cancel
Showing results for 
Search instead for 
Did you mean: 

Problems with the CLI Config

Problems with the CLI Config

Joebacca
New Contributor
admin root-admin TRON password xxxxxxxx

no capwap client enable

security-object Wifi1
security-object Wifi1 security protocol-suite wpa2-aes-psk ascii-key xxxxxxx
security-object Wifi1 default-user-profile-attr 30

security-object Wifi2
security-object Wifi2 security protocol-suite wpa2-aes-psk ascii-key xxxxxx
security-object Wifi2 default-user-profile-attr 31

ssid THEHIVE1
ssid THEHIVE1 security-object Wifi1

ssid THEHIVE2
ssid THEHIVE2 security-object Wifi2

hive TRONS-HIVE
hive TRONS-HIVE password xxxxxxxxx

interface wifi0.1 ssid THEHIVE1 interface wifi1.2 ssid THEHIVE1
interface wifi0.2 ssid THEHIVE2
interface wifi1.3 ssid THEHIVE2

interface mgt0 hive TRONS-HIVE

user-profile Wifi1 qos-policy def-user-qos vlan-id 30 attribute 30
user-profile Wifi2 qos-policy def-user-qos vlan-id 31 attribute 31

interface wifi1 radio channel 44

hostname TRONSHIVE-AP1

save config



From this point on I have difficulties what to do. How do I have to wire it.

I have a switch that is connected to my router on the switch I have ETH1 and power I get via power cable POE.
Why do I have to do a hard reset.



  1. Now that the base config has been written in the AP, there are two more lines we need to set so that we will be able to contact the device's management interface:
    This will be where we need to switch cables and rely on the power block
    interface mgt0 vlan 32 interface mgt0 ip 10.11.12.2 255.255.255.0
    The procedure to push this conf is simple:
    – AP should be connected to a network with working dhcp.
    – Power on the AP.
    – Perform a hard reset: once it is powered on well, insert a small pin into the reset hole. The light will slightly blink a few times, and then stay blue.
    – Let the AP boot again until light is green.
    – Once the light is green, find the IP of the AP. I used nmap for this: as root:
    #nmap -sP 172.28.200.1-254
    I use root for this as access to the MAC tells you which device it is
    JuPiTeR ~ # nmap -sP 172.28.200.1-254
    Host is up (0.00057s latency).
    MAC Address: 00:19:77:00:00:00 (Aerohive Networks)
    Nmap scan report for 172.28.200.92
    Host is up (0.00058s latency).
    MAC Address: 00:19:77:00:00:00 (Aerohive Networks)
    Nmap scan report for 172.28.200.93
    Host is up (0.00056s latency).
    MAC Address: 00:19:77:00:00:00 (Aerohive Networks)
    Nmap scan report for 172.28.200.94
    Host is up (0.00057s latency).
    MAC Address: 00:19:77:00:00:00 (Aerohive Networks)
  2. Once you know the IP, then edit the following conf to fit your needs
    (change login/pass, SSID names, PSK, vlan, hive password, …)
    admin root-admin newadminlogin password newadminpassword
    system led brightness dim
    no capwap client enable
    security-object Wifi1
    security-object Wifi1 security protocol-suite wpa2-aes-psk ascii-key "One of your networks_PSK"
    security-object Wifi1 default-user-profile-attr 30
    security-object Wifi2
    security-object Wifi2 security protocol-suite wpa2-aes-psk ascii-key "the other network's PSK"
    security-object Wifi2 default-user-profile-attr 31 ssid Wifi1
    ssid Wifi1 security-object Wifi1
    ssid Wifi2
    ssid Wifi2 security-object Wifi2
    hive Wifi-Hive
    hive Wifi-Hive password A-strong-hive-assword
    interface wifi0.1 ssid Wifi1
    interface wifi1.2 ssid Wifi1
    interface wifi0.2 ssid Wifi2
    interface wifi1.3 ssid Wifi2
    interface mgt0 hive Wifi-Hive
    user-profile Wifi1 qos-policy def-user-qos vlan-id 30 attribute 30
    user-profile Wifi2 qos-policy def-user-qos vlan-id 31 attribute 31
    interface wifi1 radio channel 44
    hostname WifetteHive-AP1
    save config
Now you are ready to push the conf, for this:
  1. Plug in the simple not tagged network cable
  2. ssh into the device (default login is admin, and default password is aerohive)
  3. Copy your conf and paste it in the terminal – don't forget to save config!
  4. change the management vlan: "interface mgt0 vlan 32" - Your device should look like it froze.
  5. close that terminal, and switch to the cable carrying tagged vlan32 (there should be a dhcp… find the devices address on that vlan) –> if you don't use a power block here, you're screwed… because pulling the wire will reset the device to last saved conf, hence erasing the "interface mgt0 vlan 32".
  6. ssh to the device on its new IP,
  7. optionally, give it a fix IP in the mgt control vlan: "interface mgt0 ip 10.11.12.7 255.255.255.0"
  8. save config once again.
Your config should be up and running.

Testing your config:

1: Test your wifi with some device (if it doesn't work, you did something wrong)
2: Check the conf with ssh, we will test with 4 commands:
$ ssh 172.28.200.94
Aerohive Networks Inc.
Copyright (C) 2006-2015
WifetteHive-AP3#show interface
aerohive cli show interface
aerohive show interface

Show us the interfaces of selected AP. the important things here:
Wifi0 is in access mode, while wifi1 is in dual mode. Dual here means access and backhaul, access being the one for clients, and backhaul the one the AP's use to communicate between themselves. Here you see why numbers didn't match in the config's tricky part:
wifi0.1 –> SSID Wifette (2.4Ghz)
wifi0.2 –> SSID Picard (2.4Ghz)
wifi1.1 –> backhaul
wifi1.2 –> SSID Wifette (5Ghz)
wifi1.3 –> SSID Picard (5Ghz)

WifetteHive-AP3#show station
aerohive cli show station
aerohive show station

We can see all clients connected to the different SSID's of the current AP, in this case, there is one connected to wifi0.1 (thus on wifette in 2.4Ghz as we saw on the previous picture)

WifetteHive-AP3#show hive Wifette-Hive neighbor
aerohive cli show hive Wifette-Hive neighbor
aerohive show hive hive_neighbor

Here we can see that the AP's can see each other… in this case, Wifette-Hive AP3 can see 3 other access points, and they are part of the same hive.

In my case, the main objective of the hive, is that all AP's act as one, and allow customers to roam without disconnection. For this, the hive uses a "roaming cache"…
WifetteHive-AP3#show roaming cache
aerohive cli show roaming cache
aerohive show roaming cache

In this case, we can see that 3 clients are connected to other access points of the hive. AP3 already has the information about these clients (thanks to the hive), and if client 3 get better signal from AP3 than from the one he is currently connected on, the device will switch from AP transparently.


Thx for help
0 REPLIES 0
GTM-P2G8KFN