Contributor I

Clearpass / Airgroup Issues

Clearpass 6.7.0 / AOS 8.3.0

I believe I have AOS / Airgroup setup correctly:

Configured under managed node (contains two clustered controllers)

Distributed mode, RFC 3576 / AAA servers pointing to CPPM. Default-allowall service. Forced Registration is enabled.
I see the CPPM entries and appropriate servers and users in the various Airgroup diag commands. 

CPPM: I enabled Airgroup service, I see successful requests coming across. I added the particular device to test with (as admin). I shared it with a user that is not logged on anywhere on the network. 


1. I logged into the network as a different .1X user. I can still see every mDNS device. (even when force registration is on) including the one that I registered.

2. Logging into the .1X network with the user I shared the device, I can see every device.

It was my understanding that if I enable "AirGroup server enforce registration", then no devices should be visible to anyone.. It's like the controllers are 'viewing' the requests, but are not enforcing anything.

Re: Clearpass / Airgroup Issues

You should consider upgrading to 6.7.4 , allow all services doesn’t mean you are allowing all the services means that it will advertise services you didn’t configured

Thank you

Victor Fabian

Pardon typos sent from Mobile
Thank you

Victor Fabian
Lead Mobility Architect @WEI
Contributor I

Re: Clearpass / Airgroup Issues

I have 6.7.4 downloaded. I just haven't installed it.

To your point though, if I only have allowAll service enabled then I definitely shouldn't be able to see other devices such as chromecast, correct?

Guru Elite

Re: Clearpass / Airgroup Issues

AirGroup in centralized mode is currently broken in

Tim Cappalli | Aruba Security
@timcappalli | | ACMX #367 / ACCX #480
Contributor I

Re: Clearpass / Airgroup Issues

Is distributed ok then? That's what I'm using.

Sent from my Sprint Samsung Galaxy Note8.
Search Airheads
Showing results for 
Search instead for 
Did you mean: