Wireless Access

last person joined: 4 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Itunes Sharring

Jump to Best Answer
This thread has been viewed 3 times
  • 1.  Itunes Sharring

    Posted May 06, 2009 02:55 PM
    This is not a new subject “ITunes Sharing” but I’m looking for a way to address this problem. The goal is stop users from sharing ITunes on the Wi-Fi, this is a University environment and it has been discovered that a large part of Wi-Fi bandwidth is being used by this form of peer to peer. Any ideas I’m new to Aruba so everything is a learning experience.

  • 2.  RE: Itunes Sharring
    Best Answer

    Posted May 06, 2009 08:37 PM

    If you are running ArubaOS or higher, at the Virtual-AP (think SSID) level, there is a knob to drop broadcasts and multicast (Broadcast Filter All). If you enable this, users will not be able to find each others itunes sessions, and it will stop a good deal of the sharing, if not all. Just make sure you don't have an application that depends on broadcast discovery of clients to function before enabling this.

  • 3.  RE: Itunes Sharring
    Best Answer

    Posted May 08, 2009 12:45 PM
    Another alternative is to block TCP port 3689. This is the port that iTunes uses for music sharing. The previous suggestion would block mDNS (aka Bonjour) and prevent discovery of iTunes libraries as well as any other Bonjour services. Blocking 3689 would allow the iTunes libraries to be discovered but would prevent users from connecting to them.
    Finally, if you are just worried about the impact on the network you could experiment with setting the traffic priority of the TCP streams on 3689 to background or best effort.

  • 4.  RE: Itunes Sharring

    Posted May 08, 2009 01:31 PM
    If you are using AIS-Radius, make the Remote Access Policy require a domain computer account. this has fixed my IPhone problems. :p

  • 5.  RE: Itunes Sharring

    Posted May 09, 2009 05:03 AM

    That is a really innovative way to make sure that users do not get non-domain devices on the network. Let's hope they're not smart enough to make their username "domain/username" :)

  • 6.  RE: Itunes Sharring

    Posted May 11, 2009 11:09 AM
    I'll have to look into that... I work with some serious hackers who've been crying that I won't let them use their Iphones. Thanks colin for the insight.

  • 7.  RE: Itunes Sharring
    Best Answer

    Posted May 11, 2009 12:19 PM

    The Aruba way would be to "Enforce Machine Authentication". It permit you to check whether or not a computer has passed "Machine Authentication" on your domain and apply the proper role based on the result. Look for "Enforce Machine Authentication" in the ArubaOS user guide.