Just started looking at configuring Airgroups.
Am running ArubaOS 184.108.40.206 and CPPM 6.5.4.
Have a master/local controller configuration with 1 ap connected to pone of the local controllers advertising SSID alexs-airgroup.
I've an apple TV and an iPhone connected to this SSID. I can use CoA to terminate the iPhone session connected to the SSIS so I know clearpass can CoA the mobility controllers o.k.
I've registered both devices in clearpass guest. FWIW The apple TV uses EAP-TLS to connect to the network, the iPhone uses EAP-PEWAP. On the local mobility controller
(aruba1) #show airgroup users mdnsAirGroup Users--------------MAC IP Type Host Name VLAN Role Group Username AP-Name--- -- ---- --------- ---- ---- ----- -------- -------9c:f3:87:40:3b:75 220.127.116.11 mDNS Alexs-iPhone-6-Plus 4093 managed_wireless_devices firstname.lastname@example.org alexs-ap225
(aruba1) #show airgroup servers mdnsAirGroup Servers----------------MAC IP Type Host Name Service VLAN Wired/Wireless Role Group Username AP-Name--- -- ---- --------- ------- ---- -------------- ---- ----- -------- -------58:55:ca:09:71:38 18.104.22.168 mDNS alexs-apple-tv airplay 4093 wireless managed_wireless_devices email@example.com alexs-ap225
On the iPhone I can see/select the apple tv as a destination, but any attempt to stream audio/video fails
I've got the Airgroup/airplay service enabled.
In the alexs-airgroup VAP for the AP I'm using I've unchecked "Drop broadcast and unknown multicast" and also "convert broadcast Arp requests into unicast"
Anything else you can suggest to get this working?
Are there any firewall policies in the user roles of your devices?
What firewall policies are in the role the devices are assisgned to?
Role assigned to both apple tv and iphone is "managed_wireless_device" which has an "allow all "
Is there a NAT boundary between the two devices?
What does the datapath table show while you attempt to stream?
found some early airgroup posts from 2012 about airgroup not working and the user fixed it by unchecking "Advanced Services>Stateful Firewall>Global Settings"
Deny Inter User Traffic
Deny Inter User Bridging
After this airplay magically sprang into life and I'm now streaming video from iPhone to an Apple TV. However, at the moment I'm running this on a dev controller/AP far away from our production service. We've got 15K+ wireless users on our "eduroam" SSID and currently we block multicast and don't allow general client<-> client traffic.
If I have to disable the above to get airplay to work, doesn't this screw up our general blocking inter client traffic? We enbled the above initially because at one point 80% of our wireless traffic was multicast/broadcast from clients
Any way of getting airplay etc working on an SSID and still blocking the above two general firewall options?
The firewall settings you mentioned are global. You should deny inter-user traffic at the virtual-ap level: http://www.arubanetworks.com/techdocs/ArubaOS_64x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/VirtualAPs/Virtual_AP_Profiles.htm?Highlight=Deny inter user traffic
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.