Create DHCP Server on Aerohive AP’s

Things you must know ahead of time

Which VLAN ID you wish to use: 99
The IP range of your scope to be server by Aerohive. Aerohive can only handle a /23: 10.99.0.2/255.255.254.0
The exclusion range: 192.168.200.1 – 192.168.200.9
The mgt0 Sub interface you wish to use. Each DHCP must be unique to the WLAN: mgt0.3
The IP Address and subnet mask of the mgt0 interface on the DHCP Server AP: 172.31.16.155 / 255.255.255.0
The gateway of the address above: 172.31.16.1
The IP address of the DHCP Server object: 10.99.0.2

The above numbers are just examples but will be used on this page.

HMOL > Configuration > Advanced Configuration > Common Objects > DHCP Server and Relay

Click New
Name it “DHCP” + “-“ + building, ex. DHCP-Bra…somename
Assign a Sub Interface such as mgt0.3
Assign it a unique IP from your IP range reservation. Use “.2”. See above.
Use the subnet mask of 255.255.254.0
The VLAN ID from above
Check Enable Ping on this interface
Click Enable a DHCP Server on this interface
Check Set the DHCP server as authoritative
Check Use ARP to check for IP address conflicts
For the IP Pool,
Click New
Enter the beginning IP AFTER the exclusion range. Ex, 10.99.0.10
Enter the last usable IP in your range. Ex, 10.99.1.254
Click Apply
Under DHCP options
Default Gateway: The address of the DHCP Relay object from above
DNS Server 1: Use Google, 8.8.8.8. If blocked ask the customer which DNS to use
DNS Server 2: Use Google, 8.8.4.4. If blocked ask the customer which DNS to use
Lease Time: 14400. This is 4 hours in seconds
Netmask: Same as the /23 you declared above, 255.255.254.0
The others can be filled out if needed
Custom Options: fill out if needed
Advanced – Check Enable NAT Support
Scroll up and click SAVE

Configuration > Devices > Aerohive APs

Click on the AP you wish to make the server. Best to use an AP that won’t be as busy as others
Scroll down to Optional Settings > MGT0 Interface Settings
Click Static IP Address
Enter the IP address you declared above: 172.31.16.155
Enter the subnet mask you declared above: 255.255.255.0
Enter the default gateway you declared above: 17.31.16.1
Scroll down to Server Settings
Click on the DHCP Server object create above and then click the “>”
Click SAVE

HMOL > Configuration > Advanced Configuration > Common Objects > IP Objects / Host Names

HMOL > Configuration > Advanced Configuration > Common Objects > Tunnel Policies

Name it building + “-GRE”, ex. Bra…somename-Library-GRE
Click Enable Static Identity-Based Tunnels
Use the drop down menu to add the IP Object for the address of the DHCP Server AP.
Under Available IP Objects, choose the IP Object for the network that the DHCP AP is assigned to.
Click the “>” to move the object to the right window.
Under Tunnel Authentication click the Generate button. You’ll never need to see that password.
Click SAVE

HMOL > Configuration > Advanced Configuration > Security Policies > IP Firewall Policies

Configuration > Network Configuration > 1-Choose Network Policy

Click the Policy that will host the DHCP Server
Create a SSID as you would normally.
The User Profile must use a unique attribute and use the VLAN ID that you declared above: 99
Click the drop down arrow next to GRE Tunnels
Click GRE tunnel for roaming or station isolation
In the drop down menu, choose the Tunnel created above, ex., “Bra…somename-GRE”
Scroll down to Firewalls
In IP Firewall Policy > From-Access, choose the Firewall to match your SSID security
Click SAVE