Wireless Infrastructure

12:43 PM
Lee Badman
Lee Badman
Connect Directly

How To Control Applications On Aerohive WLANs

Aerohive includes application visibility and control features that let you identify and set policy around popular applications crossing your wireless network. Here’s how to set it up.

The modern WLAN system is so much more than just a client access framework. It also offers a slew of security and performance-enhancing features that can increase the value of your wireless network. In this piece, I'll walk through how to use Application Visibility and Control (AVC) feature on an Aerohive wireless network.

AVC delivers information on client behavior that used to only be available from a mega-analyzer tool in the network core. AVC reports on applications in use across the WLAN, and lets administrators set policies to restrict or prioritize particular applications. This means you can ensure that business apps don't get crushed on the WLAN by users indulging in Hulu and YouTube.

Some vendors, such as Cisco, tack on licensing requirements for AVC capabilities, while others include the feature in the overall price. AVC is included with Aerohive's HiveManager. I run a small Aerohive network, so I was very pleased to see AVC show up as part of an update to my online HiveManager account.

It's up to you to enable and define how you want AVC to work for your environment, which I'll cover how to do here.

This walk-through assumes that you have an Aerohive WLAN and starts with a wireless network already in service. I'll show you how to see and report on applications running on your network and how to find the right fields to create usage policies.

The configuration process isn't exactly intuitive, but it's worth the trouble. I've used this capability for a couple of months now, and I can't imagine doing without AVC.

You'll need to log into your HiveManager account and ensure you're running the 6.0r2a or higher version of the code. If you have older code, just open a support ticket. Aerohive tends to be fast on the support turnaround.

After login, go to Dashboard>Applications, where I'll start the AVC configuration process. Note that before you begin, there is nothing shown in the Application window; it's up to you to shape the magic first. After you do, the page gets exciting.

AVC configuration starts with the definition of an Application Watchlist, which you'll find under Reports> Report Settings. The Watchlist is made up of as many as 30 applications to which you can apply policies. Building the list is as simple as moving applications from the left table to the right.

The applications come from a library on HiveManager, which is sourced from a third party. The list is occasionally updated during regular HiveManager updates. Because Aerohive is working from a third-party list, there are likely to be applications within your organization that won't be recognized.

(click image for larger view)
application watch list

After you define your Watchlist (and you can edit it later), hit the Update button at top of screen. At this point, you have applications of interest defined, but not pushed to your access points yet. (Remember, with Aerohive, there is no controller.)

To get the Watchlist pushed to your Aerohive APs, navigate to Configuration>Devices>Aerohive APs. You'll see the "angry red exclamation point" icon indicating a config change needs to be pushed to the APs to make them current. Select the APs that you want to participate in AVC, and then hit Update. This will bring you to a drop-down menu.

Here, you might be tempted to select "Upload and activate application signatures," but this is a point of confusion; the option you need is "Upload and activate configuration." The application signatures option applies to signature updates from Aerohive as it periodically updates its library.

(click image for larger view)
upload activate configuration

Remember, with Aerohive APs, almost any configuration change requires an access point reboot before it is complete, so make these sorts of changes during an outage window. The reboot requirement is one of the few aspects of Aerohive's operations that I wish was different.

Next page: The Payoff

Lee is a Network Engineer and Wireless Technical Lead for a large private university. He also teaches classes on networking, wireless network administrtaion, and wireless security. Lee's technical background includes 10 years in the US Air Force as an Electronc Warfare ... View Full Bio
1 of 2
Comment  | 
Print  | 
More Insights
Audio Interviews
Archived Audio Interviews
Jeremy Schulman, founder of Schprockits, a network automation startup operating in stealth mode, joins us to explore whether networking professionals all need to learn programming in order to remain employed.
White Papers
Register for Network Computing Newsletters
Current Issue
Twitter Feed