This note and the very name "test1-psk" are deliberately being used as reminders to replace this configuration later with an SSID profile and SSID name that you really intend to use in your WLAN. SSID Access Security: WPA/WPA2 PSK (Personal) Aerohive...
  • Page 126 Enable MAC Authentication: (clear) User profile assigned to users that associate with this SSID: default-profile The predefined user profile "default-profile" applies the standard Aerohive Quality of Service level through the predefined QoS policy "def-user-qos" and assigns user traffic to VLAN 1.
  • Page 127 ID and sends it to the client. Four Way Handshake The HiveAP and client exchange the preshared key and other information to derive keys to encrypt unicast traffic. (Later, they derive encryption keys for multicast and broadcast traffic as well.) Aerohive...

  • Page 128: Example 2: Creating A Hive

    2: C XAMPLE REATING A 2: C XAMPLE REATING A A hive is a group of HiveAPs that exchange information with each other to form a collaborative whole. Through coordinated actions based on shared information, hive members can provide the following services: •...

  • Page 129: Example 3: Creating Awlan Policy

    The creation of a WLAN policy that puts the HiveAPs to which you apply it in a hive and provides them with an SSID is complete. In the following examples, you deploy several HiveAPs on a network, accept them for HiveManager management, and then apply the WLAN policy to them. Aerohive...

  • Page 130: Example 4: Connecting Hiveaps To Hivemanager

    100-240 VAC power source or allow them to obtain power through PoE (Power over Ethernet) from PSE (power sourcing equipment) on the network. (Both power adaptors and PoE injectors are available from Aerohive as options.) Place the third HiveAP—HiveAP3—within range of the other two, and use a power adaptor to connect it to an AC power source.
  • Page 131 WaitJoin timer and enters the Run state. the CAPWAP server enters a Reset state and terminates the DTLS session. Note: If the WaitJoin timer expires before the client receives a successful Join Response, the client terminates the DTLS connection and returns to the Discover state. Aerohive...
  • Page 132 Initial CLI Configuration Wizard appears. Because you do need to configure all the settings presented in the wizard, enter N to cancel it. When prompted to log in, enter the default admin name and password: admin, aerohive. For HiveAPs set with "world"...
  • Page 133 Note: If you see a different group of HiveAP settings, make sure that Monitor is selected as the view mode at the top of the HiveAPs page. The GUI provides two view modes for HiveAPs, one that focuses on monitoring HiveAPs (Monitor) and another that focuses on configuring them (Config). Aerohive...
  • Page 134 4: C XAMPLE ONNECTING S TO ANAGER How HiveAPs Connect to HiveManager If CAPWAP (Control and Provisioning of Wireless Access Points) clients are in the same layer 2 broadcast domain as the CAPWAP server—as they are in the previous example—the clients broadcast CAPWAP Discovery Request messages to discover and establish a secure connection with the server automatically.
  • Page 135 HiveAP broadens its search even wider and tries to If the HiveAP cannot make a contact HiveManager Online at CAPWAP connection to staging.aerohive.com:12222. If HiveManager Online using HiveManager the staging server has a serial UDP port 12222, it tries to...

  • Page 136: Example 5: Assigning The Configuration To Hiveaps

    New Admin Name: testadmin1 This is the root admin name that HiveManager uses to make SSH connections and upload a full configuration to managed HiveAPs. The default root admin name and password is admin and aerohive. New Password: testpass1 Confirm New Password: testpass1 Although changing the login credentials is not necessary, it is good practice, which is why it is included here.
  • Page 137 HiveManager and mesh points before they can complete their update process. Therefore, try to update and reboot mesh points first. Then, update and reboot the portals. See "Updating HiveAPs in a Mesh Environment" on page 121. Aerohive...
  • Page 138 5: A XAMPLE SSIGNING THE ONFIGURATION TO Uploading HiveAP Configurations At this point, you have finished assigning configurations to the managed HiveAP objects on HiveManager, and it is time to push these configurations from HiveManager to the physical HiveAP devices. Because this is the first time to use HiveManager to update the configuration on these HiveAPs, you must perform a full upload, which requires rebooting the HiveAPs to activate their new configurations.
  • Page 139 After they reboot and activate their new configurations, check the status of their CAPWAP connections by looking at the CAPWAP column on the Monitor > Access Points > HiveAPs page with the View mode set as Monitor. After a few minutes, all three HiveAPs will reestablish their connections. Aerohive...

  • Page 140: Chapter 12 Common Configuration Examples

    Chapter 12 Common Configuration Examples Through the use of examples, this chapter shows how to use HiveManager in Enterprise mode to configure several features that are somewhat more advanced than those covered in the previous chapter. The examples cover topics such as topological maps, IEEE 802.1X authentication, captive web portals, and the HiveManager concept of classifier tags, which is a method for assigning the different definitions of a single network object to various managed HiveAPs.

  • Page 141: Example 1: Mapping Locations And Installing Hiveaps

    Note: Instead of using an illustration of buildings, you can also set the image of the root map as None and use the Add Wall tool to draw three simple rectangles. This option is useful when you have floor plans but not an illustration depicting the external buildings. Aerohive...
  • Page 142 1: M XAMPLE APPING OCATIONS AND NSTALLING Figure 2 Organizational structure of level-1 and -2 maps Level 1 Double-clicking a floor icon on the CorpOffices map CorpOffices (Level 1 Map) (level 1) opens the corresponding level-2 map. This map shows 3 buildings and 20 icons that link to level 2 maps. You can also navigate to any map within the Topology Maps section of the navigation tree in the HiveManager GUI.
  • Page 143 Background Image: Choose HQ-B1-F2.png from the drop-down list. Map Width (optional): 120 feet HiveAP Installation Height: 13 feet A floor icon labeled "HQ-B1-F2" appears on the CorpOffices image, and a new entry named "HQ-B1-F2" appears nested under "CorpOffices" in the navigation tree. Aerohive...
  • Page 144 1: M XAMPLE APPING OCATIONS AND NSTALLING 6. Select the icon and drag it to the location you want. After adding the CorpOffices "map" (really an illustration showing three buildings), two floor plans for the first and second floors of "HQ-B1", and dragging the floor icons into position, the display of the CorpOffices map looks similar to that in Figure Figure 4 CorpOffice map (level 1) with links to level-2 maps HQ-B1-F1 and HQ-B1-F2...

  • Page 145: Preparing The Hiveaps

    HiveAPs throughout the buildings. The MAC address on the label is for the mgt0 interface. Because the MAC addresses of all HiveAPs begin with the Aerohive MAC OUI 00:19:77, you only need to record the last six numerals in the address. For example, if the MAC OUI is 0019:7700:0120, you only need to write "000120" to be able to distinguish it from other HiveAPs later.

  • Page 146: Example 2: Ieee 802.1X With An External Radius Server

    1: M XAMPLE APPING OCATIONS AND NSTALLING When a HiveAP connects to HiveManager, HiveManager checks its SNMP locationand automatically associates it with the map specified in its SNMP location description. You can then click the icon to see its location and drag it to the specified location on the map.
  • Page 147 Including the attribute number in the user profile name makes configuring the RADIUS server a bit simpler. Attribute Number: 1 Default VLAN: VLAN-10 Description: For employees to use VLAN 10 Aerohive...
  • Page 148 1: M XAMPLE APPING OCATIONS AND NSTALLING 6. To create a user profile for IT staff, select the check box of the user profile that you just created, "Emp(1)", and then click Clone. The User Profiles dialog box appears with the settings for Emp(1). 7.
  • Page 149 IDs. The ability for HiveAP RADIUS authenticators to accept these messages from the RADIUS authentication server is not required in this example, so it remains disabled. To save the configuration as "RADIUS-10.1.1.10" and close the dialog box, click Save. Aerohive...
  • Page 150 1: M XAMPLE APPING OCATIONS AND NSTALLING Defining an SSID with 802.1X/EAP Authentication Define an SSID that supports 802.1X/EAP authentication and directs the HiveAP RADIUS authenticators to forward authentication requests from RADIUS supplicants to the RADIUS authentication server that you just defined. Click Configuration >...
  • Page 151 If the supplicant is on a Macintosh computer and is not on a domain, view the available SSIDs in the area, and select corp-wifi. Then click Join Network, and accept the certificate that the RADIUS server provides, assuming it is from a trustworthy source. After the RADIUS server validates your identity, the client connects to the WLAN. Aerohive...

  • Page 152: Example 3: Providing Guest Access Through A Captive Web Portal

    HiveAP with which they associated. A captive web portal provides registered users with network access while containing unregistered users. Because the Aerohive captive web portal feature is very flexible, you will have a number of choices to make when configuring it. Several of these are examined first—"Registration...

  • Page 153: Providing Network Settings

    Chapter 12 Common Configuration Examples Providing Network Settings In addition to various registration types, Aerohive offers two approaches to providing captive web portal clients with network settings. One approach uses external DHCP and DNS servers on the network, and the other uses internal DHCP and DNS servers on the HiveAP itself.
  • Page 154 3: P XAMPLE ROVIDING UEST CCESS THROUGH A APTIVE ORTAL DNS address resolution HTTP connection to the captive web portal DNS Querient DNS Server HTTP Client HTTP Server HTTP GET DNS Query Reply DNS Reply The HiveAP allows DNS queries and replies When the client sends an HTTP or HTTPS between the client of an ungregistered user GET command, the HiveAP intercepts it and...

  • Page 155: Captive Web Portal With Internal Dhcp And Dns Servers

    The entire process is shown in Figure Figure 9 Captive web portal exchanges using internal servers Association Using SSID “guest” Address and TCP/IP Assignments Wireless Client Wireless Access Point DHCP Client DHCP Server DHCP Discover Association Request DHCP Offer...

  • Page 156: Modifying Captive Web Portal Pages

    Modifying Captive Web Portal Pages Aerohive provides .html files and images for use on the captive web portal server and a tool in the GUI to modify the supplied text, colors, and images to better suit the needs of your organization. The various file names and their purposes are as follows.
  • Page 157 HiveAP. For information about configuring it, see the HiveManager online Help.) Note: You can use Aerohive GuestManager or User Manager to provide network access to wireless users. A GuestManager administrator, called an operator, sets up user accounts on GuestManager. Then GuestManager uses its built-in RADIUS server to authenticate them.
  • Page 158 Footer Image: By default, this is a graphic of the Aerohive logo. The file name is aerohive_logo_reverse.png and its dimensions are 111 x 48 px at 72 dpi. If you replace this with a different image, make sure it has the same or nearly the same dimensions to avoid distortion.

  • Page 159: Configuring A Captive Web Portal

    This is the maximum amount of bandwidth that a single user belonging to this profile can use. It is far less than the bandwidth you can reserve for other users such as employees, but it should be sufficient for basic web access for visitors. Description: QoS per guest Aerohive...

  • Page 160: Firewall Policy

    3: P XAMPLE ROVIDING UEST CCESS THROUGH A APTIVE ORTAL Per User Queue Management: Enter the following items in bold, and leave all other settings unchanged: Class Number - Name Scheduling Type Scheduling Weight % Policing Rate Policing Rate Weight (Read Only) Limit (Kbps) Limit (Kbps)
  • Page 161 Note: If you need to rearrange a set of policy rules, select the check box to the left of a rule, and then click the Up and Down buttons on the right to move the selected rule to a new position. Aerohive...
  • Page 162 3: P XAMPLE ROVIDING UEST CCESS THROUGH A APTIVE ORTAL The rules in this policy allow clients to access a DHCP and DNS server to get their network settings and resolve DNS queries so that they can access the captive web portal. They deny traffic to all private IP address spaces, thus blocking access to the internal network.
  • Page 163 In this example, 5 is used. Because this setting is a relative weight, modify it as necessary based on the weights of the other user profiles present. Note: Although HiveAPs apply policing at all times, they only apply scheduling weights when usage is at maximum capacity. Aerohive...
  • Page 164 3: P XAMPLE ROVIDING UEST CCESS THROUGH A APTIVE ORTAL SSID You can provide visitors with secure but unregistered network access by issuing them a preshared key to use when associating with the guest SSID. A receptionist can provide visitors with the preshared key along with access instructions upon their arrival, as shown in Figure 12.
  • Page 165 Similarly, if you try to ping the default gateway or a remote website (www.aerohive.com, for example), you will find that you do not receive any responses because the firewall does not permit ICMP traffic to either the internal or external network.

  • Page 166: Example 4: Private Psks

    4: P XAMPLE RIVATE 4: P XAMPLE RIVATE Private PSKs are unique preshared keys created for individual users on the same SSID. They offer unique keys per user and user profile flexibility (similar to 802.1X) with the simplicity of preshared keys. For this example, the steps for generating, applying, and distributing private PSK user data are as follows: 1.
  • Page 167 See "Address Objects" on page 159. Click Save to save the IP firewall policy and return to the User Profile dialog box. From-Access: contractors-outgoing-IP-policy (This is the firewall policy that you just created.) To-Access: (nothing) Default Action: Deny Aerohive...
  • Page 168 4: P XAMPLE RIVATE Private PSK User Groups You next create two private PSK user groups, one for employees and another for contractors. To create a private PSK user group for employees, click Configuration > Advanced Configuration > Authentication > Local User Groups > New, enter the following, and then click Save: User Group Name: Employees(30) Including the attribute number in the private PSK user group name and in the user profile name makes it easier to match them when configuring the SSID.
  • Page 169 4. If you do not include a password string in the imported file, HiveManager automatically generates a random string during the import process. For example, if the first entry omits the password, it would be as follows (note the empty space between the commas): Bob Lai, 3, Employees(30), , hm-admin@apis.com;blai@apis.com, Use SSID star, home Aerohive...

  • Page 170: Email Notification

    4: P XAMPLE RIVATE WLAN Policy To add the SSID to a WLAN policy, click Configuration > WLAN Policies > wlan_policy_name > Add/Remove SSID Profile, select star in the Available SSID Profiles list, click the right arrow ( > ) to move it to the Selected SSID Profiles list, click Apply, and then click Save.

  • Page 171: Example 5: Using Hiveap Classifiers

    VLAN: 20 VLAN: 10 VLAN definition: 20; type: branch2 VLAN definition: 10; type: global HiveAP classifier: branch2 HiveAP classifier: (nothing) Note: It is assumed that the HiveAPs have already been assigned to maps in the Topology section of the GUI. Aerohive...

  • Page 172: Create A Vlan Object With Three Definitions

    5: U AP C XAMPLE SING LASSIFIERS The configuration steps are as follows: 1. Classify HiveAPs at branch offices 2 and 3. 2. Create a VLAN object with three definitions for VLANs 10, 20, and 30. 3. Reference the VLAN object in a user profile that is used in an SSID that is part of the WLAN policy used by the HiveAPs at each branch office.

  • Page 173: Reference The Vlan Object

    If you click the host name for a HiveAP at branch office 3, you can see that its VLAN ID is 30: user-profile name vlan-id 30 Make sure that all the HiveAPs in the list at the bottom of Upload and Activate Configuration page are selected, and then click Upload. Aerohive...

  • Page 174: Chapter 13 Hiveos

    Chapter 13 HiveOS You can deploy a single HiveAP and it will provide wireless access as an autonomous AP (access point). However, if you deploy two or more HiveAPs in a hive, you can provide superior wireless access with many benefits. A hive is a...

  • Page 175: Common Default Settings And Commands

    The following are some important default settings and the commands necessary to change them if you need to do so. For a complete list of CLI commands, see one of the platform-dependent Aerohive CLI reference guides available online at www.aerohive.com/techdocs. Default Settings...

  • Page 176: Configuration Overview

    ONFIGURATION VERVIEW ONFIGURATION VERVIEW The amount of configuration depends on the complexity of your deployment. As you can see in "Deployment Examples (CLI)" on page 181, you can enter a minimum of three commands to deploy a single HiveAP, and just a few more to deploy a hive.

  • Page 177: Policy-Level Configurations

    • Tunnel Private Group ID = user_profile_number The attributes indicate which user profile to apply to the user, The HiveAP applies the QoS policy to all and the profile in turn indicates which QoS policy to apply. wireless clients that associate with the SSID. Aerohive...

  • Page 178: Hiveos Configuration File Types

    OS C ONFIGURATION YPES OS C ONFIGURATION YPES HiveOS supports several types of configuration files: running, current, backup, bootstrap, default, and failed. The running configuration (config) is the configuration that is actively running in DRAM. During the bootup process, a HiveAP loads the running config from one of up to four config files stored in flash memory: •...
  • Page 179 . . . Backup Config (newly uploaded config file) . . . the previous current . . . the backup config is config becomes the new saved as a failed config backup config. (for diagnostic analysis). Aerohive...
  • Page 180 Note: Be careful to remember the login name and password defined in the bootstrap config file. If they become lost or forgotten, you must obtain a one-time login key from Aerohive technical support. To get the key, you must already have had a support contract in place. The first one-time login key is free. After that, there is a small handling fee for each additional key.
  • Page 181 If you want to run the bootstrap config, enter the following commands: load config bootstrap reboot When the bootstrap config loads, enter the login parameters you defined for that configuration. To return to your previous current config file, enter the following commands: load config backup reboot Aerohive...

  • Page 182: Chapter 14 Deployment Examples (Cli)

    This chapter presents several deployment examples to introduce the primary tasks involved in configuring HiveAPs through the HiveOS CLI. "Deploying a Single HiveAP" on page 182, you deploy one HiveAP as an autonomous access point. This is the simplest configuration: you only need to enter and save three commands. "Deploying a Hive" on page 185, you add two more HiveAPs to the one deployed in the first example to form a hive with three members.

  • Page 183: Example 1: Deploying A Single Hiveap

    2. Connect one end of an RS-232 serial (or "null modem") cable to the serial port (or Com port) on your management system. 3. Connect the other end of the cable to the male DB-9 or RJ-45 console port on the HiveAP. Aerohive...

  • Page 184: Configure The Hiveap

    5. Because you do not need to configure all the settings presented in the wizard, press N to cancel it. The login prompt appears. 6. Log in using the default user name admin and password aerohive. Step 2 Configure the HiveAP 1.
  • Page 185 Note: You can also enter the following commands to check the association status of a wireless client: show auth, show roaming cache, and show roaming cache mac <mac_addr>. The setup of a single HiveAP is complete. Wireless clients can now associate with the HiveAP using SSID "employee" and access the network. Aerohive...

  • Page 186: Example 2: Deploying A Hive

    2: D XAMPLE EPLOYING A 2: D XAMPLE EPLOYING A Building on "Deploying a Single HiveAP" on page 182, the office network has expanded and requires more HiveAPs to provide greater coverage. In addition to the basic configuration covered in the previous example, you configure all three HiveAPs to form a hive within the same layer 2 switched network.
  • Page 187 HiveAP-1 is set to use wireless interface wifi1 and its subinterface wifi1.1 for backhaul communications. Write down the radio channel for future reference (in this example, it is 149). When configuring HiveAP-2 and -3, make sure that they also use this channel for backhaul communications. exit Aerohive...
  • Page 188 2: D XAMPLE EPLOYING A Step 2 Configure HiveAP-2 and HiveAP-3 1. Power on HiveAP-2 and log in through its console port. 2. Configure HiveAP-2 with the same commands that you used for HiveAP-1: ssid employee ssid employee security protocol-suite wpa-auto-psk ascii-key N38bu7Adr0n3 interface wifi0 ssid employee hive hive1 hive hive1 password s1r70ckH07m3s...
  • Page 189 Assocd (Associated) - A HiveAP has associated with the local HiveAP and can now start the authentication process. Auth (Authenticated) - The HiveAP has been authenticated and can now exchange data traffic. Aerohive...
  • Page 190 2: D XAMPLE EPLOYING A 7. To check that the hive members have full data connectivity with each other, associate a client in wireless network-1 with HiveAP-1 (the SSID "employee" is already defined on clients in wireless network-1; see "Deploying a Single HiveAP").

  • Page 191: Example 3: Using Ieee 802.1X Authentication

    RADIUS server at 10.1.1.10. The RADIUS server is in turn Wireless Network Access Connections linked to the database of the Active Directory server on which all the user accounts have previously been created and stored. Wired Ethernet Network Connections Aerohive...
  • Page 192 3: U IEEE 802.1X A XAMPLE SING UTHENTICATION Note: This example assumes that the RADIUS and AD servers were previously configured and populated with user accounts that have been in use on a wired network (not shown). The only additional configuration on these servers is to enable the RADIUS server to accept authentication requests from the HiveAPs.
  • Page 193 1. View the available SSIDs in the area, and select employee. 2. Click Join Network. 3. Accept the certificate that the RADIUS server provides, assuming it is from a trustworthy source. After the RADIUS authentication server validates your identity, the client connects to the WLAN. Aerohive...
  • Page 194 3: U IEEE 802.1X A XAMPLE SING UTHENTICATION Step 6 Check that clients can form associations and access the network 1. To check that a client can associate with a HiveAP and access the network, open a wireless client application and connect to the "employee"...

  • Page 195: Example 4: Applying Qos

    In this example, you want the hive members to prioritize voice, streaming media, and e-mail traffic. First, you map distinguishing elements of these traffic types to three Aerohive QoS (Quality of Service) classes: Class 6: voice traffic from VoIP phones with MAC OUI 00:12:3b (the OUI for all phones in the network) Voice traffic is very sensitive to delay and cannot tolerate packet loss without loss of voice quality.
  • Page 196 PPLYING Note: The HiveAP assigns all traffic that you do not specifically map to an Aerohive class to class 2, which by default uses WRR with a weight of 30 and a rate of 54,000 or 1,000,000 Kbps, depending on the HiveAP.
  • Page 197 The MMS (Microsoft Media Server) protocol can use several transports (UDP, TCP, and HTTP). However, for a HiveAP to be able to map a service to an Aerohive QoS class, it must be able to identify that service by a unique characteristic such as a static destination port number or a nonstandard protocol number.
  • Page 198 4: A XAMPLE PPLYING 2. Associate the classifier profiles with the employee SSID and the eth0 interface so that HiveAP-1 can classify incoming traffic arriving at these two interfaces. ssid employee qos-classifier employee-voice interface eth0 qos-classifier eth0-voice By creating two QoS classifiers and associating them with the employee SSID and eth0 interface, HiveAP-1 can classify traffic flowing in both directions for subsequent QoS processing;...
  • Page 199 0, 1, 2, 4, and 7, the policy applies default settings to them. The HiveAP assigns all traffic that you do not specifically map to an Aerohive class to class 2, which uses WRR with a weight of 30 and a default rate of 54,000 or 1,000,000 Kbps.
  • Page 200 4: A XAMPLE PPLYING Step 4 Configure HiveAP-2 and HiveAP-3 1. Log in to HiveAP-2 through its console port. 2. Configure HiveAP-2 with the same commands that you used for HiveAP-1: qos classifier-map oui 00:12:3b qos 6 service mms tcp 1755 service smtp tcp 25 service pop3 tcp 110 qos classifier-map service mms qos 5...

  • Page 201: Example 5: Loading A Bootstrap Configuration

    (admin, aerohive), and thereby gain complete admin access. (Note that you can disable the ability of the reset button to reset the configuration by entering this command: no reset-button reset-config-enable) A bootstrap configuration can help in both of these situations.
  • Page 202 2. Confirm the reboot command, and then, when you are asked if you want to use the Aerohive Initial Configuration Wizard, enter no.
  • Page 203 3. Check that the uploaded config file is now the bootstrap config. show config bootstrap 4. Repeat the procedure to load the bootstrap config on HiveAP-3. The bootstrap configs are now in place on all three HiveAPs. Aerohive...

  • Page 204: Cli Commands For Examples

    5: CLI C XAMPLE OMMANDS FOR XAMPLES CLI C OMMANDS FOR XAMPLES This section includes all the CLI commands for configuring the HiveAPs in the previous examples. The CLI configurations are presented in their entirety (without explanations) as a convenient reference, and—if you are reading this guide as a PDF—as an easy way to copy and paste the commands.

  • Page 205: Commands For Example 3

    10.1.1.10 shared-secret s3cr3741n4bl0X ssid employee security protocol-suite wpa-auto-8021x save config HiveAP-2 aaa radius-server first 10.1.1.10 shared-secret s3cr3741n4bl0X ssid employee security protocol-suite wpa-auto-8021x save config HiveAP-3 aaa radius-server 10.1.1.10 shared-secret s3cr3741n4bl0X ssid employee security protocol-suite wpa-auto-8021x save config Aerohive...

  • Page 206: Commands For Example 4

    5: CLI C XAMPLE OMMANDS FOR XAMPLES Commands for Example 4 Enter the following commands to configure the hive members to apply QoS (Quality of Service) to voice, streaming media, and data traffic in "Applying QoS" on page 194: HiveAP-1 qos classifier-map oui 00:12:3b qos 6 service mms tcp 1755 service smtp tcp 25...
  • Page 207 3 wrr 54000 60 For HiveAPs supporting IEEE 802.11a/b/g/n qos policy voice qos 6 strict 512 0 qos policy voice qos 5 wrr 20000 90 qos policy voice qos 3 wrr 1000000 60 user-profile employee-net qos-policy voice attribute 2 save config Aerohive...

  • Page 208: Commands For Example 5

    5: CLI C XAMPLE OMMANDS FOR XAMPLES Commands for Example 5 Enter the following commands to create bootstrap config files and load them on the hive members in "Loading a Bootstrap Configuration" on page 200: bootstrap-security.txt admin root-admin Cwb12o11siNIm8vhD2hs password 8wDamKC1Lo53Ku71 hive hive1 hive hive1 password s1r70ckH07m3s interface mgt0 hive hive1...
  • Page 209 Chapter 14 Deployment Examples (CLI) Aerohive...

  • Page 210: Chapter 15 Traffic Types

    Chapter 15 Traffic Types This is a list of all the types of traffic that might be involved with a HiveAP and HiveManager deployment. If a firewall lies between any of the sources and destinations listed below, make sure that it allows these traffic types. Traffic Supporting Network Access for Wireless Clients Service Source...
  • Page 211 Used for uploading packet capture interface 65535 files from HiveAPs to HiveManager Control and Provisioning of Wireless Access Points † This is the default destination port number. You can change it to a different port number from 1 to 65535. Aerohive...
  • Page 212 Traffic Supporting Device Operations Service Source Destination Protocol Port Port Notes Aerohive HiveAP mgt0 HiveAP mgt0 17 UDP 3000 3000 Required for hive communications Cooperative interface interface and operates at layer 3 Control Messages Aerohive HiveAP wifi1.1 HiveAP wifi1.1 N.A.
  • Page 213 17 UDP 1024 - Used for uploading files to HiveAPs mgt0 or TFTP server 65535 and downloading files from them This is the default port number. You can change it to a different port number from 1024 to 65535. Aerohive...

  • Page 214: Appendix A Country Codes

    Appendix A Country Codes When the region code on a HiveAP is preset as "world", you must set a country code for the location where you intend to deploy the HiveAP. This code determines the radio channels and power settings that the HiveAP can use when deployed in that country.
  • Page 215 Malta 470 Japan7 (J7) 4007 Mauritius 480 Japan8 (J8) 4008 Mexico 484 Japan9 (J9) 4009 Monaco (Principality of Monaco) 492 IJapan10 (J10) 4010 Morocco 504 Japan11 (J11) 4011 Netherlands 528 Japan12 (J12) 4012 Japan13 (J13) 4013 New Zealand 554 Aerohive...
  • Page 216 Appenidix A Country Codes Sri Lanka 144 Nicaragua 558 Norway 578 Sweden 752 Oman 512 Switzerland 756 Pakistan (Islamic Republic of Pakistan) 586 Syria 760 Panama 591 Taiwan 158 Paraguay 600 Thailand 764 Peru 604 Trinidad y Tobago 780 Philippines (Republic of the Philippines) 608 Tunisia 788 Poland 616 Turkey 792...
  • Page 217 Appenidix A Country Codes Aerohive...

  • Page 218: Index

    201 login credentials, changing 183 current 177, 178 lost credentials, one-time login key 179 default 177, 179 Aerohive Cooperative Control Messages 211 failed 177, 178 AeroScout Reports 211 console, See individual platform entries aggregate interface 53 cooperative control 107...
  • Page 219 Ethernet ports 51, 52, 53 HiveManager Online 105–106, 133 LEDs 50, 56 HiveManager Virtual Appliance 105–106, 133 locking 62 HiveManager, High Capacity mounting 60–68 console 97, 103 mounting, ceiling 61 environmental specifications 103 PoE 51, 52 Ethernet ports 97 Aerohive...
  • Page 220 Index hard disk drives 96, 102 private PSK 165–169 LEDs 97 groups of users 165 power supplies 97 overview 165 power supplies, replacing 101 SSID 168 user groups 167 rack mounting 96, 98–100 user profiles 166 reset button 97 PSK 124 serial number 97 system fans 97 HiveOS...
  • Page 221 WEEE compliance 3 testing 184 Wi-Fi certification 3 user profiles 161 WLAN deployment status LEDs, See individual platform entries access point density 19 syslog 211 bandwidth 18 connecting HiveAPs to HiveManager 129 considering interference 15, 25 Telnet 212 data rates 19...

This manual is also suitable for:

Hiveap 20Hiveap 28Hiveap 340Hiveap 320Hiveap 110Hiveap 120 ... Show all

Table of Contents