Just a quick post to explain something that I wish i’d found out before taking the time to troubleshoot the issue!
The Aerohive AP330 (and maybe other Aerohive APs), as a power saving measure, won’t allow the second Ethernet interface to be activated when the AP is running on 802.3af PoE (Power over Ethernet).
This is a power saving measure due to the limitations of 802.3af which can only deliver a maximum power of 12.95 watts (after cable losses). The solution to this problem is to use a 802.3at PoE injector/switch to power your APs. When I described this behaviour as an issue above, what I actually meant is that this is a smart move from Aerohive as it allows the APs to still be used with older PoE switches that only support 802.3af without limiting the functionality of the AP to most people.
Now, back to the story. I found this out after trying to clobber together a guest access solution where the guest traffic is tunnelled (via GRE) to an AP330 which was connected to two networks : The main network and a DMZ via a transparent Squid proxy. For those wondering how this worked, I tagged the guest traffic with VLAN2 (we don’t use VLANs on our main network yet) and set a static route on the AP330 to send VLAN2 traffic through the DMZ interface.
I hope this helps others in a similar situation!
Source of PoE information : https://en.wikipedia.org/wiki/Power_over_Ethernet