Aerohive early-release ‘fast-path’ series switch issue (SR)

The latest Switch OS code (as at Dec ’16) is 1.0.1.20 which is either available through the Software Download section of the Aerohive Support site OR via your Reseller/Distributor channel.

If you have been supplied an ‘early release’ version of the Aerohive 22xx/23xx switch series which run on the Broadcom ‘FastPath’ chipset (SR2208, SR2224P, SR2324P and SR2348P) then it *may* be likely that there are issues with connecting & provisioning with HiveManager NG

The symptoms

  • Switch powers on OK
  • Switch may get DHCP IP address from network OK
  • You can add the serial number into the HMNG console OK
  • The switch will not form a connection to HMNG and will not provision with your network policy.

The background

  • In the early code (certainly 1.0.1.11) SNTP was not automatically set & working
  • As a result the clock (‘show clock’) is set to a default of January 1, 1970
  • When the device tries to connect to the redirector (https) they use the certificate on the redirector to set up a TLS session. The certificate in use has a validity period (say 2015-2020), if the time is wrong in the switch then the certificate is invalid from the switch perspective and the TLS establishment fails.

The fix
sr-switch-tftp-fix

If you don’t have access to the software download section of the support.aerohive.com site you should be able to get the file from your reseller or distributor (or Aerohive support agent).

When you reload the switch into the newly uploaded firmware the device should get it’s time from the SNTP server (pool.ntp.org) and after a period of time (it can take a few minutes) it should connect to HiveManager and provision as expected.

Posted in Uncategorized | Tagged , , , , | Leave a comment