08-17-2016 10:03 AM
I want to be able to allow wired users to AirPlay to Apple TV's on the network using AirGroup. Used to be able to do this easily before 188.8.131.52. After 184.108.40.206, wireless user are still able to AirPlay without issues but wired users are not. TAC informed me that I need to make the physical port untrusted in order for the users from the wired side to be added to the user table. I have one port-channel trunk connected to our core from the controller. Currently running 220.127.116.11. The following config is what I have:
interface port-channel x
trusted vlan x,y,z
switchport mode trunk
switchport trunk allowed vlan x,y,z
access-list session global-sacl
access-list session apprf-test_wired-sacl
access-list session allowall
aaa profile test_wired
aaa authentication wired
This allowed wired users to populate the user table and show up in the AirGroup user table but also added every website's public address, internal users accessed, to the user table also.
Does anyone know a better way of doing this?
08-17-2016 10:33 AM
Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP