none
allowing Aerohive Access points access

    Question

  • we are evaluating aerohive access points.  we plug them in, they get an ip address, but they cannot seem to make a connection to the cloud based controller throught the tmg2010.  if i ssh to the access point, i can easily ping (by name or ip) the cloud controller - so we have connectivity.

    the config guidelines say it will try http and then try udp (12222) to make the connection.  when i look at the tmg monitoring i see that:

    1. when using http it has an allowed connection entry followed by a closed connection entry

    2. when using UDP it says 'unidentified ip traffic (UPD:12222)

    my basic access rules (that allow anyone access to anything over any protocol) should allow it to work.  failing that, i have created some url and network address groupings and created a rule to allow all users and protocols access to those addresses.  nothing has worked thus far.

    suggestions?

    thanks

    Friday, February 10, 2012 9:03 PM

Answers

  • Hi,

    You have create new Protocol UDP 12222 in Toolbox under Protocols and add this protocol in your access rule.

    I hope this will help you.

    Thanks,


    Best Regards, ----Naresh Man Maharjan,Nepal---- www.msserverpro.com

    • Marked as answer by BJ_gunnery Monday, February 13, 2012 7:59 PM
    Saturday, February 11, 2012 9:14 AM

All replies

  • Hi,

    You have create new Protocol UDP 12222 in Toolbox under Protocols and add this protocol in your access rule.

    I hope this will help you.

    Thanks,


    Best Regards, ----Naresh Man Maharjan,Nepal---- www.msserverpro.com

    • Marked as answer by BJ_gunnery Monday, February 13, 2012 7:59 PM
    Saturday, February 11, 2012 9:14 AM
  • Hello,

    What is the error message that you get when you enable logging and sniff blocked traffic?

    To create a new protocol using port 12222 on UDP, refer to that: http://technet.microsoft.com/en-us/library/cc441512.aspx



    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    Saturday, February 11, 2012 10:54 AM
  • thanks - that did the trick!

    Monday, February 13, 2012 7:59 PM
  • Glad you were able to get you Aerohive AP to connect to the controller host, BJ. I'm trying to accomplish the same thing, so far with no success and a mixed bag of error conditions, depending on how I set the AP communications settings.

    1. I've created the UDP 12222 protocol as documented above (actually did this before reading this thread) but my AP still can't seem to connect to the cloud controller host.

    2. The least error prone configuration seems to be to set the AP to use the cloud controller host address provided by Aerohive, port 12222 with the "use HTTP" and proxy settings blank.

    3. Set this way, the AP can CAPWAP ping the controller host with no problem, the AP CAPWAP client and server IP addresses seem valid, but the AP just can't get to the controller host.

    ***The are 2 pieces of weirdness that might be impacting all this:

    3.1 Set up as in bullet 2, the AP generates traffic on UDP 12222 to the destination IP = 255.255.255.255, which is being blocked by TMG. Not sure what to do about this, but it's the only traffic coming off the AP that is being denied.

    3.2 The AP generates a lot of port 80 traffic to the cloud controller host that is failing with "Status: 64 The specified network name is no longer available", followed directly by a "Closed Connection"

     4. I've created HTTPS and malware inspection exemptions for *.aerohive.com and *.opcloudsource.net domain names, even tried creating a source exemption for the AP, so far with no luck.

    The AP just won't connect to the cloud controller. I'm ready to send my AP330 back.



    • Edited by dalegreen Wednesday, October 10, 2012 11:17 PM
    Wednesday, October 10, 2012 11:14 PM
  • OK, just got off the phone with Aerohive Support who tell me, after all this head scratching, that their servers weren't redirecting CAPWAP traffic properly from my AP to the correct directory in their server infrastructure. Brilliant. The Aerohive guy identified the problem in about 10 seconds after I read him the symptoms more or less as listed above and fixed it.

    Now my AP is connected to the cloud controller and I can manage it as designed. Yeesh.

    Wednesday, October 10, 2012 11:42 PM