Integrating SecureW2 with Aerohive Networks

Integrating SecureW2 with Aerohive Networks

Integrating an Aerohive wireless network with SecureW2 allows an organization to upgrade to a WPA2 Enterprise, certificate-based wireless network. By leveraging existing infrastructure, integrating with the Aerohive system requires no forklift upgrades and adds numerous security advantages. The benefits of a WPA2-Enterprise network with certificate-based authentication are experienced upfront, and certificates can be configured for uses such as SSL inspection, VPN, and wired security, and much more. The setup below will demonstrate how to integrate with an x.509 certificates for Aerohive Wi-Fi access.

To complete this setup, you will need to have configured:

  • A SecureW2 RADIUS Server
  • A SecureW2 Network Profile
  • An Identity Provider

Configuring the Network Policy

  1. In the Aerohive dashboard, click Configure > Network Policies > Edit (the edit symbol pertaining to the SecureW2 Policy)
  2. Click the Wireless Networks tab and click Add > All other Networks (Standard)
  3. In the Name (SSID) field and Broadcast Name field, enter a name for the network
  4. In the SSID Usage section, ensure that Enterprise WPA/WPA2 802.1X is the selected SSID Authentication
    • Key Management should be set to WPA2-(WPA2 Enterprise)-802.1X
    • Encryption Method should be set to CCMP (AES)
    • Enable Captive Web Portal should be set to OFF

Configuring the settings of the new Network Policy

 

Connecting the RADIUS Server

  1. Next to Default RADIUS Server Group, click the + symbol to add a RADIUS server
  2. Enter a Name (and Description, if desired), click Add, and select External RADIUS Server
  3. Enter a Name
    • This is where we will connect the SecureW2 RADIUS
  4. Navigate to the SecureW2 Management Portal and click AAA Configuration in the AAA Management Section
  5. Copy the Primary IP Address and navigate back to the Aerohive dashboard where we were configuring the RADIUS
  6. In the IP/Host Name field, click the + symbol and select IP Address
  7. Enter a Name and paste the Primary IP Address into the IP Address field, and click Save IP
  8. Navigate to the SecureW2 Management Portal and copy the Port, then paste the Port in the Authentication Port field
    • Ensure that the Authentication Port is checked and the Accounting Port is unchecked
  9. Do the same for the Shared Secret in the SecureW2 Management Portal
  10. Click Save External RADIUS, and you will be directed back to the Configure RADIUS Servers window

Configuring the primary IP RADIUS server

  1. Click Add and select External RADIUS Server
  2. Enter a new name in the Name field and we will repeat steps 4 thru 10, except instead of the Primary IP Address, copy and paste the Secondary IP Address
  3. In the Configure RADIUS Servers window, click Save RADIUS
    • In the Authenticate via RADIUS Servers section, you will see both RADIUS servers that were configured
  4. Click Save
  5. Click the Deploy Policy tab and select the checkbox for the device listed and click Upload > Perform Update

Deploying the network policy to selected devices

Concluding Thoughts

Once completed, network users will be able to securely connect to a WPA2-Enterprise network. An organization’s risk of credential leaks, MITM attacks, and Evil Twin attacks will drop dramatically with the security benefits of certificates. Network administrators will be able to remotely diagnose potential connection issues of users in the network, as well as increase visibility by tying a user and device to every network connection. This setup for a certificated-based authentication network can be completed in as little as hours. So if you’d like to try out SecureW2, or have any questions about how we integrate with Aerohive, drop us a line! We are happy to introduce a network professional with an Aerohive expert to facilitate a free trial and show how easy it can be to deploy certificate-based authentication.

Aerohive is either registered trademarks or trademarks of Aerohive Networks in the United States and/or other countries. Other trademarks, logos and service marks used in this site are the property of SecureW2 or other third parties.

  • Email addresses from free providers (Gmail, Hotmail, etc.) will not be accepted.
  • This field is for validation purposes and should be left unchanged.