The most powerful thing about PowerShell is the ability to quickly create custom tools for nearly any platform. Our environment uses Aerohive access points with Network Policy Server. Objects are placed into different VLANs depending on how they authenticate. With this, I do not need separate networks for Guests, students, staff, etc. I have a single SSID that securely sorts for me.
To accomplish this, each AP needs access to the individual VLANs. If an AP does not have access, clients will not receive an IP. Aerohive’s management interface has a VLAN probe tool for troubleshooting and finding APs without VLAN access. However, it can only be ran on one AP at a time. I submitted a feature request to Aerohive (and found a few requests in their forums) for a multi-AP version of the VLAN probe tool. For now, I decided to write my own (not so pretty) tool.
Running this script in your environment requires a bit of customization. Set the URL, Username, and Password variables first. Next, you will need to modify the VLAN probe request. Our environment uses two VLANs (61 and 62) for wireless access. Do a find and replace to modify those numbers for your environment.
If you run into any issues or have questions, just let me know in the comment section below.
$URL = "https://hivemanager" $Username = "admin" $Password = "password" Clear-Variable URISESSION,Ah -ErrorAction SilentlyContinue $user_agent = "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MALNJS)" add-type @" using System.Net; using System.Security.Cryptography.X509Certificates; public class TrustAllCertsPolicy : ICertificatePolicy { public bool CheckValidationResult( ServicePoint srvPoint, X509Certificate certificate, WebRequest request, int certificateProblem) { return true; } } "@ [System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy $AH = Invoke-WebRequest -Uri "$url/hm/login.action" -SessionVariable "URISESSION" -UserAgent $user_agent $AH = Invoke-WebRequest -uri "https://hivemanager/hm/login.action" -SessionVariable $URISESSION $Forms =$AH.Forms[0] $Forms.Fields.userName = $Username $Forms.Fields.password = $Password $AH = Invoke-WebRequest -Uri ($URL+$AH.Forms[0].Action) -Method Post -WebSession $URISESSION -Body $Forms.Fields -UserAgent $user_agent $AH = Invoke-WebRequest -uri "https://hivemanager/hm/hiveApToolkit.action?operation=toolVlanProbe" -WebSession $URISESSION -UserAgent $user_agent $APList = $AH.Content.Split("<") $APList = $APList | Where-Object {$_ -match "option value"} $APList = $APList.trimstart("option value =") $APList = $APList.replace('"','') $APObjectLists = $APList | ConvertFrom-String -Delimiter ">" -PropertyNames hiveApId, hiveApName #Use the example below if you need to limit the number of access points being tested. #$APObjectLists = $APObjectLists #| where hiveAPName -Match APNamePrefix foreach ($APObjectList in $APObjectLists){ Clear-Variable VLANPollResultsArray61,VLANPollResultsArray62,FinishedVlanProbes,VLANPollResults,VLANPollResults61,VLANPollResults62 -ErrorAction SilentlyContinue $hiveApId = $APObjectList.hiveApId $StartVLANProbeAH = Invoke-WebRequest -uri ("https://hivemanager/hm/hiveApToolkit.action?ignore=1490364734363&hiveApId=" + $hiveApId + "&cookieId=&debugGroupId=12&operation=startVlanProbe&id=&tabId=0&forward=&tableId=0&formChanged=false&paintbrushSource=&paintbrushSourceName=&vlanProbeFrom=61&vlanProbeTo=62&vlanProbeRetries=1&vlanProbeTimeout=3") -WebSession $URISESSION -UserAgent $user_agent $CookieID = $StartVLANProbeAH.Content $CookieID = $CookieID.Substring(44,50) $CookieID = $CookieID.TrimEnd(',"msg":"HiveManager is initiating a VLAN pro') sleep 10 $pollVlanProbeAH = Invoke-WebRequest -uri ("https://hivemanager/hm/hiveApToolkit.action?ignore=1490364739465&hiveApId=" + $hiveApId + "&cookieId=" + $CookieID + "&debugGroupId=12&operation=pollVlanProbe&id=&tabId=0&forward=&tableId=0&formChanged=false&paintbrushSource=&paintbrushSourceName=&vlanProbeFrom=61&vlanProbeTo=62&vlanProbeRetries=1&vlanProbeTimeout=3") -WebSession $URISESSION -UserAgent $user_agent $VLANPollResults = $pollVlanProbeAH.Content.Split("{") $VLANPollResults = $VLANPollResults | Select-String -SimpleMatch "Available" [string]$VLANPollResults61 = $VLANPollResults[0] [string]$VLANPollResults62 = $VLANPollResults[1] $VLANPollResultsArray61 = $VLANPollResults61.Split('"') $VLANPollResultsArray62 = $VLANPollResults62.Split('"') $FinishedVlanProbes = New-Object -TypeName psobject -Property ([ordered] @{ APName = $APObjectList.hiveApName Vlan61Available = $VLANPollResultsArray61[3] Vlan61Subnet = $VLANPollResultsArray61[9] Vlan62Available = $VLANPollResultsArray62[3] Vlan62Subnet = $VLANPollResultsArray62[9] }) if ((($FinishedVlanProbes.Vlan61Available) -eq "No") -or (($FinishedVlanProbes.Vlan62Available) -eq "No")){ write-host $FinishedVlanProbes } }