Sunday, August 9, 2015

Aerohive and SonicWall update

See previous post about initial feedback of Aerohive setup.

I have really liked Aerohive cloud dashboard for the per device visibility within my new wireless network.

Since the AP130 has advanced routing capabilities built-in. I assumed I only needed to make sure it had an IP address that it can route to/from the internet. I now have my SonicWall's interface X4 connected to Aerohive midspan which is connected to the access point. (Previously I plugged directly into AT&T U-verse router, bypassing firewall.) I added interface X4 to LAN zone for more security scanning (IPS and Content Filtering), visibility, and file sharing capabilities. The LAN environment is still on 192.168.168.1 255.255.255.0 network. I added wireless aerohive WLAN network within the LAN zone (no NAT policies) and assigned the 192.168.10.1 255.255.255.0 network to X4. I double checked that routing was enabled on this interface with this IP address.

After I plugged in the AP130 the way it currently is, the white light on the access point turned amber and lost internet connectivity. I logged into Aerohives cloud dashboard and learned that the Aerohive AP130 does not have a built-in dhcp server. So I had to go back into the SonicWall's DHCP services and create a lease scope of 25 IP addresses. After hitting accept on the SonicWall it took a couple of minutes and command of IPCONFIG /RENEW for the AP130 to get an IP Address and then give this machine an IP address of 192.168.10.22 255.255.255.0. The AP130 light has been white since and been serving up internet for family and whoever my step-son share the preshare secret key with. He had a friend that came over with an iPhone and they streamed YouTube videos.

Since the new wireless network has the LAN zone content filtering policy assigned to it, I am blocking pornography on wireless connectivity again. Also I have the dashboard visibilty of the SonicWall for tracking source and destination IP address at an application level and Geo-IP filtering. So at the end of the day I have more information to coorelate for user/device tracking on my home/lab network.

Again this was easy to set up and use. Since I have familiarity with how subnets talk to each other, it took maybe an hour of my time yesterday. Also wasted 30 minutes this morning looking at my .10 network connections in the firewall and correlating that info with what I see in Aerohive's cloud dashboard.    

 
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)