Security

Hi:

I've configured Airgroup to share Apple TV's across subnets. I then wanted to configure Clearpass Guest to help restrict device sharing. I entered Clearpass info in the controller's Airplay setings, and I've setup the controller in Clearpass Guest --> Airgroup Services --> Controllers. Clearpass can successfully read the controller's config.

I then added my Airplay server as a device and enabled Airgroup sharing.

The problem is that when I login to the network on my iPad, I can see the AppleTV no matter what I do. I've tried restricting it to a user or location that's not in use, but it still shows up on the iPad.

Could I be looking at a cache issue? I've issued many 'aaa user delete' commands. I've also tried 'airgroup server-refresh'. Is there anything else that needs to be done after changing airgroup device sharing in Clearpass?

I see lots of access requests in Access Tracker being handled by the [AirGroup Authorization Service]. Is this default service all I need, or do I need to define a custom service?

Any other ideas on troubleshooting?

Thank You!

Did you enable "AirGroup CPPM enforce registration" in the AirGroup settings?

OK, I'm almost there....

By using 'show airgroup policy entries' I discovered that there

was a policy entry for this server in the CLI that was conflicting with the cppm policy.

I fixed that and now 'show airgroup policy entries' shows CPPM as the source. Lo and behold, the server is no longer visible on the iPad.

This is a good thing.

Then I changed the device settings in CPPM Guest to allow sharing with no restrictions again..... but the server does not show up on the iPad.

'show airgroup policy entries' indicates that the controller still thinks the old (restrictive) sharing location/user/role info is in use.

How do I refresh the controller's info?

I've tried 'airgroup server-refresh <mac-addr>' but still the old info appears.

Thanks!