The Device Is Currently Disconnected From Hivemanager. Please Try Again Later.

CAPWAP - Automatically Discovering HiveManager Classic

Aerohive devices and HiveManager Archetype communicate with one another through CAPWAP (Control and Provisioning of Wireless Admission Points). The devices human action equally CAPWAP clients and HiveManager Archetype acts every bit a CAPWAP server. The devices tin can course a CAPWAP connectedness with HiveManager Classic in whatsoever of the following ways:

• When the devices are in the aforementioned Layer 2 circulate domain as a HiveManager Classic appliance or HiveManager Classic Virtual Appliance, they broadcast CAPWAP Discovery Request messages to discover HiveManager Archetype and plant a secure connection with it automatically.
• If there is no HiveManager Classic in the same circulate domain but the devices can reach the HiveManager Classic Online redirection server—and if their serial numbers have already been added to the HiveManager Classic Online ACL (access control list)—then they can course secure CAPWAP connections with the redirection server (or redirector). From there, the redirector automatically assigns the connected devices to a VHM (virtual HiveManager Classic) at the MyHive site or to a HiveManager Archetype appliance—physical or virtual—at another site. If the redirector does not automatically redirect a device to a VHM, an ambassador can do it manually.
• Finally, Aerohive devices and a local HiveManager Classic might exist in different subnets and the devices either cannot reach HiveManager Archetype Online, or they can but they are not listed in the ACL (mayhap because they are not included in whatever HiveManager Classic Online account). In these cases, the devices cannot discover HiveManager Classic by dissemination CAPWAP Discovery Request messages, nor can they reach the redirection server. So that the devices tin class a CAPWAP connection to HiveManager Archetype, you tin can use one of the following methods to configure them with the HiveManager Classic domain name or IP address or configure them so that they tin learn it through DHCP or DNS settings. After devices have the IP accost of the CAPWAP server, they and then transport unicast CAPWAP Discovery Request letters to that address.

Log in to the CLI on each device and enter the IP accost of the CAPWAP server with the following control: capwap client server name <cord>

Configure the DHCP server to supply the HiveManager NG domain name (equally sub-option 225) or IP accost (every bit sub-pick 226) nether Vendor-Specific option 43 in its DHCPOFFER. (If you lot use a domain proper name, the administrative DNS server for that domain must also exist configured with an A record that maps the domain proper noun to the HiveManager NG IP address.) Aerohive devices identify themselves by populating DHCP option lx (Vendor Grade ID) with a value of "AEROHIVE" by default when they broadcast DHCPDISCOVER and DHCPREQUEST letters.

• If you demand to change the DHCP selection number (perchance considering some other custom pick with that number is already in apply on the DHCP server), enter this command with a unlike choice number for the variable number: interface mgt0 dhcp client option custom hivemanager <number> { ip | string }

If HiveManager Classic continues to use its default domain proper name ("hivemanager") plus the proper noun of the local domain to which information technology and the devices vest, configure an authoritative DNS server with an A record that resolves "hivemanager.<local_domain>" to an IP address. If devices do not have an IP address or domain proper noun configured for the CAPWAP server and practice not receive an address or domain name returned in a DHCP option, and so they endeavor to resolve the domain name to an IP address.

When a device goes online for the first time without any specific CAPWAP server configuration entered manually or received as a DHCP pick, it progresses through the cycle of CAPWAP connexion attempts shown below.

A device continued straight to the network is called a portal. You can too place a device within radio range of a portal so that it forms a wireless link through the portal to the wired network. This kind of device is called a mesh point. A mesh indicate initially forms a hive with its portal using a default hive called hive0. Through this link, the mesh indicate can attain the network and become its network settings from the DHCP server. So it can form a CAPWAP connectedness with HiveManager Classic. (To add mesh points after changing the hive proper noun, first connect them to the wired network. Adjacent, push the configuration with the new hive name and countersign to them from HiveManager Classic. Finally, deploy them every bit mesh points.)

If the device forms a CAPWAP connection with the Aerohive redirection server and its serial number has been entered in an ACL, the redirection server automatically redirects the CAPWAP connection to the corresponding HiveManager Classic Online VHM (virtual HiveManager Classic). The redirection server does this by sending the device the HiveManager Classic domain proper noun or IP address as its new CAPWAP server and the name of the appropriate VHM. If the device is currently using HTTP, the redirection server includes the configuration needed for the device to continue using it. Similarly, if the device is configured to access the public network through an HTTP proxy server, the redirection server saves the relevant settings on the device and so it will go along using the HTTP proxy server when connecting to HiveManager Classic.

If the Aerohive redirection server does not have the device serial number, the ACL ignores the CAPWAP connection attempts, and the device repeats the connexion cycle shown higher up.

Reconnecting to HiveManager Classic

For Aerohive devices that take connected to HiveManager Archetype at to the lowest degree once and and then accept disconnected from HiveManager Classic, the gild of the CAPWAP car discovery process prevents devices from connecting to a local HiveManager Archetype inadvertently. For case, if HiveManager Archetype is running on the local network for test purposes, or running on a Virtual Machine on a laptop, and then you lot upgrade HiveManager Archetype, your devices might inadvertently connect to the local HiveManager Classic instead of the HiveManager Classic to which they originally belonged. In addition, you can prevent devices from connecting to an unauthorized HiveManager Classic that might take been inadvertently placed in the same subnet as these devices.

Preventing the discovery process on a local subnet improves the robustness of the cloud discovery process. Also, the default auto discovery procedure that unconfigured devices use to make a CAPWAP connection to HiveManager Classic is contained of this process and remains unchanged.

Setting the CAPWAP Auto Discovery Procedure

Yous can further customize the CAPWAP auto discovery procedure to the disable local broadcast discovery process. To enable the new sequence for CAPWAP auto discovery, click Home > Device Management Settings to brandish the Device Management Settings folio. Articulate the check box side by side to the "Enable devices to transmit CAPWAP broadcasts to discover HiveManager Archetype in their local subnet" choice and so click Update. So push this configuration change to your existing devices.

Services and Firewall Policies

It is likely that the policy fix on virtually firewalls already permits outbound traffic on TCP port 80 for HTTP, but it is less likely that they permit outbound traffic on UDP port 12222 for CAPWAP. To avoid having to reconfigure the firewall, you can configure devices behind the firewall to communicate with HiveManager Classic Online using HTTP on TCP port lxxx instead of CAPWAP UDP port 12222. Furthermore, if outbound traffic must laissez passer through an HTTP proxy server, you tin configure devices to send CAPWAP over HTTP to the proxy server. Note that HiveManager Archetype Online uses HTTP simply for monitoring devices and pushing delta config updates. When downloading files such as HiveOS image files, full configurations, captive web portal pages, and certificates from HiveManager Classic Online to devices, devices utilize HTTPS. (With a physical HiveManager Classic appliance, the devices use SSH for these file downloads.) In addition, for uploading package captures to either HiveManager Classic or HiveManager Classic Online, devices utilise HTTPS. Therefore, if there is a firewall in front end of the devices, it must allow the following types of outbound services:

To HiveManager Classic: CAPWAP (UDP port 12222), SSH (TCP 22), and HTTPS (TCP 443)

To HiveManager Classic Online: CAPWAP (UDP 12222), SSH (TCP 22), and HTTPS (TCP 443); or

HTTP (TCP 80) and HTTPS (TCP 443)

Troubleshooting the Initial CAPWAP Connection to HiveManager Classic Online

As explained in the previous department, when you connect a device to the network and power it on, it showtime tries to connect to a local HiveManager Archetype. If it cannot practise that, the device automatically tries to connect to the redirection server. The server checks if the serial number of the device is listed in its ACL—which should be the case equally Aerohive enters the serial numbers of newly purchased devices in the appropriate ACL as part of the sales process. If the ACL contains the device serial number, the redirector then redirects the device to the right HiveManager Classic Online VHM, where the device appears on the Monitor > All Devices page. Log in to your MyHive account, click HiveManager Archetype Online and navigate to the All Devices folio. If yous do not encounter the device listed in that location, take the following steps to resolve the situation:

• Depending on network atmospheric condition and firewall policies, it can sometimes take up to 10 minutes for a device to connect to the assist server and be redirected to the HiveManager Classic Online VHM to which it belongs. Exist sure to give the device plenty time to complete the connection process before proceeding.

1. Click Redirector > Monitor > Access Control Listing, and check if the device serial number is listed there.
2. If the serial number is absent-minded from the ACL, practice the following:

ii.1 Click Enter, type the serial number, then click Save.

• If an error message appears stating that the series number already exists in the system, contact Aerohive Technical Back up for further help as explained in the "Support Contact Information" section in " ".

ii.2 Check if the device now appears on the Monitor > All Devices page in HiveManager Classic Online. Recollect that information technology might take up to ten minutes for it to complete the connection process.

2.3 If the device all the same does not appear on the All Devices page, power the device off, wait five seconds, power it dorsum on, and and so check the All Devices folio again.

2.four If the device notwithstanding does not appear on the All Devices page, check that the device tin can access the Internet and that any firewall between information technology and the redirection server allows outbound traffic using either UDP 12222 or TCP fourscore.

If the device connects and appears on the All Devices page in your HiveManager Classic Online VHM, you have successfully resolved the issue and can stop troubleshooting. If not, continue to the next stride.

3. If the series number of the device is listed in the ACL on the redirector but the device does not announced on the All Devices page in HiveManager Archetype Online, get-go follow steps 2.3 and 2.4 (if you have not already washed and then). If information technology still does not announced, the device might exist redirected to the HiveManager Classic Online home arrangement, which can occur if the CAPWAP server proper name on the device was accidentally misconfigured. To reassign information technology your VHM, exercise the post-obit:

three.1 In HiveManager Archetype Online, click Configuration > Testify Nav > Advanced Configuration > Device Machine Provisioning > SN Direction > Scan SN, type the xiv-digit serial number for the device, and then click Salvage. After that, click Abolish to close the Imported device Serial Numbers dialog box.

3.2 On the Auto Provisioning page, click New, enter the following, and and so click Save:

Enable Car Provisioning: (select)

Device Model: Choose the advisable device model from the drop-down list.

Employ access control: (select)

Imported Serial Numbers: (select)

Select the serial number that y'all just entered in the previous pace and click the right arrow ( > ) to move it from the Bachelor Serial Numbers column to the Selected Series Numbers cavalcade.

3.3 Reboot the device to reset its CAPWAP state to Discovery. When it contacts the redirection server this fourth dimension, HiveManager Classic Online will apply the access control defined in the automatic provisioning configuration and redirect the device to your VHM.

williamsracture.blogspot.com

Source: https://docs.aerohive.com/330000/docs/help/english/8.2r1/hm/full/Content/config/APs/capwap.htm

Share this post