This one goes out to my library people who need to report unique clients by location to Uncle Sam in order to get paid. If you can get a data dump of your Wi-Fi stats that include all connected client MAC addresses you can use Microsoft Excel on Windows & PowerPivot table tools to create a report of what you need.
Many libraries across the nation chose Aerohive and HiveManager Classic for this very reason. Our ExtremeCloud IQ reports aren't quite as elegant so this is an easy way to get your stats.
"When in doubt, go to the library." — Ron Weasley in Harry Potter and the Chamber of Secrets by J.K. Rowling
TL;DR - Navigate to NeverSSL.com when you need a CWP to pop up. The title of this post would suggest I don't have a captive web portal (CWP) issue when connecting to an open SSID. I'd be lying and you would be too. They're a pain to deal with. Everyone has come up with their tricks. CWPs absolutely hate me. Not sure what I did but every device I own simply doesn't like them. The worst culprit for me was Southwest flights. The struggle was real. Was being the keyword.
A BIG shout out to our Aerohiive Support Center staff for this nugget I'm about to share. The next time you try to connect to an open Wi-Fi SSID and that pesky CWP doesn't popup, open any web browser and navigate to neverssl.com. BAM! Like magic that little guy is free to pop up and take your money or information.
How does this work? Let's read it from the horse's mouth.
"neverssl.com will never use SSL (also known as TLS). No encryption, no strong authentication, no HSTS, no HTTP/2.0, just plain old unencrypted HTTP and forever stuck in the dark ages of internet security."
Simply put, your browser needs to go to a website that isn't encrypted to trigger the redirection. Most websites, if they're smart, use HTTPS. Once your browser tries to call up a website it redirects you to a different web server displaying the CWP you've so long desired for.
Once you've dealt with whatever the CWP needed from you, you're free to move about the interwebs. Well, that's the theory anyway. To the people who are responsible for paying for the domain and web hosting for the betterment of all mankind, I applaud you and thank you. As a funny side note, here's what I never have to do again:
Try to find an HTTP: website
Open a new tab in incognito mode and try to go somewhere not HTTPS.
Try every browser on the planet which I have three installed
Connect, forget, connect, forget, connect and pray it pops up
Turn off and on your wireless radio
Renew your DHCP lease after you connect the first, second or tenth time
So you bought this new cloud-managed Wi-Fi system and you plug-in your first access point and nothing is happening. Let's take a step back and ensure layer 1 is good to go. The OSI Model will be our guide. While this guide is going to focus on ExtremeCloud IQ (XIQ) the steps are similar to many systems.
Layer 1:
Is the AP properly powered?
Check your switch port power over Ethernet (PoE) capability. Is it 802.3af or 802.3at capable?
What is the switch PoE budget and is it overloaded?
Is your Ethernet cable length within spec?
Are you using at least Cat5e cables minimum as required for PoE?
Does your cable pass a continuity test? All copper wires need to be aligned, none are broken, or crossed.
If your AP is located outdoors, are you using a shielded Ethernet cable run and is it properly grounded?
This isn't intended to cover all aspects of structured cabling but it's important to get it right.
Layer 2:
Switch port configuration:
The AP port needs to be set as Trunk.
Native VLAN: your AP by default is using an untagged management VLAN.
Allowed VLANs: not critical yet but ensure that all tagged traffic VLANs are in this list.
Go up the stack and verify your uplink ports are configured properly. Devices on the native VLAN need to get to the DHCP server.
Run the VLAN Probe to confirm your AP can query the DHCP server. (Click to enlarge image)
Does your DHCP scope have enough available IPs?
Is DHCP handing out valid DNS addresses?
TIP: APs by default use OpenDNS addresses to resolve redirector.aerohive.com. If these are blocked then your AP can't reach XIQ. Exact addresses are located in a Network Policy > Additional Settings tab > DNS Server
If you are blocking OpenDNS IPs you have options; get a console cable, SSH, or temporarily allow it on the management network.
CLI: Show dns
CLI: DNS server-ip <enter internal DNS IP>
CLI: capwap client server (to check on its status)
If you're using a local cloud deployment then you need to check two settings:
Check your DNS 'A' Record for hivemanager.contso.com
Next, check your DHCP scope for Option 43 to ensure its pointing to your local virtual machine
Layer 3:
Make sure your layer 3 device is either servicing DHCP or it needs a DHCP helper.
Ensure your firewalls are configured according to the Firewall Configuration Guide located in XIQ > mouse hover over your name and click About. (click to enlarge)
Click the hyperlink:
Next steps:
Did you forget to add the device serial numbers to XIQ?
Console into your AP
Username: admin
Password: aerohive (default until the AP joins a network policy)
Is your AP getting an IP address: show interface mgt0
Can you PING your gateway IP, 8.8.8.8, and www.google.com?
So you got your AP communicating with the cloud. Nice work! But, always a butt. Your APs are flapping up and down and you confirmed the AP is stable on the LAN. You need to configure your Firewall to extend the UDP timeout for port 12222 to 5+ minutes. Each firewall vendor is different.
When in doubt, factory reset the AP and start from scratch.
Okay, if you're cursing now and want to throw your AP out the window, go ahead and give support a call. They can dive into your specific network configuration to see where the issue may lie.
In my experience, no two networks are alike so I hope something in here helped you solve your issue.
If you're reading this you're probably searching for any guidance on accomplishing the task of migrating your Aerohive Wi-Fi system from Classic to the new HiveManager NG platform. It's worth noting that Extreme Networks has rebranded HiveManager to ExtremeCloud IQ or XIQ for short. It's the same platform, just with a new name. Classic end of sale has been announced: March 31, 2020. It will continue to function after this date, just no new sales.
There isn't an easy button to migrate to XIQ. The software platforms are not A to B so the Network Policy needs to be rebuilt from scratch. You can migrate your maps, drawn walls, hostnames, static IPs, and AP locations fairly easily. There's a YouTube video that covers the Classic Cloud to the new Cloud. There's a written VHM Migration Guide to aid you in the process. YouTube: https://www.youtube.com/watch?v=QOvEUEPhkVY Doc covering all migration combinations: http://docs.aerohive.com/330000/docs/help/english/ng/Content/reference/guides/mig-vhm-migration.htm ^^^If the Doc link is ever broken, click on the ? icon in XIQ's interface and search for VHM Migration Guide. Deployment Options:
Public Cloud in AWS (Most common)
Extreme also has many retail customers in Google and has recently announced Azure regional datacenter
Private Cloud in AWS, Google, Azure, or in your own datacenter
Local Cloud on-prem (VMWare Virtual Machine)
If you still need assistance, reach out to your Extreme sales team for guidance. Licensing: If you're current on your Classic Cloud subscription you can simply copy your license keys into ExtremeCloud IQ. If you are on-prem you'll need to reach out to your Extreme sales rep to get new keys. Caveats to consider when migrating:
BR200W routers are compatible but the wireless radios turn off.
Cloud Virtual Gateway (CVG) is not compatible. Virtual Gateway Virtual Appliance (VGVA) is the replacement. You can also terminate an XR600P for smaller deployments.
Make sure your devices are on the compatible list. Accurate as of the date of this post (click image to enlarge)
I hope this helps you on your journey to better Wi-Fi.
If you're looking at JumpCloud.com for cloud-hosted RADIUS and you want to integrate your ExtremeCloud IQ (formerly HiveManager NG), then you've come to the right place.
Here's a video guide that walks you through creating and configuring a simple setup in JumpCloud and how to configure an SSID to use it.
We've been approached by small school districts with a few sites that do not have Active Directory or any central directory service. JumpCloud is an option we found and figured out how to integrate our Wi-Fi system. JumpCloud has a plethora of video content to help you get the most out of their service. They offer many services beyond the scope of this post.
Based on ExtremeCloud IQ version: 19.9.1.3 (October 2019)
Feel free to leave any comments below.
Cheers!
-Mike EDIT: Here's the advanced video to assign Tunnel-IDs so that you can associate proper VLANs to specific User Groups in JumpCloud.
I had a customer that wanted an official public statement of the effects of Wi-Fi on people's health. This is a reasonable ask since they are a public library and get questioned by their patrons. We all know the public is full of opinions. I've never seen a manufactures website claim anything in regards to people's health. That sounds like a lawsuit in the making, so I did some digging since I was also curious to know what people were saying. First I came across many posts about the new scary cellular 5G technology. This also covers the topic of ionizing radiation that's harmful enough to change someones DNA. This one is a good read: https://www-whistleout-com.cdn.ampproject.org/c/s/www.whistleout.com/CellPhones/Guides/is-5g-safe/amp After a quick distraction, I focused on searching for articles about Wi-Fi and for anything from an Oncologist perspective. Not all doctors get everything right but at least it's a perspective to ponder: https://www.forbes.com/sites/quora/2016/05/19/a-radiation-oncologist-says-everything-you-need-to-hear-about-wifi-and-cancer-risk/ These articles didn't quite get the job done, so I knew the only official statement would come from a governing agency in the US and that's the FCC and possibly the CDC but I came up short there. Here's what I found from the FCC: https://www.fcc.gov/consumers/guides/wireless-devices-and-health-concerns
Wi-Fi Alliance certifies access points to ensure they adhere to the IEEE standards ( https://www.wi-fi.org/ )
I hope this helps someone else in the quest to determine if Wi-Fi is about to kill us all. OPINION ALERT! Radio waves have been bouncing around for over a hundred years and the media hasn't protested the evil radio stations, TV studios, Cell phone companies, etc. The interwebs don't lie: https://en.wikipedia.org/wiki/Radio_wave Okay, okay the internet lies but think about this. Wi-Fi Radio Frequency for 2.4GHz is in the same spectrum as Microwaves. That's a scary thought. The very thing that cooks our food can carry modulated signals that transmit data from one device to another. Look at the chart below. 1 Watt is the max transmit from a radio in the US. Microwaves cook food between 600 and 1200+ Watts. That's 1200 times more than the highest transmit power of a Wi-Fi radio. If you look at the green highlighted areas we are bombarded with waves at .00000001mW to .0001mW. That's significantly lower than harmful radiation.
Feel free to contribute to the topic in the comments below. Thanks for reading. -Mike
What the heck is this CWNE all about? https://www.cwnp.com/about is a vendor-agnostic organization that promotes and recognizes wireless engineers through professional certifications. It's widely recognized in the industry. I've completed the CWNA and CWDP as of this post. I still need the CWSP and CWAP certs before I can submit my application for the CWNE. There are other entry-level courses that I didn't know about when I first started so I started with the first required certification CWNA. Here's the path I'm taking to get to CWNE:
Certified Wireless Network Administrator (CWNA)
I read the CWNA Study Guide 5th Edition CWNA-107 by David Coleman & David Westcott
I took the practice exams on CWNP.com
Certified Wireless Design Professional (CWDP)
This topic was my strength
I read the Design chapter in the CWNA Study Guide book
I took the practice exams on CWNP.com
Certified Wireless Security Professional (CWSP)
I'm reading the CWSP Study Guide CWSP-205 by David Coleman & David Westcott
I'll take practice exams
Certified Wireless Analysis Professional (CWAP)
This one is the toughest for me as I haven't really dived into packet captures to the level you need for this exam.
I plan to take a boot camp class
Certified Wireless Network Expert (CWNE)
The first step is to contribute to the community and I'm starting here with this blog.
If you're starting your Wi-Fi career, here's a great place to start: https://www.cwnp.com/wireless-knowledge-quiz I wish you the very best of luck in your journey. I hope that one of these blog posts will help you along the way. Godspeed, Mike
