Aerohive Ap141 settings for trunk connection with Cisco Catalyst switch

  • 1
  • Question
  • Updated 4 years ago
  • Answered
What settings do I have to change on an Aerohive AP141 in order to get it to connect on a Cisco trunk port?

Both sides of the connection are utilizing the same native vlan and the AP is set to backhaul mode which should allow trunking.
Photo of Shaun Giddings

Shaun Giddings

  • 2 Posts
  • 0 Reply Likes

Posted 5 years ago

  • 1
Photo of Brian Ambler

Brian Ambler

  • 245 Posts
  • 126 Reply Likes
Hi Shaun,

Could you be more specific in the issue that you are seeing? I have an AP141 connected to a Cisco Catalyst 2950 in my lab (on a trunk port) and am not seeing any issues with connectivity.

Cisco switchport configuration:
Oberon#sho run int fa0/22
Building configuration...

Current configuration : 161 bytes
!
interface FastEthernet0/22
description *** Lab AP ***
switchport trunk native vlan 2001
switchport trunk allowed vlan 2001-2004
switchport mode trunk
end

Configuration running on the AP:
Photo of Shaun Giddings

Shaun Giddings

  • 2 Posts
  • 0 Reply Likes
Cisco Switch Port Config:

CLHSIDFBsw5#show run int gi0/6
Building configuration...

Current configuration : 148 bytes
!
interface GigabitEthernet0/6
switchport access vlan 11
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,11
switchport mode trunk
spanning-tree portfast
end

Aerohive Settings:


These are the settings I have. But the AP loses its CAPWAP connection to HiveManager Online. I feel like the issue is simple I am just missing something obvious.

I should also say the native vlan on the port is 1.
Photo of sorren4

sorren4

  • 2 Posts
  • 0 Reply Likes
I'm having a similar issue. A response after the last post would be helpful.
Photo of Andrew MacTaggart

Andrew MacTaggart, Champ

  • 483 Posts
  • 86 Reply Likes
remove
switchport access vlan 11 - it's a trunk port
not needed on a trunk port
remove spanning tree portfast - this is only for access ports, not trunk ports

it is recommended in all the security books I have read not to use vlan 1 as the native vlan

also create the vlans
SW(config)#vlan 123
SW(config-vlan)#name myvlanfor something
or you can leave the default VLAN0123

if you are doing inter vlan routing
then you have to create the vlan interface
int vlan 123
no shut
ip add 192.168.224.1 255.255.255.0
descript my guest vlan

native vlan should not have IP address

interface GigabitEthernet1/0/2
description AEROHIVE AP 6FLA1 08ea:44xx:xxxx;
switchport trunk native vlan 333
switchport trunk allowed vlan 420,155,224,333
switchport mode trunk
switchport nonegotiate

Don't configure backhaul or anything on the Aerohive
just console in
Set the management vlan
Set the native vlan

assuming DHCP is setup for management vlan

that is all you have to do

6FLA1#show interface mgt0
Admin state=enabled; Operational state=up;
DHCP client=enabled;
Default IP subnet=192.168.0.0/255.255.0.0;
IP addr=192.168.224.91; Netmask=255.255.255.0; Default Gateway:192.168.224.1;
VLAN id=224; Native vlan id=333;
MAC addr=08ea:44xx:xxxx; MTU=1500;
Rx packets= 8732317; errors=0; dropped=0;
Tx packets=17115919; errors=0; dropped=0;
Rx bytes=1288713803 (1.200 GB); Tx bytes=2842478357 (2.647 GB);
Photo of Andrew MacTaggart

Andrew MacTaggart, Champ

  • 483 Posts
  • 86 Reply Likes
Also go to the additional settings

Management Server Settings

configure DNS, NTP, SNMP, SYSLOG, etc.. as needed



these might be helpful

http://blogs.aerohive.com/blog/the-wi...

http://blogs.aerohive.com/blog/the-wi...
Photo of Andrew MacTaggart

Andrew MacTaggart, Champ

  • 483 Posts
  • 86 Reply Likes
I should add

to configure the vlan and native vlan from cli you can use whatever vlan #

usually i try to separate the managemnet traffic from user traffic
native-vlan traffic is usual used for control traffic, like trunk negoiation, spanning tree etc..

6FLA1#interface mgt0 vlan 224
6FLA1#interface mgt0 native-vlan 333
6FLA1#save config

*make sure you change the vlans to match in the gui before you push the config out.

so just to recap
create mgmt vlan that has dhcp just for the APs - or you can statically configure ip if you want
create a native-vlan that has no DHCP or IPs assigned - strictly layer 2
Create users vlans

allow all those vlans on the trunk

use the vlan probe tool to make sure the AP can get an IP on all your vlans, except the native vlan

Cheers
A
Photo of Andrew MacTaggart

Andrew MacTaggart, Champ

  • 483 Posts
  • 86 Reply Likes
Just wanted to add one more note

using port-fast should only be used on access ports. Ports you know only have 1 client.
If you are going to use port fast then you should add spanning-tree bpduguard enable so if a user or worse a hacker plugs a switch into your port it will shut down.

you can add the following to bring the port back if the violation disappears
errdisable recovery cause bpduguard
errdisable recovery interval 30
Photo of MistaWu

MistaWu

  • 17 Posts
  • 1 Reply Like
If we use inter-vlan routing in our network, do the AP's have to be on the same vlan? Let's say we have several data vlans, 40-50, due to the size of our network. I have an AP plugged into vlan 40 on one switch and another AP plugged into vlan 50 on another switch.

Assuming our vlan routing is configured correctly, our AP's should be able to communicate even though they are on different vlans?
Photo of Amanda

Amanda

  • 396 Posts
  • 25 Reply Likes
New question which deserves its own thread. Please reference the new topic here: If we use inter-vlan routing in our network, do the AP's have to be on the same v...