9.2.4.1. AeroHIVE

AeroHIVE products are a bit different compared to the other vendors. They support either a local HiveManager (kind of a wireless controller) or a cloud-based HVM. However, the configuration is the same for the local and the cloud-based controller. Note that all the configurations are made on the HVM and then pushed to the APs.

AAA Client Settings

In the HVM, go to Configuration → AAA Authentication → AAA Client Settings, and insert the proper properties:

  • Give a RADIUS Name

  • Add a RADIUS server with Authentication as the server type and primary as the role

  • Make sure Permit Dynamic Change of Authorization is ticked (RFC 3576)

Public SSID

Again in the HVM, go to Configuration → SSIDs, and create a new ssid with the following:

  • Give a Profile Name and an ssid Name

  • Choose Open as the Access Security

  • Select Enable MAC Authentication

  • Select your RADIUS server from the RADIUS Server dropdown list

Secure SSID

In the HVM, go to Configuration → SSIDs, and create a new ssid with the following :

  • Give a Profile Name and an SSID Name

  • Choose WPA2 Enterprise as the Access Security

  • Select WPA2-802.1X as the key management

  • Select CCMP as the encryption method

  • Select your RADIUS server from the RADIUS Server dropdown list

Caching and Roaming

AeroHIVE have a session replication feature to ease the EAP session roaming between two access points. However, this may cause problems when you bounce the wireless card of a client, it will not do a new RADIUS request. Two settings can be tweaked to reduce the caching impact; the roaming cache update interval and roaming cache ageout. They are located in Configuration → SSIDs → [SSID Name] → Optional Settings → Advanced. The other way to support Roaming is to enable SNMP trap in the AeroHIVE configuration to OpenNAC server. OpenNAC will recognize the ahConnectionChangeEvent and will change the location of the node in his base.

External captive portal

First configure the AAA server as described in the section above in the Hive Manager.

Portal configuration

  • Go to Configuration → Authentication → Captive Web Portals and create a new portal.

  • Select Select Registration Type = External Authentication.

  • Go to the section Captive Web Portal → Login Page → Settings and set the Login URL to http://<your_captive_portal_ip>/AeroHIVE::AP and Password Encryption to No Encryption.

  • Use the User Profiles to define your web authentication VLAN.

External portal ssid

Again, in the Hive Manager, go to Configuration → SSIDs, and create a new ssid with the following:

  • Give a Profile Name and an ssid Name

  • Choose Open as the Access Security

  • Select Enable Captive Web Portal

  • Select your RADIUS server from the RADIUS Server dropdown list

In the guided configuration, you will now be able to select your new ssid, the Portal you want to use and the AAA server.