Aerohive Networks HIVEAP330, HIVEAP350 User Manual
Aerohive QuickStart
HiveAP 330 HiveAP 350
for the HiveAP 330 and 350
This guide explains how to set up a HiveAP 330 or 350 so it can make a network connection to
HiveManager, and how to mount it on a ceiling or wall. (The HiveAP 350 with articulated antennas
is shown in the illustrations, but the instructions apply equally to the HiveAP 330 and to the HiveAP
350 with non-articulated antennas.) To register, get product documentation, and download software
updates, visit www.aerohive.com/support.
Attach the 5 GHz antennas with gray rings
to the 5 GHz connectors with gray circles...
and the 2.4 GHz antennas with white
rings to the 2.4 GHz connectors.
1
Eth0
DHCP
Connect a standard
Ethernet cable with
RJ-45 connectors
from ETH0 on the
HiveAP to a switch.
2
Ethernet
Cable
If the switch provides
Switch
Server
Some other network devices (They
might all be incorporated in the same
device, such as a router or rewall.)
PoE (Power-overEthernet), cabling the
HiveAP to the switch
will cause the HiveAP
to power on in a few
seconds.
3
After you cable the HiveAP to an Ethernet network and power it on, it automatically
attempts to get its network settings through DHCP and contact HiveManager. The process
typically takes about ve minutes to complete. If you see the HiveAP listed on the Monitor >
Access Points > HiveAPs page in the HiveManager GUI, the initial setup is complete and you
can now begin managing the HiveAP through HiveManager.
If the HiveAP does not appear in the HiveManager GUI after about ten minutes, read the
rest of this guide to understand how the HiveAP attempts to contact HiveManager and what
you can do to help establish a connection between the two devices.
Connecting to HiveManager
By default, a HiveAP acts as a DHCP client and gets its network settings automatically from a
DHCP server. (You can also congure it with static network settings through the CLI. See the
next section, "Using the Virtual Access Console".) After a HiveAP has its network settings, it then
acts as a CAPWAP client and sends CAPWAP Discovery messages until HiveManager, acting as
the CAPWAP server, responds. CAPWAP (Control and Provisioning of Wireless Access Points) is a
protocol that access points use to contact a management device and communicate with it.
When a HiveAP goes online for the rst time without any specic CAPWAP server conguration
entered manually or received as a DHCP option, it progresses through these cycle of CAPWAP
connection attempts:
(a) The HiveAP tries to
connect to HiveManager
using the default domain
name "hivemanager.
<local_domain>:
12222", where
<local_domain> is the
domain name that a
DHCP server supplied
to the HiveAP and
12222 is the UDP port
number. If a DNS server
has been congured
to resolve that domain
name to an IP address, the
HiveAP and HiveManager
then form a secure CAPWAP
connection on port 12222.
If the HiveAP cannot make a
CAPWAP connection to HiveManager
on port 12222, it tries to reach it by
using TCP port 80: hivemanager.<local_
domain>:80.
P/N 330050-02 Rev. A
a
HiveManager
or
HiveManager Virtual
Appliance
HiveManager Online
c
HiveManager Online on UDP port 12222, it tries to reach it on
TCP port 80. If that proves unsuccessful, the HiveAP returns to
its initial search through a DNS lookup and repeats the cycle.
in its ACL (access control list), it responds
and they form a secure CAPWAP connection.
If the HiveAP cannot make a CAPWAP connection to
Firewall
b
Online at redirector.aerohive.
redirection server has a serial
number or MAC address for that HiveAP
Internet
If the switch does not
provide PoE, use the
AC/DC power adaptor
(available as an
accessory) to connect
the HiveAP to a 100240 AC power source.
(b) If the DNS server cannot
resolve the domain name
to an IP address, the
HiveAP broadcasts
CAPWAP Discovery
messages on its local
subnet. If HiveManager
is on the local network
and responds, they
form a secure CAPWAP
HiveManager produce no
results, the HiveAP tries
to contact HiveManager
com:12222. If the Aerohive
connection.
(c) If the rst two
searches for a local
A HiveAP connected directly to the network is called a portal. You can also place a HiveAP
within radio range of a portal so that it forms a wireless link through the portal to the wired
network. This kind of HiveAP is called a mesh point. A mesh point initially forms a hive with
its portal using a default hive called hive0. Through this link, the mesh point can reach the
network and get its network settings from the DHCP server. Then it can form a CAPWAP
connection with HiveManager. (To add mesh points after changing the hive name, rst
connect them to the wired network. Next, push the conguration with the new hive name and
password to them from HiveManager. Finally, deploy them as mesh points.)
If the HiveAP forms a CAPWAP connection with the Aerohive redirection server and its serial
number has been entered in an ACL, the redirection server automatically redirects the
CAPWAP connection to the corresponding HiveManager Online VHM (virtual HiveManager).
The redirection server does this by sending the HiveAP the HiveManager domain name or IP
address as its new CAPWAP server and the name of the appropriate VHM. If the HiveAP is
currently using HTTP, the redirection server includes the conguration needed for the HiveAP
to continue using it. Similarly, if the HiveAP is congured to access the public network through
an HTTP proxy server, the redirection server saves the relevant settings on the HiveAP so it
will continue using the HTTP proxy server when connecting to HiveManager.
If the Aerohive redirection server does not have the HiveAP serial number, the ACL ignores the
CAPWAP connection attempts, and the HiveAP repeats the connection cycle shown previously.
Using the Virtual Access Console
As explained in the previous section, after connecting a HiveAP to the network and powering
it on, it acts as a DHCP client and tries to get its network settings automatically from a DHCP
server in VLAN 1. However, if there is no DHCP server in that VLAN, if the native VLAN for the
network segment is not 1, or if you just want to assign it a static IP address, then you need to
access the CLI and dene the network settings yourself.
One approach is to use a console cable, which is available from Aerohive as an accessory.
Another is to use the virtual access console. This is a way of accessing the CLI on a HiveAP
wirelessly through a special SSID that the HiveAP, by default, automatically activates for
administrative access when it has no conguration and cannot reach its default gateway.
The default virtual access console SSID name is “<hiveap-hostname>_ac”. The default host
name of a HiveAP consists of "AH-" plus the last six digits of its MAC address; for example,
AH-123456. In this case, the name of the default virtual access console SSID would be "AH123456_ac". By default, this SSID uses aerohive as the PSK (preshared key) for authenticating
user access. To access the virtual access console, do the following:
Using your wireless client,
4
scan for wireless networks.
If you are within range, an
SSID such as "AH-123456_ac"
appears.
Select it, and when
prompted to enter a
network key, type aerohive
and then click Connect.
Check the IP address of the
5
default gateway that the
DHCP server on the HiveAP
assigned your client. Then
make an SSH or Telnet
connection to the HiveAP
at that IP address.
(Note that the Telnet
connection is protected by
WPA2 security mechanisms.)
When prompted to enter your
credentials, enter the default
Aerohive login name (admin)
and password (aerohive).
C:\>ipcong
Windows IP Conguration
Ethernet adapter Wireless
Network Connection:
Connection-specic DNS Sufx . :
IP Address. . . . . . : 1.1.1.2
Subnet Mask . . . . . : 255.255.255.0
Default Gateway . . . : 1.1.1.1
C:\>telnet 1.1.1.1
Beacons
Wireless
Client
Beacons
6
After logging in to the virtual access console, you can view the status of various
functions and make conguration changes. Here are some commonly used commands:
Use these commands: To do the following:
show interface
Check the status of both wired and
wireless interfaces
show interface mgt0
See the network settings (IP address,
netmask, default gateway) and VLAN
ID of the mgt0 interface, which is the
management interface of the HiveAP
no interface mgt0 dhcp client
interface mgt0 ip <ip_addr>
<netmask>
interface mgt0 native-vlan <id>
Disable the DHCP client
Set the IP address and netmask of the
mgt0 interface
Set the native (untagged) VLAN that the
switch infrastructure in the surrounding
wired and wireless network uses
interface mgt0 vlan <id>
Set the VLAN for management and
control trafc
show capwap client
show hive
show hive <string> neighbor
hive <string> ...
show ssid
ssid <string> ...
interface { wi0 | wi1 } ssid
<string>
save cong
reboot
See CAPWAP client settings and status
See the hive name
Check for any neighboring hive members
Create a hive and set its parameters
See a list of all SSID names
Congure an SSID
Bind an SSID to a wireless interface in
access mode
Save the conguration to ash
Reboot the HiveAP
Only set the following command when managing HiveAPs through HiveManager or
HiveManager Virtual Appliance. Do not use it with HiveManager Online.
capwap client server name
<string>
Set the IP address or domain name of the
CAPWAP server (HiveManager)
To see a list of commands, and their accompanying CLI Help, type a question mark ( ? ).
For example, to see all the show commands, enter show ?
If you want to nd a command that uses a particular character or string of characters,
you can do a search using the following command: show cmds | include
<string>, where <string> is the word or string of characters you want to nd.
Device- and platform-specic CLI reference guides are available online. (To learn how to
access them, see "Where to go for more information" elsewhere in this document.)
Status LED
The status LED in the corner of the HiveAP 330 and 350 indicates various states of activity
through its color and illumination patterns (solid or ashing). The meanings of the colors
are explained below.
• Dark: There is no power or the status indicator is disabled.
• Blue: (solid) The device is booting up or there is no backhaul link; (ashing) the
device is shutting down
• Green: The default route is through the backhaul Ethernet interface, but not all
conditions for normal operations (white) have been met.
• Yellow: The default route is through a backhaul wi interface, but not all conditions
for normal operations (white) have been met.
• White: The device is powered on and the rmware is operating normally; that is, a
wireless interface in access mode is up, a wired or wireless backhaul link is up, and
the HiveAP has a CAPWAP connection to HiveManager.
• Purple: A new image is being loaded from HiveManager or a management AP.
• Orange: An alarm indicating a rmware or hardware issue has occurred.
You can adjust its brightness level from bright (the default) to soft to dim, or turn it off
completely. In HiveManager, the setting is on the Conguration > Management Services >
Management Options page. CLI: [ no ] system led brightness { soft | dim | off }.
Bright Soft Dim Off
Mounting the HiveAP 330 and 350
Surface Mount
Deployment and Conguration Tips
Using the rail mount, you can mount the HiveAP 330 or 350 to the tracks of a dropped ceiling grid.
Using the mounting plate, you can mount it to any at surface that can support its weight (HiveAP
330: 1.5 lb or 0.68 kg; HiveAP 350: 2.375 lb or 1.08 kg). Both mounting options are explained
below. (The HiveAP 330 is shown in these illustrations, but the instructions apply to both models.)
Note: In addition to these methods, you can also mount the HiveAP on a table using the set
of four rubber feet that ship with the product. Simply peel the rubber feet off the
adhesive sheet and press them against the underside of the HiveAP in its four corners.
Ceiling Mount
To mount the HiveAP 330 or 350 to a standard 15/16"-wide track (2.38 cm) in a dropped ceiling,
use one of the two rail mounts that ship with the HiveAP, depending on whether the track is ush
with the ceiling tiles or recessed. You also need a drill and—most likely—a ladder.
Nudge the ceiling tiles slightly away from the track to clear some space, and then attach the
appropriate rail mount to the ceiling track. When you have the rail mount in the correct location,
cut or drill a hole in the ceiling through which you can then pass the Ethernet and power cables.
Press the the rail mount upward against the ceiling track so that the track contacts the
1
two pressure tabs and pushes them ush with the rail mount.
Rail Mount
(bird's eye view with
Ceiling Track
2
Rotate the rail mount until the
two pressure tabs click into place,
gripping the ceiling track.
In the open space in the L-shaped rail
3
mount, drill a hole in the ceiling tile
(not shown). Then pass one or both
Ethernet cables through the hole, and
if you plan to supply power from an AC
power source rather than through PoE,
pass the power cable through as well.
Connect the cables and then attach the HiveAP to the rail mount to complete the installation.
For the HiveAP 350, attach the articulted antennas and swivel them into a vertical position
pointing downward to provide optimal coverage.
With the HiveAP upside down, connect the cables (not shown). Align the two V-shaped
4
tabs and the security screw hole extension on the rail mount with the tab slots and
security screw cavity on the HiveAP, and press the HiveAP upward until it snaps into place.
(side view)
V-shaped Tab V-shaped Tab
Tab Slot Tab Slot
When done, adjust the ceiling tiles back into their former position.
CLICK!
ceiling tiles removed and
the ceiling track shown as
transparentfor clarity)
CLICK!
Security Screw
Hole Extension
Security Screw
Cavity
You can use the mounting plate to attach the HiveAP to any surface that supports its weight, and
to which you can screw or nail the plate. First, mount the plate to the surface. Then, in the open
space in the L-shaped mounting plate, make a hole in the wall so that you can pass the cables
through to the HiveAP. Finally, attach the device to the plate, connect the cables, and for the
HiveAP 350, attach the antennas.
Mount the HiveAP on a wall as explained below.
With the two exible V-shaped tabs at
1
the sides of the plate extending away
from the surface, attach the mounting
plate to a secure object such as a wall,
ceiling, post, or beam.
(bird's eye view)
V-shaped Tab V-shaped Tab
Tab Slot
Cut or drill a hole in the wall in the
2 3
open space in the L-shaped mounting
plate, pass the cables through to the
HiveAP, and connect them. (You can
also run the cables along the wall to
the HiveAP instead of through a hole.)
Depending on how the device is
powered and how it connects to the
network, connect a power cable
and one or two Ethernet cables.
(The cables are not shown in the
illustration.)
Note: There are various holes through
which you can screw or nail the
plate in place. Choose the two or
three that best suit the object to
which you are attaching it.
Security Tab
Extension
Tab Slot
Security Screw
Cavity
Align the tabs and security tab
extension on the mounting plate with
the tab slots and security screw cavity
on the HiveAP.
Push the the HiveAP against the mounting
4
plate until the tabs click inside the tab
slots.
For the HiveAP 350, attach either the
articulated or non-articulated antennas.
When using the articulated antennas,
orient them vertically for best coverage.
Locking the HiveAP
To lock the HiveAP to the rail mount or mounting plate, use either a Kensington lock or the
security screw that is included with the mounting kit. To use a Kensington lock, loop the cable
attached to the lock around a secure object, insert the T-bar component of the lock into the
device lock slot on the HiveAP, and then turn the key to engage the lock mechanism.
To lock the HiveAP to the rail mount or mounting plate or to lock the USB port cover, use the
security screw, which is included in the mounting kit. You also need a drilled spanner insert
bit for size #6 security screws and a screw driver that will accept the bit. The correct bits are
available from Aerohive in sets of three (AH-ACC-SEC-BIT-330-350-3PK).
To use the security screw, follow the steps below:
If you want to hide the USB
1
port, attach the USB port
cover by pushing the tab on
the cover into the port.
Insert the security screw
2
through the hole in the cover
and the hole in the chassis.
Using a screwdriver with a
drilled spanner bit, fasten the
screw to the security tab extension
on the rail mount. (If you want
to expose the USB port, use the
security screw without the cover.)
USB Port
USB Port Cover
Security Screw
Screwdriver
Rail Mount
or
Mounting
Plate
Security Tab
Extension
Lock Slot
The following are some tips and suggestions to help you troubleshoot a few common problems that
might arise when setting up the HiveAP 330 and 350:
• For the HiveAP 350, make sure that you connect the 2.4 GHz antennas to the 2.4 GHz
connectors, and the 5 GHz antennas to the 5 GHz connectors.
• If you manage the HiveAP through HiveManager Online and it does not show up on the Monitor
> Access Points > HiveAPs page, do the following:
– Check if the HiveAP serial number is listed in the ACL (access control list) on the Aerohive
redirection server. Log in to myhive.aerohive.com, and then click Redirector > Monitor
> HiveAP Access Control List). If not, click Enter, type its serial number in the HiveAP
Serial Number eld, and then click Save. When done, reboot the HiveAP.
– Check connectivity to Aerohive redirection server:
ping redirector.aerohive.com (Check connectivity from the HiveAP network)
capwap ping redirector.aerohive.com (Check connectivity through CAPWAP)
– Ensure that any intervening rewalls allow one of the following sets of services from the
HiveAP to HiveManager Online:
CAPWAP (UDP 12222), SSH (TCP 22), and HTTPS (TCP 443)
or
HTTP (TCP 80) and HTTPS (TCP 443)
• If a wireless client cannot form an association with an SSID, check that the client is within
range and that it is congured to use the same authentication method as the SSID. For
example, if the client is congured to use Open or WEP authentication but the SSID is
set for WPA or WPA2, the client will not be able to associate with the HiveAP. To see the
security settings for an SSID, log in to HiveManager, click Conguration>SSIDs>ssid_name
> Advanced Access Security Settings, and look at the SSID access security type, the key
management method, and the encryption method.
• If the client associates and authenticates itself, but the HiveAP cannot forward trafc,
check that the HiveAP is assigning the correct user prole and, if so, that it is also assigning
the correct VLAN. To see the user prole and VLAN that a HiveAP assigns a client, log in to
HiveManager, click Monitor > Clients > Active Clients > client_mac_address. Check the user
prole attribute and VLAN. If those are correct, then check that the client has received its
network settings through DHCP. To check connectivity to a DHCP server, click Tools > VLAN
Probe, choose the HiveAP with which the client is associated from the HIveAP drop-down list,
enter IDs for the VLAN range that you want to check. Click Start to send a DHCP DISCOVER
message, and see if it elicits a response. Also check that the VLAN conguration for the port
on the connecting switch is correct.
To remove all settings and return the conguration to its factory default settings, enter the
reset cong command or use a pin to press the Reset button, which is located near the ETH0
port on the underside of the chassis, and hold it down for at least 10 seconds.
Where to go for more information
Technical Documentation
Aerohive provides various technical documents for its products. For information about CLI
commands, see the CLI reference guides available in HTML format. For information about
HiveManager and HiveAP hardware and software topics, see the Aerohive Deployment Guide
(PDF). The deployment guide contains information about HiveAPs and HiveManager appliances,
WLAN deployment considerations, and detailed conguration instructions for commonly used
features. To access Aerohive product documentation, visit www.aerohive.com/techdocs.
HiveManager Help System
The HiveManager Help system contains a wealth of information about all the features you can
congure through HiveManager. To access it, click the Help icon in the upper right corner of
the GUI. A Help topic that pertains to the currently active GUI page appears. To see other Help
topics, use the table of contents to browse the system or the search tool to nd information
about a specic subject.
Support Site
Access technical support services, documentation, and software at www.aerohive.com/support/
login.html. After registering for an account, you will receive a user name and password to enter
when logging in. You can contact Support for assistance through the web site or by phone (+1
408.510.6100 or 866.365.9918).
Training
Aerohive offers courses covering the Aerohive cooperative control concepts, the installation and
conguration of Aerohive products, and how to troubleshoot issues and optimize performance.
For more information, visit www.aerohive.com/support/training.html.
Aerohive also offers CBT (computer-based training) modules. CBTs are online ash tutorials that
explain Aerohive concepts and walk you through conguration procedures step by step. You
can use the CBTs to familiarize yourself with the HiveManager GUI and learn how to congure
HiveAPs. Aerohive CBTs are available for free online at www.aerohive.com/techdocs.
©
2011 Aerohive Networks, Inc.
Aerohive® and HiveAP® are U.S. registered
trademarks of Aerohive Networks, Inc.
P/N 330050-02 Rev. A
Loading...