Security

Reply
Occasional Contributor I
Posts: 6
Registered: ‎08-17-2016

Public IP's in User Table After Making Port-Channel Untrusted

Hi,

 

I want to be able to allow wired users to AirPlay to Apple TV's on the network using AirGroup.  Used to be able to do this easily before 6.4.3.0.  After 6.4.3.0, wireless user are still able to AirPlay without issues but wired users are not.  TAC informed me that I need to make the physical port untrusted in order for the users from the wired side to be added to the user table.  I have one port-channel trunk connected to our core from the controller.  Currently running 6.4.4.8. The following config is what I have:

 

interface port-channel x

no trusted

trusted vlan x,y,z
switchport mode trunk
switchport trunk allowed vlan x,y,z

user-role test_wired

 access-list session global-sacl

 access-list session apprf-test_wired-sacl

 access-list session allowall

 

aaa profile test_wired

   initial-role test_wired

   mac-default-role test_wired

   dot1x-default-role test_wired

 

aaa authentication wired

   profile test_wired

 

This allowed wired users to populate the user table and show up in the AirGroup user table but also added every website's public address, internal users accessed, to the user table also.

 

Does anyone know a better way of doing this?

Guru Elite
Posts: 8,759
Registered: ‎09-08-2010

Re: Public IP's in User Table After Making Port-Channel Untrusted

Search Airheads
Showing results for 
Search instead for 
Did you mean: