Aerohive (Extreme) wireless controller - WPA2 Enterprise configuration

  • Updated

This guide describes how to set up and test your Aerohive environment so you can use it with Cloud4Wi WAP2 Enterprise service

 

 

Log in to the ExtremeCloud IQ Dashboard

To start the configuration process, log in to the ExtremeCloudIQ Dashboard as admin.  For existing environments with additional users, log in as a user with administrative privileges.

 

The ExtremeCloud IQ Dashboard appears. Your access points are displayed.



Note: There are a number of options you can set. Only the options that require your input are shown. Default values are used for options that don’t need adjustment.

 

Configure the wireless LAN

To configure the wireless LAN, you create a network policy (profile), an SSID, and RADIUS servers.

Create a network policy

  1. Click Configure in the menu bar on the left of the Dashboard.


  2. Select Network Policies.



    The     Network Policy page appears.


  3. Click Add Network Policy.

    The     Network Policies New Policy page appears. The Policy Details tab is open.


  4. Under What type of policy are you creating?, leave the box checked next to Wireless. Uncheck the boxes next to Switches and Routing.
  5. Enter a Policy Name, such as “Cloud4Wi_network_policy”.
  6. Click Save on the bottom right.



    The     Wireless Networks page appears.

Create an SSID

  1. Click Configure in the menu bar on the left of the dashboard.
  2. Select Network Policies under Configure.
  3. Select Wireless Networks at the top.
  4. Click + to create an SSID.
  5. Select All other Networks (standard).



    A page appears where you’ll define the SSID and authentication settings.

    mceclip0.png
  6. Enter an SSID Name for internal purposes, such as “Cloud4Wi_Secure_WiFi” and a Broadcast Name that your clients will see. The names can be the same.
  7. For SSID Usage, select Enterprise. (The default is Private Pre-Shared Key.)
    In the field Key Management select WPA2-802.1X and as Encryption Method chose CCMP (AES)


Add RADIUS authentication servers to the network policy

It’s important to set up a secure RADIUS connection between the wireless LAN controller and Cloud4Wi.

To add RADIUS authentication servers to your network policy, you create a server group and then add servers to the group.

  1. Still on the Wireless Networks page, scroll down to Authentication Settings.
  2. Under Authenticate via RADIUS Server, click + to add a RADIUS server group.



    The     Configure RADIUS Servers dialog box appears.



  3. Enter a RADIUS Server Group Name, such as “Cloud4Wi_radius_group”.
  4. Click Settings to the right of the server group description.
    mceclip1.png

    The     Select RADIUS Settings dialog box appears.


  5. Change the Accounting interim update interval to 300 (seconds).
  6. Click Save RADIUS Settings on the bottom right.

    You return to the     Configure RADIUS Servers dialog box.

  7. Click + under External RADIUS Server to add a RADIUS server to the server group.

    mceclip2.png

    The dialog box expands to display a     New External RADIUS Server section.

    mceclip3.png
  8. Enter the Name, such as “Primary_radius”.
  9. Click + next to IP/Host Name.


  10. Select IP Address.

    The     New IP Address or Host Name dialog box appears.

    mceclip4.png
  11. Enter the object Name, such as “Primary”.
  12. Enter the Primary RADIUS IP Address (52.48.102.108) in IP Address.
  13. Click Save IP Object on the bottom right.

    You return to the     New External RADIUS Server section. You see the name of the object you created in the IP/Host Name field.




  14. Enter the Shared Secret communicated by Cloud4Wi team during delivery of your Cloud4Wi account

  15. Click Save External RADIUS on the bottom right.

    You return to the     Configure RADIUS Servers page where you see the server you added (Primary_radius).

    mceclip5.png
  16. Check the box next to the server you added. This indicates you want to add it to the server group.

  17. Click Save RADIUS on the bottom right to save your RADIUS configuration.

    You return to the     Authenticate via RADIUS Server section of the Wireless Networks page. You see the RADIUS server group and server you created.

    mceclip6.png

  18. Repeat steps 7-17 to add the secondary RADIUS server for high availability. The secondary RADIUS IP address is 34.252.97.217

  19. Click Save on the bottom right to save your network policy configuration.

    You return to the     Wireless Networks page where you see the SSID you created.

 

 

Assign the SSID to the network policy

 

  1. Still on the Wireless Networks page, select the SSID by clicking the checkbox next to the SSID (Cloud4Wi_Secure_WiFi).



  2. Click Next on the bottom right. Clicking Next assigns the selected SSID to the network policy.


The network policy configuration is complete.

 

Related articles

Articles in this section

See more