Complex Network & Initial Setup of Aerohive

  • 1
  • Question
  • Updated 4 years ago
  • Answered
I'm definitely a NEWB with Aerohive and need a little help...

Lets say Hive Manager is on vlan 101 (192.168.101.0). I have multiple vlans across our network from 2-999. Vlan 1 is not used due to security. At my 'test' station I'm on vlan 35 (192.168.35.0). I can access the HiveManager from any vlan on our network including vlan 35.

My issue is my guest network is on vlan 99 (192.168.99.0). This vlan is completely opened to the outside. I have tried playing with the port configurations to get the AP to communicate with the HiveManager AND access the guest network...

Our SE was not able to instruct me on how to configure our Cisco switching environment to allow this to work. I have made sure the necessary vlans are extended to the access switches but the AP's, when not defaulted, lose communication with the HiveManager.

If I plug into any vlan the AP's can communicate with Hive Manager. It's when I change the AP config vlans to access the guest network is when I have issues.

I have created a Network Policy called Corp-WLAN, user profile and added the vlans and played with the config to get it to work to no avail.

Any help would be greatly appreciated. Thanks!
Photo of MistaWu

MistaWu

  • 17 Posts
  • 1 Reply Like
  • A little confused

Posted 4 years ago

  • 1
Photo of Andrew MacTaggart

Andrew MacTaggart, Champ

  • 483 Posts
  • 86 Reply Likes
configure the switch port as trunk
set the encapsulation
set the native vlan
set switchport mode to trunk
set allowed vlans
add in some switchport non negotiate

console into the AP
int mgt0 vlan 40
int mgt0 native-vlan 60
save the config

assuming you have dhcp on vlan 40 for the mgt0 interface - it should get all it's layer 3 stuff
if you have HMOL, make sure the AP is also getting DNS settings, by default the config may point to Aerohive DNS servers

make sure you set the mgt vlan and native vlan to match what you have configured before you push the config. You should also push your own DNS settings as well as NTP.

on the trunk of the AP all your user vlans should be allowed, you will tie these to ssid or assign them through user profile, by various methods.

if there is a layer 3 boundry between your dhcp and the ap switch you will need to add dhcp helper addresses.

Cheers
A
Photo of David Simon

David Simon

  • 18 Posts
  • 1 Reply Like
I think it will be good when you post a screenshot of your network policy here.
The second think which will be good to know is, if you use HiveManager Online or an HiveMananger appliance.

Also there is a very good feature called "VLAN probe", with this tool you can check if
there are the VLANs available which you need.

Monitor -> "Select your AP" -> Utilities -> VLAN Probe
Photo of MistaWu

MistaWu

  • 17 Posts
  • 1 Reply Like
Andrew,

Here is where I get stumped. Our Hive Manager is on vlan 101. So, when I make the changes to the policy and upload the config to the AP it loses connectivity... Maybe I'm just over thinking this but I can't seem to get this to work over our Cisco switched network...
Photo of MistaWu

MistaWu

  • 17 Posts
  • 1 Reply Like

In my initial post I changed IP's and vlan's. However, This is my network policy. The Hive Manager is on the 101 vlan and our guest network is on 801. I've configured my port with the following:

interface FastEthernet0/6 description Trunk DB-1 Aerohive Test AP
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 801
 switchport trunk allowed vlan 2,3,16,35,36,101,121-124,165,191,500,801
 switchport mode trunk
Photo of Andrew MacTaggart

Andrew MacTaggart, Champ

  • 483 Posts
  • 86 Reply Likes
Assuming HMOP - hive manager on premise

the HM can be anywhere assume vlan 101 - a serverfarm vlan

The management vlan is for the APs[What management vlan will the APs belong to let's say 40] and does not need to be in the same vlan as the HM server.

Native vlan can be any unused vlan shared among the APs let's say 33

after you push your config you lose your HM visibility - which means you are breaking the capwap process.

http://www.aerohive.com/330000/docs/help/english/6.1r5/hm/full/help.htm#config/APs/capwap.htm?Highli...

Mgmt vlan dhcp options - For the APs
scope
lease
etc...
option 225 ascii "hivemanager.yourdomain"
option 226 ip 10.1.2.3

in dns you can configure

hivemanager.yourdomain. IN A 10.1.2.3

and PTR records

10.1.2.3  IN PTR hivemanager.yourdomain.

I would make the guest network different then the native vlan
assign the guest vlan and make sure the user profile settings match

then use vlan probe under tools to make sure the AP can get a dhcp address for that vlan.

so in summary

HMOP VLAN 101 - but no need to add to the trunk as long as routable
MGMT VLAN FOR APs 40 - add to the trunk - add the options 225 and 226 to dhcp for the aps
NATVIVE VLAN 33 - set in trunk as native and allowed
GUEST VLAN 801 - set in trunk - add to user policy and assign to SSID - test with vlan probe tool

Cheers
A




Photo of MistaWu

MistaWu

  • 17 Posts
  • 1 Reply Like
Awesome. I got everything up and working. Thanks!