Layer 1:
- Is the AP properly powered?
- Check your switch port power over Ethernet (PoE) capability. Is it 802.3af or 802.3at capable?
- What is the switch PoE budget and is it overloaded?
- Is your Ethernet cable length within spec?
- Are you using at least Cat5e cables minimum as required for PoE?
- Does your cable pass a continuity test? All copper wires need to be aligned, none are broken, or crossed.
- If your AP is located outdoors, are you using a shielded Ethernet cable run and is it properly grounded?
- This isn't intended to cover all aspects of structured cabling but it's important to get it right.
Layer 2:
- Switch port configuration:
- The AP port needs to be set as Trunk.
- Native VLAN: your AP by default is using an untagged management VLAN.
- Allowed VLANs: not critical yet but ensure that all tagged traffic VLANs are in this list.
- Go up the stack and verify your uplink ports are configured properly. Devices on the native VLAN need to get to the DHCP server.
- Run the VLAN Probe to confirm your AP can query the DHCP server.
(Click to enlarge image)
- Does your DHCP scope have enough available IPs?
- Is DHCP handing out valid DNS addresses?
- TIP: APs by default use OpenDNS addresses to resolve redirector.aerohive.com. If these are blocked then your AP can't reach XIQ. Exact addresses are located in a Network Policy > Additional Settings tab > DNS Server
- If you are blocking OpenDNS IPs you have options; get a console cable, SSH, or temporarily allow it on the management network.
- CLI: Show dns
- CLI: DNS server-ip <enter internal DNS IP>
- CLI: capwap client server (to check on its status)
- If you're using a local cloud deployment then you need to check two settings:
- Check your DNS 'A' Record for hivemanager.contso.com
- Next, check your DHCP scope for Option 43 to ensure its pointing to your local virtual machine
Layer 3:
- Make sure your layer 3 device is either servicing DHCP or it needs a DHCP helper.
- Ensure your firewalls are configured according to the Firewall Configuration Guide located in XIQ > mouse hover over your name and click About. (click to enlarge)
- Click the hyperlink:
Next steps:
- Did you forget to add the device serial numbers to XIQ?
- Console into your AP
- Username: admin
- Password: aerohive (default until the AP joins a network policy)
- Is your AP getting an IP address: show interface mgt0
- Can you PING your gateway IP, 8.8.8.8, and www.google.com?
So you got your AP communicating with the cloud. Nice work! But, always a butt. Your APs are flapping up and down and you confirmed the AP is stable on the LAN. You need to configure your Firewall to extend the UDP timeout for port 12222 to 5+ minutes. Each firewall vendor is different.
When in doubt, factory reset the AP and start from scratch.
Okay, if you're cursing now and want to throw your AP out the window, go ahead and give support a call. They can dive into your specific network configuration to see where the issue may lie.
In my experience, no two networks are alike so I hope something in here helped you solve your issue.
In my experience, no two networks are alike so I hope something in here helped you solve your issue.
Cheers!
-Mike
No comments:
Post a Comment