Today I was working on a HiveManager at one of our clients that pushes out a config to all HiveAP’s that has three SSID’s, one for Guest Access, one for PPSK access and one for 802.1x clients. My client had purchased a public certificate for 802.1x authentication, but the HiveManager would not allow me to select the certificate in the HiveAP AAA Server settings.
A quick chat with our local Aerohive tech resulted in the recommendation to update to 4.1r4, the latest update for the 120 AP’s before passing this issue to support. I updated our 6 120’s and the HiveManager, and found the 802.1x clients now were able to connect to the network, but with “Limited Connectivity”, the clients were allocated an APIPA address (169.254.x.x). Guest and PPSK clients were unaffected. As a plus I was able to install the required certificate, but this didn’t matter if the clients wouldn’t get an IP Address. I spoke to our local contact about the Aerohive 4.1 issue with 802.1x clients not getting DHCP leases and he suggested collecting more info for a support case.
Using the VLAN Probe tool I was able to estabish that the VLAN was fine and functional, and the DHCP scope was not exhausted. Running a network trace we were able to watch the auth process and verify the client sent a DHCP Discover message, the server responded with a DHCP Offer and then nothing, no DHCP Request/ACK. We rolled back to 4.1r1, same issue. Then ended up going all the way back to 4.0r1, which were were on previously… Success! Strangely we’ve got other clients that are setup in the exact same way and are on 4.1r4 – This one has been escalated to Aerohive Support now. I’ll update with the results of this case when this is resolved.