Security

Reply
Regular Contributor I
Posts: 166
Registered: ‎04-11-2011

Airgroup help/questions

I'm trying to implement airgroup with CPPM for Apple TVs.  It appears that the default clearpass airgroup service is geared toward apple TVs being on student networks or .edu environments with mac auth.  My Apple TVs are located in conference rooms and are on the corporate network using PEAP (profile loaded onto apple tv).  Is it still possible to use CP to limit who can see an Apple TV when it's on a PEAP network by changing the airgroup service?

 

Thanks

Guru Elite
Posts: 8,447
Registered: ‎09-08-2010

Re: Airgroup help/questions

[ Edited ]

The AirGroup service should not be touched.

 

It doesn't matter which SSID the device or user is connected to as long as AirGroup is enabled.

 

The device authentication itself would be handled just like a user.

 

You'll need to setup the AirGroup integration in ClearPass guest by adding the controllers. Then you'll have to register the AppleTVs under "Create New Device" and then Enforce AirGroup registration on the controller.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Regular Contributor I
Posts: 166
Registered: ‎04-11-2011

Re: Airgroup help/questions

Thanks Tim, I have setup the integration between the controller and clearpass.  I set the device in clearpass to only be shared to a certain role. Now I do not see airplay as an option on my iOS device.

Guru Elite
Posts: 8,447
Registered: ‎09-08-2010

Re: Airgroup help/questions

Please run:

 

show airgroup cppm entries
show airgroup policy-entries


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Regular Contributor I
Posts: 166
Registered: ‎04-11-2011

Re: Airgroup help/questions

[ Edited ]
show airgroup cppm entries

ClearPass Guest Device Registration Information
-----------------------------------------------
Device             device-owner  shared location-id AP-name  shared location-id AP-FQLN  shared location-id AP-group  shared user-list  shared role-list  CPPM-Req  CPPM-Resp
------             ------------  --------------------------  --------------------------  ---------------------------  ----------------  ----------------  --------  ---------
18:ee:69:18:b9:07  N/A                                                                                                                  authenticated     45        1
                                                                                                                                        Employee
Num CPPM Entries:1

The “show airgroup policy-entries” isn’t a valid command on my controller.  

 

The “show airgroup policy-entries” isn’t a valid command on my controller.  I’m still running 6.3.x on my controller

Guru Elite
Posts: 8,447
Registered: ‎09-08-2010

Re: Airgroup help/questions

Are you seeing AirGroup Authorization messages for the ATV MAC address?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Regular Contributor I
Posts: 166
Registered: ‎04-11-2011

Re: Airgroup help/questions

Yes, I see them in the access tracker.

 

Capture.JPG

Guru Elite
Posts: 20,978
Registered: ‎03-29-2007

Re: Airgroup help/questions

msales,

 

Did you do any airgroup configuration on the ClearPass Guest side?  If you have CPPM enforcement enabled, that configuration will supersede what you have configured on the controller side.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I
Posts: 166
Registered: ‎04-11-2011

Re: Airgroup help/questions

I add the controller under the airgroup settings in CP guest and also added the apple TV has a device

Thanks

Matt Sales
Network Engineer II
Centra Health
434-200-5574





Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation.
Guru Elite
Posts: 20,978
Registered: ‎03-29-2007

Re: Airgroup help/questions

Do you have a screenshot for the configuration of that AppleTV in cppm?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: