Need some clarification on AirGroup in the controller.
We have a user-role that denies access to multicast (224.0.0.0 255.0.0.0), however, when I am in that role, I can discover and airplay to the AppleTV in the room. I check my datapath session table and I see the denied flag for 224.0.0.251, however, I am still able to do everything. Bluetooth is disabled on my device.
1. Does AirGroup override the user-role ACLs?
We added my user-role to the "Disallowed Roles" in the AirPlay service, deleted my session, and I was still able to AirPlay to the AppleTV.
2. How does Disallowed VLANs/Roles restrict or deny access to AirPlay?
We have tried everything except block the Bonjour port in the user-role, but nothing seems to stop me from discoverying and airplaying to the AppleTV.