This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Cannot connect to SSID with cloud ppsk

Cannot connect to SSID with cloud ppsk

nico
New Contributor

‎11-15-2019 10:23 AM

I followed the instruction:

"Articles

Self Registration PPSK SSID in Hivemanager"

 

Everything worked fine, but when I use the key I get the error that I cannot connect to this network.

 

I also tried it with a local password db and then I can connect. But that's not an option because I want to use self registration, which only works with an cloud db.

0 Kudos
5 REPLIES 5

nico
New Contributor

‎11-25-2019 01:14 PM

When I connect through SSH I get the result "connected", with CLI i didn't get any response (so that's my fault).

I created different groups a few times with different settings, with zero result.

I purchased Aerohive through a reseller, so I've to contact them to raise a support case.

 

Thx for the help so far.

0 Kudos

ashley_finch
Contributor III

‎11-25-2019 01:05 PM

When you say:

"I'm not getting any results with: exec _test tcp-service host 34.253.190.201 port 2083"

Is this though SSH/Console access to the AP? If you're doing it through the HiveManager CLI you'll need to do a "show log buf" and scroll to the top to see the result.

Should just be the MGT IP/VLAN needed for FW rules.

 

Can you try recreating the user group to see if it has any effect on this?

If not I'd raise a support case if you're able to.

0 Kudos

nico
New Contributor

‎11-25-2019 10:48 AM

I ran a debug at the AP:

ah_auth: aaa: ah_wpa_external_ppsk_req: request pmk for "macadresclient" failed, reason: RADIUS server rejected this user

 

Any ideas?

0 Kudos

nico
New Contributor

‎11-15-2019 02:38 PM

Hello Ashley,

 

Thank's for you answer.

 

show idm

 

IDM client: Enabled Per SSID

IDM Proxy IP: 172.18.60.23

IDM proxy: Enabled

IDM server: cloud-ie-idmauth.aerohive.com

IDM server IP: 34.253.190.201

RUN state: Connected securely to the IDM server

IDM transport mode: TCP

Server destination Port: 2083

RadSec Certificate state: Valid

RadSec Certificate Issued: 2019-11-14 12:53:01 GMT

RadSec Certificate Expires: 2020-11-13 12:53:01 GMT

show clock

 

2019-11-15 15:36:37 Friday

 

I'm not getting any results with:

exec _test tcp-service host 34.253.190.201 port 2083

 

I looked at firewall rules and added the tcp 20000~20256. This rule is on the management vlan of Aerohive. Is this correct or do the Wifi vlan's also need access to these services?

0 Kudos
GTM-P2G8KFN