Sunday, March 15, 2015

Configuring Aerohive Access Points-CLI Part 1: The Basics

The Basics- what's that? A simplified version of the Aerohive configuration manual. Without a further a do-let's start configuring.

We'll start with connecting to it. Use 9600 8N1 to connect.

After it boots up you should get a screen like this:

The default username is admin and the password is "aerohive" without the quotes. If those don't work try to reset it by pushing the reset pinhole fo r30 seconds while plugged in.

Next, you will want to disable it's communication with any HiveManager, local or in the cloud. You can do this by typing the command:
no capwap client enable
Confirm this by typing:
show capwap client
You should get an output like what is shown below:

Now, let's configure a basic wireless network.
Create your security. With Aerohive everything is separated, your security, radios, SSID's and more advanced things like users, user groups, and profiles are all separated; you need to join them manually, like making a 3 layer cake.
To create the security object(like a container where every security related setting is stored) type:
security-object MyWiFi

Now, we have our proverbial container-lets put some security inside of it:
security-object MyWiFi security protocol-suite wpa2-tkip-psk MyPassword
What this is saying is self-explanatory: Use WPA2 with TKIP and a Pre-Shared Key. The other options are as follows:
Please note that you won't see your password being typed in. It will be replaced with asterisks.
GREAT! We have our "security" now let's give it an SSID. Type:
ssid MyWiFi
to create it. This is what will be broadcast and visible to clients.
Next associate the security object with the ssid.
ssid MyWiFi security-object MyWiFi
Awesome! Now you can whip out you phone and try to connect. Wait have you been listening to me? Do you remember when I said something like this..... "With Aerohive everything is separated, your security, radios, SSID's and more advanced things like users, user groups, and profiles are all separated; you need to join them manually, like making a 3 layer cake." Of course you remembered, right? RIGHT? To associate your SSID to a wireless radio, that is what we call the device that actually transmits the signal, you need to issue the command:
interface wifi0 ssid MyWiFi
And this is where we go into the murky world of Aerohive products..... Each Aerohive product has a different radio configuration, on an AP230 there is 2 radios, a 2.4GHz that does b/g/n and a 5GHz that does a/n. I could go through this all day but to make thing easy, just search for you AP's data sheet. On the second page you should see something like this:
Usually the b/g/n radio is the first radio. In this case I want to enable wireless AC:
interface wifi1 ssid MyWiFi
If you followed my guide to a letter you can try connecting to the MyWiFi SSID with a password of MyPassword but be sure to have some network connected to the eth0 port(or the only ethernet port).

Please comment on what you want to see next! I could do VLANing, PPSK, multiple SSID's.....


  1. Thank you. This is awesome info. I am becoming more and more inclined to write my own interface for these devices. Do you have any additional CLI info that you could point my direction. I would like to be able to use my aeroflops without having to pay 1000's of $$$s in extortion fees to some crazy money hungry company. Thaanks in advance and best regards...

    1. Take a look at Aerohive's website, they have a complete CLI guide available.

  2. Thanks for posting this! It's very helpful. I'd would like to ask if you can make an how-to about VLAN and SSID. I work with an AP230 and a AP 120. THANKS!!

    1. Sure, you want to see a single SSID and a VLAN or multiple SSIDs and VLANs?

  3. Hey. I found older Android devices were not able to connect . I had to change the cipher suite to wpa-auto-psk. Here's the amended config that worked well for me, in case it helps anyone.

    radio profile SSIDNAME
    radio profile SSIDNAME5
    radio profile SSIDNAME5 phymode 11ac
    radio profile SSIDNAME5 channel-width 40
    security-object SSIDNAME
    security-object SSIDNAME security protocol-suite wpa-auto-psk ascii-key ***
    ssid SSIDNAME
    ssid SSIDNAME security-object SSIDNAME
    interface wifi0 radio profile SSIDNAME
    interface wifi1 radio profile SSIDNAME5
    interface wifi0 ssid SSIDNAME
    interface wifi1 ssid SSIDNAME
    admin root-admin admin password ***
    no capwap client enable

    1. Absolutely, the only thing you would have needed to change are the security protocol suite options.

  4. I would like to know if these AP can be turned into a repeater? How can I increase the radio transmit power?