Security

last person joined: yesterday 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Verifying AirGroup config

Jump to Best Answer
  • 1.  Verifying AirGroup config

    Posted Aug 26, 2020 10:46 AM

    Hello,

     

    AOS 8.6.0.5    MM with Cluster of 10

    CPPM 6.8.5    Cluster of 4

     

    We have set AirGroup up with CPPM, initially we disallowed all VLANs except our IoT VLAN, but today we removed one of our eduroam VLANs from the disallow list so that devices on eduroam could see the IoT devices.

     

    This seemed to work, or at least now we can see an AppleTV on the IoT SSID from an iPhone on the eduroam VLAN. But unfortunately we can see multiple AppleTVs, registered by other users . The devices registered in Guest have AirGroup turned on, and are registered as 'Personal', so I was assuming we would only be able to see the AppleTV that was registered with the same username as the iphone.

     

    I'm having trouble troubleshooting this - I'm not sure how to find out whether the controllers are attempting to apply the 'Personal' policy. I've tried "show airgroup cppm entries" on the MM, /md, and on individual MCs, but this shows no devices at all, I'm not sure if it should? Maybe it isn't getting AirGroup info from ClearPass?

     

    I can see the AppleTVs when I run "show airgroup servers" in the /md hierarchy, that seems to be sane.

     

    Can anyone help with some tips please?

     

    Thanks,

     

    Guy



  • 2.  RE: Verifying AirGroup config

    Posted Aug 26, 2020 10:55 AM

    If you have not, please open a technical support case in parallel.  There are quite a few places to be checked, both on the controller and in ClearPass to determine what you should be seeing.



  • 3.  RE: Verifying AirGroup config

    Posted Aug 26, 2020 03:56 PM

    Ok thanks Colin, I'll do that



  • 4.  RE: Verifying AirGroup config
    Best Answer

    Posted Sep 03, 2020 05:35 AM

    Just to update this with the 'solution' (in case anyone else makes the same mistake) - it turned out that we had accidentally turned off the 'AirGroup Authorization Service' when we were tidying up a while ago, turning this on again resolved the problem!