User's Manual
Chapter 11 Deployment Examples (CLI)
172 Aerohive
Step 5 Configure the RADIUS Server to accept authentication requests from the HiveAPs
Log in to the RADIUS server and define the three HiveAPs as access devices. Enter their mgt0 IP addresses (or
fully-qualified domain names) and shared secret.
Step 6 Check that clients can form associations and access the network
1. To check that a client can associate with a HiveAP and access the network, open a wireless client application
and connect to the "employee" SSID. Then contact a network resource, such as a web server.
2. Log in to the HiveAP CLI, and check that you can see the MAC address or the associated client and an indication
that the correct SSID is in use by entering the following command:
The setup for using IEEE 802.1X is complete. Wireless clients can now associate with the HiveAP using SSID
"employee", authenticate themselves through IEEE 802.1X to a RADIUS server, and access the network.
Note: You can also enter the following commands to check the association status of a wireless client:
show auth, show roaming cache, and show roaming cache mac <mac_addr>.
Check that the MAC and IP
addresses in the table match
those of the wireless client .
Check that the authentication and
encryption modes match those in
the SSID security protocol suite.
show ss
id employee station
Chan=channel number; Pow=Power in dBm;
A-Mode=Authentication mode; Cipher=Encryption mode;
A-Time=Associated time; Auth=Authenticated;
UPID=User profile Identifier; Phymode=Physical mode;
Mac Addr IP Addr Chan Tx Rate Rx Rate Pow A-Mode Cipher A-Time VLAN Auth UPID Phymode
-------------- ---------- ---- ------- ------- --- -------- ------- -------- ---- ---- ---- -------
0016:cf8c:57bc 10.1.1.73 1 54M 54M -40 8021x aes ccm 00:02:34 1 Yes 0 11b/g
Total station
count: 1