Security

Hi,

 

I started working with AirGroup last week for the first time. Unfortunately I have run into a bunch of problems with it and have been working with TAC to help resolve these issues. I wanted to clarify a few things about AirGroup that I have been curious about:

 

• AirGroup can enable devices such as Chromecast to be accessed from multiple VLANs in your network?
• AirGroup/ClearPass enables sharing options so that you can be selective about who can access the devices?
• Does AirGroup enable both wired and wireless clients to see these devices? Or do they need to be connected to the Aruba wireless network? I would assume that Aruba switches can also particpate in the sharing of AirGroup information?
• Do the clients need to be connected to the same SSID in order for the shared device to be visible?

AirGroup looks awesome and I am definitely looking forward to using it. I just hope I can actually get it working properly.

• AirGroup can enable devices such as Chromecast to be accessed from multiple VLANs in your network?
  
  Correct. That is the core function.
• AirGroup/ClearPass enables sharing options so that you can be selective about who can access the devices?
  
  It's all about who can "see" the device from an advertisement standpoint. AirGroup does not enforce any datapath policy outside of L2 mDNS and SSDP advertisements.
  
  
• Does AirGroup enable both wired and wireless clients to see these devices? Or do they need to be connected to the Aruba wireless network? I would assume that Aruba switches can also particpate in the sharing of AirGroup information?
  
  AP multicast aggregation allows an AP to discover wired mDNS and SSDP devices. Wired devices do not, however, have location context. You can also use PBT and UBT with the wired devices.
• Do the clients need to be connected to the same SSID in order for the shared device to be visible?
  
  No

---

@cappalli wrote:

 

• Does AirGroup enable both wired and wireless clients to see these devices? Or do they need to be connected to the Aruba wireless network? I would assume that Aruba switches can also particpate in the sharing of AirGroup information?
  
  AP multicast aggregation allows an AP to discover wired mDNS and SSDP devices. Wired devices do not, however, have location context. You can also use PBT and UBT with the wired devices.

---

Thanks @cappalli

Is the discovery and aggregation of mDNS and SSDP devices is something built specifically into the IAP/AP platform from Aruba (I am assuming others do something similar)? This isn't something inheritly availabe in a wireless infrastructure is it?

 

Sorry, just wanted to clarify something as well, once the mDNS and SSDP devices are discovered and AirGroup is working, are both wireless and wired clients able to see these devices? 

I think above you said that wired mDNS and SSDP devices will not be discovered/visible within AirGroup as the aggregation of their messages is done by the IAP/AP itself. I am just not sure if the visilibility of these devices from a client perspective (laption, smartphone, etc) is limited to the wirelss world as well.

 

Hope my question makes sense....

AP multicast aggregation is part of the Aruba code for campus APs. It’s a feature.

Tunneled wired clients (UBT or PBT) can discover AirGroup servers.

Thank you @cappalli

 

Much appreciated!