Campus Wide AirPrint and AirPlay Webinar - Q&A

By awl posted Jan 31, 2013 07:48 PM


A compilation of the Campus Wide AirPrint and AirPlay webinar Q&A is now available. Thanks to all who joined the webinar. A copy of the presentation is available here, and a recording of the presentation is available on Aruba's website. If you have any questions, please post them here in the comments section.



Questions Asked by Attendees


Q: Is AirGroup a standalone product or is it licensed the mobility controller.

A: AirGroup on your mobility controller does not require a license for the feature, just the correct version of software. But you do need the Policy Enforcement Firewall (PEF) license to add roles. You will need to download the software from the support site under Software > ArubaOS > Technology Release > folder.


Q: I can upgrade the code on my controller to the version that includes AirGroup and that is all it takes besides the configuration?

A: Yes.


Q: What is the required image number?

A: in the technology release folder on the support site.


Q: When will AirGroup be in stable release and not technology release?

A: AOS 6.3 May/June CY 2013.


Q: If I already own a mobility controllers is AirGroup a software add on, or do you have to purchase a specific mobility controllers with AirGroup?

A: All mobility controllers except the 600 series and 3200 series in the original memory configuration are supported. The 3200XM or a 3200 with upgraded memory are supported.


Q: Does configuration of AirGroup occur on the controller itself?

A: You can configure role based access on the mobility controller. For advanced features such as location you will need the ClearPass Policy Manager (CPPM).


Q: How AirGroup configured?

A: The steps for configuring AirGroup are covered in the deployment guide, available on the Aruba support site under the Software > ArubaOS > Technology Release > folder.


Q: What is the advantage/disadvantage of running an overlay controller?

A: Overlay controllers can not do role assignment, because they are not terminating the devices. They also can't do location, as they won't have that information from the integrated system.


Q: Is it possible for AirGroup to work with another vendor's WLAN products?

A: This would be similar to the overlay model with the same restrictions. Filtering capabilities are different on every system. The ability to lock down devices may be less robust on other platforms.


Q: Does this require RADIUS or AD Auth, or can it work with WPA2 Pre-shared key SSID's?

A: The typical network will have users using 802.1X and possibly devices using PSK for authentication. If users are on a PSK network the administrator has to manually create username/passwords on the ClearPass platform for users to login (as opposed to using network credentials). All the devices that belong to a user will have to be manually registered, including the laptop. If it is an 802.1X based network users can use their login credentials for the registration portal. Then they only have to register the Apple TVs or printers, and not all their personal devices.


Q: Can Shared With users be an AD or LDAP Group name?

A:  Yes


Q: How is the priority set for these shared locations/users/roles, in a conflict which one wins?

A: These features all have the same priority in the system. The permissions are ‘anded’ together.


Q: Our controllers are running Does the overlay controller need to be the only one running, or do I need to upgrade my controllers as well?

A: If you are running in overlay mode only the overlay controller needs to be running the version of AOS.


Q: Can the AirGroup controller be your Aruba Master controller?

A: No, this is not recommended.


Q: How do you keep the multicast chattiness of ATV and Bonjour under control to prevent flooding the network?

A: The mobility controller maintains client state and send unicast responses back to clients requests that request mDNS services.


Q: How is ARP traffic limited?

A: This is handled with Aruba’s proxy ARP feature independent of AirGroup.


Q: Does the controller do anything to optimize bandwidth usage for AirPlay; we have teachers who share screens on iPads in the classroom using AirPlay.

A: Aruba does not modify the service, but AirPlay/AirPrint can be regulated on a per user role basis. For ex. AirPlay can be restricted to teachers and student role users can be blocked from using AirPlay on the network.


Q: What are the scaling numbers for the different controller platforms?

A: The same as the maximum user limits on the controllers. AirGroup has minimal memory, CPU impact on the controller.


Q: will this work, if you are using VLAN pooling?

A: Yes, this was one of the primary features needed to enable AirGroup to work.


Q: Can this be done on Aruba Instant APs?

A: Yes, as of the 3.2 release of software in December 2012.


Q: How is ClearPass licensing handled?

A: AirGroup is a part of the base CPPM software package.


Q: With a classroom Apple TV, can you restrict what time the students have access to the device (during their class time) for example.

A: You could, but this would require custom integration with your student management system, vs. simply having the teacher add the student through the portal when it is their time to present.


Q: Is directory search available to add users?

A: This is something we are investigating. Right now the assumed usage model is that the person being given permission through the portal is sitting with the user who needs permission. They will be able to tell the device owner their user name directly.


Q: Can I use AirGroup without ClearPass in a way that only certain bonjour devices of same AP-groups are shown in that area for example?

A: Per the discussion, this is not supported. Some features are supported directly on the controller platform using roles as opposed to location.


Q: Can you restrict duplicate Device Names or how does it handle that?

A: The Apple TV is in charge of the device name, what AirGroup worries about is the MAC. In a dorm setting students should name their devices appropriately, but they will only see their device. In a setting where IT owns the Apple TV they should be given appropriate names such as the room number.


Q: Is there a limit or license to how many devices can be registered within ClearPass?

A: There is no limit


Q: Is there a plan to allow for groups of names in ClearPass?

A: That is available today based on the controllers role-based access controls.


Q: Can a user be an AirGroup network admin and switch to AirGroup operator if they want to manage personal devices?

A: Yes, they can do so by using different login credentials to the ClearPass portal.


Q: If it's designed for students to self-register their own Apple TVs, where are they supposed to get their MAC address?  It's not printed on the ATV box or on the ATV itself...

A: When you are setting up your Apple TV you from the menu you can go to Settings > About and it will display the MAC address.


Q: Your diagram is showing wireless connectivity from the Apple TV.  Must the Apple TV be wireless, or can you have it be hardwired into your switched network infrastructure?

A: The Apple TV can be wired or wireless, as long as the traffic runs through the controller.


Q: My Apple TV's will be on wired VLANs and my wireless VLANs are in a pool - are there any issues with getting AirGroup to work with that type of setup?

A: No, as long as the AirGroup controller can hear the wired VLANs the features work.


Q: How do I get my Apple TV to work on a WPA2-Enterprise network?

A: There are two methods for handling this. You can run a PSK network just for these devices, and place them in a restricted role using firewall policy. Alternatively you can configure the Apple TV with a profile by following the this Apple support article:


Q: How would this work with pay for print solutions?  Can you send to PRINT QUEUE rather than a printer?

A: AirPrint isn't designed as a centralized protocol. It was designed to work without printer server solutions. This would typically be deployed in solutions where the student owns the printer, or flat printing fees are charged to students. If you need to charge for printing resources on a usage basis it is recommended you contact your printer vendor for solutions for sending AirPrint usage data to your billing system.


Q: Do you envision that this architecture will offer the same service for other L2 protocols such as SSPD, and UPnP, or NetBIOS?

A: We are considering Universal Plug and Play (UPnP) in our roadmap.


Q: Works with Alcatel, as well?

A: AirGroup will be available with the Alcatel branded Aruba products.


Q: How is pricing established?

A: For pricing questions please contact your Aruba sales team.


Q: Is there any tie in for monitoring & troubleshooting w/ AirWave?

A: This is a part of the AirGroup roadmap.


Q: How does as an admin handle add/drops/blocks of users?

A: This is detailed in the design and deployment guide.


Q: If only 10 users can share a device, how can a large classroom of students share a single ATV in a collaborative manner?

A: A “Shared” device designated so by the administrator has no restriction on the # of users that can share. Only personal devices that the user decides to share with close friends and colleagues have a max-sharing limit of 10 users. The device owner can change these 10 users.


Q: when registering a public apple TV can you use all 3 filters to fine tune down to the location, and group of users

A: Yes.