Wireless Access

Hi All,

I'd like to start this discussion to see if anyone else who has a similar network can give any feedback on how they have their network setup.  Here's what we have:
1. We have an Aruba Wifi network + Clearpass with Employee, student, BYOD, and Guest wifi.  All on different subnets.
2. we have Apple TV in the classrooms that all wifi networks have access to via Airgroup.
3. we have Airprint printers.  different WiFi networks have access to different printers.  We use a server called Presto that advertise the printers via DNS.  This allows us to control which WiFi get access to which printers.

So here's the issues I'm having and trying to solve:
1. it's just not very reliable. We have problems with incomplete lists of Apple TV.  If you tend to use one Apple TV often, there's a good chance that is the one that will not advertise for you.
2. or another thing we see with Apple TV advertisements is lets' say room 20 Apple TV will not be available for 4 people, but the 5th person can see it.
3. another issue we have is printers appearing offline for MacOS and iOS devices.  Most of the time toggling the wifi fixes it, but not always.  Sometime you have to reboot the device and sometimes even that doesn't bring the printer back.
4. the other issue I'm facing is printer sharing on the BYOD wifi.  If a BYOD user has a printer shared, it advertises to the entire network.  Then users try to install that printer which is causing a bunch of confusion.

So if anyone can give any feedback about their use with Airgroup and maybe some successes or design ideas they have.  We have never had much luck with Airgroup.  and since Airgroup is not required for our printing solutions I'm suspicious it's adding another layer of complexity we don't need.

I would say in general, get a VAR or reseller to design your Airgroup network exactly the way you want it, because there are many ways to deploy Airgroup and some ways are more inefficient than others.

If you want to proceed, if you haven't, please take a look at the airgroup deployment guide on asp.arubanetworks.com here:  https://asp.arubanetworks.com/downloads/documents/RmlsZTphYjE4MmJlYS0wNzFlLTExZWItODE2Zi1kM2IyZWU0NjNjZGY%3D  That will give you some principles to start with or things to fine-tune, if you haven't already.

You can improve performance of Airgroup by:

Limiting the services you advertise
Limit the services you advertise by role or VLAN.
Limiting the users you advertise to by ap-name (this will only advertise say an Apple TV device if you are on the AP or an adjacent AP that the device is tied to in Airgroup).  For wired Apple TVs, you will have to enter the AP that the Apple TV is closest to either in ClearPass or in ArubaOS.


Your questions:

1. We have an Aruba Wifi network + Clearpass with Employee, student, BYOD, and Guest wifi.  All on different subnets. OK
2. we have Apple TV in the classrooms that all wifi networks have access to via Airgroup. OK
3. we have Airprint printers.  different WiFi networks have access to different printers.  We use a server called Presto that advertise the printers via DNS.  This allows us to control which WiFi get access to which printers.  The interaction between the printer server and the clients needs to be explored and resolved.  Either you are advertising the printers via Clearpass or you are using a print server to advertise.  Long story short, your print server can provide ip connectivity to printers from clients, but ClearPass would be the gatekeeper or what printers are seen by what users.  Again, tying the printer to an AP name in Clearpass and then only advertising airprint when the user is associated to an AP nearby is probably the best solution.

So here's the issues I'm having and trying to solve:
1. it's just not very reliable. We have problems with incomplete lists of Apple TV.  If you tend to use one Apple TV often, there's a good chance that is the one that will not advertise for you.  Limiting the number of devices advertised will make that list more reliable.
2. or another thing we see with Apple TV advertisements is lets' say room 20 Apple TV will not be available for 4 people, but the 5th person can see it.  This could be a function of not limiting the number of devices advertised.
3. another issue we have is printers appearing offline for MacOS and iOS devices.  Most of the time toggling the wifi fixes it, but not always.  Sometime you have to reboot the device and sometimes even that doesn't bring the printer back.  It all depends on how the printer is discovered or attached to.  That could be a network issue, but you should open a technical support case to find out why that happens.
4. the other issue I'm facing is printer sharing on the BYOD wifi.  If a BYOD user has a printer shared, it advertises to the entire network.  Then users try to install that printer which is causing a bunch of confusion.  If a BYOD user is sharing a printer, it should only appear for that user, and not the entire network.  You should check your CPPM configuration.

***Please note that these answers are of the opinion of one person, who is guessing about your deployment based on limited information.  I would still open a technical support case and troubleshoot your connectivity issue.  I hope that others on this forum will also give you ideas about your issue***

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
------------------------------

Original Message:
Sent: Jun 08, 2022 05:41 PM
From: OES Tech
Subject: School Wifi with Airgroup, Airplay, and Airprint questions

Hi All,

I'd like to start this discussion to see if anyone else who has a similar network can give any feedback on how they have their network setup.  Here's what we have:
1. We have an Aruba Wifi network + Clearpass with Employee, student, BYOD, and Guest wifi.  All on different subnets.
2. we have Apple TV in the classrooms that all wifi networks have access to via Airgroup.
3. we have Airprint printers.  different WiFi networks have access to different printers.  We use a server called Presto that advertise the printers via DNS.  This allows us to control which WiFi get access to which printers.

So here's the issues I'm having and trying to solve:
1. it's just not very reliable. We have problems with incomplete lists of Apple TV.  If you tend to use one Apple TV often, there's a good chance that is the one that will not advertise for you.
2. or another thing we see with Apple TV advertisements is lets' say room 20 Apple TV will not be available for 4 people, but the 5th person can see it.
3. another issue we have is printers appearing offline for MacOS and iOS devices.  Most of the time toggling the wifi fixes it, but not always.  Sometime you have to reboot the device and sometimes even that doesn't bring the printer back.
4. the other issue I'm facing is printer sharing on the BYOD wifi.  If a BYOD user has a printer shared, it advertises to the entire network.  Then users try to install that printer which is causing a bunch of confusion.

So if anyone can give any feedback about their use with Airgroup and maybe some successes or design ideas they have.  We have never had much luck with Airgroup.  and since Airgroup is not required for our printing solutions I'm suspicious it's adding another layer of complexity we don't need.

Wow thanks for taking the time to write the reply.  We'll take a look at all of this.  We have a VAR.  I might go that way or take a look at the guide and give it a go myself.  Summer is coming so I can have a bit more freedom with service uptime since we are a school. 

I used to advertise our Apple TV based on AP group.  Each building is an AP group on campus, but Airgroup kept breaking.  I can take another look at your other ideas too.  It sounds like less advertisements the better.

As far as printing, that makes sense.  Does Clearpass have a way to advertise a wired printer to Airprint?  I could bypass our Airprint server entirely.

Original Message:
Sent: Jun 08, 2022 10:50 PM
From: Colin Joseph
Subject: School Wifi with Airgroup, Airplay, and Airprint questions

I would say in general, get a VAR or reseller to design your Airgroup network exactly the way you want it, because there are many ways to deploy Airgroup and some ways are more inefficient than others.

If you want to proceed, if you haven't, please take a look at the airgroup deployment guide on asp.arubanetworks.com here:  https://asp.arubanetworks.com/downloads/documents/RmlsZTphYjE4MmJlYS0wNzFlLTExZWItODE2Zi1kM2IyZWU0NjNjZGY%3D  That will give you some principles to start with or things to fine-tune, if you haven't already.

You can improve performance of Airgroup by:

Limiting the services you advertise
Limit the services you advertise by role or VLAN.
Limiting the users you advertise to by ap-name (this will only advertise say an Apple TV device if you are on the AP or an adjacent AP that the device is tied to in Airgroup).  For wired Apple TVs, you will have to enter the AP that the Apple TV is closest to either in ClearPass or in ArubaOS.


Your questions:

1. We have an Aruba Wifi network + Clearpass with Employee, student, BYOD, and Guest wifi.  All on different subnets. OK
2. we have Apple TV in the classrooms that all wifi networks have access to via Airgroup. OK
3. we have Airprint printers.  different WiFi networks have access to different printers.  We use a server called Presto that advertise the printers via DNS.  This allows us to control which WiFi get access to which printers.  The interaction between the printer server and the clients needs to be explored and resolved.  Either you are advertising the printers via Clearpass or you are using a print server to advertise.  Long story short, your print server can provide ip connectivity to printers from clients, but ClearPass would be the gatekeeper or what printers are seen by what users.  Again, tying the printer to an AP name in Clearpass and then only advertising airprint when the user is associated to an AP nearby is probably the best solution.

So here's the issues I'm having and trying to solve:
1. it's just not very reliable. We have problems with incomplete lists of Apple TV.  If you tend to use one Apple TV often, there's a good chance that is the one that will not advertise for you.  Limiting the number of devices advertised will make that list more reliable.
2. or another thing we see with Apple TV advertisements is lets' say room 20 Apple TV will not be available for 4 people, but the 5th person can see it.  This could be a function of not limiting the number of devices advertised.
3. another issue we have is printers appearing offline for MacOS and iOS devices.  Most of the time toggling the wifi fixes it, but not always.  Sometime you have to reboot the device and sometimes even that doesn't bring the printer back.  It all depends on how the printer is discovered or attached to.  That could be a network issue, but you should open a technical support case to find out why that happens.
4. the other issue I'm facing is printer sharing on the BYOD wifi.  If a BYOD user has a printer shared, it advertises to the entire network.  Then users try to install that printer which is causing a bunch of confusion.  If a BYOD user is sharing a printer, it should only appear for that user, and not the entire network.  You should check your CPPM configuration.

***Please note that these answers are of the opinion of one person, who is guessing about your deployment based on limited information.  I would still open a technical support case and troubleshoot your connectivity issue.  I hope that others on this forum will also give you ideas about your issue***

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card

Original Message:
Sent: Jun 08, 2022 05:41 PM
From: OES Tech
Subject: School Wifi with Airgroup, Airplay, and Airprint questions

Hi All,

I'd like to start this discussion to see if anyone else who has a similar network can give any feedback on how they have their network setup.  Here's what we have:
1. We have an Aruba Wifi network + Clearpass with Employee, student, BYOD, and Guest wifi.  All on different subnets.
2. we have Apple TV in the classrooms that all wifi networks have access to via Airgroup.
3. we have Airprint printers.  different WiFi networks have access to different printers.  We use a server called Presto that advertise the printers via DNS.  This allows us to control which WiFi get access to which printers.

So here's the issues I'm having and trying to solve:
1. it's just not very reliable. We have problems with incomplete lists of Apple TV.  If you tend to use one Apple TV often, there's a good chance that is the one that will not advertise for you.
2. or another thing we see with Apple TV advertisements is lets' say room 20 Apple TV will not be available for 4 people, but the 5th person can see it.
3. another issue we have is printers appearing offline for MacOS and iOS devices.  Most of the time toggling the wifi fixes it, but not always.  Sometime you have to reboot the device and sometimes even that doesn't bring the printer back.
4. the other issue I'm facing is printer sharing on the BYOD wifi.  If a BYOD user has a printer shared, it advertises to the entire network.  Then users try to install that printer which is causing a bunch of confusion.

So if anyone can give any feedback about their use with Airgroup and maybe some successes or design ideas they have.  We have never had much luck with Airgroup.  and since Airgroup is not required for our printing solutions I'm suspicious it's adding another layer of complexity we don't need.

So you should use Autoassociate based on AP name.  That will return far fewer devices to users and will improve performance.

In ClearPass you need to have gone into ClearPass Guest and go to Administration> Controllers and added your controller username and password so that ClearPass can import roles, ap-groups and ap-names.  You can test if this is working by clicking on Read Configuration, then Show details to see if your ap and ap-group information is there.  After that you will go to Clearpass guest and go to Devices> Create devices.  Enter the wired mac address, the friendly name of your Apple TV, make sure "Enable Airgroup" is checked, make sure ownership is shared.  You should be able to click on the shared locations box and be able to select the access point that you want the wired Apple TV to be associated with.  That is all you would typically have to do.  Using this method, you could theoretically bypass your print server, as  long as (1) the wired AppleTV shares a VLAN with your controller so it can see MDNS advertisements and (2) That wired device is routable to the clients that need to reach it.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
------------------------------

Original Message:
Sent: Jun 09, 2022 12:19 PM
From: OES Tech
Subject: School Wifi with Airgroup, Airplay, and Airprint questions

Wow thanks for taking the time to write the reply.  We'll take a look at all of this.  We have a VAR.  I might go that way or take a look at the guide and give it a go myself.  Summer is coming so I can have a bit more freedom with service uptime since we are a school. 

I used to advertise our Apple TV based on AP group.  Each building is an AP group on campus, but Airgroup kept breaking.  I can take another look at your other ideas too.  It sounds like less advertisements the better.

As far as printing, that makes sense.  Does Clearpass have a way to advertise a wired printer to Airprint?  I could bypass our Airprint server entirely.

Original Message:
Sent: Jun 08, 2022 10:50 PM
From: Colin Joseph
Subject: School Wifi with Airgroup, Airplay, and Airprint questions

I would say in general, get a VAR or reseller to design your Airgroup network exactly the way you want it, because there are many ways to deploy Airgroup and some ways are more inefficient than others.

If you want to proceed, if you haven't, please take a look at the airgroup deployment guide on asp.arubanetworks.com here:  https://asp.arubanetworks.com/downloads/documents/RmlsZTphYjE4MmJlYS0wNzFlLTExZWItODE2Zi1kM2IyZWU0NjNjZGY%3D  That will give you some principles to start with or things to fine-tune, if you haven't already.

You can improve performance of Airgroup by:

Limiting the services you advertise
Limit the services you advertise by role or VLAN.
Limiting the users you advertise to by ap-name (this will only advertise say an Apple TV device if you are on the AP or an adjacent AP that the device is tied to in Airgroup).  For wired Apple TVs, you will have to enter the AP that the Apple TV is closest to either in ClearPass or in ArubaOS.


Your questions:

1. We have an Aruba Wifi network + Clearpass with Employee, student, BYOD, and Guest wifi.  All on different subnets. OK
2. we have Apple TV in the classrooms that all wifi networks have access to via Airgroup. OK
3. we have Airprint printers.  different WiFi networks have access to different printers.  We use a server called Presto that advertise the printers via DNS.  This allows us to control which WiFi get access to which printers.  The interaction between the printer server and the clients needs to be explored and resolved.  Either you are advertising the printers via Clearpass or you are using a print server to advertise.  Long story short, your print server can provide ip connectivity to printers from clients, but ClearPass would be the gatekeeper or what printers are seen by what users.  Again, tying the printer to an AP name in Clearpass and then only advertising airprint when the user is associated to an AP nearby is probably the best solution.

So here's the issues I'm having and trying to solve:
1. it's just not very reliable. We have problems with incomplete lists of Apple TV.  If you tend to use one Apple TV often, there's a good chance that is the one that will not advertise for you.  Limiting the number of devices advertised will make that list more reliable.
2. or another thing we see with Apple TV advertisements is lets' say room 20 Apple TV will not be available for 4 people, but the 5th person can see it.  This could be a function of not limiting the number of devices advertised.
3. another issue we have is printers appearing offline for MacOS and iOS devices.  Most of the time toggling the wifi fixes it, but not always.  Sometime you have to reboot the device and sometimes even that doesn't bring the printer back.  It all depends on how the printer is discovered or attached to.  That could be a network issue, but you should open a technical support case to find out why that happens.
4. the other issue I'm facing is printer sharing on the BYOD wifi.  If a BYOD user has a printer shared, it advertises to the entire network.  Then users try to install that printer which is causing a bunch of confusion.  If a BYOD user is sharing a printer, it should only appear for that user, and not the entire network.  You should check your CPPM configuration.

***Please note that these answers are of the opinion of one person, who is guessing about your deployment based on limited information.  I would still open a technical support case and troubleshoot your connectivity issue.  I hope that others on this forum will also give you ideas about your issue***

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card

Original Message:
Sent: Jun 08, 2022 05:41 PM
From: OES Tech
Subject: School Wifi with Airgroup, Airplay, and Airprint questions

Hi All,

I'd like to start this discussion to see if anyone else who has a similar network can give any feedback on how they have their network setup.  Here's what we have:
1. We have an Aruba Wifi network + Clearpass with Employee, student, BYOD, and Guest wifi.  All on different subnets.
2. we have Apple TV in the classrooms that all wifi networks have access to via Airgroup.
3. we have Airprint printers.  different WiFi networks have access to different printers.  We use a server called Presto that advertise the printers via DNS.  This allows us to control which WiFi get access to which printers.

So here's the issues I'm having and trying to solve:
1. it's just not very reliable. We have problems with incomplete lists of Apple TV.  If you tend to use one Apple TV often, there's a good chance that is the one that will not advertise for you.
2. or another thing we see with Apple TV advertisements is lets' say room 20 Apple TV will not be available for 4 people, but the 5th person can see it.
3. another issue we have is printers appearing offline for MacOS and iOS devices.  Most of the time toggling the wifi fixes it, but not always.  Sometime you have to reboot the device and sometimes even that doesn't bring the printer back.
4. the other issue I'm facing is printer sharing on the BYOD wifi.  If a BYOD user has a printer shared, it advertises to the entire network.  Then users try to install that printer which is causing a bunch of confusion.

So if anyone can give any feedback about their use with Airgroup and maybe some successes or design ideas they have.  We have never had much luck with Airgroup.  and since Airgroup is not required for our printing solutions I'm suspicious it's adding another layer of complexity we don't need.