Security

Reply
Super Contributor I
Posts: 289
Registered: ‎02-07-2013

Unable to stream between airgroup devices

Just started looking at  configuring Airgroups.

Am running  ArubaOS 6.4.3.4 and  CPPM 6.5.4.

Have a master/local controller configuration with 1 ap connected to pone of the local controllers advertising SSID alexs-airgroup.

I've an apple TV and an iPhone connected to this SSID. I can use CoA to terminate the iPhone session connected to the SSIS so I know clearpass can CoA the mobility controllers o.k.

 

I've registered both devices  in clearpass guest. FWIW The apple TV uses EAP-TLS to connect to the network, the iPhone uses EAP-PEWAP. On the local mobility controller

 

(aruba1) #show airgroup users mdns

AirGroup Users
--------------
MAC                IP              Type  Host Name            VLAN  Role                      Group  Username           AP-Name
---                --              ----  ---------            ----  ----                      -----  --------           -------
9c:f3:87:40:3b:75  144.32.249.254  mDNS  Alexs-iPhone-6-Plus  4093  managed_wireless_devices         as1558@york.ac.uk  alexs-ap225

(aruba1) #show airgroup servers mdns

AirGroup Servers
----------------
MAC                IP              Type  Host Name       Service  VLAN  Wired/Wireless  Role                      Group  Username                         AP-Name
---                --              ----  ---------       -------  ----  --------------  ----                      -----  --------                         -------
58:55:ca:09:71:38  144.32.249.230  mDNS  alexs-apple-tv  airplay  4093  wireless        managed_wireless_devices         checkinout-appletv-1@york.ac.uk  alexs-ap225

 

 

On the iPhone I can see/select  the apple tv as a destination, but any attempt to stream audio/video fails

 

I've got the Airgroup/airplay service enabled.

 

In the alexs-airgroup VAP for the AP I'm using  I've unchecked "Drop broadcast and unknown multicast" and also "convert broadcast Arp requests into unicast"

 

Anything else you can suggest to get this working?

Rgds

Alex

 

 

 

Guru Elite
Posts: 19,982
Registered: ‎03-29-2007

Re: Unable to stream between airgroup devices

Are there any firewall policies in the user roles of your devices?

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
MVP
Posts: 744
Registered: ‎04-13-2009

Re: Unable to stream between airgroup devices

Hi,

 

What firewall policies are in the role the devices are assisgned to?

 

Cheers

James

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Super Contributor I
Posts: 289
Registered: ‎02-07-2013

Re: Unable to stream between airgroup devices

Role assigned to both apple tv and iphone is "managed_wireless_device" which has an "allow all "

 

A

Guru Elite
Posts: 7,847
Registered: ‎09-08-2010

Re: Unable to stream between airgroup devices

Is there a NAT boundary between the two devices?

 

What does the datapath table show while you attempt to stream?


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Super Contributor I
Posts: 289
Registered: ‎02-07-2013

Re: Unable to stream between airgroup devices

Sorted!

found some early airgroup posts from 2012 about airgroup not working and the user fixed it by unchecking "Advanced Services>Stateful Firewall>Global Settings"

 

Deny Inter User Traffic

Deny Inter User Bridging

 

After this airplay magically sprang into life and I'm now streaming video from iPhone to an Apple TV. However, at the moment I'm running this on a dev controller/AP far away from our production service. We've got 15K+ wireless users on our "eduroam" SSID and currently we block multicast and don't allow general client<-> client traffic.

 

If I have to disable the above to get  airplay to work, doesn't this screw up our general blocking inter client traffic? We enbled the above initially because at one point 80% of our wireless traffic was multicast/broadcast from clients

 

Any way of getting airplay etc working on an SSID and still blocking the above two general firewall options?

 

Rgds

Alex

 

 

Guru Elite
Posts: 19,982
Registered: ‎03-29-2007

Re: Unable to stream between airgroup devices

The firewall settings you mentioned are global.  You should deny inter-user traffic at the virtual-ap level: http://www.arubanetworks.com/techdocs/ArubaOS_64x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/VirtualAPs/Virtual_AP_Profiles.htm?Highlight=Deny inter user traffic

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Search Airheads
Showing results for 
Search instead for 
Did you mean: