Security

Hi there

Has anyone got a good workflow document on troubleshooting Airplay in a clearpass environment (or can provide some pointers so I can develop one?)

We have over 120 Apple TV's in school and we use Clearpass to control their visibility on the network using the AP Groups method.

All works well - but every now and then we get an Apple TV that will just not show up on the iPads under the Airplay option.

For sake of efficiency we often provision a new unit and the teachers can get on with their job - but I want to work out why these 1 or 2 units will not appear. It's bugging me!!

With the change in the Aruba web Console - a lot of the Airplay info has gone - so I am trying to work out what commands in CLI I can use to troubleshoot this. I think it would be a valuable public resource to have a step by step guide on what to look for (although I am quite aware everyone' setup can be different).

If anyone is happy to help either via the Forum or offline then please get back to me.

As a starting point - our scenario is Aruba 7210 Controller Running 6.3.0.0 with Clearpass 6.2.0.54353

I know these are not the latest releases - but as I say - 120 Apple TV's work - only 1 or 2 do not so I am not too keen to update releases until I have tried to troubleshoot.

On the Aruba controller under advanced services we have:

Airgroup Status- Enabled

CPPM enforce registration - disabled. 

Airgroup IPV6 Support - disabled

Airgroup CPPM query interval - 10 hours (default)

We join the AppleTV's to a separate SSID with MAC authentication.

The Apple TV successfully joins the network and can access the Internet and I can ping it's IP address.

On our Airwave box I can see the Apple TV associated with the AP in the office as well as my ipad

When I use CLI with show user-table I can see the Apple TV and my iPad both listed as entries.

As clearpass registration is not enforced and as a first step of just joining the Apple TV to the network I should be able to see the AppleTV from any ipad in the school  - but in this case it is does not appear under the Airplay options (for anyone).

I then created a new guest account under clearpass for the AppleTV in question according to how we always do it - and assign the visibility to the AP group in the office for testing - and same issue - this AppleTV does not appear. Other AppleTV's do - but in this case not this one.

This is where I get stuck - any advice on where to look next to see where this is breaking down?

Any advice at all is appreciated and i will try and compile a series of steps for furture troubleshooting.

Are the AppleTVs in question showing up in your AirGroup servers list?

    show airgroup servers

 Also, check the mDNS cache to verify that the appropriate services that are being advertised are seen by the controller.

    show airgroup cache entries

Tim

Many thanks for the response.

As luck always has it - plug the AppleTV back into the network today and it appears straight away (which is even more frustrating as now I can't excatly troubleshoot!)

Anyway - ran the commands you recommened to get a baseline as such as saw the following fro the ATV in questions

show airgroup servers:

14:99:e2:28:ba:eb  10.1.81.56   Living-Room-Apple-TV  allowall  20    wireless        Employee_Role  1499e228baeb  EBT_N              25           495           3              Jan 28 15:28:25

show airgroup cache entries | include 10.1.81.56

_touch-able._tcp.local PTR IN 4500 10.1.81.56 wireless Tue Jan 28 15:27:51 2014
A4515F123B9A3A9E._touch-able._tcp.local SRV/NBSTAT IN 120 10.1.81.56 wireless Tue Jan 28 15:27:51 2014
Apple-TV.local AAAA IN 120 10.1.81.56 wireless Tue Jan 28 15:27:51 2014
Apple-TV.local A IN 120 10.1.81.56 wireless Tue Jan 28 15:27:51 2014
A4515F123B9A3A9E._touch-able._tcp.local TXT IN 4500 10.1.81.56 wireless Tue Jan 28 15:27:51 2014
A4515F123B9A3A9E._touch-able._tcp.local TXT IN 4500 10.1.81.56 wireless Tue Jan 28 15:28:30 2014
A4515F123B9A3A9E._touch-able._tcp.local SRV/NBSTAT IN 120 10.1.81.56 wireless Tue Jan 28 15:28:30 2014
_sleep-proxy._udp.local PTR IN 4500 10.1.81.56 wireless Tue Jan 28 15:28:30 2014
_airplay._tcp.local PTR IN 4500 10.1.81.56 wireless Tue Jan 28 15:28:30 2014
Living-Room-Apple-TV.local AAAA IN 120 10.1.81.56 wireless Tue Jan 28 15:28:30 2014
Living-Room-Apple-TV.local A IN 120 10.1.81.56 wireless Tue Jan 28 15:28:30 2014
70-35-60-63\.1\032Living\032Room\032Apple\032TV._sleep-proxy._udp.local SRV/NBSTAT IN 120 10.1.81.56 wireless Tue Jan 28 15:28:30 2014
Living\032Room\032Apple\032TV._airplay._tcp.local SRV/NBSTAT IN 120 10.1.81.56 wireless Tue Jan 28 15:28:30 2014
70-35-60-63\.1\032Living\032Room\032Apple\032TV._sleep-proxy._udp.local TXT IN 4500 10.1.81.56 wireless Tue Jan 28 15:28:30 2014
Living\032Room\032Apple\032TV._airplay._tcp.local TXT IN 4500 10.1.81.56 wireless Tue Jan 28 15:28:30 2014
_raop._tcp.local PTR IN 4500 10.1.81.56 wireless Tue Jan 28 15:28:33 2014
1499E228BAEC\064Living\032Room\032Apple\032TV._raop._tcp.local SRV/NBSTAT IN 120 10.1.81.56 wireless Tue Jan 28 15:28:33 2014
1499E228BAEC\064Living\032Room\032Apple\032TV._raop._tcp.local TXT IN 4500 10.1.81.56 wireless Tue Jan 28 15:28:33 2014

Is there any guide to what all these Airplay services are?

Next step is to wait until an ATV does not show up and comapre these results.

As a side question - what does the Expiry column refer to exactly - as in all my cache entries - the column says "wireless" for each and every one - where as your entries were numbers.

Will come back when I have more info for testing.

Cheers

Craig

Wally,

i-Devices have a limit to how many bonjour devices they can display at a time (don't know what it is, but people run into it).  If you are not using CPPM-Enforce and those devices are getting 100+ Airplay advertisements, you could be running into that issue.  Try to turn on CPPM enforcement to reduce the number of devices and see if you still have the issue.