Matthew Norwood

Author Archives: Matthew Norwood

A Quick Guide To Configuring An Aerohive AP

Whether through a purchase or demo gear, you have your hands on an Aerohive AP. If you have never dealt with Aerohive before from a wireless perspective, you might be asking yourself how to configure the AP. This post is meant to serve as a starting point to take that AP and put some configuration on it so that you can start connecting clients.

This post is not meant to be an exhaustive reference, as there are MANY things that can be configured. Rather, it is meant to be a starting point in which the reader is introduced to the overall configuration mechanisms within HiveManager at a high level. At the time of publishing(December 2018), these are the steps needed to put in AP into operation. However, the nature of the rapid pace at which HiveManager is updated means that things could change that alter the configuration flow. It is also worth noting that this post utilizes the public cloud/Internet option for HiveManager. Although there are 3 different deployment options for HiveManager(public cloud, private cloud, single VM), this post utilizes the public cloud option. Configuration between the 3 different models is relatively the same.

Before You Plug That AP Continue reading

Configuring Microsoft NPS for Aerohive 802.1X Authentication

This post is a starting point for anyone who wants to use 802.1X authentication with Aerohive APs and Microsoft NPS. I will provide configuration screen shots for both of Aerohive’s management platforms and for NPS running on Microsoft Windows 2008 Server. It is not intended to be an exhaustive guide, but should be a decent starting point. Every implementation will be different in some respect, and some of these steps may not be the exact manner in which you configure Microsoft NPS. The steps for Aerohive may also be different depending on what you are trying to accomplish. I’ll make sure to note my particular scenario when appropriate.

Versions Used:

HiveManager Classic/HM6/HMOL – 6.8r7a

HiveManager NG – (March 2017)

Microsoft Windows 2008 Server


  1. Basic understanding of navigation within the HiveManager Classic and/or NG interface.
  2. No RADIUS objects or user profiles for 802.1X authentication have been configured within HiveManager Classic or NG. If you have already configured some of them, just skip the steps that cover the creation of those objects.
  3. Microsoft NPS is installed and a server certificate for the NPS machine has been issued and installed.


Company XYZ wants to authenticate Continue reading

Aerohive’s Private Pre-Shared Key Technology

ppsk-aerohiveA fairly common question I get asked when talking to people about Aerohive Networks is “what makes us different?” In other words, why should they choose Aerohive to replace their existing wireless vendor? It is a fair question. After all, plenty of vendors sell APs that can serve the most basic wireless needs. All of the vendors I compete with do a lot of the same things when it comes to general wireless.

One of the things I like to talk to potential customers about is Aerohive’s Private Pre-Shared Key(PPSK) technology. For some organizations, PPSK is not something they are interested in. Maybe they already have a pretty solid 802.1X implementation and don’t have a need for WPA2 Personal(pre-shared key) security on their wireless network. That’s perfectly fine in my book. I have other things I can always talk about with regard to an Aerohive solution. For quite a few organizations though, they see the advantage of PPSK over standard pre-shared key implementations and jump right in to using it. I wanted to briefly discuss what PPSK is and how it can be utilized with an Aerohive solution. No configuration screenshots or long demonstration videos. Just a basic Continue reading

Does Aerohive Scale?


Note: If you are a TL/DR type of person, let me give you the short answer to the title of the post: Yes! ?

For everyone else, I will try my hardest to keep this as short as possible. I will include as many pictures and CLI screens as I think are needed to help answer the scalability question, and no more. While I entertained the idea of making two separate posts regarding scalability, I felt it best to keep it to a single post since AP(Access Point) to AP communication and layer 3 roaming are best explained together. My wife and friends will tell you that I can be long-winded. I apologize in advance.

Let me just start by saying that I work for Aerohive Networks. I have been an employee of Aerohive for about 3 months. In that time, I have learned a tremendous amount about the overall Aerohive solution and architecture. Prior to working for Aerohive, I worked for a reseller that sold for Cisco(to include Meraki), Aruba, and Aerohive. I wasn’t unaware of Aerohive, but let’s be honest for a minute. Aerohive doesn’t have a lot of information out there around how their various protocols work. This Continue reading

From Multi-Vendor To Single-Vendor

AerohiveLogoCareers take a funny turn a lot of times. Opportunities come up that you weren’t expecting and the timing is never as perfect as you want it to be. At least, that is how it has always been with me. I’ve learned though, that sometimes the best thing for you is to charge full speed ahead through the door, roll the dice, and take your chances. That is where I find myself right now. Having accepted an offer from Aerohive Networks to serve in a pre-sales engineering role in my local area, I am leaving behind a job and a company that I have enjoyed tremendously. Yes, there were times when I had to be talked off the ledge and keep on going. I think that comes with most jobs though. Overall, it has been a very rewarding almost 5 years working for a value added reseller(VAR) and I will miss it greatly.

In the span of a few months, I had to decide to give up the following:

1. Multi-vendor implementations and support.
2. Studying for the CCIE Wireless lab exam with 1 failed lab attempt already under my belt.
3. Involvement with other vendors courtesy of social media(blogging, Continue reading

In Pursuit of the CCIE

Just a short post to let you know this blog is not dead. I have not written anything in several months. While I have several posts that are partially complete, I have not been able to finish them…..yet.

For the past several months, I have been busy studying for the CCIE Wireless lab exam. Prior to that, I was sort of working towards the CCIE Route/Switch written and lab exam. I wasn’t fully committed, so my studying was sporadic at best. My heart just wasn’t in forcing myself to learn more about IPv6, multicast, MPLS, and some of the other blueprint items.

Somewhere along the line it changed. Maybe it was having another co-worker who was serious in his pursuit of the CCIE Wireless. Maybe it was that my job working for a reseller had me doing more and more Cisco wireless work. Maybe I just liked the fact that wireless was hard. I’m not really sure. I just know that at some point, a switch flipped inside my head and I just decided to go all in on my studies. Honestly, I should have done this years ago, but the timing just didn’t seem right.

I’ve been studying Continue reading

Aruba and HP – The Remaining Pieces

Aruba-HP-LogoI wrote previously about the Aruba and HP ecosystems. You can find that post here. I also wrote about Aruba’s culture here, and although I had planned on writing about HP’s culture as I understand it, I don’t know that I need to spend too much time on that. When you look at the difference in the two ecosystems from a wireless perspective(HP is a big company with a broad portfolio), HP is a completely different animal and that HAS to affect their company culture.

Well, what really remains to talk about? I think two things. Execution and product disposition.


Ask anyone who follows the industry about HP, and you will get a variety of thoughts. However, one of them that always seems to surface is in regards to their ability to execute. There is a history of missteps regarding HP in the executive arena over the past several years. Since Meg Whitman has taken over as CEO, I think we have seen a bit more stability in that regard. When thinking about Aruba and HP combining forces for wireless, I am reminded of a comment that Andrew vonNagy made during a Tech Field Day roundtable at the Continue reading

Aruba and HP – The Ecosystem Is King

Aruba-HP-LogoNote: This is part of a multi-post series I am writing that compares Aruba to HP and how the integration of Aruba Networks into HP might play out. You can read my intro post here.

I am a HUGE fan of vendor ecosystems. A HUGE fan. I have written about them before. The last post I wrote on them can be found here. I really do think they are the key to driving a vendor’s success. One could argue that the large vendors have it easy. They have the resources to build those ecosystems. They can spend money that the smaller vendors cannot and can essentially buy loyalty from customers and partners. Of course, at some point, those large vendors were small ones. They did something different to propel them to the large vendor status. Their competition fell by the wayside and either drifted off into obsolescence, or just outright died.

Sorry. There is no TL/DR for this post. Buckle up. It’s a long one.

So let’s get a lay of the land when it comes to ecosystems between HP and Aruba. Let me clear about one thing. This is specific to wireless. This has nothing to do with the Continue reading

Let’s Revisit The Aruba Networks Acquisition

Aruba-HP-LogoBack in February, I wrote a piece entitled “HP Buying Aruba?”. In that post, I provided some context around why I thought HP buying Aruba could end up being a bad idea. I also mentioned in that post that I hoped HP did right by Aruba’s customer base and didn’t put the corporate handcuffs on them.

After several months and many conversations with HP, Aruba, and my peers, I have a different take. I am not 100% ready to back off from my concerns though. The acquisition has closed. The deal is done. However, it is too early in the process to be certain of much of anything regarding the future state of Aruba, its products, and its ability to execute as they have in the past. Let’s just say I am about 75% headed in the opposite direction of my initial concerns.

This past week, I was fortunate enough to attend HP Discover in Las Vegas. HP paid for my travel and expenses for HP Discover. For that, I thank them and I can definitively tell you that I was not pressured into writing anything as a result of this trip. As luck would have it, Aruba Continue reading

HP Buying Aruba?

hplogoTwo things happened today. First, Twitter blew up at some point with rumors of HP in talks to buy Aruba. Second, my shares of Aruba stock shot up about 20%. I was disappointed with the first and pleased with the second. Of course, they were directly related.

In Case You Weren’t Aware…..
HP has had some issues over the past several years. Not so much issues with their technology, which has always been good, but more so with execution. The latest attempt to right the ship has been to split the company into two distinct entities. Trim the fat off of the corporate monster so to speak. Or, maybe a better way to put it is that HP wants to become less of an “all things to all customers” type of company, and more of a “some things to some customers” type of company. Some customers will be served by one of the two HP companies, and some customers will be served by the other, or both. This allows more focus in certain areas, and focus is never a bad thing.
Why Does It Matter If HP Buys Aruba?
Although this is all speculation, allow me to continue down this Continue reading

Cisco Wireless Transmit Power Control

Power substation outside a VERY large data center in Atlanta,GA.

I’m going to start out by telling you something you probably already know. Every vendor has their own way of doing things. Sometimes it makes perfect sense, and other times you end up scratching your head wondering why that particular vendor implemented this feature or product. Since I have been spending a lot more time on wireless these days, I came across an issue that forced me to reconsider how transmit power control(TPC) actually works in a Cisco wireless deployment. I thought I would impart some of this information to you, dear reader, in the hopes that it may help you. If you spend a lot of time inside Cisco wireless LAN controllers, this may not be anything new to you.

The Need For TPC

If you have been around wireless long enough, you have probably dealt with wireless installs where all of the access points(AP) were functioning autonomously. While this isn’t a big deal in smaller environments, consider how much design work goes into a network with autonomous access points that number into the hundreds. It isn’t as simple as just deciding on channels and spinning all the access Continue reading

The Importance of Product Education

brainI learned something new this afternoon. While other users of this product were already aware of it, I was not. This is something that is specific to the Wi-Fi community, but there is a larger point affecting all practitioners of technology that I will attempt to illustrate in this post.

The Problem

I have been doing a lot of wireless surveys lately. These particular surveys have been large enough to require two engineers to be on site. We’ll divide up the location by floors or sections in order to get the job done in less time. These particular surveys are in place assessments, so we aren’t putting survey AP’s up on poles and measuring signal strength, determining attenuation of walls, etc. We’re simply measuring the signal of all AP’s in place and making recommendations based on the requirements of the business(e.g. moving to support voice at 5GHz or location based services). In addition to using a survey tool, which in our case is Ekahau’s Site Survey, we are also doing spectrum analysis at various points within the given facility with Metageek’s Wi-Spy DBx hardware and Chanalyzer software.

The spectrum analysis portion is where my problem resided. I happen to have a pair Continue reading

Can I Be Brutally Honest?

There are several reasons I love being on the road. One of them is the sense of accomplishment I get from doing a particular job in a set amount of time. There is a defined period in which I will be on site with a client to do a job, or a set number of days I will be sitting in training. The light is always at the end of the tunnel. I find that when I am involved in projects around where I live, that they tend to drag on. Time is always important, but not as important as when I am on the road.

Another reason I love being on the road is the fact that I get to interact with a number of my fellow IT professionals on their home turf. I love talking to them about their networks and seeing how they solve the particular issues of their business with technology. I also love to help them improve their networks when needed. Depending on the engagement length, a good working relationship may develop to the point where you seek each other out for conversation or shared meals when you are in the same general vicinity. In Continue reading

Where Is Cisco UCS Headed?

UCS-Grand-Slam-Social_Baseball2_v1-300x300If you happen to read my writing(as infrequent as it is these days), you know that I am a networking focused person. I live my day to day within the walls of routing, switching, wireless, and other “network centric” platforms and technologies. The days of Unix, Windows, and other generalist type administration duties are gone for me. However, like many IT professionals, I have a strong desire to understand all of the different areas in order to enhance my capabilities within the networking space. If you wish to implement IT in any particular silo, it helps to understand all the different pieces. With that in mind, I happily accepted my invite to the Cisco UCS Grand Slam event in New York City a few weeks ago. My involvement with Cisco UCS usually stops at the fabric interconnect point, and occasionally down into the virtual networking piece as well.

I mention that to state that while I understand the moving parts within storage, compute, and virtualization, I DON’T understand it at the level of people who live in those worlds full time. In light of that, I have to point out that I may be completely wrong in my predictions or Continue reading

A Training Class Where I Actually Learned Something

brainTL/DR – Canned labs never work for me.

Training for me has always been hit or miss. I have had better luck with in person classes than online training. I realize that everyone learns differently, so I suppose you pick the model that works best for you and hope you get your money’s worth out of it.

Back in June, I had the pleasure of attending the ClearPass Advanced Labs course at the Aruba headquarters out in Sunnyvale, CA. This was not a typical “class”. In fact, every time I referred to it as a “class”, I was reminded by the instructor that it was more of a workshop. The instructor was not there to teach you everything about ClearPass. Their job is to simply function as a proctor and help out when you got stuck on a particular issue. Yes, there was a slide deck, but it was VERY brief and just covered the goals of the day’s activities.

What Made It Different?

In short, the lack of step by step instructions. Many of the training classes I have attended consist of the following:

1. Death by Powerpoint
2. Canned labs

There’s no need to elaborate on the first Continue reading

Choosing Sides In Technology

Sometimes There Is Too Much Choice

Sometimes There Is Too Much Choice

I started out the evening writing a post on Aruba ClearPass, but this has been weighing on my mind lately, so I figured Aruba ClearPass can wait.

It seems that the Internet is filled with all sorts of opinions as it relates to all things IT. Shocking, isn’t it? ;)

We squabble over all sorts of technical things that mean a great deal to us as IT folks, but probably not a whole lot to the people who actually benefit from the use of those systems. Yes, I am referring to the end users. What do they care about? They care about their systems working. That’s it. They have their own jobs to worry about. This can be confirmed by the fact that end users almost never call up the IT department or fire off an e-mail unless there is a problem. Consider exhibit A:

1. Does it work? Great. I can do my job. The IT department isn’t even on my mental radar.

2. Is it broken? Uh oh. Now I can’t do my job as effective, or quite possibly, at all. Time to notify IT to get this thing back up and running.

Continue reading

How Does This Help Aruba Networks?

I was going over my YouTube subscriptions tonight, as I do at least once a week, and came across this video from Aruba Networks:

While I do love watching things go through a shredder, I fail to see the point of this video. It begs the question: Who watches this and would this video change their mind?

In my opinion, this video is aimed at a non-technical buyer. If you make a significant investment in Aruba based on this video, I have serious concerns about your ability to make sound judgements when it comes to technology. That is not to say that the AP-225 from Aruba can’t beat a Cisco 3702 AP in testing. I honestly don’t know. I have access to both AP’s, and I suppose I could run my own independent tests, but to what aim? I certainly don’t have 20 laptops laying around to run my own version of this test, and I am struggling to locate the exact testing methodology used on the Aruba website. The video mentions that Aruba publishes the exact test they performed. I assume it is available somewhere. There was nothing in the video description, so I suppose I have to do Continue reading

Winning With Ecosystems

Back in 2010, I wrote a post entitled “Competing With Cisco”. It has been a few years, and since I have been in the VAR space for almost 3 years now, I have a slightly different perspective. One thing I didn’t really touch on too much in that article was the powerful ecosystem that surrounds Cisco. I’ve seen it win many deals over the past several years and thought it was worth writing about. Perhaps you already know the power of that ecosystem.

I feel sorry for smaller technology vendors. They face an uphill climb when going against the 800lb gorillas. Interestingly enough, I have often wondered about that phrase. Perusing the Wikipedia article on “800lb gorilla”(That site really does have everything!), it gives a riddle:

Q: Where does an 800lb gorilla sit?
A: Anywhere it wants to.

For people within the greater networking space, that 800lb gorilla is Cisco. It has been that way for a number of years, and will likely continue that trend for years to come. Although there are numerous competitors, time and time again, they fail to take substantial market share from Cisco. While Cisco does make many fantastic products, there Continue reading

Could Cisco ACI Kill APM?

APM TargetNote – This is ALL 100% speculation on my part. I may be WAY off base with what you are about to read, and if you know something I don’t, feel free to correct me in the comments below.

I attended the Cisco Live Local Edition event here in Nashville,TN last month. It was an all day event that gave a variety of presentations in different focus areas. While I spent the bulk of my time in the routing/switching/wireless/security presentations, I made a point to sit in on one in the data center track. It was entitled Data Center Fabric Futures. This session spent a lot of time talking about Cisco’s Application Centric Infrastructure(ACI) technology, so I was curious to learn a bit more about it since the company I work for sells a fair amount of Cisco Nexus switching.

If you want a little more information about Cisco’s ACI technology, here’s some really good writing on that subject:

Insieme and Cisco ACI [Part 1] – by Matt Oswalt

Insieme and Cisco ACI [Part 2] – by Matt Oswalt

Cisco’s ACI (Insieme) Launch – by John Herbert

While the presentation was moving along, one particular aspect of ACI caught my Continue reading