How are people managing airgroup devices and ACLs?
I understand that Airgroups takes care of discovery and isn't involved in the data path. So it seems we're missing a mechanism for controlling the ACLs for devices that are allowed to discover each other.
Our security team is not overly happy with the idea of any-any ACLs for all the various ports used by Airgroup devices. It makes it trivial for someone to scan the network for a chromecast and do unpleasant things to it.
We've got Airgroups working pretty well with a wide variety of devices, but having no way of controlling client to client data transmission on all the ports used by devices like Chromecast and Sonos seems a bit nasty.
Am I missing something?