Controller based AirGroup Policies & Auto-association


Controller based AirGroup Policies


By default all AirGroup servers are visible to every AirGroup user. 

  • This features enables configuring policies on controller for AirGroup servers to limit the visibility of AirGroup servers to destined AirGroup users.  Admin is allowed to configure shared user-list, shared role-list and shared group-list for each AirGroup server to limit this server’s visibility to intended AirGroup users.
  • The group-list is the same as the group defined in Active directory. 
  • These configurations were done in CPPM prior to v6.4.3, now it is extended to the controller.




  • Auto-association feature helps with visibility of an AirGroup server If it needs to be seen by a broader area. This feature enables attaching an AirGroup server to an AP-name, AP-group or AP-FQLN and any AirGroup users associated to that AP-name etc. will be automatically see those AirGroup Server.
  • Auto-association feature can be applied at AirGroup Service level as well – AirPlay etc. All AirGroup  Servers advertising that service will be seen by AG users associated to that AP-name/AP-group/AP-FQLN.
  • Use case – In a multi-floor building, if you want users in Floor-10 to have access to a printer in Floor-10. You can define location based policy and attach the printer to an AP-group for floor-10 and users belonging to that AP-group will be able to access that printer.





Controller based AirGroup Policies

  • Policies can be configured on the controller to limit the visibility of AirGroup servers to destined AirGroup users
  • Policies can be configured based on shared user-list, shared role-list and shared group-list 
  • Location based policies for AirGroup devices can be configured based on ap-name, ap-group and ap-fqln
  • This was done in CPPM prior to v6.4.3




  • Enables AG users to discover AG servers based on 
  • AP or its neighbours
  • AP-Group
  • Auto-associate can be enabled at Airgroup  Server
  • Airgroup  Service level (Airplay etc)



This configuration defines a policy for AG server based on its MAC address and share this server among list of users, role, group and location.


  • Mac Address Based Policy Configuration

   (config) #airgroup policy <AG-Server-mac>


    (config-airgroup-policy) #?


  • Configuration – Shared user list

Configuration to add/remove users in an shared user-list.

Configuring shared user-list
    (Aruba) (config-airgroup-policy) #userlist ?

Adding a user-name:
   (config-airgroup-policy) #userlist add Bob          

Deleting a user-name from the shared user-list:
   (config-airgroup-policy) #userlist remove Bob       

Deleting the entire shared-user list:
   (config-airgroup-policy)# no userlist    


  • Configuring Shared user-role 

  (Aruba) (config-airgroup-policy) #rolelist ?

Adding a shared-role:
  (config-airgroup-policy) #rolelist add <name-string>             

 Deleting a role from the shared role-list:
  (config-airgroup-policy) #rolelist remove <name-string>       

Deleting the entire shared-role list:
  (config-airgroup-policy) #no 

  • Configuration – Shared user group

Configuring shared user-group
  (config-airgroup-policy) #grouplist add <name-string>             

Removing a shared user-group
  (config-airgroup-policy) #grouplist remove <name-string>      
Disable user-group based sharing 
  (config-airgroup-policy) #no grouplist

  • Configuration – Shared location

 Configuring shared location
   (config-airgroup-policy) #location ? 

Auto-association configuration:


  • Adding an ap-group to shared-location

(config-airgroup-policy) #location ap-group  bldg1                     

  • Deleting an ap-group to shared-location

(config-airgroup-policy) #location ap-group remove bldg1        


  • Enabling location auto-association for ap-group

(config-airgroup-policy) #location ap-group auto        


Service level Auto-associate

Configure Auto-association based on AirGroup Service based for AP-name, AP-Group and AP-location. Users associated to AP-name/AP-group/AP-FQLN will automatically see all Airgroup servers that advertise the AG service.


(Aruba) (config) #airgroupservice ?
    STRING                  AirGroup Service

(Aruba (config) #airgroupservice airplay

(Aruba) (config-airgroupservice)#autoassociate
    apfqln                  Auto tag with AP FQLN
    apgroup                 Auto tag with AP Group
    apname                  Auto tag with AP Name

(Aruba) (config-airgroupservice) #autoassociate apname <AP-Name-String>
(Aruba) (config-airgroupservice) #autoassociate apgroup <AP-Group-String>
(Aruba) (config-airgroupservice) # autoassociate apfqln <AP-fqln-String>


Configuration GUI – Device level Auto-associate




GUI-Service level Auto-associate





Debugging commands

Enable mdns logging using the following commands -

    #logging level debugging user process mdns
    #logging level debugging system process mdns


  • Command to see policy entries



  • Command to see service level  Auto-assciate



  • Command to see records of each of the airgroup servers and the buckets (AP name/FQLN) in which they fall into

This command shows the AirGroup devices fall into different buckets based on the controller based policies. 

In this example, the AirGroup device ( is configured under AP bucket. 

This bucketing mechanism also helps with the scalability. With AOS v6.4.3, the scalability in terms of number of AirGroup users and servers has been increased to the platform limit of the controller. For example, for 7240 controller, number of AirGroup users and servers is 32K (max #of clients to be supported by 7240 controller). Fetching an entry for AirGroup device from the cache entries (with this increased scalability) was a challenge. This bucketing mechanism helps finding clien entries belonging to a specific bucket and fetching from the entries in that bucket.



Few additional commands to find log files and tech-support. 

#Show airgroup servers verbose
#Show log user all
#Show log system all
#Show tech-support <file-name>




Version history
Revision #:
2 of 2
Last update:
‎07-16-2015 03:43 AM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: