Aerohive access point Deployment Manual page 202

Step 1 Define the bootstrap config on HiveAP-1
1. Make a serial connection to the console port on HiveAP-1, log in, and load the default config.
load config default
reboot
You do not want the bootstrap config to contain any of your previously defined settings from the current
config. Therefore, you load the default config, which has only default settings. When you begin with
the default config and enter the commands that define the bootstrap config, the bootstrap config will
have just those commands and the default config settings.
2. Confirm the reboot command, and then, when you are asked if you want to use the Aerohive Initial
Configuration Wizard, enter no.
3. Log in using the default user name admin and password aerohive.
4. Define admin login parameters for the bootstrap config that are difficult to guess.
admin root-admin Cwb12o11siNIm8vhD2hs password 8wDamKC1Lo53Ku71
You use the maximum number of alphanumeric characters for the login name (20 characters) and
password (32 characters). By mixing uppercase and lowercase letters with numbers in strings that do
not spell words or phrases, you make the login much harder to guess.
Note: Be careful to remember the login name and password defined in a bootstrap config file. If they become
lost or forgotten, you must obtain a one-time login key from Aerohive technical support. To get the
key, you must already have had a support contract in place. The first one-time login key is free. After
that, there is a small handling fee for each additional key.
5. Leave the various interfaces in their default up or down states.
By default, the wifi0 and wifi0.1 interfaces are down, but the mgt0, eth0, wifi1, and wifi1.1
subinterfaces are up. The hive members need to use wifi1.1, which is in backhaul mode, so that
HiveAP-3 can rejoin hive1 and, through hive1, access DHCP and DNS servers to regain network
connectivity. (By default, mgt0 is a DHCP client.) You leave the eth0 interface up so that Hive-1 and
Hive-2 can retain an open path to the wired network. However, with the two interfaces in access
mode—wifi0 and wifi0.1— in the down state, none of the HiveAPs will be able provide network access to
any wireless clients. Wireless clients cannot form associations through wifi1.1 nor can a computer
attach through the eth0 interface—because it is also in backhaul mode—and obtain network access
through the mesh.
6. Define the hive settings so that any of the three HiveAPs using the bootstrap config can rejoin the grid.
hive hive1
hive hive1 password s1r70ckH07m3s
interface mgt0 hive hive1
When a HiveAP boots up using the bootstrap config, it can rejoin hive1 because the configuration
includes the hive name and password and binds the mgt0 interface to the hive. This is particularly
useful for HiveAP-3 because it is a mesh point and can only access the wired network after it has joined
the hive. It can then reach the wired network through either of the portals, HiveAP-1 or HiveAP-2.
7. Save the configuration as a bootstrap config.
save config running bootstrap
If anyone resets the current configuration, the HiveAP will load this bootstrap config and thwart any
thief from accessing the configuration and any wireless client from accessing the network.
Deployment Guide
E 5: L B
XAMPLE OADING A OOTSTRAP
C
ONFIGURATION
201