Aerohive QuickStart |
HiveAP 330 HiveAP 350 |
|
|
for the HiveAP 330 and 350 |
|
This guide explains how to set up a HiveAP 330 or 350 so it can make a network connection to HiveManager, and how to mount it on a ceiling or wall. (The HiveAP 350 with articulated antennas is shown in the illustrations, but the instructions apply equally to the HiveAP 330 and to the HiveAP 350 with non-articulated antennas.) To register, get product documentation, and download software updates, visit www.aerohive.com/support.
Attach the 5 GHz antennas with gray rings
to the 5 GHz connectors with gray circles...
1
Connect a standard Ethernet cable with RJ-45 connectors from ETH0 on the HiveAP to a switch.
2
and the 2.4 GHz antennas with white |
|
|
rings to the 2.4 GHz connectors. |
Internet |
|
|
DHCP |
Firewall |
|
|
|
|
Server |
|
Switch |
|
|
Ethernet |
Some other network devices (They |
|
Cable |
might all be incorporated in the same |
|
|
device, such as a router or firewall.) |
|
If the switch provides |
|
If the switch does not |
PoE (Power-over- |
|
provide PoE, use the |
Ethernet), cabling the |
|
AC/DC power adaptor |
HiveAP to the switch |
|
(available as an |
will cause the HiveAP |
|
accessory) to connect |
to power on in a few |
|
the HiveAP to a 100- |
seconds. |
|
240 AC power source. |
3 After you cable the HiveAP to an Ethernet network and power it on, it automatically attempts to get its network settings through DHCP and contact HiveManager. The process typically takes about five minutes to complete. If you see the HiveAP listed on the Monitor >
Access Points > HiveAPs page in the HiveManager GUI, the initial setup is complete and you can now begin managing the HiveAP through HiveManager.
If the HiveAP does not appear in the HiveManager GUI after about ten minutes, read the rest of this guide to understand how the HiveAP attempts to contact HiveManager and what you can do to help establish a connection between the two devices.
Connecting to HiveManager
By default, a HiveAP acts as a DHCP client and gets its network settings automatically from a
DHCP server. (You can also configure it with static network settings through the CLI. See the next section, "Using the Virtual Access Console".) After a HiveAP has its network settings, it then acts as a CAPWAP client and sends CAPWAP Discovery messages until HiveManager, acting as
the CAPWAP server, responds. CAPWAP (Control and Provisioning of Wireless Access Points) is a protocol that access points use to contact a management device and communicate with it.
When a HiveAP goes online for the first time without any specific CAPWAP server configuration entered manually or received as a DHCP option, it progresses through these cycle of CAPWAP connection attempts:
(a) The HiveAP tries to |
a |
connect to HiveManager |
|
using the default domain |
|
name "hivemanager. |
|
<local_domain>: |
|
12222", where |
|
<local_domain> is the |
|
domain name that a |
|
DHCP server supplied |
|
to the HiveAP and |
|
12222 is the UDP port |
|
number. If a DNS server |
|
has been configured |
|
to resolve that domain |
|
name to an IP address, the |
|
HiveAP and HiveManager |
|
then form a secure CAPWAP |
|
connection on port 12222. |
|
If the HiveAP cannot make a |
|
CAPWAP connection to HiveManager on port 12222, it tries to reach it by using TCP port 80: hivemanager.<local_ domain>:80.
P/N 330050-02 Rev. A
|
b |
(b) If the DNS server cannot |
|
|
resolve the domain name |
||
|
HiveManager |
to an IP address, the |
|
|
HiveAP broadcasts |
||
|
or |
||
|
CAPWAP Discovery |
||
HiveManager Virtual |
|||
messages on its local |
|||
|
Appliance |
subnet. If HiveManager |
|
|
|
is on the local network |
|
|
|
and responds, they |
|
|
|
form a secure CAPWAP |
|
|
|
connection. |
|
|
|
(c) If the first two |
|
|
|
searches for a local |
|
|
|
HiveManager produce no |
|
HiveManager Online |
results, the HiveAP tries |
||
to contact HiveManager |
|||
|
|
||
|
|
Online at redirector.aerohive. |
|
|
|
com:12222. If the Aerohive |
|
|
|
redirection server has a serial |
|
|
number or MAC address for that HiveAP |
||
c |
in its ACL (access control list), it responds |
||
and they form a secure CAPWAP connection. |
|||
|
|||
|
If the HiveAP cannot make a CAPWAP connection to |
||
|
HiveManager Online on UDP port 12222, it tries to reach it on |
TCP port 80. If that proves unsuccessful, the HiveAP returns to its initial search through a DNS lookup and repeats the cycle.
A HiveAP connected directly to the network is called a portal. You can also place a HiveAP within radio range of a portal so that it forms a wireless link through the portal to the wired network. This kind of HiveAP is called a mesh point. A mesh point initially forms a hive with its portal using a default hive called hive0. Through this link, the mesh point can reach the network and get its network settings from the DHCP server. Then it can form a CAPWAP connection with HiveManager. (To add mesh points after changing the hive name, first connect them to the wired network. Next, push the configuration with the new hive name and password to them from HiveManager. Finally, deploy them as mesh points.)
If the HiveAP forms a CAPWAP connection with the Aerohive redirection server and its serial number has been entered in an ACL, the redirection server automatically redirects the CAPWAP connection to the corresponding HiveManager Online VHM (virtual HiveManager). The redirection server does this by sending the HiveAP the HiveManager domain name or IP address as its new CAPWAP server and the name of the appropriate VHM. If the HiveAP is currently using HTTP, the redirection server includes the configuration needed for the HiveAP
to continue using it. Similarly, if the HiveAP is configured to access the public network through an HTTP proxy server, the redirection server saves the relevant settings on the HiveAP so it will continue using the HTTP proxy server when connecting to HiveManager.
If the Aerohive redirection server does not have the HiveAP serial number, the ACL ignores the CAPWAP connection attempts, and the HiveAP repeats the connection cycle shown previously.
Using the Virtual Access Console
As explained in the previous section, after connecting a HiveAP to the network and powering it on, it acts as a DHCP client and tries to get its network settings automatically from a DHCP server in VLAN 1. However, if there is no DHCP server in that VLAN, if the native VLAN for the network segment is not 1, or if you just want to assign it a static IP address, then you need to access the CLI and define the network settings yourself.
One approach is to use a console cable, which is available from Aerohive as an accessory. Another is to use the virtual access console. This is a way of accessing the CLI on a HiveAP wirelessly through a special SSID that the HiveAP, by default, automatically activates for administrative access when it has no configuration and cannot reach its default gateway.
The default virtual access console SSID name is “<hiveap-hostname>_ac”. The default host name of a HiveAP consists of "AH-" plus the last six digits of its MAC address; for example, AH-123456. In this case, the name of the default virtual access console SSID would be "AH123456_ac". By default, this SSID uses aerohive as the PSK (preshared key) for authenticating user access. To access the virtual access console, do the following:
4 |
Using your wireless client, |
|
|
scan for wireless networks. |
|
|
If you are within range, an |
|
|
SSID such as "AH-123456_ac" |
|
|
appears. |
|
|
Select it, and when |
|
|
prompted to enter a |
|
|
network key, type aerohive |
|
|
and then click Connect. |
|
5 |
Check the IP address of the |
Beacons |
|
||
|
default gateway that the |
|
|
DHCP server on the HiveAP |
|
|
assigned your client. Then |
|
|
make an SSH or Telnet |
|
|
connection to the HiveAP |
|
|
at that IP address. |
|
|
(Note that the Telnet |
|
|
connection is protected by |
|
|
WPA2 security mechanisms.) |
|
C:\>ipconfig
Windows IP Configuration
Ethernet adapter Wireless
Network Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . : 1.1.1.2
Subnet Mask . . . . . : 255.255.255.0
Default Gateway . . . : 1.1.1.1
C:\>telnet 1.1.1.1
6 After logging in to the virtual access console, you can view the status of various functions and make configuration changes. Here are some commonly used commands:
Use these commands: |
To do the following: |
|
|
show interface |
Check the status of both wired and |
|
wireless interfaces |
show interface mgt0 |
See the network settings (IP address, |
|
netmask, default gateway) and VLAN |
|
ID of the mgt0 interface, which is the |
|
management interface of the HiveAP |
|
|
no interface mgt0 dhcp client |
Disable the DHCP client |
interface mgt0 ip <ip_addr> |
Set the IP address and netmask of the |
<netmask> |
mgt0 interface |
interface mgt0 native-vlan <id> |
Set the native (untagged) VLAN that the |
|
switch infrastructure in the surrounding |
|
wired and wireless network uses |
|
|
interface mgt0 vlan <id> |
Set the VLAN for management and |
|
control traffic |
show capwap client |
See CAPWAP client settings and status |
show hive |
See the hive name |
show hive <string> neighbor |
Check for any neighboring hive members |
hive <string> ... |
Create a hive and set its parameters |
show ssid |
See a list of all SSID names |
ssid <string> ... |
Configure an SSID |
interface { wifi0 | wifi1 } ssid |
Bind an SSID to a wireless interface in |
<string> |
access mode |
save config |
Save the configuration to flash |
reboot |
Reboot the HiveAP |
Only set the following command when managing HiveAPs through HiveManager or HiveManager Virtual Appliance. Do not use it with HiveManager Online.
capwap client server name |
Set the IP address or domain name of the |
<string> |
CAPWAP server (HiveManager) |
To see a list of commands, and their accompanying CLI Help, type a question mark ( ? ). For example, to see all the show commands, enter show ?
If you want to find a command that uses a particular character or string of characters, you can do a search using the following command: show cmds | include <string>, where <string> is the word or string of characters you want to find.
Deviceand platform-specific CLI reference guides are available online. (To learn how to access them, see "Where to go for more information" elsewhere in this document.)
Status LED
The status LED in the corner of the HiveAP 330 and 350 indicates various states of activity through its color and illumination patterns (solid or flashing). The meanings of the colors are explained below.
•Dark: There is no power or the status indicator is disabled.
•Blue: (solid) The device is booting up or there is no backhaul link; (flashing) the device is shutting down
•Green: The default route is through the backhaul Ethernet interface, but not all conditions for normal operations (white) have been met.
•Yellow: The default route is through a backhaul wifi interface, but not all conditions for normal operations (white) have been met.
•White: The device is powered on and the firmware is operating normally; that is, a wireless interface in access mode is up, a wired or wireless backhaul link is up, and the HiveAP has a CAPWAP connection to HiveManager.
•Purple: A new image is being loaded from HiveManager or a management AP.
•Orange: An alarm indicating a firmware or hardware issue has occurred.
You can adjust its brightness level from bright (the default) to soft to dim, or turn it off completely. In HiveManager, the setting is on the Configuration > Management Services > Management Options page. CLI: [ no ] system led brightness { soft | dim | off }.
Bright |
Soft |
Dim |
Off |
Mounting the HiveAP 330 and 350
Using the rail mount, you can mount the HiveAP 330 or 350 to the tracks of a dropped ceiling grid.
Using the mounting plate, you can mount it to any flat surface that can support its weight (HiveAP 330: 1.5 lb or 0.68 kg; HiveAP 350: 2.375 lb or 1.08 kg). Both mounting options are explained below. (The HiveAP 330 is shown in these illustrations, but the instructions apply to both models.)
Note: In addition to these methods, you can also mount the HiveAP on a table using the set of four rubber feet that ship with the product. Simply peel the rubber feet off the adhesive sheet and press them against the underside of the HiveAP in its four corners.
Ceiling Mount
To mount the HiveAP 330 or 350 to a standard 15/16"-wide track (2.38 cm) in a dropped ceiling, use one of the two rail mounts that ship with the HiveAP, depending on whether the track is flush with the ceiling tiles or recessed. You also need a drill and—most likely—a ladder.
Nudge the ceiling tiles slightly away from the track to clear some space, and then attach the appropriate rail mount to the ceiling track. When you have the rail mount in the correct location, cut or drill a hole in the ceiling through which you can then pass the Ethernet and power cables.
1 Press the the rail mount upward against the ceiling track so that the track contacts the two pressure tabs and pushes them flush with the rail mount.
Rail Mount
(bird's eye view with
ceiling tiles removed and Ceiling Track the ceiling track shown as
transparentfor clarity)
2 Rotate the rail mount until the two pressure tabs click into place, gripping the ceiling track.
3 In the open space in the L-shaped rail mount, drill a hole in the ceiling tile (not shown). Then pass one or both Ethernet cables through the hole, and if you plan to supply power from an AC power source rather than through PoE, pass the power cable through as well.
Connect the cables and then attach the HiveAP to the rail mount to complete the installation. For the HiveAP 350, attach the articulted antennas and swivel them into a vertical position pointing downward to provide optimal coverage.
4 With the HiveAP upside down, connect the cables (not shown). Align the two V-shaped tabs and the security screw hole extension on the rail mount with the tab slots and security screw cavity on the HiveAP, and press the HiveAP upward until it snaps into place.
(side view) |
Security Screw |
|
Hole Extension |
||
|
||
V-shaped Tab |
V-shaped Tab |
Tab Slot |
Tab Slot |
Security Screw
Cavity
When done, adjust the ceiling tiles back into their former position.
Surface Mount
You can use the mounting plate to attach the HiveAP to any surface that supports its weight, and to which you can screw or nail the plate. First, mount the plate to the surface. Then, in the open space in the L-shaped mounting plate, make a hole in the wall so that you can pass the cables through to the HiveAP. Finally, attach the device to the plate, connect the cables, and for the HiveAP 350, attach the antennas.
Mount the HiveAP on a wall as explained below.
1 With the two flexible V-shaped tabs at |
Note: There are various holes through |
the sides of the plate extending away |
which you can screw or nail the |
from the surface, attach the mounting |
plate in place. Choose the two or |
plate to a secure object such as a wall, |
three that best suit the object to |
ceiling, post, or beam. |
which you are attaching it. |
(bird's eye view)
Security Tab
Extension
V-shaped Tab |
V-shaped Tab |
Tab Slot |
Tab Slot |
Security Screw
Cavity
2 Cut or drill a hole in the wall in the open space in the L-shaped mounting plate, pass the cables through to the HiveAP, and connect them. (You can also run the cables along the wall to the HiveAP instead of through a hole.)
Depending on how the device is powered and how it connects to the network, connect a power cable and one or two Ethernet cables. (The cables are not shown in the illustration.)
3 Align the tabs and security tab extension on the mounting plate with the tab slots and security screw cavity on the HiveAP.
4 Push the the HiveAP against the mounting plate until the tabs click inside the tab slots.
For the HiveAP 350, attach either the articulated or non-articulated antennas. When using the articulated antennas, orient them vertically for best coverage.
Locking the HiveAP
To lock the HiveAP to the rail mount or mounting plate, use either a Kensington lock or the security screw that is included with the mounting kit. To use a Kensington lock, loop the cable attached to the lock around a secure object, insert the T-bar component of the lock into the device lock slot on the HiveAP, and then turn the key to engage the lock mechanism.
To lock the HiveAP to the rail mount or mounting plate or to lock the USB port cover, use the security screw, which is included in the mounting kit. You also need a drilled spanner insert bit for size #6 security screws and a screw driver that will accept the bit. The correct bits are available from Aerohive in sets of three (AH-ACC-SEC-BIT-330-350-3PK).
To use the security screw, follow the steps below:
1 |
If you want to hide the USB |
|
port, attach the USB port |
|
cover by pushing the tab on |
|
the cover into the port. |
2 |
Insert the security screw |
through the hole in the cover and the hole in the chassis. Using a screwdriver with a drilled spanner bit, fasten the
screw to the security tab extension on the rail mount. (If you want
to expose the USB port, use the security screw without the cover.)
|
Rail Mount |
|
|
or |
|
|
Mounting |
|
|
Plate |
|
USB Port |
Security Tab |
|
Extension |
||
|
||
USB Port Cover |
Lock Slot |
|
Security Screw |
||
|
||
Screwdriver |
|
Deployment and Configuration Tips
The following are some tips and suggestions to help you troubleshoot a few common problems that might arise when setting up the HiveAP 330 and 350:
•For the HiveAP 350, make sure that you connect the 2.4 GHz antennas to the 2.4 GHz connectors, and the 5 GHz antennas to the 5 GHz connectors.
•If you manage the HiveAP through HiveManager Online and it does not show up on the Monitor
> Access Points > HiveAPs page, do the following:
––Check if the HiveAP serial number is listed in the ACL (access control list) on the Aerohive redirection server. Log in to myhive.aerohive.com, and then click Redirector > Monitor > HiveAP Access Control List). If not, click Enter, type its serial number in the HiveAP
Serial Number field, and then click Save. When done, reboot the HiveAP.
–– Check connectivity to Aerohive redirection server:
ping redirector.aerohive.com (Check connectivity from the HiveAP network) capwap ping redirector.aerohive.com (Check connectivity through CAPWAP)
––Ensure that any intervening firewalls allow one of the following sets of services from the HiveAP to HiveManager Online:
CAPWAP (UDP 12222), SSH (TCP 22), and HTTPS (TCP 443) or
HTTP (TCP 80) and HTTPS (TCP 443)
•If a wireless client cannot form an association with an SSID, check that the client is within range and that it is configured to use the same authentication method as the SSID. For example, if the client is configured to use Open or WEP authentication but the SSID is set for WPA or WPA2, the client will not be able to associate with the HiveAP. To see the
security settings for an SSID, log in to HiveManager, click Configuration > SSIDs > ssid_name
> Advanced Access Security Settings, and look at the SSID access security type, the key management method, and the encryption method.
•If the client associates and authenticates itself, but the HiveAP cannot forward traffic, check that the HiveAP is assigning the correct user profile and, if so, that it is also assigning the correct VLAN. To see the user profile and VLAN that a HiveAP assigns a client, log in to
HiveManager, click Monitor > Clients > Active Clients > client_mac_address. Check the user profile attribute and VLAN. If those are correct, then check that the client has received its network settings through DHCP. To check connectivity to a DHCP server, click Tools > VLAN Probe, choose the HiveAP with which the client is associated from the HIveAP drop-down list, enter IDs for the VLAN range that you want to check. Click Start to send a DHCP DISCOVER message, and see if it elicits a response. Also check that the VLAN configuration for the port on the connecting switch is correct.
To remove all settings and return the configuration to its factory default settings, enter the reset config command or use a pin to press the Reset button, which is located near the ETH0
port on the underside of the chassis, and hold it down for at least 10 seconds.
Where to go for more information
Technical Documentation
Aerohive provides various technical documents for its products. For information about CLI commands, see the CLI reference guides available in HTML format. For information about HiveManager and HiveAP hardware and software topics, see the Aerohive Deployment Guide (PDF). The deployment guide contains information about HiveAPs and HiveManager appliances,
WLAN deployment considerations, and detailed configuration instructions for commonly used features. To access Aerohive product documentation, visit www.aerohive.com/techdocs.
HiveManager Help System
The HiveManager Help system contains a wealth of information about all the features you can configure through HiveManager. To access it, click the Help icon in the upper right corner of the GUI. A Help topic that pertains to the currently active GUI page appears. To see other Help topics, use the table of contents to browse the system or the search tool to find information about a specific subject.
Support Site
Access technical support services, documentation, and software at www.aerohive.com/support/ login.html. After registering for an account, you will receive a user name and password to enter when logging in. You can contact Support for assistance through the web site or by phone (+1 408.510.6100 or 866.365.9918).
Training
Aerohive offers courses covering the Aerohive cooperative control concepts, the installation and configuration of Aerohive products, and how to troubleshoot issues and optimize performance.
For more information, visit www.aerohive.com/support/training.html.
Aerohive also offers CBT (computer-based training) modules. CBTs are online flash tutorials that explain Aerohive concepts and walk you through configuration procedures step by step. You can use the CBTs to familiarize yourself with the HiveManager GUI and learn how to configure
HiveAPs. Aerohive CBTs are available for free online at www.aerohive.com/techdocs.
©2011 Aerohive Networks, Inc.
Aerohive® and HiveAP® are U.S. registered trademarks of Aerohive Networks, Inc.
P/N 330050-02 Rev. A