Hi,
I'm in the process of configuring some simple Airgroup access on our dev mobility controller ( 6.5.2.0)
Server devices - Apple TV3, Chromecast2 audio , Chromecast2 UD
Clients - Android 7 tablet, IOS 10 iPhone
Primary app Plex - audio and video streaming but also use BBC iPlayer and Spotify
2 SSIDs , airgroups-ipv6 and airgroups-ipv6-psk performing WPA2-Enterprise and WPA2-PSK authentation. For -psk you also have to have client adress in a static ost list in clearpass and only devcs with specific DHCP signature are allowed on, else you get an access-reject sent.
Both SSIDs place a device on the same VLAN and IP address assignment via DHCP IP Pooling.
On the mobility controller .....
Authentication assigns a speific Airgroup Role with a policy of "allowall"
Controller AirGroup services selected ... everything except remotemgmt and allowall
Airgroup Global settings
All enabled except AirGroup Active Wireless discovery
Clarpass cluster set up as AirGroup CPPMserver
Airgroup Domain defined a UoY
Vlan table
multiple vlans defined but only two used for airgroups
237 for wired devices with both ipv4 and an ipv6 IP address
496 for wifi devices no ipv6 ip address assigned to controller
All other vlans disabled
Controller Airgroup policy.
For apple TV have user group defined as its a wired device doing dot1x
An android device can see and 'cast to the Apple TV, and both audio and video chromecast devices
An iOS device can only see and stream to the Apple TV
iOS Google home app can see the Chromecast devics, no other app on the iOS device can even see the devices
On a normal home network ... iOS can see and cast to ChromeCast devices
Wired devics on 144.32.230
Wwifi devices on 10.241.252.x
show airgroup blocked-service-id gives
AirGroup Blocked Service IDs
----------------------------
Origin Service ID #response-hits
------ ---------- --------------
144.32.230.4 _rfb._tcp 386
fe80::876:23f3:4776:2fbc _ssh._tcp 8401
fe80::876:23f3:4776:2fbc _sftp-ssh._tcp 8401
10.241.252.213 _teamviewer._tcp 257
10.241.253.208 _esdevice._tcp 91
10.241.252.53 urn:schemas-upnp-org:service:AVTransport:1 1320
10.241.252.53 urn:schemas-upnp-org:service:ConnectionManager:1 1338
10.241.252.53 urn:schemas-upnp-org:service:RenderingControl:1 1320
10.241.252.53 urn:schemas-cyberlink-com:service:RemoteControl:1 18
10.241.252.53 urn:schemas-cyberlink-com:service:SyncControl:1 18
fe80::1c87:96fe:eb2b:1188 _atc._tcp 134
10.241.253.4 _nvstream._tcp 12
fe80::4ab:d0ac:b8a9:93af _eppc._tcp 74
fe80::1864:25cb:406b:c5d4 _apple-lgremote._tcp 34
fe80::1864:25cb:406b:c5d4 _osc._udp 43
fe80::a6e4:b8ff:fe87:89a _tunnel._tcp 37
fe80::a6e4:b8ff:fe87:89a _friendly._sub._bp2p._tcp 37
fe80::a6e4:b8ff:fe87:89a _bp2p._tcp 82
fe80::a6e4:b8ff:fe87:89a _invoke._sub._bp2p._tcp 36
and more ......
enabling "allowall" airgroup service makes no difference
SSIDS have
Broadcast/Multicast DMO enabled
Dro Broacast and unknown multicast enabled
Convert Broadcast ARP reqiests to unicast enabled