Aerohive | Mesh Nachbar anzeigen

Um die Empfangsstärke von Access Points mit Mesh Konfiguration anzuzeigen kann dies entweder über den Hivemanager stattfinden (Geräte-ID benötigt) oder über die SSH-Shell mit dem Befehl:

show acsp neighbor

Die APs brauchen eine Mindeststärke von -80DBm im Empfang um überhaupt eine Verbindung aufzubauen.

Aerohive |Restricting throughput bandwidth in User Profile policy

Restricting throughput bandwidth in User Profile policy

  • Question
I am having difficulties being able to restrict the bandwidth to an SSID using the User Profile policy.Within User Profile: QoS Settings > Rate Control & Queuing Policy
I have tried using the same limit (eg 5400 kbps) for each of the User Rate Limits and Policing Rate Limits.

I have also setting Radio and Rates and MCS values to N/A from the SSID Optional Settings > Radio and Rates > 2.4 and 5 GHz settings.

I would prefer to keep the SSID policy as standard and only adjust the User Profile policy.

So far I have only been able to provide no noticeable limits to users, through to an unusable service.

It would be great to have a quick overview of how best to manage and limit the bit rate available to certain User Profiles.

thanks,
Jason
„Aerohive |Restricting throughput bandwidth in User Profile policy“ weiterlesen

Benötigte Aerohive ports zur erfolgreichen Kommunikation und Konfiguration

Source: https://community.aerohive.com/aerohive/topics/ap121_behind_watchguard_firewall_with_hivemanager_online

Brian Ambler, Sr. Technical Support Engineer

Hello Jan,

It would be expected that if only UDP 12222 were allowed outbound through the firewall, the AP would be able to form a CAPWAP client but would be unable reach the HiveManager to successfully push configuration updates. By default, a HiveAP will use UDP 12222 to establish CAPWAP and TCP 22 to form a secure connection to the HiveManager to push complete configuration updates. The HiveAP can fail over to use TCP 80 for CAPWAP and TCP 443 for configuration updates, but if a successful CAPWAP connection is formed over UDP 12222 the AP will continue to look to open an SCP connection over TCP 22. I have excerpted the following from our Help documentation for more detail; should you need more information on this subject I would recommend calling our ATAC team at (866) 365-9918 and someone on our Support team will be able to assist you further.

Services and Firewall Policies (from Help System):

It is likely that the policy set on most firewalls already permits outbound traffic on TCP port 80 for HTTP, but it is less likely that they permit outbound traffic on UDP port 12222 for CAPWAP. To avoid having to reconfigure the firewall, you can configure devices behind the firewall to communicate with HiveManager Online using HTTP on TCP port 80 instead of CAPWAP UDP port 12222. Furthermore, if outbound traffic must pass through an HTTP proxy server, you can configure devices to send CAPWAP over HTTP to the proxy server. Note that HiveManager Online uses HTTP only for monitoring devices and pushing delta config updates. When downloading files such as HiveOS image files, full configurations, captive web portal pages, and certificates from HiveManager Online to devices, devices use HTTPS. (With a physical HiveManager appliance, the devices use SSH for these file downloads.) In addition, for uploading packet captures to either HiveManager or HiveManager Online, devices use HTTPS. Therefore, if there is a firewall in front of the devices, it must allow the following types of outbound services:

To HiveManager: CAPWAP (UDP port 12222), SSH (TCP 22), and HTTPS (TCP 443)

To HiveManager Online: CAPWAP (UDP 12222), SSH (TCP 22), and HTTPS (TCP 443); or

HTTP (TCP 80) and HTTPS (TCP 443)

My Aerohive APs are connected by CAPWAP, but why is their connection status shown as disconnected?

This can happen if there is a firewall policy blocking outbound traffic on UDP port 12222 for CAPWAP. To avoid having to reconfigure the firewall, you can configure HiveAPs behind the firewall to communicate with HiveManager Online using HTTP on TCP port 80 instead of CAPWAP UDP port 12222.

There are the two necessary CLI commands:

 

    • capwap client transport http

 

    • capwap client server port 80

 

If outbound traffic must pass through an HTTP proxy server, you can configure HiveAPs to send CAPWAP over HTTP to the proxy server.
To accomplish that, enter these 2 CLI commands:

capwap client http proxy user password

 

    • capwap client http proxy name port

 

  • capwap client http proxy name port